ag/cpython-source-deps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: ag:openssl-1.1.0j
Branches Tags
ag:master ag:tcl ag:tk ag:sqlite ag:libffi ag:openssl-1.1.1 ag:bzip2 ag:openssl-1.0.2 ag:openssl ag:tk85 ag:tcl85 ag:zlib ag:bsddb ag:xz ag:tix
ag:tcl-core-8.6.12.0 ag:tk-8.6.12.0 ag:sqlite-3.36.0.0 ag:libffi-3.4.2 ag:openssl-1.1.1l ag:bzip2-1.0.8 ag:sqlite-3.35.5.0 ag:sqlite-3.35.0.0 ag:tk-8.6.11.1 ag:tk-8.6.11.0 ag:tcl-core-8.6.11.1 ag:tcl-core-8.6.11.0 ag:openssl-1.1.1k ag:sqlite-3.34.0.0 ag:openssl-1.1.1i ag:sqlite-3.33.0.0 ag:tk-8.6.10.0 ag:tk-8.6.10 ag:tcl-core-8.6.10.0 ag:sqlite-3.32.3.0 ag:openssl-1.1.1g ag:sqlite-3.32.2.0 ag:sqlite-3.32.1.0 ag:openssl-1.1.1f ag:sqlite-3.31.1.0 ag:sqlite-3.30.1.0 ag:libffi-3.3.0 ag:openssl-1.0.2t ag:openssl-1.1.0l ag:openssl-1.1.1d ag:sqlite-3.28.0.0 ag:openssl-1.0.2s ag:openssl-1.1.1c ag:openssl-1.1.1b ag:libffi-3.3.0-rc0-r1 ag:openssl-1.1.1a ag:tcl-core-8.6.9.0 ag:tk-8.6.9.0 ag:openssl-1.1.0j ag:openssl-1.0.2q ag:openssl-1.0.2p ag:openssl-1.1.0i ag:openssl-1.1.0h ag:openssl-1.0.2o ag:tcl-core-8.6.8.0 ag:tk-8.6.8.0 ag:tk-8.5.19.0 ag:tcl-8.5.19.0 ag:sqlite-3.21.0.0 ag:openssl-1.1.0f ag:zlib-1.2.11 ag:tk-8.5.15.0 ag:tcl-8.5.15.0 ag:bsddb-4.7.25.0 ag:xz-5.2.2 ag:tix-8.4.3.6 ag:tix-8.4.3.5 ag:sqlite-3.14.2.0 ag:tk-8.6.6.0 ag:tcl-core-8.6.6.0 ag:openssl-1.0.2k ag:bzip2-1.0.6
..
compare: ag:openssl-1.1.1l
Branches Tags
ag:tcl ag:tk ag:sqlite ag:master ag:libffi ag:openssl-1.1.1 ag:bzip2 ag:openssl-1.0.2 ag:openssl ag:tk85 ag:tcl85 ag:zlib ag:bsddb ag:xz ag:tix
ag:tcl-core-8.6.12.0 ag:tk-8.6.12.0 ag:sqlite-3.36.0.0 ag:libffi-3.4.2 ag:openssl-1.1.1l ag:bzip2-1.0.8 ag:sqlite-3.35.5.0 ag:sqlite-3.35.0.0 ag:tk-8.6.11.1 ag:tk-8.6.11.0 ag:tcl-core-8.6.11.1 ag:tcl-core-8.6.11.0 ag:openssl-1.1.1k ag:sqlite-3.34.0.0 ag:openssl-1.1.1i ag:sqlite-3.33.0.0 ag:tk-8.6.10.0 ag:tk-8.6.10 ag:tcl-core-8.6.10.0 ag:sqlite-3.32.3.0 ag:openssl-1.1.1g ag:sqlite-3.32.2.0 ag:sqlite-3.32.1.0 ag:openssl-1.1.1f ag:sqlite-3.31.1.0 ag:sqlite-3.30.1.0 ag:libffi-3.3.0 ag:openssl-1.0.2t ag:openssl-1.1.0l ag:openssl-1.1.1d ag:sqlite-3.28.0.0 ag:openssl-1.0.2s ag:openssl-1.1.1c ag:openssl-1.1.1b ag:libffi-3.3.0-rc0-r1 ag:openssl-1.1.1a ag:tcl-core-8.6.9.0 ag:tk-8.6.9.0 ag:openssl-1.1.0j ag:openssl-1.0.2q ag:openssl-1.0.2p ag:openssl-1.1.0i ag:openssl-1.1.0h ag:openssl-1.0.2o ag:tcl-core-8.6.8.0 ag:tk-8.6.8.0 ag:tk-8.5.19.0 ag:tcl-8.5.19.0 ag:sqlite-3.21.0.0 ag:openssl-1.1.0f ag:zlib-1.2.11 ag:tk-8.5.15.0 ag:tcl-8.5.15.0 ag:bsddb-4.7.25.0 ag:xz-5.2.2 ag:tix-8.4.3.6 ag:tix-8.4.3.5 ag:sqlite-3.14.2.0 ag:tk-8.6.6.0 ag:tcl-core-8.6.6.0 ag:openssl-1.0.2k ag:bzip2-1.0.6

13 Commits
openssl-1. ... openssl-1.

Author SHA1 Message Date
Steve Dower
b123b12c0d Import OpenSSL 1.1.1l 2021-08-26 19:30:20 +01:00
Steve Dower
b439f09b29 Import OpenSSL1.1.1k 2021-03-29 21:47:40 +01:00
Steve Dower
ae8aba4cbc Import OpenSSL 1.1.1i 2021-01-05 19:44:35 +00:00
Steve Dower
7f34c3085f Import OpenSSL 1.1.1g 2020-06-12 20:28:47 +01:00
Steve Dower
e531386a2f Import OpenSSL 1.1.1f 2020-04-03 21:53:21 +01:00
Steve Dower
6f2f71e7ea Imported OpenSSL 1.1.1d 2019-09-16 11:16:33 +01:00
Steve Dower
ea3c37b9ec Imported OpenSSL 1.1.1c 2019-06-17 08:35:38 -07:00
Paul Monson
cf34d7b72e Add WSAECONNRESET to conn_is_closed (#13) 2019-04-29 22:04:24 +00:00
Steve Dower
8f99635588 Imported OpenSSL 1.1.1b 2019-03-07 09:36:23 -08:00
Steve Dower
d6b2cd4920 Imported OpenSSL 1.1.1a 2019-02-08 14:45:21 -08:00
Zachary Ware
66bc075dac Note that {tcl,tk}85 don't require anything extra 2017-11-21 14:07:03 -06:00
Mariatta
ffe559ef64 Document how to update source dependencies. (GH-3) 
Update the README with the instructions, and convert to reST.  Also adds download links for the sources.
 2017-11-21 14:04:15 -06:00
Zachary Ware
4b29e0458f Update README.md 2017-05-22 12:17:48 -07:00
2544 changed files with 469829 additions and 99812 deletions
Expand all files Collapse all files

3
.gitattributes vendored
View File

@@ -1,3 +0,0 @@
*.der binary
/fuzz/corpora/** binary
*.pfx binary

176
.gitignore vendored
View File

@@ -1,176 +0,0 @@
# Ignore editor artefacts
/.dir-locals.el
# Top level excludes
/Makefile.orig
/MINFO
/TABLE
/*.a
/*.pc
/rehash.time
/inc.*
/makefile.*
/out.*
/tmp.*
/configdata.pm
# *all* Makefiles
Makefile
# ... except in demos
!/demos/*/Makefile
# Links under apps
/apps/CA.pl
/apps/tsget
/apps/tsget.pl
/apps/md4.c
# Auto generated headers
/crypto/buildinf.h
/apps/progs.h
/crypto/include/internal/*_conf.h
/openssl/include/opensslconf.h
/util/domd
# Executables
/apps/openssl
/test/sha256t
/test/sha512t
/test/gost2814789t
/test/ssltest_old
/test/*test
/test/fips_aesavs
/test/fips_desmovs
/test/fips_dhvs
/test/fips_drbgvs
/test/fips_dssvs
/test/fips_ecdhvs
/test/fips_ecdsavs
/test/fips_rngvs
/test/fips_test_suite
/test/ssltest_old
/test/x509aux
/test/v3ext
/test/versions
/test/rsa_complex
# Certain files that get created by tests on the fly
/test/test-runs
/test/buildtest_*
# Fuzz stuff.
# Anything without an extension is an executable on Unix, so we keep files
# with extensions. And we keep the corpora subddir versioned as well.
# Anything more generic with extensions that should be ignored will be taken
# care of by general ignores for those extensions (*.o, *.obj, *.exe, ...)
/fuzz/*
!/fuzz/README*
!/fuzz/corpora
!/fuzz/*.*
# Misc auto generated files
/include/openssl/opensslconf.h
/tools/c_rehash
/tools/c_rehash.pl
/util/shlib_wrap.sh
/tags
/TAGS
/crypto.map
/ssl.map
# Windows (legacy)
/tmp32
/tmp32.dbg
/tmp32dll
/tmp32dll.dbg
/out32
/out32.dbg
/out32dll
/out32dll.dbg
/inc32
/MINFO
/ms/.rnd
/ms/bcb.mak
/ms/libeay32.def
/ms/nt.mak
/ms/ntdll.mak
/ms/ssleay32.def
/ms/version32.rc
# Files created on other branches that are not held in git, and are not
# needed on this branch
/include/openssl/asn1_mac.h
/include/openssl/des_old.h
/include/openssl/fips.h
/include/openssl/fips_rand.h
/include/openssl/krb5_asn.h
/include/openssl/kssl.h
/include/openssl/pq_compat.h
/include/openssl/ssl23.h
/include/openssl/tmdiff.h
/include/openssl/ui_compat.h
/test/fips_aesavs.c
/test/fips_desmovs.c
/test/fips_dsatest.c
/test/fips_dssvs.c
/test/fips_hmactest.c
/test/fips_randtest.c
/test/fips_rngvs.c
/test/fips_rsagtest.c
/test/fips_rsastest.c
/test/fips_rsavtest.c
/test/fips_shatest.c
/test/fips_test_suite.c
/test/shatest.c
##### Generic patterns
# Auto generated assembly language source files
*.s
!/crypto/*/asm/*.s
/crypto/arm*.S
/crypto/*/*.S
*.asm
!/crypto/*/asm/*.asm
# Object files
*.o
*.obj
# editor artefacts
*.swp
.#*
\#*#
*~
# Certificate symbolic links
*.0
# All kinds of executables
*.so
*.so.*
*.dylib
*.dylib.*
*.dll
*.dll.*
*.exe
*.pyc
*.exp
*.lib
*.pdb
*.ilk
*.def
*.rc
*.res
# Misc generated stuff
Makefile.save
/crypto/**/lib
/engines/**/lib
/ssl/**/lib
*.bak
cscope.*
*.d
pod2htmd.tmp
# Windows manifest files
*.manifest

15
.travis-apt-pin.preferences
View File

@@ -1,15 +0,0 @@
Package: clang-3.9
Pin: release o=Ubuntu
Pin-Priority: -1
Package: libclang-common-3.9-dev
Pin: release o=Ubuntu
Pin-Priority: -1
Package: libclang1-3.9
Pin: release o=Ubuntu
Pin-Priority: -1
Package: libllvm3.9v4
Pin: release o=Ubuntu
Pin-Priority: -1

11
.travis-create-release.sh
View File

@@ -1,11 +0,0 @@
#! /bin/sh
# $1 is expected to be $TRAVIS_OS_NAME
./Configure dist
if [ "$1" == osx ]; then
make NAME='_srcdist' TARFILE='_srcdist.tar' \
TAR_COMMAND='$(TAR) $(TARFLAGS) -cvf -' tar
else
make TARFILE='_srcdist.tar' NAME='_srcdist' dist
fi

208
.travis.yml
View File

@@ -1,208 +0,0 @@
dist: trusty
sudo: required
language: c
cache: ccache
before_install:
- if [ -n "$COVERALLS" ]; then
pip install --user cpp-coveralls;
fi;
addons:
apt:
packages:
- ccache
os:
- linux
compiler:
- clang
- gcc
env:
- CONFIG_OPTS="" DESTDIR="_install"
- CONFIG_OPTS="--debug no-shared enable-crypto-mdebug enable-rc5 enable-md2"
- CONFIG_OPTS="no-pic --strict-warnings" BUILDONLY="yes"
- CONFIG_OPTS="no-engine no-shared --strict-warnings" BUILDONLY="yes"
- CONFIG_OPTS="no-stdio --strict-warnings" BUILDONLY="yes"
- CONFIG_OPTS="no-ec" BUILDONLY="yes"
- CONFIG_OPTS="no-asm --strict-warnings" BUILDONLY="yes" CHECKDOCS="yes"
matrix:
include:
- os: linux
compiler: clang-3.9
env: CONFIG_OPTS="--strict-warnings no-deprecated" BUILDONLY="yes"
- os: linux
compiler: gcc
env: CONFIG_OPTS="--debug --coverage no-asm enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers" COVERALLS="yes"
- os: linux
compiler: clang-3.9
env: CONFIG_OPTS="enable-asan"
- os: linux
compiler: clang-3.9
env: CONFIG_OPTS="enable-msan"
- os: linux
compiler: clang-3.9
env: CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method -fno-sanitize=alignment"
- os: linux
compiler: clang-3.9
env: CONFIG_OPTS="no-asm enable-asan enable-rc5 enable-md2"
- os: linux
compiler: clang-3.9
env: CONFIG_OPTS="no-stdio"
- os: linux
addons:
apt:
packages:
- gcc-5
sources:
- ubuntu-toolchain-r-test
compiler: gcc-5
env: UBUNTU_GCC_HACK="yes" CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 -DPEDANTIC"
- os: linux
addons:
apt:
packages:
- binutils-mingw-w64
- gcc-mingw-w64
compiler: i686-w64-mingw32-gcc
env: CONFIG_OPTS="no-pic"
- os: linux
addons:
apt:
packages:
- binutils-mingw-w64
- gcc-mingw-w64
compiler: i686-w64-mingw32-gcc
env: CONFIG_OPTS="no-stdio" BUILDONLY="yes"
- os: linux
addons:
apt:
packages:
- binutils-mingw-w64
- gcc-mingw-w64
compiler: x86_64-w64-mingw32-gcc
env: CONFIG_OPTS="no-pic"
- os: linux
addons:
apt:
packages:
- binutils-mingw-w64
- gcc-mingw-w64
compiler: x86_64-w64-mingw32-gcc
env: CONFIG_OPTS="no-stdio" BUILDONLY="yes"
exclude:
- os: linux
compiler: clang
- os: osx
compiler: gcc
before_script:
- if [ -n "$DESTDIR" ]; then
sh .travis-create-release.sh $TRAVIS_OS_NAME;
tar -xvzf _srcdist.tar.gz;
mkdir _build;
cd _build;
srcdir=../_srcdist;
top=..;
else
srcdir=.;
top=.;
fi
- if [ -n "$UBUNTU_GCC_HACK" ]; then
$CC -dumpspecs | sed "s/--push-state//g; s/--pop-state/--as-needed/g" > gcc-specs.txt;
CC="$CC -specs=gcc-specs.txt";
fi
- if [ "$CC" == i686-w64-mingw32-gcc ]; then
export CROSS_COMPILE=${CC%%gcc}; unset CC;
$srcdir/Configure mingw $CONFIG_OPTS -Wno-pedantic-ms-format;
elif [ "$CC" == x86_64-w64-mingw32-gcc ]; then
export CROSS_COMPILE=${CC%%gcc}; unset CC;
$srcdir/Configure mingw64 $CONFIG_OPTS -Wno-pedantic-ms-format;
else
if [ "$CC" == clang-3.9 ]; then
sudo cp .travis-apt-pin.preferences /etc/apt/preferences.d/no-ubuntu-clang;
curl -sSL "http://apt.llvm.org/llvm-snapshot.gpg.key" | sudo -E apt-key add -;
echo "deb http://apt.llvm.org/trusty/ llvm-toolchain-trusty-3.9 main" | sudo tee -a /etc/apt/sources.list > /dev/null;
sudo -E apt-add-repository -y "ppa:ubuntu-toolchain-r/test";
sudo -E apt-get -yq update;
sudo -E apt-get -yq --no-install-suggests --no-install-recommends --force-yes install clang-3.9;
elif which ccache >/dev/null; then
CC="ccache $CC";
fi;
$srcdir/config -v $CONFIG_OPTS;
fi
- if [ -z "$BUILDONLY" ]; then
if [ -n "$CROSS_COMPILE" ]; then
if [ "$TRAVIS_OS_NAME" == "linux" ]; then
sudo dpkg --add-architecture i386;
sudo apt-get update;
fi;
fi;
fi
- cd $top
script:
- if [ -z "$BUILDONLY" ]; then
make="make -s";
else
make="make";
fi
- if [ -n "$DESTDIR" ]; then
cd _build;
top=..;
else
top=.;
fi
- if $make update; then
echo -e '+\057 MAKE UPDATE OK';
else
echo -e '+\057 MAKE UPDATE FAILED'; false;
fi;
git diff --exit-code
- if [ -n "$CHECKDOCS" ]; then
if $make doc-nits; then
echo -e '+\057\057 MAKE DOC-NITS OK';
else
echo -e '+\057\057 MAKE DOC-NITS FAILED'; false;
fi;
fi
- if $make ; then
echo -e '+\057\057\057 MAKE OK';
else
echo -e '+\057\057\057 MAKE FAILED'; false;
fi;
- if [ -z "$BUILDONLY" ]; then
if [ -n "$CROSS_COMPILE" ]; then
sudo apt-get -yq install wine;
export EXE_SHELL="wine" WINEPREFIX=`pwd`;
fi;
HARNESS_VERBOSE=yes make test;
else
if $make build_tests; then
echo -e '+\057\057\075 MAKE BUILD_TESTS OK';
else
echo -e '+\057\057\075 MAKE BUILD_TESTS FAILEd'; false;
fi;
fi
- if [ -n "$DESTDIR" ]; then
mkdir "../$DESTDIR";
if $make install DESTDIR="../$DESTDIR"; then
echo -e '+\057\057\057\057\057 MAKE INSTALL_DOCS OK';
else
echo -e '+\057\057\057\057\057 MAKE INSTALL_DOCS FAILED'; false;
fi;
fi
- cd $top
after_success:
- if [ -n "$COVERALLS" ]; then
coveralls -b . --gcov-options '\-lp';
fi;
notifications:
email:
secure: "xeGNgWO7aoaDgRvcZubposqMsj36aU8c6F0oHfw+rUqltCQ14IgYCUwzocmR2O+Pa7B3Cx5VjMfBFHbQaajZsfod8vu7g+aGq/zkjwbhsr/SR4dljJjFJXLGZjIalm9KgP6KInmVDuINfCqP+MHIY5lZkNI7DMcyHDhVc5nSKvCXV7xTDNgmstvh8rB/z51WfHDqGqfBtiuK5FDNxmvYK8OFJ5W94Lu9LDlizcxwK3GAj7arOui7Z5w8bQ6p4seUE3IvJL1Zbj0pZHxvNb6Zeb2Pn8QF1qLlN8YmBktD4aiw0ce4wYRiL87uLgcOxZY7SVXtv2XYFIYWapU/FKjCqa6vK93V/H9eZWEIYNMKnN3wXm2beqVdnKek3OeGJ8v0y7MbSfuLfRtBqbTSNYnpU1Zuo4MQAvHvEPuwCAYkYQajOSRplMH5sULFKptuVqNtOMfjL8jHb8AEoL1acYIk43ydxeYrzzas4fqgCDJ52573/u0RNdF1lkQBLkuM365OB8VRqtpnoxcdEIY/qBc/8TzZ24fxyrs5qdHFcxGSgpN2EP6cJMqpvkemnCNSdhxUqfzm22N7a3O8+4LFSBGOnHto/PwdsvF/01yGYL0LoZTnoO1i6x7AMJPBh+eyDU0ZjGhj/msjmqeb9C8vRqQ+1WjHrIS1iqCD0Czib8tUPD4="

63
AUTHORS
View File

@@ -1,21 +1,42 @@
Andy Polyakov
Ben Laurie
Bodo M<>ller
Emilia K<>sper
Eric Young
Geoff Thorpe
Holger Reif
Kurt Roeckx
Lutz J<>nicke
Mark J. Cox
Matt Caswell
Nils Larsch
Paul C. Sutton
Ralf S. Engelschall
Rich Salz
Richard Levitte
Stephen Henson
Steve Marquess
Tim Hudson
Ulf M<>ller
Viktor Dukhovni
# This is the list of OpenSSL authors for copyright purposes.
#
# This does not necessarily list everyone who has contributed code, since in
# some cases, their employer may be the copyright holder. To see the full list
# of contributors, see the revision history in source control.
OpenSSL Software Services, Inc.
OpenSSL Software Foundation, Inc.
# Individuals
Andy Polyakov
Ben Laurie
Ben Kaduk
Bernd Edlinger
Bodo Möller
David Benjamin
David von Oheimb
Dmitry Belyavskiy (Дмитрий Белявский)
Emilia Käsper
Eric Young
Geoff Thorpe
Holger Reif
Kurt Roeckx
Lutz Jänicke
Mark J. Cox
Matt Caswell
Matthias St. Pierre
Nicola Tuveri
Nils Larsch
Patrick Steuer
Paul Dale
Paul C. Sutton
Paul Yang
Ralf S. Engelschall
Rich Salz
Richard Levitte
Shane Lontis
Stephen Henson
Steve Marquess
Tim Hudson
Tomáš Mráz
Ulf Möller
Viktor Dukhovni

1558
CHANGES
View File

File diff suppressed because it is too large Load Diff

13
CONTRIBUTING
View File

@@ -41,8 +41,8 @@ guidelines:
https://www.openssl.org/policies/codingstyle.html) and compile
without warnings. Where gcc or clang is available you should use the
--strict-warnings Configure option. OpenSSL compiles on many varied
platforms: try to ensure you only use portable features. Clean builds
via Travis and AppVeyor are required, and they are started automatically
platforms: try to ensure you only use portable features. Clean builds via
GitHub Actions and AppVeyor are required, and they are started automatically
whenever a PR is created or updated.
5. When at all possible, patches should include tests. These can
@@ -50,14 +50,15 @@ guidelines:
test/README for information on the test framework.
6. New features or changed functionality must include
documentation. Please look at the "pod" files in doc for
examples of our style.
documentation. Please look at the "pod" files in doc/man[1357] for
examples of our style. Run "make doc-nits" to make sure that your
documentation changes are clean.
7. For user visible changes (API changes, behaviour changes, ...),
consider adding a note in CHANGES. This could be a summarising
description of the change, and could explain the grander details.
Have a look through existing entries for inspiration.
Please note that this is NOT simply a copy of git-log oneliners.
Have a look through existing entries for inspiration.
Please note that this is NOT simply a copy of git-log one-liners.
Also note that security fixes get an entry in CHANGES.
This file helps users get more in depth information of what comes
with a specific release without having to sift through the higher

127
Configurations/00-base-templates.conf
View File

@@ -1,14 +1,21 @@
# -*- Mode: perl -*-
%targets=(
my %targets=(
DEFAULTS => {
template => 1,
cflags => "",
cppflags => "",
lflags => "",
defines => [],
includes => [],
lib_cflags => "",
lib_cppflags => "",
lib_defines => [],
thread_scheme => "(unknown)", # Assume we don't know
thread_defines => [],
apps_aux_src => "",
apps_init_src => "",
cpuid_asm_src => "mem_clr.c",
uplink_aux_src => "",
bn_asm_src => "bn_asm.c",
@@ -27,6 +34,7 @@
padlock_asm_src => "",
chacha_asm_src => "chacha_enc.c",
poly1305_asm_src => "",
keccak1600_asm_src => "keccak1600.c",
unistd => "<unistd.h>",
shared_target => "",
@@ -36,12 +44,30 @@
shared_rcflag => "",
shared_extension => "",
build_scheme => [ "unified", "unix" ],
build_file => "Makefile",
#### Defaults for the benefit of the config targets who don't inherit
#### a BASE and assume Unix defaults
#### THESE WILL DISAPPEAR IN OpenSSL 1.2
build_scheme => [ "unified", "unix" ],
build_file => "Makefile",
AR => "ar",
ARFLAGS => "r",
CC => "cc",
HASHBANGPERL => "/usr/bin/env perl",
RANLIB => sub { which("$config{cross_compile_prefix}ranlib")
? "ranlib" : "" },
RC => "windres",
#### THESE WILL BE ENABLED IN OpenSSL 1.2
#HASHBANGPERL => "PERL", # Only Unix actually cares
},
BASE_common => {
template => 1,
enable => [],
disable => [],
defines =>
sub {
my @defs = ();
@@ -49,24 +75,32 @@
push @defs, "ZLIB_SHARED" unless $disabled{"zlib-dynamic"};
return [ @defs ];
},
includes =>
sub {
my @incs = ();
push @incs, $withargs{zlib_include}
if !$disabled{zlib} && $withargs{zlib_include};
return [ @incs ];
},
},
BASE_unix => {
inherit_from => [ "BASE_common" ],
template => 1,
AR => "ar",
ARFLAGS => "r",
CC => "cc",
lflags =>
sub { $withargs{zlib_lib} ? "-L".$withargs{zlib_lib} : () },
ex_libs =>
sub {
unless ($disabled{zlib}) {
if (defined($disabled{"zlib-dynamic"})) {
if (defined($withargs{zlib_lib})) {
return "-L".$withargs{zlib_lib}." -lz";
} else {
return "-lz";
}
}
}
return (); },
sub { !defined($disabled{zlib})
&& defined($disabled{"zlib-dynamic"})
? "-lz" : () },
HASHBANGPERL => "/usr/bin/env perl", # Only Unix actually cares
RANLIB => sub { which("$config{cross_compile_prefix}ranlib")
? "ranlib" : "" },
RC => "windres",
shared_extension => ".so",
@@ -78,6 +112,15 @@
inherit_from => [ "BASE_common" ],
template => 1,
lib_defines =>
sub {
my @defs = ();
unless ($disabled{"zlib-dynamic"}) {
my $zlib = $withargs{zlib_lib} // "ZLIB1";
push @defs, 'LIBZ=' . (quotify("perl", $zlib))[0];
}
return [ @defs ];
},
ex_libs =>
sub {
unless ($disabled{zlib}) {
@@ -88,16 +131,16 @@
return ();
},
ld => "link",
lflags => "/nologo",
loutflag => "/out:",
ar => "lib",
arflags => "/nologo",
LD => "link",
LDFLAGS => "/nologo",
ldoutflag => "/out:",
AR => "lib",
ARFLAGS => "/nologo",
aroutflag => "/out:",
rc => "rc",
RC => "rc",
rcoutflag => "/fo",
mt => "mt",
mtflags => "-nologo",
MT => "mt",
MTFLAGS => "-nologo",
mtinflag => "-manifest ",
mtoutflag => "-outputresource:",
@@ -111,6 +154,16 @@
inherit_from => [ "BASE_common" ],
template => 1,
includes =>
add(sub {
my @incs = ();
# GNV$ZLIB_INCLUDE is the standard logical name for later
# zlib incarnations.
push @incs, 'GNV$ZLIB_INCLUDE:'
if !$disabled{zlib} && !$withargs{zlib_include};
return [ @incs ];
}),
shared_extension => ".exe",
build_file => "descrip.mms",
@@ -119,7 +172,7 @@
uplink_common => {
template => 1,
apps_aux_src => add("../ms/applink.c"),
apps_init_src => add("../ms/applink.c"),
uplink_aux_src => add("../ms/uplink.c"),
defines => add("OPENSSL_USE_APPLINK"),
},
@@ -145,7 +198,7 @@
bn_asm_src => "bn-586.s co-586.s x86-mont.s x86-gf2m.s",
ec_asm_src => "ecp_nistz256.c ecp_nistz256-x86.s",
des_asm_src => "des-586.s crypt586.s",
aes_asm_src => "aes-586.s vpaes-x86.s aesni-x86.s",
aes_asm_src => "aes_core.c aes_cbc.c vpaes-x86.s aesni-x86.s",
bf_asm_src => "bf-586.s",
md5_asm_src => "md5-586.s",
cast_asm_src => "cast-586.s",
@@ -169,8 +222,8 @@
template => 1,
cpuid_asm_src => "x86_64cpuid.s",
bn_asm_src => "asm/x86_64-gcc.c x86_64-mont.s x86_64-mont5.s x86_64-gf2m.s rsaz_exp.c rsaz-x86_64.s rsaz-avx2.s",
ec_asm_src => "ecp_nistz256.c ecp_nistz256-x86_64.s",
aes_asm_src => "aes-x86_64.s vpaes-x86_64.s bsaes-x86_64.s aesni-x86_64.s aesni-sha1-x86_64.s aesni-sha256-x86_64.s aesni-mb-x86_64.s",
ec_asm_src => "ecp_nistz256.c ecp_nistz256-x86_64.s x25519-x86_64.s",
aes_asm_src => "aes_core.c aes_cbc.c vpaes-x86_64.s aesni-x86_64.s aesni-sha1-x86_64.s aesni-sha256-x86_64.s aesni-mb-x86_64.s",
md5_asm_src => "md5-x86_64.s",
sha1_asm_src => "sha1-x86_64.s sha256-x86_64.s sha512-x86_64.s sha1-mb-x86_64.s sha256-mb-x86_64.s",
rc4_asm_src => "rc4-x86_64.s rc4-md5-x86_64.s",
@@ -180,15 +233,14 @@
padlock_asm_src => "e_padlock-x86_64.s",
chacha_asm_src => "chacha-x86_64.s",
poly1305_asm_src=> "poly1305-x86_64.s",
keccak1600_asm_src => "keccak1600-x86_64.s",
},
ia64_asm => {
template => 1,
cpuid_asm_src => "ia64cpuid.s",
bn_asm_src => "bn-ia64.s ia64-mont.s",
aes_asm_src => "aes_core.c aes_cbc.c aes-ia64.s",
md5_asm_src => "md5-ia64.s",
sha1_asm_src => "sha1-ia64.s sha256-ia64.s sha512-ia64.s",
rc4_asm_src => "rc4-ia64.s rc4_skey.c",
modes_asm_src => "ghash-ia64.s",
perlasm_scheme => "void"
},
@@ -223,7 +275,7 @@
},
mips32_asm => {
template => 1,
bn_asm_src => "bn-mips.s mips-mont.s",
bn_asm_src => "bn-mips.S mips-mont.S",
aes_asm_src => "aes_cbc.c aes-mips.S",
sha1_asm_src => "sha1-mips.S sha256-mips.S",
},
@@ -243,6 +295,7 @@
modes_asm_src => "ghash-s390x.S",
chacha_asm_src => "chacha-s390x.S",
poly1305_asm_src=> "poly1305-s390x.S",
keccak1600_asm_src => "keccak1600-s390x.S",
},
armv4_asm => {
template => 1,
@@ -253,7 +306,8 @@
sha1_asm_src => "sha1-armv4-large.S sha256-armv4.S sha512-armv4.S",
modes_asm_src => "ghash-armv4.S ghashv8-armx.S",
chacha_asm_src => "chacha-armv4.S",
poly1305_asm_src=> "poly1305-armv4.S",
poly1305_asm_src=> "poly1305-armv4.S",
keccak1600_asm_src => "keccak1600-armv4.S",
perlasm_scheme => "void"
},
aarch64_asm => {
@@ -266,6 +320,7 @@
modes_asm_src => "ghashv8-armx.S",
chacha_asm_src => "chacha-armv8.S",
poly1305_asm_src=> "poly1305-armv8.S",
keccak1600_asm_src => "keccak1600-armv8.S",
},
parisc11_asm => {
template => 1,
@@ -282,18 +337,20 @@
inherit_from => [ "parisc11_asm" ],
perlasm_scheme => "64",
},
ppc64_asm => {
ppc32_asm => {
template => 1,
cpuid_asm_src => "ppccpuid.s ppccap.c",
bn_asm_src => "bn-ppc.s ppc-mont.s ppc64-mont.s",
bn_asm_src => "bn-ppc.s ppc-mont.s",
aes_asm_src => "aes_core.c aes_cbc.c aes-ppc.s vpaes-ppc.s aesp8-ppc.s",
sha1_asm_src => "sha1-ppc.s sha256-ppc.s sha512-ppc.s sha256p8-ppc.s sha512p8-ppc.s",
modes_asm_src => "ghashp8-ppc.s",
chacha_asm_src => "chacha-ppc.s",
poly1305_asm_src=> "poly1305-ppc.s poly1305-ppcfp.s",
},
ppc32_asm => {
inherit_from => [ "ppc64_asm" ],
template => 1
ppc64_asm => {
inherit_from => [ "ppc32_asm" ],
template => 1,
ec_asm_src => "ecp_nistz256.c ecp_nistz256-ppc64.s x25519-ppc64.s",
keccak1600_asm_src => "keccak1600-ppc64.s",
},
);

1414
Configurations/10-main.conf
View File

File diff suppressed because it is too large Load Diff

281
Configurations/15-android.conf Normal file
View File

@@ -0,0 +1,281 @@
#### Android...
#
# See NOTES.ANDROID for details, and don't miss platform-specific
# comments below...
{
use File::Spec::Functions;
my $android_ndk = {};
my %triplet = (
arm => "arm-linux-androideabi",
arm64 => "aarch64-linux-android",
mips => "mipsel-linux-android",
mips64 => "mips64el-linux-android",
x86 => "i686-linux-android",
x86_64 => "x86_64-linux-android",
);
sub android_ndk {
unless (%$android_ndk) {
if ($now_printing =~ m|^android|) {
return $android_ndk = { bn_ops => "BN_AUTO" };
}
my $ndk_var;
my $ndk;
foreach (qw(ANDROID_NDK_HOME ANDROID_NDK)) {
$ndk_var = $_;
$ndk = $ENV{$ndk_var};
last if defined $ndk;
}
die "\$ANDROID_NDK_HOME is not defined" if (!$ndk);
my $is_standalone_toolchain = -f "$ndk/AndroidVersion.txt";
my $ndk_src_props = "$ndk/source.properties";
my $is_ndk = -f $ndk_src_props;
if ($is_ndk == $is_standalone_toolchain) {
die "\$ANDROID_NDK_HOME=$ndk is invalid";
}
$ndk = canonpath($ndk);
my $ndkver = undef;
if (open my $fh, "<$ndk_src_props") {
local $_;
while(<$fh>) {
if (m|Pkg\.Revision\s*=\s*([0-9]+)|) {
$ndkver = $1;
last;
}
}
close $fh;
}
my ($sysroot, $api, $arch);
$config{target} =~ m|[^-]+-([^-]+)$|; # split on dash
$arch = $1;
if ($sysroot = $ENV{CROSS_SYSROOT}) {
$sysroot =~ m|/android-([0-9]+)/arch-(\w+)/?$|;
($api, $arch) = ($1, $2);
} elsif ($is_standalone_toolchain) {
$sysroot = "$ndk/sysroot";
} else {
$api = "*";
# see if user passed -D__ANDROID_API__=N
foreach (@{$useradd{CPPDEFINES}}, @{$user{CPPFLAGS}}) {
if (m|__ANDROID_API__=([0-9]+)|) {
$api = $1;
last;
}
}
if (-d "$ndk/platforms") {
# list available platforms (numerically)
my @platforms = sort { $a =~ m/-([0-9]+)$/; my $aa = $1;
$b =~ m/-([0-9]+)$/; $aa <=> $1;
} glob("$ndk/platforms/android-$api");
die "no $ndk/platforms/android-$api" if ($#platforms < 0);
$sysroot = "@platforms[$#platforms]/arch-$arch";
$sysroot =~ m|/android-([0-9]+)/arch-$arch|;
$api = $1;
} elsif ($api eq "*") {
# r22 Removed platforms dir, use this JSON file
my $path = "$ndk/meta/platforms.json";
open my $fh, $path or die "Could not open '$path' $!";
while (<$fh>) {
if (/"max": (\d+),/) {
$api = $1;
last;
}
}
close $fh;
}
die "Could not get default API Level" if ($api eq "*");
}
die "no sysroot=$sysroot" if (length $sysroot && !-d $sysroot);
my $triarch = $triplet{$arch};
my $cflags;
my $cppflags;
# see if there is NDK clang on $PATH, "universal" or "standalone"
if (which("clang") =~ m|^$ndk/.*/prebuilt/([^/]+)/|) {
my $host=$1;
# harmonize with gcc default
my $arm = $ndkver > 16 ? "armv7a" : "armv5te";
(my $tridefault = $triarch) =~ s/^arm-/$arm-/;
(my $tritools = $triarch) =~ s/(?:x|i6)86(_64)?-.*/x86$1/;
if (length $sysroot) {
$cflags .= " -target $tridefault "
. "-gcc-toolchain \$($ndk_var)/toolchains"
. "/$tritools-4.9/prebuilt/$host";
$user{CC} = "clang" if ($user{CC} !~ m|clang|);
} else {
$user{CC} = "$tridefault$api-clang";
}
$user{CROSS_COMPILE} = undef;
if (which("llvm-ar") =~ m|^$ndk/.*/prebuilt/([^/]+)/|) {
$user{AR} = "llvm-ar";
$user{ARFLAGS} = [ "rs" ];
$user{RANLIB} = ":";
}
} elsif ($is_standalone_toolchain) {
my $cc = $user{CC} // "clang";
# One can probably argue that both clang and gcc should be
# probed, but support for "standalone toolchain" was added
# *after* announcement that gcc is being phased out, so
# favouring clang is considered adequate. Those who insist
# have option to enforce test for gcc with CC=gcc.
if (which("$triarch-$cc") !~ m|^$ndk|) {
die "no NDK $triarch-$cc on \$PATH";
}
$user{CC} = $cc;
$user{CROSS_COMPILE} = "$triarch-";
} elsif ($user{CC} eq "clang") {
die "no NDK clang on \$PATH";
} else {
if (which("$triarch-gcc") !~ m|^$ndk/.*/prebuilt/([^/]+)/|) {
die "no NDK $triarch-gcc on \$PATH";
}
$cflags .= " -mandroid";
$user{CROSS_COMPILE} = "$triarch-";
}
if (length $sysroot) {
if (!-d "$sysroot/usr/include") {
my $incroot = "$ndk/sysroot/usr/include";
die "no $incroot" if (!-d $incroot);
die "no $incroot/$triarch" if (!-d "$incroot/$triarch");
$incroot =~ s|^$ndk/||;
$cppflags = "-D__ANDROID_API__=$api";
$cppflags .= " -isystem \$($ndk_var)/$incroot/$triarch";
$cppflags .= " -isystem \$($ndk_var)/$incroot";
}
$sysroot =~ s|^$ndk/||;
$sysroot = " --sysroot=\$($ndk_var)/$sysroot";
}
$android_ndk = {
cflags => $cflags . $sysroot,
cppflags => $cppflags,
bn_ops => $arch =~ m/64$/ ? "SIXTY_FOUR_BIT_LONG"
: "BN_LLONG",
};
}
return $android_ndk;
}
}
my %targets = (
"android" => {
inherit_from => [ "linux-generic32" ],
template => 1,
################################################################
# Special note about -pie. The underlying reason is that
# Lollipop refuses to run non-PIE. But what about older systems
# and NDKs? -fPIC was never problem, so the only concern is -pie.
# Older toolchains, e.g. r4, appear to handle it and binaries
# turn out mostly functional. "Mostly" means that oldest
# Androids, such as Froyo, fail to handle executable, but newer
# systems are perfectly capable of executing binaries targeting
# Froyo. Keep in mind that in the nutshell Android builds are
# about JNI, i.e. shared libraries, not applications.
cflags => add(sub { android_ndk()->{cflags} }),
cppflags => add(sub { android_ndk()->{cppflags} }),
cxxflags => add(sub { android_ndk()->{cflags} }),
bn_ops => sub { android_ndk()->{bn_ops} },
bin_cflags => "-pie",
enable => [ ],
},
"android-arm" => {
################################################################
# Contemporary Android applications can provide multiple JNI
# providers in .apk, targeting multiple architectures. Among
# them there is "place" for two ARM flavours: generic eabi and
# armv7-a/hard-float. However, it should be noted that OpenSSL's
# ability to engage NEON is not constrained by ABI choice, nor
# is your ability to call OpenSSL from your application code
# compiled with floating-point ABI other than default 'soft'.
# (Latter thanks to __attribute__((pcs("aapcs"))) declaration.)
# This means that choice of ARM libraries you provide in .apk
# is driven by application needs. For example if application
# itself benefits from NEON or is floating-point intensive, then
# it might be appropriate to provide both libraries. Otherwise
# just generic eabi would do. But in latter case it would be
# appropriate to
#
# ./Configure android-arm -D__ARM_MAX_ARCH__=8
#
# in order to build "universal" binary and allow OpenSSL take
# advantage of NEON when it's available.
#
# Keep in mind that (just like with linux-armv4) we rely on
# compiler defaults, which is not necessarily what you had
# in mind, in which case you would have to pass additional
# -march and/or -mfloat-abi flags. NDK defaults to armv5te.
# Newer NDK versions reportedly require additional -latomic.
#
inherit_from => [ "android", asm("armv4_asm") ],
bn_ops => add("RC4_CHAR"),
},
"android-arm64" => {
inherit_from => [ "android", asm("aarch64_asm") ],
bn_ops => add("RC4_CHAR"),
perlasm_scheme => "linux64",
},
"android-mips" => {
inherit_from => [ "android", asm("mips32_asm") ],
bn_ops => add("RC4_CHAR"),
perlasm_scheme => "o32",
},
"android-mips64" => {
################################################################
# You are more than likely have to specify target processor
# on ./Configure command line. Trouble is that toolchain's
# default is MIPS64r6 (at least in r10d), but there are no
# such processors around (or they are too rare to spot one).
# Actual problem is that MIPS64r6 is binary incompatible
# with previous MIPS ISA versions, in sense that unlike
# prior versions original MIPS binary code will fail.
#
inherit_from => [ "android", asm("mips64_asm") ],
bn_ops => add("RC4_CHAR"),
perlasm_scheme => "64",
},
"android-x86" => {
inherit_from => [ "android", asm("x86_asm") ],
CFLAGS => add(picker(release => "-fomit-frame-pointer")),
bn_ops => add("RC4_INT"),
perlasm_scheme => "android",
},
"android-x86_64" => {
inherit_from => [ "android", asm("x86_64_asm") ],
bn_ops => add("RC4_INT"),
perlasm_scheme => "elf",
},
####################################################################
# Backward compatible targets, (might) require $CROSS_SYSROOT
#
"android-armeabi" => {
inherit_from => [ "android-arm" ],
},
"android64" => {
inherit_from => [ "android" ],
},
"android64-aarch64" => {
inherit_from => [ "android-arm64" ],
},
"android64-x86_64" => {
inherit_from => [ "android-x86_64" ],
},
"android64-mips64" => {
inherit_from => [ "android-mips64" ],
},
);

62
Configurations/15-ios.conf Normal file
View File

@@ -0,0 +1,62 @@
#### iPhoneOS/iOS
#
# It takes recent enough Xcode to use following two targets. It shouldn't
# be a problem by now, but if they don't work, original targets below
# that depend on manual definition of environment variables should still
# work...
#
my %targets = (
"ios-common" => {
template => 1,
inherit_from => [ "darwin-common" ],
sys_id => "iOS",
disable => [ "engine", "async" ],
},
"ios-xcrun" => {
inherit_from => [ "ios-common", asm("armv4_asm") ],
# It should be possible to go below iOS 6 and even add -arch armv6,
# thus targeting iPhone pre-3GS, but it's assumed to be irrelevant
# at this point.
CC => "xcrun -sdk iphoneos cc",
cflags => add("-arch armv7 -mios-version-min=6.0.0 -fno-common"),
perlasm_scheme => "ios32",
},
"ios64-xcrun" => {
inherit_from => [ "ios-common", asm("aarch64_asm") ],
CC => "xcrun -sdk iphoneos cc",
cflags => add("-arch arm64 -mios-version-min=7.0.0 -fno-common"),
bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
perlasm_scheme => "ios64",
},
"iossimulator-xcrun" => {
inherit_from => [ "ios-common" ],
CC => "xcrun -sdk iphonesimulator cc",
},
# It takes three prior-set environment variables to make it work:
#
# CROSS_COMPILE=/where/toolchain/is/usr/bin/ [note ending slash]
# CROSS_TOP=/where/SDKs/are
# CROSS_SDK=iPhoneOSx.y.sdk
#
# Exact paths vary with Xcode releases, but for couple of last ones
# they would look like this:
#
# CROSS_COMPILE=`xcode-select --print-path`/Toolchains/XcodeDefault.xctoolchain/usr/bin/
# CROSS_TOP=`xcode-select --print-path`/Platforms/iPhoneOS.platform/Developer
# CROSS_SDK=iPhoneOS.sdk
#
"iphoneos-cross" => {
inherit_from => [ "ios-common" ],
cflags => add("-isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common"),
},
"ios-cross" => {
inherit_from => [ "ios-xcrun" ],
CC => "cc",
cflags => add("-isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK)"),
},
"ios64-cross" => {
inherit_from => [ "ios64-xcrun" ],
CC => "cc",
cflags => add("-isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK)"),
},
);

10
Configurations/50-djgpp.conf
View File

@@ -2,13 +2,15 @@
# and rely entirely on the OpenSSL community to help is fine
# tune and test.
%targets = (
my %targets = (
"DJGPP" => {
inherit_from => [ asm("x86_asm") ],
cc => "gcc",
cflags => "-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall",
CC => "gcc",
CFLAGS => "-fomit-frame-pointer -O2 -Wall",
cflags => "-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN",
sys_id => "MSDOS",
ex_libs => add("-L/dev/env/WATT_ROOT/lib -lwatt"),
lflags => add("-L/dev/env/WATT_ROOT/lib"),
ex_libs => add("-lwatt"),
bn_ops => "BN_LLONG",
perlasm_scheme => "a.out",
},

13
Configurations/50-haiku.conf
View File

@@ -1,10 +1,11 @@
%targets = (
my %targets = (
"haiku-common" => {
template => 1,
cc => "cc",
cflags => add_before(picker(default => "-DL_ENDIAN -Wall -include \$(SRCDIR)/os-dep/haiku.h",
CC => "cc",
CFLAGS => add_before(picker(default => "-Wall",
debug => "-g -O0",
release => "-O2"),
release => "-O2")),
cflags => add_before("-DL_ENDIAN -include \$(SRCDIR)/os-dep/haiku.h",
threads("-D_REENTRANT")),
sys_id => "HAIKU",
ex_libs => "-lnetwork",
@@ -14,11 +15,11 @@
shared_target => "gnu-shared",
shared_cflag => "-fPIC",
shared_ldflag => "-shared",
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)",
},
"haiku-x86" => {
inherit_from => [ "haiku-common", asm("x86_elf_asm") ],
cflags => add(picker(release => "-fomit-frame-pointer")),
CFLAGS => add(picker(release => "-fomit-frame-pointer")),
bn_ops => "BN_LLONG",
},
"haiku-x86_64" => {

14
Configurations/50-masm.conf
View File

@@ -7,11 +7,17 @@
# proven to be daunting task. This is experimental target, for
# production builds stick with [up-to-date version of] nasm.
%targets = (
my %targets = (
"VC-WIN64A-masm" => {
inherit_from => [ "VC-WIN64A" ],
as => "ml64",
asflags => "/c /Cp /Cx /Zi",
inherit_from => [ "VC-WIN64-common", asm("x86_64_asm"),
sub { $disabled{shared} ? () : "x86_64_uplink" } ],
AS => "ml64",
ASFLAGS => "/nologo /Zi",
asoutflag => "/Fo",
asflags => "/c /Cp /Cx",
sys_id => "WIN64A",
bn_asm_src => sub { return undef unless @_;
my $r=join(" ",@_); $r=~s|asm/x86_64-gcc|bn_asm|; $r; },
perlasm_scheme => "masm",
},
);

64
Configurations/50-win-onecore.conf Normal file
View File

@@ -0,0 +1,64 @@
# Windows OneCore targets.
#
# OneCore is new API stability "contract" that transcends Desktop, IoT and
# Mobile[?] Windows editions. It's a set up "umbrella" libraries that
# export subset of Win32 API that are common to all Windows 10 devices.
#
# OneCore Configuration temporarily dedicated for console applications
# due to disabled event logging, which is incompatible with one core.
# Error messages are provided via standard error only.
# TODO: extend error handling to use ETW based eventing
# (Or rework whole error messaging)
my %targets = (
"VC-WIN32-ONECORE" => {
inherit_from => [ "VC-WIN32" ],
# /NODEFAULTLIB:kernel32.lib is needed, because MSVCRT.LIB has
# hidden reference to kernel32.lib, but we don't actually want
# it in "onecore" build.
lflags => add("/NODEFAULTLIB:kernel32.lib"),
defines => add("OPENSSL_SYS_WIN_CORE"),
ex_libs => "onecore.lib",
},
"VC-WIN64A-ONECORE" => {
inherit_from => [ "VC-WIN64A" ],
lflags => add("/NODEFAULTLIB:kernel32.lib"),
defines => add("OPENSSL_SYS_WIN_CORE"),
ex_libs => "onecore.lib",
},
# Windows on ARM targets. ARM compilers are additional components in
# VS2017, i.e. they are not installed by default. And when installed,
# there are no "ARM Tool Command Prompt"s on Start menu, you have
# to locate vcvarsall.bat and act accordingly. VC-WIN32-ARM has
# received limited testing with evp_test.exe on Windows 10 IoT Core,
# but not VC-WIN64-ARM, no hardware... In other words they are not
# actually supported...
#
# Another thing to keep in mind [in cross-compilation scenario such
# as this one] is that target's file system has nothing to do with
# compilation system's one. This means that you're are likely to use
# --prefix and --openssldir with target-specific values. 'nmake install'
# step is effectively meaningless in cross-compilation case, though
# it might be useful to 'nmake install DESTDIR=S:\ome\where' where you
# can point Visual Studio to when compiling custom application code.
"VC-WIN32-ARM" => {
inherit_from => [ "VC-noCE-common" ],
defines => add("_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE",
"OPENSSL_SYS_WIN_CORE"),
bn_ops => "BN_LLONG RC4_CHAR EXPORT_VAR_AS_FN",
lflags => add("/NODEFAULTLIB:kernel32.lib"),
ex_libs => "onecore.lib",
multilib => "-arm",
},
"VC-WIN64-ARM" => {
inherit_from => [ "VC-noCE-common" ],
defines => add("_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE",
"OPENSSL_SYS_WIN_CORE"),
bn_ops => "SIXTY_FOUR_BIT RC4_CHAR EXPORT_VAR_AS_FN",
lflags => add("/NODEFAULTLIB:kernel32.lib"),
ex_libs => "onecore.lib",
multilib => "-arm64",
},
);

132
Configurations/README
View File

@@ -38,20 +38,43 @@ In each table entry, the following keys are significant:
sys_id => System identity for systems where that
is difficult to determine automatically.
cc => The compiler command, usually one of "cc",
enable => Enable specific configuration features.
This MUST be an array of words.
disable => Disable specific configuration features.
This MUST be an array of words.
Note: if the same feature is both enabled
and disabled, disable wins.
as => The assembler command. This is not always
used (for example on Unix, where the C
compiler is used instead).
asflags => Default assembler command flags [4].
cpp => The C preprocessor command, normally not
given, as the build file defaults are
usually good enough.
cppflags => Default C preprocessor flags [4].
defines => As an alternative, macro definitions may be
given here instead of in `cppflags' [4].
If given here, they MUST be as an array of
the string such as "MACRO=value", or just
"MACRO" for definitions without value.
includes => As an alternative, inclusion directories
may be given here instead of in `cppflags'
[4]. If given here, the MUST be an array
of strings, one directory specification
each.
cc => The C compiler command, usually one of "cc",
"gcc" or "clang". This command is normally
also used to link object files and
libraries into the final program.
cflags => Flags that are used at all times when
compiling.
defines => As an alternative, macro definitions may be
present here instead of in `cflags'. If
given here, they MUST be as an array of the
string such as "MACRO=value", or just
"MACRO" for definitions without value.
shared_cflag => Extra compilation flags used when
compiling for shared libraries, typically
something like "-fPIC".
cxx => The C++ compiler command, usually one of
"c++", "g++" or "clang++". This command is
also used when linking a program where at
least one of the object file is made from
C++ source.
cflags => Defaults C compiler flags [4].
cxxflags => Default C++ compiler flags [4]. If unset,
it gets the same value as cflags.
(linking is a complex thing, see [3] below)
ld => Linker command, usually not defined
@@ -59,20 +82,34 @@ In each table entry, the following keys are significant:
instead).
(NOTE: this is here for future use, it's
not implemented yet)
lflags => Flags that are used when linking apps.
shared_ldflag => Flags that are used when linking shared
or dynamic libraries.
plib_lflags => Extra linking flags to appear just before
the libraries on the command line.
lflags => Default flags used when linking apps,
shared libraries or DSOs [4].
ex_libs => Extra libraries that are needed when
linking.
linking shared libraries, DSOs or programs.
The value is also assigned to Libs.private
in $(libdir)/pkgconfig/libcrypto.pc.
shared_cppflags => Extra C preprocessor flags used when
processing C files for shared libraries.
shared_cflag => Extra C compiler flags used when compiling
for shared libraries, typically something
like "-fPIC".
shared_ldflag => Extra linking flags used when linking
shared libraries.
module_cppflags
module_cflags
module_ldflags => Has the same function as the corresponding
`shared_' attributes, but for building DSOs.
When unset, they get the same values as the
corresponding `shared_' attributes.
ar => The library archive command, the default is
"ar".
(NOTE: this is here for future use, it's
not implemented yet)
arflags => Flags to be used with the library archive
command.
command. On Unix, this includes the
command letter, 'r' by default.
ranlib => The library archive indexing command, the
default is 'ranlib' it it exists.
@@ -81,7 +118,7 @@ In each table entry, the following keys are significant:
'<unistd.h>'. This is very rarely needed.
shared_extension => File name extension used for shared
libraries.
libraries.
obj_extension => File name extension used for object files.
On unix, this defaults to ".o" (NOTE: this
is here for future use, it's not
@@ -128,7 +165,7 @@ In each table entry, the following keys are significant:
that use dlopen() et al but do not have
fcntl.h), "DL" (shl_load() et al), "WIN32"
and "VMS".
perlasm_scheme => The perlasm method used to created the
perlasm_scheme => The perlasm method used to create the
assembler files used when compiling with
assembler implementations.
shared_target => The shared library building method used.
@@ -189,8 +226,14 @@ In each table entry, the following keys are significant:
export vars as
accessor functions.
apps_extra_src => Extra source to build apps/openssl, as
needed by the target.
apps_aux_src => Extra source to build apps/openssl and other
apps, as needed by the target and that can be
collected in a library.
apps_init_src => Init source to build apps/openssl and other
apps, as needed by the target. This code
cannot be placed in a library, as the rest
of the code isn't expected to link to it
explicitly.
cpuid_asm_src => assembler implementation of cpuid code as
well as OPENSSL_cleanse().
Default to mem_clr.c
@@ -308,18 +351,20 @@ In each table entry, the following keys are significant:
of this file):
shared libraries:
{ld} $(CFLAGS) {shared_ldflag} -shared -o libfoo.so \
-Wl,--whole-archive libfoo.a -Wl,--no-whole-archive \
{plib_lflags} -lcrypto {ex_libs}
{ld} $(CFLAGS) {lflags} {shared_ldflag} -o libfoo.so \
foo/something.o foo/somethingelse.o {ex_libs}
shared objects:
{ld} $(CFLAGS) {shared_ldflag} -shared -o libeng.so \
blah1.o blah2.o {plib_lflags} -lcrypto {ex_libs}
{ld} $(CFLAGS) {lflags} {module_ldflags} -o libeng.so \
blah1.o blah2.o -lcrypto {ex_libs}
applications:
{ld} $(CFLAGS) {lflags} -o app \
app1.o utils.o {plib_lflags} -lssl -lcrypto {ex_libs}
app1.o utils.o -lssl -lcrypto {ex_libs}
[4] There are variants of these attribute, prefixed with `lib_',
`dso_' or `bin_'. Those variants replace the unprefixed attribute
when building library, DSO or program modules specifically.
Historically, the target configurations came in form of a string with
values separated by colons. This use is deprecated. The string form
@@ -377,14 +422,16 @@ source as well. However, the files given through SOURCE are expected
to be located in the source tree while files given through DEPEND are
expected to be located in the build tree)
For some libraries, we maintain files with public symbols and their
slot in a transfer vector (important on some platforms). It can be
declared like this:
It's also possible to depend on static libraries explicitly:
ORDINALS[libcrypto]=crypto
DEPEND[foo]=libsomething.a
DEPEND[libbar]=libsomethingelse.a
The value is not the name of the file in question, but rather the
argument to util/mkdef.pl that indicates which file to use.
This should be rarely used, and care should be taken to make sure it's
only used when supported. For example, native Windows build doesn't
support building static libraries and DLLs at the same time, so using
static libraries on Windows can only be done when configured
'no-shared'.
One some platforms, shared libraries come with a name that's different
from their static counterpart. That's declared as follows:
@@ -398,7 +445,7 @@ library:
RENAME[libfoo]=libbar
That lines has "libfoo" get renamed to "libbar". While it makes no
That line has "libfoo" renamed to "libbar". While it makes no
sense at all to just have a rename like that (why not just use
"libbar" everywhere?), it does make sense when it can be used
conditionally. See a little further below for an example.
@@ -420,8 +467,8 @@ others, that's done as follows:
GENERATE[bar.s]=asm/bar.S
The value of each GENERATE line is a command line or part of it.
Configure places no rules on the command line, except the the first
item muct be the generator file. It is, however, entirely up to the
Configure places no rules on the command line, except that the first
item must be the generator file. It is, however, entirely up to the
build file template to define exactly how those command lines should
be handled, how the output is captured and so on.
@@ -471,7 +518,7 @@ clash with those generated by Configure, it's possible to tell it
not to generate them with the use of OVERRIDES, for example:
SOURCE[libfoo]=foo.c bar.c
OVERRIDES=bar.o
BEGINRAW[Makefile(unix)]
bar.o: bar.c
@@ -623,8 +670,7 @@ They are all expected to return a string with the lines they produce.
libobj2shlib(shlib => "PATH/TO/shlibfile",
lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/otherlibfile", ... ],
ordinals => [ "word", "/PATH/TO/ordfile" ]);
deps => [ "PATH/TO/otherlibfile", ... ]);
'lib' has the intended library file name *without*
extension, libobj2shlib is expected to add that.
@@ -633,11 +679,7 @@ They are all expected to return a string with the lines they produce.
libraries (also *without* extension) this library
needs to be linked with. 'objs' has the list of
object files (also *without* extension) to build
this library. 'ordinals' MAY be present, and when
it is, its value is an array where the word is
"crypto" or "ssl" and the file is one of the ordinal
files util/libeay.num or util/ssleay.num in the
source directory.
this library.
This function has a choice; it can use the
corresponding static library as input to make the

88
Configurations/README.design
View File

@@ -41,10 +41,9 @@ end products. There are variants for them with '_NO_INST' as suffix
(PROGRAM_NO_INST etc) to specify end products that shouldn't get
installed.
The variables SOURCE, DEPEND, INCLUDE and ORDINALS are indexed by a
produced file, and their values are the source used to produce that
particular produced file, extra dependencies, include directories
needed, and ordinal files (explained further below.
The variables SOURCE, DEPEND and INCLUDE are indexed by a produced
file, and their values are the source used to produce that particular
produced file, extra dependencies, and include directories needed.
All their values in all the build.info throughout the source tree are
collected together and form a set of programs, libraries, engines and
@@ -57,18 +56,15 @@ dependencies.
# build.info
LIBS=libcrypto libssl
ORDINALS[libcrypto]=crypto
ORDINALS[libssl]=ssl
INCLUDE[libcrypto]=include
INCLUDE[libssl]=include
DEPEND[libssl]=libcrypto
This is the top directory build.info file, and it tells us that two
libraries are to be built, there are some ordinals to be used to
declare what symbols in those libraries are seen as public, the
include directory 'include/' shall be used throughout when building
anything that will end up in each library, and that the library
'libssl' depend on the library 'libcrypto' to function properly.
libraries are to be built, the include directory 'include/' shall be
used throughout when building anything that will end up in each
library, and that the library 'libssl' depend on the library
'libcrypto' to function properly.
# apps/build.info
PROGRAMS=openssl
@@ -90,7 +86,7 @@ depends on the library 'libssl' to function properly.
LIBS=../libcrypto
SOURCE[../libcrypto]=aes.c evp.c cversion.c
DEPEND[cversion.o]=buildinf.h
GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)"
DEPEND[buildinf.h]=../Makefile
DEPEND[../util/mkbuildinf.pl]=../util/Foo.pm
@@ -105,7 +101,7 @@ show that duplicate information isn't an issue.
This build.info file informs us that 'libcrypto' is built from a few
source files, 'crypto/aes.c', 'crypto/evp.c' and 'crypto/cversion.c'.
It also shows us that building the object file inferred from
'crypto/cversion.c' depends on 'crypto/buildinf.h'. Finally, it
'crypto/cversion.c' depends on 'crypto/buildinf.h'. Finally, it
also shows the possibility to declare how some files are generated
using some script, in this case a perl script, and how such scripts
can be declared to depend on other files, in this case a perl module.
@@ -133,7 +129,7 @@ library 'libssl' is built from the source file 'ssl/tls.c'.
ENGINES_NO_INST=ossltest
SOURCE[ossltest]=e_ossltest.c
DEPEND[ossltest]=../libcrypto
DEPEND[ossltest]=../libcrypto.a
INCLUDE[ossltest]=../include
This is the build.info file in 'engines/', telling us that two engines
@@ -142,22 +138,21 @@ dasync's source is 'engines/e_dasync.c' and ossltest's source is
'engines/e_ossltest.c' and that the include directory 'include/' may
be used when building anything that will be part of these engines.
Also, both engines depend on the library 'libcrypto' to function
properly. Finally, only dasync is being installed, as ossltest is
only for internal testing.
properly. ossltest is explicitly linked with the static variant of
the library 'libcrypto'. Finally, only dasync is being installed, as
ossltest is only for internal testing.
When Configure digests these build.info files, the accumulated
information comes down to this:
LIBS=libcrypto libssl
ORDINALS[libcrypto]=crypto
SOURCE[libcrypto]=crypto/aes.c crypto/evp.c crypto/cversion.c
DEPEND[crypto/cversion.o]=crypto/buildinf.h
INCLUDE[libcrypto]=include
ORDINALS[libssl]=ssl
SOURCE[libssl]=ssl/tls.c
INCLUDE[libssl]=include
DEPEND[libssl]=libcrypto
PROGRAMS=apps/openssl
SOURCE[apps/openssl]=apps/openssl.c
INCLUDE[apps/openssl]=. include
@@ -170,9 +165,9 @@ information comes down to this:
ENGINES_NO_INST=engines/ossltest
SOURCE[engines/ossltest]=engines/e_ossltest.c
DEPEND[engines/ossltest]=libcrypto
DEPEND[engines/ossltest]=libcrypto.a
INCLUDE[engines/ossltest]=include
GENERATE[crypto/buildinf.h]=util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)"
DEPEND[crypto/buildinf.h]=Makefile
DEPEND[util/mkbuildinf.pl]=util/Foo.pm
@@ -186,9 +181,9 @@ PROGRAMS may be used to declare programs only.
ENGINES may be used to declare engines only.
The indexes for SOURCE and ORDINALS must only be end product files,
such as libraries, programs or engines. The values of SOURCE
variables must only be source files (possibly generated)
The indexes for SOURCE must only be end product files, such as
libraries, programs or engines. The values of SOURCE variables must
only be source files (possibly generated).
INCLUDE and DEPEND shows a relationship between different files
(usually produced files) or between files and directories, such as a
@@ -235,12 +230,6 @@ indexes:
libraries => a list of libraries. These are directly inferred from
the LIBS variable in build.info files.
ordinals => a hash table containing 'file' => [ 'word', 'ordfile' ]
pairs. 'file' and 'word' are directly inferred from
the ORDINALS variables in build.info files, while the
file 'ofile' comes from internal knowledge in
Configure.
programs => a list of programs. These are directly inferred from
the PROGRAMS variable in build.info files.
@@ -281,10 +270,14 @@ section above would be digested into a %unified_info table:
[
"crypto/buildinf.h",
],
"engines/ossltest" =>
"engines/dasync" =>
[
"libcrypto",
],
"engines/ossltest" =>
[
"libcrypto.a",
],
"libssl" =>
[
"libcrypto",
@@ -354,19 +347,6 @@ section above would be digested into a %unified_info table:
"libcrypto",
"libssl",
],
"ordinals" =>
{
"libcrypto" =>
[
"crypto",
"util/libcrypto.num",
],
"libssl" =>
[
"ssl",
"util/libssl.num",
],
},
"programs" =>
[
"apps/openssl",
@@ -396,6 +376,14 @@ section above would be digested into a %unified_info table:
[
"crypto/evp.c",
],
"engines/e_dasync.o" =>
[
"engines/e_dasync.c",
],
"engines/dasync" =>
[
"engines/e_dasync.o",
],
"engines/e_ossltest.o" =>
[
"engines/e_ossltest.c",
@@ -517,8 +505,7 @@ etc.
libobj2shlib(shlib => "PATH/TO/shlibfile",
lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/otherlibfile", ... ],
ordinals => [ "word", "/PATH/TO/ordfile" ]);
deps => [ "PATH/TO/otherlibfile", ... ]);
'lib' has the intended library file name *without*
extension, libobj2shlib is expected to add that.
@@ -527,11 +514,7 @@ etc.
libraries (also *without* extension) this library
needs to be linked with. 'objs' has the list of
object files (also *without* extension) to build
this library. 'ordinals' MAY be present, and when
it is, its value is an array where the word is
"crypto" or "ssl" and the file is one of the ordinal
files util/libcrypto.num or util/libssl.num in the
source directory.
this library.
This function has a choice; it can use the
corresponding static library as input to make the
@@ -604,8 +587,7 @@ following calls:
libobj2shlib(shlib => "libcrypto",
lib => "libcrypto",
objs => [ "crypto/aes", "crypto/evp", "crypto/cversion" ],
deps => [ ]
ordinals => [ "crypto", "util/libcrypto.num" ]);
deps => [ ]);
obj2lib(lib => "libcrypto"
objs => [ "crypto/aes", "crypto/evp", "crypto/cversion" ]);

134
Configurations/common.tmpl
View File

@@ -9,15 +9,23 @@
# there are no duplicate dependencies and that they are in the
# right order. This is especially used to sort the list of
# libraries that a build depends on.
sub extensionlesslib {
my @result = map { $_ =~ /(\.a)?$/; $` } @_;
return @result if wantarray;
return $result[0];
}
sub resolvedepends {
my $thing = shift;
my $extensionlessthing = extensionlesslib($thing);
my @listsofar = @_; # to check if we're looping
my @list = @{$unified_info{depends}->{$thing}};
my @list = @{$unified_info{depends}->{$thing} //
$unified_info{depends}->{$extensionlessthing}};
my @newlist = ();
if (scalar @list) {
foreach my $item (@list) {
my $extensionlessitem = extensionlesslib($item);
# It's time to break off when the dependency list starts looping
next if grep { $_ eq $item } @listsofar;
next if grep { extensionlesslib($_) eq $extensionlessitem } @listsofar;
push @newlist, $item, resolvedepends($item, @listsofar, $item);
}
}
@@ -26,12 +34,34 @@
sub reducedepends {
my @list = @_;
my @newlist = ();
my %replace = ();
while (@list) {
my $item = shift @list;
push @newlist, $item
unless grep { $item eq $_ } @list;
my $extensionlessitem = extensionlesslib($item);
if (grep { $extensionlessitem eq extensionlesslib($_) } @list) {
if ($item ne $extensionlessitem) {
# If this instance of the library is explicitly static, we
# prefer that to any shared library name, since it must have
# been done on purpose.
$replace{$extensionlessitem} = $item;
}
} else {
push @newlist, $item;
}
}
@newlist;
map { $replace{$_} // $_; } @newlist;
}
# is_installed checks if a given file will be installed (i.e. they are
# not defined _NO_INST in build.info)
sub is_installed {
my $product = shift;
if (grep { $product eq $_ }
map { (@{$unified_info{install}->{$_}}) }
keys %{$unified_info{install}}) {
return 1;
}
return 0;
}
# dogenerate is responsible for producing all the recipes that build
@@ -66,11 +96,11 @@
sub doobj {
my $obj = shift;
return "" if $cache{$obj};
(my $obj_no_o = $obj) =~ s|\.o$||;
my $bin = shift;
my %opts = @_;
if (@{$unified_info{sources}->{$obj}}) {
$OUT .= src2obj(obj => $obj_no_o,
$OUT .= src2obj(obj => $obj,
product => $bin,
srcs => $unified_info{sources}->{$obj},
deps => $unified_info{depends}->{$obj},
incs => $unified_info{includes}->{$obj},
@@ -90,26 +120,28 @@
sub dolib {
my $lib = shift;
return "" if $cache{$lib};
unless ($disabled{shared}) {
my %ordinals =
$unified_info{ordinals}->{$lib}
? (ordinals => $unified_info{ordinals}->{$lib}) : ();
unless ($disabled{shared} || $lib =~ /\.a$/) {
$OUT .= libobj2shlib(shlib => $unified_info{sharednames}->{$lib},
lib => $lib,
objs => [ map { (my $x = $_) =~ s|\.o$||; $x }
(@{$unified_info{sources}->{$lib}},
@{$unified_info{shared_sources}->{$lib}}) ],
objs => [ @{$unified_info{shared_sources}->{$lib}},
@{$unified_info{sources}->{$lib}} ],
deps => [ reducedepends(resolvedepends($lib)) ],
%ordinals);
foreach (@{$unified_info{shared_sources}->{$lib}}) {
doobj($_, $lib, intent => "lib");
installed => is_installed($lib));
foreach ((@{$unified_info{shared_sources}->{$lib}},
@{$unified_info{sources}->{$lib}})) {
# If this is somehow a compiled object, take care of it that way
# Otherwise, it might simply be generated
if (defined $unified_info{sources}->{$_}) {
doobj($_, $lib, intent => "lib", installed => is_installed($lib));
} else {
dogenerate($_, undef, undef, intent => "lib");
}
}
}
$OUT .= obj2lib(lib => $lib,
objs => [ map { (my $x = $_) =~ s|\.o$||; $x }
@{$unified_info{sources}->{$lib}} ]);
objs => [ @{$unified_info{sources}->{$lib}} ]);
foreach (@{$unified_info{sources}->{$lib}}) {
doobj($_, $lib, intent => "lib");
doobj($_, $lib, intent => "lib", installed => is_installed($lib));
}
$cache{$lib} = 1;
}
@@ -121,13 +153,13 @@
my $lib = shift;
return "" if $cache{$lib};
$OUT .= obj2dso(lib => $lib,
objs => [ map { (my $x = $_) =~ s|\.o$||; $x }
(@{$unified_info{sources}->{$lib}},
@{$unified_info{shared_sources}->{$lib}}) ],
deps => [ resolvedepends($lib) ]);
objs => [ @{$unified_info{sources}->{$lib}},
@{$unified_info{shared_sources}->{$lib}} ],
deps => [ resolvedepends($lib) ],
installed => is_installed($lib));
foreach ((@{$unified_info{sources}->{$lib}},
@{$unified_info{shared_sources}->{$lib}})) {
doobj($_, $lib, intent => "dso");
doobj($_, $lib, intent => "dso", installed => is_installed($lib));
}
$cache{$lib} = 1;
}
@@ -139,11 +171,11 @@
return "" if $cache{$bin};
my $deps = [ reducedepends(resolvedepends($bin)) ];
$OUT .= obj2bin(bin => $bin,
objs => [ map { (my $x = $_) =~ s|\.o$||; $x }
@{$unified_info{sources}->{$bin}} ],
deps => $deps);
objs => [ @{$unified_info{sources}->{$bin}} ],
deps => $deps,
installed => is_installed($bin));
foreach (@{$unified_info{sources}->{$bin}}) {
doobj($_, $bin, intent => "bin");
doobj($_, $bin, intent => "bin", installed => is_installed($bin));
}
$cache{$bin} = 1;
}
@@ -154,7 +186,8 @@
my $script = shift;
return "" if $cache{$script};
$OUT .= in2script(script => $script,
sources => $unified_info{sources}->{$script});
sources => $unified_info{sources}->{$script},
installed => is_installed($script));
$cache{$script} = 1;
}
@@ -170,47 +203,6 @@
# Start with populating the cache with all the overrides
%cache = map { $_ => 1 } @{$unified_info{overrides}};
# For convenience collect information regarding directories where
# files are generated, those generated files and the end product
# they end up in where applicable. Then, add build rules for those
# directories
if (exists &generatedir) {
my %loopinfo = ( "dso" => [ @{$unified_info{engines}} ],
"lib" => [ @{$unified_info{libraries}} ],
"bin" => [ @{$unified_info{programs}} ],
"script" => [ @{$unified_info{scripts}} ] );
foreach my $type (keys %loopinfo) {
foreach my $product (@{$loopinfo{$type}}) {
my %dirs = ();
my $pd = dirname($product);
# We already have a "test" target, and the current directory
# is just silly to make a target for
$dirs{$pd} = 1 unless $pd eq "test" || $pd eq ".";
foreach (@{$unified_info{sources}->{$product}}) {
my $d = dirname($_);
# We don't want to create targets for source directories
# when building out of source
next if ($config{sourcedir} ne $config{builddir}
&& $d =~ m|^\Q$config{sourcedir}\E|);
# We already have a "test" target, and the current directory
# is just silly to make a target for
next if $d eq "test" || $d eq ".";
$dirs{$d} = 1;
push @{$unified_info{dirinfo}->{$d}->{deps}}, $_
if $d ne $pd;
}
foreach (keys %dirs) {
push @{$unified_info{dirinfo}->{$_}->{products}->{$type}},
$product;
}
}
}
}
# Build mandatory generated headers
foreach (@{$unified_info{depends}->{""}}) { dogenerate($_); }

31
Configurations/common0.tmpl Normal file
View File

@@ -0,0 +1,31 @@
{- # -*- Mode: perl -*-
# Commonly used list of generated files
# The reason for the complexity is that the build.info files provide
# GENERATE rules for *all* platforms without discrimination, while the
# build files only want those for a particular build. Therefore, we
# need to extrapolate exactly what we need to generate. The way to do
# that is to extract all possible source files from diverse tables and
# filter out all that are not generated
my %generatables =
map { $_ => 1 }
( # The sources of stuff may be generated
( map { @{$unified_info{sources}->{$_}} }
keys %{$unified_info{sources}} ),
$disabled{shared}
? ()
: ( map { @{$unified_info{shared_sources}->{$_}} }
keys %{$unified_info{shared_sources}} ),
# Things we explicitly depend on are usually generated
( map { $_ eq "" ? () : @{$unified_info{depends}->{$_}} }
keys %{$unified_info{depends}} ));
our @generated =
sort ( ( grep { defined $unified_info{generate}->{$_} }
sort keys %generatables ),
# Scripts are assumed to be generated, so add them too
( grep { defined $unified_info{sources}->{$_} }
@{$unified_info{scripts}} ) );
# Avoid strange output
"";
-}

690
Configurations/descrip.mms.tmpl
View File

@@ -3,13 +3,14 @@
## {- join("\n## ", @autowarntext) -}
{-
use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs/;
use File::Basename;
# Our prefix, claimed when speaking with the VSI folks Tuesday
# January 26th 2016
our $osslprefix = 'OSSL$';
(our $osslprefix_q = $osslprefix) =~ s/\$/\\\$/;
our $sover = sprintf "%02d%02d", $config{shlib_major}, $config{shlib_minor};
our $sover_dirname = sprintf "%02d%02d", split(/\./, $config{shlib_version_number});
our $osslver = sprintf "%02d%02d", split(/\./, $config{version});
our $sourcedir = $config{sourcedir};
@@ -42,13 +43,18 @@
# Because we need to make two computations of these data,
# we store them in arrays for reuse
our @shlibs = map { $unified_info{sharednames}->{$_} || () } @{$unified_info{libraries}};
our @install_shlibs = map { $unified_info{sharednames}->{$_} || () } @{$unified_info{install}->{libraries}};
our @generated = ( ( map { (my $x = $_) =~ s|\.S$|\.s|; $x }
grep { defined $unified_info{generate}->{$_} }
map { @{$unified_info{sources}->{$_}} }
grep { /\.o$/ } keys %{$unified_info{sources}} ),
( grep { /\.h$/ } keys %{$unified_info{generate}} ) );
our @libs =
map { (my $x = $_) =~ s/\.a$//; $x }
@{$unified_info{libraries}};
our @shlibs =
map { $unified_info{sharednames}->{$_} || () }
grep(!/\.a$/, @{$unified_info{libraries}});
our @install_libs =
map { (my $x = $_) =~ s/\.a$//; $x }
@{$unified_info{install}->{libraries}};
our @install_shlibs =
map { $unified_info{sharednames}->{$_} || () }
grep(!/\.a$/, @{$unified_info{install}->{libraries}});
# This is a horrible hack, but is needed because recursive inclusion of files
# in different directories does not work well with HP C.
@@ -63,17 +69,9 @@
}
my $sd1 = sourcedir("ssl","record");
my $sd2 = sourcedir("ssl","statem");
$unified_info{before}->{"[.test]heartbeat_test.OBJ"}
= $unified_info{before}->{"[.test]ssltest_old.OBJ"}
= qq(record_include = F\$PARSE("$sd1","A.;",,,"SYNTAX_ONLY") - "A.;"
define record 'record_include'
statem_include = F\$PARSE("$sd2","A.;",,,"SYNTAX_ONLY") - "A.;"
define statem 'statem_include');
$unified_info{after}->{"[.test]heartbeat_test.OBJ"}
= $unified_info{after}->{"[.test]ssltest.OBJ"}
= qq(deassign statem
deassign record);
foreach (grep /^\[\.ssl\.(?:record|statem)\].*\.o$/, keys %{$unified_info{sources}}) {
my @ssl_locl_users = grep(/^\[\.(?:ssl\.(?:record|statem)|test)\].*\.o$/,
keys %{$unified_info{sources}});
foreach (@ssl_locl_users) {
(my $x = $_) =~ s|\.o$|.OBJ|;
$unified_info{before}->{$x}
= qq(record_include = F\$PARSE("$sd1","A.;",,,"SYNTAX_ONLY") - "A.;"
@@ -121,7 +119,7 @@ SHLIB_EXT=.EXE
OBJ_EXT=.OBJ
DEP_EXT=.D
LIBS={- join(", ", map { "-\n\t".$_.".OLB" } @{$unified_info{libraries}}) -}
LIBS={- join(", ", map { "-\n\t".$_.".OLB" } @libs) -}
SHLIBS={- join(", ", map { "-\n\t".$_.".EXE" } @shlibs) -}
ENGINES={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{engines}}) -}
PROGRAMS={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{programs}}) -}
@@ -133,9 +131,11 @@ DEPS={- our @deps = map { (my $x = $_) =~ s|\.o$|\$(DEP_EXT)|; $x; }
join(", ", map { "-\n\t".$_ } @deps); -}
{- output_on() if $disabled{makedepend}; "" -}
GENERATED_MANDATORY={- join(", ", map { "-\n\t".$_ } @{$unified_info{depends}->{""}} ) -}
GENERATED={- join(", ", map { "-\n\t".$_ } @generated) -}
GENERATED={- # common0.tmpl provides @generated
join(", ", map { (my $x = $_) =~ s|\.[sS]$|.asm|; "-\n\t".$x }
@generated) -}
INSTALL_LIBS={- join(", ", map { "-\n\t".$_.".OLB" } @{$unified_info{install}->{libraries}}) -}
INSTALL_LIBS={- join(", ", map { "-\n\t".$_.".OLB" } @install_libs) -}
INSTALL_SHLIBS={- join(", ", map { "-\n\t".$_.".EXE" } @install_shlibs) -}
INSTALL_ENGINES={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{install}->{engines}}) -}
INSTALL_PROGRAMS={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{install}->{programs}}) -}
@@ -167,27 +167,175 @@ OPENSSLDIR={- catdir($config{openssldir}) or
# The same, but for C
OPENSSLDIR_C={- $osslprefix -}DATAROOT:[000000]
# Where installed engines reside, for C
ENGINESDIR_C={- $osslprefix -}ENGINES{- $sover.$target{pointer_size} -}:
ENGINESDIR_C={- $osslprefix -}ENGINES{- $sover_dirname.$target{pointer_size} -}:
CC= {- $target{cc} -}
CFLAGS= /DEFINE=({- join(",", @{$target{defines}}, @{$config{defines}},"OPENSSLDIR=\"\"\"\$(OPENSSLDIR_C)\"\"\"","ENGINESDIR=\"\"\"\$(ENGINESDIR_C)\"\"\"") -}) {- $target{cflags} -} {- $config{cflags} -}
CFLAGS_Q=$(CFLAGS)
DEPFLAG= /DEFINE=({- join(",", @{$config{depdefines}}) -})
LDFLAGS= {- $target{lflags} -}
EX_LIBS= {- $target{ex_libs} ? ",".$target{ex_libs} : "" -}{- $config{ex_libs} ? ",".$config{ex_libs} : "" -}
LIB_CFLAGS={- $target{lib_cflags} || "" -}
DSO_CFLAGS={- $target{dso_cflags} || "" -}
BIN_CFLAGS={- $target{bin_cflags} || "" -}
##### User defined commands and flags ################################
PERL={- $config{perl} -}
CC={- $config{CC} -}
CPP={- $config{CPP} -}
DEFINES={- our $defines1 = join('', map { ",$_" } @{$config{CPPDEFINES}}) -}
INCLUDES={- our $includes1 = join(',', @{$config{CPPINCLUDES}}) -}
CPPFLAGS={- our $cppflags1 = join('', @{$config{CPPFLAGS}}) -}
CFLAGS={- join('', @{$config{CFLAGS}}) -}
LDFLAGS={- join('', @{$config{LFLAGS}}) -}
EX_LIBS={- join('', map { ",$_" } @{$config{LDLIBS}}) -}
# We let the C compiler driver to take care of .s files. This is done in
# order to be excused from maintaining a separate set of architecture
# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
# gcc, then the driver will automatically translate it to -xarch=v8plus
# and pass it down to assembler.
AS={- $target{as} -}
ASFLAG={- $target{asflags} -}
PERL={- $config{PERL} -}
AS={- $config{AS} -}
ASFLAGS={- join(' ', @{$config{ASFLAGS}}) -}
##### Special command flags ##########################################
ASOUTFLAG={- $target{asoutflag} -}$(OSSL_EMPTY)
##### Project flags ##################################################
# Variables starting with CNF_ are common variables for all product types
CNF_ASFLAGS={- join('', $target{asflags} || (),
@{$config{asflags}}) -}
CNF_DEFINES={- our $defines2 = join('', map { ",$_" } @{$target{defines}},
@{$config{defines}}) -}
CNF_INCLUDES={- our $includes2 = join(',', @{$target{includes}},
@{$config{includes}}) -}
CNF_CPPFLAGS={- our $cppflags2 = join('', $target{cppflags} || (),
@{$config{cppflags}}) -}
CNF_CFLAGS={- join('', $target{cflags} || (),
@{$config{cflags}}) -}
CNF_CXXFLAGS={- join('', $target{cxxflags} || (),
@{$config{cxxflags}}) -}
CNF_LDFLAGS={- join('', $target{lflags} || (),
@{$config{lflags}}) -}
CNF_EX_LIBS={- join('', map{ ",$_" } @{$target{ex_libs}},
@{$config{ex_libs}}) -}
# Variables starting with LIB_ are used to build library object files
# and shared libraries.
# Variables starting with DSO_ are used to build DSOs and their object files.
# Variables starting with BIN_ are used to build programs and their object
# files.
LIB_ASFLAGS={- join(' ', $target{lib_asflags} || (),
@{$config{lib_asflags}},
'$(CNF_ASFLAGS)', '$(ASFLAGS)') -}
LIB_DEFINES={- our $lib_defines =
join('', (map { ",$_" } @{$target{lib_defines}},
@{$target{shared_defines}},
@{$config{lib_defines}},
@{$config{shared_defines}}));
join('', $lib_defines,
(map { ",$_" } 'OPENSSLDIR="""$(OPENSSLDIR_C)"""',
'ENGINESDIR="""$(ENGINESDIR_C)"""'),
'$(CNF_DEFINES)', '$(DEFINES)') -}
LIB_INCLUDES={- our $lib_includes =
join(',', @{$target{lib_includes}},
@{$target{shared_includes}},
@{$config{lib_includes}},
@{$config{shared_includes}}) -}
LIB_CPPFLAGS={- our $lib_cppflags =
join('', $target{lib_cppflags} || (),
$target{shared_cppflags} || (),
@{$config{lib_cppflags}},
@{$config{shared_cppflag}});
join('', "'qual_includes'",
'/DEFINE=(__dummy$(LIB_DEFINES))',
$lib_cppflags,
'$(CNF_CPPFLAGS)', '$(CPPFLAGS)') -}
LIB_CFLAGS={- join('', $target{lib_cflags} || (),
$target{shared_cflag} || (),
@{$config{lib_cflags}},
@{$config{shared_cflag}},
'$(CNF_CFLAGS)', '$(CFLAGS)') -}
LIB_LDFLAGS={- join('', $target{lib_lflags} || (),
$target{shared_ldflag} || (),
@{$config{lib_lflags}},
@{$config{shared_ldflag}},
'$(CNF_LDFLAGS)', '$(LDFLAGS)') -}
LIB_EX_LIBS=$(CNF_EX_LIBS)$(EX_LIBS)
DSO_ASFLAGS={- join(' ', $target{dso_asflags} || (),
$target{module_asflags} || (),
@{$config{dso_asflags}},
@{$config{module_asflags}},
'$(CNF_ASFLAGS)', '$(ASFLAGS)') -}
DSO_DEFINES={- join('', (map { ",$_" } @{$target{dso_defines}},
@{$target{module_defines}},
@{$config{dso_defines}},
@{$config{module_defines}}),
'$(CNF_DEFINES)', '$(DEFINES)') -}
DSO_INCLUDES={- join(',', @{$target{dso_includes}},
@{$target{module_includes}},
@{$config{dso_includes}},
@{$config{module_includes}}) -}
DSO_CPPFLAGS={- join('', "'qual_includes'",
'/DEFINE=(__dummy$(DSO_DEFINES))',
$target{dso_cppflags} || (),
$target{module_cppflags} || (),
@{$config{dso_cppflags}},
@{$config{module_cppflags}},
'$(CNF_CPPFLAGS)', '$(CPPFLAGS)') -}
DSO_CFLAGS={- join('', $target{dso_cflags} || (),
$target{module_cflags} || (),
@{$config{dso_cflags}},
@{$config{module_cflags}},
'$(CNF_CFLAGS)', '$(CFLAGS)') -}
DSO_LDFLAGS={- join('', $target{dso_lflags} || (),
$target{module_ldflags} || (),
@{$config{dso_lflags}},
@{$config{module_ldflags}},
'$(CNF_LDFLAGS)', '$(LDFLAGS)') -}
DSO_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS)
BIN_ASFLAGS={- join(' ', $target{bin_asflags} || (),
@{$config{bin_asflags}},
'$(CNF_ASFLAGS)', '$(ASFLAGS)') -}
BIN_DEFINES={- join('', (map { ",$_" } @{$target{bin_defines}},
@{$config{bin_defines}}),
'$(CNF_DEFINES)', '$(DEFINES)') -}
BIN_INCLUDES={- join(',', @{$target{bin_includes}},
@{$config{bin_includes}}) -}
BIN_CPPFLAGS={- join('', "'qual_includes'",
'/DEFINE=(__dummy$(DSO_DEFINES))',
$target{bin_cppflags} || (),
@{$config{bin_cppflag}},
'$(CNF_CPPFLAGS)', '$(CPPFLAGS)') -}
BIN_CFLAGS={- join('', $target{bin_cflag} || (),
@{$config{bin_cflag}},
'$(CNF_CFLAGS)', '$(CFLAGS)') -}
BIN_LDFLAGS={- join('', $target{bin_lflags} || (),
@{$config{bin_lflags}} || (),
'$(CNF_LDFLAGS)', '$(LDFLAGS)') -}
BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS)
NO_INST_LIB_CFLAGS={- join('', $target{no_inst_lib_cflags}
// $target{lib_cflags}
// (),
$target{shared_cflag} || (),
@{$config{lib_cflags}},
@{$config{shared_cflag}},
'$(CNF_CFLAGS)', '$(CFLAGS)') -}
NO_INST_DSO_CFLAGS={- join('', $target{no_inst_lib_cflags}
// $target{lib_cflags}
// (),
$target{dso_cflags} || (),
@{$config{lib_cflags}},
@{$config{dso_cflags}},
'$(CNF_CFLAGS)', '$(CFLAGS)') -}
NO_INST_BIN_CFLAGS={- join('', $target{no_inst_bin_cflags}
// $target{bin_cflags}
// (),
@{$config{bin_cflags}},
'$(CNF_CFLAGS)', '$(CFLAGS)') -}
PERLASM_SCHEME={- $target{perlasm_scheme} -}
# CPPFLAGS_Q is used for one thing only: to build up buildinf.h
CPPFLAGS_Q={- (my $c = $lib_cppflags.$cppflags2.$cppflags1) =~ s|"|""|g;
(my $d = $lib_defines.$defines2.$defines1) =~ s|"|""|g;
my $i = join(',', $lib_includes || (), $includes2 || (),
$includes1 || ());
my $x = $c;
$x .= "/INCLUDE=($i)" if $i;
$x .= "/DEFINE=($d)" if $d;
$x; -}
# .FIRST and .LAST are special targets with MMS and MMK.
# The defines in there are for C. includes that look like
@@ -195,6 +343,7 @@ ASFLAG={- $target{asflags} -}
#
# #include <openssl/foo.h>
# #include "internal/bar.h"
# #include "crypto/something.h"
#
# will use the logical names to find the files. Expecting
# DECompHP C to find files in subdirectories of whatever was
@@ -203,11 +352,13 @@ NODEBUG=@
.FIRST :
$(NODEBUG) openssl_inc1 = F$PARSE("[.include.openssl]","A.;",,,"syntax_only") - "A.;"
$(NODEBUG) openssl_inc2 = F$PARSE("{- catdir($config{sourcedir},"[.include.openssl]") -}","A.;",,,"SYNTAX_ONLY") - "A.;"
$(NODEBUG) internal_inc1 = F$PARSE("[.crypto.include.internal]","A.;",,,"SYNTAX_ONLY") - "A.;"
$(NODEBUG) internal_inc1 = F$PARSE("[.include.internal]","A.;",,,"SYNTAX_ONLY") - "A.;"
$(NODEBUG) internal_inc2 = F$PARSE("{- catdir($config{sourcedir},"[.include.internal]") -}","A.;",,,"SYNTAX_ONLY") - "A.;"
$(NODEBUG) internal_inc3 = F$PARSE("{- catdir($config{sourcedir},"[.crypto.include.internal]") -}","A.;",,,"SYNTAX_ONLY") - "A.;"
$(NODEBUG) crypto_inc1 = F$PARSE("[.include.crypto]","A.;",,,"SYNTAX_ONLY") - "A.;"
$(NODEBUG) crypto_inc2 = F$PARSE("{- catdir($config{sourcedir},"[.include.crypto]") -}","A.;",,,"SYNTAX_ONLY") - "A.;"
$(NODEBUG) DEFINE openssl 'openssl_inc1','openssl_inc2'
$(NODEBUG) DEFINE internal 'internal_inc1','internal_inc2','internal_inc3'
$(NODEBUG) DEFINE internal 'internal_inc1','internal_inc2'
$(NODEBUG) DEFINE crypto 'crypto_inc1','crypto_inc2'
$(NODEBUG) staging_dir = "$(DESTDIR)"
$(NODEBUG) staging_instdir = ""
$(NODEBUG) staging_datadir = ""
@@ -226,8 +377,13 @@ NODEBUG=@
$(NODEBUG) !
$(NODEBUG) ! Installation logical names
$(NODEBUG) !
$(NODEBUG) installtop = F$PARSE(staging_instdir,"$(INSTALLTOP)","[]A.;",,"SYNTAX_ONLY,NO_CONCEAL") - ".][000000" - "[000000." - "][" - "]A.;" + ".]"
$(NODEBUG) datatop = F$PARSE(staging_datadir,"$(OPENSSLDIR)","[]A.;",,"SYNTAX_ONLY,NO_CONCEAL") - ".][000000" - "[000000." - "][" - "]A.;" + ".]"
$(NODEBUG) ! This also creates a few DCL variables that are used for
$(NODEBUG) ! the "install_msg" target.
$(NODEBUG) !
$(NODEBUG) installroot = F$PARSE(staging_instdir,"$(INSTALLTOP)","[]A.;",,"SYNTAX_ONLY,NO_CONCEAL") - ".][000000" - "[000000." - "][" - "]A.;"
$(NODEBUG) installtop = installroot + ".]"
$(NODEBUG) dataroot = F$PARSE(staging_datadir,"$(OPENSSLDIR)","[]A.;",,"SYNTAX_ONLY,NO_CONCEAL") - ".][000000" - "[000000." - "][" - "]A.;"
$(NODEBUG) datatop = dataroot + ".]"
$(NODEBUG) DEFINE ossl_installroot 'installtop'
$(NODEBUG) DEFINE ossl_dataroot 'datatop'
$(NODEBUG) !
@@ -238,12 +394,13 @@ NODEBUG=@
$(NODEBUG) ! Set up logical names for the libraries, so LINK and
$(NODEBUG) ! running programs can use them.
$(NODEBUG) !
$(NODEBUG) {- join("\n\t\$(NODEBUG) ", map { "DEFINE ".uc($_)." 'F\$ENV(\"DEFAULT\")'".uc($_)."\$(SHLIB_EXT)" } map { $unified_info{sharednames}->{$_} || () } @{$unified_info{libraries}}) || "!" -}
$(NODEBUG) {- join("\n\t\$(NODEBUG) ", map { "DEFINE ".uc($_)." 'F\$ENV(\"DEFAULT\")'".uc($_)."\$(SHLIB_EXT)" } @shlibs) || "!" -}
.LAST :
$(NODEBUG) {- join("\n\t\$(NODEBUG) ", map { "DEASSIGN ".uc($_) } map { $unified_info{sharednames}->{$_} || () } @{$unified_info{libraries}}) || "!" -}
$(NODEBUG) {- join("\n\t\$(NODEBUG) ", map { "DEASSIGN ".uc($_) } @shlibs) || "!" -}
$(NODEBUG) DEASSIGN ossl_dataroot
$(NODEBUG) DEASSIGN ossl_installroot
$(NODEBUG) DEASSIGN crypto
$(NODEBUG) DEASSIGN internal
$(NODEBUG) DEASSIGN openssl
.DEFAULT :
@@ -267,6 +424,11 @@ build_apps build_tests : build_programs
# Convenience target to prebuild all generated files, not just the mandatory
# ones
build_all_generated : $(GENERATED_MANDATORY) $(GENERATED)
@ ! {- output_off() if $disabled{makedepend}; "" -}
@ WRITE SYS$OUTPUT "Warning: consider configuring with no-makedepend, because if"
@ WRITE SYS$OUTPUT " target system doesn't have $(PERL),"
@ WRITE SYS$OUTPUT " then make will fail..."
@ ! {- output_on() if $disabled{makedepend}; "" -}
test : tests
{- dependmagic('tests'); -} : build_programs_nodep, build_engines_nodep
@@ -298,30 +460,19 @@ list-tests :
@ WRITE SYS$OUTPUT "Tests are not supported with your chosen Configure options"
@ ! {- output_on() if !$disabled{tests}; "" -}
install : install_sw install_ssldirs install_docs
install : install_sw install_ssldirs install_docs install_msg
@ !
install_msg :
@ WRITE SYS$OUTPUT ""
@ WRITE SYS$OUTPUT "######################################################################"
@ WRITE SYS$OUTPUT ""
@ IF "$(DESTDIR)" .EQS. "" THEN -
PIPE ( WRITE SYS$OUTPUT "Installation complete" ; -
WRITE SYS$OUTPUT "" ; -
WRITE SYS$OUTPUT "Run @$(SYSTARTUP)openssl_startup{- $osslver -} to set up logical names" ; -
WRITE SYS$OUTPUT "then run @$(SYSTARTUP)openssl_utils{- $osslver -} to define commands" ; -
WRITE SYS$OUTPUT "" )
@{- sourcefile("VMS", "msg_install.com") -} "$(SYSTARTUP)" "{- $osslver -}"
@ IF "$(DESTDIR)" .NES. "" THEN -
PIPE ( WRITE SYS$OUTPUT "Staging installation complete" ; -
WRITE SYS$OUTPUT "" ; -
WRITE SYS$OUTPUT "Finish or package in such a way that the contents of the directory tree" ; -
WRITE SYS$OUTPUT staging_instdir ; -
WRITE SYS$OUTPUT "ends up in $(INSTALLTOP)," ; -
WRITE SYS$OUTPUT "and that the contents of the contents of the directory tree" ; -
WRITE SYS$OUTPUT staging_datadir ; -
WRITE SYS$OUTPUT "ends up in $(OPENSSLDIR)" ; -
WRITE SYS$OUTPUT "" ; -
WRITE SYS$OUTPUT "When in its final destination," ; -
WRITE SYS$OUTPUT "Run @$(SYSTARTUP)openssl_startup{- $osslver -} to set up logical names" ; -
WRITE SYS$OUTPUT "then run @$(SYSTARTUP)openssl_utils{- $osslver -} to define commands" ; -
WRITE SYS$OUTPUT "" )
@{- sourcefile("VMS", "msg_staging.com") -} -
"''installroot']" "''dataroot']" "$(INSTALLTOP)" "$(OPENSSLDIR)" -
"$(SYSTARTUP)" "{- $osslver -}"
check_install :
spawn/nolog @ossl_installroot:[SYSTEST]openssl_ivp{- $osslver -}.com
@@ -331,13 +482,14 @@ uninstall : uninstall_docs uninstall_sw
# Because VMS wants the generation number (or *) to delete files, we can't
# use $(LIBS), $(PROGRAMS), $(GENERATED) and $(ENGINES)directly.
libclean :
{- join("\n\t", map { "- DELETE $_.OLB;*" } @{$unified_info{libraries}}) || "@ !" -}
{- join("\n\t", map { "- DELETE $_.EXE;*,$_.MAP;*,$_.OPT;*" } @shlibs) || "@ !" -}
{- join("\n\t", map { "- DELETE $_.OLB;*" } @libs) || "@ !" -}
{- join("\n\t", map { "- DELETE $_.EXE;*,$_.MAP;*" } @shlibs) || "@ !" -}
clean : libclean
{- join("\n\t", map { "- DELETE $_.EXE;*,$_.OPT;*" } @{$unified_info{programs}}) || "@ !" -}
{- join("\n\t", map { "- DELETE $_.EXE;*,$_.OPT;*" } @{$unified_info{engines}}) || "@ !" -}
{- join("\n\t", map { "- DELETE $_;*" } @{$unified_info{scripts}}) || "@ !" -}
{- join("\n\t", map { "- DELETE $_;*" } @{$unified_info{depends}->{""}}) || "@ !" -}
{- join("\n\t", map { "- DELETE $_;*" } @generated) || "@ !" -}
- DELETE [...]*.MAP;*
- DELETE [...]*.D;*
@@ -354,16 +506,7 @@ distclean : clean
depend : descrip.mms
descrip.mms : FORCE
@ ! {- output_off() if $disabled{makedepend}; "" -}
@ $(PERL) -pe "if (/^# DO NOT DELETE.*/) { exit(0); }" -
< descrip.mms > descrip.mms-new
@ OPEN/APPEND DESCRIP descrip.mms-new
@ WRITE DESCRIP "# DO NOT DELETE THIS LINE -- make depend depends on it."
{- join("\n\t", map { "\@ IF F\$SEARCH(\"$_\") .NES. \"\" THEN TYPE $_ /OUTPUT=DESCRIP:" } @deps); -}
@ CLOSE DESCRIP
@ PIPE ( $(PERL) -e "use File::Compare qw/compare_text/; my $x = compare_text(""descrip.mms"",""descrip.mms-new""); exit(0x10000000 + ($x == 0));" || -
RENAME descrip.mms-new descrip.mms )
@ IF F$SEARCH("descrip.mms-new") .NES. "" THEN DELETE descrip.mms-new;*
-@ SPAWN/OUTPUT=NLA0: PURGE/NOLOG descrip.mms
@ $(PERL) {- sourcefile("util", "add-depends.pl") -} "VMS C"
@ ! {- output_on() if $disabled{makedepend}; "" -}
# Install helper targets #############################################
@@ -393,6 +536,12 @@ install_ssldirs : check_INSTALLTOP
IF F$SEARCH("OSSL_DATAROOT:[000000]openssl.cnf") .EQS. "" THEN -
COPY/PROT=W:R {- sourcefile("apps", "openssl-vms.cnf") -} -
ossl_dataroot:[000000]openssl.cnf
@ ! Install CTLOG configuration file
COPY/PROT=W:R {- sourcefile("apps", "ct_log_list.cnf") -} -
ossl_dataroot:[000000]ct_log_list.cnf-dist
IF F$SEARCH("OSSL_DATAROOT:[000000]ct_log_list.cnf") .EQS. "" THEN -
COPY/PROT=W:R {- sourcefile("apps", "ct_log_list.cnf") -} -
ossl_dataroot:[000000]ct_log_list.cnf
install_dev : check_INSTALLTOP install_runtime_libs
@ WRITE SYS$OUTPUT "*** Installing development files"
@@ -403,14 +552,14 @@ install_dev : check_INSTALLTOP install_runtime_libs
- CREATE/DIR ossl_installroot:[LIB.'arch']
{- join("\n ",
map { "COPY/PROT=W:R $_.OLB ossl_installroot:[LIB.'arch']" }
@{$unified_info{install}->{libraries}}) -}
@install_libs) -}
install_engines : check_INSTALLTOP install_runtime_libs build_engines
@ {- output_off() unless scalar @{$unified_info{engines}}; "" -} !
@ WRITE SYS$OUTPUT "*** Installing engines"
- CREATE/DIR ossl_installroot:[ENGINES{- $sover.$target{pointer_size} -}.'arch']
- CREATE/DIR ossl_installroot:[ENGINES{- $sover_dirname.$target{pointer_size} -}.'arch']
{- join("\n ",
map { "COPY/PROT=W:RE $_.EXE ossl_installroot:[ENGINES$sover$target{pointer_size}.'arch']" }
map { "COPY/PROT=W:RE $_.EXE ossl_installroot:[ENGINES$sover_dirname$target{pointer_size}.'arch']" }
@{$unified_info{install}->{engines}}) -}
@ {- output_on() unless scalar @{$unified_info{engines}}; "" -} !
@@ -485,6 +634,7 @@ vmsconfig.pm : configdata.pm
WRITE CONFIG "our %config = ("
WRITE CONFIG " target => '","{- $config{target} -}","',"
WRITE CONFIG " version => '","{- $config{version} -}","',"
WRITE CONFIG " shlib_version_number => '","{- $config{shlib_version_number} -}","',"
WRITE CONFIG " shlib_major => '","{- $config{shlib_major} -}","',"
WRITE CONFIG " shlib_minor => '","{- $config{shlib_minor} -}","',"
WRITE CONFIG " no_shared => '","{- $disabled{shared} -}","',"
@@ -521,8 +671,7 @@ debug_logicals :
# Building targets ###################################################
configdata.pm : $(SRCDIR)Configure $(SRCDIR)config.com {- join(" ", @{$config{build_file_templates}}, @{$config{build_infos}}, @{$config{conf_files}}) -}
@ WRITE SYS$OUTPUT "Reconfiguring..."
perl $(SRCDIR)Configure reconf
perl configdata.pm -r
@ WRITE SYS$OUTPUT "*************************************************"
@ WRITE SYS$OUTPUT "*** ***"
@ WRITE SYS$OUTPUT "*** Please run the same mms command again ***"
@@ -530,41 +679,149 @@ configdata.pm : $(SRCDIR)Configure $(SRCDIR)config.com {- join(" ", @{$config{bu
@ WRITE SYS$OUTPUT "*************************************************"
@ PIPE ( EXIT %X10000000 )
reconfigure reconf :
perl configdata.pm -r
{-
use File::Basename;
use File::Spec::Functions qw/abs2rel rel2abs catfile catdir/;
# Helper function to figure out dependencies on libraries
# It takes a list of library names and outputs a list of dependencies
sub compute_lib_depends {
if ($disabled{shared}) {
return map { $_ =~ /\.a$/ ? $`.".OLB" : $_.".OLB" } @_;
}
return map { $_ =~ /\.a$/
? $`.".OLB"
: $unified_info{sharednames}->{$_}.".EXE" } @_;
}
# Helper function to deal with inclusion directory specs.
# We have to deal with two things:
# 1. comma separation and no possibility of trailing comma
# 2. no inclusion directories given at all
# 3. long compiler command lines
# To resolve 1, we need to iterate through the sources of inclusion
# directories, and only add a comma when needed.
# To resolve 2, we need to have a variable that will hold the whole
# inclusion qualifier, or be the empty string if there are no inclusion
# directories. That's the symbol 'qual_includes' that's used in CPPFLAGS
# To resolve 3, we creata a logical name TMP_INCLUDES: to hold the list
# of inclusion directories.
#
# This function returns a list of two lists, one being the collection of
# commands to execute before the compiler is called, and the other being
# the collection of commands to execute after. It takes as arguments the
# collection of strings to include as directory specs.
sub includes {
my @stuff = ( @_ );
my @before = (
'qual_includes :=',
);
my @after = (
'DELETE/SYMBOL/LOCAL qual_includes',
);
if (scalar @stuff > 0) {
push @before, 'tmp_includes := '.shift(@stuff);
while (@stuff) {
push @before, 'tmp_add := '.shift(@stuff);
push @before, 'IF tmp_includes .NES. "" .AND. tmp_add .NES. "" THEN tmp_includes = tmp_includes + ","';
push @before, 'tmp_includes = tmp_includes + tmp_add';
}
push @before, "IF tmp_includes .NES. \"\" THEN DEFINE tmp_includes 'tmp_includes'";
push @before, 'IF tmp_includes .NES. "" THEN qual_includes := /INCLUDE=(tmp_includes:)';
push @before, 'DELETE/SYMBOL/LOCAL tmp_includes';
push @before, 'DELETE/SYMBOL/LOCAL tmp_add';
push @after, 'DEASSIGN tmp_includes:'
}
return ([ @before ], [ @after ]);
}
sub generatesrc {
my %args = @_;
(my $target = $args{src}) =~ s/\.[sS]$/.asm/;
my $generator = join(" ", @{$args{generator}});
my $generator_incs = join("", map { ' "-I'.$_.'"' } @{$args{generator_incs}});
my $deps = join(", -\n\t\t", @{$args{generator_deps}}, @{$args{deps}});
if ($args{src} !~ /\.[sS]$/) {
if ($target !~ /\.asm$/) {
if ($args{generator}->[0] =~ m|^.*\.in$|) {
my $dofile = abs2rel(rel2abs(catfile($config{sourcedir},
"util", "dofile.pl")),
rel2abs($config{builddir}));
return <<"EOF";
$args{src} : $args{generator}->[0] $deps
$target : $args{generator}->[0] $deps
\$(PERL) "-I\$(BLDDIR)" "-Mconfigdata" $dofile \\
"-o$target{build_file}" $generator > \$@
"-o$target{build_file}" $generator > \$\@
EOF
} else {
return <<"EOF";
$args{src} : $args{generator}->[0] $deps
\$(PERL)$generator_incs $generator > \$@
$target : $args{generator}->[0] $deps
\$(PERL)$generator_incs $generator > \$\@
EOF
}
} else {
die "No method to generate assembler source present.\n";
if ($args{generator}->[0] =~ /\.pl$/) {
$generator = '$(PERL)'.$generator_incs.' '.$generator;
} elsif ($args{generator}->[0] =~ /\.S$/) {
$generator = undef;
} else {
die "Generator type for $src unknown: $generator\n";
}
my $cppflags = {
lib => '$(LIB_CFLAGS) $(LIB_CPPFLAGS)',
dso => '$(DSO_CFLAGS) $(DSO_CPPFLAGS)',
bin => '$(BIN_CFLAGS) $(BIN_CPPFLAGS)'
} -> {$args{intent}};
my @incs_cmds = includes({ lib => '$(LIB_INCLUDES)',
dso => '$(DSO_INCLUDES)',
bin => '$(BIN_INCLUDES)' } -> {$args{intent}},
'$(CNF_INCLUDES)',
'$(INCLUDES)',
@{$args{incs}});
my $incs_on = join("\n\t\@ ", @{$incs_cmds[0]}) || '!';
my $incs_off = join("\n\t\@ ", @{$incs_cmds[1]}) || '!';
if (defined($generator)) {
# If the target is named foo.S in build.info, we want to
# end up generating foo.s in two steps.
if ($args{src} =~ /\.S$/) {
return <<"EOF";
$target : $args{generator}->[0] $deps
$generator \$\@-S
\@ $incs_on
PIPE \$(CPP) $cppflags \$\@-S | -
\$(PERL) -ne "/^#(\\s*line)?\\s*[0-9]+\\s+""/ or print" > \$\@-i
\@ $incs_off
RENAME \$\@-i \$\@
DELETE \$\@-S;
EOF
}
# Otherwise....
return <<"EOF";
$target : $args{generator}->[0] $deps
$generator \$\@
EOF
}
return <<"EOF";
$target : $args{generator}->[0] $deps
\@ $incs_on
SHOW SYMBOL qual_includes
PIPE \$(CPP) $cppflags $args{generator}->[0] | -
\$(PERL) "-ne" "/^#(\\s*line)?\\s*[0-9]+\\s+""/ or print" > \$\@
\@ $incs_off
EOF
}
}
sub src2obj {
my %args = @_;
my $obj = $args{obj};
my $deps = join(", -\n\t\t", @{$args{srcs}}, @{$args{deps}});
my @srcs = map { (my $x = $_) =~ s/\.s$/.asm/; $x
} ( @{$args{srcs}} );
(my $obj = $args{obj}) =~ s|\.o$||;
my $deps = join(", -\n\t\t", @srcs, @{$args{deps}});
# Because VMS C isn't very good at combining a /INCLUDE path with
# #includes having a relative directory (like '#include "../foo.h"),
@@ -577,48 +834,77 @@ EOF
my $objd = abs2rel(rel2abs(dirname($obj)), rel2abs($forward));
my $objn = basename($obj);
my $srcs =
join(", ",
map { abs2rel(rel2abs($_), rel2abs($forward)) } @{$args{srcs}});
my $ecflags = { lib => '$(LIB_CFLAGS)',
dso => '$(DSO_CFLAGS)',
bin => '$(BIN_CFLAGS)' } -> {$args{intent}};
my $incs_on = "\@ !";
my $incs_off = "\@ !";
my $incs = "";
my @incs = ();
push @incs, @{$args{incs}} if @{$args{incs}};
unless ($disabled{zlib}) {
# GNV$ZLIB_INCLUDE is the standard logical name for later zlib
# incarnations.
push @incs, ($withargs{zlib_include} || 'GNV$ZLIB_INCLUDE:');
}
if (@incs) {
$incs_on =
"DEFINE tmp_includes "
.join(",-\n\t\t\t", map {
file_name_is_absolute($_)
? $_ : catdir($backward,$_)
} @incs);
$incs_off = "DEASSIGN tmp_includes";
$incs = " /INCLUDE=(tmp_includes:)";
}
join(", ", map { abs2rel(rel2abs($_), rel2abs($forward)) } @srcs);
my $before = $unified_info{before}->{$obj.".OBJ"} || "\@ !";
my $after = $unified_info{after}->{$obj.".OBJ"} || "\@ !";
my $cflags;
if ($args{installed}) {
$cflags = { lib => '$(LIB_CFLAGS)',
dso => '$(DSO_CFLAGS)',
bin => '$(BIN_CFLAGS)' } -> {$args{intent}};
} else {
$cflags = { lib => '$(NO_INST_LIB_CFLAGS)',
dso => '$(NO_INST_DSO_CFLAGS)',
bin => '$(NO_INST_BIN_CFLAGS)' } -> {$args{intent}};
}
$cflags .= { lib => '$(LIB_CPPFLAGS)',
dso => '$(DSO_CPPFLAGS)',
bin => '$(BIN_CPPFLAGS)' } -> {$args{intent}};
my $asflags = { lib => ' $(LIB_ASFLAGS)',
dso => ' $(DSO_ASFLAGS)',
bin => ' $(BIN_ASFLAGS)' } -> {$args{intent}};
my @incs_cmds = includes({ lib => '$(LIB_INCLUDES)',
dso => '$(DSO_INCLUDES)',
bin => '$(BIN_INCLUDES)' } -> {$args{intent}},
'$(INCLUDES)',
map {
file_name_is_absolute($_)
? $_ : catdir($backward,$_)
} @{$args{incs}});
my $incs_on = join("\n\t\@ ", @{$incs_cmds[0]}) || '!';
my $incs_off = join("\n\t\@ ", @{$incs_cmds[1]}) || '!';
if ($srcs[0] =~ /\.asm$/) {
return <<"EOF";
$obj.OBJ : $deps
${before}
SET DEFAULT $forward
\$(AS) $asflags \$(ASOUTFLAG)${objd}${objn}.OBJ $srcs
SET DEFAULT $backward
${after}
- PURGE $obj.OBJ
EOF
} elsif ($srcs[0] =~ /.S$/) {
return <<"EOF";
$obj.OBJ : $deps
${before}
SET DEFAULT $forward
\@ $incs_on
PIPE \$(CPP) ${cflags} $srcs | -
\$(PERL) -ne "/^#(\\s*line)?\\s*[0-9]+\\s+""/ or print" -
> ${objd}${objn}.asm
\@ $incs_off
SET DEFAULT $backward
${after}
\$(AS) $asflags \$(ASOUTFLAG)$obj.OBJ $obj.asm
- PURGE $obj.OBJ
EOF
}
my $depbuild = $disabled{makedepend} ? ""
: " /MMS=(FILE=${objd}${objn}.tmp-D,TARGET=$obj.OBJ)";
: " /MMS=(FILE=${objd}${objn}.D,TARGET=$obj.OBJ)";
return <<"EOF";
$obj.OBJ : $deps
${before}
SET DEFAULT $forward
$incs_on
\$(CC) \$(CFLAGS)${ecflags}${incs}${depbuild} /OBJECT=${objd}${objn}.OBJ /REPOSITORY=$backward $srcs
$incs_off
\@ $incs_on
\$(CC) ${cflags}${depbuild} /OBJECT=${objd}${objn}.OBJ /REPOSITORY=$backward $srcs
\@ $incs_off
SET DEFAULT $backward
${after}
\@ PIPE ( \$(PERL) -e "use File::Compare qw/compare_text/; my \$x = compare_text(""$obj.D"",""$obj.tmp-D""); exit(0x10000000 + (\$x == 0));" || -
RENAME $obj.tmp-D $obj.d )
\@ IF F\$SEARCH("$obj.tmp-D") .NES. "" THEN DELETE $obj.tmp-D;*
- PURGE $obj.OBJ
EOF
}
@@ -628,19 +914,14 @@ EOF
my $shlib = $args{shlib};
my $libd = dirname($lib);
my $libn = basename($lib);
(my $mkdef_key = $libn) =~ s/^${osslprefix_q}lib([^0-9]*)\d*/$1/i;
my @deps = map {
$disabled{shared} ? $_.".OLB"
: $unified_info{sharednames}->{$_}.".EXE"; } @{$args{deps}};
my $deps = join(", -\n\t\t", @deps);
my @objs = map { (my $x = $_) =~ s|\.o$|.OBJ|; $x }
grep { $_ =~ m|\.o$| }
@{$args{objs}};
my @defs = grep { $_ =~ /\.opt$/ } @{$args{objs}};
my @deps = compute_lib_depends(@{$args{deps}});
die "More than one symbol vector" if scalar @defs > 1;
my $deps = join(", -\n\t\t", @defs, @deps);
my $shlib_target = $disabled{shared} ? "" : $target{shared_target};
my $ordinalsfile = defined($args{ordinals}) ? $args{ordinals}->[1] : "";
my $engine_opt = abs2rel(rel2abs(catfile($config{sourcedir},
"VMS", "engine.opt")),
rel2abs($config{builddir}));
my $mkdef_pl = abs2rel(rel2abs(catfile($config{sourcedir},
"util", "mkdef.pl")),
rel2abs($config{builddir}));
my $translatesyms_pl = abs2rel(rel2abs(catfile($config{sourcedir},
"VMS", "translatesyms.pl")),
rel2abs($config{builddir}));
@@ -648,27 +929,32 @@ EOF
# previous line's file spec as default, so if no directory spec
# is present in the current line and the previous line has one that
# doesn't apply, you're in for a surprise.
my $write_opt =
my $write_opt1 =
join(",-\"\n\t", map { my $x = $_ =~ /\[/ ? $_ : "[]".$_;
"WRITE OPT_FILE \"$x" } @objs).
"\"";
my $write_opt2 =
join("\n\t", map { my $x = $_ =~ /\[/ ? $_ : "[]".$_;
$x =~ s|(\.EXE)|$1/SHARE|;
$x =~ s|(\.OLB)|$1/LIB|;
"WRITE OPT_FILE \"$x\"" } @deps)
|| "\@ !";
return <<"EOF";
$shlib.EXE : $lib.OLB $deps $ordinalsfile
\$(PERL) $mkdef_pl "$mkdef_key" "VMS" > $shlib.SYMVEC-tmp
\$(PERL) $translatesyms_pl \$(BLDDIR)CXX\$DEMANGLER_DB. < $shlib.SYMVEC-tmp > $shlib.SYMVEC
DELETE $shlib.SYMVEC-tmp;*
OPEN/WRITE/SHARE=READ OPT_FILE $shlib.OPT
WRITE OPT_FILE "IDENTIFICATION=""V$config{version}"""
TYPE $shlib.SYMVEC /OUTPUT=OPT_FILE:
WRITE OPT_FILE "$lib.OLB/LIBRARY"
$write_opt
return <<"EOF"
$shlib.EXE : $lib.OLB $deps
\$(PERL) $translatesyms_pl \$(BLDDIR)CXX\$DEMANGLER_DB. < $defs[0] > $defs[0]-translated
OPEN/WRITE/SHARE=READ OPT_FILE $lib-components.OPT
$write_opt1
$write_opt2
CLOSE OPT_FILE
LINK /MAP=$shlib.MAP /FULL/SHARE=$shlib.EXE $shlib.OPT/OPT \$(EX_LIBS)
DELETE $shlib.SYMVEC;*
PURGE $shlib.EXE,$shlib.OPT,$shlib.MAP
LINK \$(LIB_LDFLAGS)/SHARE=\$\@ $defs[0]-translated/OPT,-
$lib-components.OPT/OPT \$(LIB_EX_LIBS)
DELETE $defs[0]-translated;*,$lib-components.OPT;*
PURGE $shlib.EXE,$shlib.MAP
EOF
. ($config{target} =~ m|alpha| ? "" : <<"EOF"
SET IMAGE/FLAGS=(NOCALL_DEBUG) \$\@
EOF
);
}
sub obj2dso {
my %args = @_;
@@ -676,10 +962,8 @@ EOF
my $libd = dirname($lib);
my $libn = basename($lib);
(my $libn_nolib = $libn) =~ s/^lib//;
my @objs = map { "$_.OBJ" } @{$args{objs}};
my @deps = map {
$disabled{shared} ? $_.".OLB"
: $unified_info{sharednames}->{$_}.".EXE"; } @{$args{deps}};
my @objs = map { (my $x = $_) =~ s|\.o$|.OBJ|; $x } @{$args{objs}};
my @deps = compute_lib_depends(@{$args{deps}});
my $deps = join(", -\n\t\t", @objs, @deps);
my $shlib_target = $disabled{shared} ? "" : $target{shared_target};
my $engine_opt = abs2rel(rel2abs(catfile($config{sourcedir},
@@ -699,23 +983,28 @@ EOF
$x =~ s|(\.OLB)|$1/LIB|;
"WRITE OPT_FILE \"$x\"" } @deps)
|| "\@ !";
return <<"EOF";
return <<"EOF"
$lib.EXE : $deps
OPEN/WRITE/SHARE=READ OPT_FILE $lib.OPT
TYPE $engine_opt /OUTPUT=OPT_FILE:
$write_opt1
$write_opt2
CLOSE OPT_FILE
LINK /MAP=$lib.MAP /FULL/SHARE=$lib.EXE $lib.OPT/OPT \$(EX_LIBS)
LINK \$(DSO_LDFLAGS)/SHARE=\$\@ $lib.OPT/OPT \$(DSO_EX_LIBS)
- PURGE $lib.EXE,$lib.OPT,$lib.MAP
EOF
. ($config{target} =~ m|alpha| ? "" : <<"EOF"
SET IMAGE/FLAGS=(NOCALL_DEBUG) \$\@
EOF
);
}
sub obj2lib {
my %args = @_;
my $lib = $args{lib};
my $objs = join(", -\n\t\t", map { $_.".OBJ" } (@{$args{objs}}));
my $fill_lib = join("\n\t", (map { "LIBRARY/REPLACE $lib.OLB $_.OBJ" }
@{$args{objs}}));
(my $lib = $args{lib}) =~ s/\.a$//;
my @objs = map { (my $x = $_) =~ s|\.o$|.OBJ|; $x } @{$args{objs}};
my $objs = join(", -\n\t\t", @objs);
my $fill_lib = join("\n\t", (map { "LIBRARY/REPLACE $lib.OLB $_" }
@objs));
return <<"EOF";
$lib.OLB : $objs
LIBRARY/CREATE/OBJECT $lib.OLB
@@ -728,34 +1017,91 @@ EOF
my $bin = $args{bin};
my $bind = dirname($bin);
my $binn = basename($bin);
my @objs = map { "$_.OBJ" } @{$args{objs}};
my @deps = map {
$disabled{shared} ? $_.".OLB"
: $unified_info{sharednames}->{$_}.".EXE"; } @{$args{deps}};
my @objs = map { (my $x = $_) =~ s|\.o$|.OBJ|; $x } @{$args{objs}};
my $objs = join(",", @objs);
my @deps = compute_lib_depends(@{$args{deps}});
my $deps = join(", -\n\t\t", @objs, @deps);
my $olb_count = scalar grep(m|\.OLB$|, @deps);
my $analyse_objs = "@ !";
if ($olb_count > 0) {
my $analyse_quals =
$config{target} =~ m|alpha| ? "/GSD" : "/SECTIONS=SYMTAB";
$analyse_objs = "- pipe ANALYSE/OBJECT$analyse_quals $objs | SEARCH SYS\$INPUT \"\"\"main\"\"\" ; nomain = \$severity .NE. 1"
}
# The "[]" hack is because in .OPT files, each line inherits the
# previous line's file spec as default, so if no directory spec
# is present in the current line and the previous line has one that
# doesn't apply, you're in for a surprise.
my $write_opt1 =
join(",-\"\n\t", map { my $x = $_ =~ /\[/ ? $_ : "[]".$_;
"WRITE OPT_FILE \"$x" } @objs).
"\@ WRITE OPT_FILE \"$x" } @objs).
"\"";
my $write_opt2 =
join("\n\t", map { my $x = $_ =~ /\[/ ? $_ : "[]".$_;
$x =~ s|(\.EXE)|$1/SHARE|;
$x =~ s|(\.OLB)|$1/LIB|;
"WRITE OPT_FILE \"$x\"" } @deps)
join("\n\t", map { my @lines = ();
my $x = $_ =~ /\[/ ? $_ : "[]".$_;
if ($x =~ m|\.EXE$|) {
push @lines, "\@ WRITE OPT_FILE \"$x/SHARE\"";
} elsif ($x =~ m|\.OLB$|) {
(my $l = $x) =~ s/\W/_/g;
push @lines,
"\@ IF nomain THEN WRITE OPT_FILE \"$x/LIB\$(INCLUDE_MAIN_$l)\"",
"\@ IF .NOT. nomain THEN WRITE OPT_FILE \"$x/LIB\""
}
@lines
} @deps)
|| "\@ !";
return <<"EOF";
# The linking commands looks a bit complex, but it's for good reason.
# When you link, say, foo.obj, bar.obj and libsomething.exe/share, and
# bar.obj happens to have a symbol that also exists in libsomething.exe,
# the linker will warn about it, loudly, and will then choose to pick
# the first copy encountered (the one in bar.obj in this example).
# On Unix and on Windows, the corresponding maneuvre goes through
# silently with the same effect.
# With some test programs, made for checking the internals of OpenSSL,
# we do this kind of linking deliberately, picking a few specific object
# files from within [.crypto] or [.ssl] so we can reach symbols that are
# otherwise unreachable (since the shareable images only exports the
# symbols listed in [.util]*.num), and then with the shared libraries
# themselves. So we need to silence the warning about multiply defined
# symbols, to mimic the way linking work on Unix and Windows, and so
# the build isn't interrupted (MMS stops when warnings are signaled,
# by default), and so someone building doesn't have to worry where it
# isn't necessary. If there are other warnings, however, we show them
# and let it break the build.
return <<"EOF"
$bin.EXE : $deps
OPEN/WRITE/SHARE=READ OPT_FILE $bin.OPT
$analyse_objs
@ OPEN/WRITE/SHARE=READ OPT_FILE $bin.OPT
$write_opt1
$write_opt2
CLOSE OPT_FILE
LINK/EXEC=$bin.EXE \$(LDFLAGS) $bin.OPT/OPT \$(EX_LIBS)
@ CLOSE OPT_FILE
TYPE $bin.opt ! For debugging
- pipe SPAWN/WAIT/NOLOG/OUT=$bin.LINKLOG -
LINK \$(BIN_LDFLAGS)/EXEC=\$\@ $bin.OPT/OPT \$(BIN_EX_LIBS) ; -
link_status = \$status ; link_severity = link_status .AND. 7
@ search_severity = 1
-@ IF link_severity .EQ. 0 THEN -
pipe SEARCH $bin.LINKLOG "%","-"/MATCH=AND | -
SPAWN/WAIT/NOLOG/OUT=NLA0: -
SEARCH SYS\$INPUT: "-W-MULDEF,"/MATCH=NOR ; -
search_severity = \$severity
@ ! search_severity is 3 when the last search didn't find any matching
@ ! string: %SEARCH-I-NOMATCHES, no strings matched
@ ! If that was the result, we pretend linking got through without
@ ! fault or warning.
@ IF search_severity .EQ. 3 THEN link_severity = 1
@ ! At this point, if link_severity shows that there was a fault
@ ! or warning, make sure to restore the linking status.
-@ IF .NOT. link_severity THEN TYPE $bin.LINKLOG
-@ DELETE $bin.LINKLOG;*
@ IF .NOT. link_severity THEN SPAWN/WAIT/NOLOG EXIT 'link_status'
- PURGE $bin.EXE,$bin.OPT
EOF
. ($config{target} =~ m|alpha| ? "" : <<"EOF"
SET IMAGE/FLAGS=(NOCALL_DEBUG) \$\@
EOF
);
}
sub in2script {
my %args = @_;

12
Configurations/dist.conf
View File

@@ -1,12 +0,0 @@
## -*- mode: perl; -*-
## Build configuration targets for openssl-team members
# This is to support 'make dist'
%targets = (
"dist" => {
inherit_from => [ 'BASE_unix' ],
cc => "cc",
cflags => "-O",
thread_scheme => "(unknown)",
},
);

82
Configurations/shared-info.pl Normal file
View File

@@ -0,0 +1,82 @@
#! /usr/bin/env perl
# -*- mode: perl; -*-
# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
# This is a collection of extra attributes to be used as input for creating
# shared libraries, currently on any Unix variant, including Unix like
# environments on Windows.
sub detect_gnu_ld {
my @lines =
`$config{CROSS_COMPILE}$config{CC} -Wl,-V /dev/null 2>&1`;
return grep /^GNU ld/, @lines;
}
sub detect_gnu_cc {
my @lines =
`$config{CROSS_COMPILE}$config{CC} -v 2>&1`;
return grep /gcc/, @lines;
}
my %shared_info;
%shared_info = (
'gnu-shared' => {
shared_ldflag => '-shared -Wl,-Bsymbolic',
shared_sonameflag => '-Wl,-soname=',
},
'linux-shared' => sub {
return {
%{$shared_info{'gnu-shared'}},
shared_defflag => '-Wl,--version-script=',
};
},
'bsd-gcc-shared' => sub { return $shared_info{'linux-shared'}; },
'bsd-shared' => sub {
return $shared_info{'gnu-shared'} if detect_gnu_ld();
return {
shared_ldflag => '-shared -nostdlib',
};
},
'darwin-shared' => {
module_ldflags => '-bundle',
shared_ldflag => '-dynamiclib -current_version $(SHLIB_VERSION_NUMBER) -compatibility_version $(SHLIB_VERSION_NUMBER)',
shared_sonameflag => '-install_name $(INSTALLTOP)/$(LIBDIR)/',
},
'cygwin-shared' => {
shared_ldflag => '-shared -Wl,--enable-auto-image-base',
shared_impflag => '-Wl,--out-implib=',
},
'mingw-shared' => sub {
return {
%{$shared_info{'cygwin-shared'}},
# def_flag made to empty string so it still generates
# something
shared_defflag => '',
};
},
'alpha-osf1-shared' => sub {
return $shared_info{'gnu-shared'} if detect_gnu_ld();
return {
module_ldflags => '-shared -Wl,-Bsymbolic',
shared_ldflag => '-shared -Wl,-Bsymbolic -set_version $(SHLIB_VERSION_NUMBER)',
};
},
'svr3-shared' => sub {
return $shared_info{'gnu-shared'} if detect_gnu_ld();
return {
shared_ldflag => '-G',
shared_sonameflag => '-h ',
};
},
'svr5-shared' => sub {
return $shared_info{'gnu-shared'} if detect_gnu_ld();
return {
shared_ldflag => detect_gnu_cc() ? '-shared' : '-G',
shared_sonameflag => '-h ',
};
},
);

1053
Configurations/unix-Makefile.tmpl
View File

File diff suppressed because it is too large Load Diff

463
Configurations/windows-makefile.tmpl
View File

@@ -4,6 +4,7 @@
## {- join("\n## ", @autowarntext) -}
{-
our $objext = $target{obj_extension} || ".obj";
our $resext = $target{res_extension} || ".res";
our $depext = $target{dep_extension} || ".d";
our $exeext = $target{exe_extension} || ".exe";
our $libext = $target{lib_extension} || ".lib";
@@ -11,34 +12,42 @@
our $shlibextimport = $target{shared_import_extension} || ".lib";
our $dsoext = $target{dso_extension} || ".dll";
our $sover = $config{shlib_major}."_".$config{shlib_minor};
(our $sover_dirname = $config{shlib_version_number}) =~ s|\.|_|g;
my $build_scheme = $target{build_scheme};
my $install_flavour = $build_scheme->[$#$build_scheme]; # last element
my $win_installenv =
$target{build_scheme}->[2] eq "VC-W32" ?
"ProgramFiles(x86)" : "ProgramW6432";
$install_flavour eq "VC-WOW" ? "ProgramFiles(x86)"
: "ProgramW6432";
my $win_commonenv =
$target{build_scheme}->[2] eq "VC-W32"
? "CommonProgramFiles(x86)" : "CommonProgramW6432";
$install_flavour eq "VC-WOW" ? "CommonProgramFiles(x86)"
: "CommonProgramW6432";
our $win_installroot =
defined($ENV{$win_installenv})
? $win_installenv : 'ProgramFiles';
defined($ENV{$win_installenv}) ? $win_installenv : 'ProgramFiles';
our $win_commonroot =
defined($ENV{$win_commonenv})
? $win_commonenv : 'CommonProgramFiles';
defined($ENV{$win_commonenv}) ? $win_commonenv : 'CommonProgramFiles';
# expand variables early
$win_installroot = $ENV{$win_installroot};
$win_commonroot = $ENV{$win_commonroot};
sub shlib {
return () if $disabled{shared};
my $lib = shift;
return () if $disabled{shared} || $lib =~ /\.a$/;
return () unless defined $unified_info{sharednames}->{$lib};
return $unified_info{sharednames}->{$lib} . $shlibext;
}
sub lib {
(my $lib = shift) =~ s/\.a$//;
$lib .= '_static'
if (defined $unified_info{sharednames}->{$lib});
return $lib . $libext;
}
sub shlib_import {
return () if $disabled{shared};
my $lib = shift;
return () if $disabled{shared} || $lib =~ /\.a$/;
return $lib . $shlibextimport;
}
@@ -52,7 +61,7 @@
sub dependmagic {
my $target = shift;
return "$target: build_generated\n\t\$(MAKE) depend && \$(MAKE) _$target\n_$target";
return "$target: build_generated\n\t\$(MAKE) /\$(MAKEFLAGS) depend && \$(MAKE) /\$(MAKEFLAGS) _$target\n_$target";
}
'';
-}
@@ -67,7 +76,7 @@ MINOR={- $config{minor} -}
SHLIB_VERSION_NUMBER={- $config{shlib_version_number} -}
LIBS={- join(" ", map { $_.$libext } @{$unified_info{libraries}}) -}
LIBS={- join(" ", map { ( shlib_import($_), lib($_) ) } @{$unified_info{libraries}}) -}
SHLIBS={- join(" ", map { shlib($_) } @{$unified_info{libraries}}) -}
SHLIBPDBS={- join(" ", map { local $shlibext = ".pdb"; shlib($_) } @{$unified_info{libraries}}) -}
ENGINES={- join(" ", map { dso($_) } @{$unified_info{engines}}) -}
@@ -81,14 +90,11 @@ DEPS={- join(" ", map { (my $x = $_) =~ s|\.o$|$depext|; $x; }
keys %{$unified_info{sources}}); -}
{- output_on() if $disabled{makedepend}; "" -}
GENERATED_MANDATORY={- join(" ", @{$unified_info{depends}->{""}} ) -}
GENERATED={- join(" ",
( map { (my $x = $_) =~ s|\.[sS]$|\.asm|; $x }
grep { defined $unified_info{generate}->{$_} }
map { @{$unified_info{sources}->{$_}} }
grep { /\.o$/ } keys %{$unified_info{sources}} ),
( grep { /\.h$/ } keys %{$unified_info{generate}} )) -}
GENERATED={- # common0.tmpl provides @generated
join(" ", map { (my $x = $_) =~ s|\.[sS]$|.asm|; $x }
@generated) -}
INSTALL_LIBS={- join(" ", map { quotify1($_.$libext) } @{$unified_info{install}->{libraries}}) -}
INSTALL_LIBS={- join(" ", map { quotify1(shlib_import($_) or lib($_)) } @{$unified_info{install}->{libraries}}) -}
INSTALL_SHLIBS={- join(" ", map { quotify_l(shlib($_)) } @{$unified_info{install}->{libraries}}) -}
INSTALL_SHLIBPDBS={- join(" ", map { local $shlibext = ".pdb"; quotify_l(shlib($_)) } @{$unified_info{install}->{libraries}}) -}
INSTALL_ENGINES={- join(" ", map { quotify1(dso($_)) } @{$unified_info{install}->{engines}}) -}
@@ -116,7 +122,7 @@ INSTALLTOP_dev={- # $prefix is used in the OPENSSLDIR perl snippet
INSTALLTOP_dir={- canonpath($prefix_dir) -}
OPENSSLDIR_dev={- #
# The logic here is that if no --openssldir was given,
# OPENSSLDIR will get the value from $prefix plus "/ssl".
# OPENSSLDIR will get the value "$win_commonroot\\SSL".
# If --openssldir was given and the value is an absolute
# path, OPENSSLDIR will get its value without change.
# If the value from --openssldir is a relative path,
@@ -135,9 +141,9 @@ OPENSSLDIR_dev={- #
$openssldir_dev -}
OPENSSLDIR_dir={- canonpath($openssldir_dir) -}
LIBDIR={- our $libdir = $config{libdir} || "lib";
$libdir -}
file_name_is_absolute($libdir) ? "" : $libdir -}
ENGINESDIR_dev={- use File::Spec::Functions qw(:DEFAULT splitpath);
our $enginesdir = catdir($prefix,$libdir,"engines-$sover");
our $enginesdir = catdir($prefix,$libdir,"engines-$sover_dirname");
our ($enginesdir_dev, $enginesdir_dir, $enginesdir_file) =
splitpath($enginesdir, 1);
$enginesdir_dev -}
@@ -152,39 +158,150 @@ OPENSSLDIR=$(OPENSSLDIR_dev)$(OPENSSLDIR_dir)
ENGINESDIR=$(ENGINESDIR_dev)$(ENGINESDIR_dir)
!ENDIF
CC={- $target{cc} -}
CFLAGS={- join(" ",(map { "-D".$_} @{$target{defines}}, @{$config{defines}})) -} {- join(" ", quotify_l("-DENGINESDIR=\"$enginesdir\"", "-DOPENSSLDIR=\"$openssldir\"")) -} {- $target{cflags} -} {- $config{cflags} -}
COUTFLAG={- $target{coutflag} || "/Fo" -}$(OSSL_EMPTY)
RC={- $target{rc} || "rc" -}
RCOUTFLAG={- $target{rcoutflag} || "/fo" -}$(OSSL_EMPTY)
LD={- $target{ld} || "link" -}
LDFLAGS={- $target{lflags} -}
LDOUTFLAG={- $target{loutflag} || "/out:" -}$(OSSL_EMPTY)
EX_LIBS={- $target{ex_libs} -}
LIB_CFLAGS={- join(" ", $target{lib_cflags}, $target{shared_cflag}) || "" -}
LIB_LDFLAGS={- $target{shared_ldflag} || "" -}
DSO_CFLAGS={- join(" ", $target{dso_cflags}, $target{shared_cflag}) || "" -}
DSO_LDFLAGS={- join(" ", $target{dso_lflags}, $target{shared_ldflag}) || "" -}
BIN_CFLAGS={- $target{bin_cflags} -}
BIN_LDFLAGS={- $target{bin_lflags} -}
# $(libdir) is chosen to be compatible with the GNU coding standards
libdir={- file_name_is_absolute($libdir)
? $libdir : '$(INSTALLTOP)\$(LIBDIR)' -}
PERL={- $config{perl} -}
##### User defined commands and flags ################################
AR={- $target{ar} -}
ARFLAGS= {- $target{arflags} -}
AROUTFLAG={- $target{aroutflag} || "/out:" -}$(OSSL_EMPTY)
CC={- $config{CC} -}
CPP={- $config{CPP} -}
CPPFLAGS={- our $cppflags1 = join(" ",
(map { "-D".$_} @{$config{CPPDEFINES}}),
(map { " /I ".$_} @{$config{CPPINCLUDES}}),
@{$config{CPPFLAGS}}) -}
CFLAGS={- join(' ', @{$config{CFLAGS}}) -}
LD={- $config{LD} -}
LDFLAGS={- join(' ', @{$config{LDFLAGS}}) -}
EX_LIBS={- join(' ', @{$config{LDLIBS}}) -}
MT={- $target{mt} -}
MTFLAGS= {- $target{mtflags} -}
MTINFLAG={- $target{mtinflag} || "-manifest " -}$(OSSL_EMPTY)
MTOUTFLAG={- $target{mtoutflag} || "-outputresource:" -}$(OSSL_EMPTY)
PERL={- $config{PERL} -}
AS={- $target{as} -}
ASFLAGS={- $target{asflags} -}
ASOUTFLAG={- $target{asoutflag} -}$(OSSL_EMPTY)
AR={- $config{AR} -}
ARFLAGS= {- join(' ', @{$config{ARFLAGS}}) -}
MT={- $config{MT} -}
MTFLAGS= {- join(' ', @{$config{MTFLAGS}}) -}
AS={- $config{AS} -}
ASFLAGS={- join(' ', @{$config{ASFLAGS}}) -}
RC={- $config{RC} -}
RCFLAGS={- join(' ', @{$config{RCFLAGS}}) -}
ECHO="$(PERL)" "$(SRCDIR)\util\echo.pl"
##### Special command flags ##########################################
COUTFLAG={- $target{coutflag} -}$(OSSL_EMPTY)
LDOUTFLAG={- $target{ldoutflag} -}$(OSSL_EMPTY)
AROUTFLAG={- $target{aroutflag} -}$(OSSL_EMPTY)
MTINFLAG={- $target{mtinflag} -}$(OSSL_EMPTY)
MTOUTFLAG={- $target{mtoutflag} -}$(OSSL_EMPTY)
ASOUTFLAG={- $target{asoutflag} -}$(OSSL_EMPTY)
RCOUTFLAG={- $target{rcoutflag} -}$(OSSL_EMPTY)
##### Project flags ##################################################
# Variables starting with CNF_ are common variables for all product types
CNF_ASFLAGS={- join(' ', $target{asflags} || (),
@{$config{asflags}}) -}
CNF_CPPFLAGS={- our $cppfags2 =
join(' ', $target{cppflags} || (),
(map { '-D'.quotify1($_) } @{$target{defines}},
@{$config{defines}}),
(map { '-I'.'"'.$_.'"' } @{$target{includes}},
@{$config{includes}}),
@{$config{cppflags}}) -}
CNF_CFLAGS={- join(' ', $target{cflags} || (),
@{$config{cflags}}) -}
CNF_CXXFLAGS={- join(' ', $target{cxxflags} || (),
@{$config{cxxflags}}) -}
CNF_LDFLAGS={- join(' ', $target{lflags} || (),
@{$config{lflags}}) -}
CNF_EX_LIBS={- join(' ', $target{ex_libs} || (),
@{$config{ex_libs}}) -}
# Variables starting with LIB_ are used to build library object files
# and shared libraries.
# Variables starting with DSO_ are used to build DSOs and their object files.
# Variables starting with BIN_ are used to build programs and their object
# files.
LIB_ASFLAGS={- join(' ', $target{lib_asflags} || (),
@{$config{lib_asflags}},
'$(CNF_ASFLAGS)', '$(ASFLAGS)') -}
LIB_CPPFLAGS={- our $lib_cppflags =
join(' ', $target{lib_cppflags} || (),
$target{shared_cppflag} || (),
(map { '-D'.quotify1($_) }
@{$target{lib_defines}},
@{$target{shared_defines}},
@{$config{lib_defines}},
@{$config{shared_defines}}),
(map { '-I'.quotify1($_) }
@{$target{lib_includes}},
@{$target{shared_includes}},
@{$config{lib_includes}},
@{$config{shared_includes}}),
@{$config{lib_cppflags}},
@{$config{shared_cppflag}});
join(' ', $lib_cppflags,
(map { '-D'.quotify1($_) }
"OPENSSLDIR=\"$openssldir\"",
"ENGINESDIR=\"$enginesdir\""),
'$(CNF_CPPFLAGS)', '$(CPPFLAGS)') -}
LIB_CFLAGS={- join(' ', $target{lib_cflags} || (),
$target{shared_cflag} || (),
@{$config{lib_cflags}},
@{$config{shared_cflag}},
'$(CNF_CFLAGS)', '$(CFLAGS)') -}
LIB_LDFLAGS={- join(' ', $target{shared_ldflag} || (),
$config{shared_ldflag} || (),
'$(CNF_LDFLAGS)', '$(LDFLAGS)') -}
LIB_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS)
DSO_ASFLAGS={- join(' ', $target{dso_asflags} || (),
$target{module_asflags} || (),
@{$config{dso_asflags}},
@{$config{module_asflags}},
'$(CNF_ASFLAGS)', '$(ASFLAGS)') -}
DSO_CPPFLAGS={- join(' ', $target{dso_cppflags} || (),
$target{module_cppflags} || (),
@{$config{dso_cppflags}},
@{$config{module_cppflags}},
'$(CNF_CPPFLAGS)', '$(CPPFLAGS)') -}
DSO_CFLAGS={- join(' ', $target{dso_cflags} || (),
$target{module_cflags} || (),
@{$config{dso_cflags}},
@{$config{module_cflags}},
'$(CNF_CFLAGS)', '$(CFLAGS)') -}
DSO_LDFLAGS={- join(' ', $target{dso_lflags} || (),
$target{module_ldflags} || (),
@{$config{dso_lflags}},
@{$config{module_ldflags}},
'$(CNF_LDFLAGS)', '$(LDFLAGS)') -}
DSO_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS)
BIN_ASFLAGS={- join(' ', $target{bin_asflags} || (),
@{$config{bin_asflags}},
'$(CNF_ASFLAGS)', '$(ASFLAGS)') -}
BIN_CPPFLAGS={- join(' ', $target{bin_cppflags} || (),
@{$config{bin_cppflags}},
'$(CNF_CPPFLAGS)', '$(CPPFLAGS)') -}
BIN_CFLAGS={- join(' ', $target{bin_cflags} || (),
@{$config{bin_cflags}},
'$(CNF_CFLAGS)', '$(CFLAGS)') -}
BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (),
@{$config{bin_lflags}},
'$(CNF_LDFLAGS)', '$(LDFLAGS)') -}
BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS)
# CPPFLAGS_Q is used for one thing only: to build up buildinf.h
CPPFLAGS_Q={- $cppflags1 =~ s|([\\"])|\\$1|g;
$cppflags2 =~ s|([\\"])|\\$1|g;
join(' ', $lib_cppflags || (), $cppflags2 || (),
$cppflags1 || ()) -}
PERLASM_SCHEME= {- $target{perlasm_scheme} -}
PROCESSOR= {- $config{processor} -}
@@ -207,10 +324,15 @@ build_apps build_tests: build_programs
# Convenience target to prebuild all generated files, not just the mandatory
# ones
build_all_generated: $(GENERATED_MANDATORY) $(GENERATED)
@{- output_off() if $disabled{makedepend}; "\@rem" -}
@$(ECHO) "Warning: consider configuring with no-makedepend, because if"
@$(ECHO) " target system doesn't have $(PERL),"
@$(ECHO) " then make will fail..."
@{- output_on() if $disabled{makedepend}; "\@rem" -}
test: tests
{- dependmagic('tests'); -}: build_programs_nodep build_engines_nodep
@{- output_off() if $disabled{tests}; "" -}
@{- output_off() if $disabled{tests}; "\@rem" -}
-mkdir $(BLDDIR)\test\test-runs
set SRCTOP=$(SRCDIR)
set BLDTOP=$(BLDDIR)
@@ -219,51 +341,46 @@ test: tests
set OPENSSL_ENGINES=$(MAKEDIR)\engines
set OPENSSL_DEBUG_MEMORY=on
"$(PERL)" "$(SRCDIR)\test\run_tests.pl" $(TESTS)
@{- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
@{- if ($disabled{tests}) { output_on(); } else { output_off(); } "\@rem" -}
@$(ECHO) "Tests are not supported with your chosen Configure options"
@{- output_on() if !$disabled{tests}; "" -}
@{- output_on() if !$disabled{tests}; "\@rem" -}
list-tests:
@{- output_off() if $disabled{tests}; "" -}
@{- output_off() if $disabled{tests}; "\@rem" -}
@set SRCTOP=$(SRCDIR)
@"$(PERL)" "$(SRCDIR)\test\run_tests.pl" list
@{- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
@{- if ($disabled{tests}) { output_on(); } else { output_off(); } "\@rem" -}
@$(ECHO) "Tests are not supported with your chosen Configure options"
@{- output_on() if !$disabled{tests}; "" -}
@{- output_on() if !$disabled{tests}; "\@rem" -}
install: install_sw install_ssldirs install_docs
uninstall: uninstall_docs uninstall_sw
libclean:
"$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """$$1.*"""; } @ARGV" $(SHLIBS)
"$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """apps/$$1.*"""; } @ARGV" $(SHLIBS)
"$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """test/$$1.*"""; } @ARGV" $(SHLIBS)
"$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """fuzz/$$1.*"""; } @ARGV" $(SHLIBS)
-del /Q /F $(LIBS)
-del /Q ossl_static.pdb
"$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """{.,apps,test,fuzz}/$$1.*"""; } @ARGV" $(SHLIBS)
-del /Q /F $(LIBS) libcrypto.* libssl.* ossl_static.pdb
clean: libclean
{- join("\n\t", map { "-del /Q /F $_" } @PROGRAMS) -}
{- join("\n\t", map { "-del /Q /F $_" } @PROGRAMS) || "\@rem" -}
-del /Q /F $(ENGINES)
-del /Q /F $(SCRIPTS)
-del /Q /F $(GENERATED_MANDATORY)
-del /Q /F $(GENERATED)
-del /Q /S /F *.d
-del /Q /S /F *.obj
-del /Q /S /F *.pdb
-del /Q /S /F *.exp
-del /Q /S /F engines\*.ilk
-del /Q /S /F engines\*.lib
-del /Q /S /F apps\*.lib
-del /Q /S /F engines\*.manifest
-del /Q /S /F apps\*.manifest
-del /Q /S /F test\*.manifest
-del /Q /S /F *.d *.obj *.pdb *.ilk *.manifest
-del /Q /S /F engines\*.lib engines\*.exp
-del /Q /S /F apps\*.lib apps\*.rc apps\*.res apps\*.exp
-del /Q /S /F test\*.exp
-rmdir /Q /S test\test-runs
distclean: clean
-del /Q /F configdata.pm
-del /Q /F makefile
depend:
@ {- output_off() if $disabled{makedepend}; "\@rem" -}
@ "$(PERL)" "$(SRCDIR)\util\add-depends.pl" "VC"
@ {- output_on() if $disabled{makedepend}; "\@rem" -}
# Install helper targets #############################################
@@ -286,26 +403,29 @@ install_ssldirs:
"$(OPENSSLDIR)\openssl.cnf"
@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(MISC_SCRIPTS) \
"$(OPENSSLDIR)\misc"
@"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\apps\ct_log_list.cnf" \
"$(OPENSSLDIR)\ct_log_list.cnf.dist"
@IF NOT EXIST "$(OPENSSLDIR)\ct_log_list.cnf" \
"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\apps\ct_log_list.cnf" \
"$(OPENSSLDIR)\ct_log_list.cnf"
install_dev: install_runtime_libs
@if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 )
@$(ECHO) "*** Installing development files"
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\include\openssl"
@{- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -}
@{- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "\@rem" -}
@"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\ms\applink.c" \
"$(INSTALLTOP)\include\openssl"
@{- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -}
@{- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "\@rem" -}
@"$(PERL)" "$(SRCDIR)\util\copy.pl" "-exclude_re=/__DECC_" \
"$(SRCDIR)\include\openssl\*.h" \
"$(INSTALLTOP)\include\openssl"
@"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(BLDDIR)\include\openssl\*.h" \
"$(INSTALLTOP)\include\openssl"
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\$(LIBDIR)"
@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_LIBS) \
"$(INSTALLTOP)\$(LIBDIR)"
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(libdir)"
@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_LIBS) "$(libdir)"
@if "$(SHLIBS)"=="" \
"$(PERL)" "$(SRCDIR)\util\copy.pl" ossl_static.pdb \
"$(INSTALLTOP)\$(LIBDIR)"
"$(PERL)" "$(SRCDIR)\util\copy.pl" ossl_static.pdb "$(libdir)"
uninstall_dev:
@@ -355,8 +475,7 @@ uninstall_html_docs:
configdata.pm: "$(SRCDIR)\Configure" {- join(" ", map { '"'.$_.'"' } @{$config{build_file_templates}}, @{$config{build_infos}}, @{$config{conf_files}}) -}
@$(ECHO) "Detected changed: $?"
@$(ECHO) "Reconfiguring..."
"$(PERL)" "$(SRCDIR)\Configure" reconf
"$(PERL)" configdata.pm -r
@$(ECHO) "**************************************************"
@$(ECHO) "*** ***"
@$(ECHO) "*** Please run the same make command again ***"
@@ -364,6 +483,9 @@ configdata.pm: "$(SRCDIR)\Configure" {- join(" ", map { '"'.$_.'"' } @{$config{b
@$(ECHO) "**************************************************"
@exit 1
reconfigure reconf:
"$(PERL)" configdata.pm -r
{-
use File::Basename;
use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs/;
@@ -372,9 +494,9 @@ configdata.pm: "$(SRCDIR)\Configure" {- join(" ", map { '"'.$_.'"' } @{$config{b
# It takes a list of library names and outputs a list of dependencies
sub compute_lib_depends {
if ($disabled{shared}) {
return map { $_.$libext } @_;
return map { lib($_) } @_;
}
return map { shlib_import($_) } @_;
return map { shlib_import($_) or lib($_) } @_;
}
sub generatesrc {
@@ -412,6 +534,12 @@ EOF
die "Generator type for $src unknown: $generator\n";
}
my $cppflags = $incs;
$cppflags .= {
lib => ' $(LIB_CFLAGS) $(LIB_CPPFLAGS)',
dso => ' $(DSO_CFLAGS) $(DSO_CPPFLAGS)',
bin => ' $(BIN_CFLAGS) $(BIN_CPPFLAGS)'
} -> {$args{intent}};
if (defined($generator)) {
# If the target is named foo.S in build.info, we want to
# end up generating foo.s in two steps.
@@ -420,7 +548,7 @@ EOF
$target: "$args{generator}->[0]" $deps
set ASM=\$(AS)
$generator \$@.S
\$(CC) $incs \$(CFLAGS) /EP /C \$@.S > \$@.i && move /Y \$@.i \$@
\$(CPP) $cppflags \$@.S > \$@.i && move /Y \$@.i \$@
del /Q \$@.S
EOF
}
@@ -433,104 +561,107 @@ EOF
}
return <<"EOF";
$target: "$args{generator}->[0]" $deps
\$(CC) $incs \$(CFLAGS) /EP /C "$args{generator}->[0]" > \$@.i && move /Y \$@.i \$@
\$(CPP) $incs $cppflags "$args{generator}->[0]" > \$@.i && move /Y \$@.i \$@
EOF
}
}
sub src2obj {
my %args = @_;
my $obj = $args{obj};
my @srcs = map { (my $x = $_) =~ s/\.s$/.asm/; $x
} ( @{$args{srcs}} );
my $srcs = '"'.join('" "', @srcs).'"';
my $deps = '"'.join('" "', @srcs, @{$args{deps}}).'"';
my $incs = join("", map { ' /I "'.$_.'"' } @{$args{incs}});
unless ($disabled{zlib}) {
if ($withargs{zlib_include}) {
$incs .= ' /I "'.$withargs{zlib_include}.'"';
}
}
my $ecflags = { lib => '$(LIB_CFLAGS)',
dso => '$(DSO_CFLAGS)',
bin => '$(BIN_CFLAGS)' } -> {$args{intent}};
my $cflags = { lib => ' $(LIB_CFLAGS)',
dso => ' $(DSO_CFLAGS)',
bin => ' $(BIN_CFLAGS)' } -> {$args{intent}};
$cflags .= $incs;
$cflags .= { lib => ' $(LIB_CPPFLAGS)',
dso => ' $(DSO_CPPFLAGS)',
bin => ' $(BIN_CPPFLAGS)' } -> {$args{intent}};
my $asflags = { lib => ' $(LIB_ASFLAGS)',
dso => ' $(DSO_ASFLAGS)',
bin => ' $(BIN_ASFLAGS)' } -> {$args{intent}};
my $makedepprog = $config{makedepprog};
if ($srcs[0] =~ /\.rc$/) {
return <<"EOF";
$args{obj}: $deps
\$(RC) \$(RCFLAGS) \$(RCOUTFLAG)\$\@ $srcs
EOF
}
(my $obj = $args{obj}) =~ s|\.o$||;
if ($srcs[0] =~ /\.asm$/) {
return <<"EOF";
$obj$objext: $deps
\$(AS) \$(ASFLAGS) \$(ASOUTFLAG)\$\@ $srcs
\$(AS) $asflags \$(ASOUTFLAG)\$\@ $srcs
EOF
} elsif ($srcs[0] =~ /.S$/) {
return <<"EOF";
$obj$objext: $deps
\$(CC) /EP /D__ASSEMBLER__ $cflags $srcs > \$@.asm && \$(AS) $asflags \$(ASOUTFLAG)\$\@ \$@.asm
EOF
}
my $recipe = <<"EOF";
$obj$objext: $deps
\$(CC) $incs \$(CFLAGS) $ecflags -c \$(COUTFLAG)\$\@ $srcs
\$(CC) $cflags -c \$(COUTFLAG)\$\@ $srcs
EOF
$recipe .= <<"EOF" unless $disabled{makedepend};
\$(CC) $incs \$(CFLAGS) $ecflags /Zs /showIncludes $srcs 2>&1 | \\
"\$(PERL)" -n << > $obj$depext
chomp;
s/^Note: including file: *//;
\$\$collect{\$\$_} = 1;
END { print '$obj$objext: ',join(" ", sort keys \%collect),"\\n" }
<<
\$(CC) $cflags /Zs /showIncludes $srcs 2>&1 > $obj$depext
EOF
return $recipe;
}
# On Unix, we build shlibs from static libs, so we're ignoring the
# object file array. We *know* this routine is only called when we've
# configure 'shared'.
# We *know* this routine is only called when we've configure 'shared'.
# Also, note that even though the import library built here looks like
# a static library, it really isn't.
sub libobj2shlib {
my %args = @_;
my $lib = $args{lib};
my $shlib = $args{shlib};
(my $mkdef_key = $lib) =~ s/^lib//i;
my $objs = join("\n", map { $_.$objext } @{$args{objs}});
my $linklibs = join("",
map { "\n$_" } compute_lib_depends(@{$args{deps}}));
my $deps = join(" ",
(map { $_.$objext } @{$args{objs}}),
compute_lib_depends(@{$args{deps}}));
my $ordinalsfile = defined($args{ordinals}) ? $args{ordinals}->[1] : "";
my $mkdef_pl = abs2rel(rel2abs(catfile($config{sourcedir},
"util", "mkdef.pl")),
rel2abs($config{builddir}));
my $mkrc_pl = abs2rel(rel2abs(catfile($config{sourcedir},
"util", "mkrc.pl")),
rel2abs($config{builddir}));
my $target = shlib_import($lib);
my @objs = map { (my $x = $_) =~ s|\.o$|$objext|; $x }
grep { $_ =~ m/\.(?:o|res)$/ }
@{$args{objs}};
my @defs = grep { $_ =~ /\.def$/ } @{$args{objs}};
my @deps = compute_lib_depends(@{$args{deps}});
die "More than one exported symbols list" if scalar @defs > 1;
my $linklibs = join("", map { "$_\n" } @deps);
my $objs = join("\n", @objs);
my $deps = join(" ", @objs, @defs, @deps);
my $import = shlib_import($lib);
my $dll = shlib($lib);
my $shared_def = join("", map { " /def:$_" } @defs);
return <<"EOF"
$target: $deps "$ordinalsfile" "$mkdef_pl"
"\$(PERL)" "$mkdef_pl" "$mkdef_key" 32 > $shlib.def
"\$(PERL)" -i.tmp -pe "s|^LIBRARY\\s+${mkdef_key}32|LIBRARY $shlib|;" $shlib.def
DEL $shlib.def.tmp
"\$(PERL)" "$mkrc_pl" $shlib$shlibext > $shlib.rc
\$(RC) \$(RCOUTFLAG)$shlib.res $shlib.rc
IF EXIST $shlib$shlibext.manifest DEL /F /Q $shlib$shlibext.manifest
# The import library may look like a static library, but it is not.
# We MUST make the import library depend on the DLL, in case someone
# mistakenly removes the latter.
$import: $dll
$dll: $deps
IF EXIST $full.manifest DEL /F /Q $full.manifest
IF EXIST \$@ DEL /F /Q \$@
\$(LD) \$(LDFLAGS) \$(LIB_LDFLAGS) \\
/implib:\$@ \$(LDOUTFLAG)$shlib$shlibext /def:$shlib.def @<< || (DEL /Q \$(\@B).* $shlib.* && EXIT 1)
$objs $shlib.res$linklibs \$(EX_LIBS)
/implib:$import \$(LDOUTFLAG)$dll$shared_def @<< || (DEL /Q \$(\@B).* $import && EXIT 1)
$objs
$linklibs\$(LIB_EX_LIBS)
<<
IF EXIST $shlib$shlibext.manifest \\
\$(MT) \$(MTFLAGS) \$(MTINFLAG)$shlib$shlibext.manifest \$(MTOUTFLAG)$shlib$shlibext
IF EXIST apps\\$shlib$shlibext DEL /Q /F apps\\$shlib$shlibext
IF EXIST test\\$shlib$shlibext DEL /Q /F test\\$shlib$shlibext
IF EXIST fuzz\\$shlib$shlibext DEL /Q /F fuzz\\$shlib$shlibext
COPY $shlib$shlibext apps
COPY $shlib$shlibext test
COPY $shlib$shlibext fuzz
IF EXIST $dll.manifest \\
\$(MT) \$(MTFLAGS) \$(MTINFLAG)$dll.manifest \$(MTOUTFLAG)$dll
IF EXIST apps\\$dll DEL /Q /F apps\\$dll
IF EXIST test\\$dll DEL /Q /F test\\$dll
IF EXIST fuzz\\$dll DEL /Q /F fuzz\\$dll
COPY $dll apps
COPY $dll test
COPY $dll fuzz
EOF
}
sub obj2dso {
my %args = @_;
my $dso = $args{lib};
my $dso_n = basename($dso);
my $objs = join("\n", map { $_.$objext } @{$args{objs}});
my $linklibs = join("",
map { "\n$_" } compute_lib_depends(@{$args{deps}}));
my $deps = join(" ",
(map { $_.$objext } @{$args{objs}}),
compute_lib_depends(@{$args{deps}}));
my @objs = map { (my $x = $_) =~ s|\.o$|$objext|; $x } @{$args{objs}};
my @deps = compute_lib_depends(@{$args{deps}});
my $objs = join("\n", @objs);
my $linklibs = join("", map { "$_\n" } @deps);
my $deps = join(" ", @objs, @deps);
return <<"EOF";
$dso$dsoext: $deps
IF EXIST $dso$dsoext.manifest DEL /F /Q $dso$dsoext.manifest
@@ -540,43 +671,41 @@ EXPORTS
bind_engine @1
v_check @2
<<
$objs$linklibs \$(EX_LIBS)
$objs
$linklibs \$(DSO_EX_LIBS)
<<
IF EXIST $dso$dsoext.manifest \\
\$(MT) \$(MTFLAGS) \$(MTINFLAG)$dso$dsoext.manifest \$(MTOUTFLAG)$dso$dsoext
EOF
}
sub obj2lib {
# Because static libs and import libs are both named the same in native
# Windows, we can't have both. We skip the static lib in that case,
# as the shared libs are what we use anyway.
return "" unless $disabled{"shared"};
my %args = @_;
my $lib = $args{lib};
my $objs = join("\n", map { $_.$objext } @{$args{objs}});
my $deps = join(" ", map { $_.$objext } @{$args{objs}});
my $lib = lib($args{lib});
my @objs = map { (my $x = $_) =~ s|\.o$|$objext|; $x } @{$args{objs}};
my $objs = join("\n", @objs);
my $deps = join(" ", @objs);
return <<"EOF";
$lib$libext: $deps
\$(AR) \$(ARFLAGS) \$(AROUTFLAG)$lib$libext @<<
\$**
$lib: $deps
\$(AR) \$(ARFLAGS) \$(AROUTFLAG)$lib @<<
$objs
<<
EOF
}
sub obj2bin {
my %args = @_;
my $bin = $args{bin};
my $objs = join("\n", map { $_.$objext } @{$args{objs}});
my $linklibs = join("",
map { "\n$_" } compute_lib_depends(@{$args{deps}}));
my $deps = join(" ",
(map { $_.$objext } @{$args{objs}}),
compute_lib_depends(@{$args{deps}}));
my @objs = map { (my $x = $_) =~ s|\.o$|$objext|; $x } @{$args{objs}};
my @deps = compute_lib_depends(@{$args{deps}});
my $objs = join("\n", @objs);
my $linklibs = join("", map { "$_\n" } @deps);
my $deps = join(" ", @objs, @deps);
return <<"EOF";
$bin$exeext: $deps
IF EXIST $bin$exeext.manifest DEL /F /Q $bin$exeext.manifest
\$(LD) \$(LDFLAGS) \$(BIN_LDFLAGS) \$(LDOUTFLAG)$bin$exeext @<<
$objs setargv.obj$linklibs \$(EX_LIBS)
$objs
setargv.obj
$linklibs\$(BIN_EX_LIBS)
<<
IF EXIST $bin$exeext.manifest \\
\$(MT) \$(MTFLAGS) \$(MTINFLAG)$bin$exeext.manifest \$(MTOUTFLAG)$bin$exeext
@@ -604,6 +733,10 @@ EOF
lib => $libext,
bin => $exeext );
# We already have a 'test' target, and the top directory is just plain
# silly
return if $dir eq "test" || $dir eq ".";
foreach my $type (("dso", "lib", "bin", "script")) {
next unless defined($unified_info{dirinfo}->{$dir}->{products}->{$type});
# For lib object files, we could update the library. However,
@@ -621,7 +754,7 @@ EOF
my $deps = join(" ", @deps);
my $actions = join("\n", "", @actions);
return <<"EOF";
$args{dir} $args{dir}\\ : $deps$actions
$dir $dir\\ : $deps$actions
EOF
}
"" # Important! This becomes part of the template result.

2630
Configure
View File

File diff suppressed because it is too large Load Diff

462
INSTALL
View File

@@ -1,4 +1,3 @@
OPENSSL INSTALLATION
--------------------
@@ -23,6 +22,7 @@
* NOTES.VMS (OpenVMS)
* NOTES.WIN (any supported Windows)
* NOTES.DJGPP (DOS platform with DJGPP)
* NOTES.ANDROID (obviously Android [NDK])
Notational conventions in this document
---------------------------------------
@@ -98,16 +98,26 @@
$ nmake test
$ nmake install
Note that in order to perform the install step above you need to have
appropriate permissions to write to the installation directory.
If any of these steps fails, see section Installation in Detail below.
This will build and install OpenSSL in the default location, which is:
Unix: normal installation directories under /usr/local
OpenVMS: SYS$COMMON:[OPENSSL-'version'...], where 'version' is the
OpenSSL version number with underscores instead of periods.
OpenVMS: SYS$COMMON:[OPENSSL]
Windows: C:\Program Files\OpenSSL or C:\Program Files (x86)\OpenSSL
If you want to install it anywhere else, run config like this:
The installation directory should be appropriately protected to ensure
unprivileged users cannot make changes to OpenSSL binaries or files, or install
engines. If you already have a pre-installed version of OpenSSL as part of
your Operating System it is recommended that you do not overwrite the system
version and instead install to somewhere else.
If you want to install it anywhere else, run config like this (the options
--prefix and --openssldir are explained further down, and the values shown
here are mere examples):
On Unix:
@@ -135,7 +145,10 @@
Don't build with support for deprecated APIs below the
specified version number. For example "--api=1.1.0" will
remove support for all APIS that were deprecated in OpenSSL
version 1.1.0 or below.
version 1.1.0 or below. This is a rather specialized option
for developers. If you just intend to remove all deprecated
APIs entirely (up to the current version), it is easier
to add the 'no-deprecated' option instead (see below).
--cross-compile-prefix=PREFIX
The PREFIX to include in front of commands for your
@@ -145,8 +158,8 @@
put together one-size-fits-all instructions. You might
have to pass more flags or set up environment variables
to actually make it work. Android and iOS cases are
discussed in corresponding Configurations/10-main.cf
sections. But there are cases when this option alone is
discussed in corresponding Configurations/15-*.conf
files. But there are cases when this option alone is
sufficient. For example to build the mingw64 target on
Linux "--cross-compile-prefix=x86_64-w64-mingw32-"
works. Naturally provided that mingw packages are
@@ -157,10 +170,12 @@
"--cross-compile-prefix=mipsel-linux-gnu-" suffices
in such case. Needless to mention that you have to
invoke ./Configure, not ./config, and pass your target
name explicitly.
name explicitly. Also, note that --openssldir refers
to target's file system, not one you are building on.
--debug
Build OpenSSL with debugging symbols.
Build OpenSSL with debugging symbols and zero optimization
level.
--libdir=DIR
The name of the directory under the top of the installation
@@ -184,7 +199,7 @@
Unix: /usr/local
Windows: C:\Program Files\OpenSSL
or C:\Program Files (x86)\OpenSSL
OpenVMS: SYS$COMMON:[OPENSSL-'version']
OpenVMS: SYS$COMMON:[OPENSSL]
--release
Build OpenSSL without debugging symbols. This is the default.
@@ -209,12 +224,41 @@
without a path). This flag must be provided if the
zlib-dynamic option is not also used. If zlib-dynamic is used
then this flag is optional and a default value ("ZLIB1") is
used if not provided.
used if not provided.
On VMS: this is the filename of the zlib library (with or
without a path). This flag is optional and if not provided
then "GNV$LIBZSHR", "GNV$LIBZSHR32" or "GNV$LIBZSHR64" is
used by default depending on the pointer size chosen.
--with-rand-seed=seed1[,seed2,...]
A comma separated list of seeding methods which will be tried
by OpenSSL in order to obtain random input (a.k.a "entropy")
for seeding its cryptographically secure random number
generator (CSPRNG). The current seeding methods are:
os: Use a trusted operating system entropy source.
This is the default method if such an entropy
source exists.
getrandom: Use the L<getrandom(2)> or equivalent system
call.
devrandom: Use the first device from the DEVRANDOM list
which can be opened to read random bytes. The
DEVRANDOM preprocessor constant expands to
"/dev/urandom","/dev/random","/dev/srandom" on
most unix-ish operating systems.
egd: Check for an entropy generating daemon.
rdcpu: Use the RDSEED or RDRAND command if provided by
the CPU.
librandom: Use librandom (not implemented yet).
none: Disable automatic seeding. This is the default
on some operating systems where no suitable
entropy source exists, or no support for it is
implemented yet.
For more information, see the section 'Note on random number
generation' at the end of this document.
no-afalgeng
Don't build the AFALG engine. This option will be forced if
on a platform that does not support AFALG.
@@ -227,8 +271,10 @@
no-shared option.
no-asm
Do not use assembler code. On some platforms a small amount
of assembler code may still be used.
Do not use assembler code. This should be viewed as
debugging/trouble-shooting option rather than production.
On some platforms a small amount of assembler code may
still be used even with this option.
no-async
Do not build support for async operations.
@@ -249,6 +295,23 @@
error strings. For a statically linked application this may
be undesirable if small executable size is an objective.
no-autoload-config
Don't automatically load the default openssl.cnf file.
Typically OpenSSL will automatically load a system config
file which configures default ssl options.
enable-buildtest-c++
While testing, generate C++ buildtest files that
simply check that the public OpenSSL header files
are usable standalone with C++.
Enabling this option demands extra care. For any
compiler flag given directly as configuration
option, you must ensure that it's valid for both
the C and the C++ compiler. If not, the C++ build
test will most likely break. As an alternative,
you can use the language specific variables, CFLAGS
and CXXFLAGS.
no-capieng
Don't build the CAPI engine. This option will be forced if
@@ -292,6 +355,11 @@
no-dso
Don't build support for loading Dynamic Shared Objects.
enable-devcryptoeng
Build the /dev/crypto engine. It is automatically selected
on BSD implementations, in which case it can be disabled with
no-devcryptoeng.
no-dynamic-engine
Don't build the dynamically loaded engines. This only has an
effect in a "shared" build
@@ -304,8 +372,13 @@
enable-ec_nistp_64_gcc_128
Enable support for optimised implementations of some commonly
used NIST elliptic curves. This is only supported on some
platforms.
used NIST elliptic curves.
This is only supported on platforms:
- with little-endian storage of non-byte types
- that tolerate misaligned memory references
- where the compiler:
- supports the non-standard type __uint128_t
- defines the built-in macro __SIZEOF_INT128__
enable-egd
Build support for gathering entropy from EGD (Entropy
@@ -317,6 +390,13 @@
no-err
Don't compile in any error strings.
enable-external-tests
Enable building of integration with external test suites.
This is a developer option and may not work on all platforms.
The only supported external test suite at the current time is
the BoringSSL test suite. See the file test/README.external
for further details.
no-filenames
Don't compile in filename and line number information (e.g.
for errors and memory allocation).
@@ -333,9 +413,6 @@
available if the GOST algorithms are also available through
loading an externally supplied engine.
enable-heartbeats
Build support for DTLS heartbeats.
no-hw-padlock
Don't build the padlock engine.
@@ -356,6 +433,24 @@
no-pic
Don't build with support for Position Independent Code.
no-pinshared By default OpenSSL will attempt to stay in memory until the
process exits. This is so that libcrypto and libssl can be
properly cleaned up automatically via an "atexit()" handler.
The handler is registered by libcrypto and cleans up both
libraries. On some platforms the atexit() handler will run on
unload of libcrypto (if it has been dynamically loaded)
rather than at process exit. This option can be used to stop
OpenSSL from attempting to stay in memory until the process
exits. This could lead to crashes if either libcrypto or
libssl have already been unloaded at the point
that the atexit handler is invoked, e.g. on a platform which
calls atexit() on unload of the library, and libssl is
unloaded before libcrypto then a crash is likely to happen.
Applications can suppress running of the atexit() handler at
run time by using the OPENSSL_INIT_NO_ATEXIT option to
OPENSSL_init_crypto(). See the man page for it for further
details.
no-posix-io
Don't use POSIX IO capabilities.
@@ -416,6 +511,9 @@
the OpenSSL tests also use the command line applications the
tests will also be skipped.
no-tests
Don't build test programs or run any test.
no-threads
Don't try to build with support for multi-threaded
applications.
@@ -438,9 +536,9 @@
conjunction with the "-DPEDANTIC" option (or the
--strict-warnings option).
no-ui
Don't build with the "UI" capability (i.e. the set of
features enabling text based prompts).
no-ui-console
Don't build with the "UI" console method (i.e. the "UI"
method that enables text based console prompts).
enable-unit-test
Enable additional unit test APIs. This should not typically
@@ -468,18 +566,22 @@
no-<prot>
Don't build support for negotiating the specified SSL/TLS
protocol (one of ssl, ssl3, tls, tls1, tls1_1, tls1_2, dtls,
dtls1 or dtls1_2). If "no-tls" is selected then all of tls1,
tls1_1 and tls1_2 are disabled. Similarly "no-dtls" will
disable dtls1 and dtls1_2. The "no-ssl" option is synonymous
with "no-ssl3". Note this only affects version negotiation.
OpenSSL will still provide the methods for applications to
explicitly select the individual protocol versions.
protocol (one of ssl, ssl3, tls, tls1, tls1_1, tls1_2,
tls1_3, dtls, dtls1 or dtls1_2). If "no-tls" is selected then
all of tls1, tls1_1, tls1_2 and tls1_3 are disabled.
Similarly "no-dtls" will disable dtls1 and dtls1_2. The
"no-ssl" option is synonymous with "no-ssl3". Note this only
affects version negotiation. OpenSSL will still provide the
methods for applications to explicitly select the individual
protocol versions.
no-<prot>-method
As for no-<prot> but in addition do not build the methods for
applications to explicitly select individual protocol
versions.
versions. Note that there is no "no-tls1_3-method" option
because there is no application method for TLSv1.3. Using
individual protocol methods directly is deprecated.
Applications should use TLS_method() instead.
enable-<alg>
Build with support for the specified algorithm, where <alg>
@@ -487,13 +589,14 @@
no-<alg>
Build without support for the specified algorithm, where
<alg> is one of: bf, blake2, camellia, cast, chacha, cmac,
des, dh, dsa, ecdh, ecdsa, idea, md4, mdc2, ocb, poly1305,
rc2, rc4, rmd160, scrypt, seed or whirlpool. The "ripemd"
algorithm is deprecated and if used is synonymous with rmd160.
<alg> is one of: aria, bf, blake2, camellia, cast, chacha,
cmac, des, dh, dsa, ecdh, ecdsa, idea, md4, mdc2, ocb,
poly1305, rc2, rc4, rmd160, scrypt, seed, siphash, sm2, sm3,
sm4 or whirlpool. The "ripemd" algorithm is deprecated and
if used is synonymous with rmd160.
-Dxxx, lxxx, -Lxxx, -Wl, -rpath, -R, -framework, -static
These system specific options will be recocognised and
-Dxxx, -Ixxx, -Wp, -lxxx, -Lxxx, -Wl, -rpath, -R, -framework, -static
These system specific options will be recognised and
passed through to the compiler to allow you to define
preprocessor symbols, specify additional libraries, library
directories or other compiler options. It might be worth
@@ -503,11 +606,137 @@
unsuitable for execution on other, typically older,
processor. Consult your compiler documentation.
-xxx, +xxx
Additional options that are not otherwise recognised are
passed through as they are to the compiler as well. Again,
consult your compiler documentation.
Take note of the VAR=value documentation below and how
these flags interact with those variables.
-xxx, +xxx, /xxx
Additional options that are not otherwise recognised are
passed through as they are to the compiler as well.
Unix-style options beginning with a '-' or '+' and
Windows-style options beginning with a '/' are recognized.
Again, consult your compiler documentation.
If the option contains arguments separated by spaces,
then the URL-style notation %20 can be used for the space
character in order to avoid having to quote the option.
For example, -opt%20arg gets expanded to -opt arg.
In fact, any ASCII character can be encoded as %xx using its
hexadecimal encoding.
Take note of the VAR=value documentation below and how
these flags interact with those variables.
VAR=value
Assignment of environment variable for Configure. These
work just like normal environment variable assignments,
but are supported on all platforms and are confined to
the configuration scripts only. These assignments override
the corresponding value in the inherited environment, if
there is one.
The following variables are used as "make variables" and
can be used as an alternative to giving preprocessor,
compiler and linker options directly as configuration.
The following variables are supported:
AR The static library archiver.
ARFLAGS Flags for the static library archiver.
AS The assembler compiler.
ASFLAGS Flags for the assembler compiler.
CC The C compiler.
CFLAGS Flags for the C compiler.
CXX The C++ compiler.
CXXFLAGS Flags for the C++ compiler.
CPP The C/C++ preprocessor.
CPPFLAGS Flags for the C/C++ preprocessor.
CPPDEFINES List of CPP macro definitions, separated
by a platform specific character (':' or
space for Unix, ';' for Windows, ',' for
VMS). This can be used instead of using
-D (or what corresponds to that on your
compiler) in CPPFLAGS.
CPPINCLUDES List of CPP inclusion directories, separated
the same way as for CPPDEFINES. This can
be used instead of -I (or what corresponds
to that on your compiler) in CPPFLAGS.
HASHBANGPERL Perl invocation to be inserted after '#!'
in public perl scripts (only relevant on
Unix).
LD The program linker (not used on Unix, $(CC)
is used there).
LDFLAGS Flags for the shared library, DSO and
program linker.
LDLIBS Extra libraries to use when linking.
Takes the form of a space separated list
of library specifications on Unix and
Windows, and as a comma separated list of
libraries on VMS.
RANLIB The library archive indexer.
RC The Windows resource compiler.
RCFLAGS Flags for the Windows resource compiler.
RM The command to remove files and directories.
These cannot be mixed with compiling / linking flags given
on the command line. In other words, something like this
isn't permitted.
./config -DFOO CPPFLAGS=-DBAR -DCOOKIE
Backward compatibility note:
To be compatible with older configuration scripts, the
environment variables are ignored if compiling / linking
flags are given on the command line, except for these:
AR, CC, CXX, CROSS_COMPILE, HASHBANGPERL, PERL, RANLIB, RC
and WINDRES
For example, the following command will not see -DBAR:
CPPFLAGS=-DBAR ./config -DCOOKIE
However, the following will see both set variables:
CC=gcc CROSS_COMPILE=x86_64-w64-mingw32- \
./config -DCOOKIE
If CC is set, it is advisable to also set CXX to ensure
both C and C++ compilers are in the same "family". This
becomes relevant with 'enable-external-tests' and
'enable-buildtest-c++'.
reconf
reconfigure
Reconfigure from earlier data. This fetches the previous
command line options and environment from data saved in
"configdata.pm", and runs the configuration process again,
using these options and environment.
Note: NO other option is permitted together with "reconf".
This means that you also MUST use "./Configure" (or
what corresponds to that on non-Unix platforms) directly
to invoke this option.
Note: The original configuration saves away values for ALL
environment variables that were used, and if they weren't
defined, they are still saved away with information that
they weren't originally defined. This information takes
precedence over environment variables that are defined
when reconfiguring.
Displaying configuration data
-----------------------------
The configuration script itself will say very little, and finishes by
creating "configdata.pm". This perl module can be loaded by other scripts
to find all the configuration data, and it can also be used as a script to
display all sorts of configuration data in a human readable form.
For more information, please do:
$ ./configdata.pm --help # Unix
or
$ perl configdata.pm --help # Windows and VMS
Installation in Detail
----------------------
@@ -620,22 +849,34 @@
("openssl"). The libraries will be built in the top-level directory,
and the binary will be in the "apps" subdirectory.
Troubleshooting:
If the build fails, look at the output. There may be reasons
for the failure that aren't problems in OpenSSL itself (like
missing standard headers). If you are having problems you can
get help by sending an email to the openssl-users email list (see
missing standard headers).
If the build succeeded previously, but fails after a source or
configuration change, it might be helpful to clean the build tree
before attempting another build. Use this command:
$ make clean # Unix
$ mms clean ! (or mmk) OpenVMS
$ nmake clean # Windows
Assembler error messages can sometimes be sidestepped by using the
"no-asm" configuration option.
Compiling parts of OpenSSL with gcc and others with the system
compiler will result in unresolved symbols on some systems.
If you are still having problems you can get help by sending an email
to the openssl-users email list (see
https://www.openssl.org/community/mailinglists.html for details). If
it is a bug with OpenSSL itself, please open an issue on GitHub, at
https://github.com/openssl/openssl/issues. Please review the existing
ones first; maybe the bug was already reported or has already been
fixed.
(If you encounter assembler error messages, try the "no-asm"
configuration option as an immediate fix.)
Compiling parts of OpenSSL with gcc and others with the system
compiler will result in unresolved symbols on some systems.
3. After a successful build, the libraries should be tested. Run:
$ make test # Unix
@@ -664,7 +905,7 @@
$ nmake TESTS='test_rsa test_dsa' test # Windows
And of course, you can combine (Unix example shown):
$ make VERBOSE=1 TESTS='test_rsa test_dsa' test
You can find the list of available tests like this:
@@ -683,14 +924,20 @@
To report a bug please open an issue on GitHub, at
https://github.com/openssl/openssl/issues.
For more details on how the make variables TESTS can be used,
see section TESTS in Detail below.
4. If everything tests ok, install OpenSSL with
$ make install # Unix
$ mms install ! OpenVMS
$ nmake install # Windows
This will install all the software components in this directory
tree under PREFIX (the directory given with --prefix or its
Note that in order to perform the install step above you need to have
appropriate permissions to write to the installation directory.
The above commands will install all the software components in this
directory tree under PREFIX (the directory given with --prefix or its
default):
Unix:
@@ -715,9 +962,9 @@
share/doc/openssl/html/man7
Contains the HTML rendition of the man-pages.
OpenVMS ('arch' is replaced with the architecture name, "Alpha"
or "ia64", 'sover' is replaced with the shared library version
(0101 for 1.1), and 'pz' is replaced with the pointer size
OpenVMS ('arch' is replaced with the architecture name, "ALPHA"
or "IA64", 'sover' is replaced with the shared library version
(0101 for 1.1.x), and 'pz' is replaced with the pointer size
OpenSSL was built with):
[.EXE.'arch'] Contains the openssl binary.
@@ -734,7 +981,7 @@
command symbols.
[.SYSTEST] Contains the installation verification procedure.
[.HTML] Contains the HTML rendition of the manual pages.
Additionally, install will add the following directories under
OPENSSLDIR (the directory given with --openssldir or its default)
@@ -746,6 +993,12 @@
for private key files.
misc Various scripts.
The installation directory should be appropriately protected to ensure
unprivileged users cannot make changes to OpenSSL binaries or files, or
install engines. If you already have a pre-installed version of OpenSSL as
part of your Operating System it is recommended that you do not overwrite
the system version and instead install to somewhere else.
Package builders who want to configure the library for standard
locations, but have the package installed somewhere else so that
it can easily be packaged, can use
@@ -760,10 +1013,10 @@
* COMPILING existing applications
OpenSSL 1.1.0 hides a number of structures that were previously
open. This includes all internal libssl structures and a number
of EVP types. Accessor functions have been added to allow
controlled access to the structures' data.
Starting with version 1.1.0, OpenSSL hides a number of structures
that were previously open. This includes all internal libssl
structures and a number of EVP types. Accessor functions have
been added to allow controlled access to the structures' data.
This means that some software needs to be rewritten to adapt to
the new ways of doing things. This often amounts to allocating
@@ -788,7 +1041,7 @@
BUILDFILE
Use a different build file name than the platform default
("Makefile" on Unixly platforms, "makefile" on native Windows,
("Makefile" on Unix-like platforms, "makefile" on native Windows,
"descrip.mms" on OpenVMS). This requires that there is a
corresponding build file template. See Configurations/README
for further information.
@@ -820,15 +1073,18 @@
possible to create your own ".conf" and ".tmpl" files and store
them locally, outside the OpenSSL source tree. This environment
variable can be set to the directory where these files are held
and will have Configure to consider them in addition to the
standard ones.
and will be considered by Configure before it looks in the
standard directories.
PERL
The name of the Perl executable to use when building OpenSSL.
This variable is used in config script only. Configure on the
other hand imposes the interpreter by which it itself was
executed on the whole build procedure.
HASHBANGPERL
The command string for the Perl executable to insert in the
#! line of perl scripts that will be publically installed.
#! line of perl scripts that will be publicly installed.
Default: /usr/bin/env perl
Note: the value of this variable is added to the same scripts
on all platforms, but it's only relevant on Unix-like platforms.
@@ -863,7 +1119,7 @@
depend
Rebuild the dependencies in the Makefiles. This is a legacy
option that no longer needs to be used in OpenSSL 1.1.0.
option that no longer needs to be used since OpenSSL 1.1.0.
install
Install all OpenSSL components.
@@ -889,12 +1145,68 @@
uninstall
Uninstall all OpenSSL components.
reconfigure
reconf
Re-run the configuration process, as exactly as the last time
as possible.
update
This is a developer option. If you are developing a patch for
OpenSSL you may need to use this if you want to update
automatically generated files; add new error codes or add new
(or change the visibility of) public API functions. (Unix only).
TESTS in Detail
---------------
The make variable TESTS supports a versatile set of space separated tokens
with which you can specify a set of tests to be performed. With a "current
set of tests" in mind, initially being empty, here are the possible tokens:
alltests The current set of tests becomes the whole set of available
tests (as listed when you do 'make list-tests' or similar).
xxx Adds the test 'xxx' to the current set of tests.
-xxx Removes 'xxx' from the current set of tests. If this is the
first token in the list, the current set of tests is first
assigned the whole set of available tests, effectively making
this token equivalent to TESTS="alltests -xxx".
nn Adds the test group 'nn' (which is a number) to the current
set of tests.
-nn Removes the test group 'nn' from the current set of tests.
If this is the first token in the list, the current set of
tests is first assigned the whole set of available tests,
effectively making this token equivalent to
TESTS="alltests -xxx".
Also, all tokens except for "alltests" may have wildcards, such as *.
(on Unix and Windows, BSD style wildcards are supported, while on VMS,
it's VMS style wildcards)
Example: All tests except for the fuzz tests:
$ make TESTS=-test_fuzz test
or (if you want to be explicit)
$ make TESTS='alltests -test_fuzz' test
Example: All tests that have a name starting with "test_ssl" but not those
starting with "test_ssl_":
$ make TESTS='test_ssl* -test_ssl_*' test
Example: Only test group 10:
$ make TESTS='10'
Example: All tests except the slow group (group 99):
$ make TESTS='-99'
Example: All tests in test groups 80 to 99 except for tests in group 90:
$ make TESTS='[89]? -90'
Note on multi-threading
-----------------------
@@ -931,7 +1243,7 @@
part of the file name, i.e. for OpenSSL 1.1.x, 1.1 is somehow part of
the name.
On most POSIXly platforms, shared libraries are named libcrypto.so.1.1
On most POSIX platforms, shared libraries are named libcrypto.so.1.1
and libssl.so.1.1.
on Cygwin, shared libraries are named cygcrypto-1.1.dll and cygssl-1.1.dll
@@ -956,10 +1268,22 @@
Availability of cryptographically secure random numbers is required for
secret key generation. OpenSSL provides several options to seed the
internal PRNG. If not properly seeded, the internal PRNG will refuse
internal CSPRNG. If not properly seeded, the internal CSPRNG will refuse
to deliver random bytes and a "PRNG not seeded error" will occur.
On systems without /dev/urandom (or similar) device, it may be necessary
to install additional support software to obtain a random seed.
Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(),
and the FAQ for more information.
The seeding method can be configured using the --with-rand-seed option,
which can be used to specify a comma separated list of seed methods.
However in most cases OpenSSL will choose a suitable default method,
so it is not necessary to explicitly provide this option. Note also
that not all methods are available on all platforms.
I) On operating systems which provide a suitable randomness source (in
form of a system call or system device), OpenSSL will use the optimal
available method to seed the CSPRNG from the operating system's
randomness sources. This corresponds to the option --with-rand-seed=os.
II) On systems without such a suitable randomness source, automatic seeding
and reseeding is disabled (--with-rand-seed=none) and it may be necessary
to install additional support software to obtain a random seed and reseed
the CSPRNG manually. Please check out the manual pages for RAND_add(),
RAND_bytes(), RAND_egd(), and the FAQ for more information.

16
LICENSE
View File

@@ -10,14 +10,14 @@
---------------
/* ====================================================================
* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2019 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -72,21 +72,21 @@
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -101,10 +101,10 @@
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -116,7 +116,7 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence

521
Makefile.shared
View File

@@ -1,521 +0,0 @@
#
# Helper makefile to link shared libraries in a portable way.
# This is much simpler than libtool, and hopefully not too error-prone.
#
# The following variables need to be set on the command line to build
# properly
# CC contains the current compiler. This one MUST be defined
CC=cc
CFLAGS=$(CFLAG)
# LDFLAGS contains flags to be used when temporary object files (when building
# shared libraries) are created, or when an application is linked.
# SHARED_LDFLAGS contains flags to be used when the shared library is created.
LDFLAGS=$(LDFLAG)
SHARED_LDFLAGS=$(SHARED_LDFLAG)
RC=windres
# SHARED_RCFLAGS are flags used with windres, i.e. when build for Cygwin
# or Mingw.
SHARED_RCFLAGS=$(SHARED_RCFLAG)
NM=nm
# LIBNAME contains just the name of the library, without prefix ("lib"
# on Unix, "cyg" for certain forms under Cygwin...) or suffix (.a, .so,
# .dll, ...). This one MUST have a value when using this makefile to
# build shared libraries.
# For example, to build libfoo.so, you need to do the following:
#LIBNAME=foo
LIBNAME=
# STLIBNAME contains the path of the static library to build the shared
# library from, for example:
#STLIBNAME=libfoo.a
STLIBNAME=
# On most Unix platforms, SHLIBNAME contains the path of the short name of
# the shared library to build, for example
#SHLIBNAME=libfoo.so
# On Windows POSIX layers (cygwin and mingw), SHLIBNAME contains the import
# library name for the shared library to be built, for example:
#SHLIBNAME=libfoo.dll.a
# SHLIBNAME_FULL contains the path of the full name of the shared library to
# build, for example:
#SHLIBNAME_FULL=libfoo.so.1.2
# When building DSOs, SHLIBNAME_FULL contains path of the full DSO name, for
# example:
#SHLIBNAME_FULL=dir/dso.so
SHLIBNAME_FULL=
# SHLIBVERSION contains the current version of the shared library (not to
# be confused with the project version)
#SHLIBVERSION=1.2
SHLIBVERSION=
# NOTE: to build shared libraries, LIBNAME, STLIBNAME, SHLIBNAME and
# SHLIBNAME_FULL MUST have values when using this makefile, and in some
# cases, SHLIBVERSION as well. To build DSOs, SHLIBNAME_FULL MUST have
# a value, the rest can be left alone.
# APPNAME contains just the name of the application, without suffix (""
# on Unix, ".exe" on Windows, ...). This one MUST have a value when using
# this makefile to build applications.
# For example, to build foo, you need to do the following:
#APPNAME=foo
APPNAME=
# SRCDIR is the top directory of the source tree.
SRCDIR=.
# OBJECTS contains all the object files to link together into the application.
# This must contain at least one object file.
#OBJECTS=foo.o
OBJECTS=
# LIBEXTRAS contains extra modules to link together with the library.
# For example, if a second library, say libbar.a needs to be linked into
# libfoo.so, you need to do the following:
#LIBEXTRAS=libbar.a
# Note that this MUST be used when using the link_dso targets, to hold the
# names of all object files that go into the target shared object.
LIBEXTRAS=
# LIBDEPS contains all the flags necessary to cover all necessary
# dependencies to other libraries.
LIBDEPS=
#------------------------------------------------------------------------------
# The rest is private to this makefile.
SET_X=:
#SET_X=set -x
top:
echo "Trying to use this makefile interactively? Don't."
LINK_APP= \
( $(SET_X); \
LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$${LDFLAGS:-$(CFLAGS) $(LDFLAGS)}"; \
LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
echo LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
$${LDCMD} $${LDFLAGS} -o $${APPNAME:=$(APPNAME)} $(OBJECTS) $${LIBDEPS}; \
LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
$${LDCMD} $${LDFLAGS} -o $${APPNAME:=$(APPNAME)} $(OBJECTS) $${LIBDEPS} )
LINK_SO= \
( $(SET_X); \
LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
SHAREDCMD="$${SHAREDCMD:-$(CC)}"; \
SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
echo LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
$${SHAREDCMD} $${SHAREDFLAGS} \
-o $(SHLIBNAME_FULL) \
$$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS; \
LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
$${SHAREDCMD} $${SHAREDFLAGS} \
-o $(SHLIBNAME_FULL) \
$$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS \
) && $(SYMLINK_SO)
SYMLINK_SO= \
if [ -n "$$INHIBIT_SYMLINKS" ]; then :; else \
if [ -n "$(SHLIBNAME_FULL)" -a -n "$(SHLIBNAME)" -a \
"$(SHLIBNAME_FULL)" != "$(SHLIBNAME)" ]; then \
( $(SET_X); \
rm -f $(SHLIBNAME); \
ln -s $(SHLIBNAME_FULL) $(SHLIBNAME) ); \
fi; \
fi
LINK_SO_SHLIB= SHOBJECTS="$(STLIBNAME) $(LIBEXTRAS)"; $(LINK_SO)
LINK_SO_DSO= INHIBIT_SYMLINKS=yes; SHOBJECTS="$(LIBEXTRAS)"; $(LINK_SO)
LINK_SO_SHLIB_VIA_O= \
SHOBJECTS=$(STLIBNAME).o; \
ALL=$$ALLSYMSFLAGS; ALLSYMSFLAGS=; NOALLSYMSFLAGS=; \
( echo ld $(LDFLAGS) -r -o $$SHOBJECTS $$ALL $(STLIBNAME) $(LIBEXTRAS); \
ld $(LDFLAGS) -r -o $$SHOBJECTS $$ALL $(STLIBNAME) $(LIBEXTRAS) ); \
$(LINK_SO) && ( echo rm -f $$SHOBJECTS; rm -f $$SHOBJECTS )
LINK_SO_SHLIB_UNPACKED= \
UNPACKDIR=link_tmp.$$$$; rm -rf $$UNPACKDIR; mkdir $$UNPACKDIR; \
(cd $$UNPACKDIR; ar x ../$(STLIBNAME)) && \
([ -z "$(LIBEXTRAS)" ] || cp $(LIBEXTRAS) $$UNPACKDIR) && \
SHOBJECTS=$$UNPACKDIR/*.o; \
$(LINK_SO) && rm -rf $$UNPACKDIR
DETECT_GNU_LD=($(CC) -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null
DO_GNU_SO_COMMON=\
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$(SHLIBNAME_FULL)"
DO_GNU_DSO=\
$(DO_GNU_SO_COMMON)
DO_GNU_SO=\
ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
$(DO_GNU_SO_COMMON)
DO_GNU_APP=LDFLAGS="$(CFLAGS) $(LDFLAGS)"
#This is rather special. It's a special target with which one can link
#applications without bothering with any features that have anything to
#do with shared libraries, for example when linking against static
#libraries. It's mostly here to avoid a lot of conditionals everywhere
#else...
link_app.:
$(LINK_APP)
link_dso.gnu:
@ $(DO_GNU_DSO); $(LINK_SO_DSO)
link_shlib.gnu:
@ $(DO_GNU_SO); $(LINK_SO_SHLIB)
link_app.gnu:
@ $(DO_GNU_APP); $(LINK_APP)
link_shlib.linux-shared:
@$(PERL) $(SRCDIR)/util/mkdef.pl $(LIBNAME) linux >$(LIBNAME).map; \
$(DO_GNU_SO); \
ALLSYMSFLAGS='-Wl,--whole-archive,--version-script=$(LIBNAME).map'; \
$(LINK_SO_SHLIB)
link_dso.bsd:
@if $(DETECT_GNU_LD); then $(DO_GNU_DSO); else \
LIBDEPS=" "; \
ALLSYMSFLAGS=; \
NOALLSYMSFLAGS=; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -nostdlib"; \
fi; $(LINK_SO_DSO)
link_shlib.bsd:
@if $(DETECT_GNU_LD); then $(DO_GNU_SO); else \
LIBDEPS=" "; \
ALLSYMSFLAGS="-Wl,-Bforcearchive"; \
NOALLSYMSFLAGS=; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -nostdlib"; \
fi; $(LINK_SO_SHLIB)
link_app.bsd:
@if $(DETECT_GNU_LD); then $(DO_GNU_APP); else \
LDFLAGS="$(CFLAGS) $(LDFLAGS)"; \
fi; $(LINK_APP)
# For Darwin AKA Mac OS/X (dyld)
# Originally link_dso.darwin produced .so, because it was hard-coded
# in dso_dlfcn module. At later point dso_dlfcn switched to .dylib
# extension in order to allow for run-time linking with vendor-
# supplied shared libraries such as libz, so that link_dso.darwin had
# to be harmonized with it. This caused minor controversy, because
# it was believed that dlopen can't be used to dynamically load
# .dylib-s, only so called bundle modules (ones linked with -bundle
# flag). The belief seems to be originating from pre-10.4 release,
# where dlfcn functionality was emulated by dlcompat add-on. In
# 10.4 dlopen was rewritten as native part of dyld and is documented
# to be capable of loading both dynamic libraries and bundles. In
# order to provide compatibility with pre-10.4 dlopen, modules are
# linked with -bundle flag, which makes .dylib extension misleading.
# It works, because dlopen is [and always was] extension-agnostic.
# Alternative to this heuristic approach is to develop specific
# MacOS X dso module relying on whichever "native" dyld interface.
link_dso.darwin:
@ ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) `echo $(SHARED_LDFLAGS) | sed s/dynamiclib/bundle/`"; \
$(LINK_SO_DSO)
link_shlib.darwin:
@ ALLSYMSFLAGS='-all_load'; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -current_version $(SHLIBVERSION) -compatibility_version $(SHLIBVERSION) -install_name $(INSTALLTOP)/$(LIBDIR)/$(SHLIBNAME_FULL)"; \
$(LINK_SO_SHLIB)
link_app.darwin: # is there run-path on darwin?
$(LINK_APP)
link_dso.cygwin:
@ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
base=-Wl,--enable-auto-image-base; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic"; \
$(LINK_SO_DSO)
link_shlib.cygwin:
@ INHIBIT_SYMLINKS=yes; \
echo "$(PERL) $(SRCDIR)/util/mkrc.pl $(SHLIBNAME_FULL) |" \
"$(RC) $(SHARED_RCFLAGS) -o rc.o"; \
$(PERL) $(SRCDIR)/util/mkrc.pl $(SHLIBNAME_FULL) | \
$(RC) $(SHARED_RCFLAGS) -o rc.o; \
ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,--enable-auto-image-base -Wl,-Bsymbolic -Wl,--out-implib,$(SHLIBNAME) rc.o"; \
$(LINK_SO_SHLIB) || exit 1; \
rm rc.o
link_app.cygwin:
$(LINK_APP)
# link_dso.mingw-shared and link_app.mingw-shared are mapped to the
# corresponding cygwin targets, as they do the exact same thing.
link_shlib.mingw:
@ INHIBIT_SYMLINKS=yes; \
base=; [ $(LIBNAME) = "crypto" -a -n "$(FIPSCANLIB)" ] && base=-Wl,--image-base,0x63000000; \
$(PERL) $(SRCDIR)/util/mkdef.pl 32 $(LIBNAME) \
| sed -e 's|^\(LIBRARY *\)$(LIBNAME)32|\1$(SHLIBNAME_FULL)|' \
> $(LIBNAME).def; \
echo "$(PERL) $(SRCDIR)/util/mkrc.pl $(SHLIBNAME_FULL) |" \
"$(RC) $(SHARED_RCFLAGS) -o rc.o"; \
$(PERL) $(SRCDIR)/util/mkrc.pl $(SHLIBNAME_FULL) | \
$(RC) $(SHARED_RCFLAGS) -o rc.o; \
ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic -Wl,--out-implib,$(SHLIBNAME) $(LIBNAME).def rc.o"; \
$(LINK_SO_SHLIB) || exit 1; \
rm $(LIBNAME).def rc.o
link_dso.alpha-osf1:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_DSO); \
else \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic"; \
fi; \
$(LINK_SO_DSO)
link_shlib.alpha-osf1:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_SO); \
else \
ALLSYMSFLAGS='-all'; \
NOALLSYMSFLAGS='-none'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic -set_version $(SHLIBVERSION)"; \
fi; \
$(LINK_SO_SHLIB)
link_app.alpha-osf1:
@if $(DETECT_GNU_LD); then \
$(DO_GNU_APP); \
else \
LDFLAGS="$(CFLAGS) $(LDFLAGS)"; \
fi; \
$(LINK_APP)
link_dso.solaris:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_DSO); \
else \
ALLSYMSFLAGS=""; \
NOALLSYMSFLAGS=""; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $(SHLIBNAME_FULL) -Wl,-Bsymbolic"; \
fi; \
$(LINK_SO_DSO)
link_shlib.solaris:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_SO); \
else \
$(PERL) $(SRCDIR)/util/mkdef.pl $(LIBNAME) linux >$(LIBNAME).map; \
ALLSYMSFLAGS="-Wl,-z,allextract,-M,$(LIBNAME).map"; \
NOALLSYMSFLAGS="-Wl,-z,defaultextract"; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $(SHLIBNAME_FULL) -Wl,-Bsymbolic"; \
fi; \
$(LINK_SO_SHLIB)
link_app.solaris:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_APP); \
else \
LDFLAGS="$(CFLAGS) $(LDFLAGS)"; \
fi; \
$(LINK_APP)
# OpenServer 5 native compilers used
link_dso.svr3:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_DSO); \
else \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) -G -h $(SHLIBNAME_FULL)"; \
fi; \
$(LINK_SO_DSO)
link_shlib.svr3:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_SO); \
else \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) -G -h $(SHLIBNAME_FULL)"; \
fi; \
$(LINK_SO_SHLIB_UNPACKED)
link_app.svr3:
@$(DETECT_GNU_LD) && $(DO_GNU_APP); \
$(LINK_APP)
# UnixWare 7 and OpenUNIX 8 native compilers used
link_dso.svr5:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_DSO); \
else \
SHARE_FLAG='-G'; \
($(CC) -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $(SHLIBNAME_FULL)"; \
fi; \
$(LINK_SO_DSO)
link_shlib.svr5:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_SO); \
else \
SHARE_FLAG='-G'; \
($(CC) -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $(SHLIBNAME_FULL)"; \
fi; \
$(LINK_SO_SHLIB_UNPACKED)
link_app.svr5:
@$(DETECT_GNU_LD) && $(DO_GNU_APP); \
$(LINK_APP)
link_dso.irix:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_DSO); \
else \
ALLSYMSFLAGS=""; \
NOALLSYMSFLAGS=""; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$(SHLIBNAME_FULL),-B,symbolic"; \
fi; \
$(LINK_SO_DSO)
link_shlib.irix:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_SO); \
else \
MINUSWL=""; \
($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSWL="-Wl,"; \
ALLSYMSFLAGS="$${MINUSWL}-all"; \
NOALLSYMSFLAGS="$${MINUSWL}-none"; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$(SHLIBNAME_FULL),-B,symbolic"; \
fi; \
$(LINK_SO_SHLIB)
link_app.irix:
@LDFLAGS="$(CFLAGS) $(LDFLAGS)"; \
$(LINK_APP)
# 32-bit PA-RISC HP-UX embeds the -L pathname of libs we link with, so
# we compensate for it with +cdp ../: and +cdp ./:. Yes, these rewrite
# rules imply that we can only link one level down in catalog structure,
# but that's what takes place for the moment of this writing. +cdp option
# was introduced in HP-UX 11.x and applies in 32-bit PA-RISC link
# editor context only [it's simply ignored in other cases, which are all
# ELFs by the way].
#
link_dso.hpux:
@if $(DETECT_GNU_LD); then $(DO_GNU_DSO); else \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$(SHLIBNAME_FULL),+cdp,../:,+cdp,./:"; \
fi; \
rm -f $(SHLIBNAME_FULL) || :; \
$(LINK_SO_DSO) && chmod a=rx $(SHLIBNAME_FULL)
link_shlib.hpux:
@if $(DETECT_GNU_LD); then $(DO_GNU_SO); else \
ALLSYMSFLAGS='-Wl,-Fl'; \
NOALLSYMSFLAGS=''; \
expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$(SHLIBNAME_FULL),+cdp,../:,+cdp,./:"; \
fi; \
rm -f $(SHLIBNAME_FULL) || :; \
$(LINK_SO_SHLIB) && chmod a=rx $(SHLIBNAME_FULL)
link_app.hpux:
@if $(DETECT_GNU_LD); then $(DO_GNU_APP); else \
LDFLAGS="$(CFLAGS) $(LDFLAGS) -Wl,+s,+cdp,../:,+cdp,./:"; \
fi; \
$(LINK_APP)
link_dso.aix:
@OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || :; \
OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \
rm -f $(SHLIBNAME_FULL) 2>&1 > /dev/null ; \
$(LINK_SO_DSO);
link_shlib.aix:
@ OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || : ; \
OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
ALLSYMSFLAGS='-bnogc'; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \
rm -f $(SHLIBNAME_FULL) 2>&1 > /dev/null ; \
$(LINK_SO_SHLIB_VIA_O)
link_app.aix:
LDFLAGS="$(CFLAGS) -Wl,-bsvr4 $(LDFLAGS)"; \
$(LINK_APP)
# Targets to build symbolic links when needed
symlink.gnu symlink.solaris symlink.svr3 symlink.svr5 symlink.irix \
symlink.aix:
@ $(SYMLINK_SO)
symlink.darwin:
@ $(SYMLINK_SO)
symlink.hpux:
@ $(SYMLINK_SO)
# The following lines means those specific architectures do no symlinks
symlink.cygwin symlink.alpha-osf1 symlink.tru64 symlink.tru64-rpath:
# Compatibility targets
link_dso.bsd-gcc-shared link_dso.linux-shared link_dso.gnu-shared: link_dso.gnu
link_shlib.bsd-gcc-shared: link_shlib.linux-shared
link_shlib.gnu-shared: link_shlib.gnu
link_app.bsd-gcc-shared link_app.linux-shared link_app.gnu-shared: link_app.gnu
symlink.bsd-gcc-shared symlink.bsd-shared symlink.linux-shared symlink.gnu-shared: symlink.gnu
link_dso.bsd-shared: link_dso.bsd
link_shlib.bsd-shared: link_shlib.bsd
link_app.bsd-shared: link_app.bsd
link_dso.darwin-shared: link_dso.darwin
link_shlib.darwin-shared: link_shlib.darwin
link_app.darwin-shared: link_app.darwin
symlink.darwin-shared: symlink.darwin
link_dso.cygwin-shared: link_dso.cygwin
link_shlib.cygwin-shared: link_shlib.cygwin
link_app.cygwin-shared: link_app.cygwin
symlink.cygwin-shared: symlink.cygwin
link_dso.mingw-shared: link_dso.cygwin
link_shlib.mingw-shared: link_shlib.mingw
link_app.mingw-shared: link_app.cygwin
symlink.mingw-shared: symlink.cygwin
link_dso.alpha-osf1-shared: link_dso.alpha-osf1
link_shlib.alpha-osf1-shared: link_shlib.alpha-osf1
link_app.alpha-osf1-shared: link_app.alpha-osf1
symlink.alpha-osf1-shared: symlink.alpha-osf1
link_dso.tru64-shared: link_dso.tru64
link_shlib.tru64-shared: link_shlib.tru64
link_app.tru64-shared: link_app.tru64
symlink.tru64-shared: symlink.tru64
link_dso.tru64-shared-rpath: link_dso.tru64-rpath
link_shlib.tru64-shared-rpath: link_shlib.tru64-rpath
link_app.tru64-shared-rpath: link_app.tru64-rpath
symlink.tru64-shared-rpath: symlink.tru64-rpath
link_dso.solaris-shared: link_dso.solaris
link_shlib.solaris-shared: link_shlib.solaris
link_app.solaris-shared: link_app.solaris
symlink.solaris-shared: symlink.solaris
link_dso.svr3-shared: link_dso.svr3
link_shlib.svr3-shared: link_shlib.svr3
link_app.svr3-shared: link_app.svr3
symlink.svr3-shared: symlink.svr3
link_dso.svr5-shared: link_dso.svr5
link_shlib.svr5-shared: link_shlib.svr5
link_app.svr5-shared: link_app.svr5
symlink.svr5-shared: symlink.svr5
link_dso.irix-shared: link_dso.irix
link_shlib.irix-shared: link_shlib.irix
link_app.irix-shared: link_app.irix
symlink.irix-shared: symlink.irix
link_dso.hpux-shared: link_dso.hpux
link_shlib.hpux-shared: link_shlib.hpux
link_app.hpux-shared: link_app.hpux
symlink.hpux-shared: symlink.hpux
link_dso.aix-shared: link_dso.aix
link_shlib.aix-shared: link_shlib.aix
link_app.aix-shared: link_app.aix
symlink.aix-shared: symlink.aix

155
NEWS
View File

@@ -5,17 +5,143 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.0j [20 Nov 2018]
Major changes between OpenSSL 1.1.1k and OpenSSL 1.1.1l [24 Aug 2021]
o Fixed an SM2 Decryption Buffer Overflow (CVE-2021-3711)
o Fixed various read buffer overruns processing ASN.1 strings (CVE-2021-3712)
Major changes between OpenSSL 1.1.1j and OpenSSL 1.1.1k [25 Mar 2021]
o Fixed a problem with verifying a certificate chain when using the
X509_V_FLAG_X509_STRICT flag (CVE-2021-3450)
o Fixed an issue where an OpenSSL TLS server may crash if sent a
maliciously crafted renegotiation ClientHello message from a client
(CVE-2021-3449)
Major changes between OpenSSL 1.1.1i and OpenSSL 1.1.1j [16 Feb 2021]
o Fixed a NULL pointer deref in the X509_issuer_and_serial_hash()
function (CVE-2021-23841)
o Fixed the RSA_padding_check_SSLv23() function and the RSA_SSLV23_PADDING
padding mode to correctly check for rollback attacks
o Fixed an overflow in the EVP_CipherUpdate, EVP_EncryptUpdate and
EVP_DecryptUpdate functions (CVE-2021-23840)
o Fixed SRP_Calc_client_key so that it runs in constant time
Major changes between OpenSSL 1.1.1h and OpenSSL 1.1.1i [8 Dec 2020]
o Fixed NULL pointer deref in GENERAL_NAME_cmp (CVE-2020-1971)
Major changes between OpenSSL 1.1.1g and OpenSSL 1.1.1h [22 Sep 2020]
o Disallow explicit curve parameters in verifications chains when
X509_V_FLAG_X509_STRICT is used
o Enable 'MinProtocol' and 'MaxProtocol' to configure both TLS and DTLS
contexts
o Oracle Developer Studio will start reporting deprecation warnings
Major changes between OpenSSL 1.1.1f and OpenSSL 1.1.1g [21 Apr 2020]
o Fixed segmentation fault in SSL_check_chain() (CVE-2020-1967)
Major changes between OpenSSL 1.1.1e and OpenSSL 1.1.1f [31 Mar 2020]
o Revert the unexpected EOF reporting via SSL_ERROR_SSL
Major changes between OpenSSL 1.1.1d and OpenSSL 1.1.1e [17 Mar 2020]
o Fixed an overflow bug in the x64_64 Montgomery squaring procedure
used in exponentiation with 512-bit moduli (CVE-2019-1551)
o Properly detect unexpected EOF while reading in libssl and report
it via SSL_ERROR_SSL
Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019]
o Fixed a fork protection issue (CVE-2019-1549)
o Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey
(CVE-2019-1563)
o For built-in EC curves, ensure an EC_GROUP built from the curve name is
used even when parsing explicit parameters
o Compute ECC cofactors if not provided during EC_GROUP construction
(CVE-2019-1547)
o Early start up entropy quality from the DEVRANDOM seed source has been
improved for older Linux systems
o Correct the extended master secret constant on EBCDIC systems
o Use Windows installation paths in the mingw builds (CVE-2019-1552)
o Changed DH_check to accept parameters with order q and 2q subgroups
o Significantly reduce secure memory usage by the randomness pools
o Revert the DEVRANDOM_WAIT feature for Linux systems
Major changes between OpenSSL 1.1.1b and OpenSSL 1.1.1c [28 May 2019]
o Prevent over long nonces in ChaCha20-Poly1305 (CVE-2019-1543)
Major changes between OpenSSL 1.1.1a and OpenSSL 1.1.1b [26 Feb 2019]
o Change the info callback signals for the start and end of a post-handshake
message exchange in TLSv1.3.
o Fix a bug in DTLS over SCTP. This breaks interoperability with older versions
of OpenSSL like OpenSSL 1.1.0 and OpenSSL 1.0.2.
Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [20 Nov 2018]
o Timing vulnerability in DSA signature generation (CVE-2018-0734)
o Timing vulnerability in ECDSA signature generation (CVE-2018-0735)
Major changes between OpenSSL 1.1.0h and OpenSSL 1.1.0i [14 Aug 2018]
Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [11 Sep 2018]
o Support for TLSv1.3 added (see https://wiki.openssl.org/index.php/TLS1.3
for further important information). The TLSv1.3 implementation includes:
o Fully compliant implementation of RFC8446 (TLSv1.3) on by default
o Early data (0-RTT)
o Post-handshake authentication and key update
o Middlebox Compatibility Mode
o TLSv1.3 PSKs
o Support for all five RFC8446 ciphersuites
o RSA-PSS signature algorithms (backported to TLSv1.2)
o Configurable session ticket support
o Stateless server support
o Rewrite of the packet construction code for "safer" packet handling
o Rewrite of the extension handling code
o Complete rewrite of the OpenSSL random number generator to introduce the
following capabilities
o The default RAND method now utilizes an AES-CTR DRBG according to
NIST standard SP 800-90Ar1.
o Support for multiple DRBG instances with seed chaining.
o There is a public and private DRBG instance.
o The DRBG instances are fork-safe.
o Keep all global DRBG instances on the secure heap if it is enabled.
o The public and private DRBG instance are per thread for lock free
operation
o Support for various new cryptographic algorithms including:
o SHA3
o SHA512/224 and SHA512/256
o EdDSA (both Ed25519 and Ed448) including X509 and TLS support
o X448 (adding to the existing X25519 support in 1.1.0)
o Multi-prime RSA
o SM2
o SM3
o SM4
o SipHash
o ARIA (including TLS support)
o Significant Side-Channel attack security improvements
o Add a new ClientHello callback to provide the ability to adjust the SSL
object at an early stage.
o Add 'Maximum Fragment Length' TLS extension negotiation and support
o A new STORE module, which implements a uniform and URI based reader of
stores that can contain keys, certificates, CRLs and numerous other
objects.
o Move the display of configuration data to configdata.pm.
o Allow GNU style "make variables" to be used with Configure.
o Claim the namespaces OSSL and OPENSSL, represented as symbol prefixes
o Rewrite of devcrypto engine
Major changes between OpenSSL 1.1.0h and OpenSSL 1.1.0i [under development]
o Client DoS due to large DH parameter (CVE-2018-0732)
o Cache timing vulnerability in RSA Key Generation (CVE-2018-0737)
Major changes between OpenSSL 1.1.0g and OpenSSL 1.1.0h [27 Mar 2018]
Major changes between OpenSSL 1.1.0g and OpenSSL 1.1.0h [under development]
o Constructed ASN.1 types with a recursive definition could exceed the
stack (CVE-2018-0739)
@@ -377,7 +503,7 @@
o Compression memory leak fixed.
o Compression session resumption fixed.
o Ticket and SNI coexistence fixes.
o Many fixes to DTLS handling.
o Many fixes to DTLS handling.
Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l [5 Nov 2009]:
@@ -410,7 +536,7 @@
o Add gcc 4.2 support.
o Add support for AES and SSE2 assembly language optimization
for VC++ build.
o Support for RFC4507bis and server name extensions if explicitly
o Support for RFC4507bis and server name extensions if explicitly
selected at compile time.
o DTLS improvements.
o RFC4507bis support.
@@ -503,7 +629,7 @@
affected functions.
o Improved platform support for PowerPC.
o New FIPS 180-2 algorithms (SHA-224, -256, -384 and -512).
o New X509_VERIFY_PARAM structure to support parametrisation
o New X509_VERIFY_PARAM structure to support parameterisation
of X.509 path validation.
o Major overhaul of RC4 performance on Intel P4, IA-64 and
AMD64.
@@ -542,7 +668,7 @@
Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i [14 Oct 2005]:
o Give EVP_MAX_MD_SIZE it's old value, except for a FIPS build.
o Give EVP_MAX_MD_SIZE its old value, except for a FIPS build.
Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h [11 Oct 2005]:
@@ -590,7 +716,7 @@
Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b [10 Apr 2003]:
o Security: counter the Klima-Pokorny-Rosa extension of
Bleichbacher's attack
Bleichbacher's attack
o Security: make RSA blinding default.
o Configuration: Irix fixes, AIX fixes, better mingw support.
o Support for new platforms: linux-ia64-ecc.
@@ -650,7 +776,7 @@
o SSL/TLS: allow optional cipher choice according to server's preference.
o SSL/TLS: allow server to explicitly set new session ids.
o SSL/TLS: support Kerberos cipher suites (RFC2712).
Only supports MIT Kerberos for now.
Only supports MIT Kerberos for now.
o SSL/TLS: allow more precise control of renegotiations and sessions.
o SSL/TLS: add callback to retrieve SSL/TLS messages.
o SSL/TLS: support AES cipher suites (RFC3268).
@@ -663,7 +789,7 @@
Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j [10 Apr 2003]:
o Security: counter the Klima-Pokorny-Rosa extension of
Bleichbacher's attack
Bleichbacher's attack
o Security: make RSA blinding default.
o Build: shared library support fixes.
@@ -775,7 +901,7 @@
Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a [1 Apr 2000]:
o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8
o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8
o Shared library support for HPUX and Solaris-gcc
o Support of Linux/IA64
o Assembler support for Mingw32
@@ -789,7 +915,7 @@
o Automation of 'req' application
o Fixes to make s_client, s_server work under Windows
o Support for multiple fieldnames in SPKACs
o New SPKAC command line utilty and associated library functions
o New SPKAC command line utility and associated library functions
o Options to allow passwords to be obtained from various sources
o New public key PEM format and options to handle it
o Many other fixes and enhancements to command line utilities
@@ -871,8 +997,7 @@
o Added BIO proxy and filtering functionality
o Extended Big Number (BN) library
o Added RIPE MD160 message digest
o Addeed support for RC2/64bit cipher
o Added support for RC2/64bit cipher
o Extended ASN.1 parser routines
o Adjustations of the source tree for CVS
o Adjustments of the source tree for CVS
o Support for various new platforms

87
NOTES.ANDROID Normal file
View File

@@ -0,0 +1,87 @@
NOTES FOR ANDROID PLATFORMS
===========================
Requirement details
-------------------
Beside basic tools like perl and make you'll need to download the Android
NDK. It's available for Linux, macOS and Windows, but only Linux
version was actually tested. There is no reason to believe that macOS
wouldn't work. And as for Windows, it's unclear which "shell" would be
suitable, MSYS2 might have best chances. NDK version should play lesser
role, the goal is to support a range of most recent versions.
Configuration
-------------
Android is a naturally cross-compiled target and you can't use ./config.
You have to use ./Configure and name your target explicitly; there are
android-arm, android-arm64, android-mips, android-mip64, android-x86
and android-x86_64 (*MIPS targets are no longer supported with NDK R20+).
Do not pass --cross-compile-prefix (as you might be tempted), as it will
be "calculated" automatically based on chosen platform. Though you still
need to know the prefix to extend your PATH, in order to invoke
$(CROSS_COMPILE)clang [*gcc on NDK 19 and lower] and company. (Configure
will fail and give you a hint if you get it wrong.) Apart from PATH
adjustment you need to set ANDROID_NDK_HOME environment to point at the
NDK directory. If you're using a side-by-side NDK the path will look
something like /some/where/android-sdk/ndk/<ver>, and for a standalone
NDK the path will be something like /some/where/android-ndk-<ver>.
Both variables are significant at both configuration and compilation times.
The NDK customarily supports multiple Android API levels, e.g. android-14,
android-21, etc. By default latest API level is chosen. If you need to
target an older platform pass the argument -D__ANDROID_API__=N to Configure,
with N being the numerical value of the target platform version. For example,
to compile for Android 10 arm64 with a side-by-side NDK r20.0.5594570
export ANDROID_NDK_HOME=/home/whoever/Android/android-sdk/ndk/20.0.5594570
PATH=$ANDROID_NDK_HOME/toolchains/llvm/prebuilt/linux-x86_64/bin:$ANDROID_NDK_HOME/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/bin:$PATH
./Configure android-arm64 -D__ANDROID_API__=29
make
Older versions of the NDK have GCC under their common prebuilt tools directory, so the bin path
will be slightly different. EG: to compile for ICS on ARM with NDK 10d:
export ANDROID_NDK_HOME=/some/where/android-ndk-10d
PATH=$ANDROID_NDK_HOME/toolchains/arm-linux-androideabi-4.8/prebuilt/linux-x86_64/bin:$PATH
./Configure android-arm -D__ANDROID_API__=14
make
Caveat lector! Earlier OpenSSL versions relied on additional CROSS_SYSROOT
variable set to $ANDROID_NDK_HOME/platforms/android-<api>/arch-<arch> to
appoint headers-n-libraries' location. It's still recognized in order
to facilitate migration from older projects. However, since API level
appears in CROSS_SYSROOT value, passing -D__ANDROID_API__=N can be in
conflict, and mixing the two is therefore not supported. Migration to
CROSS_SYSROOT-less setup is recommended.
One can engage clang by adjusting PATH to cover same NDK's clang. Just
keep in mind that if you miss it, Configure will try to use gcc...
Also, PATH would need even further adjustment to cover unprefixed, yet
target-specific, ar and ranlib. It's possible that you don't need to
bother, if binutils-multiarch is installed on your Linux system.
Another option is to create so called "standalone toolchain" tailored
for single specific platform including Android API level, and assign its
location to ANDROID_NDK_HOME. In such case you have to pass matching
target name to Configure and shouldn't use -D__ANDROID_API__=N. PATH
adjustment becomes simpler, $ANDROID_NDK_HOME/bin:$PATH suffices.
Running tests (on Linux)
------------------------
This is not actually supported. Notes are meant rather as inspiration.
Even though build output targets alien system, it's possible to execute
test suite on Linux system by employing qemu-user. The trick is static
linking. Pass -static to Configure, then edit generated Makefile and
remove occurrences of -ldl and -pie flags. You would also need to pick
API version that comes with usable static libraries, 42/2=21 used to
work. Once built, you should be able to
env EXE_SHELL=qemu-<arch> make test
If you need to pass additional flag to qemu, quotes are your friend, e.g.
env EXE_SHELL="qemu-mips64el -cpu MIPS64R6-generic" make test

4
NOTES.DJGPP
View File

@@ -1,5 +1,5 @@
INSTALLATION ON THE DOS PLATFORM WITH DJGPP
-------------------------------------------
@@ -29,7 +29,7 @@
running "./Configure" with appropriate arguments:
./Configure no-threads --prefix=/dev/env/DJDIR DJGPP
And finally fire up "make". You may run out of DPMI selectors when
running in a DOS box under Windows. If so, just close the BASH
shell, go back to Windows, and restart BASH. Then run "make" again.

4
NOTES.PERL
View File

@@ -78,7 +78,7 @@
---------------------------------
There are a number of ways to install a perl module. In all
descriptions below, Text::Template will server as an example.
descriptions below, Text::Template will serve as an example.
1. for Linux users, the easiest is to install with the use of your
favorite package manager. Usually, all you need to do is search
@@ -109,7 +109,7 @@
$ cpan -f -i Text::Template
Note: on VMS, you must quote any argument that contains upper case
Note: on VMS, you must quote any argument that contains uppercase
characters, so the lines above would be:
$ cpan -i "Text::Template"

121
NOTES.UNIX
View File

@@ -5,26 +5,113 @@
For Unix/POSIX runtime systems on Windows, please see NOTES.WIN.
Shared libraries and installation in non-standard locations
-----------------------------------------------------------
OpenSSL uses the compiler to link programs and shared libraries
---------------------------------------------------------------
Binaries on Unix variants expect to find shared libraries in standard
locations, such as /usr/lib, /usr/local/lib and some other locations
configured in the system (for example /etc/ld.so.conf on some systems).
If the libraries are installed in non-standard locations, binaries
will not find them and therefore fail to run unless they get a bit of
help from a defined RPATH or RUNPATH. This can be applied by adding
the appropriate linker flags to the configuration command, such as
this (/usr/local/ssl was the default location for OpenSSL installation
in versions before 1.1.0):
OpenSSL's generated Makefile uses the C compiler command line to
link programs, shared libraries and dynamically loadable shared
objects. Because of this, any linking option that's given to the
configuration scripts MUST be in a form that the compiler can accept.
This varies between systems, where some have compilers that accept
linker flags directly, while others take them in '-Wl,' form. You need
to read your compiler documentation to figure out what is acceptable,
and ld(1) to figure out what linker options are available.
Shared libraries and installation in non-default locations
----------------------------------------------------------
Every Unix system has its own set of default locations for shared
libraries, such as /lib, /usr/lib or possibly /usr/local/lib. If
libraries are installed in non-default locations, dynamically linked
binaries will not find them and therefore fail to run, unless they get
a bit of help from a defined runtime shared library search path.
For OpenSSL's application (the 'openssl' command), our configuration
scripts do NOT generally set the runtime shared library search path for
you. It's therefore advisable to set it explicitly when configuring,
unless the libraries are to be installed in directories that you know
to be in the default list.
Runtime shared library search paths are specified with different
linking options depending on operating system and versions thereof, and
are talked about differently in their respective documentation;
variations of RPATH are the most usual (note: ELF systems have two such
tags, more on that below).
Possible options to set the runtime shared library search path include
the following:
-Wl,-rpath,/whatever/path # Linux, *BSD, etc.
-R /whatever/path # Solaris
-Wl,-R,/whatever/path # AIX (-bsvr4 is passed internally)
-Wl,+b,/whatever/path # HP-UX
-rpath /whatever/path # Tru64, IRIX
OpenSSL's configuration scripts recognise all these options and pass
them to the Makefile that they build. (In fact, all arguments starting
with '-Wl,' are recognised as linker options.)
Please do not use verbatim directories in your runtime shared library
search path! Some OpenSSL config targets add an extra directory level
for multilib installations. To help with that, the produced Makefile
includes the variable LIBRPATH, which is a convenience variable to be
used with the runtime shared library search path options, as shown in
this example:
$ ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl \
-Wl,-rpath,/usr/local/ssl/lib
'-Wl,-rpath,$(LIBRPATH)'
Because the actual library location may vary further (for example on
multilib installations), there is a convenience variable in Makefile
that holds the exact installation directory and that can be used like
this:
On modern ELF based systems, there are two runtime search paths tags to
consider, DT_RPATH and DT_RUNPATH. Shared objects are searched for in
this order:
1. Using directories specified in DT_RPATH, unless DT_RUNPATH is
also set.
2. Using the environment variable LD_LIBRARY_PATH
3. Using directories specified in DT_RUNPATH.
4. Using system shared object caches and default directories.
This means that the values in the environment variable LD_LIBRARY_PATH
won't matter if the library is found in the paths given by DT_RPATH
(and DT_RUNPATH isn't set).
Exactly which of DT_RPATH or DT_RUNPATH is set by default appears to
depend on the system. For example, according to documentation,
DT_RPATH appears to be deprecated on Solaris in favor of DT_RUNPATH,
while on Debian GNU/Linux, either can be set, and DT_RPATH is the
default at the time of writing.
How to choose which runtime search path tag is to be set depends on
your system, please refer to ld(1) for the exact information on your
system. As an example, the way to ensure the DT_RUNPATH is set on
Debian GNU/Linux systems rather than DT_RPATH is to tell the linker to
set new dtags, like this:
$ ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl \
-Wl,-rpath,'$(LIBRPATH)'
'-Wl,--enable-new-dtags,-rpath,$(LIBRPATH)'
It might be worth noting that some/most ELF systems implement support
for runtime search path relative to the directory containing current
executable, by interpreting $ORIGIN along with some other internal
variables. Consult your system documentation.
Linking your application
------------------------
Third-party applications dynamically linked with OpenSSL (or any other)
shared library face exactly the same problem with non-default locations.
The OpenSSL config options mentioned above might or might not have bearing
on linking of the target application. "Might" means that under some
circumstances it would be sufficient to link with OpenSSL shared library
"naturally", i.e. with -L/whatever/path -lssl -lcrypto. But there are
also cases when you'd have to explicitly specify runtime search path
when linking your application. Consult your system documentation and use
above section as inspiration...
Shared OpenSSL builds also install static libraries. Linking with the
latter is likely to require special care, because linkers usually look
for shared libraries first and tend to remain "blind" to static OpenSSL
libraries. Referring to system documentation would suffice, if not for
a corner case. On AIX static libraries (in shared build) are named
differently, add _a suffix to link with them, e.g. -lcrypto_a.

42
NOTES.VMS
View File

@@ -18,7 +18,7 @@
An ANSI C compiled is needed among other things. This means that
VAX C is not and will not be supported.
We have only tested with DEC C (a.k.a HP VMS C / VSI C) and require
We have only tested with DEC C (aka HP VMS C / VSI C) and require
version 7.1 or later. Compiling with a different ANSI C compiler may
require some work.
@@ -42,7 +42,7 @@
for now is to rename the OpenSSL source directory, as follows (please
adjust for the actual source directory name you have):
$ rename openssl-1^.1^.0.DIR openssl-1_1_0.DIR
$ rename openssl-1^.1^.0.DIR openssl-1_1_0.DIR
About MMS and DCL
@@ -56,6 +56,32 @@
to use.
About debugging
---------------
If you build for debugging, the default on VMS is that image
activation starts the debugger automatically, giving you a debug
prompt. Unfortunately, this disrupts all other uses, such as running
test programs in the test framework.
Generally speaking, if you build for debugging, only use the programs
directly for debugging. Do not try to use them from a script, such
as running the test suite.
*The following is not available on Alpha*
As a compromise, we're turning off the flag that makes the debugger
start automatically. If there is a program that you need to debug,
you need to turn that flag back on first, for example:
$ set image /flag=call_debug [.test]evp_test.exe
Then just run it and you will find yourself in a debugging session.
When done, we recommend that you turn that flag back off:
$ set image /flag=nocall_debug [.test]evp_test.exe
Checking the distribution
-------------------------
@@ -64,9 +90,9 @@
Unix mount point.
The easiest way to check if everything got through as it should is to
check for one of the following files:
check that this file exists:
[.crypto]opensslconf^.h.in
[.include.openssl]opensslconf^.h.in
The best way to get a correct distribution is to download the gzipped
tar file from ftp://ftp.openssl.org/source/, use GZIP -d to uncompress
@@ -79,3 +105,11 @@
Should you need it, you can find UnZip for VMS here:
http://www.info-zip.org/UnZip.html
How the value of 'arch' is determined
-------------------------------------
'arch' is mentioned in INSTALL. It's value is determined like this:
arch = f$edit( f$getsyi( "arch_name"), "upcase")

157
NOTES.WIN
View File

@@ -2,40 +2,68 @@
NOTES FOR THE WINDOWS PLATFORMS
===============================
Requirement details for native (Visual C++) builds
--------------------------------------------------
Windows targets can be classified as "native", ones that use Windows API
directly, and "hosted" which rely on POSIX-compatible layer. "Native"
targets are VC-* (where "VC" stems from abbreviating Microsoft Visual C
compiler) and mingw[64]. "Hosted" platforms are Cygwin and MSYS[2]. Even
though the latter is not directly supported by OpenSSL Team, it's #1
popular choice for building MinGW targets. In the nutshell MinGW builds
are always cross-compiled. On Linux and Cygwin they look exactly as such
and require --cross-compile-prefix option. While on MSYS[2] it's solved
rather by placing gcc that produces "MinGW binary" code 1st on $PATH.
This is customarily source of confusion. "Hosted" applications "live" in
emulated filesystem name space with POSIX-y root, mount points, /dev
and even /proc. Confusion is intensified by the fact that MSYS2 shell
(or rather emulated execve(2) call) examines the binary it's about to
start, and if it's found *not* to be linked with MSYS2 POSIX-y thing,
command line arguments that look like filenames get translated from
emulated name space to "native". For example '/c/some/where' becomes
'c:\some\where', '/dev/null' - 'nul'. This creates an illusion that
there is no difference between MSYS2 shell and "MinGW binary", but
there is. Just keep in mind that "MinGW binary" "experiences" Windows
system in exactly same way as one produced by VC, and in its essence
is indistinguishable from the latter. (Which by the way is why
it's referred to in quotes here, as "MinGW binary", it's just as
"native" as it can get.)
Visual C++ builds, aka VC-*
==============================
Requirement details
-------------------
In addition to the requirements and instructions listed in INSTALL,
this are required as well:
these are required as well:
- You need Perl. We recommend ActiveState Perl, available from
- Perl. We recommend ActiveState Perl, available from
https://www.activestate.com/ActivePerl. Another viable alternative
appears to be Strawberry Perl, http://strawberryperl.com.
You also need the perl module Text::Template, available on CPAN.
Please read NOTES.PERL for more information.
- You need a C compiler. OpenSSL has been tested to build with these:
- Microsoft Visual C compiler. Since we can't test them all, there is
unavoidable uncertainty about which versions are supported. Latest
version along with couple of previous are certainly supported. On
the other hand oldest one is known not to work. Everything between
falls into best-effort category.
* Visual C++
- Netwide Assembler, aka NASM, available from https://www.nasm.us,
is required. Note that NASM is the only supported assembler. Even
though Microsoft provided assembler is NOT supported, contemporary
64-bit version is exercised through continuous integration of
VC-WIN64A-masm target.
- Netwide Assembler, a.k.a. NASM, available from http://www.nasm.us,
is required if you intend to utilize assembler modules. Note that NASM
is the only supported assembler. The Microsoft provided assembler is NOT
supported.
Visual C++ (native Windows)
---------------------------
Installation directories
------------------------
The default installation directories are derived from environment
variables.
For VC-WIN32, the following defaults are use:
PREFIX: %ProgramFiles(86)%\OpenSSL
OPENSSLDIR: %CommonProgramFiles(86)%\SSL
PREFIX: %ProgramFiles(x86)%\OpenSSL
OPENSSLDIR: %CommonProgramFiles(x86)%\SSL
For VC-WIN64, the following defaults are use:
@@ -55,67 +83,56 @@
is, of course, to choose a different set of directories by using
--prefix and --openssldir when configuring.
GNU C (Cygwin)
--------------
mingw and mingw64
=================
Cygwin implements a Posix/Unix runtime system (cygwin1.dll) on top of the
Windows subsystem and provides a bash shell and GNU tools environment.
Consequently, a make of OpenSSL with Cygwin is virtually identical to the
Unix procedure.
* MSYS2 shell and development environment installation:
To build OpenSSL using Cygwin, you need to:
Download MSYS2 from https://msys2.github.io/ and follow installation
instructions. Once up and running install even make, perl, (git if
needed,) mingw-w64-i686-gcc and/or mingw-w64-x86_64-gcc. You should
have corresponding MinGW items on your start menu, use *them*, not
generic MSYS2. As implied in opening note, difference between them
is which compiler is found 1st on $PATH. At this point ./config
should recognize correct target, roll as if it was Unix...
* Install Cygwin (see https://cygwin.com/)
* It is also possible to build mingw[64] on Linux or Cygwin by
configuring with corresponding --cross-compile-prefix= option. For
example
* Install Cygwin Perl and ensure it is in the path. Recall that
as least 5.10.0 is required.
./Configure mingw --cross-compile-prefix=i686-w64-mingw32- ...
* Run the Cygwin bash shell
or
Apart from that, follow the Unix instructions in INSTALL.
./Configure mingw64 --cross-compile-prefix=x86_64-w64-mingw32- ...
NOTE: "make test" and normal file operations may fail in directories
mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin
stripping of carriage returns. To avoid this ensure that a binary
mount is used, e.g. mount -b c:\somewhere /home.
This naturally implies that you've installed corresponding add-on
packages.
It is also possible to create "conventional" Windows binaries that use
the Microsoft C runtime system (msvcrt.dll or crtdll.dll) using MinGW
development add-on for Cygwin. MinGW is supported even as a standalone
setup as described in the following section. In the context you should
recognize that binaries targeting Cygwin itself are not interchangeable
with "conventional" Windows binaries you generate with/for MinGW.
Independently of the method chosen to build for mingw, the installation
paths are similar to those used when building with VC-* targets, except
that in case the fallbacks mentioned there aren't possible (typically
when cross compiling on Linux), the paths will be the following:
For mingw:
GNU C (MinGW/MSYS)
------------------
PREFIX: C:/Program Files (x86)/OpenSSL
OPENSSLDIR C:/Program Files (x86)/Common Files/SSL
* Compiler and shell environment installation:
MinGW and MSYS are available from http://www.mingw.org/, both are
required. Run the installers and do whatever magic they say it takes
to start MSYS bash shell with GNU tools and matching Perl on its PATH.
"Matching Perl" refers to chosen "shell environment", i.e. if built
under MSYS, then Perl compiled for MSYS must be used.
Alternatively, one can use MSYS2 from https://msys2.github.io/,
which includes MingW (32-bit and 64-bit).
* It is also possible to cross-compile it on Linux by configuring
with './Configure --cross-compile-prefix=i386-mingw32- mingw ...'.
Other possible cross compile prefixes include x86_64-w64-mingw32-
and i686-w64-mingw32-.
For mingw64:
PREFIX: C:/Program Files/OpenSSL
OPENSSLDIR C:/Program Files/Common Files/SSL
Linking your application
------------------------
========================
This section applies to non-Cygwin builds.
This section applies to all "native" builds.
If you link with static OpenSSL libraries then you're expected to
additionally link your application with WS2_32.LIB, GDI32.LIB,
ADVAPI32.LIB, CRYPT32.LIB and USER32.LIB. Those developing
non-interactive service applications might feel concerned about
noninteractive service applications might feel concerned about
linking with GDI32.LIB and USER32.LIB, as they are justly associated
with interactive desktop, which is not available to service
processes. The toolkit is designed to detect in which context it's
@@ -137,3 +154,27 @@
your application code small "shim" snippet, which provides glue between
OpenSSL BIO layer and your compiler run-time. See the OPENSSL_Applink
manual page for further details.
Cygwin, "hosted" environment
============================
Cygwin implements a Posix/Unix runtime system (cygwin1.dll) on top of the
Windows subsystem and provides a bash shell and GNU tools environment.
Consequently, a make of OpenSSL with Cygwin is virtually identical to the
Unix procedure.
To build OpenSSL using Cygwin, you need to:
* Install Cygwin (see https://cygwin.com/)
* Install Cygwin Perl and ensure it is in the path. Recall that
as least 5.10.0 is required.
* Run the Cygwin bash shell
Apart from that, follow the Unix instructions in INSTALL.
NOTE: "make test" and normal file operations may fail in directories
mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin
stripping of carriage returns. To avoid this ensure that a binary
mount is used, e.g. mount -b c:\somewhere /home.

9
README
View File

@@ -1,7 +1,7 @@
OpenSSL 1.1.0j 20 Nov 2018
OpenSSL 1.1.1l 24 Aug 2021
Copyright (c) 1998-2018 The OpenSSL Project
Copyright (c) 1998-2021 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.
@@ -62,14 +62,13 @@
- Download the latest version from the repository
to see if the problem has already been addressed
- Configure with no-asm
- Remove compiler optimisation flags
- Remove compiler optimization flags
If you wish to report a bug then please include the following information
and create an issue on GitHub:
- OpenSSL version: output of 'openssl version -a'
- Any "Configure" options that you selected during compilation of the
library if applicable (see INSTALL)
- Configuration data: output of 'perl configdata.pm --dump'
- OS Name, Version, Hardware platform
- Compiler Details (name, version)
- Application Details (name, version)

61
README.ECC
View File

@@ -1,61 +0,0 @@
NOTE: The OpenSSL Software Foundation has executed a sublicense agreement
entitled "Elliptic Curve Cryptography Patent License Agreement" with the
National Security Agency/ Central Security Service Commercial Solutions
Center (NCSC) dated 2010-11-04. That agreement permits implementation and
distribution of software containing features covered by any or all of the
following patents:
1.) U.S. Pat. No. 5,761,305 entitled "Key Agreement and Transport Protocol
with Implicit Signatures" issued on June 2, 1998;
2.) Can. Pat. Appl. Ser. No. 2176972 entitled "Key Agreement and Transport
Protocol with Implicit Signature and Reduced Bandwidth" filed on May
16, 1996;
3.) U.S. Pat. No. 5,889,865 entitled "Key Agreement and Transport Protocol
with Implicit Signatures" issued on March 30, 1999;
4.) U.S. Pat. No. 5,896,455 entitled "Key Agreement and Transport Protocol
with Implicit Signatures" issued on April 20, 1999;
5.) U.S. Pat. No. 5,933,504 entitled "Strengthened Public Key Protocol"
issued on August 3, 1999;
6.) Can. Pat. Appl. Ser. No. 2176866 entitled "Strengthened Public Key
Protocol" filed on May 17, 1996;
7.) E.P. Pat. Appl. Ser. No. 96201322.3 entitled "Strengthened Public Key
Protocol" filed on May 17, 1996;
8.) U.S. Pat. No. 5,999,626 entitled "Digital Signatures on a Smartcard"
issued on December 7, 1999;
9.) Can. Pat. Appl. Ser. No. 2202566 entitled "Digital Signatures on a
Smartcard" filed on April 14, 1997;
10.) E.P. Pat. Appl. No. 97106114.8 entitled "Digital Signatures on a
Smartcard" filed on April 15, 1997;
11.) U.S Pat. No. 6,122,736 entitled "Key Agreement and Transport Protocol
with Implicit Signatures" issued on September 19, 2000;
12.) Can. Pat. Appl. Ser. No. 2174261 entitled "Key Agreement and Transport
Protocol with Implicit Signatures" filed on April 16, 1996;
13.) E.P. Pat. Appl. Ser. No. 96105920.1 entitled "Key Agreement and
Transport Protocol with Implicit Signatures" filed on April 16, 1996;
14.) U.S. Pat. No. 6,141,420 entitled "Elliptic Curve Encryption Systems"
issued on October 31, 2000;
15.) Can. Pat. Appl. Ser. No. 2155038 entitled "Elliptic Curve Encryption
Systems" filed on July 31, 1995;
16.) E.P. Pat. Appl. Ser. No. 95926348.4 entitled "Elliptic Curve Encryption
Systems" filed on July 31, 1995;
17.) U.S. Pat. No. 6,336,188 entitled "Authenticated Key Agreement" issued
on January 1, 2002;
18.) U.S. Pat. No. 6,487,661 entitled "Key Agreement and Transport Protocol"
issued on November 26, 2002;
19.) Can. Pat. Appl. Ser. No. 2174260 entitled "Key Agreement and Transport
Protocol" filed on April 16, 1996;
20.) E.P. Pat. Appl. Ser. No. 96105921.9 entitled "Key Agreement and
Transport Protocol" filed on April 21, 1996;
21.) U.S. Pat. No. 6,563,928 entitled "Strengthened Public Key Protocol"
issued on May 13, 2003;
22.) U.S. Pat. No. 6,618,483 entitled "Elliptic Curve Encryption Systems"
issued September 9, 2003;
23.) U.S. Pat. Appl. Ser. No. 09/434,247 entitled "Digital Signatures on a
Smartcard" filed on November 5, 1999;
24.) U.S. Pat. Appl. Ser. No. 09/558,256 entitled "Key Agreement and
Transport Protocol with Implicit Signatures" filed on April 25, 2000;
25.) U.S. Pat. Appl. Ser. No. 09/942,492 entitled "Digital Signatures on a
Smartcard" filed on August 29, 2001 and published on July 18, 2002; and,
26.) U.S. Pat. Appl. Ser. No. 10/185,735 entitled "Strengthened Public Key
Protocol" filed on July 1, 2000.

1
README.ENGINE
View File

@@ -13,7 +13,6 @@
There are currently built-in ENGINE implementations for the following
crypto devices:
o Cryptodev
o Microsoft CryptoAPI
o VIA Padlock
o nCipher CHIL

2
README.md Normal file
View File

@@ -0,0 +1,2 @@
# cpython-source-deps
Source for packages that the cpython build process depends on

3
VMS/engine.opt
View File

@@ -1,2 +1,3 @@
CASE_SENSITIVE=YES
SYMBOL_VECTOR=(bind_engine=PROCEDURE,v_check=PROCEDURE)
SYMBOL_VECTOR=(BIND_ENGINE=PROCEDURE,V_CHECK=PROCEDURE,-
bind_engine/BIND_ENGINE=PROCEDURE,v_check/V_CHECK=PROCEDURE)

19
VMS/msg_install.com Normal file
View File

@@ -0,0 +1,19 @@
$ ! Used by the main descrip.mms to print the installation complete
$ ! message.
$ ! Arguments:
$ ! P1 startup / setup / shutdown scripts directory
$ ! P2 distinguishing version number ("major version")
$
$ systartup = p1
$ osslver = p2
$
$ WRITE SYS$OUTPUT "Installation complete"
$ WRITE SYS$OUTPUT ""
$ WRITE SYS$OUTPUT "The following commands need to be executed to enable you to use OpenSSL:"
$ WRITE SYS$OUTPUT ""
$ WRITE SYS$OUTPUT "- to set up OpenSSL logical names:"
$ WRITE SYS$OUTPUT " @''systartup'openssl_startup''osslver'"
$ WRITE SYS$OUTPUT ""
$ WRITE SYS$OUTPUT "- to define the OpenSSL command"
$ WRITE SYS$OUTPUT " @''systartup'openssl_utils''osslver'"
$ WRITE SYS$OUTPUT ""

37
VMS/msg_staging.com Normal file
View File

@@ -0,0 +1,37 @@
$ ! Used by the main descrip.mms to print the statging installation
$ ! complete
$ ! message.
$ ! Arguments:
$ ! P1 staging software installation directory
$ ! P2 staging data installation directory
$ ! P3 final software installation directory
$ ! P4 final data installation directory
$ ! P5 startup / setup / shutdown scripts directory
$ ! P6 distinguishing version number ("major version")
$
$ staging_instdir = p1
$ staging_datadir = p2
$ final_instdir = p3
$ final_datadir = p4
$ systartup = p5
$ osslver = p6
$
$ WRITE SYS$OUTPUT "Staging installation complete"
$ WRITE SYS$OUTPUT ""
$ WRITE SYS$OUTPUT "Finish or package in such a way that the contents of the following directory"
$ WRITE SYS$OUTPUT "trees end up being copied:"
$ WRITE SYS$OUTPUT ""
$ WRITE SYS$OUTPUT "- from ", staging_instdir
$ WRITE SYS$OUTPUT " to ", final_instdir
$ WRITE SYS$OUTPUT "- from ", staging_datadir
$ WRITE SYS$OUTPUT " to ", final_datadir
$ WRITE SYS$OUTPUT ""
$ WRITE SYS$OUTPUT "When in its final destination, the following commands need to be executed"
$ WRITE SYS$OUTPUT "to use OpenSSL:"
$ WRITE SYS$OUTPUT ""
$ WRITE SYS$OUTPUT "- to set up OpenSSL logical names:"
$ WRITE SYS$OUTPUT " @''systartup'openssl_startup''osslver'"
$ WRITE SYS$OUTPUT ""
$ WRITE SYS$OUTPUT "- to define the OpenSSL command"
$ WRITE SYS$OUTPUT " @''systartup'openssl_utils''osslver'"
$ WRITE SYS$OUTPUT ""

2
VMS/openssl_shutdown.com.in
View File

@@ -26,7 +26,7 @@ $ ENDIF
$
$ ! Abbrevs
$ DEAS := DEASSIGN /NOLOG 'P1'
$ sv := {- sprintf "%02d%02d", $config{shlib_major}, $config{shlib_minor} -}
$ sv := {- sprintf "%02d%02d", split m|\.|, $config{shlib_version_number} -}
$ pz := {- $config{pointer_size} -}
$
$ DEAS OSSL$DATAROOT

2
VMS/openssl_startup.com.in
View File

@@ -88,7 +88,7 @@ $
$ ! Abbrevs
$ DEFT := DEFINE /TRANSLATION=CONCEALED /NOLOG 'P1'
$ DEF := DEFINE /NOLOG 'P1'
$ sv := {- sprintf "%02d%02d", $config{shlib_major}, $config{shlib_minor} -}
$ sv := {- sprintf "%02d%02d", split m|\.|, $config{shlib_version_number} -}
$ pz := {- $config{pointer_size} -}
$
$ DEFT OSSL$DATAROOT 'OPENSSLDIR_']

64
apps/CA.pl.in
View File

@@ -1,5 +1,5 @@
#!{- $config{hashbangperl} -}
# Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
#!{- $config{HASHBANGPERL} -}
# Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -46,8 +46,25 @@ my $NEWCERT = "newcert.pem";
my $NEWP12 = "newcert.p12";
my $RET = 0;
my $WHAT = shift @ARGV || "";
my @OPENSSL_CMDS = ("req", "ca", "pkcs12", "x509", "verify");
my %EXTRA = extra_args(\@ARGV, "-extra-");
my $FILE;
sub extra_args {
my ($args_ref, $arg_prefix) = @_;
my %eargs = map {
if ($_ < $#$args_ref) {
my ($arg, $value) = splice(@$args_ref, $_, 2);
$arg =~ s/$arg_prefix//;
($arg, $value);
} else {
();
}
} reverse grep($$args_ref[$_] =~ /$arg_prefix/, 0..$#$args_ref);
my %empty = map { ($_, "") } @OPENSSL_CMDS;
return (%empty, %eargs);
}
# See if reason for a CRL entry is valid; exit if not.
sub crl_reason_ok
{
@@ -96,22 +113,23 @@ sub run
if ( $WHAT =~ /^(-\?|-h|-help)$/ ) {
print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-signcert|-verify\n";
print STDERR " CA -pkcs12 [certname]\n";
print STDERR " CA -crl|-revoke cert-filename [reason]\n";
print STDERR "usage: CA.pl -newcert | -newreq | -newreq-nodes | -xsign | -sign | -signCA | -signcert | -crl | -newca [-extra-cmd extra-params]\n";
print STDERR " CA.pl -pkcs12 [-extra-pkcs12 extra-params] [certname]\n";
print STDERR " CA.pl -verify [-extra-verify extra-params] certfile ...\n";
print STDERR " CA.pl -revoke [-extra-ca extra-params] certfile [reason]\n";
exit 0;
}
if ($WHAT eq '-newcert' ) {
# create a certificate
$RET = run("$REQ -new -x509 -keyout $NEWKEY -out $NEWCERT $DAYS");
$RET = run("$REQ -new -x509 -keyout $NEWKEY -out $NEWCERT $DAYS $EXTRA{req}");
print "Cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0;
} elsif ($WHAT eq '-newreq' ) {
} elsif ($WHAT eq '-precert' ) {
# create a pre-certificate
$RET = run("$REQ -x509 -precert -keyout $NEWKEY -out $NEWCERT $DAYS");
print "Pre-cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0;
} elsif ($WHAT =~ /^\-newreq(\-nodes)?$/ ) {
# create a certificate request
$RET = run("$REQ -new -keyout $NEWKEY -out $NEWREQ $DAYS");
print "Request is in $NEWREQ, private key is in $NEWKEY\n" if $RET == 0;
} elsif ($WHAT eq '-newreq-nodes' ) {
# create a certificate request
$RET = run("$REQ -new -nodes -keyout $NEWKEY -out $NEWREQ $DAYS");
$RET = run("$REQ -new $1 -keyout $NEWKEY -out $NEWREQ $DAYS $EXTRA{req}");
print "Request is in $NEWREQ, private key is in $NEWKEY\n" if $RET == 0;
} elsif ($WHAT eq '-newca' ) {
# create the directory hierarchy
@@ -136,11 +154,11 @@ if ($WHAT eq '-newcert' ) {
print "Making CA certificate ...\n";
$RET = run("$REQ -new -keyout"
. " ${CATOP}/private/$CAKEY"
. " -out ${CATOP}/$CAREQ");
. " -out ${CATOP}/$CAREQ $EXTRA{req}");
$RET = run("$CA -create_serial"
. " -out ${CATOP}/$CACERT $CADAYS -batch"
. " -keyfile ${CATOP}/private/$CAKEY -selfsign"
. " -extensions v3_ca"
. " -extensions v3_ca $EXTRA{ca}"
. " -infiles ${CATOP}/$CAREQ") if $RET == 0;
print "CA certificate is in ${CATOP}/$CACERT\n" if $RET == 0;
}
@@ -150,32 +168,32 @@ if ($WHAT eq '-newcert' ) {
$RET = run("$PKCS12 -in $NEWCERT -inkey $NEWKEY"
. " -certfile ${CATOP}/$CACERT"
. " -out $NEWP12"
. " -export -name \"$cname\"");
. " -export -name \"$cname\" $EXTRA{pkcs12}");
print "PKCS #12 file is in $NEWP12\n" if $RET == 0;
} elsif ($WHAT eq '-xsign' ) {
$RET = run("$CA -policy policy_anything -infiles $NEWREQ");
$RET = run("$CA -policy policy_anything $EXTRA{ca} -infiles $NEWREQ");
} elsif ($WHAT eq '-sign' ) {
$RET = run("$CA -policy policy_anything -out $NEWCERT -infiles $NEWREQ");
$RET = run("$CA -policy policy_anything -out $NEWCERT $EXTRA{ca} -infiles $NEWREQ");
print "Signed certificate is in $NEWCERT\n" if $RET == 0;
} elsif ($WHAT eq '-signCA' ) {
$RET = run("$CA -policy policy_anything -out $NEWCERT"
. " -extensions v3_ca -infiles $NEWREQ");
. " -extensions v3_ca $EXTRA{ca} -infiles $NEWREQ");
print "Signed CA certificate is in $NEWCERT\n" if $RET == 0;
} elsif ($WHAT eq '-signcert' ) {
$RET = run("$X509 -x509toreq -in $NEWREQ -signkey $NEWREQ"
. " -out tmp.pem");
. " -out tmp.pem $EXTRA{x509}");
$RET = run("$CA -policy policy_anything -out $NEWCERT"
. " -infiles tmp.pem") if $RET == 0;
. "$EXTRA{ca} -infiles tmp.pem") if $RET == 0;
print "Signed certificate is in $NEWCERT\n" if $RET == 0;
} elsif ($WHAT eq '-verify' ) {
my @files = @ARGV ? @ARGV : ( $NEWCERT );
my $file;
foreach $file (@files) {
my $status = run("$VERIFY \"-CAfile\" ${CATOP}/$CACERT $file");
my $status = run("$VERIFY \"-CAfile\" ${CATOP}/$CACERT $file $EXTRA{verify}");
$RET = $status if $status != 0;
}
} elsif ($WHAT eq '-crl' ) {
$RET = run("$CA -gencrl -out ${CATOP}/crl/$CACRL");
$RET = run("$CA -gencrl -out ${CATOP}/crl/$CACRL $EXTRA{ca}");
print "Generated CRL is in ${CATOP}/crl/$CACRL\n" if $RET == 0;
} elsif ($WHAT eq '-revoke' ) {
my $cname = $ARGV[0];
@@ -186,7 +204,7 @@ if ($WHAT eq '-newcert' ) {
my $reason = $ARGV[1];
$reason = " -crl_reason $reason"
if defined $reason && crl_reason_ok($reason);
$RET = run("$CA -revoke \"$cname\"" . $reason);
$RET = run("$CA -revoke \"$cname\"" . $reason . $EXTRA{ca});
} else {
print STDERR "Unknown arg \"$WHAT\"\n";
print STDERR "Use -help for help.\n";

136
apps/app_rand.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -9,107 +9,85 @@
#include "apps.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#include <openssl/conf.h>
static int seeded = 0;
static int egdsocket = 0;
static char *save_rand_file;
int app_RAND_load_file(const char *file, int dont_warn)
void app_RAND_load_conf(CONF *c, const char *section)
{
int consider_randfile = (file == NULL);
char buffer[200];
const char *randfile = NCONF_get_string(c, section, "RANDFILE");
if (file == NULL)
file = RAND_file_name(buffer, sizeof(buffer));
#ifndef OPENSSL_NO_EGD
else if (RAND_egd(file) > 0) {
/*
* we try if the given filename is an EGD socket. if it is, we don't
* write anything back to the file.
*/
egdsocket = 1;
return 1;
if (randfile == NULL) {
ERR_clear_error();
return;
}
#endif
if (file == NULL || !RAND_load_file(file, -1)) {
if (RAND_status() == 0) {
if (!dont_warn) {
BIO_printf(bio_err, "unable to load 'random state'\n");
BIO_printf(bio_err,
"This means that the random number generator has not been seeded\n");
BIO_printf(bio_err, "with much random data.\n");
if (consider_randfile) { /* explanation does not apply when a
* file is explicitly named */
BIO_printf(bio_err,
"Consider setting the RANDFILE environment variable to point at a file that\n");
BIO_printf(bio_err,
"'random' data can be kept in (the file will be overwritten).\n");
}
}
return 0;
}
if (RAND_load_file(randfile, -1) < 0) {
BIO_printf(bio_err, "Can't load %s into RNG\n", randfile);
ERR_print_errors(bio_err);
}
seeded = 1;
return 1;
if (save_rand_file == NULL)
save_rand_file = OPENSSL_strdup(randfile);
}
long app_RAND_load_files(char *name)
static int loadfiles(char *name)
{
char *p, *n;
int last;
long tot = 0;
#ifndef OPENSSL_NO_EGD
int egd;
#endif
char *p;
int last, ret = 1;
for (;;) {
for ( ; ; ) {
last = 0;
for (p = name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++) ;
for (p = name; *p != '\0' && *p != LIST_SEPARATOR_CHAR; p++)
continue;
if (*p == '\0')
last = 1;
*p = '\0';
n = name;
name = p + 1;
if (*n == '\0')
break;
#ifndef OPENSSL_NO_EGD
egd = RAND_egd(n);
if (egd > 0)
tot += egd;
else
#endif
tot += RAND_load_file(n, -1);
if (RAND_load_file(name, -1) < 0) {
BIO_printf(bio_err, "Can't load %s into RNG\n", name);
ERR_print_errors(bio_err);
ret = 0;
}
if (last)
break;
name = p + 1;
if (*name == '\0')
break;
}
if (tot > 512)
app_RAND_allow_write_file();
return (tot);
return ret;
}
int app_RAND_write_file(const char *file)
void app_RAND_write(void)
{
char buffer[200];
if (save_rand_file == NULL)
return;
if (RAND_write_file(save_rand_file) == -1) {
BIO_printf(bio_err, "Cannot write random bytes:\n");
ERR_print_errors(bio_err);
}
OPENSSL_free(save_rand_file);
save_rand_file = NULL;
}
if (egdsocket || !seeded)
/*
* If we did not manage to read the seed file, we should not write a
* low-entropy seed file back -- it would suppress a crucial warning
* the next time we want to use it.
*/
return 0;
if (file == NULL)
file = RAND_file_name(buffer, sizeof(buffer));
if (file == NULL || !RAND_write_file(file)) {
BIO_printf(bio_err, "unable to write 'random state'\n");
return 0;
/*
* See comments in opt_verify for explanation of this.
*/
enum r_range { OPT_R_ENUM };
int opt_rand(int opt)
{
switch ((enum r_range)opt) {
case OPT_R__FIRST:
case OPT_R__LAST:
break;
case OPT_R_RAND:
return loadfiles(opt_arg());
break;
case OPT_R_WRITERAND:
OPENSSL_free(save_rand_file);
save_rand_file = OPENSSL_strdup(opt_arg());
break;
}
return 1;
}
void app_RAND_allow_write_file(void)
{
seeded = 1;
}

410
apps/apps.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -40,7 +40,6 @@
#endif
#include <openssl/bn.h>
#include <openssl/ssl.h>
#include "s_apps.h"
#include "apps.h"
#ifdef _WIN32
@@ -48,15 +47,22 @@ static int WIN32_rename(const char *from, const char *to);
# define rename(from,to) WIN32_rename((from),(to))
#endif
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
# include <conio.h>
#endif
#if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32)
# define _kbhit kbhit
#endif
typedef struct {
const char *name;
unsigned long flag;
unsigned long mask;
} NAME_EX_TBL;
#if !defined(OPENSSL_NO_UI) || !defined(OPENSSL_NO_ENGINE)
static UI_METHOD *ui_method = NULL;
#endif
static const UI_METHOD *ui_fallback_method = NULL;
static int set_table_opts(unsigned long *flags, const char *arg,
const NAME_EX_TBL * in_tbl);
@@ -110,13 +116,13 @@ int chopup_args(ARGS *arg, char *buf)
}
}
arg->argv[arg->argc] = NULL;
return (1);
return 1;
}
#ifndef APP_INIT
int app_init(long mesgwin)
{
return (1);
return 1;
}
#endif
@@ -138,41 +144,55 @@ int ctx_set_verify_locations(SSL_CTX *ctx, const char *CAfile,
int ctx_set_ctlog_list_file(SSL_CTX *ctx, const char *path)
{
if (path == NULL) {
if (path == NULL)
return SSL_CTX_set_default_ctlog_list_file(ctx);
}
return SSL_CTX_set_ctlog_list_file(ctx, path);
}
#endif
static unsigned long nmflag = 0;
static char nmflag_set = 0;
int set_nameopt(const char *arg)
{
int ret = set_name_ex(&nmflag, arg);
if (ret)
nmflag_set = 1;
return ret;
}
unsigned long get_nameopt(void)
{
return (nmflag_set) ? nmflag : XN_FLAG_ONELINE;
}
int dump_cert_text(BIO *out, X509 *x)
{
char *p;
p = X509_NAME_oneline(X509_get_subject_name(x), NULL, 0);
BIO_puts(out, "subject=");
BIO_puts(out, p);
OPENSSL_free(p);
p = X509_NAME_oneline(X509_get_issuer_name(x), NULL, 0);
BIO_puts(out, "\nissuer=");
BIO_puts(out, p);
print_name(out, "subject=", X509_get_subject_name(x), get_nameopt());
BIO_puts(out, "\n");
print_name(out, "issuer=", X509_get_issuer_name(x), get_nameopt());
BIO_puts(out, "\n");
OPENSSL_free(p);
return 0;
}
#ifndef OPENSSL_NO_UI
static int ui_open(UI *ui)
{
return UI_method_get_opener(UI_OpenSSL())(ui);
int (*opener)(UI *ui) = UI_method_get_opener(ui_fallback_method);
if (opener)
return opener(ui);
return 1;
}
static int ui_read(UI *ui, UI_STRING *uis)
{
int (*reader)(UI *ui, UI_STRING *uis) = NULL;
if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
&& UI_get0_user_data(ui)) {
switch (UI_get_string_type(uis)) {
@@ -186,15 +206,25 @@ static int ui_read(UI *ui, UI_STRING *uis)
return 1;
}
}
default:
break;
case UIT_NONE:
case UIT_BOOLEAN:
case UIT_INFO:
case UIT_ERROR:
break;
}
}
return UI_method_get_reader(UI_OpenSSL())(ui, uis);
reader = UI_method_get_reader(ui_fallback_method);
if (reader)
return reader(ui, uis);
return 1;
}
static int ui_write(UI *ui, UI_STRING *uis)
{
int (*writer)(UI *ui, UI_STRING *uis) = NULL;
if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
&& UI_get0_user_data(ui)) {
switch (UI_get_string_type(uis)) {
@@ -206,20 +236,36 @@ static int ui_write(UI *ui, UI_STRING *uis)
if (password && password[0] != '\0')
return 1;
}
default:
break;
case UIT_NONE:
case UIT_BOOLEAN:
case UIT_INFO:
case UIT_ERROR:
break;
}
}
return UI_method_get_writer(UI_OpenSSL())(ui, uis);
writer = UI_method_get_writer(ui_fallback_method);
if (writer)
return writer(ui, uis);
return 1;
}
static int ui_close(UI *ui)
{
return UI_method_get_closer(UI_OpenSSL())(ui);
int (*closer)(UI *ui) = UI_method_get_closer(ui_fallback_method);
if (closer)
return closer(ui);
return 1;
}
int setup_ui_method(void)
{
ui_fallback_method = UI_null();
#ifndef OPENSSL_NO_UI_CONSOLE
ui_fallback_method = UI_OpenSSL();
#endif
ui_method = UI_create_method("OpenSSL application user interface");
UI_method_set_opener(ui_method, ui_open);
UI_method_set_reader(ui_method, ui_read);
@@ -235,24 +281,18 @@ void destroy_ui_method(void)
ui_method = NULL;
}
}
#endif
const UI_METHOD *get_ui_method(void)
{
return ui_method;
}
int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
{
int res = 0;
#ifndef OPENSSL_NO_UI
UI *ui = NULL;
#endif
PW_CB_DATA *cb_data = (PW_CB_DATA *)cb_tmp;
#ifdef OPENSSL_NO_UI
if (cb_data != NULL && cb_data->password != NULL) {
res = strlen(cb_data->password);
if (res > bufsiz)
res = bufsiz;
memcpy(buf, cb_data->password, res);
}
#else
ui = UI_new_method(ui_method);
if (ui) {
int ok = 0;
@@ -276,9 +316,9 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
/* We know that there is no previous user data to return to us */
(void)UI_add_user_data(ui, cb_data);
if (ok >= 0)
ok = UI_add_input_string(ui, prompt, ui_flags, buf,
PW_MIN_LENGTH, bufsiz - 1);
ok = UI_add_input_string(ui, prompt, ui_flags, buf,
PW_MIN_LENGTH, bufsiz - 1);
if (ok >= 0 && verify) {
buff = app_malloc(bufsiz, "password buffer");
ok = UI_add_verify_string(ui, prompt, ui_flags, buff,
@@ -287,8 +327,7 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
if (ok >= 0)
do {
ok = UI_process(ui);
}
while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
} while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
OPENSSL_clear_free(buff, (unsigned int)bufsiz);
@@ -308,7 +347,6 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
UI_free(ui);
OPENSSL_free(prompt);
}
#endif
return res;
}
@@ -317,22 +355,24 @@ static char *app_get_pass(const char *arg, int keepbio);
int app_passwd(const char *arg1, const char *arg2, char **pass1, char **pass2)
{
int same;
if (!arg2 || !arg1 || strcmp(arg1, arg2))
if (arg2 == NULL || arg1 == NULL || strcmp(arg1, arg2))
same = 0;
else
same = 1;
if (arg1) {
if (arg1 != NULL) {
*pass1 = app_get_pass(arg1, same);
if (!*pass1)
if (*pass1 == NULL)
return 0;
} else if (pass1)
} else if (pass1 != NULL) {
*pass1 = NULL;
if (arg2) {
}
if (arg2 != NULL) {
*pass2 = app_get_pass(arg2, same ? 2 : 0);
if (!*pass2)
if (*pass2 == NULL)
return 0;
} else if (pass2)
} else if (pass2 != NULL) {
*pass2 = NULL;
}
return 1;
}
@@ -346,16 +386,16 @@ static char *app_get_pass(const char *arg, int keepbio)
return OPENSSL_strdup(arg + 5);
if (strncmp(arg, "env:", 4) == 0) {
tmp = getenv(arg + 4);
if (!tmp) {
if (tmp == NULL) {
BIO_printf(bio_err, "Can't read environment variable %s\n", arg + 4);
return NULL;
}
return OPENSSL_strdup(tmp);
}
if (!keepbio || !pwdbio) {
if (!keepbio || pwdbio == NULL) {
if (strncmp(arg, "file:", 5) == 0) {
pwdbio = BIO_new_file(arg + 5, "r");
if (!pwdbio) {
if (pwdbio == NULL) {
BIO_printf(bio_err, "Can't open file %s\n", arg + 5);
return NULL;
}
@@ -404,12 +444,12 @@ static char *app_get_pass(const char *arg, int keepbio)
return NULL;
}
tmp = strchr(tpass, '\n');
if (tmp)
if (tmp != NULL)
*tmp = 0;
return OPENSSL_strdup(tpass);
}
static CONF *app_load_config_(BIO *in, const char *filename)
CONF *app_load_config_bio(BIO *in, const char *filename)
{
long errorline = -1;
CONF *conf;
@@ -420,15 +460,21 @@ static CONF *app_load_config_(BIO *in, const char *filename)
if (i > 0)
return conf;
if (errorline <= 0)
BIO_printf(bio_err, "%s: Can't load config file \"%s\"\n",
opt_getprog(), filename);
if (errorline <= 0) {
BIO_printf(bio_err, "%s: Can't load ", opt_getprog());
} else {
BIO_printf(bio_err, "%s: Error on line %ld of ", opt_getprog(),
errorline);
}
if (filename != NULL)
BIO_printf(bio_err, "config file \"%s\"\n", filename);
else
BIO_printf(bio_err, "%s: Error on line %ld of config file \"%s\"\n",
opt_getprog(), errorline, filename);
BIO_printf(bio_err, "config input");
NCONF_free(conf);
return NULL;
}
CONF *app_load_config(const char *filename)
{
BIO *in;
@@ -438,10 +484,11 @@ CONF *app_load_config(const char *filename)
if (in == NULL)
return NULL;
conf = app_load_config_(in, filename);
conf = app_load_config_bio(in, filename);
BIO_free(in);
return conf;
}
CONF *app_load_config_quiet(const char *filename)
{
BIO *in;
@@ -451,7 +498,7 @@ CONF *app_load_config_quiet(const char *filename)
if (in == NULL)
return NULL;
conf = app_load_config_(in, filename);
conf = app_load_config_bio(in, filename);
BIO_free(in);
return conf;
}
@@ -515,9 +562,9 @@ static int load_pkcs12(BIO *in, const char *desc,
goto die;
}
/* See if an empty password will do */
if (PKCS12_verify_mac(p12, "", 0) || PKCS12_verify_mac(p12, NULL, 0))
if (PKCS12_verify_mac(p12, "", 0) || PKCS12_verify_mac(p12, NULL, 0)) {
pass = "";
else {
} else {
if (!pem_cb)
pem_cb = (pem_password_cb *)password_callback;
len = pem_cb(tpass, PEM_BUFSIZE, 0, cb_data);
@@ -578,8 +625,7 @@ static int load_cert_crl_http(const char *url, X509 **pcert, X509_CRL **pcrl)
OPENSSL_free(host);
OPENSSL_free(path);
OPENSSL_free(port);
if (bio)
BIO_free_all(bio);
BIO_free_all(bio);
OCSP_REQ_CTX_free(rctx);
if (rv != 1) {
BIO_printf(bio_err, "Error loading %s from %s\n",
@@ -605,17 +651,18 @@ X509 *load_cert(const char *file, int format, const char *cert_descrip)
if (file == NULL) {
unbuffer(stdin);
cert = dup_bio_in(format);
} else
} else {
cert = bio_open_default(file, 'r', format);
}
if (cert == NULL)
goto end;
if (format == FORMAT_ASN1)
if (format == FORMAT_ASN1) {
x = d2i_X509_bio(cert, NULL);
else if (format == FORMAT_PEM)
} else if (format == FORMAT_PEM) {
x = PEM_read_bio_X509_AUX(cert, NULL,
(pem_password_cb *)password_callback, NULL);
else if (format == FORMAT_PKCS12) {
} else if (format == FORMAT_PKCS12) {
if (!load_pkcs12(cert, cert_descrip, NULL, NULL, NULL, &x, NULL))
goto end;
} else {
@@ -628,7 +675,7 @@ X509 *load_cert(const char *file, int format, const char *cert_descrip)
ERR_print_errors(bio_err);
}
BIO_free(cert);
return (x);
return x;
}
X509_CRL *load_crl(const char *infile, int format)
@@ -646,11 +693,11 @@ X509_CRL *load_crl(const char *infile, int format)
in = bio_open_default(infile, 'r', format);
if (in == NULL)
goto end;
if (format == FORMAT_ASN1)
if (format == FORMAT_ASN1) {
x = d2i_X509_CRL_bio(in, NULL);
else if (format == FORMAT_PEM)
} else if (format == FORMAT_PEM) {
x = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
else {
} else {
BIO_printf(bio_err, "bad input format specified for input crl\n");
goto end;
}
@@ -662,7 +709,7 @@ X509_CRL *load_crl(const char *infile, int format)
end:
BIO_free(in);
return (x);
return x;
}
EVP_PKEY *load_key(const char *file, int format, int maybe_stdin,
@@ -680,9 +727,9 @@ EVP_PKEY *load_key(const char *file, int format, int maybe_stdin,
goto end;
}
if (format == FORMAT_ENGINE) {
if (e == NULL)
if (e == NULL) {
BIO_printf(bio_err, "no engine specified\n");
else {
} else {
#ifndef OPENSSL_NO_ENGINE
if (ENGINE_init(e)) {
pkey = ENGINE_load_private_key(e, file, ui_method, &cb_data);
@@ -701,8 +748,9 @@ EVP_PKEY *load_key(const char *file, int format, int maybe_stdin,
if (file == NULL && maybe_stdin) {
unbuffer(stdin);
key = dup_bio_in(format);
} else
} else {
key = bio_open_default(file, 'r', format);
}
if (key == NULL)
goto end;
if (format == FORMAT_ASN1) {
@@ -711,21 +759,19 @@ EVP_PKEY *load_key(const char *file, int format, int maybe_stdin,
pkey = PEM_read_bio_PrivateKey(key, NULL,
(pem_password_cb *)password_callback,
&cb_data);
}
else if (format == FORMAT_PKCS12) {
} else if (format == FORMAT_PKCS12) {
if (!load_pkcs12(key, key_descrip,
(pem_password_cb *)password_callback, &cb_data,
&pkey, NULL, NULL))
goto end;
}
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) && !defined (OPENSSL_NO_RC4)
else if (format == FORMAT_MSBLOB)
} else if (format == FORMAT_MSBLOB) {
pkey = b2i_PrivateKey_bio(key);
else if (format == FORMAT_PVK)
} else if (format == FORMAT_PVK) {
pkey = b2i_PVK_bio(key, (pem_password_cb *)password_callback,
&cb_data);
#endif
else {
} else {
BIO_printf(bio_err, "bad input format specified for key file\n");
goto end;
}
@@ -735,7 +781,7 @@ EVP_PKEY *load_key(const char *file, int format, int maybe_stdin,
BIO_printf(bio_err, "unable to load %s\n", key_descrip);
ERR_print_errors(bio_err);
}
return (pkey);
return pkey;
}
EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin,
@@ -753,9 +799,9 @@ EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin,
goto end;
}
if (format == FORMAT_ENGINE) {
if (e == NULL)
if (e == NULL) {
BIO_printf(bio_err, "no engine specified\n");
else {
} else {
#ifndef OPENSSL_NO_ENGINE
pkey = ENGINE_load_public_key(e, file, ui_method, &cb_data);
if (pkey == NULL) {
@@ -771,14 +817,14 @@ EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin,
if (file == NULL && maybe_stdin) {
unbuffer(stdin);
key = dup_bio_in(format);
} else
} else {
key = bio_open_default(file, 'r', format);
}
if (key == NULL)
goto end;
if (format == FORMAT_ASN1) {
pkey = d2i_PUBKEY_bio(key, NULL);
}
else if (format == FORMAT_ASN1RSA) {
} else if (format == FORMAT_ASN1RSA) {
#ifndef OPENSSL_NO_RSA
RSA *rsa;
rsa = d2i_RSAPublicKey_bio(key, NULL);
@@ -808,21 +854,20 @@ EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin,
BIO_printf(bio_err, "RSA keys not supported\n");
#endif
pkey = NULL;
}
else if (format == FORMAT_PEM) {
} else if (format == FORMAT_PEM) {
pkey = PEM_read_bio_PUBKEY(key, NULL,
(pem_password_cb *)password_callback,
&cb_data);
}
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
else if (format == FORMAT_MSBLOB)
} else if (format == FORMAT_MSBLOB) {
pkey = b2i_PublicKey_bio(key);
#endif
}
end:
BIO_free(key);
if (pkey == NULL)
BIO_printf(bio_err, "unable to load %s\n", key_descrip);
return (pkey);
return pkey;
}
static int load_certs_crls(const char *file, int format,
@@ -855,36 +900,36 @@ static int load_certs_crls(const char *file, int format,
BIO_free(bio);
if (pcerts && *pcerts == NULL) {
if (pcerts != NULL && *pcerts == NULL) {
*pcerts = sk_X509_new_null();
if (!*pcerts)
if (*pcerts == NULL)
goto end;
}
if (pcrls && *pcrls == NULL) {
if (pcrls != NULL && *pcrls == NULL) {
*pcrls = sk_X509_CRL_new_null();
if (!*pcrls)
if (*pcrls == NULL)
goto end;
}
for (i = 0; i < sk_X509_INFO_num(xis); i++) {
xi = sk_X509_INFO_value(xis, i);
if (xi->x509 && pcerts) {
if (xi->x509 != NULL && pcerts != NULL) {
if (!sk_X509_push(*pcerts, xi->x509))
goto end;
xi->x509 = NULL;
}
if (xi->crl && pcrls) {
if (xi->crl != NULL && pcrls != NULL) {
if (!sk_X509_CRL_push(*pcrls, xi->crl))
goto end;
xi->crl = NULL;
}
}
if (pcerts && sk_X509_num(*pcerts) > 0)
if (pcerts != NULL && sk_X509_num(*pcerts) > 0)
rv = 1;
if (pcrls && sk_X509_CRL_num(*pcrls) > 0)
if (pcrls != NULL && sk_X509_CRL_num(*pcrls) > 0)
rv = 1;
end:
@@ -892,11 +937,11 @@ static int load_certs_crls(const char *file, int format,
sk_X509_INFO_pop_free(xis, X509_INFO_free);
if (rv == 0) {
if (pcerts) {
if (pcerts != NULL) {
sk_X509_pop_free(*pcerts, X509_free);
*pcerts = NULL;
}
if (pcrls) {
if (pcrls != NULL) {
sk_X509_CRL_pop_free(*pcrls, X509_CRL_free);
*pcrls = NULL;
}
@@ -1102,8 +1147,9 @@ static int set_table_opts(unsigned long *flags, const char *arg,
} else if (c == '+') {
c = 1;
arg++;
} else
} else {
c = 1;
}
for (ptbl = in_tbl; ptbl->name; ptbl++) {
if (strcasecmp(arg, ptbl->name) == 0) {
@@ -1148,23 +1194,23 @@ void print_bignum_var(BIO *out, const BIGNUM *in, const char *var,
int len, unsigned char *buffer)
{
BIO_printf(out, " static unsigned char %s_%d[] = {", var, len);
if (BN_is_zero(in))
BIO_printf(out, "\n\t0x00");
else {
if (BN_is_zero(in)) {
BIO_printf(out, "\n 0x00");
} else {
int i, l;
l = BN_bn2bin(in, buffer);
for (i = 0; i < l; i++) {
if ((i % 10) == 0)
BIO_printf(out, "\n\t");
BIO_printf(out, (i % 10) == 0 ? "\n " : " ");
if (i < l - 1)
BIO_printf(out, "0x%02X, ", buffer[i]);
BIO_printf(out, "0x%02X,", buffer[i]);
else
BIO_printf(out, "0x%02X", buffer[i]);
}
}
BIO_printf(out, "\n };\n");
}
void print_array(BIO *out, const char* title, int len, const unsigned char* d)
{
int i;
@@ -1198,8 +1244,9 @@ X509_STORE *setup_verify(const char *CAfile, const char *CApath, int noCAfile, i
BIO_printf(bio_err, "Error loading file %s\n", CAfile);
goto end;
}
} else
} else {
X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
}
}
if (CApath != NULL || !noCApath) {
@@ -1211,8 +1258,9 @@ X509_STORE *setup_verify(const char *CAfile, const char *CApath, int noCAfile, i
BIO_printf(bio_err, "Error loading directory %s\n", CApath);
goto end;
}
} else
} else {
X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
}
}
ERR_clear_error();
@@ -1243,7 +1291,7 @@ ENGINE *setup_engine(const char *engine, int debug)
ENGINE *e = NULL;
#ifndef OPENSSL_NO_ENGINE
if (engine) {
if (engine != NULL) {
if (strcmp(engine, "auto") == 0) {
BIO_printf(bio_err, "enabling auto ENGINE support\n");
ENGINE_register_all_complete();
@@ -1298,7 +1346,7 @@ static int index_serial_cmp(const OPENSSL_CSTRING *a,
for (aa = a[DB_serial]; *aa == '0'; aa++) ;
for (bb = b[DB_serial]; *bb == '0'; bb++) ;
return (strcmp(aa, bb));
return strcmp(aa, bb);
}
static int index_name_qual(char **a)
@@ -1313,7 +1361,7 @@ static unsigned long index_name_hash(const OPENSSL_CSTRING *a)
int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b)
{
return (strcmp(a[DB_name], b[DB_name]));
return strcmp(a[DB_name], b[DB_name]);
}
static IMPLEMENT_LHASH_HASH_FN(index_serial, OPENSSL_CSTRING)
@@ -1364,7 +1412,7 @@ BIGNUM *load_serial(const char *serialfile, int create, ASN1_INTEGER **retai)
err:
BIO_free(in);
ASN1_INTEGER_free(ai);
return (ret);
return ret;
}
int save_serial(const char *serialfile, const char *suffix, const BIGNUM *serial,
@@ -1414,7 +1462,7 @@ int save_serial(const char *serialfile, const char *suffix, const BIGNUM *serial
err:
BIO_free_all(out);
ASN1_INTEGER_free(ai);
return (ret);
return ret;
}
int rotate_serial(const char *serialfile, const char *new_suffix,
@@ -1465,15 +1513,11 @@ int rand_serial(BIGNUM *b, ASN1_INTEGER *ai)
BIGNUM *btmp;
int ret = 0;
if (b)
btmp = b;
else
btmp = BN_new();
btmp = b == NULL ? BN_new() : b;
if (btmp == NULL)
return 0;
if (!BN_pseudo_rand(btmp, SERIAL_RAND_BITS, 0, 0))
if (!BN_rand(btmp, SERIAL_RAND_BITS, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY))
goto error;
if (ai && !BN_to_ASN1_INTEGER(btmp, ai))
goto error;
@@ -1495,12 +1539,27 @@ CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr)
BIO *in;
CONF *dbattr_conf = NULL;
char buf[BSIZE];
#ifndef OPENSSL_NO_POSIX_IO
FILE *dbfp;
struct stat dbst;
#endif
in = BIO_new_file(dbfile, "r");
if (in == NULL) {
ERR_print_errors(bio_err);
goto err;
}
#ifndef OPENSSL_NO_POSIX_IO
BIO_get_fp(in, &dbfp);
if (fstat(fileno(dbfp), &dbst) == -1) {
SYSerr(SYS_F_FSTAT, errno);
ERR_add_error_data(3, "fstat('", dbfile, "')");
ERR_print_errors(bio_err);
goto err;
}
#endif
if ((tmpdb = TXT_DB_read(in, DB_NUMBER)) == NULL)
goto err;
@@ -1509,7 +1568,7 @@ CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr)
#else
BIO_snprintf(buf, sizeof(buf), "%s-attr", dbfile);
#endif
dbattr_conf = app_load_config(buf);
dbattr_conf = app_load_config_quiet(buf);
retdb = app_malloc(sizeof(*retdb), "new DB");
retdb->db = tmpdb;
@@ -1527,6 +1586,11 @@ CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr)
}
}
retdb->dbfname = OPENSSL_strdup(dbfile);
#ifndef OPENSSL_NO_POSIX_IO
retdb->dbst = dbst;
#endif
err:
NCONF_free(dbattr_conf);
TXT_DB_free(tmpdb);
@@ -1534,6 +1598,9 @@ CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr)
return retdb;
}
/*
* Returns > 0 on success, <= 0 on error
*/
int index_index(CA_DB *db)
{
if (!TXT_DB_create_index(db->db, DB_serial, NULL,
@@ -1672,6 +1739,7 @@ void free_index(CA_DB *db)
{
if (db) {
TXT_DB_free(db->db);
OPENSSL_free(db->dbfname);
OPENSSL_free(db);
}
}
@@ -1861,8 +1929,9 @@ static void nodes_print(const char *name, STACK_OF(X509_POLICY_NODE) *nodes)
node = sk_X509_POLICY_NODE_value(nodes, i);
X509_POLICY_NODE_print(bio_err, node, 2);
}
} else
} else {
BIO_puts(bio_err, " <empty>\n");
}
}
void policies_print(X509_STORE_CTX *ctx)
@@ -1893,25 +1962,46 @@ unsigned char *next_protos_parse(size_t *outlen, const char *in)
size_t len;
unsigned char *out;
size_t i, start = 0;
size_t skipped = 0;
len = strlen(in);
if (len >= 65535)
if (len == 0 || len >= 65535)
return NULL;
out = app_malloc(strlen(in) + 1, "NPN buffer");
out = app_malloc(len + 1, "NPN buffer");
for (i = 0; i <= len; ++i) {
if (i == len || in[i] == ',') {
/*
* Zero-length ALPN elements are invalid on the wire, we could be
* strict and reject the entire string, but just ignoring extra
* commas seems harmless and more friendly.
*
* Every comma we skip in this way puts the input buffer another
* byte ahead of the output buffer, so all stores into the output
* buffer need to be decremented by the number commas skipped.
*/
if (i == start) {
++start;
++skipped;
continue;
}
if (i - start > 255) {
OPENSSL_free(out);
return NULL;
}
out[start] = i - start;
out[start-skipped] = (unsigned char)(i - start);
start = i + 1;
} else
out[i + 1] = in[i];
} else {
out[i + 1 - skipped] = in[i];
}
}
*outlen = len + 1;
if (len <= skipped) {
OPENSSL_free(out);
return NULL;
}
*outlen = len + 1 - skipped;
return out;
}
@@ -2131,9 +2221,9 @@ double app_tminterval(int stop, int usertime)
ret = (__int64)(tmstop.QuadPart - tmstart.QuadPart) * 1e-7;
}
return (ret);
return ret;
}
#elif defined(OPENSSL_SYSTEM_VXWORKS)
#elif defined(OPENSSL_SYS_VXWORKS)
# include <time.h>
double app_tminterval(int stop, int usertime)
@@ -2167,7 +2257,7 @@ double app_tminterval(int stop, int usertime)
else
ret = (now - tmstart) / (double)sysClkRateGet();
# endif
return (ret);
return ret;
}
#elif defined(OPENSSL_SYSTEM_VMS)
@@ -2201,7 +2291,7 @@ double app_tminterval(int stop, int usertime)
else
ret = (now - tmstart) / (double)(CLK_TCK);
return (ret);
return ret;
}
#elif defined(_SC_CLK_TCK) /* by means of unistd.h */
@@ -2217,14 +2307,14 @@ double app_tminterval(int stop, int usertime)
if (usertime)
now = rus.tms_utime;
if (stop == TM_START)
if (stop == TM_START) {
tmstart = now;
else {
} else {
long int tck = sysconf(_SC_CLK_TCK);
ret = (now - tmstart) / (double)tck;
}
return (ret);
return ret;
}
#else
@@ -2349,12 +2439,12 @@ int raw_read_stdin(void *buf, int siz)
{
DWORD n;
if (ReadFile(GetStdHandle(STD_INPUT_HANDLE), buf, siz, &n, NULL))
return (n);
return n;
else
return (-1);
return -1;
}
#elif defined(__VMS)
#include <sys/socket.h>
# include <sys/socket.h>
int raw_read_stdin(void *buf, int siz)
{
@@ -2372,9 +2462,9 @@ int raw_write_stdout(const void *buf, int siz)
{
DWORD n;
if (WriteFile(GetStdHandle(STD_OUTPUT_HANDLE), buf, siz, &n, NULL))
return (n);
return n;
else
return (-1);
return -1;
}
#else
int raw_write_stdout(const void *buf, int siz)
@@ -2401,14 +2491,26 @@ BIO *dup_bio_in(int format)
BIO_NOCLOSE | (istext(format) ? BIO_FP_TEXT : 0));
}
static BIO_METHOD *prefix_method = NULL;
BIO *dup_bio_out(int format)
{
BIO *b = BIO_new_fp(stdout,
BIO_NOCLOSE | (istext(format) ? BIO_FP_TEXT : 0));
void *prefix = NULL;
#ifdef OPENSSL_SYS_VMS
if (istext(format))
b = BIO_push(BIO_new(BIO_f_linebuffer()), b);
#endif
if (istext(format) && (prefix = getenv("HARNESS_OSSL_PREFIX")) != NULL) {
if (prefix_method == NULL)
prefix_method = apps_bf_prefix();
b = BIO_push(BIO_new(prefix_method), b);
BIO_ctrl(b, PREFIX_CTRL_SET_PREFIX, 0, prefix);
}
return b;
}
@@ -2423,6 +2525,12 @@ BIO *dup_bio_err(int format)
return b;
}
void destroy_prefix_method(void)
{
BIO_meth_free(prefix_method);
prefix_method = NULL;
}
void unbuffer(FILE *fp)
{
/*
@@ -2649,15 +2757,23 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate,
if (X509_gmtime_adj(X509_getm_notBefore(x), 0) == NULL)
return 0;
} else {
if (!ASN1_TIME_set_string(X509_getm_notBefore(x), startdate))
if (!ASN1_TIME_set_string_X509(X509_getm_notBefore(x), startdate))
return 0;
}
if (enddate == NULL) {
if (X509_time_adj_ex(X509_getm_notAfter(x), days, 0, NULL)
== NULL)
return 0;
} else if (!ASN1_TIME_set_string(X509_getm_notAfter(x), enddate)) {
} else if (!ASN1_TIME_set_string_X509(X509_getm_notAfter(x), enddate)) {
return 0;
}
return 1;
}
void make_uppercase(char *string)
{
int i;
for (i = 0; string[i] != '\0'; i++)
string[i] = toupper((unsigned char)string[i]);
}

153
apps/apps.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -7,20 +7,23 @@
* https://www.openssl.org/source/license.html
*/
#ifndef HEADER_APPS_H
# define HEADER_APPS_H
#ifndef OSSL_APPS_H
# define OSSL_APPS_H
# include "e_os.h"
# if defined(__unix) || defined(__unix__)
# include <sys/time.h> /* struct timeval for DTLS */
# endif
# include "e_os.h" /* struct timeval for DTLS */
# include "internal/nelem.h"
# include <assert.h>
# include <sys/types.h>
# ifndef OPENSSL_NO_POSIX_IO
# include <sys/stat.h>
# include <fcntl.h>
# endif
# include <openssl/e_os2.h>
# include <openssl/ossl_typ.h>
# include <openssl/bio.h>
# include <openssl/x509.h>
# include <openssl/lhash.h>
# include <openssl/conf.h>
# include <openssl/txt_db.h>
# include <openssl/engine.h>
@@ -40,27 +43,38 @@
*/
#define _UC(c) ((unsigned char)(c))
int app_RAND_load_file(const char *file, int dont_warn);
int app_RAND_write_file(const char *file);
/*
* When `file' is NULL, use defaults. `bio_e' is for error messages.
*/
void app_RAND_allow_write_file(void);
long app_RAND_load_files(char *file); /* `file' is a list of files to read,
* separated by LIST_SEPARATOR_CHAR
* (see e_os.h). The string is
* destroyed! */
void app_RAND_load_conf(CONF *c, const char *section);
void app_RAND_write(void);
extern char *default_config_file;
extern BIO *bio_in;
extern BIO *bio_out;
extern BIO *bio_err;
extern const unsigned char tls13_aes128gcmsha256_id[];
extern const unsigned char tls13_aes256gcmsha384_id[];
extern BIO_ADDR *ourpeer;
BIO_METHOD *apps_bf_prefix(void);
/*
* The control used to set the prefix with BIO_ctrl()
* We make it high enough so the chance of ever clashing with the BIO library
* remains unlikely for the foreseeable future and beyond.
*/
#define PREFIX_CTRL_SET_PREFIX (1 << 15)
/*
* apps_bf_prefix() returns a dynamically created BIO_METHOD, which we
* need to destroy at some point. When created internally, it's stored
* in an internal pointer which can be freed with the following function
*/
void destroy_prefix_method(void);
BIO *dup_bio_in(int format);
BIO *dup_bio_out(int format);
BIO *dup_bio_err(int format);
BIO *bio_open_owner(const char *filename, int format, int private);
BIO *bio_open_default(const char *filename, char mode, int format);
BIO *bio_open_default_quiet(const char *filename, char mode, int format);
CONF *app_load_config_bio(BIO *in, const char *filename);
CONF *app_load_config(const char *filename);
CONF *app_load_config_quiet(const char *filename);
int app_load_modules(const CONF *config);
@@ -175,7 +189,7 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate,
case OPT_V_ALLOW_PROXY_CERTS
/*
* Common "extended"? options.
* Common "extended validation" options.
*/
# define OPT_X_ENUM \
OPT_X__FIRST=1000, \
@@ -210,18 +224,22 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate,
# define OPT_S_ENUM \
OPT_S__FIRST=3000, \
OPT_S_NOSSL3, OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \
OPT_S_BUGS, OPT_S_NO_COMP, OPT_S_NOTICKET, \
OPT_S_NOTLS1_3, OPT_S_BUGS, OPT_S_NO_COMP, OPT_S_NOTICKET, \
OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_LEGACYCONN, \
OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_STRICT, OPT_S_SIGALGS, \
OPT_S_CLIENTSIGALGS, OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, \
OPT_S_DEBUGBROKE, OPT_S_COMP, OPT_S_MINPROTO, OPT_S_MAXPROTO, \
OPT_S_NO_RENEGOTIATION, OPT_S__LAST
OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_ALLOW_NO_DHE_KEX, \
OPT_S_PRIORITIZE_CHACHA, \
OPT_S_STRICT, OPT_S_SIGALGS, OPT_S_CLIENTSIGALGS, OPT_S_GROUPS, \
OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, OPT_S_CIPHERSUITES, \
OPT_S_RECORD_PADDING, OPT_S_DEBUGBROKE, OPT_S_COMP, \
OPT_S_MINPROTO, OPT_S_MAXPROTO, \
OPT_S_NO_RENEGOTIATION, OPT_S_NO_MIDDLEBOX, OPT_S__LAST
# define OPT_S_OPTIONS \
{"no_ssl3", OPT_S_NOSSL3, '-',"Just disable SSLv3" }, \
{"no_tls1", OPT_S_NOTLS1, '-', "Just disable TLSv1"}, \
{"no_tls1_1", OPT_S_NOTLS1_1, '-', "Just disable TLSv1.1" }, \
{"no_tls1_2", OPT_S_NOTLS1_2, '-', "Just disable TLSv1.2"}, \
{"no_tls1_3", OPT_S_NOTLS1_3, '-', "Just disable TLSv1.3"}, \
{"bugs", OPT_S_BUGS, '-', "Turn on SSL bug compatibility"}, \
{"no_comp", OPT_S_NO_COMP, '-', "Disable SSL/TLS compression (default)" }, \
{"comp", OPT_S_COMP, '-', "Use SSL/TLS-level compression" }, \
@@ -238,6 +256,10 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate,
"Disallow session resumption on renegotiation"}, \
{"no_legacy_server_connect", OPT_S_NOLEGACYCONN, '-', \
"Disallow initial connection to servers that don't support RI"}, \
{"allow_no_dhe_kex", OPT_S_ALLOW_NO_DHE_KEX, '-', \
"In TLSv1.3 allow non-(ec)dhe based key exchange on resumption"}, \
{"prioritize_chacha", OPT_S_PRIORITIZE_CHACHA, '-', \
"Prioritize ChaCha ciphers when preferred by clients"}, \
{"strict", OPT_S_STRICT, '-', \
"Enforce strict certificate checks as per TLS standard"}, \
{"sigalgs", OPT_S_SIGALGS, 's', \
@@ -245,15 +267,22 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate,
{"client_sigalgs", OPT_S_CLIENTSIGALGS, 's', \
"Signature algorithms to support for client certificate" \
" authentication (colon-separated list)" }, \
{"groups", OPT_S_GROUPS, 's', \
"Groups to advertise (colon-separated list)" }, \
{"curves", OPT_S_CURVES, 's', \
"Elliptic curves to advertise (colon-separated list)" }, \
"Groups to advertise (colon-separated list)" }, \
{"named_curve", OPT_S_NAMEDCURVE, 's', \
"Elliptic curve used for ECDHE (server-side only)" }, \
{"cipher", OPT_S_CIPHER, 's', "Specify cipher list to be used"}, \
{"cipher", OPT_S_CIPHER, 's', "Specify TLSv1.2 and below cipher list to be used"}, \
{"ciphersuites", OPT_S_CIPHERSUITES, 's', "Specify TLSv1.3 ciphersuites to be used"}, \
{"min_protocol", OPT_S_MINPROTO, 's', "Specify the minimum protocol version to be used"}, \
{"max_protocol", OPT_S_MAXPROTO, 's', "Specify the maximum protocol version to be used"}, \
{"record_padding", OPT_S_RECORD_PADDING, 's', \
"Block size to pad TLS 1.3 records to."}, \
{"debug_broken_protocol", OPT_S_DEBUGBROKE, '-', \
"Perform all sorts of protocol violations for testing purposes"}
"Perform all sorts of protocol violations for testing purposes"}, \
{"no_middlebox", OPT_S_NO_MIDDLEBOX, '-', \
"Disable TLSv1.3 middlebox compat mode" }
# define OPT_S_CASES \
OPT_S__FIRST: case OPT_S__LAST: break; \
@@ -261,6 +290,7 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate,
case OPT_S_NOTLS1: \
case OPT_S_NOTLS1_1: \
case OPT_S_NOTLS1_2: \
case OPT_S_NOTLS1_3: \
case OPT_S_BUGS: \
case OPT_S_NO_COMP: \
case OPT_S_COMP: \
@@ -270,20 +300,40 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate,
case OPT_S_LEGACYCONN: \
case OPT_S_ONRESUMP: \
case OPT_S_NOLEGACYCONN: \
case OPT_S_ALLOW_NO_DHE_KEX: \
case OPT_S_PRIORITIZE_CHACHA: \
case OPT_S_STRICT: \
case OPT_S_SIGALGS: \
case OPT_S_CLIENTSIGALGS: \
case OPT_S_GROUPS: \
case OPT_S_CURVES: \
case OPT_S_NAMEDCURVE: \
case OPT_S_CIPHER: \
case OPT_S_CIPHERSUITES: \
case OPT_S_RECORD_PADDING: \
case OPT_S_NO_RENEGOTIATION: \
case OPT_S_MINPROTO: \
case OPT_S_MAXPROTO: \
case OPT_S_NO_RENEGOTIATION: \
case OPT_S_DEBUGBROKE
case OPT_S_DEBUGBROKE: \
case OPT_S_NO_MIDDLEBOX
#define IS_NO_PROT_FLAG(o) \
(o == OPT_S_NOSSL3 || o == OPT_S_NOTLS1 || o == OPT_S_NOTLS1_1 \
|| o == OPT_S_NOTLS1_2)
|| o == OPT_S_NOTLS1_2 || o == OPT_S_NOTLS1_3)
/*
* Random state options.
*/
# define OPT_R_ENUM \
OPT_R__FIRST=1500, OPT_R_RAND, OPT_R_WRITERAND, OPT_R__LAST
# define OPT_R_OPTIONS \
{"rand", OPT_R_RAND, 's', "Load the file(s) into the random number generator"}, \
{"writerand", OPT_R_WRITERAND, '>', "Write random data to the specified file"}
# define OPT_R_CASES \
OPT_R__FIRST: case OPT_R__LAST: break; \
case OPT_R_RAND: case OPT_R_WRITERAND
/*
* Option parsing.
@@ -296,7 +346,7 @@ typedef struct options_st {
/*
* value type: - no value (also the value zero), n number, p positive
* number, u unsigned, l long, s string, < input file, > output file,
* f any format, F der/pem format , E der/pem/engine format identifier.
* f any format, F der/pem format, E der/pem/engine format identifier.
* l, n and u include zero; p does not.
*/
int valtype;
@@ -319,7 +369,7 @@ typedef struct string_int_pair_st {
# define OPT_FMT_SMIME (1L << 3)
# define OPT_FMT_ENGINE (1L << 4)
# define OPT_FMT_MSBLOB (1L << 5)
# define OPT_FMT_NETSCAPE (1L << 6)
/* (1L << 6) was OPT_FMT_NETSCAPE, but wasn't used */
# define OPT_FMT_NSS (1L << 7)
# define OPT_FMT_TEXT (1L << 8)
# define OPT_FMT_HTTP (1L << 9)
@@ -328,8 +378,8 @@ typedef struct string_int_pair_st {
# define OPT_FMT_PDS (OPT_FMT_PEMDER | OPT_FMT_SMIME)
# define OPT_FMT_ANY ( \
OPT_FMT_PEMDER | OPT_FMT_PKCS12 | OPT_FMT_SMIME | \
OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NETSCAPE | \
OPT_FMT_NSS | OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK)
OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NSS | \
OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK)
char *opt_progname(const char *argv0);
char *opt_getprog(void);
@@ -355,10 +405,10 @@ int opt_md(const char *name, const EVP_MD **mdp);
char *opt_arg(void);
char *opt_flag(void);
char *opt_unknown(void);
char *opt_reset(void);
char **opt_rest(void);
int opt_num_rest(void);
int opt_verify(int i, X509_VERIFY_PARAM *vpm);
int opt_rand(int i);
void opt_help(const OPTIONS * list);
int opt_format_error(const char *s, unsigned long flags);
@@ -391,16 +441,17 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_data);
int setup_ui_method(void);
void destroy_ui_method(void);
const UI_METHOD *get_ui_method(void);
int chopup_args(ARGS *arg, char *buf);
# ifdef HEADER_X509_H
int dump_cert_text(BIO *out, X509 *x);
void print_name(BIO *out, const char *title, X509_NAME *nm,
unsigned long lflags);
# endif
void print_bignum_var(BIO *, const BIGNUM *, const char*,
int, unsigned char *);
void print_array(BIO *, const char *, int, const unsigned char *);
int set_nameopt(const char *arg);
unsigned long get_nameopt(void);
int set_cert_ex(unsigned long *flags, const char *arg);
int set_name_ex(unsigned long *flags, const char *arg);
int set_ext_copy(int *copy_type, const char *arg);
@@ -458,9 +509,10 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
* disabled */
# define DB_NUMBER 6
# define DB_TYPE_REV 'R'
# define DB_TYPE_EXP 'E'
# define DB_TYPE_VAL 'V'
# define DB_TYPE_REV 'R' /* Revoked */
# define DB_TYPE_EXP 'E' /* Expired */
# define DB_TYPE_VAL 'V' /* Valid ; inserted with: ca ... -valid */
# define DB_TYPE_SUSP 'S' /* Suspended */
typedef struct db_attr_st {
int unique_subject;
@@ -468,6 +520,10 @@ typedef struct db_attr_st {
typedef struct ca_db_st {
DB_ATTR attributes;
TXT_DB *db;
char *dbfname;
# ifndef OPENSSL_NO_POSIX_IO
struct stat dbst;
# endif
} CA_DB;
void* app_malloc(int sz, const char *what);
@@ -490,8 +546,6 @@ int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b);
int parse_yesno(const char *str, int def);
X509_NAME *parse_name(const char *str, long chtype, int multirdn);
int args_verify(char ***pargs, int *pargc,
int *badarg, X509_VERIFY_PARAM **pm);
void policies_print(X509_STORE_CTX *ctx);
int bio_to_mem(unsigned char **out, int maxlen, BIO *in);
int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value);
@@ -503,9 +557,9 @@ int do_X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md,
STACK_OF(OPENSSL_STRING) *sigopts);
int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md,
STACK_OF(OPENSSL_STRING) *sigopts);
# ifndef OPENSSL_NO_PSK
extern char *psk_key;
# endif
unsigned char *next_protos_parse(size_t *outlen, const char *in);
@@ -546,7 +600,12 @@ void store_setup_crl_download(X509_STORE *st);
# define APP_PASS_LEN 1024
# define SERIAL_RAND_BITS 64
/*
* IETF RFC 5280 says serial number must be <= 20 bytes. Use 159 bits
* so that the first bit will never be one, so that the DER encoding
* rules won't force a leading octet.
*/
# define SERIAL_RAND_BITS 159
int app_isdir(const char *);
int app_access(const char *, int flag);
@@ -559,6 +618,8 @@ int raw_write_stdout(const void *, int);
# define TM_STOP 1
double app_tminterval(int stop, int usertime);
void make_uppercase(char *string);
typedef struct verify_options_st {
int depth;
int quiet;
@@ -568,6 +629,4 @@ typedef struct verify_options_st {
extern VERIFY_CB_ARGS verify_args;
# include "progs.h"
#endif

83
apps/asn1pars.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -7,28 +7,26 @@
* https://www.openssl.org/source/license.html
*/
/*
* A nice addition from Dr Stephen Henson <steve@openssl.org> to add the
* -strparse option which parses nested binary structures
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "apps.h"
#include "progs.h"
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/asn1t.h>
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_IN, OPT_OUT, OPT_INDENT, OPT_NOOUT,
OPT_OID, OPT_OFFSET, OPT_LENGTH, OPT_DUMP, OPT_DLIMIT,
OPT_STRPARSE, OPT_GENSTR, OPT_GENCONF, OPT_STRICTPEM
OPT_STRPARSE, OPT_GENSTR, OPT_GENCONF, OPT_STRICTPEM,
OPT_ITEM
} OPTION_CHOICE;
OPTIONS asn1parse_options[] = {
const OPTIONS asn1parse_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"inform", OPT_INFORM, 'F', "input format - one of DER PEM"},
{"in", OPT_IN, '<', "input file"},
@@ -49,6 +47,7 @@ OPTIONS asn1parse_options[] = {
{OPT_MORE_STR, 0, 0, "(-inform will be ignored)"},
{"strictpem", OPT_STRICTPEM, 0,
"do not attempt base64 decode outside PEM markers"},
{"item", OPT_ITEM, 's', "item to parse and print"},
{NULL}
};
@@ -71,6 +70,7 @@ int asn1parse_main(int argc, char **argv)
unsigned char *tmpbuf;
unsigned int length = 0;
OPTION_CHOICE o;
const ASN1_ITEM *it = NULL;
prog = opt_init(argc, argv, asn1parse_options);
@@ -134,6 +134,22 @@ int asn1parse_main(int argc, char **argv)
strictpem = 1;
informat = FORMAT_PEM;
break;
case OPT_ITEM:
it = ASN1_ITEM_lookup(opt_arg());
if (it == NULL) {
size_t tmp;
BIO_printf(bio_err, "Unknown item name %s\n", opt_arg());
BIO_puts(bio_err, "Supported types:\n");
for (tmp = 0;; tmp++) {
it = ASN1_ITEM_get(tmp);
if (it == NULL)
break;
BIO_printf(bio_err, " %s\n", it->sname);
}
goto end;
}
break;
}
}
argc = opt_num_rest();
@@ -154,17 +170,17 @@ int asn1parse_main(int argc, char **argv)
if (derfile && (derout = bio_open_default(derfile, 'w', FORMAT_ASN1)) == NULL)
goto end;
if ((buf = BUF_MEM_new()) == NULL)
goto end;
if (strictpem) {
if (PEM_read_bio(in, &name, &header, &str, &num) !=
1) {
if (PEM_read_bio(in, &name, &header, &str, &num) != 1) {
BIO_printf(bio_err, "Error reading PEM file\n");
ERR_print_errors(bio_err);
goto end;
}
buf->data = (char *)str;
buf->length = buf->max = num;
} else {
if ((buf = BUF_MEM_new()) == NULL)
goto end;
if (!BUF_MEM_grow(buf, BUFSIZ * 8))
goto end; /* Pre-allocate :-) */
@@ -174,9 +190,7 @@ int asn1parse_main(int argc, char **argv)
ERR_print_errors(bio_err);
goto end;
}
}
else {
} else {
if (informat == FORMAT_PEM) {
BIO *tmp;
@@ -253,18 +267,31 @@ int asn1parse_main(int argc, char **argv)
if (length == 0 || length > (unsigned int)num)
length = (unsigned int)num;
if (derout) {
if (derout != NULL) {
if (BIO_write(derout, str + offset, length) != (int)length) {
BIO_printf(bio_err, "Error writing output\n");
ERR_print_errors(bio_err);
goto end;
}
}
if (!noout &&
!ASN1_parse_dump(bio_out, &(str[offset]), length,
indent, dump)) {
ERR_print_errors(bio_err);
goto end;
if (!noout) {
const unsigned char *p = str + offset;
if (it != NULL) {
ASN1_VALUE *value = ASN1_item_d2i(NULL, &p, length, it);
if (value == NULL) {
BIO_printf(bio_err, "Error parsing item %s\n", it->sname);
ERR_print_errors(bio_err);
goto end;
}
ASN1_item_print(bio_out, value, 0, it, NULL);
ASN1_item_free(value, it);
} else {
if (!ASN1_parse_dump(bio_out, p, length, indent, dump)) {
ERR_print_errors(bio_err);
goto end;
}
}
}
ret = 0;
end:
@@ -276,11 +303,9 @@ int asn1parse_main(int argc, char **argv)
BUF_MEM_free(buf);
OPENSSL_free(name);
OPENSSL_free(header);
if (strictpem)
OPENSSL_free(str);
ASN1_TYPE_free(at);
sk_OPENSSL_STRING_free(osk);
return (ret);
return ret;
}
static int do_generate(char *genstr, const char *genconf, BUF_MEM *buf)
@@ -290,12 +315,12 @@ static int do_generate(char *genstr, const char *genconf, BUF_MEM *buf)
unsigned char *p;
ASN1_TYPE *atyp = NULL;
if (genconf) {
if (genconf != NULL) {
if ((cnf = app_load_config(genconf)) == NULL)
goto err;
if (!genstr)
if (genstr == NULL)
genstr = NCONF_get_string(cnf, "default", "asn1");
if (!genstr) {
if (genstr == NULL) {
BIO_printf(bio_err, "Can't find 'asn1' in '%s'\n", genconf);
goto err;
}
@@ -305,7 +330,7 @@ static int do_generate(char *genstr, const char *genconf, BUF_MEM *buf)
NCONF_free(cnf);
cnf = NULL;
if (!atyp)
if (atyp == NULL)
return -1;
len = i2d_ASN1_TYPE(atyp, NULL);

177
apps/bf_prefix.c Normal file
View File

@@ -0,0 +1,177 @@
/*
* Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <string.h>
#include <errno.h>
#include <openssl/bio.h>
#include "apps.h"
static int prefix_write(BIO *b, const char *out, size_t outl,
size_t *numwritten);
static int prefix_read(BIO *b, char *buf, size_t size, size_t *numread);
static int prefix_puts(BIO *b, const char *str);
static int prefix_gets(BIO *b, char *str, int size);
static long prefix_ctrl(BIO *b, int cmd, long arg1, void *arg2);
static int prefix_create(BIO *b);
static int prefix_destroy(BIO *b);
static long prefix_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp);
static BIO_METHOD *prefix_meth = NULL;
BIO_METHOD *apps_bf_prefix(void)
{
if (prefix_meth == NULL) {
if ((prefix_meth =
BIO_meth_new(BIO_TYPE_FILTER, "Prefix filter")) == NULL
|| !BIO_meth_set_create(prefix_meth, prefix_create)
|| !BIO_meth_set_destroy(prefix_meth, prefix_destroy)
|| !BIO_meth_set_write_ex(prefix_meth, prefix_write)
|| !BIO_meth_set_read_ex(prefix_meth, prefix_read)
|| !BIO_meth_set_puts(prefix_meth, prefix_puts)
|| !BIO_meth_set_gets(prefix_meth, prefix_gets)
|| !BIO_meth_set_ctrl(prefix_meth, prefix_ctrl)
|| !BIO_meth_set_callback_ctrl(prefix_meth, prefix_callback_ctrl)) {
BIO_meth_free(prefix_meth);
prefix_meth = NULL;
}
}
return prefix_meth;
}
typedef struct prefix_ctx_st {
char *prefix;
int linestart; /* flag to indicate we're at the line start */
} PREFIX_CTX;
static int prefix_create(BIO *b)
{
PREFIX_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
if (ctx == NULL)
return 0;
ctx->prefix = NULL;
ctx->linestart = 1;
BIO_set_data(b, ctx);
BIO_set_init(b, 1);
return 1;
}
static int prefix_destroy(BIO *b)
{
PREFIX_CTX *ctx = BIO_get_data(b);
OPENSSL_free(ctx->prefix);
OPENSSL_free(ctx);
return 1;
}
static int prefix_read(BIO *b, char *in, size_t size, size_t *numread)
{
return BIO_read_ex(BIO_next(b), in, size, numread);
}
static int prefix_write(BIO *b, const char *out, size_t outl,
size_t *numwritten)
{
PREFIX_CTX *ctx = BIO_get_data(b);
if (ctx == NULL)
return 0;
/* If no prefix is set or if it's empty, we've got nothing to do here */
if (ctx->prefix == NULL || *ctx->prefix == '\0') {
/* We do note if what comes next will be a new line, though */
if (outl > 0)
ctx->linestart = (out[outl-1] == '\n');
return BIO_write_ex(BIO_next(b), out, outl, numwritten);
}
*numwritten = 0;
while (outl > 0) {
size_t i;
char c;
/* If we know that we're at the start of the line, output the prefix */
if (ctx->linestart) {
size_t dontcare;
if (!BIO_write_ex(BIO_next(b), ctx->prefix, strlen(ctx->prefix),
&dontcare))
return 0;
ctx->linestart = 0;
}
/* Now, go look for the next LF, or the end of the string */
for (i = 0, c = '\0'; i < outl && (c = out[i]) != '\n'; i++)
continue;
if (c == '\n')
i++;
/* Output what we found so far */
while (i > 0) {
size_t num = 0;
if (!BIO_write_ex(BIO_next(b), out, i, &num))
return 0;
out += num;
outl -= num;
*numwritten += num;
i -= num;
}
/* If we found a LF, what follows is a new line, so take note */
if (c == '\n')
ctx->linestart = 1;
}
return 1;
}
static long prefix_ctrl(BIO *b, int cmd, long num, void *ptr)
{
long ret = 0;
switch (cmd) {
case PREFIX_CTRL_SET_PREFIX:
{
PREFIX_CTX *ctx = BIO_get_data(b);
if (ctx == NULL)
break;
OPENSSL_free(ctx->prefix);
ctx->prefix = OPENSSL_strdup((const char *)ptr);
ret = ctx->prefix != NULL;
}
break;
default:
if (BIO_next(b) != NULL)
ret = BIO_ctrl(BIO_next(b), cmd, num, ptr);
break;
}
return ret;
}
static long prefix_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
{
return BIO_callback_ctrl(BIO_next(b), cmd, fp);
}
static int prefix_gets(BIO *b, char *buf, int size)
{
return BIO_gets(BIO_next(b), buf, size);
}
static int prefix_puts(BIO *b, const char *str)
{
return BIO_write(b, str, strlen(str));
}

81
apps/build.info
View File

@@ -1,28 +1,79 @@
{- our $tsget_name = $config{target} =~ /^(VC|vms)-/ ? "tsget.pl" : "tsget";
our @apps_openssl_src =
( qw(openssl.c
asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c dgst.c dhparam.c
dsa.c dsaparam.c ec.c ecparam.c enc.c engine.c errstr.c gendsa.c
genpkey.c genrsa.c nseq.c ocsp.c passwd.c pkcs12.c pkcs7.c pkcs8.c
pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c rsa.c rsautl.c
s_client.c s_server.c s_time.c sess_id.c smime.c speed.c spkac.c
srp.c ts.c verify.c version.c x509.c rehash.c
apps.c opt.c s_cb.c s_socket.c
app_rand.c),
split(/\s+/, $target{apps_aux_src}) );
{- our @apps_openssl_src =
qw(openssl.c
asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c dgst.c
enc.c errstr.c
genpkey.c nseq.c passwd.c pkcs7.c pkcs8.c
pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c
s_client.c s_server.c s_time.c sess_id.c smime.c speed.c spkac.c
verify.c version.c x509.c rehash.c storeutl.c);
our @apps_lib_src =
( qw(apps.c opt.c s_cb.c s_socket.c app_rand.c bf_prefix.c),
split(/\s+/, $target{apps_aux_src}) );
our @apps_init_src = split(/\s+/, $target{apps_init_src});
"" -}
IF[{- !$disabled{apps} -}]
LIBS_NO_INST=libapps.a
SOURCE[libapps.a]={- join(" ", @apps_lib_src) -}
INCLUDE[libapps.a]=.. ../include
PROGRAMS=openssl
SOURCE[openssl]={- join(" ", @apps_init_src) -}
SOURCE[openssl]={- join(" ", @apps_openssl_src) -}
INCLUDE[openssl]=.. ../include
DEPEND[openssl]=../libssl
DEPEND[openssl]=libapps.a ../libssl
IF[{- !$disabled{'des'} -}]
SOURCE[openssl]=pkcs12.c
DEPEND[pkcs12.o]=progs.h
ENDIF
IF[{- !$disabled{'ec'} -}]
SOURCE[openssl]=ec.c ecparam.c
DEPEND[ec.o]=progs.h
DEPEND[ecparam.o]=progs.h
ENDIF
IF[{- !$disabled{'ocsp'} -}]
SOURCE[openssl]=ocsp.c
DEPEND[ocsp.o]=progs.h
ENDIF
IF[{- !$disabled{'srp'} -}]
SOURCE[openssl]=srp.c
DEPEND[srp.o]=progs.h
ENDIF
IF[{- !$disabled{'ts'} -}]
SOURCE[openssl]=ts.c
DEPEND[ts.o]=progs.h
ENDIF
IF[{- !$disabled{'dh'} -}]
SOURCE[openssl]=dhparam.c
DEPEND[dhparam.o]=progs.h
ENDIF
IF[{- !$disabled{'dsa'} -}]
SOURCE[openssl]=dsa.c dsaparam.c gendsa.c
DEPEND[dsa.o]=progs.h
DEPEND[dsaparam.o]=progs.h
DEPEND[gendsa.o]=progs.h
ENDIF
IF[{- !$disabled{'engine'} -}]
SOURCE[openssl]=engine.c
DEPEND[engine.o]=progs.h
ENDIF
IF[{- !$disabled{'rsa'} -}]
SOURCE[openssl]=rsa.c rsautl.c genrsa.c
DEPEND[rsa.o]=progs.h
DEPEND[rsautl.o]=progs.h
DEPEND[genrsa.o]=progs.h
ENDIF
IF[{- $config{target} =~ /^(?:Cygwin|mingw|VC-)/ -}]
GENERATE[openssl.rc]=../util/mkrc.pl openssl
SOURCE[openssl]=openssl.rc
ENDIF
{- join("\n ", map { (my $x = $_) =~ s|\.c$|.o|; "DEPEND[$x]=progs.h" }
@apps_openssl_src) -}
GENERATE[progs.h]=progs.pl $(APPS_OPENSSL)
DEPEND[progs.h]=../configdata.pm
SCRIPTS=CA.pl {- $tsget_name -}
SCRIPTS=CA.pl tsget.pl
SOURCE[CA.pl]=CA.pl.in
SOURCE[{- $tsget_name -}]=tsget.in
SOURCE[tsget.pl]=tsget.in
ENDIF

525
apps/ca.c
View File

File diff suppressed because it is too large Load Diff

48
apps/ciphers.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -11,22 +11,26 @@
#include <stdlib.h>
#include <string.h>
#include "apps.h"
#include "progs.h"
#include <openssl/err.h>
#include <openssl/ssl.h>
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_STDNAME,
OPT_CONVERT,
OPT_SSL3,
OPT_TLS1,
OPT_TLS1_1,
OPT_TLS1_2,
OPT_TLS1_3,
OPT_PSK,
OPT_SRP,
OPT_CIPHERSUITES,
OPT_V, OPT_UPPER_V, OPT_S
} OPTION_CHOICE;
OPTIONS ciphers_options[] = {
const OPTIONS ciphers_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers"},
{"V", OPT_UPPER_V, '-', "Even more verbose"},
@@ -43,15 +47,19 @@ OPTIONS ciphers_options[] = {
#ifndef OPENSSL_NO_TLS1_2
{"tls1_2", OPT_TLS1_2, '-', "TLS1.2 mode"},
#endif
#ifndef OPENSSL_NO_SSL_TRACE
{"stdname", OPT_STDNAME, '-', "Show standard cipher names"},
#ifndef OPENSSL_NO_TLS1_3
{"tls1_3", OPT_TLS1_3, '-', "TLS1.3 mode"},
#endif
{"stdname", OPT_STDNAME, '-', "Show standard cipher names"},
#ifndef OPENSSL_NO_PSK
{"psk", OPT_PSK, '-', "include ciphersuites requiring PSK"},
#endif
#ifndef OPENSSL_NO_SRP
{"srp", OPT_SRP, '-', "include ciphersuites requiring SRP"},
#endif
{"convert", OPT_CONVERT, 's', "Convert standard name into OpenSSL name"},
{"ciphersuites", OPT_CIPHERSUITES, 's',
"Configure the TLSv1.3 ciphersuites to use"},
{NULL}
};
@@ -78,9 +86,7 @@ int ciphers_main(int argc, char **argv)
STACK_OF(SSL_CIPHER) *sk = NULL;
const SSL_METHOD *meth = TLS_server_method();
int ret = 1, i, verbose = 0, Verbose = 0, use_supported = 0;
#ifndef OPENSSL_NO_SSL_TRACE
int stdname = 0;
#endif
#ifndef OPENSSL_NO_PSK
int psk = 0;
#endif
@@ -88,7 +94,7 @@ int ciphers_main(int argc, char **argv)
int srp = 0;
#endif
const char *p;
char *ciphers = NULL, *prog;
char *ciphers = NULL, *prog, *convert = NULL, *ciphersuites = NULL;
char buf[512];
OPTION_CHOICE o;
int min_version = 0, max_version = 0;
@@ -115,9 +121,10 @@ int ciphers_main(int argc, char **argv)
use_supported = 1;
break;
case OPT_STDNAME:
#ifndef OPENSSL_NO_SSL_TRACE
stdname = verbose = 1;
#endif
break;
case OPT_CONVERT:
convert = opt_arg();
break;
case OPT_SSL3:
min_version = SSL3_VERSION;
@@ -135,6 +142,10 @@ int ciphers_main(int argc, char **argv)
min_version = TLS1_2_VERSION;
max_version = TLS1_2_VERSION;
break;
case OPT_TLS1_3:
min_version = TLS1_3_VERSION;
max_version = TLS1_3_VERSION;
break;
case OPT_PSK:
#ifndef OPENSSL_NO_PSK
psk = 1;
@@ -145,6 +156,9 @@ int ciphers_main(int argc, char **argv)
srp = 1;
#endif
break;
case OPT_CIPHERSUITES:
ciphersuites = opt_arg();
break;
}
}
argv = opt_rest();
@@ -155,6 +169,12 @@ int ciphers_main(int argc, char **argv)
else if (argc != 0)
goto opthelp;
if (convert != NULL) {
BIO_printf(bio_out, "OpenSSL cipher name: %s\n",
OPENSSL_cipher_name(convert));
goto end;
}
ctx = SSL_CTX_new(meth);
if (ctx == NULL)
goto err;
@@ -171,6 +191,12 @@ int ciphers_main(int argc, char **argv)
if (srp)
SSL_CTX_set_srp_client_pwd_callback(ctx, dummy_srp);
#endif
if (ciphersuites != NULL && !SSL_CTX_set_ciphersuites(ctx, ciphersuites)) {
BIO_printf(bio_err, "Error setting TLSv1.3 ciphersuites\n");
goto err;
}
if (ciphers != NULL) {
if (!SSL_CTX_set_cipher_list(ctx, ciphers)) {
BIO_printf(bio_err, "Error in cipher list\n");
@@ -217,14 +243,12 @@ int ciphers_main(int argc, char **argv)
else
BIO_printf(bio_out, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */
}
#ifndef OPENSSL_NO_SSL_TRACE
if (stdname) {
const char *nm = SSL_CIPHER_standard_name(c);
if (nm == NULL)
nm = "UNKNOWN";
BIO_printf(bio_out, "%s - ", nm);
}
#endif
BIO_puts(bio_out, SSL_CIPHER_description(c, buf, sizeof(buf)));
}
}
@@ -238,5 +262,5 @@ int ciphers_main(int argc, char **argv)
sk_SSL_CIPHER_free(sk);
SSL_CTX_free(ctx);
SSL_free(ssl);
return (ret);
return ret;
}

246
apps/cms.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -12,6 +12,7 @@
#include <stdio.h>
#include <string.h>
#include "apps.h"
#include "progs.h"
#ifndef OPENSSL_NO_CMS
@@ -76,15 +77,16 @@ typedef enum OPTION_choice {
OPT_RR_ALL, OPT_RR_FIRST, OPT_RCTFORM, OPT_CERTFILE, OPT_CAFILE,
OPT_CAPATH, OPT_NOCAPATH, OPT_NOCAFILE,OPT_CONTENT, OPT_PRINT,
OPT_SECRETKEY, OPT_SECRETKEYID, OPT_PWRI_PASSWORD, OPT_ECONTENT_TYPE,
OPT_RAND, OPT_PASSIN, OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP,
OPT_PASSIN, OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP,
OPT_CERTSOUT, OPT_MD, OPT_INKEY, OPT_KEYFORM, OPT_KEYOPT, OPT_RR_FROM,
OPT_RR_TO, OPT_AES128_WRAP, OPT_AES192_WRAP, OPT_AES256_WRAP,
OPT_3DES_WRAP, OPT_ENGINE,
OPT_R_ENUM,
OPT_V_ENUM,
OPT_CIPHER
} OPTION_CHOICE;
OPTIONS cms_options[] = {
const OPTIONS cms_options[] = {
{OPT_HELP_STR, 1, '-', "Usage: %s [options] cert.pem...\n"},
{OPT_HELP_STR, 1, '-',
" cert.pem... recipient certs for encryption\n"},
@@ -146,14 +148,12 @@ OPTIONS cms_options[] = {
"Do not load certificates from the default certificates directory"},
{"content", OPT_CONTENT, '<',
"Supply or override content for detached signature"},
{"print", OPT_PRINT, '-',
{"print", OPT_PRINT, '-',
"For the -cmsout operation print out all fields of the CMS structure"},
{"secretkey", OPT_SECRETKEY, 's'},
{"secretkeyid", OPT_SECRETKEYID, 's'},
{"pwri_password", OPT_PWRI_PASSWORD, 's'},
{"econtent_type", OPT_ECONTENT_TYPE, 's'},
{"rand", OPT_RAND, 's',
"Load the file(s) into the random number generator"},
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"to", OPT_TO, 's', "To address"},
{"from", OPT_FROM, 's', "From address"},
@@ -169,6 +169,7 @@ OPTIONS cms_options[] = {
{"receipt_request_from", OPT_RR_FROM, 's'},
{"receipt_request_to", OPT_RR_TO, 's'},
{"", OPT_CIPHER, '-', "Any supported cipher"},
OPT_R_OPTIONS,
OPT_V_OPTIONS,
{"aes128-wrap", OPT_AES128_WRAP, '-', "Use AES128 to wrap key"},
{"aes192-wrap", OPT_AES192_WRAP, '-', "Use AES192 to wrap key"},
@@ -202,16 +203,13 @@ int cms_main(int argc, char **argv)
const char *CAfile = NULL, *CApath = NULL;
char *certsoutfile = NULL;
int noCAfile = 0, noCApath = 0;
char *infile = NULL, *outfile = NULL, *rctfile = NULL, *inrand = NULL;
char *passinarg = NULL, *passin = NULL, *signerfile = NULL, *recipfile =
NULL;
char *infile = NULL, *outfile = NULL, *rctfile = NULL;
char *passinarg = NULL, *passin = NULL, *signerfile = NULL, *recipfile = NULL;
char *to = NULL, *from = NULL, *subject = NULL, *prog;
cms_key_param *key_first = NULL, *key_param = NULL;
int flags = CMS_DETACHED, noout = 0, print = 0, keyidx = -1, vpmtouched =
0;
int flags = CMS_DETACHED, noout = 0, print = 0, keyidx = -1, vpmtouched = 0;
int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
int need_rand = 0, operation = 0, ret = 1, rr_print = 0, rr_allorfirst =
-1;
int operation = 0, ret = 1, rr_print = 0, rr_allorfirst = -1;
int verify_retcode = 0, rctformat = FORMAT_SMIME, keyform = FORMAT_PEM;
size_t secret_keylen = 0, secret_keyidlen = 0;
unsigned char *pwri_pass = NULL, *pwri_tmp = NULL;
@@ -449,10 +447,6 @@ int cms_main(int argc, char **argv)
goto opthelp;
}
break;
case OPT_RAND:
inrand = opt_arg();
need_rand = 1;
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
@@ -477,7 +471,7 @@ int cms_main(int argc, char **argv)
break;
case OPT_SIGNER:
/* If previous -signer argument add signer to list */
if (signerfile) {
if (signerfile != NULL) {
if (sksigners == NULL
&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
@@ -494,7 +488,7 @@ int cms_main(int argc, char **argv)
break;
case OPT_INKEY:
/* If previous -inkey argument add signer to list */
if (keyfile) {
if (keyfile != NULL) {
if (signerfile == NULL) {
BIO_puts(bio_err, "Illegal -inkey without -signer\n");
goto end;
@@ -525,8 +519,9 @@ int cms_main(int argc, char **argv)
goto end;
sk_X509_push(encerts, cert);
cert = NULL;
} else
} else {
recipfile = opt_arg();
}
break;
case OPT_CIPHER:
if (!opt_cipher(opt_unknown(), &cipher))
@@ -535,12 +530,12 @@ int cms_main(int argc, char **argv)
case OPT_KEYOPT:
keyidx = -1;
if (operation == SMIME_ENCRYPT) {
if (encerts)
if (encerts != NULL)
keyidx += sk_X509_num(encerts);
} else {
if (keyfile || signerfile)
if (keyfile != NULL || signerfile != NULL)
keyidx++;
if (skkeys)
if (skkeys != NULL)
keyidx += sk_OPENSSL_STRING_num(skkeys);
}
if (keyidx < 0) {
@@ -550,9 +545,11 @@ int cms_main(int argc, char **argv)
if (key_param == NULL || key_param->idx != keyidx) {
cms_key_param *nparam;
nparam = app_malloc(sizeof(*nparam), "key param buffer");
nparam->idx = keyidx;
if ((nparam->param = sk_OPENSSL_STRING_new_null()) == NULL)
if ((nparam->param = sk_OPENSSL_STRING_new_null()) == NULL) {
OPENSSL_free(nparam);
goto end;
}
nparam->idx = keyidx;
nparam->next = NULL;
if (key_first == NULL)
key_first = nparam;
@@ -567,6 +564,10 @@ int cms_main(int argc, char **argv)
goto end;
vpmtouched++;
break;
case OPT_R_CASES:
if (!opt_rand(o))
goto end;
break;
case OPT_3DES_WRAP:
# ifndef OPENSSL_NO_DES
wrap_cipher = EVP_des_ede3_wrap();
@@ -586,87 +587,78 @@ int cms_main(int argc, char **argv)
argc = opt_num_rest();
argv = opt_rest();
if (((rr_allorfirst != -1) || rr_from) && !rr_to) {
if ((rr_allorfirst != -1 || rr_from != NULL) && rr_to == NULL) {
BIO_puts(bio_err, "No Signed Receipts Recipients\n");
goto opthelp;
}
if (!(operation & SMIME_SIGNERS) && (rr_to || rr_from)) {
if (!(operation & SMIME_SIGNERS) && (rr_to != NULL || rr_from != NULL)) {
BIO_puts(bio_err, "Signed receipts only allowed with -sign\n");
goto opthelp;
}
if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners)) {
if (!(operation & SMIME_SIGNERS) && (skkeys != NULL || sksigners != NULL)) {
BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
goto opthelp;
}
if (operation & SMIME_SIGNERS) {
if (keyfile && !signerfile) {
if (keyfile != NULL && signerfile == NULL) {
BIO_puts(bio_err, "Illegal -inkey without -signer\n");
goto opthelp;
}
/* Check to see if any final signer needs to be appended */
if (signerfile) {
if (!sksigners
if (signerfile != NULL) {
if (sksigners == NULL
&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
sk_OPENSSL_STRING_push(sksigners, signerfile);
if (!skkeys && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
if (skkeys == NULL && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
if (!keyfile)
if (keyfile == NULL)
keyfile = signerfile;
sk_OPENSSL_STRING_push(skkeys, keyfile);
}
if (!sksigners) {
if (sksigners == NULL) {
BIO_printf(bio_err, "No signer certificate specified\n");
goto opthelp;
}
signerfile = NULL;
keyfile = NULL;
need_rand = 1;
}
else if (operation == SMIME_DECRYPT) {
if (!recipfile && !keyfile && !secret_key && !pwri_pass) {
} else if (operation == SMIME_DECRYPT) {
if (recipfile == NULL && keyfile == NULL
&& secret_key == NULL && pwri_pass == NULL) {
BIO_printf(bio_err,
"No recipient certificate or key specified\n");
goto opthelp;
}
} else if (operation == SMIME_ENCRYPT) {
if (*argv == NULL && !secret_key && !pwri_pass && !encerts) {
if (*argv == NULL && secret_key == NULL
&& pwri_pass == NULL && encerts == NULL) {
BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
goto opthelp;
}
need_rand = 1;
} else if (!operation)
} else if (!operation) {
BIO_printf(bio_err, "No operation option (-encrypt|-decrypt|-sign|-verify|...) specified.\n");
goto opthelp;
}
if (!app_passwd(passinarg, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
if (need_rand) {
app_RAND_load_file(NULL, (inrand != NULL));
if (inrand != NULL)
BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
}
ret = 2;
if (!(operation & SMIME_SIGNERS))
flags &= ~CMS_DETACHED;
if (!(operation & SMIME_OP)) {
if (!(operation & SMIME_OP))
if (flags & CMS_BINARY)
outformat = FORMAT_BINARY;
}
if (!(operation & SMIME_IP)) {
if (!(operation & SMIME_IP))
if (flags & CMS_BINARY)
informat = FORMAT_BINARY;
}
if (operation == SMIME_ENCRYPT) {
if (!cipher) {
@@ -683,7 +675,7 @@ int cms_main(int argc, char **argv)
goto end;
}
if (*argv && !encerts)
if (*argv && encerts == NULL)
if ((encerts = sk_X509_new_null()) == NULL)
goto end;
while (*argv) {
@@ -696,7 +688,7 @@ int cms_main(int argc, char **argv)
}
}
if (certfile) {
if (certfile != NULL) {
if (!load_certs(certfile, &other, FORMAT_PEM, NULL,
"certificate file")) {
ERR_print_errors(bio_err);
@@ -704,7 +696,7 @@ int cms_main(int argc, char **argv)
}
}
if (recipfile && (operation == SMIME_DECRYPT)) {
if (recipfile != NULL && (operation == SMIME_DECRYPT)) {
if ((recip = load_cert(recipfile, FORMAT_PEM,
"recipient certificate file")) == NULL) {
ERR_print_errors(bio_err);
@@ -721,17 +713,18 @@ int cms_main(int argc, char **argv)
}
if (operation == SMIME_DECRYPT) {
if (!keyfile)
if (keyfile == NULL)
keyfile = recipfile;
} else if ((operation == SMIME_SIGN) || (operation == SMIME_SIGN_RECEIPT)) {
if (!keyfile)
if (keyfile == NULL)
keyfile = signerfile;
} else
} else {
keyfile = NULL;
}
if (keyfile) {
if (keyfile != NULL) {
key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
if (!key)
if (key == NULL)
goto end;
}
@@ -740,29 +733,29 @@ int cms_main(int argc, char **argv)
goto end;
if (operation & SMIME_IP) {
if (informat == FORMAT_SMIME)
if (informat == FORMAT_SMIME) {
cms = SMIME_read_CMS(in, &indata);
else if (informat == FORMAT_PEM)
} else if (informat == FORMAT_PEM) {
cms = PEM_read_bio_CMS(in, NULL, NULL, NULL);
else if (informat == FORMAT_ASN1)
} else if (informat == FORMAT_ASN1) {
cms = d2i_CMS_bio(in, NULL);
else {
} else {
BIO_printf(bio_err, "Bad input format for CMS file\n");
goto end;
}
if (!cms) {
if (cms == NULL) {
BIO_printf(bio_err, "Error reading S/MIME message\n");
goto end;
}
if (contfile) {
if (contfile != NULL) {
BIO_free(indata);
if ((indata = BIO_new_file(contfile, "rb")) == NULL) {
BIO_printf(bio_err, "Can't read content file %s\n", contfile);
goto end;
}
}
if (certsoutfile) {
if (certsoutfile != NULL) {
STACK_OF(X509) *allcerts;
allcerts = CMS_get1_certs(cms);
if (!save_certs(certsoutfile, allcerts)) {
@@ -775,25 +768,25 @@ int cms_main(int argc, char **argv)
}
}
if (rctfile) {
if (rctfile != NULL) {
char *rctmode = (rctformat == FORMAT_ASN1) ? "rb" : "r";
if ((rctin = BIO_new_file(rctfile, rctmode)) == NULL) {
BIO_printf(bio_err, "Can't open receipt file %s\n", rctfile);
goto end;
}
if (rctformat == FORMAT_SMIME)
if (rctformat == FORMAT_SMIME) {
rcms = SMIME_read_CMS(rctin, NULL);
else if (rctformat == FORMAT_PEM)
} else if (rctformat == FORMAT_PEM) {
rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL);
else if (rctformat == FORMAT_ASN1)
} else if (rctformat == FORMAT_ASN1) {
rcms = d2i_CMS_bio(rctin, NULL);
else {
} else {
BIO_printf(bio_err, "Bad input format for receipt\n");
goto end;
}
if (!rcms) {
if (rcms == NULL) {
BIO_printf(bio_err, "Error reading receipt\n");
goto end;
}
@@ -823,7 +816,7 @@ int cms_main(int argc, char **argv)
int i;
flags |= CMS_PARTIAL;
cms = CMS_encrypt(NULL, in, cipher, flags);
if (!cms)
if (cms == NULL)
goto end;
for (i = 0; i < sk_X509_num(encerts); i++) {
CMS_RecipientInfo *ri;
@@ -837,9 +830,9 @@ int cms_main(int argc, char **argv)
}
}
ri = CMS_add1_recipient_cert(cms, x, tflags);
if (!ri)
if (ri == NULL)
goto end;
if (kparam) {
if (kparam != NULL) {
EVP_PKEY_CTX *pctx;
pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
if (!cms_set_pkey_param(pctx, kparam->param))
@@ -853,7 +846,7 @@ int cms_main(int argc, char **argv)
}
}
if (secret_key) {
if (secret_key != NULL) {
if (!CMS_add0_recipient_key(cms, NID_undef,
secret_key, secret_keylen,
secret_keyid, secret_keyidlen,
@@ -863,13 +856,13 @@ int cms_main(int argc, char **argv)
secret_key = NULL;
secret_keyid = NULL;
}
if (pwri_pass) {
if (pwri_pass != NULL) {
pwri_tmp = (unsigned char *)OPENSSL_strdup((char *)pwri_pass);
if (!pwri_tmp)
if (pwri_tmp == NULL)
goto end;
if (!CMS_add0_recipient_password(cms,
-1, NID_undef, NID_undef,
pwri_tmp, -1, NULL))
if (CMS_add0_recipient_password(cms,
-1, NID_undef, NID_undef,
pwri_tmp, -1, NULL) == NULL)
goto end;
pwri_tmp = NULL;
}
@@ -886,11 +879,11 @@ int cms_main(int argc, char **argv)
STACK_OF(CMS_SignerInfo) *sis;
CMS_SignerInfo *si;
sis = CMS_get0_SignerInfos(cms);
if (!sis)
if (sis == NULL)
goto end;
si = sk_CMS_SignerInfo_value(sis, 0);
srcms = CMS_sign_receipt(si, signer, key, other, flags);
if (!srcms)
if (srcms == NULL)
goto end;
CMS_ContentInfo_free(cms);
cms = srcms;
@@ -908,21 +901,22 @@ int cms_main(int argc, char **argv)
}
flags |= CMS_PARTIAL;
cms = CMS_sign(NULL, NULL, other, in, flags);
if (!cms)
if (cms == NULL)
goto end;
if (econtent_type)
if (econtent_type != NULL)
CMS_set1_eContentType(cms, econtent_type);
if (rr_to) {
if (rr_to != NULL) {
rr = make_receipt_request(rr_to, rr_allorfirst, rr_from);
if (!rr) {
if (rr == NULL) {
BIO_puts(bio_err,
"Signed Receipt Request Creation Error\n");
goto end;
}
}
} else
} else {
flags |= CMS_REUSE_DIGEST;
}
for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) {
CMS_SignerInfo *si;
cms_key_param *kparam;
@@ -931,12 +925,12 @@ int cms_main(int argc, char **argv)
keyfile = sk_OPENSSL_STRING_value(skkeys, i);
signer = load_cert(signerfile, FORMAT_PEM, "signer certificate");
if (!signer) {
if (signer == NULL) {
ret = 2;
goto end;
}
key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
if (!key) {
if (key == NULL) {
ret = 2;
goto end;
}
@@ -947,15 +941,15 @@ int cms_main(int argc, char **argv)
}
}
si = CMS_add1_signer(cms, signer, key, sign_md, tflags);
if (!si)
if (si == NULL)
goto end;
if (kparam) {
if (kparam != NULL) {
EVP_PKEY_CTX *pctx;
pctx = CMS_SignerInfo_get0_pkey_ctx(si);
if (!cms_set_pkey_param(pctx, kparam->param))
goto end;
}
if (rr && !CMS_add1_ReceiptRequest(si, rr))
if (rr != NULL && !CMS_add1_ReceiptRequest(si, rr))
goto end;
X509_free(signer);
signer = NULL;
@@ -969,7 +963,7 @@ int cms_main(int argc, char **argv)
}
}
if (!cms) {
if (cms == NULL) {
BIO_printf(bio_err, "Error creating CMS structure\n");
goto end;
}
@@ -979,7 +973,7 @@ int cms_main(int argc, char **argv)
if (flags & CMS_DEBUG_DECRYPT)
CMS_decrypt(cms, NULL, NULL, NULL, NULL, flags);
if (secret_key) {
if (secret_key != NULL) {
if (!CMS_decrypt_set1_key(cms,
secret_key, secret_keylen,
secret_keyid, secret_keyidlen)) {
@@ -988,14 +982,14 @@ int cms_main(int argc, char **argv)
}
}
if (key) {
if (key != NULL) {
if (!CMS_decrypt_set1_pkey(cms, key, recip)) {
BIO_puts(bio_err, "Error decrypting CMS using private key\n");
goto end;
}
}
if (pwri_pass) {
if (pwri_pass != NULL) {
if (!CMS_decrypt_set1_password(cms, pwri_pass, -1)) {
BIO_puts(bio_err, "Error decrypting CMS using password\n");
goto end;
@@ -1013,9 +1007,9 @@ int cms_main(int argc, char **argv)
if (!CMS_uncompress(cms, indata, out, flags))
goto end;
} else if (operation == SMIME_DIGEST_VERIFY) {
if (CMS_digest_verify(cms, indata, out, flags) > 0)
if (CMS_digest_verify(cms, indata, out, flags) > 0) {
BIO_printf(bio_err, "Verification successful\n");
else {
} else {
BIO_printf(bio_err, "Verification failure\n");
goto end;
}
@@ -1024,15 +1018,15 @@ int cms_main(int argc, char **argv)
indata, out, flags))
goto end;
} else if (operation == SMIME_VERIFY) {
if (CMS_verify(cms, other, store, indata, out, flags) > 0)
if (CMS_verify(cms, other, store, indata, out, flags) > 0) {
BIO_printf(bio_err, "Verification successful\n");
else {
} else {
BIO_printf(bio_err, "Verification failure\n");
if (verify_retcode)
ret = verify_err + 32;
goto end;
}
if (signerfile) {
if (signerfile != NULL) {
STACK_OF(X509) *signers;
signers = CMS_get0_signers(cms);
if (!save_certs(signerfile, signers)) {
@@ -1047,9 +1041,9 @@ int cms_main(int argc, char **argv)
receipt_request_print(cms);
} else if (operation == SMIME_VERIFY_RECEIPT) {
if (CMS_verify_receipt(rcms, cms, other, store, flags) > 0)
if (CMS_verify_receipt(rcms, cms, other, store, flags) > 0) {
BIO_printf(bio_err, "Verification successful\n");
else {
} else {
BIO_printf(bio_err, "Verification failure\n");
goto end;
}
@@ -1068,11 +1062,11 @@ int cms_main(int argc, char **argv)
ret = SMIME_write_CMS(out, cms, indata, flags);
else
ret = SMIME_write_CMS(out, cms, in, flags);
} else if (outformat == FORMAT_PEM)
} else if (outformat == FORMAT_PEM) {
ret = PEM_write_bio_CMS_stream(out, cms, in, flags);
else if (outformat == FORMAT_ASN1)
} else if (outformat == FORMAT_ASN1) {
ret = i2d_CMS_bio_stream(out, cms, in, flags);
else {
} else {
BIO_printf(bio_err, "Bad output format for CMS file\n");
goto end;
}
@@ -1085,8 +1079,6 @@ int cms_main(int argc, char **argv)
end:
if (ret)
ERR_print_errors(bio_err);
if (need_rand)
app_RAND_write_file(NULL);
sk_X509_pop_free(encerts, X509_free);
sk_X509_pop_free(other, X509_free);
X509_VERIFY_PARAM_free(vpm);
@@ -1119,17 +1111,17 @@ int cms_main(int argc, char **argv)
BIO_free(indata);
BIO_free_all(out);
OPENSSL_free(passin);
return (ret);
return ret;
}
static int save_certs(char *signerfile, STACK_OF(X509) *signers)
{
int i;
BIO *tmp;
if (!signerfile)
if (signerfile == NULL)
return 1;
tmp = BIO_new_file(signerfile, "w");
if (!tmp)
if (tmp == NULL)
return 0;
for (i = 0; i < sk_X509_num(signers); i++)
PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
@@ -1189,9 +1181,9 @@ static void receipt_request_print(CMS_ContentInfo *cms)
si = sk_CMS_SignerInfo_value(sis, i);
rv = CMS_get1_ReceiptRequest(si, &rr);
BIO_printf(bio_err, "Signer %d:\n", i + 1);
if (rv == 0)
if (rv == 0) {
BIO_puts(bio_err, " No Receipt Request\n");
else if (rv < 0) {
} else if (rv < 0) {
BIO_puts(bio_err, " Receipt Request Parse Error\n");
ERR_print_errors(bio_err);
} else {
@@ -1204,15 +1196,16 @@ static void receipt_request_print(CMS_ContentInfo *cms)
id = (const char *)ASN1_STRING_get0_data(scid);
BIO_dump_indent(bio_err, id, idlen, 4);
BIO_puts(bio_err, " Receipts From");
if (rlist) {
if (rlist != NULL) {
BIO_puts(bio_err, " List:\n");
gnames_stack_print(rlist);
} else if (allorfirst == 1)
} else if (allorfirst == 1) {
BIO_puts(bio_err, ": First Tier\n");
else if (allorfirst == 0)
} else if (allorfirst == 0) {
BIO_puts(bio_err, ": All\n");
else
} else {
BIO_printf(bio_err, " Unknown (%d)\n", allorfirst);
}
BIO_puts(bio_err, " Receipts To:\n");
gnames_stack_print(rto);
}
@@ -1227,12 +1220,12 @@ static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns)
GENERAL_NAMES *gens = NULL;
GENERAL_NAME *gen = NULL;
ret = sk_GENERAL_NAMES_new_null();
if (!ret)
if (ret == NULL)
goto err;
for (i = 0; i < sk_OPENSSL_STRING_num(ns); i++) {
char *str = sk_OPENSSL_STRING_value(ns, i);
gen = a2i_GENERAL_NAME(NULL, NULL, NULL, GEN_EMAIL, str, 0);
if (!gen)
if (gen == NULL)
goto err;
gens = GENERAL_NAMES_new();
if (gens == NULL)
@@ -1261,14 +1254,15 @@ static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING)
STACK_OF(GENERAL_NAMES) *rct_to = NULL, *rct_from = NULL;
CMS_ReceiptRequest *rr;
rct_to = make_names_stack(rr_to);
if (!rct_to)
if (rct_to == NULL)
goto err;
if (rr_from) {
if (rr_from != NULL) {
rct_from = make_names_stack(rr_from);
if (!rct_from)
if (rct_from == NULL)
goto err;
} else
} else {
rct_from = NULL;
}
rr = CMS_ReceiptRequest_create0(NULL, -1, rr_allorfirst, rct_from,
rct_to);
return rr;

19
apps/crl.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -11,6 +11,7 @@
#include <stdlib.h>
#include <string.h>
#include "apps.h"
#include "progs.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/x509.h>
@@ -26,7 +27,7 @@ typedef enum OPTION_choice {
OPT_NOOUT, OPT_NAMEOPT, OPT_MD
} OPTION_CHOICE;
OPTIONS crl_options[] = {
const OPTIONS crl_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"inform", OPT_INFORM, 'F', "Input format; default PEM"},
{"in", OPT_IN, '<', "Input file - default stdin"},
@@ -69,8 +70,6 @@ int crl_main(int argc, char **argv)
X509_OBJECT *xobj = NULL;
EVP_PKEY *pkey;
const EVP_MD *digest = EVP_sha1();
unsigned long nmflag = 0;
char nmflag_set = 0;
char *infile = NULL, *outfile = NULL, *crldiff = NULL, *keyfile = NULL;
const char *CAfile = NULL, *CApath = NULL, *prog;
OPTION_CHOICE o;
@@ -169,8 +168,7 @@ int crl_main(int argc, char **argv)
badsig = 1;
break;
case OPT_NAMEOPT:
nmflag_set = 1;
if (!set_name_ex(&nmflag, opt_arg()))
if (!set_nameopt(opt_arg()))
goto opthelp;
break;
case OPT_MD:
@@ -182,9 +180,6 @@ int crl_main(int argc, char **argv)
if (argc != 0)
goto opthelp;
if (!nmflag_set)
nmflag = XN_FLAG_ONELINE;
x = load_crl(infile, informat);
if (x == NULL)
goto end;
@@ -260,7 +255,7 @@ int crl_main(int argc, char **argv)
for (i = 1; i <= num; i++) {
if (issuer == i) {
print_name(bio_out, "issuer=", X509_CRL_get_issuer(x),
nmflag);
get_nameopt());
}
if (crlnumber == i) {
ASN1_INTEGER *crlnum;
@@ -319,7 +314,7 @@ int crl_main(int argc, char **argv)
goto end;
if (text)
X509_CRL_print(out, x);
X509_CRL_print_ex(out, x, get_nameopt());
if (noout) {
ret = 0;
@@ -343,5 +338,5 @@ int crl_main(int argc, char **argv)
X509_CRL_free(x);
X509_STORE_CTX_free(ctx);
X509_STORE_free(store);
return (ret);
return ret;
}

25
apps/crl2p7.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -11,6 +11,7 @@
#include <string.h>
#include <sys/types.h>
#include "apps.h"
#include "progs.h"
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
@@ -25,7 +26,7 @@ typedef enum OPTION_choice {
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_NOCRL, OPT_CERTFILE
} OPTION_CHOICE;
OPTIONS crl2pkcs7_options[] = {
const OPTIONS crl2pkcs7_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"inform", OPT_INFORM, 'F', "Input format - DER or PEM"},
{"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
@@ -119,19 +120,20 @@ int crl2pkcs7_main(int argc, char **argv)
if (!ASN1_INTEGER_set(p7s->version, 1))
goto end;
if ((crl_stack = sk_X509_CRL_new_null()) == NULL)
goto end;
p7s->crl = crl_stack;
if (crl != NULL) {
if ((crl_stack = sk_X509_CRL_new_null()) == NULL)
goto end;
p7s->crl = crl_stack;
sk_X509_CRL_push(crl_stack, crl);
crl = NULL; /* now part of p7 for OPENSSL_freeing */
}
if ((cert_stack = sk_X509_new_null()) == NULL)
goto end;
p7s->cert = cert_stack;
if (certflst != NULL) {
if ((cert_stack = sk_X509_new_null()) == NULL)
goto end;
p7s->cert = cert_stack;
if (certflst)
for (i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) {
certfile = sk_OPENSSL_STRING_value(certflst, i);
if (add_certs_from_file(cert_stack, certfile) < 0) {
@@ -140,6 +142,7 @@ int crl2pkcs7_main(int argc, char **argv)
goto end;
}
}
}
out = bio_open_default(outfile, 'w', outformat);
if (out == NULL)
@@ -162,7 +165,7 @@ int crl2pkcs7_main(int argc, char **argv)
PKCS7_free(p7);
X509_CRL_free(crl);
return (ret);
return ret;
}
/*-
@@ -212,5 +215,5 @@ static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
/* never need to OPENSSL_free x */
BIO_free(in);
sk_X509_INFO_free(sk);
return (ret);
return ret;
}

41
apps/ct_log_list.cnf
View File

@@ -1,34 +1,9 @@
enabled_logs=pilot,aviator,rocketeer,digicert,certly,izempe,symantec,venafi
[pilot]
description = Google Pilot Log
key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfahLEimAoz2t01p3uMziiLOl/fHTDM0YDOhBRuiBARsV4UvxG2LdNgoIGLrtCzWE0J5APC2em4JlvR8EEEFMoA==
[aviator]
description = Google Aviator log
key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1/TMabLkDpCjiupacAlP7xNi0I1JYP8bQFAHDG1xhtolSY1l4QgNRzRrvSe8liE+NPWHdjGxfx3JhTsN9x8/6Q==
[rocketeer]
description = Google Rocketeer log
key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIFsYyDzBi7MxCAC/oJBXK7dHjG+1aLCOkHjpoHPqTyghLpzA9BYbqvnV16mAw04vUjyYASVGJCUoI3ctBcJAeg==
[digicert]
description = DigiCert Log Server
key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAkbFvhu7gkAW6MHSrBlpE1n4+HCFRkC5OLAjgqhkTH+/uzSfSl8ois8ZxAD2NgaTZe1M9akhYlrYkes4JECs6A==
[certly]
description = Certly.IO log
key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECyPLhWKYYUgEc+tUXfPQB4wtGS2MNvXrjwFCCnyYJifBtd2Sk7Cu+Js9DNhMTh35FftHaHu6ZrclnNBKwmbbSA==
[izempe]
description = Izempe log
key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJ2Q5DC3cUBj4IQCiDu0s6j51up+TZAkAEcQRF6tczw90rLWXkJMAW7jr9yc92bIKgV8vDXU4lDeZHvYHduDuvg==
[symantec]
description = Symantec log
key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEluqsHEYMG1XcDfy1lCdGV0JwOmkY4r87xNuroPS2bMBTP01CEDPwWJePa75y9CrsHEKqAy8afig1dpkIPSEUhg==
[venafi]
description = Venafi log
key = MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAolpIHxdSlTXLo1s6H1OCdpSj/4DyHDc8wLG9wVmLqy1lk9fz4ATVmm+/1iN2Nk8jmctUKK2MFUtlWXZBSpym97M7frGlSaQXUWyA3CqQUEuIJOmlEjKTBEiQAvpfDjCHjlV2Be4qTM6jamkJbiWtgnYPhJL6ONaGTiSPm7Byy57iaz/hbckldSOIoRhYBiMzeNoA0DiRZ9KmfSeXZ1rB8y8X5urSW+iBzf2SaOfzBvDpcoTuAaWx2DPazoOl28fP1hZ+kHUYvxbcMjttjauCFx+JII0dmuZNIwjfeG/GBb9frpSX219k1O4Wi6OEbHEr8at/XQ0y7gTikOxBn/s5wQIDAQAB
# This file specifies the Certificate Transparency logs
# that are to be trusted.
# Google's list of logs can be found here:
# www.certificate-transparency.org/known-logs
# A Python program to convert the log list to OpenSSL's format can be
# found here:
# https://github.com/google/certificate-transparency/blob/master/python/utilities/log_list/print_log_list.py
# Use the "--openssl_output" flag.

14
apps/demoCA/cacert.pem
View File

@@ -1,14 +0,0 @@
subject=/C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
-----BEGIN X509 CERTIFICATE-----
MIIBgjCCASwCAQQwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV
BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MTAwOTIz
MzIwNVoXDTk4MDcwNTIzMzIwNVowYDELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM
RDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRkLjELMAkGA1UECxMCQ1MxGzAZBgNV
BAMTElNTTGVheSBkZW1vIHNlcnZlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC3
LCXcScWua0PFLkHBLm2VejqpA1F4RQ8q0VjRiPafjx/Z/aWH3ipdMVvuJGa/wFXb
/nDFLDlfWp+oCPwhBtVPAgMBAAEwDQYJKoZIhvcNAQEEBQADQQArNFsihWIjBzb0
DCsU0BvL2bvSwJrPEqFlkDq3F4M6EGutL9axEcANWgbbEdAvNJD1dmEmoWny27Pn
IMs6ZOZB
-----END X509 CERTIFICATE-----

39
apps/demoCA/index.txt
View File

@@ -1,39 +0,0 @@
R 980705233205Z 951009233205Z 01 certs/00000001 /CN=Eric Young
E 951009233205Z 02 certs/00000002 /CN=Duncan Young
R 980705233205Z 951201010000Z 03 certs/00000003 /CN=Tim Hudson
V 980705233205Z 04 certs/00000004 /CN=Eric Young4
V 980705233205Z 05 certs/00000004 /CN=Eric Young5
V 980705233205Z 06 certs/00000004 /CN=Eric Young6
V 980705233205Z 07 certs/00000004 /CN=Eric Young7
V 980705233205Z 08 certs/00000004 /CN=Eric Young8
V 980705233205Z 09 certs/00000004 /CN=Eric Young9
V 980705233205Z 0A certs/00000004 /CN=Eric YoungA
V 980705233205Z 0B certs/00000004 /CN=Eric YoungB
V 980705233205Z 0C certs/00000004 /CN=Eric YoungC
V 980705233205Z 0D certs/00000004 /CN=Eric YoungD
V 980705233205Z 0E certs/00000004 /CN=Eric YoungE
V 980705233205Z 0F certs/00000004 /CN=Eric YoungF
V 980705233205Z 10 certs/00000004 /CN=Eric Young10
V 980705233205Z 11 certs/00000004 /CN=Eric Young11
V 980705233205Z 12 certs/00000004 /CN=Eric Young12
V 980705233205Z 13 certs/00000004 /CN=Eric Young13
V 980705233205Z 14 certs/00000004 /CN=Eric Young14
V 980705233205Z 15 certs/00000004 /CN=Eric Young15
V 980705233205Z 16 certs/00000004 /CN=Eric Young16
V 980705233205Z 17 certs/00000004 /CN=Eric Young17
V 961206150305Z 010C unknown /C=AU/SP=QLD/O=Mincom Pty. Ltd./OU=MTR/CN=Eric Young/Email=eay@mincom.oz.au
V 961206153245Z 010D unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=Eric Young/Email=eay@mincom.oz.au
V 970322074816Z 010E unknown /CN=Eric Young/Email=eay@mincom.oz.au
V 970322075152Z 010F unknown /CN=Eric Young
V 970322075906Z 0110 unknown /CN=Eric Youngg
V 970324092238Z 0111 unknown /C=AU/SP=Queensland/CN=Eric Young
V 970324221931Z 0112 unknown /CN=Fred
V 970324224934Z 0113 unknown /C=AU/CN=eay
V 971001005237Z 0114 unknown /C=AU/SP=QLD/O=Mincom Pty Ltd/OU=MTR/CN=x509v3 test
V 971001010331Z 0115 unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test again - x509v3
V 971001013945Z 0117 unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=x509v3 test
V 971014225415Z 0118 unknown /C=AU/SP=Queensland/CN=test
V 971015004448Z 0119 unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test2
V 971016035001Z 011A unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test64
V 971016080129Z 011B unknown /C=FR/O=ALCATEL/OU=Alcatel Mobile Phones/CN=bourque/Email=bourque@art.alcatel.fr
V 971016224000Z 011D unknown /L=Bedford/O=Cranfield University/OU=Computer Centre/CN=Peter R Lister/Email=P.Lister@cranfield.ac.uk

24
apps/demoCA/private/cakey.pem
View File

@@ -1,24 +0,0 @@
issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
subject=/C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
-----BEGIN X509 CERTIFICATE-----
MIIBgjCCASwCAQQwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV
BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MTAwOTIz
MzIwNVoXDTk4MDcwNTIzMzIwNVowYDELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM
RDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRkLjELMAkGA1UECxMCQ1MxGzAZBgNV
BAMTElNTTGVheSBkZW1vIHNlcnZlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC3
LCXcScWua0PFLkHBLm2VejqpA1F4RQ8q0VjRiPafjx/Z/aWH3ipdMVvuJGa/wFXb
/nDFLDlfWp+oCPwhBtVPAgMBAAEwDQYJKoZIhvcNAQEEBQADQQArNFsihWIjBzb0
DCsU0BvL2bvSwJrPEqFlkDq3F4M6EGutL9axEcANWgbbEdAvNJD1dmEmoWny27Pn
IMs6ZOZB
-----END X509 CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIBPAIBAAJBALcsJdxJxa5rQ8UuQcEubZV6OqkDUXhFDyrRWNGI9p+PH9n9pYfe
Kl0xW+4kZr/AVdv+cMUsOV9an6gI/CEG1U8CAwEAAQJAXJMBZ34ZXHd1vtgL/3hZ
hexKbVTx/djZO4imXO/dxPGRzG2ylYZpHmG32/T1kaHpZlCHoEPgHoSzmxYXfxjG
sQIhAPmZ/bQOjmRUHM/VM2X5zrjjM6z18R1P6l3ObFwt9FGdAiEAu943Yh9SqMRw
tL0xHGxKmM/YJueUw1gB6sLkETN71NsCIQCeT3RhoqXfrpXDoEcEU+gwzjI1bpxq
agiNTOLfqGoA5QIhAIQFYjgzONxex7FLrsKBm16N2SFl5pXsN9SpRqqL2n63AiEA
g9VNIQ3xwpw7og3IbONifeku+J9qGMGQJMKwSTwrFtI=
-----END RSA PRIVATE KEY-----

1
apps/demoCA/serial
View File

@@ -1 +0,0 @@
011E

2
apps/demoSRP/srp_verifier.txt
View File

@@ -3,4 +3,4 @@
# records starting with a I followed by the g and N values and the id.
# The exact values ... you have to dig this out from the source of srp.c
# or srp_vfy.c
# The last value of an I is used as the default group for new users.
# The last value of an I is used as the default group for new users.

222
apps/dgst.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -11,6 +11,7 @@
#include <string.h>
#include <stdlib.h>
#include "apps.h"
#include "progs.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/evp.h>
@@ -18,6 +19,7 @@
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/hmac.h>
#include <ctype.h>
#undef BUFSIZE
#define BUFSIZE 1024*8
@@ -26,25 +28,31 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
EVP_PKEY *key, unsigned char *sigin, int siglen,
const char *sig_name, const char *md_name,
const char *file);
static void show_digests(const OBJ_NAME *name, void *bio_);
struct doall_dgst_digests {
BIO *bio;
int n;
};
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_C, OPT_R, OPT_RAND, OPT_OUT, OPT_SIGN, OPT_PASSIN, OPT_VERIFY,
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_LIST,
OPT_C, OPT_R, OPT_OUT, OPT_SIGN, OPT_PASSIN, OPT_VERIFY,
OPT_PRVERIFY, OPT_SIGNATURE, OPT_KEYFORM, OPT_ENGINE, OPT_ENGINE_IMPL,
OPT_HEX, OPT_BINARY, OPT_DEBUG, OPT_FIPS_FINGERPRINT,
OPT_HMAC, OPT_MAC, OPT_SIGOPT, OPT_MACOPT,
OPT_DIGEST
OPT_DIGEST,
OPT_R_ENUM
} OPTION_CHOICE;
OPTIONS dgst_options[] = {
const OPTIONS dgst_options[] = {
{OPT_HELP_STR, 1, '-', "Usage: %s [options] [file...]\n"},
{OPT_HELP_STR, 1, '-',
" file... files to digest (default is stdin)\n"},
{"help", OPT_HELP, '-', "Display this summary"},
{"list", OPT_LIST, '-', "List digests"},
{"c", OPT_C, '-', "Print the digest with separating colons"},
{"r", OPT_R, '-', "Print the digest in coreutils format"},
{"rand", OPT_RAND, 's',
"Use file(s) containing random data to seed RNG or an EGD sock"},
{"out", OPT_OUT, '>', "Output to filename rather than stdout"},
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"sign", OPT_SIGN, 's', "Sign digest using private key"},
@@ -65,6 +73,7 @@ OPTIONS dgst_options[] = {
{"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
{"macopt", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form or key"},
{"", OPT_DIGEST, '-', "Any supported digest"},
OPT_R_OPTIONS,
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
{"engine_impl", OPT_ENGINE_IMPL, '-',
@@ -84,12 +93,13 @@ int dgst_main(int argc, char **argv)
char *passinarg = NULL, *passin = NULL;
const EVP_MD *md = NULL, *m;
const char *outfile = NULL, *keyfile = NULL, *prog = NULL;
const char *sigfile = NULL, *randfile = NULL;
const char *sigfile = NULL;
OPTION_CHOICE o;
int separator = 0, debug = 0, keyform = FORMAT_PEM, siglen = 0;
int i, ret = 1, out_bin = -1, want_pub = 0, do_verify = 0;
unsigned char *buf = NULL, *sigbuf = NULL;
int engine_impl = 0;
struct doall_dgst_digests dec;
prog = opt_progname(argv[0]);
buf = app_malloc(BUFSIZE, "I/O buffer");
@@ -107,14 +117,24 @@ int dgst_main(int argc, char **argv)
opt_help(dgst_options);
ret = 0;
goto end;
case OPT_LIST:
BIO_printf(bio_out, "Supported digests:\n");
dec.bio = bio_out;
dec.n = 0;
OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_MD_METH,
show_digests, &dec);
BIO_printf(bio_out, "\n");
ret = 0;
goto end;
case OPT_C:
separator = 1;
break;
case OPT_R:
separator = 2;
break;
case OPT_RAND:
randfile = opt_arg();
case OPT_R_CASES:
if (!opt_rand(o))
goto end;
break;
case OPT_OUT:
outfile = opt_arg();
@@ -190,7 +210,7 @@ int dgst_main(int argc, char **argv)
goto end;
}
if (do_verify && !sigfile) {
if (do_verify && sigfile == NULL) {
BIO_printf(bio_err,
"No signature to verify: use the -signature option\n");
goto end;
@@ -217,43 +237,51 @@ int dgst_main(int argc, char **argv)
}
if (out_bin == -1) {
if (keyfile)
if (keyfile != NULL)
out_bin = 1;
else
out_bin = 0;
}
if (randfile)
app_RAND_load_file(randfile, 0);
out = bio_open_default(outfile, 'w', out_bin ? FORMAT_BINARY : FORMAT_TEXT);
if (out == NULL)
goto end;
if ((! !mac_name + ! !keyfile + ! !hmac_key) > 1) {
if ((!(mac_name == NULL) + !(keyfile == NULL) + !(hmac_key == NULL)) > 1) {
BIO_printf(bio_err, "MAC and Signing key cannot both be specified\n");
goto end;
}
if (keyfile) {
if (keyfile != NULL) {
int type;
if (want_pub)
sigkey = load_pubkey(keyfile, keyform, 0, NULL, e, "key file");
else
sigkey = load_key(keyfile, keyform, 0, passin, e, "key file");
if (!sigkey) {
if (sigkey == NULL) {
/*
* load_[pub]key() has already printed an appropriate message
*/
goto end;
}
type = EVP_PKEY_id(sigkey);
if (type == EVP_PKEY_ED25519 || type == EVP_PKEY_ED448) {
/*
* We implement PureEdDSA for these which doesn't have a separate
* digest, and only supports one shot.
*/
BIO_printf(bio_err, "Key type not supported for this operation\n");
goto end;
}
}
if (mac_name) {
if (mac_name != NULL) {
EVP_PKEY_CTX *mac_ctx = NULL;
int r = 0;
if (!init_gen_str(&mac_ctx, mac_name, impl, 0))
goto mac_end;
if (macopts) {
if (macopts != NULL) {
char *macopt;
for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++) {
macopt = sk_OPENSSL_STRING_value(macopts, i);
@@ -277,14 +305,14 @@ int dgst_main(int argc, char **argv)
goto end;
}
if (hmac_key) {
sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, impl,
(unsigned char *)hmac_key, -1);
if (!sigkey)
if (hmac_key != NULL) {
sigkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, impl,
(unsigned char *)hmac_key, -1);
if (sigkey == NULL)
goto end;
}
if (sigkey) {
if (sigkey != NULL) {
EVP_MD_CTX *mctx = NULL;
EVP_PKEY_CTX *pctx = NULL;
int r;
@@ -302,7 +330,7 @@ int dgst_main(int argc, char **argv)
ERR_print_errors(bio_err);
goto end;
}
if (sigopts) {
if (sigopts != NULL) {
char *sigopt;
for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) {
sigopt = sk_OPENSSL_STRING_value(sigopts, i);
@@ -331,9 +359,9 @@ int dgst_main(int argc, char **argv)
}
}
if (sigfile && sigkey) {
if (sigfile != NULL && sigkey != NULL) {
BIO *sigbio = BIO_new_file(sigfile, "rb");
if (!sigbio) {
if (sigbio == NULL) {
BIO_printf(bio_err, "Error opening signature file %s\n", sigfile);
ERR_print_errors(bio_err);
goto end;
@@ -363,14 +391,14 @@ int dgst_main(int argc, char **argv)
} else {
const char *md_name = NULL, *sig_name = NULL;
if (!out_bin) {
if (sigkey) {
if (sigkey != NULL) {
const EVP_PKEY_ASN1_METHOD *ameth;
ameth = EVP_PKEY_get0_asn1(sigkey);
if (ameth)
EVP_PKEY_asn1_get0_info(NULL, NULL,
NULL, NULL, &sig_name, ameth);
}
if (md)
if (md != NULL)
md_name = EVP_MD_name(md);
}
ret = 0;
@@ -380,9 +408,10 @@ int dgst_main(int argc, char **argv)
perror(argv[i]);
ret++;
continue;
} else
} else {
r = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf,
siglen, sig_name, md_name, argv[i]);
}
if (r)
ret = r;
(void)BIO_reset(bmd);
@@ -399,76 +428,157 @@ int dgst_main(int argc, char **argv)
OPENSSL_free(sigbuf);
BIO_free(bmd);
release_engine(e);
return (ret);
return ret;
}
static void show_digests(const OBJ_NAME *name, void *arg)
{
struct doall_dgst_digests *dec = (struct doall_dgst_digests *)arg;
const EVP_MD *md = NULL;
/* Filter out signed digests (a.k.a signature algorithms) */
if (strstr(name->name, "rsa") != NULL || strstr(name->name, "RSA") != NULL)
return;
if (!islower((unsigned char)*name->name))
return;
/* Filter out message digests that we cannot use */
md = EVP_get_digestbyname(name->name);
if (md == NULL)
return;
BIO_printf(dec->bio, "-%-25s", name->name);
if (++dec->n == 3) {
BIO_printf(dec->bio, "\n");
dec->n = 0;
} else {
BIO_printf(dec->bio, " ");
}
}
/*
* The newline_escape_filename function performs newline escaping for any
* filename that contains a newline. This function also takes a pointer
* to backslash. The backslash pointer is a flag to indicating whether a newline
* is present in the filename. If a newline is present, the backslash flag is
* set and the output format will contain a backslash at the beginning of the
* digest output. This output format is to replicate the output format found
* in the '*sum' checksum programs. This aims to preserve backward
* compatibility.
*/
static const char *newline_escape_filename(const char *file, int * backslash)
{
size_t i, e = 0, length = strlen(file), newline_count = 0, mem_len = 0;
char *file_cpy = NULL;
for (i = 0; i < length; i++)
if (file[i] == '\n')
newline_count++;
mem_len = length + newline_count + 1;
file_cpy = app_malloc(mem_len, file);
i = 0;
while(e < length) {
const char c = file[e];
if (c == '\n') {
file_cpy[i++] = '\\';
file_cpy[i++] = 'n';
*backslash = 1;
} else {
file_cpy[i++] = c;
}
e++;
}
file_cpy[i] = '\0';
return (const char*)file_cpy;
}
int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
EVP_PKEY *key, unsigned char *sigin, int siglen,
const char *sig_name, const char *md_name,
const char *file)
{
size_t len;
int i;
size_t len = BUFSIZE;
int i, backslash = 0, ret = 1;
unsigned char *sigbuf = NULL;
for (;;) {
while (BIO_pending(bp) || !BIO_eof(bp)) {
i = BIO_read(bp, (char *)buf, BUFSIZE);
if (i < 0) {
BIO_printf(bio_err, "Read Error in %s\n", file);
ERR_print_errors(bio_err);
return 1;
goto end;
}
if (i == 0)
break;
}
if (sigin) {
if (sigin != NULL) {
EVP_MD_CTX *ctx;
BIO_get_md_ctx(bp, &ctx);
i = EVP_DigestVerifyFinal(ctx, sigin, (unsigned int)siglen);
if (i > 0)
if (i > 0) {
BIO_printf(out, "Verified OK\n");
else if (i == 0) {
} else if (i == 0) {
BIO_printf(out, "Verification Failure\n");
return 1;
goto end;
} else {
BIO_printf(bio_err, "Error Verifying Data\n");
ERR_print_errors(bio_err);
return 1;
goto end;
}
return 0;
ret = 0;
goto end;
}
if (key) {
if (key != NULL) {
EVP_MD_CTX *ctx;
int pkey_len;
BIO_get_md_ctx(bp, &ctx);
len = BUFSIZE;
pkey_len = EVP_PKEY_size(key);
if (pkey_len > BUFSIZE) {
len = pkey_len;
sigbuf = app_malloc(len, "Signature buffer");
buf = sigbuf;
}
if (!EVP_DigestSignFinal(ctx, buf, &len)) {
BIO_printf(bio_err, "Error Signing Data\n");
ERR_print_errors(bio_err);
return 1;
goto end;
}
} else {
len = BIO_gets(bp, (char *)buf, BUFSIZE);
if ((int)len < 0) {
ERR_print_errors(bio_err);
return 1;
goto end;
}
}
if (binout)
if (binout) {
BIO_write(out, buf, len);
else if (sep == 2) {
} else if (sep == 2) {
file = newline_escape_filename(file, &backslash);
if (backslash == 1)
BIO_puts(out, "\\");
for (i = 0; i < (int)len; i++)
BIO_printf(out, "%02x", buf[i]);
BIO_printf(out, " *%s\n", file);
OPENSSL_free((char *)file);
} else {
if (sig_name) {
if (sig_name != NULL) {
BIO_puts(out, sig_name);
if (md_name)
if (md_name != NULL)
BIO_printf(out, "-%s", md_name);
BIO_printf(out, "(%s)= ", file);
} else if (md_name)
} else if (md_name != NULL) {
BIO_printf(out, "%s(%s)= ", md_name, file);
else
} else {
BIO_printf(out, "(%s)= ", file);
}
for (i = 0; i < (int)len; i++) {
if (sep && (i != 0))
BIO_printf(out, ":");
@@ -476,5 +586,11 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
}
BIO_printf(out, "\n");
}
return 0;
ret = 0;
end:
if (sigbuf != NULL)
OPENSSL_clear_free(sigbuf, len);
return ret;
}

2
apps/dh1024.pem
View File

@@ -4,7 +4,7 @@ Sgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL
/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AgEC
-----END DH PARAMETERS-----
These are the 1024-bit DH parameters from "Internet Key Exchange
These are the 1024-bit DH parameters from "Internet Key Exchange
Protocol Version 2 (IKEv2)": https://tools.ietf.org/html/rfc5996
See https://tools.ietf.org/html/rfc2412 for how they were generated.

4
apps/dh2048.pem
View File

@@ -7,8 +7,8 @@ fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq
5RXSJhiY+gUQFXKOWoqsqmj//////////wIBAg==
-----END DH PARAMETERS-----
These are the 2048-bit DH parameters from "More Modular Exponential
(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)":
These are the 2048-bit DH parameters from "More Modular Exponential
(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)":
https://tools.ietf.org/html/rfc3526
See https://tools.ietf.org/html/rfc2412 for how they were generated.

4
apps/dh4096.pem
View File

@@ -12,8 +12,8 @@ ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTOjbu8LbBN6O
HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0BjGZ//////////8CAQI=
-----END DH PARAMETERS-----
These are the 4096-bit DH parameters from "More Modular Exponential
(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)":
These are the 4096-bit DH parameters from "More Modular Exponential
(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)":
https://tools.ietf.org/html/rfc3526
See https://tools.ietf.org/html/rfc2412 for how they were generated.

123
apps/dhparam.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -8,27 +8,24 @@
*/
#include <openssl/opensslconf.h>
#ifdef OPENSSL_NO_DH
NON_EMPTY_TRANSLATION_UNIT
#else
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
#include <string.h>
#include "apps.h"
#include "progs.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/bn.h>
#include <openssl/dh.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
# include <stdio.h>
# include <stdlib.h>
# include <time.h>
# include <string.h>
# include "apps.h"
# include <openssl/bio.h>
# include <openssl/err.h>
# include <openssl/bn.h>
# include <openssl/dh.h>
# include <openssl/x509.h>
# include <openssl/pem.h>
#ifndef OPENSSL_NO_DSA
# include <openssl/dsa.h>
#endif
# ifndef OPENSSL_NO_DSA
# include <openssl/dsa.h>
# endif
# define DEFBITS 2048
#define DEFBITS 2048
static int dh_cb(int p, int n, BN_GENCB *cb);
@@ -36,10 +33,11 @@ typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT,
OPT_ENGINE, OPT_CHECK, OPT_TEXT, OPT_NOOUT,
OPT_RAND, OPT_DSAPARAM, OPT_C, OPT_2, OPT_5
OPT_DSAPARAM, OPT_C, OPT_2, OPT_5,
OPT_R_ENUM
} OPTION_CHOICE;
OPTIONS dhparam_options[] = {
const OPTIONS dhparam_options[] = {
{OPT_HELP_STR, 1, '-', "Usage: %s [flags] [numbits]\n"},
{OPT_HELP_STR, 1, '-', "Valid options are:\n"},
{"help", OPT_HELP, '-', "Display this summary"},
@@ -50,18 +48,17 @@ OPTIONS dhparam_options[] = {
{"check", OPT_CHECK, '-', "Check the DH parameters"},
{"text", OPT_TEXT, '-', "Print a text form of the DH parameters"},
{"noout", OPT_NOOUT, '-', "Don't output any DH parameters"},
{"rand", OPT_RAND, 's',
"Load the file(s) into the random number generator"},
OPT_R_OPTIONS,
{"C", OPT_C, '-', "Print C code"},
{"2", OPT_2, '-', "Generate parameters using 2 as the generator value"},
{"5", OPT_5, '-', "Generate parameters using 5 as the generator value"},
# ifndef OPENSSL_NO_DSA
#ifndef OPENSSL_NO_DSA
{"dsaparam", OPT_DSAPARAM, '-',
"Read or generate DSA parameters, convert to DH"},
# endif
# ifndef OPENSSL_NO_ENGINE
#endif
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
# endif
#endif
{NULL}
};
@@ -69,7 +66,7 @@ int dhparam_main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL;
DH *dh = NULL;
char *infile = NULL, *outfile = NULL, *prog, *inrand = NULL;
char *infile = NULL, *outfile = NULL, *prog;
ENGINE *e = NULL;
#ifndef OPENSSL_NO_DSA
int dsaparam = 0;
@@ -130,27 +127,28 @@ int dhparam_main(int argc, char **argv)
case OPT_NOOUT:
noout = 1;
break;
case OPT_RAND:
inrand = opt_arg();
case OPT_R_CASES:
if (!opt_rand(o))
goto end;
break;
}
}
argc = opt_num_rest();
argv = opt_rest();
if (argv[0] && (!opt_int(argv[0], &num) || num <= 0))
if (argv[0] != NULL && (!opt_int(argv[0], &num) || num <= 0))
goto end;
if (g && !num)
num = DEFBITS;
# ifndef OPENSSL_NO_DSA
#ifndef OPENSSL_NO_DSA
if (dsaparam && g) {
BIO_printf(bio_err,
"generator may not be chosen for DSA parameters\n");
goto end;
}
# endif
#endif
out = bio_open_default(outfile, 'w', outformat);
if (out == NULL)
@@ -170,15 +168,8 @@ int dhparam_main(int argc, char **argv)
}
BN_GENCB_set(cb, dh_cb, bio_err);
if (!app_RAND_load_file(NULL, 1) && inrand == NULL) {
BIO_printf(bio_err,
"warning, not much extra random data, consider using the -rand option\n");
}
if (inrand != NULL)
BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
# ifndef OPENSSL_NO_DSA
#ifndef OPENSSL_NO_DSA
if (dsaparam) {
DSA *dsa = DSA_new();
@@ -201,7 +192,7 @@ int dhparam_main(int argc, char **argv)
goto end;
}
} else
# endif
#endif
{
dh = DH_new();
BIO_printf(bio_err,
@@ -216,14 +207,13 @@ int dhparam_main(int argc, char **argv)
}
BN_GENCB_free(cb);
app_RAND_write_file(NULL);
} else {
in = bio_open_default(infile, 'r', informat);
if (in == NULL)
goto end;
# ifndef OPENSSL_NO_DSA
#ifndef OPENSSL_NO_DSA
if (dsaparam) {
DSA *dsa;
@@ -245,7 +235,7 @@ int dhparam_main(int argc, char **argv)
goto end;
}
} else
# endif
#endif
{
if (informat == FORMAT_ASN1) {
/*
@@ -315,33 +305,31 @@ int dhparam_main(int argc, char **argv)
bits = DH_bits(dh);
DH_get0_pqg(dh, &pbn, NULL, &gbn);
data = app_malloc(len, "print a BN");
BIO_printf(out, "#ifndef HEADER_DH_H\n"
"# include <openssl/dh.h>\n"
"#endif\n"
"\n");
BIO_printf(out, "DH *get_dh%d()\n{\n", bits);
BIO_printf(out, "static DH *get_dh%d(void)\n{\n", bits);
print_bignum_var(out, pbn, "dhp", bits, data);
print_bignum_var(out, gbn, "dhg", bits, data);
BIO_printf(out, " DH *dh = DH_new();\n"
" BIGNUM *dhp_bn, *dhg_bn;\n"
" BIGNUM *p, *g;\n"
"\n"
" if (dh == NULL)\n"
" return NULL;\n");
BIO_printf(out, " dhp_bn = BN_bin2bn(dhp_%d, sizeof(dhp_%d), NULL);\n",
BIO_printf(out, " p = BN_bin2bn(dhp_%d, sizeof(dhp_%d), NULL);\n",
bits, bits);
BIO_printf(out, " dhg_bn = BN_bin2bn(dhg_%d, sizeof(dhg_%d), NULL);\n",
BIO_printf(out, " g = BN_bin2bn(dhg_%d, sizeof(dhg_%d), NULL);\n",
bits, bits);
BIO_printf(out, " if (dhp_bn == NULL || dhg_bn == NULL\n"
" || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {\n"
BIO_printf(out, " if (p == NULL || g == NULL\n"
" || !DH_set0_pqg(dh, p, NULL, g)) {\n"
" DH_free(dh);\n"
" BN_free(dhp_bn);\n"
" BN_free(dhg_bn);\n"
" BN_free(p);\n"
" BN_free(g);\n"
" return NULL;\n"
" }\n");
if (DH_get_length(dh) > 0)
BIO_printf(out,
" if (!DH_set_length(dh, %ld)) {\n"
" DH_free(dh);\n"
" return NULL;\n"
" }\n", DH_get_length(dh));
BIO_printf(out, " return dh;\n}\n");
OPENSSL_free(data);
@@ -355,10 +343,11 @@ int dhparam_main(int argc, char **argv)
i = i2d_DHxparams_bio(out, dh);
else
i = i2d_DHparams_bio(out, dh);
} else if (q != NULL)
} else if (q != NULL) {
i = PEM_write_bio_DHxparams(out, dh);
else
} else {
i = PEM_write_bio_DHparams(out, dh);
}
if (!i) {
BIO_printf(bio_err, "unable to write DH parameters\n");
ERR_print_errors(bio_err);
@@ -371,23 +360,15 @@ int dhparam_main(int argc, char **argv)
BIO_free_all(out);
DH_free(dh);
release_engine(e);
return (ret);
return ret;
}
static int dh_cb(int p, int n, BN_GENCB *cb)
{
char c = '*';
static const char symbols[] = ".+*\n";
char c = (p >= 0 && (size_t)p < sizeof(symbols) - 1) ? symbols[p] : '?';
if (p == 0)
c = '.';
if (p == 1)
c = '+';
if (p == 2)
c = '*';
if (p == 3)
c = '\n';
BIO_write(BN_GENCB_get_arg(cb), &c, 1);
(void)BIO_flush(BN_GENCB_get_arg(cb));
return 1;
}
#endif

73
apps/dsa.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -8,22 +8,19 @@
*/
#include <openssl/opensslconf.h>
#ifdef OPENSSL_NO_DSA
NON_EMPTY_TRANSLATION_UNIT
#else
# include <stdio.h>
# include <stdlib.h>
# include <string.h>
# include <time.h>
# include "apps.h"
# include <openssl/bio.h>
# include <openssl/err.h>
# include <openssl/dsa.h>
# include <openssl/evp.h>
# include <openssl/x509.h>
# include <openssl/pem.h>
# include <openssl/bn.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include "apps.h"
#include "progs.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/dsa.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/bn.h>
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
@@ -34,7 +31,7 @@ typedef enum OPTION_choice {
OPT_PUBOUT, OPT_CIPHER, OPT_PASSIN, OPT_PASSOUT
} OPTION_CHOICE;
OPTIONS dsa_options[] = {
const OPTIONS dsa_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"inform", OPT_INFORM, 'f', "Input format, DER PEM PVK"},
{"outform", OPT_OUTFORM, 'f', "Output format, DER PEM PVK"},
@@ -48,14 +45,14 @@ OPTIONS dsa_options[] = {
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
{"", OPT_CIPHER, '-', "Any supported cipher"},
# ifndef OPENSSL_NO_RC4
#ifndef OPENSSL_NO_RC4
{"pvk-strong", OPT_PVK_STRONG, '-', "Enable 'Strong' PVK encoding level (default)"},
{"pvk-weak", OPT_PVK_WEAK, '-', "Enable 'Weak' PVK encoding level"},
{"pvk-none", OPT_PVK_NONE, '-', "Don't enforce PVK encoding"},
# endif
# ifndef OPENSSL_NO_ENGINE
#endif
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
# endif
#endif
{NULL}
};
@@ -70,9 +67,9 @@ int dsa_main(int argc, char **argv)
OPTION_CHOICE o;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0;
int i, modulus = 0, pubin = 0, pubout = 0, ret = 1;
# ifndef OPENSSL_NO_RC4
#ifndef OPENSSL_NO_RC4
int pvk_encr = 2;
# endif
#endif
int private = 0;
prog = opt_init(argc, argv, dsa_options);
@@ -161,7 +158,7 @@ int dsa_main(int argc, char **argv)
else
pkey = load_key(infile, informat, 1, passin, e, "Private Key");
if (pkey) {
if (pkey != NULL) {
dsa = EVP_PKEY_get1_DSA(pkey);
EVP_PKEY_free(pkey);
}
@@ -199,21 +196,21 @@ int dsa_main(int argc, char **argv)
}
BIO_printf(bio_err, "writing DSA key\n");
if (outformat == FORMAT_ASN1) {
if (pubin || pubout)
if (pubin || pubout) {
i = i2d_DSA_PUBKEY_bio(out, dsa);
else {
} else {
assert(private);
i = i2d_DSAPrivateKey_bio(out, dsa);
}
} else if (outformat == FORMAT_PEM) {
if (pubin || pubout)
if (pubin || pubout) {
i = PEM_write_bio_DSA_PUBKEY(out, dsa);
else {
} else {
assert(private);
i = PEM_write_bio_DSAPrivateKey(out, dsa, enc,
NULL, 0, NULL, passout);
}
# ifndef OPENSSL_NO_RSA
#ifndef OPENSSL_NO_RSA
} else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
EVP_PKEY *pk;
pk = EVP_PKEY_new();
@@ -228,22 +225,21 @@ int dsa_main(int argc, char **argv)
goto end;
}
assert(private);
# ifdef OPENSSL_NO_RC4
# ifdef OPENSSL_NO_RC4
BIO_printf(bio_err, "PVK format not supported\n");
EVP_PKEY_free(pk);
goto end;
# else
# else
i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout);
# endif
}
else if (pubin || pubout)
# endif
} else if (pubin || pubout) {
i = i2b_PublicKey_bio(out, pk);
else {
} else {
assert(private);
i = i2b_PrivateKey_bio(out, pk);
}
EVP_PKEY_free(pk);
# endif
#endif
} else {
BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end;
@@ -260,6 +256,5 @@ int dsa_main(int argc, char **argv)
release_engine(e);
OPENSSL_free(passin);
OPENSSL_free(passout);
return (ret);
return ret;
}
#endif

138
apps/dsaparam.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -8,43 +8,28 @@
*/
#include <openssl/opensslconf.h>
#ifdef OPENSSL_NO_DSA
NON_EMPTY_TRANSLATION_UNIT
#else
# include <stdio.h>
# include <stdlib.h>
# include <time.h>
# include <string.h>
# include "apps.h"
# include <openssl/bio.h>
# include <openssl/err.h>
# include <openssl/bn.h>
# include <openssl/dsa.h>
# include <openssl/x509.h>
# include <openssl/pem.h>
# ifdef GENCB_TEST
static int stop_keygen_flag = 0;
static void timebomb_sigalarm(int foo)
{
stop_keygen_flag = 1;
}
# endif
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
#include <string.h>
#include "apps.h"
#include "progs.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/bn.h>
#include <openssl/dsa.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
static int dsa_cb(int p, int n, BN_GENCB *cb);
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT, OPT_C,
OPT_NOOUT, OPT_GENKEY, OPT_RAND, OPT_ENGINE,
OPT_TIMEBOMB
OPT_NOOUT, OPT_GENKEY, OPT_ENGINE, OPT_R_ENUM
} OPTION_CHOICE;
OPTIONS dsaparam_options[] = {
const OPTIONS dsaparam_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"inform", OPT_INFORM, 'F', "Input format - DER or PEM"},
{"in", OPT_IN, '<', "Input file"},
@@ -54,13 +39,10 @@ OPTIONS dsaparam_options[] = {
{"C", OPT_C, '-', "Output C code"},
{"noout", OPT_NOOUT, '-', "No output"},
{"genkey", OPT_GENKEY, '-', "Generate a DSA key"},
{"rand", OPT_RAND, 's', "Files to use for random number input"},
# ifdef GENCB_TEST
{"timebomb", OPT_TIMEBOMB, 'p', "Interrupt keygen after 'pnum' seconds"},
# endif
# ifndef OPENSSL_NO_ENGINE
OPT_R_OPTIONS,
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
# endif
#endif
{NULL}
};
@@ -70,13 +52,10 @@ int dsaparam_main(int argc, char **argv)
DSA *dsa = NULL;
BIO *in = NULL, *out = NULL;
BN_GENCB *cb = NULL;
int numbits = -1, num = 0, genkey = 0, need_rand = 0;
int numbits = -1, num = 0, genkey = 0;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, noout = 0, C = 0;
int ret = 1, i, text = 0, private = 0;
# ifdef GENCB_TEST
int timebomb = 0;
# endif
char *infile = NULL, *outfile = NULL, *prog, *inrand = NULL;
char *infile = NULL, *outfile = NULL, *prog;
OPTION_CHOICE o;
prog = opt_init(argc, argv, dsaparam_options);
@@ -108,11 +87,6 @@ int dsaparam_main(int argc, char **argv)
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_TIMEBOMB:
# ifdef GENCB_TEST
timebomb = atoi(opt_arg());
break;
# endif
case OPT_TEXT:
text = 1;
break;
@@ -120,11 +94,11 @@ int dsaparam_main(int argc, char **argv)
C = 1;
break;
case OPT_GENKEY:
genkey = need_rand = 1;
genkey = 1;
break;
case OPT_RAND:
inrand = opt_arg();
need_rand = 1;
case OPT_R_CASES:
if (!opt_rand(o))
goto end;
break;
case OPT_NOOUT:
noout = 1;
@@ -139,7 +113,6 @@ int dsaparam_main(int argc, char **argv)
goto end;
/* generate a key */
numbits = num;
need_rand = 1;
}
private = genkey ? 1 : 0;
@@ -150,21 +123,19 @@ int dsaparam_main(int argc, char **argv)
if (out == NULL)
goto end;
if (need_rand) {
app_RAND_load_file(NULL, (inrand != NULL));
if (inrand != NULL)
BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
}
if (numbits > 0) {
if (numbits > OPENSSL_DSA_MAX_MODULUS_BITS)
BIO_printf(bio_err,
"Warning: It is not recommended to use more than %d bit for DSA keys.\n"
" Your key size is %d! Larger key size may behave not as expected.\n",
OPENSSL_DSA_MAX_MODULUS_BITS, numbits);
cb = BN_GENCB_new();
if (cb == NULL) {
BIO_printf(bio_err, "Error allocating BN_GENCB object\n");
goto end;
}
BN_GENCB_set(cb, dsa_cb, bio_err);
assert(need_rand);
dsa = DSA_new();
if (dsa == NULL) {
BIO_printf(bio_err, "Error allocating DSA object\n");
@@ -173,38 +144,16 @@ int dsaparam_main(int argc, char **argv)
BIO_printf(bio_err, "Generating DSA parameters, %d bit long prime\n",
num);
BIO_printf(bio_err, "This could take some time\n");
# ifdef GENCB_TEST
if (timebomb > 0) {
struct sigaction act;
act.sa_handler = timebomb_sigalarm;
act.sa_flags = 0;
BIO_printf(bio_err,
"(though I'll stop it if not done within %d secs)\n",
timebomb);
if (sigaction(SIGALRM, &act, NULL) != 0) {
BIO_printf(bio_err, "Error, couldn't set SIGALRM handler\n");
goto end;
}
alarm(timebomb);
}
# endif
if (!DSA_generate_parameters_ex(dsa, num, NULL, 0, NULL, NULL, cb)) {
# ifdef GENCB_TEST
if (stop_keygen_flag) {
BIO_printf(bio_err, "DSA key generation time-stopped\n");
/* This is an asked-for behaviour! */
ret = 0;
goto end;
}
# endif
ERR_print_errors(bio_err);
BIO_printf(bio_err, "Error, DSA key generation failed\n");
goto end;
}
} else if (informat == FORMAT_ASN1)
} else if (informat == FORMAT_ASN1) {
dsa = d2i_DSAparams_bio(in, NULL);
else
} else {
dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL);
}
if (dsa == NULL) {
BIO_printf(bio_err, "unable to load DSA parameters\n");
ERR_print_errors(bio_err);
@@ -268,7 +217,6 @@ int dsaparam_main(int argc, char **argv)
if (genkey) {
DSA *dsakey;
assert(need_rand);
if ((dsakey = DSAparams_dup(dsa)) == NULL)
goto end;
if (!DSA_generate_key(dsakey)) {
@@ -284,8 +232,6 @@ int dsaparam_main(int argc, char **argv)
NULL);
DSA_free(dsakey);
}
if (need_rand)
app_RAND_write_file(NULL);
ret = 0;
end:
BN_GENCB_free(cb);
@@ -293,27 +239,15 @@ int dsaparam_main(int argc, char **argv)
BIO_free_all(out);
DSA_free(dsa);
release_engine(e);
return (ret);
return ret;
}
static int dsa_cb(int p, int n, BN_GENCB *cb)
{
char c = '*';
static const char symbols[] = ".+*\n";
char c = (p >= 0 && (size_t)p < sizeof(symbols) - 1) ? symbols[p] : '?';
if (p == 0)
c = '.';
if (p == 1)
c = '+';
if (p == 2)
c = '*';
if (p == 3)
c = '\n';
BIO_write(BN_GENCB_get_arg(cb), &c, 1);
(void)BIO_flush(BN_GENCB_get_arg(cb));
# ifdef GENCB_TEST
if (stop_keygen_flag)
return 0;
# endif
return 1;
}
#endif

49
apps/ec.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -8,18 +8,15 @@
*/
#include <openssl/opensslconf.h>
#ifdef OPENSSL_NO_EC
NON_EMPTY_TRANSLATION_UNIT
#else
# include <stdio.h>
# include <stdlib.h>
# include <string.h>
# include "apps.h"
# include <openssl/bio.h>
# include <openssl/err.h>
# include <openssl/evp.h>
# include <openssl/pem.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "apps.h"
#include "progs.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
static OPT_PAIR conv_forms[] = {
{"compressed", POINT_CONVERSION_COMPRESSED},
@@ -42,7 +39,7 @@ typedef enum OPTION_choice {
OPT_NO_PUBLIC, OPT_CHECK
} OPTION_CHOICE;
OPTIONS ec_options[] = {
const OPTIONS ec_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"in", OPT_IN, 's', "Input file"},
{"inform", OPT_INFORM, 'f', "Input format - DER or PEM"},
@@ -61,9 +58,9 @@ OPTIONS ec_options[] = {
"Specifies the way the ec parameters are encoded"},
{"conv_form", OPT_CONV_FORM, 's', "Specifies the point conversion form "},
{"", OPT_CIPHER, '-', "Any supported cipher"},
# ifndef OPENSSL_NO_ENGINE
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
# endif
#endif
{NULL}
};
@@ -185,7 +182,7 @@ int ec_main(int argc, char **argv)
} else if (informat == FORMAT_ENGINE) {
EVP_PKEY *pkey;
if (pubin)
pkey = load_pubkey(infile, informat , 1, passin, e, "Public Key");
pkey = load_pubkey(infile, informat, 1, passin, e, "Public Key");
else
pkey = load_key(infile, informat, 1, passin, e, "Private Key");
if (pkey != NULL) {
@@ -244,20 +241,20 @@ int ec_main(int argc, char **argv)
BIO_printf(bio_err, "writing EC key\n");
if (outformat == FORMAT_ASN1) {
if (param_out)
if (param_out) {
i = i2d_ECPKParameters_bio(out, group);
else if (pubin || pubout)
} else if (pubin || pubout) {
i = i2d_EC_PUBKEY_bio(out, eckey);
else {
} else {
assert(private);
i = i2d_ECPrivateKey_bio(out, eckey);
}
} else {
if (param_out)
if (param_out) {
i = PEM_write_bio_ECPKParameters(out, group);
else if (pubin || pubout)
} else if (pubin || pubout) {
i = PEM_write_bio_EC_PUBKEY(out, eckey);
else {
} else {
assert(private);
i = PEM_write_bio_ECPrivateKey(out, eckey, enc,
NULL, 0, NULL, passout);
@@ -267,8 +264,9 @@ int ec_main(int argc, char **argv)
if (!i) {
BIO_printf(bio_err, "unable to write private key\n");
ERR_print_errors(bio_err);
} else
} else {
ret = 0;
}
end:
BIO_free(in);
BIO_free_all(out);
@@ -276,6 +274,5 @@ int ec_main(int argc, char **argv)
release_engine(e);
OPENSSL_free(passin);
OPENSSL_free(passout);
return (ret);
return ret;
}
#endif

93
apps/ecparam.c
View File

@@ -1,5 +1,6 @@
/*
* Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -7,45 +8,29 @@
* https://www.openssl.org/source/license.html
*/
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
* Portions of the attached software ("Contribution") are developed by
* SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
*
* The Contribution is licensed pursuant to the OpenSSL open source
* license provided above.
*
* The elliptic curve binary polynomial software is originally written by
* Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
*
*/
#include <openssl/opensslconf.h>
#ifdef OPENSSL_NO_EC
NON_EMPTY_TRANSLATION_UNIT
#else
# include <stdio.h>
# include <stdlib.h>
# include <time.h>
# include <string.h>
# include "apps.h"
# include <openssl/bio.h>
# include <openssl/err.h>
# include <openssl/bn.h>
# include <openssl/ec.h>
# include <openssl/x509.h>
# include <openssl/pem.h>
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
#include <string.h>
#include "apps.h"
#include "progs.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/bn.h>
#include <openssl/ec.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT, OPT_C,
OPT_CHECK, OPT_LIST_CURVES, OPT_NO_SEED, OPT_NOOUT, OPT_NAME,
OPT_CONV_FORM, OPT_PARAM_ENC, OPT_GENKEY, OPT_RAND, OPT_ENGINE
OPT_CONV_FORM, OPT_PARAM_ENC, OPT_GENKEY, OPT_ENGINE,
OPT_R_ENUM
} OPTION_CHOICE;
OPTIONS ecparam_options[] = {
const OPTIONS ecparam_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"inform", OPT_INFORM, 'F', "Input format - default PEM (DER or PEM)"},
{"outform", OPT_OUTFORM, 'F', "Output format - default PEM"},
@@ -65,10 +50,10 @@ OPTIONS ecparam_options[] = {
{"param_enc", OPT_PARAM_ENC, 's',
"Specifies the way the ec parameters are encoded"},
{"genkey", OPT_GENKEY, '-', "Generate ec key"},
{"rand", OPT_RAND, 's', "Files to use for random number input"},
# ifndef OPENSSL_NO_ENGINE
OPT_R_OPTIONS,
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
# endif
#endif
{NULL}
};
@@ -93,7 +78,7 @@ int ecparam_main(int argc, char **argv)
BIO *in = NULL, *out = NULL;
EC_GROUP *group = NULL;
point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
char *curve_name = NULL, *inrand = NULL;
char *curve_name = NULL;
char *infile = NULL, *outfile = NULL, *prog;
unsigned char *buffer = NULL;
OPTION_CHOICE o;
@@ -101,7 +86,7 @@ int ecparam_main(int argc, char **argv)
int informat = FORMAT_PEM, outformat = FORMAT_PEM, noout = 0, C = 0;
int ret = 1, private = 0;
int list_curves = 0, no_seed = 0, check = 0, new_form = 0;
int text = 0, i, need_rand = 0, genkey = 0;
int text = 0, i, genkey = 0;
prog = opt_init(argc, argv, ecparam_options);
while ((o = opt_next()) != OPT_EOF) {
@@ -162,11 +147,11 @@ int ecparam_main(int argc, char **argv)
new_asn1_flag = 1;
break;
case OPT_GENKEY:
genkey = need_rand = 1;
genkey = 1;
break;
case OPT_RAND:
inrand = opt_arg();
need_rand = 1;
case OPT_R_CASES:
if (!opt_rand(o))
goto end;
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
@@ -232,8 +217,9 @@ int ecparam_main(int argc, char **argv)
BIO_printf(bio_err, "using curve name prime256v1 "
"instead of secp256r1\n");
nid = NID_X9_62_prime256v1;
} else
} else {
nid = OBJ_sn2nid(curve_name);
}
if (nid == 0)
nid = EC_curve_nist2nid(curve_name);
@@ -250,10 +236,11 @@ int ecparam_main(int argc, char **argv)
}
EC_GROUP_set_asn1_flag(group, asn1_flag);
EC_GROUP_set_point_conversion_form(group, form);
} else if (informat == FORMAT_ASN1)
} else if (informat == FORMAT_ASN1) {
group = d2i_ECPKParameters_bio(in, NULL);
else
} else {
group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL);
}
if (group == NULL) {
BIO_printf(bio_err, "unable to load elliptic curve parameters\n");
ERR_print_errors(bio_err);
@@ -308,7 +295,7 @@ int ecparam_main(int argc, char **argv)
goto end;
}
if (!EC_GROUP_get_curve_GFp(group, ec_p, ec_a, ec_b, NULL))
if (!EC_GROUP_get_curve(group, ec_p, ec_a, ec_b, NULL))
goto end;
if ((point = EC_GROUP_get0_generator(group)) == NULL)
@@ -409,21 +396,12 @@ int ecparam_main(int argc, char **argv)
}
}
if (need_rand) {
app_RAND_load_file(NULL, (inrand != NULL));
if (inrand != NULL)
BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
}
if (genkey) {
EC_KEY *eckey = EC_KEY_new();
if (eckey == NULL)
goto end;
assert(need_rand);
if (EC_KEY_set_group(eckey, group) == 0) {
BIO_printf(bio_err, "unable to set group when generating key\n");
EC_KEY_free(eckey);
@@ -449,9 +427,6 @@ int ecparam_main(int argc, char **argv)
EC_KEY_free(eckey);
}
if (need_rand)
app_RAND_write_file(NULL);
ret = 0;
end:
BN_free(ec_p);
@@ -465,7 +440,5 @@ int ecparam_main(int argc, char **argv)
release_engine(e);
BIO_free(in);
BIO_free_all(out);
return (ret);
return ret;
}
#endif

145
apps/enc.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -12,6 +12,7 @@
#include <string.h>
#include <limits.h>
#include "apps.h"
#include "progs.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/evp.h>
@@ -29,7 +30,7 @@
#define SIZE (512)
#define BSIZE (8*1024)
static int set_hex(char *in, unsigned char *out, int size);
static int set_hex(const char *in, unsigned char *out, int size);
static void show_ciphers(const OBJ_NAME *name, void *bio_);
struct doall_enc_ciphers {
@@ -43,12 +44,14 @@ typedef enum OPTION_choice {
OPT_E, OPT_IN, OPT_OUT, OPT_PASS, OPT_ENGINE, OPT_D, OPT_P, OPT_V,
OPT_NOPAD, OPT_SALT, OPT_NOSALT, OPT_DEBUG, OPT_UPPER_P, OPT_UPPER_A,
OPT_A, OPT_Z, OPT_BUFSIZE, OPT_K, OPT_KFILE, OPT_UPPER_K, OPT_NONE,
OPT_UPPER_S, OPT_IV, OPT_MD, OPT_CIPHER
OPT_UPPER_S, OPT_IV, OPT_MD, OPT_ITER, OPT_PBKDF2, OPT_CIPHER,
OPT_R_ENUM
} OPTION_CHOICE;
OPTIONS enc_options[] = {
const OPTIONS enc_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"ciphers", OPT_LIST, '-', "List ciphers"},
{"list", OPT_LIST, '-', "List ciphers"},
{"ciphers", OPT_LIST, '-', "Alias for -list"},
{"in", OPT_IN, '<', "Input file"},
{"out", OPT_OUT, '>', "Output file"},
{"pass", OPT_PASS, 's', "Passphrase source"},
@@ -72,10 +75,13 @@ OPTIONS enc_options[] = {
{"S", OPT_UPPER_S, 's', "Salt, in hex"},
{"iv", OPT_IV, 's', "IV in hex"},
{"md", OPT_MD, 's', "Use specified digest to create a key from the passphrase"},
{"iter", OPT_ITER, 'p', "Specify the iteration count and force use of PBKDF2"},
{"pbkdf2", OPT_PBKDF2, '-', "Use password-based key derivation function 2"},
{"none", OPT_NONE, '-', "Don't encrypt"},
{"", OPT_CIPHER, '-', "Any supported cipher"},
OPT_R_OPTIONS,
#ifdef ZLIB
{"z", OPT_Z, '-', "Use zlib as the 'encryption'"},
{"z", OPT_Z, '-', "Compress or decompress encrypted data using zlib"},
#endif
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
@@ -104,6 +110,8 @@ int enc_main(int argc, char **argv)
int ret = 1, inl, nopad = 0;
unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
unsigned char *buff = NULL, salt[PKCS5_SALT_LEN];
int pbkdf2 = 0;
int iter = 0;
long n;
struct doall_enc_ciphers dec;
#ifdef ZLIB
@@ -113,13 +121,13 @@ int enc_main(int argc, char **argv)
/* first check the program name */
prog = opt_progname(argv[0]);
if (strcmp(prog, "base64") == 0)
if (strcmp(prog, "base64") == 0) {
base64 = 1;
#ifdef ZLIB
else if (strcmp(prog, "zlib") == 0)
} else if (strcmp(prog, "zlib") == 0) {
do_zlib = 1;
#endif
else {
} else {
cipher = EVP_get_cipherbyname(prog);
if (cipher == NULL && strcmp(prog, "enc") != 0) {
BIO_printf(bio_err, "%s is not a known cipher\n", prog);
@@ -252,9 +260,23 @@ int enc_main(int argc, char **argv)
goto opthelp;
cipher = c;
break;
case OPT_ITER:
if (!opt_int(opt_arg(), &iter))
goto opthelp;
pbkdf2 = 1;
break;
case OPT_PBKDF2:
pbkdf2 = 1;
if (iter == 0) /* do not overwrite a chosen value */
iter = 10000;
break;
case OPT_NONE:
cipher = NULL;
break;
case OPT_R_CASES:
if (!opt_rand(o))
goto end;
break;
}
}
if (opt_num_rest() != 0) {
@@ -275,6 +297,9 @@ int enc_main(int argc, char **argv)
if (dgst == NULL)
dgst = EVP_sha256();
if (iter == 0)
iter = 1;
/* It must be large enough for a base64 encoded line */
if (base64 && bsize < 80)
bsize = 80;
@@ -296,12 +321,13 @@ int enc_main(int argc, char **argv)
if (infile == NULL) {
in = dup_bio_in(informat);
} else
} else {
in = bio_open_default(infile, 'r', informat);
}
if (in == NULL)
goto end;
if (!str && passarg) {
if (str == NULL && passarg != NULL) {
if (!app_passwd(passarg, NULL, &pass, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
@@ -311,13 +337,13 @@ int enc_main(int argc, char **argv)
if ((str == NULL) && (cipher != NULL) && (hkey == NULL)) {
if (1) {
#ifndef OPENSSL_NO_UI
#ifndef OPENSSL_NO_UI_CONSOLE
for (;;) {
char prompt[200];
BIO_snprintf(prompt, sizeof(prompt), "enter %s %s password:",
OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
(enc) ? "encryption" : "decryption");
OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
(enc) ? "encryption" : "decryption");
strbuf[0] = '\0';
i = EVP_read_pw_string((char *)strbuf, SIZE, prompt, enc);
if (i == 0) {
@@ -397,17 +423,18 @@ int enc_main(int argc, char **argv)
unsigned char *sptr;
size_t str_len = strlen(str);
if (nosalt)
if (nosalt) {
sptr = NULL;
else {
} else {
if (enc) {
if (hsalt) {
if (!set_hex(hsalt, salt, sizeof(salt))) {
BIO_printf(bio_err, "invalid hex salt value\n");
goto end;
}
} else if (RAND_bytes(salt, sizeof(salt)) <= 0)
} else if (RAND_bytes(salt, sizeof(salt)) <= 0) {
goto end;
}
/*
* If -P option then don't bother writing
*/
@@ -430,19 +457,41 @@ int enc_main(int argc, char **argv)
BIO_printf(bio_err, "bad magic number\n");
goto end;
}
sptr = salt;
}
if (!EVP_BytesToKey(cipher, dgst, sptr,
(unsigned char *)str,
str_len, 1, key, iv)) {
BIO_printf(bio_err, "EVP_BytesToKey failed\n");
goto end;
if (pbkdf2 == 1) {
/*
* derive key and default iv
* concatenated into a temporary buffer
*/
unsigned char tmpkeyiv[EVP_MAX_KEY_LENGTH + EVP_MAX_IV_LENGTH];
int iklen = EVP_CIPHER_key_length(cipher);
int ivlen = EVP_CIPHER_iv_length(cipher);
/* not needed if HASH_UPDATE() is fixed : */
int islen = (sptr != NULL ? sizeof(salt) : 0);
if (!PKCS5_PBKDF2_HMAC(str, str_len, sptr, islen,
iter, dgst, iklen+ivlen, tmpkeyiv)) {
BIO_printf(bio_err, "PKCS5_PBKDF2_HMAC failed\n");
goto end;
}
/* split and move data back to global buffer */
memcpy(key, tmpkeyiv, iklen);
memcpy(iv, tmpkeyiv+iklen, ivlen);
} else {
BIO_printf(bio_err, "*** WARNING : "
"deprecated key derivation used.\n"
"Using -iter or -pbkdf2 would be better.\n");
if (!EVP_BytesToKey(cipher, dgst, sptr,
(unsigned char *)str, str_len,
1, key, iv)) {
BIO_printf(bio_err, "EVP_BytesToKey failed\n");
goto end;
}
}
/*
* zero the complete buffer or the string passed from the command
* line bug picked up by Larry J. Hughes Jr. <hughes@indiana.edu>
* line.
*/
if (str == strbuf)
OPENSSL_cleanse(str, SIZE);
@@ -452,8 +501,8 @@ int enc_main(int argc, char **argv)
if (hiv != NULL) {
int siz = EVP_CIPHER_iv_length(cipher);
if (siz == 0) {
BIO_printf(bio_err, "warning: iv not use by this cipher\n");
} else if (!set_hex(hiv, iv, sizeof(iv))) {
BIO_printf(bio_err, "warning: iv not used by this cipher\n");
} else if (!set_hex(hiv, iv, siz)) {
BIO_printf(bio_err, "invalid hex iv value\n");
goto end;
}
@@ -461,16 +510,19 @@ int enc_main(int argc, char **argv)
if ((hiv == NULL) && (str == NULL)
&& EVP_CIPHER_iv_length(cipher) != 0) {
/*
* No IV was explicitly set and no IV was generated during
* EVP_BytesToKey. Hence the IV is undefined, making correct
* decryption impossible.
* No IV was explicitly set and no IV was generated.
* Hence the IV is undefined, making correct decryption impossible.
*/
BIO_printf(bio_err, "iv undefined\n");
goto end;
}
if ((hkey != NULL) && !set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) {
BIO_printf(bio_err, "invalid hex key value\n");
goto end;
if (hkey != NULL) {
if (!set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) {
BIO_printf(bio_err, "invalid hex key value\n");
goto end;
}
/* wiping secret data as we no longer need it */
OPENSSL_cleanse(hkey, strlen(hkey));
}
if ((benc = BIO_new(BIO_f_cipher())) == NULL)
@@ -535,7 +587,7 @@ int enc_main(int argc, char **argv)
if (benc != NULL)
wbio = BIO_push(benc, wbio);
for (;;) {
while (BIO_pending(rbio) || !BIO_eof(rbio)) {
inl = BIO_read(rbio, (char *)buff, bsize);
if (inl <= 0)
break;
@@ -551,8 +603,8 @@ int enc_main(int argc, char **argv)
ret = 0;
if (verbose) {
BIO_printf(bio_err, "bytes read :%8"BIO_PRI64"u\n", BIO_number_read(in));
BIO_printf(bio_err, "bytes written:%8"BIO_PRI64"u\n", BIO_number_written(out));
BIO_printf(bio_err, "bytes read : %8ju\n", BIO_number_read(in));
BIO_printf(bio_err, "bytes written: %8ju\n", BIO_number_written(out));
}
end:
ERR_print_errors(bio_err);
@@ -567,7 +619,7 @@ int enc_main(int argc, char **argv)
#endif
release_engine(e);
OPENSSL_free(pass);
return (ret);
return ret;
}
static void show_ciphers(const OBJ_NAME *name, void *arg)
@@ -593,25 +645,26 @@ static void show_ciphers(const OBJ_NAME *name, void *arg)
BIO_printf(dec->bio, " ");
}
static int set_hex(char *in, unsigned char *out, int size)
static int set_hex(const char *in, unsigned char *out, int size)
{
int i, n;
unsigned char j;
i = size * 2;
n = strlen(in);
if (n > (size * 2)) {
BIO_printf(bio_err, "hex string is too long\n");
return (0);
if (n > i) {
BIO_printf(bio_err, "hex string is too long, ignoring excess\n");
n = i; /* ignore exceeding part */
} else if (n < i) {
BIO_printf(bio_err, "hex string is too short, padding with zero bytes to length\n");
}
memset(out, 0, size);
for (i = 0; i < n; i++) {
j = (unsigned char)*in;
*(in++) = '\0';
if (j == 0)
break;
j = (unsigned char)*in++;
if (!isxdigit(j)) {
BIO_printf(bio_err, "non-hex digit\n");
return (0);
return 0;
}
j = (unsigned char)OPENSSL_hexchar2int(j);
if (i & 1)
@@ -619,5 +672,5 @@ static int set_hex(char *in, unsigned char *out, int size)
else
out[i / 2] = (j << 4);
}
return (1);
return 1;
}

118
apps/engine.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -8,17 +8,15 @@
*/
#include <openssl/opensslconf.h>
#ifdef OPENSSL_NO_ENGINE
NON_EMPTY_TRANSLATION_UNIT
#else
# include "apps.h"
# include <stdio.h>
# include <stdlib.h>
# include <string.h>
# include <openssl/err.h>
# include <openssl/engine.h>
# include <openssl/ssl.h>
#include "apps.h"
#include "progs.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/err.h>
#include <openssl/engine.h>
#include <openssl/ssl.h>
#include <openssl/store.h>
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
@@ -26,7 +24,7 @@ typedef enum OPTION_choice {
OPT_V = 100, OPT_VV, OPT_VVV, OPT_VVVV
} OPTION_CHOICE;
OPTIONS engine_options[] = {
const OPTIONS engine_options[] = {
{OPT_HELP_STR, 1, '-', "Usage: %s [options] engine...\n"},
{OPT_HELP_STR, 1, '-',
" engine... Engines to load\n"},
@@ -47,28 +45,38 @@ OPTIONS engine_options[] = {
static int append_buf(char **buf, int *size, const char *s)
{
if (*buf == NULL) {
*size = 256;
*buf = app_malloc(*size, "engine buffer");
**buf = '\0';
}
const int expand = 256;
int len = strlen(s) + 1;
char *p = *buf;
if (strlen(*buf) + strlen(s) >= (unsigned int)*size) {
char *tmp;
*size += 256;
tmp = OPENSSL_realloc(*buf, *size);
if (tmp == NULL) {
OPENSSL_free(*buf);
*buf = NULL;
return 0;
if (p == NULL) {
*size = ((len + expand - 1) / expand) * expand;
p = *buf = app_malloc(*size, "engine buffer");
} else {
const int blen = strlen(p);
if (blen > 0)
len += 2 + blen;
if (len > *size) {
*size = ((len + expand - 1) / expand) * expand;
p = OPENSSL_realloc(p, *size);
if (p == NULL) {
OPENSSL_free(*buf);
*buf = NULL;
return 0;
}
*buf = p;
}
if (blen > 0) {
p += blen;
*p++ = ',';
*p++ = ' ';
}
*buf = tmp;
}
if (**buf != '\0')
OPENSSL_strlcat(*buf, ", ", *size);
OPENSSL_strlcat(*buf, s, *size);
strcpy(p, s);
return 1;
}
@@ -147,7 +155,7 @@ static int util_verbose(ENGINE *e, int verbose, BIO *out, const char *indent)
}
cmds = sk_OPENSSL_STRING_new_null();
if (!cmds)
if (cmds == NULL)
goto err;
do {
@@ -249,15 +257,34 @@ static void util_do_cmds(ENGINE *e, STACK_OF(OPENSSL_STRING) *cmds,
if (!ENGINE_ctrl_cmd_string(e, buf, arg, 0))
res = 0;
}
if (res)
if (res) {
BIO_printf(out, "[Success]: %s\n", cmd);
else {
} else {
BIO_printf(out, "[Failure]: %s\n", cmd);
ERR_print_errors(out);
}
}
}
struct util_store_cap_data {
ENGINE *engine;
char **cap_buf;
int *cap_size;
int ok;
};
static void util_store_cap(const OSSL_STORE_LOADER *loader, void *arg)
{
struct util_store_cap_data *ctx = arg;
if (OSSL_STORE_LOADER_get0_engine(loader) == ctx->engine) {
char buf[256];
BIO_snprintf(buf, sizeof(buf), "STORE(%s)",
OSSL_STORE_LOADER_get0_scheme(loader));
if (!append_buf(ctx->cap_buf, ctx->cap_size, buf))
ctx->ok = 0;
}
}
int engine_main(int argc, char **argv)
{
int ret = 1, i;
@@ -380,7 +407,7 @@ int engine_main(int argc, char **argv)
goto end;
fn_c = ENGINE_get_ciphers(e);
if (!fn_c)
if (fn_c == NULL)
goto skip_ciphers;
n = fn_c(e, NULL, &nids, 0);
for (k = 0; k < n; ++k)
@@ -389,7 +416,7 @@ int engine_main(int argc, char **argv)
skip_ciphers:
fn_d = ENGINE_get_digests(e);
if (!fn_d)
if (fn_d == NULL)
goto skip_digests;
n = fn_d(e, NULL, &nids, 0);
for (k = 0; k < n; ++k)
@@ -398,14 +425,26 @@ int engine_main(int argc, char **argv)
skip_digests:
fn_pk = ENGINE_get_pkey_meths(e);
if (!fn_pk)
if (fn_pk == NULL)
goto skip_pmeths;
n = fn_pk(e, NULL, &nids, 0);
for (k = 0; k < n; ++k)
if (!append_buf(&cap_buf, &cap_size, OBJ_nid2sn(nids[k])))
goto end;
skip_pmeths:
if (cap_buf && (*cap_buf != '\0'))
{
struct util_store_cap_data store_ctx;
store_ctx.engine = e;
store_ctx.cap_buf = &cap_buf;
store_ctx.cap_size = &cap_size;
store_ctx.ok = 1;
OSSL_STORE_do_all_loaders(util_store_cap, &store_ctx);
if (!store_ctx.ok)
goto end;
}
if (cap_buf != NULL && (*cap_buf != '\0'))
BIO_printf(out, " [%s]\n", cap_buf);
OPENSSL_free(cap_buf);
@@ -441,6 +480,5 @@ int engine_main(int argc, char **argv)
sk_OPENSSL_STRING_free(pre_cmds);
sk_OPENSSL_STRING_free(post_cmds);
BIO_free_all(out);
return (ret);
return ret;
}
#endif

12
apps/errstr.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -11,8 +11,8 @@
#include <stdlib.h>
#include <string.h>
#include "apps.h"
#include "progs.h"
#include <openssl/bio.h>
#include <openssl/lhash.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
@@ -20,7 +20,7 @@ typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP
} OPTION_CHOICE;
OPTIONS errstr_options[] = {
const OPTIONS errstr_options[] = {
{OPT_HELP_STR, 1, '-', "Usage: %s [options] errnum...\n"},
{OPT_HELP_STR, 1, '-', " errnum Error number\n"},
{"help", OPT_HELP, '-', "Display this summary"},
@@ -50,9 +50,9 @@ int errstr_main(int argc, char **argv)
ret = 0;
for (argv = opt_rest(); *argv; argv++) {
if (sscanf(*argv, "%lx", &l) == 0)
if (sscanf(*argv, "%lx", &l) == 0) {
ret++;
else {
} else {
/* We're not really an SSL application so this won't auto-init, but
* we're still interested in SSL error strings
*/
@@ -63,5 +63,5 @@ int errstr_main(int argc, char **argv)
}
}
end:
return (ret);
return ret;
}

68
apps/gendsa.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -8,39 +8,36 @@
*/
#include <openssl/opensslconf.h>
#ifdef OPENSSL_NO_DSA
NON_EMPTY_TRANSLATION_UNIT
#else
# include <stdio.h>
# include <string.h>
# include <sys/types.h>
# include <sys/stat.h>
# include "apps.h"
# include <openssl/bio.h>
# include <openssl/err.h>
# include <openssl/bn.h>
# include <openssl/dsa.h>
# include <openssl/x509.h>
# include <openssl/pem.h>
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>
#include "apps.h"
#include "progs.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/bn.h>
#include <openssl/dsa.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_OUT, OPT_PASSOUT, OPT_ENGINE, OPT_RAND, OPT_CIPHER
OPT_OUT, OPT_PASSOUT, OPT_ENGINE, OPT_CIPHER,
OPT_R_ENUM
} OPTION_CHOICE;
OPTIONS gendsa_options[] = {
const OPTIONS gendsa_options[] = {
{OPT_HELP_STR, 1, '-', "Usage: %s [args] dsaparam-file\n"},
{OPT_HELP_STR, 1, '-', "Valid options are:\n"},
{"help", OPT_HELP, '-', "Display this summary"},
{"out", OPT_OUT, '>', "Output the key to the specified file"},
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
{"rand", OPT_RAND, 's',
"Load the file(s) into the random number generator"},
OPT_R_OPTIONS,
{"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
# ifndef OPENSSL_NO_ENGINE
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
# endif
#endif
{NULL}
};
@@ -50,7 +47,7 @@ int gendsa_main(int argc, char **argv)
BIO *out = NULL, *in = NULL;
DSA *dsa = NULL;
const EVP_CIPHER *enc = NULL;
char *inrand = NULL, *dsaparams = NULL;
char *dsaparams = NULL;
char *outfile = NULL, *passoutarg = NULL, *passout = NULL, *prog;
OPTION_CHOICE o;
int ret = 1, private = 0;
@@ -77,8 +74,9 @@ int gendsa_main(int argc, char **argv)
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_RAND:
inrand = opt_arg();
case OPT_R_CASES:
if (!opt_rand(o))
goto end;
break;
case OPT_CIPHER:
if (!opt_cipher(opt_unknown(), &enc))
@@ -114,21 +112,18 @@ int gendsa_main(int argc, char **argv)
if (out == NULL)
goto end2;
if (!app_RAND_load_file(NULL, 1) && inrand == NULL) {
BIO_printf(bio_err,
"warning, not much extra random data, consider using the -rand option\n");
}
if (inrand != NULL)
BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
DSA_get0_pqg(dsa, &p, NULL, NULL);
if (BN_num_bits(p) > OPENSSL_DSA_MAX_MODULUS_BITS)
BIO_printf(bio_err,
"Warning: It is not recommended to use more than %d bit for DSA keys.\n"
" Your key size is %d! Larger key size may behave not as expected.\n",
OPENSSL_DSA_MAX_MODULUS_BITS, BN_num_bits(p));
BIO_printf(bio_err, "Generating DSA key, %d bits\n", BN_num_bits(p));
if (!DSA_generate_key(dsa))
goto end;
app_RAND_write_file(NULL);
assert(private);
if (!PEM_write_bio_DSAPrivateKey(out, dsa, enc, NULL, 0, NULL, passout))
goto end;
@@ -142,6 +137,5 @@ int gendsa_main(int argc, char **argv)
DSA_free(dsa);
release_engine(e);
OPENSSL_free(passout);
return (ret);
return ret;
}
#endif

22
apps/genpkey.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -10,6 +10,7 @@
#include <stdio.h>
#include <string.h>
#include "apps.h"
#include "progs.h"
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/evp.h>
@@ -26,7 +27,7 @@ typedef enum OPTION_choice {
OPT_ALGORITHM, OPT_PKEYOPT, OPT_GENPARAM, OPT_TEXT, OPT_CIPHER
} OPTION_CHOICE;
OPTIONS genpkey_options[] = {
const OPTIONS genpkey_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"out", OPT_OUT, '>', "Output file"},
{"outform", OPT_OUTFORM, 'F', "output format (DER or PEM)"},
@@ -119,6 +120,13 @@ int genpkey_main(int argc, char **argv)
if (!opt_cipher(opt_unknown(), &cipher)
|| do_param == 1)
goto opthelp;
if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE ||
EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE ||
EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE ||
EVP_CIPHER_mode(cipher) == EVP_CIPH_OCB_MODE) {
BIO_printf(bio_err, "%s: cipher mode not supported\n", prog);
goto end;
}
}
}
argc = opt_num_rest();
@@ -156,9 +164,9 @@ int genpkey_main(int argc, char **argv)
}
}
if (do_param)
if (do_param) {
rv = PEM_write_bio_Parameters(out, pkey);
else if (outformat == FORMAT_PEM) {
} else if (outformat == FORMAT_PEM) {
assert(private);
rv = PEM_write_bio_PrivateKey(out, pkey, cipher, NULL, 0, NULL, pass);
} else if (outformat == FORMAT_ASN1) {
@@ -169,9 +177,12 @@ int genpkey_main(int argc, char **argv)
goto end;
}
ret = 0;
if (rv <= 0) {
BIO_puts(bio_err, "Error writing key\n");
ERR_print_errors(bio_err);
ret = 1;
}
if (text) {
@@ -183,11 +194,10 @@ int genpkey_main(int argc, char **argv)
if (rv <= 0) {
BIO_puts(bio_err, "Error printing key\n");
ERR_print_errors(bio_err);
ret = 1;
}
}
ret = 0;
end:
EVP_PKEY_free(pkey);
EVP_PKEY_CTX_free(ctx);

90
apps/genrsa.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -8,47 +8,46 @@
*/
#include <openssl/opensslconf.h>
#ifdef OPENSSL_NO_RSA
NON_EMPTY_TRANSLATION_UNIT
#else
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>
#include "apps.h"
#include "progs.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/bn.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/rand.h>
# include <stdio.h>
# include <string.h>
# include <sys/types.h>
# include <sys/stat.h>
# include "apps.h"
# include <openssl/bio.h>
# include <openssl/err.h>
# include <openssl/bn.h>
# include <openssl/rsa.h>
# include <openssl/evp.h>
# include <openssl/x509.h>
# include <openssl/pem.h>
# include <openssl/rand.h>
# define DEFBITS 2048
#define DEFBITS 2048
#define DEFPRIMES 2
static int genrsa_cb(int p, int n, BN_GENCB *cb);
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_3, OPT_F4, OPT_ENGINE,
OPT_OUT, OPT_RAND, OPT_PASSOUT, OPT_CIPHER
OPT_OUT, OPT_PASSOUT, OPT_CIPHER, OPT_PRIMES,
OPT_R_ENUM
} OPTION_CHOICE;
OPTIONS genrsa_options[] = {
const OPTIONS genrsa_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"3", OPT_3, '-', "Use 3 for the E value"},
{"F4", OPT_F4, '-', "Use F4 (0x10001) for the E value"},
{"f4", OPT_F4, '-', "Use F4 (0x10001) for the E value"},
{"out", OPT_OUT, 's', "Output the key to specified file"},
{"rand", OPT_RAND, 's',
"Load the file(s) into the random number generator"},
{"out", OPT_OUT, '>', "Output the key to specified file"},
OPT_R_OPTIONS,
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
{"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
# ifndef OPENSSL_NO_ENGINE
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
# endif
#endif
{"primes", OPT_PRIMES, 'p', "Specify number of primes"},
{NULL}
};
@@ -62,10 +61,10 @@ int genrsa_main(int argc, char **argv)
const BIGNUM *e;
RSA *rsa = NULL;
const EVP_CIPHER *enc = NULL;
int ret = 1, num = DEFBITS, private = 0;
int ret = 1, num = DEFBITS, private = 0, primes = DEFPRIMES;
unsigned long f4 = RSA_F4;
char *outfile = NULL, *passoutarg = NULL, *passout = NULL;
char *inrand = NULL, *prog, *hexe, *dece;
char *prog, *hexe, *dece;
OPTION_CHOICE o;
if (bn == NULL || cb == NULL)
@@ -97,8 +96,9 @@ opthelp:
case OPT_ENGINE:
eng = setup_engine(opt_arg(), 0);
break;
case OPT_RAND:
inrand = opt_arg();
case OPT_R_CASES:
if (!opt_rand(o))
goto end;
break;
case OPT_PASSOUT:
passoutarg = opt_arg();
@@ -107,6 +107,10 @@ opthelp:
if (!opt_cipher(opt_unknown(), &enc))
goto end;
break;
case OPT_PRIMES:
if (!opt_int(opt_arg(), &primes))
goto end;
break;
}
}
argc = opt_num_rest();
@@ -115,6 +119,11 @@ opthelp:
if (argc == 1) {
if (!opt_int(argv[0], &num) || num <= 0)
goto end;
if (num > OPENSSL_RSA_MAX_MODULUS_BITS)
BIO_printf(bio_err,
"Warning: It is not recommended to use more than %d bit for RSA keys.\n"
" Your key size is %d! Larger key size may behave not as expected.\n",
OPENSSL_RSA_MAX_MODULUS_BITS, num);
} else if (argc > 0) {
BIO_printf(bio_err, "Extra arguments given.\n");
goto opthelp;
@@ -130,26 +139,16 @@ opthelp:
if (out == NULL)
goto end;
if (!app_RAND_load_file(NULL, 1) && inrand == NULL
&& !RAND_status()) {
BIO_printf(bio_err,
"warning, not much extra random data, consider using the -rand option\n");
}
if (inrand != NULL)
BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
BIO_printf(bio_err, "Generating RSA private key, %d bit long modulus\n",
num);
BIO_printf(bio_err, "Generating RSA private key, %d bit long modulus (%d primes)\n",
num, primes);
rsa = eng ? RSA_new_method(eng) : RSA_new();
if (rsa == NULL)
goto end;
if (!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, cb))
if (!BN_set_word(bn, f4)
|| !RSA_generate_multi_prime_key(rsa, num, primes, bn, cb))
goto end;
app_RAND_write_file(NULL);
RSA_get0_key(rsa, NULL, &e, NULL);
hexe = BN_bn2hex(e);
dece = BN_bn2dec(e);
@@ -176,7 +175,7 @@ opthelp:
OPENSSL_free(passout);
if (ret != 0)
ERR_print_errors(bio_err);
return (ret);
return ret;
}
static int genrsa_cb(int p, int n, BN_GENCB *cb)
@@ -195,4 +194,3 @@ static int genrsa_cb(int p, int n, BN_GENCB *cb)
(void)BIO_flush(BN_GENCB_get_arg(cb));
return 1;
}
#endif

7
apps/nseq.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -10,6 +10,7 @@
#include <stdio.h>
#include <string.h>
#include "apps.h"
#include "progs.h"
#include <openssl/pem.h>
#include <openssl/err.h>
@@ -18,7 +19,7 @@ typedef enum OPTION_choice {
OPT_TOSEQ, OPT_IN, OPT_OUT
} OPTION_CHOICE;
OPTIONS nseq_options[] = {
const OPTIONS nseq_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"toseq", OPT_TOSEQ, '-', "Output NS Sequence file"},
{"in", OPT_IN, '<', "Input file"},
@@ -109,5 +110,5 @@ int nseq_main(int argc, char **argv)
BIO_free_all(out);
NETSCAPE_CERT_SEQUENCE_free(seq);
return (ret);
return ret;
}

708
apps/ocsp.c
View File

File diff suppressed because it is too large Load Diff

12
apps/openssl-vms.cnf
View File

@@ -3,10 +3,13 @@
# This is mostly being used for generation of certificate requests.
#
# Note that you can include other files from the main configuration
# file using the .include directive.
#.include filename
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
@@ -15,7 +18,7 @@ oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
@@ -53,7 +56,6 @@ crlnumber = $dir]crlnumber. # the current crl number
# must be commented out to leave a V1 CRL
crl = $dir]crl.pem # The current CRL
private_key = $dir.private]cakey.pem# The private key
RANDFILE = $dir.private].rand # private random number file
x509_extensions = usr_cert # The extensions to add to the cert
@@ -113,7 +115,7 @@ x509_extensions = v3_ca # The extensions to add to the self signed cert
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation before 2004)
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
@@ -344,3 +346,5 @@ tsa_name = yes # Must the TSA name be included in the reply?
# (optional, default: no)
ess_cert_id_chain = no # Must the ESS cert id chain be included?
# (optional, default: no)
ess_cert_id_alg = sha1 # algorithm to compute certificate
# identifier (optional, default: sha1)

285
apps/openssl.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -7,6 +7,7 @@
* https://www.openssl.org/source/license.html
*/
#include <internal/cryptlib.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
@@ -21,26 +22,21 @@
# include <openssl/engine.h>
#endif
#include <openssl/err.h>
#ifdef OPENSSL_FIPS
# include <openssl/fips.h>
#endif
#define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */
#include "s_apps.h"
/* Needed to get the other O_xxx flags. */
#ifdef OPENSSL_SYS_VMS
# include <unixio.h>
#endif
#define INCLUDE_FUNCTION_TABLE
#include "apps.h"
#define INCLUDE_FUNCTION_TABLE
#include "progs.h"
#ifdef OPENSSL_NO_CAMELLIA
# define FORMAT "%-15s"
# define COLUMNS 5
#else
# define FORMAT "%-18s"
# define COLUMNS 4
#endif
/* Structure to hold the number of columns to be displayed and the
* field width used to display them.
*/
typedef struct {
int columns;
int width;
} DISPLAY_COLUMNS;
/* Special sentinel to exit the program. */
#define EXIT_THE_PROGRAM (-1)
@@ -54,7 +50,8 @@
static LHASH_OF(FUNCTION) *prog_init(void);
static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[]);
static void list_pkey(void);
static void list_type(FUNC_TYPE ft);
static void list_pkey_meth(void);
static void list_type(FUNC_TYPE ft, int one);
static void list_disabled(void);
char *default_config_file = NULL;
@@ -62,7 +59,21 @@ BIO *bio_in = NULL;
BIO *bio_out = NULL;
BIO *bio_err = NULL;
static int apps_startup()
static void calculate_columns(DISPLAY_COLUMNS *dc)
{
FUNCTION *f;
int len, maxlen = 0;
for (f = functions; f->name != NULL; ++f)
if (f->type == FT_general || f->type == FT_md || f->type == FT_cipher)
if ((len = strlen(f->name)) > maxlen)
maxlen = len;
dc->width = maxlen + 2;
dc->columns = (80 - 1) / dc->width;
}
static int apps_startup(void)
{
#ifdef SIGPIPE
signal(SIGPIPE, SIG_IGN);
@@ -73,21 +84,18 @@ static int apps_startup()
| OPENSSL_INIT_LOAD_CONFIG, NULL))
return 0;
#ifndef OPENSSL_NO_UI
setup_ui_method();
#endif
return 1;
}
static void apps_shutdown()
static void apps_shutdown(void)
{
#ifndef OPENSSL_NO_UI
destroy_ui_method();
#endif
destroy_prefix_method();
}
static char *make_config_name()
static char *make_config_name(void)
{
const char *t;
size_t len;
@@ -143,15 +151,8 @@ int main(int argc, char *argv[])
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
if (getenv("OPENSSL_FIPS")) {
#ifdef OPENSSL_FIPS
if (!FIPS_mode_set(1)) {
ERR_print_errors(bio_err);
return 1;
}
#else
BIO_printf(bio_err, "FIPS mode not supported.\n");
return 1;
#endif
}
if (!apps_startup()) {
@@ -163,6 +164,13 @@ int main(int argc, char *argv[])
}
prog = prog_init();
if (prog == NULL) {
BIO_printf(bio_err,
"FATAL: Startup failure (dev note: prog_init() failed)\n");
ERR_print_errors(bio_err);
ret = 1;
goto end;
}
pname = opt_progname(argv[0]);
/* first check the program name */
@@ -254,6 +262,7 @@ int main(int argc, char *argv[])
OPENSSL_free(default_config_file);
lh_FUNCTION_free(prog);
OPENSSL_free(arg.argv);
app_RAND_write();
BIO_free(bio_in);
BIO_free_all(bio_out);
@@ -266,19 +275,15 @@ int main(int argc, char *argv[])
EXIT(ret);
}
OPTIONS exit_options[] = {
{NULL}
};
static void list_cipher_fn(const EVP_CIPHER *c,
const char *from, const char *to, void *arg)
{
if (c)
if (c != NULL) {
BIO_printf(arg, "%s\n", EVP_CIPHER_name(c));
else {
if (!from)
} else {
if (from == NULL)
from = "<undefined>";
if (!to)
if (to == NULL)
to = "<undefined>";
BIO_printf(arg, "%s => %s\n", from, to);
}
@@ -287,27 +292,74 @@ static void list_cipher_fn(const EVP_CIPHER *c,
static void list_md_fn(const EVP_MD *m,
const char *from, const char *to, void *arg)
{
if (m)
if (m != NULL) {
BIO_printf(arg, "%s\n", EVP_MD_name(m));
else {
if (!from)
} else {
if (from == NULL)
from = "<undefined>";
if (!to)
if (to == NULL)
to = "<undefined>";
BIO_printf((BIO *)arg, "%s => %s\n", from, to);
}
}
static void list_missing_help(void)
{
const FUNCTION *fp;
const OPTIONS *o;
for (fp = functions; fp->name != NULL; fp++) {
if ((o = fp->help) != NULL) {
/* If there is help, list what flags are not documented. */
for ( ; o->name != NULL; o++) {
if (o->helpstr == NULL)
BIO_printf(bio_out, "%s %s\n", fp->name, o->name);
}
} else if (fp->func != dgst_main) {
/* If not aliased to the dgst command, */
BIO_printf(bio_out, "%s *\n", fp->name);
}
}
}
static void list_options_for_command(const char *command)
{
const FUNCTION *fp;
const OPTIONS *o;
for (fp = functions; fp->name != NULL; fp++)
if (strcmp(fp->name, command) == 0)
break;
if (fp->name == NULL) {
BIO_printf(bio_err, "Invalid command '%s'; type \"help\" for a list.\n",
command);
return;
}
if ((o = fp->help) == NULL)
return;
for ( ; o->name != NULL; o++) {
if (o->name == OPT_HELP_STR
|| o->name == OPT_MORE_STR
|| o->name[0] == '\0')
continue;
BIO_printf(bio_out, "%s %c\n", o->name, o->valtype);
}
}
/* Unified enum for help and list commands. */
typedef enum HELPLIST_CHOICE {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_COMMANDS, OPT_DIGEST_COMMANDS,
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ONE,
OPT_COMMANDS, OPT_DIGEST_COMMANDS, OPT_OPTIONS,
OPT_DIGEST_ALGORITHMS, OPT_CIPHER_COMMANDS, OPT_CIPHER_ALGORITHMS,
OPT_PK_ALGORITHMS, OPT_DISABLED
OPT_PK_ALGORITHMS, OPT_PK_METHOD, OPT_DISABLED, OPT_MISSING_HELP
} HELPLIST_CHOICE;
OPTIONS list_options[] = {
const OPTIONS list_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"1", OPT_ONE, '-', "List in one column"},
{"commands", OPT_COMMANDS, '-', "List of standard commands"},
{"digest-commands", OPT_DIGEST_COMMANDS, '-',
"List of message digest commands"},
@@ -318,8 +370,14 @@ OPTIONS list_options[] = {
"List of cipher algorithms"},
{"public-key-algorithms", OPT_PK_ALGORITHMS, '-',
"List of public key algorithms"},
{"public-key-methods", OPT_PK_METHOD, '-',
"List of public key methods"},
{"disabled", OPT_DISABLED, '-',
"List of disabled features"},
{"missing-help", OPT_MISSING_HELP, '-',
"List missing detailed help strings"},
{"options", OPT_OPTIONS, 's',
"List options for specified command"},
{NULL}
};
@@ -327,7 +385,7 @@ int list_main(int argc, char **argv)
{
char *prog;
HELPLIST_CHOICE o;
int done = 0;
int one = 0, done = 0;
prog = opt_init(argc, argv, list_options);
while ((o = opt_next()) != OPT_EOF) {
@@ -340,17 +398,20 @@ opthelp:
case OPT_HELP:
opt_help(list_options);
break;
case OPT_ONE:
one = 1;
break;
case OPT_COMMANDS:
list_type(FT_general);
list_type(FT_general, one);
break;
case OPT_DIGEST_COMMANDS:
list_type(FT_md);
list_type(FT_md, one);
break;
case OPT_DIGEST_ALGORITHMS:
EVP_MD_do_all_sorted(list_md_fn, bio_out);
break;
case OPT_CIPHER_COMMANDS:
list_type(FT_cipher);
list_type(FT_cipher, one);
break;
case OPT_CIPHER_ALGORITHMS:
EVP_CIPHER_do_all_sorted(list_cipher_fn, bio_out);
@@ -358,9 +419,18 @@ opthelp:
case OPT_PK_ALGORITHMS:
list_pkey();
break;
case OPT_PK_METHOD:
list_pkey_meth();
break;
case OPT_DISABLED:
list_disabled();
break;
case OPT_MISSING_HELP:
list_missing_help();
break;
case OPT_OPTIONS:
list_options_for_command(opt_arg());
break;
}
done = 1;
}
@@ -375,42 +445,60 @@ opthelp:
return 0;
}
OPTIONS help_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
typedef enum HELP_CHOICE {
OPT_hERR = -1, OPT_hEOF = 0, OPT_hHELP
} HELP_CHOICE;
const OPTIONS help_options[] = {
{OPT_HELP_STR, 1, '-', "Usage: help [options]\n"},
{OPT_HELP_STR, 1, '-', " help [command]\n"},
{"help", OPT_hHELP, '-', "Display this summary"},
{NULL}
};
int help_main(int argc, char **argv)
{
FUNCTION *fp;
int i, nl;
FUNC_TYPE tp;
char *prog;
HELPLIST_CHOICE o;
HELP_CHOICE o;
DISPLAY_COLUMNS dc;
prog = opt_init(argc, argv, help_options);
while ((o = opt_next()) != OPT_EOF) {
while ((o = opt_next()) != OPT_hEOF) {
switch (o) {
default:
case OPT_hERR:
case OPT_hEOF:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
return 1;
case OPT_HELP:
case OPT_hHELP:
opt_help(help_options);
return 0;
}
}
if (opt_num_rest() == 1) {
char *new_argv[3];
new_argv[0] = opt_rest()[0];
new_argv[1] = "--help";
new_argv[2] = NULL;
return do_cmd(prog_init(), 2, new_argv);
}
if (opt_num_rest() != 0) {
BIO_printf(bio_err, "Usage: %s\n", prog);
return 1;
}
BIO_printf(bio_err, "\nStandard commands");
calculate_columns(&dc);
BIO_printf(bio_err, "Standard commands");
i = 0;
tp = FT_none;
for (fp = functions; fp->name != NULL; fp++) {
nl = 0;
if (((i++) % COLUMNS) == 0) {
if (i++ % dc.columns == 0) {
BIO_printf(bio_err, "\n");
nl = 1;
}
@@ -428,29 +516,35 @@ int help_main(int argc, char **argv)
"\nCipher commands (see the `enc' command for more details)\n");
}
}
BIO_printf(bio_err, FORMAT, fp->name);
BIO_printf(bio_err, "%-*s", dc.width, fp->name);
}
BIO_printf(bio_err, "\n\n");
return 0;
}
int exit_main(int argc, char **argv)
{
return EXIT_THE_PROGRAM;
}
static void list_type(FUNC_TYPE ft)
static void list_type(FUNC_TYPE ft, int one)
{
FUNCTION *fp;
int i = 0;
DISPLAY_COLUMNS dc = {0};
for (fp = functions; fp->name != NULL; fp++)
if (fp->type == ft) {
if ((i++ % COLUMNS) == 0)
if (!one)
calculate_columns(&dc);
for (fp = functions; fp->name != NULL; fp++) {
if (fp->type != ft)
continue;
if (one) {
BIO_printf(bio_out, "%s\n", fp->name);
} else {
if (i % dc.columns == 0 && i > 0)
BIO_printf(bio_out, "\n");
BIO_printf(bio_out, FORMAT, fp->name);
BIO_printf(bio_out, "%-*s", dc.width, fp->name);
i++;
}
BIO_printf(bio_out, "\n");
}
if (!one)
BIO_printf(bio_out, "\n\n");
}
static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[])
@@ -458,7 +552,7 @@ static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[])
FUNCTION f, *fp;
if (argc <= 0 || argv[0] == NULL)
return (0);
return 0;
f.name = argv[0];
fp = lh_FUNCTION_retrieve(prog, &f);
if (fp == NULL) {
@@ -473,7 +567,7 @@ static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[])
}
}
if (fp != NULL) {
return (fp->func(argc, argv));
return fp->func(argc, argv);
}
if ((strncmp(argv[0], "no-", 3)) == 0) {
/*
@@ -483,7 +577,7 @@ static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[])
f.name = argv[0] + 3;
if (lh_FUNCTION_retrieve(prog, &f) == NULL) {
BIO_printf(bio_out, "%s\n", argv[0]);
return (0);
return 0;
}
BIO_printf(bio_out, "%s\n", argv[0] + 3);
return 1;
@@ -495,7 +589,7 @@ static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[])
BIO_printf(bio_err, "Invalid command '%s'; type \"help\" for a list.\n",
argv[0]);
return (1);
return 1;
}
static void list_pkey(void)
@@ -527,6 +621,22 @@ static void list_pkey(void)
}
}
static void list_pkey_meth(void)
{
size_t i;
size_t meth_count = EVP_PKEY_meth_get_count();
for (i = 0; i < meth_count; i++) {
const EVP_PKEY_METHOD *pmeth = EVP_PKEY_meth_get0(i);
int pkey_id, pkey_flags;
EVP_PKEY_meth_get0_info(&pkey_id, &pkey_flags, pmeth);
BIO_printf(bio_out, "%s\n", OBJ_nid2ln(pkey_id));
BIO_printf(bio_out, "\tType: %s Algorithm\n",
pkey_flags & ASN1_PKEY_DYNAMIC ? "External" : "Builtin");
}
}
static int function_cmp(const FUNCTION * a, const FUNCTION * b)
{
return strncmp(a->name, b->name, 8);
@@ -550,6 +660,9 @@ static int SortFnByName(const void *_f1, const void *_f2)
static void list_disabled(void)
{
BIO_puts(bio_out, "Disabled algorithms:\n");
#ifdef OPENSSL_NO_ARIA
BIO_puts(bio_out, "ARIA\n");
#endif
#ifdef OPENSSL_NO_BF
BIO_puts(bio_out, "BF\n");
#endif
@@ -655,6 +768,15 @@ static void list_disabled(void)
#ifdef OPENSSL_NO_SEED
BIO_puts(bio_out, "SEED\n");
#endif
#ifdef OPENSSL_NO_SM2
BIO_puts(bio_out, "SM2\n");
#endif
#ifdef OPENSSL_NO_SM3
BIO_puts(bio_out, "SM3\n");
#endif
#ifdef OPENSSL_NO_SM4
BIO_puts(bio_out, "SM4\n");
#endif
#ifdef OPENSSL_NO_SOCK
BIO_puts(bio_out, "SOCK\n");
#endif
@@ -686,18 +808,25 @@ static void list_disabled(void)
static LHASH_OF(FUNCTION) *prog_init(void)
{
LHASH_OF(FUNCTION) *ret;
static LHASH_OF(FUNCTION) *ret = NULL;
static int prog_inited = 0;
FUNCTION *f;
size_t i;
if (prog_inited)
return ret;
prog_inited = 1;
/* Sort alphabetically within category. For nicer help displays. */
for (i = 0, f = functions; f->name != NULL; ++f, ++i) ;
for (i = 0, f = functions; f->name != NULL; ++f, ++i)
;
qsort(functions, i, sizeof(*functions), SortFnByName);
if ((ret = lh_FUNCTION_new(function_hash, function_cmp)) == NULL)
return (NULL);
return NULL;
for (f = functions; f->name != NULL; f++)
(void)lh_FUNCTION_insert(ret, f);
return (ret);
return ret;
}

12
apps/openssl.cnf
View File

@@ -3,10 +3,13 @@
# This is mostly being used for generation of certificate requests.
#
# Note that you can include other files from the main configuration
# file using the .include directive.
#.include filename
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
@@ -15,7 +18,7 @@ oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
@@ -53,7 +56,6 @@ crlnumber = $dir/crlnumber # the current crl number
# must be commented out to leave a V1 CRL
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem# The private key
RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extensions to add to the cert
@@ -113,7 +115,7 @@ x509_extensions = v3_ca # The extensions to add to the self signed cert
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation before 2004)
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
@@ -344,3 +346,5 @@ tsa_name = yes # Must the TSA name be included in the reply?
# (optional, default: no)
ess_cert_id_chain = no # Must the ESS cert id chain be included?
# (optional, default: no)
ess_cert_id_alg = sha1 # algorithm to compute certificate
# identifier (optional, default: sha1)

159
apps/opt.c
View File

@@ -1,13 +1,11 @@
/*
* Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/* #define COMPILE_STANDALONE_TEST_DRIVER */
#include "apps.h"
#include <string.h>
#if !defined(OPENSSL_SYS_MSDOS)
@@ -170,7 +168,6 @@ static OPT_PAIR formats[] = {
{"smime", OPT_FMT_SMIME},
{"engine", OPT_FMT_ENGINE},
{"msblob", OPT_FMT_MSBLOB},
{"netscape", OPT_FMT_NETSCAPE},
{"nss", OPT_FMT_NSS},
{"text", OPT_FMT_TEXT},
{"http", OPT_FMT_HTTP},
@@ -183,10 +180,10 @@ int opt_format_error(const char *s, unsigned long flags)
{
OPT_PAIR *ap;
if (flags == OPT_FMT_PEMDER)
if (flags == OPT_FMT_PEMDER) {
BIO_printf(bio_err, "%s: Bad format \"%s\"; must be pem or der\n",
prog, s);
else {
} else {
BIO_printf(bio_err, "%s: Bad format \"%s\"; must be one of:\n",
prog, s);
for (ap = formats; ap->name; ap++)
@@ -266,8 +263,9 @@ int opt_format(const char *s, unsigned long flags, int *result)
if ((flags & OPT_FMT_PKCS12) == 0)
return opt_format_error(s, flags);
*result = FORMAT_PKCS12;
} else
} else {
return 0;
}
break;
}
return 1;
@@ -277,9 +275,9 @@ int opt_format(const char *s, unsigned long flags, int *result)
int opt_cipher(const char *name, const EVP_CIPHER **cipherp)
{
*cipherp = EVP_get_cipherbyname(name);
if (*cipherp)
if (*cipherp != NULL)
return 1;
BIO_printf(bio_err, "%s: Unknown cipher %s\n", prog, name);
BIO_printf(bio_err, "%s: Unrecognized flag %s\n", prog, name);
return 0;
}
@@ -289,9 +287,9 @@ int opt_cipher(const char *name, const EVP_CIPHER **cipherp)
int opt_md(const char *name, const EVP_MD **mdp)
{
*mdp = EVP_get_digestbyname(name);
if (*mdp)
if (*mdp != NULL)
return 1;
BIO_printf(bio_err, "%s: Unknown digest %s\n", prog, name);
BIO_printf(bio_err, "%s: Unrecognized flag %s\n", prog, name);
return 0;
}
@@ -327,6 +325,30 @@ int opt_int(const char *value, int *result)
return 1;
}
static void opt_number_error(const char *v)
{
size_t i = 0;
struct strstr_pair_st {
char *prefix;
char *name;
} b[] = {
{"0x", "a hexadecimal"},
{"0X", "a hexadecimal"},
{"0", "an octal"}
};
for (i = 0; i < OSSL_NELEM(b); i++) {
if (strncmp(v, b[i].prefix, strlen(b[i].prefix)) == 0) {
BIO_printf(bio_err,
"%s: Can't parse \"%s\" as %s number\n",
prog, v, b[i].name);
return;
}
}
BIO_printf(bio_err, "%s: Can't parse \"%s\" as a number\n", prog, v);
return;
}
/* Parse a long, put it into *result; return 0 on failure, else 1. */
int opt_long(const char *value, long *result)
{
@@ -340,8 +362,7 @@ int opt_long(const char *value, long *result)
|| endp == value
|| ((l == LONG_MAX || l == LONG_MIN) && errno == ERANGE)
|| (l == 0 && errno != 0)) {
BIO_printf(bio_err, "%s: Can't parse \"%s\" as a number\n",
prog, value);
opt_number_error(value);
errno = oerrno;
return 0;
}
@@ -366,8 +387,7 @@ int opt_imax(const char *value, intmax_t *result)
|| endp == value
|| ((m == INTMAX_MAX || m == INTMAX_MIN) && errno == ERANGE)
|| (m == 0 && errno != 0)) {
BIO_printf(bio_err, "%s: Can't parse \"%s\" as a number\n",
prog, value);
opt_number_error(value);
errno = oerrno;
return 0;
}
@@ -389,8 +409,7 @@ int opt_umax(const char *value, uintmax_t *result)
|| endp == value
|| (m == UINTMAX_MAX && errno == ERANGE)
|| (m == 0 && errno != 0)) {
BIO_printf(bio_err, "%s: Can't parse \"%s\" as a number\n",
prog, value);
opt_number_error(value);
errno = oerrno;
return 0;
}
@@ -415,8 +434,7 @@ int opt_ulong(const char *value, unsigned long *result)
|| endptr == value
|| ((l == ULONG_MAX) && errno == ERANGE)
|| (l == 0 && errno != 0)) {
BIO_printf(bio_err, "%s: Can't parse \"%s\" as an unsigned number\n",
prog, value);
opt_number_error(value);
errno = oerrno;
return 0;
}
@@ -657,26 +675,16 @@ int opt_next(void)
/* Just a string. */
break;
case '/':
if (app_isdir(arg) >= 0)
if (app_isdir(arg) > 0)
break;
BIO_printf(bio_err, "%s: Not a directory: %s\n", prog, arg);
return -1;
case '<':
/* Input file. */
if (strcmp(arg, "-") == 0 || app_access(arg, R_OK) >= 0)
break;
BIO_printf(bio_err,
"%s: Cannot open input file %s, %s\n",
prog, arg, strerror(errno));
return -1;
break;
case '>':
/* Output file. */
if (strcmp(arg, "-") == 0 || app_access(arg, W_OK) >= 0 || errno == ENOENT)
break;
BIO_printf(bio_err,
"%s: Cannot open output file %s, %s\n",
prog, arg, strerror(errno));
return -1;
break;
case 'p':
case 'n':
if (!opt_int(arg, &ival)
@@ -888,90 +896,3 @@ void opt_help(const OPTIONS *list)
BIO_printf(bio_err, "%s %s\n", start, help);
}
}
#ifdef COMPILE_STANDALONE_TEST_DRIVER
# include <sys/stat.h>
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_IN, OPT_INFORM, OPT_OUT, OPT_COUNT, OPT_U, OPT_FLAG,
OPT_STR, OPT_NOTUSED
} OPTION_CHOICE;
static OPTIONS options[] = {
{OPT_HELP_STR, 1, '-', "Usage: %s flags\n"},
{OPT_HELP_STR, 1, '-', "Valid options are:\n"},
{"help", OPT_HELP, '-', "Display this summary"},
{"in", OPT_IN, '<', "input file"},
{OPT_MORE_STR, 1, '-', "more detail about input"},
{"inform", OPT_INFORM, 'f', "input file format; defaults to pem"},
{"out", OPT_OUT, '>', "output file"},
{"count", OPT_COUNT, 'p', "a counter greater than zero"},
{"u", OPT_U, 'u', "an unsigned number"},
{"flag", OPT_FLAG, 0, "just some flag"},
{"str", OPT_STR, 's', "the magic word"},
{"areallyverylongoption", OPT_HELP, '-', "long way for help"},
{NULL}
};
BIO *bio_err;
int app_isdir(const char *name)
{
struct stat sb;
return name != NULL && stat(name, &sb) >= 0 && S_ISDIR(sb.st_mode);
}
int main(int ac, char **av)
{
OPTION_CHOICE o;
char **rest;
char *prog;
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
prog = opt_init(ac, av, options);
while ((o = opt_next()) != OPT_EOF) {
switch (c) {
case OPT_NOTUSED:
case OPT_EOF:
case OPT_ERR:
printf("%s: Usage error; try -help.\n", prog);
return 1;
case OPT_HELP:
opt_help(options);
return 0;
case OPT_IN:
printf("in %s\n", opt_arg());
break;
case OPT_INFORM:
printf("inform %s\n", opt_arg());
break;
case OPT_OUT:
printf("out %s\n", opt_arg());
break;
case OPT_COUNT:
printf("count %s\n", opt_arg());
break;
case OPT_U:
printf("u %s\n", opt_arg());
break;
case OPT_FLAG:
printf("flag\n");
break;
case OPT_STR:
printf("str %s\n", opt_arg());
break;
}
}
argc = opt_num_rest();
argv = opt_rest();
printf("args = %d\n", argc);
if (argc)
while (*argv)
printf(" %s\n", *argv++);
return 0;
}
#endif

595
apps/passwd.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -7,26 +7,20 @@
* https://www.openssl.org/source/license.html
*/
#if defined OPENSSL_NO_MD5 || defined CHARSET_EBCDIC
# define NO_MD5CRYPT_1
#include <string.h>
#include "apps.h"
#include "progs.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/rand.h>
#ifndef OPENSSL_NO_DES
# include <openssl/des.h>
#endif
#if !defined(OPENSSL_NO_DES) || !defined(NO_MD5CRYPT_1)
# include <string.h>
# include "apps.h"
# include <openssl/bio.h>
# include <openssl/err.h>
# include <openssl/evp.h>
# include <openssl/rand.h>
# ifndef OPENSSL_NO_DES
# include <openssl/des.h>
# endif
# ifndef NO_MD5CRYPT_1
# include <openssl/md5.h>
# endif
#include <openssl/md5.h>
#include <openssl/sha.h>
static unsigned const char cov_2char[64] = {
/* from crypto/des/fcrypt.c */
@@ -40,19 +34,31 @@ static unsigned const char cov_2char[64] = {
0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7A
};
static const char ascii_dollar[] = { 0x24, 0x00 };
typedef enum {
passwd_unset = 0,
passwd_crypt,
passwd_md5,
passwd_apr1,
passwd_sha256,
passwd_sha512,
passwd_aixmd5
} passwd_modes;
static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
char *passwd, BIO *out, int quiet, int table,
int reverse, size_t pw_maxlen, int usecrypt, int use1,
int useapr1);
int reverse, size_t pw_maxlen, passwd_modes mode);
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_IN,
OPT_NOVERIFY, OPT_QUIET, OPT_TABLE, OPT_REVERSE, OPT_APR1,
OPT_1, OPT_CRYPT, OPT_SALT, OPT_STDIN
OPT_1, OPT_5, OPT_6, OPT_CRYPT, OPT_AIXMD5, OPT_SALT, OPT_STDIN,
OPT_R_ENUM
} OPTION_CHOICE;
OPTIONS passwd_options[] = {
const OPTIONS passwd_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"in", OPT_IN, '<', "Read passwords from file"},
{"noverify", OPT_NOVERIFY, '-',
@@ -62,13 +68,15 @@ OPTIONS passwd_options[] = {
{"reverse", OPT_REVERSE, '-', "Switch table columns"},
{"salt", OPT_SALT, 's', "Use provided salt"},
{"stdin", OPT_STDIN, '-', "Read passwords from stdin"},
# ifndef NO_MD5CRYPT_1
{"6", OPT_6, '-', "SHA512-based password algorithm"},
{"5", OPT_5, '-', "SHA256-based password algorithm"},
{"apr1", OPT_APR1, '-', "MD5-based password algorithm, Apache variant"},
{"1", OPT_1, '-', "MD5-based password algorithm"},
# endif
# ifndef OPENSSL_NO_DES
{"aixmd5", OPT_AIXMD5, '-', "AIX MD5-based password algorithm"},
#ifndef OPENSSL_NO_DES
{"crypt", OPT_CRYPT, '-', "Standard Unix password algorithm (default)"},
# endif
#endif
OPT_R_OPTIONS,
{NULL}
};
@@ -79,12 +87,15 @@ int passwd_main(int argc, char **argv)
char *salt_malloc = NULL, *passwd_malloc = NULL, *prog;
OPTION_CHOICE o;
int in_stdin = 0, pw_source_defined = 0;
# ifndef OPENSSL_NO_UI
#ifndef OPENSSL_NO_UI_CONSOLE
int in_noverify = 0;
# endif
#endif
int passed_salt = 0, quiet = 0, table = 0, reverse = 0;
int ret = 1, usecrypt = 0, use1 = 0, useapr1 = 0;
size_t passwd_malloc_size = 0, pw_maxlen = 256;
int ret = 1;
passwd_modes mode = passwd_unset;
size_t passwd_malloc_size = 0;
size_t pw_maxlen = 256; /* arbitrary limit, should be enough for most
* passwords */
prog = opt_init(argc, argv, passwd_options);
while ((o = opt_next()) != OPT_EOF) {
@@ -105,9 +116,9 @@ int passwd_main(int argc, char **argv)
pw_source_defined = 1;
break;
case OPT_NOVERIFY:
# ifndef OPENSSL_NO_UI
#ifndef OPENSSL_NO_UI_CONSOLE
in_noverify = 1;
# endif
#endif
break;
case OPT_QUIET:
quiet = 1;
@@ -119,13 +130,36 @@ int passwd_main(int argc, char **argv)
reverse = 1;
break;
case OPT_1:
use1 = 1;
if (mode != passwd_unset)
goto opthelp;
mode = passwd_md5;
break;
case OPT_5:
if (mode != passwd_unset)
goto opthelp;
mode = passwd_sha256;
break;
case OPT_6:
if (mode != passwd_unset)
goto opthelp;
mode = passwd_sha512;
break;
case OPT_APR1:
useapr1 = 1;
if (mode != passwd_unset)
goto opthelp;
mode = passwd_apr1;
break;
case OPT_AIXMD5:
if (mode != passwd_unset)
goto opthelp;
mode = passwd_aixmd5;
break;
case OPT_CRYPT:
usecrypt = 1;
#ifndef OPENSSL_NO_DES
if (mode != passwd_unset)
goto opthelp;
mode = passwd_crypt;
#endif
break;
case OPT_SALT:
passed_salt = 1;
@@ -137,35 +171,31 @@ int passwd_main(int argc, char **argv)
in_stdin = 1;
pw_source_defined = 1;
break;
case OPT_R_CASES:
if (!opt_rand(o))
goto end;
break;
}
}
argc = opt_num_rest();
argv = opt_rest();
if (*argv) {
if (*argv != NULL) {
if (pw_source_defined)
goto opthelp;
pw_source_defined = 1;
passwds = argv;
}
if (!usecrypt && !use1 && !useapr1) {
if (mode == passwd_unset) {
/* use default */
usecrypt = 1;
}
if (usecrypt + use1 + useapr1 > 1) {
/* conflict */
goto opthelp;
mode = passwd_crypt;
}
# ifdef OPENSSL_NO_DES
if (usecrypt)
#ifdef OPENSSL_NO_DES
if (mode == passwd_crypt)
goto opthelp;
# endif
# ifdef NO_MD5CRYPT_1
if (use1 || useapr1)
goto opthelp;
# endif
#endif
if (infile != NULL && in_stdin) {
BIO_printf(bio_err, "%s: Can't combine -in and -stdin\n", prog);
@@ -182,11 +212,8 @@ int passwd_main(int argc, char **argv)
goto end;
}
if (usecrypt)
if (mode == passwd_crypt)
pw_maxlen = 8;
else if (use1 || useapr1)
pw_maxlen = 256; /* arbitrary limit, should be enough for most
* passwords */
if (passwds == NULL) {
/* no passwords on the command line */
@@ -204,7 +231,7 @@ int passwd_main(int argc, char **argv)
* avoid rot of not-frequently-used code.
*/
if (1) {
# ifndef OPENSSL_NO_UI
#ifndef OPENSSL_NO_UI_CONSOLE
/* build a null-terminated list */
static char *passwds_static[2] = { NULL, NULL };
@@ -217,7 +244,7 @@ int passwd_main(int argc, char **argv)
}
passwds[0] = passwd_malloc;
} else {
# endif
#endif
BIO_printf(bio_err, "password required\n");
goto end;
}
@@ -230,8 +257,7 @@ int passwd_main(int argc, char **argv)
do { /* loop over list of passwords */
passwd = *passwds++;
if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, bio_out,
quiet, table, reverse, pw_maxlen, usecrypt, use1,
useapr1))
quiet, table, reverse, pw_maxlen, mode))
goto end;
} while (*passwds != NULL);
} else {
@@ -255,7 +281,7 @@ int passwd_main(int argc, char **argv)
if (!do_passwd
(passed_salt, &salt, &salt_malloc, passwd, bio_out, quiet,
table, reverse, pw_maxlen, usecrypt, use1, useapr1))
table, reverse, pw_maxlen, mode))
goto end;
}
done = (r <= 0);
@@ -264,14 +290,15 @@ int passwd_main(int argc, char **argv)
ret = 0;
end:
#if 0
ERR_print_errors(bio_err);
#endif
OPENSSL_free(salt_malloc);
OPENSSL_free(passwd_malloc);
BIO_free(in);
return (ret);
return ret;
}
# ifndef NO_MD5CRYPT_1
/*
* MD5-based password algorithm (should probably be available as a library
* function; then the static buffer would not be acceptable). For magic
@@ -286,6 +313,9 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
/* "$apr1$..salt..$.......md5hash..........\0" */
static char out_buf[6 + 9 + 24 + 2];
unsigned char buf[MD5_DIGEST_LENGTH];
char ascii_magic[5]; /* "apr1" plus '\0' */
char ascii_salt[9]; /* Max 8 chars plus '\0' */
char *ascii_passwd = NULL;
char *salt_out;
int n;
unsigned int i;
@@ -293,41 +323,72 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
size_t passwd_len, salt_len, magic_len;
passwd_len = strlen(passwd);
out_buf[0] = '$';
out_buf[1] = 0;
out_buf[0] = 0;
magic_len = strlen(magic);
OPENSSL_strlcpy(ascii_magic, magic, sizeof(ascii_magic));
#ifdef CHARSET_EBCDIC
if ((magic[0] & 0x80) != 0) /* High bit is 1 in EBCDIC alnums */
ebcdic2ascii(ascii_magic, ascii_magic, magic_len);
#endif
if (magic_len > 4) /* assert it's "1" or "apr1" */
/* The salt gets truncated to 8 chars */
OPENSSL_strlcpy(ascii_salt, salt, sizeof(ascii_salt));
salt_len = strlen(ascii_salt);
#ifdef CHARSET_EBCDIC
ebcdic2ascii(ascii_salt, ascii_salt, salt_len);
#endif
#ifdef CHARSET_EBCDIC
ascii_passwd = OPENSSL_strdup(passwd);
if (ascii_passwd == NULL)
return NULL;
ebcdic2ascii(ascii_passwd, ascii_passwd, passwd_len);
passwd = ascii_passwd;
#endif
OPENSSL_strlcat(out_buf, magic, sizeof(out_buf));
OPENSSL_strlcat(out_buf, "$", sizeof(out_buf));
OPENSSL_strlcat(out_buf, salt, sizeof(out_buf));
if (magic_len > 0) {
OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf));
if (magic_len > 4) /* assert it's "1" or "apr1" */
goto err;
OPENSSL_strlcat(out_buf, ascii_magic, sizeof(out_buf));
OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf));
}
OPENSSL_strlcat(out_buf, ascii_salt, sizeof(out_buf));
if (strlen(out_buf) > 6 + 8) /* assert "$apr1$..salt.." */
return NULL;
goto err;
salt_out = out_buf + 2 + magic_len;
salt_len = strlen(salt_out);
salt_out = out_buf;
if (magic_len > 0)
salt_out += 2 + magic_len;
if (salt_len > 8)
return NULL;
goto err;
md = EVP_MD_CTX_new();
if (md == NULL
|| !EVP_DigestInit_ex(md, EVP_md5(), NULL)
|| !EVP_DigestUpdate(md, passwd, passwd_len)
|| !EVP_DigestUpdate(md, "$", 1)
|| !EVP_DigestUpdate(md, magic, magic_len)
|| !EVP_DigestUpdate(md, "$", 1)
|| !EVP_DigestUpdate(md, salt_out, salt_len))
|| !EVP_DigestUpdate(md, passwd, passwd_len))
goto err;
if (magic_len > 0)
if (!EVP_DigestUpdate(md, ascii_dollar, 1)
|| !EVP_DigestUpdate(md, ascii_magic, magic_len)
|| !EVP_DigestUpdate(md, ascii_dollar, 1))
goto err;
if (!EVP_DigestUpdate(md, ascii_salt, salt_len))
goto err;
md2 = EVP_MD_CTX_new();
if (md2 == NULL
|| !EVP_DigestInit_ex(md2, EVP_md5(), NULL)
|| !EVP_DigestUpdate(md2, passwd, passwd_len)
|| !EVP_DigestUpdate(md2, salt_out, salt_len)
|| !EVP_DigestUpdate(md2, ascii_salt, salt_len)
|| !EVP_DigestUpdate(md2, passwd, passwd_len)
|| !EVP_DigestFinal_ex(md2, buf, NULL))
goto err;
@@ -356,7 +417,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
(i & 1) ? passwd_len : sizeof(buf)))
goto err;
if (i % 3) {
if (!EVP_DigestUpdate(md2, salt_out, salt_len))
if (!EVP_DigestUpdate(md2, ascii_salt, salt_len))
goto err;
}
if (i % 7) {
@@ -387,15 +448,15 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
buf_perm[dest] = buf[source];
buf_perm[14] = buf[5];
buf_perm[15] = buf[11];
# ifndef PEDANTIC /* Unfortunately, this generates a "no
# ifndef PEDANTIC /* Unfortunately, this generates a "no
* effect" warning */
assert(16 == sizeof(buf_perm));
# endif
# endif
output = salt_out + salt_len;
assert(output == out_buf + strlen(out_buf));
*output++ = '$';
*output++ = ascii_dollar[0];
for (i = 0; i < 15; i += 3) {
*output++ = cov_2char[buf_perm[i + 2] & 0x3f];
@@ -410,21 +471,309 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
*output++ = cov_2char[buf_perm[i] >> 6];
*output = 0;
assert(strlen(out_buf) < sizeof(out_buf));
#ifdef CHARSET_EBCDIC
ascii2ebcdic(out_buf, out_buf, strlen(out_buf));
#endif
}
return out_buf;
err:
OPENSSL_free(ascii_passwd);
EVP_MD_CTX_free(md2);
EVP_MD_CTX_free(md);
return NULL;
}
/*
* SHA based password algorithm, describe by Ulrich Drepper here:
* https://www.akkadia.org/drepper/SHA-crypt.txt
* (note that it's in the public domain)
*/
static char *shacrypt(const char *passwd, const char *magic, const char *salt)
{
/* Prefix for optional rounds specification. */
static const char rounds_prefix[] = "rounds=";
/* Maximum salt string length. */
# define SALT_LEN_MAX 16
/* Default number of rounds if not explicitly specified. */
# define ROUNDS_DEFAULT 5000
/* Minimum number of rounds. */
# define ROUNDS_MIN 1000
/* Maximum number of rounds. */
# define ROUNDS_MAX 999999999
/* "$6$rounds=<N>$......salt......$...shahash(up to 86 chars)...\0" */
static char out_buf[3 + 17 + 17 + 86 + 1];
unsigned char buf[SHA512_DIGEST_LENGTH];
unsigned char temp_buf[SHA512_DIGEST_LENGTH];
size_t buf_size = 0;
char ascii_magic[2];
char ascii_salt[17]; /* Max 16 chars plus '\0' */
char *ascii_passwd = NULL;
size_t n;
EVP_MD_CTX *md = NULL, *md2 = NULL;
const EVP_MD *sha = NULL;
size_t passwd_len, salt_len, magic_len;
unsigned int rounds = 5000; /* Default */
char rounds_custom = 0;
char *p_bytes = NULL;
char *s_bytes = NULL;
char *cp = NULL;
passwd_len = strlen(passwd);
magic_len = strlen(magic);
/* assert it's "5" or "6" */
if (magic_len != 1)
return NULL;
switch (magic[0]) {
case '5':
sha = EVP_sha256();
buf_size = 32;
break;
case '6':
sha = EVP_sha512();
buf_size = 64;
break;
default:
return NULL;
}
if (strncmp(salt, rounds_prefix, sizeof(rounds_prefix) - 1) == 0) {
const char *num = salt + sizeof(rounds_prefix) - 1;
char *endp;
unsigned long int srounds = strtoul (num, &endp, 10);
if (*endp == '$') {
salt = endp + 1;
if (srounds > ROUNDS_MAX)
rounds = ROUNDS_MAX;
else if (srounds < ROUNDS_MIN)
rounds = ROUNDS_MIN;
else
rounds = (unsigned int)srounds;
rounds_custom = 1;
} else {
return NULL;
}
}
OPENSSL_strlcpy(ascii_magic, magic, sizeof(ascii_magic));
#ifdef CHARSET_EBCDIC
if ((magic[0] & 0x80) != 0) /* High bit is 1 in EBCDIC alnums */
ebcdic2ascii(ascii_magic, ascii_magic, magic_len);
#endif
/* The salt gets truncated to 16 chars */
OPENSSL_strlcpy(ascii_salt, salt, sizeof(ascii_salt));
salt_len = strlen(ascii_salt);
#ifdef CHARSET_EBCDIC
ebcdic2ascii(ascii_salt, ascii_salt, salt_len);
#endif
#ifdef CHARSET_EBCDIC
ascii_passwd = OPENSSL_strdup(passwd);
if (ascii_passwd == NULL)
return NULL;
ebcdic2ascii(ascii_passwd, ascii_passwd, passwd_len);
passwd = ascii_passwd;
#endif
out_buf[0] = 0;
OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf));
OPENSSL_strlcat(out_buf, ascii_magic, sizeof(out_buf));
OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf));
if (rounds_custom) {
char tmp_buf[80]; /* "rounds=999999999" */
sprintf(tmp_buf, "rounds=%u", rounds);
#ifdef CHARSET_EBCDIC
/* In case we're really on a ASCII based platform and just pretend */
if (tmp_buf[0] != 0x72) /* ASCII 'r' */
ebcdic2ascii(tmp_buf, tmp_buf, strlen(tmp_buf));
#endif
OPENSSL_strlcat(out_buf, tmp_buf, sizeof(out_buf));
OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf));
}
OPENSSL_strlcat(out_buf, ascii_salt, sizeof(out_buf));
/* assert "$5$rounds=999999999$......salt......" */
if (strlen(out_buf) > 3 + 17 * rounds_custom + salt_len )
goto err;
md = EVP_MD_CTX_new();
if (md == NULL
|| !EVP_DigestInit_ex(md, sha, NULL)
|| !EVP_DigestUpdate(md, passwd, passwd_len)
|| !EVP_DigestUpdate(md, ascii_salt, salt_len))
goto err;
md2 = EVP_MD_CTX_new();
if (md2 == NULL
|| !EVP_DigestInit_ex(md2, sha, NULL)
|| !EVP_DigestUpdate(md2, passwd, passwd_len)
|| !EVP_DigestUpdate(md2, ascii_salt, salt_len)
|| !EVP_DigestUpdate(md2, passwd, passwd_len)
|| !EVP_DigestFinal_ex(md2, buf, NULL))
goto err;
for (n = passwd_len; n > buf_size; n -= buf_size) {
if (!EVP_DigestUpdate(md, buf, buf_size))
goto err;
}
if (!EVP_DigestUpdate(md, buf, n))
goto err;
n = passwd_len;
while (n) {
if (!EVP_DigestUpdate(md,
(n & 1) ? buf : (unsigned const char *)passwd,
(n & 1) ? buf_size : passwd_len))
goto err;
n >>= 1;
}
if (!EVP_DigestFinal_ex(md, buf, NULL))
return NULL;
/* P sequence */
if (!EVP_DigestInit_ex(md2, sha, NULL))
goto err;
for (n = passwd_len; n > 0; n--)
if (!EVP_DigestUpdate(md2, passwd, passwd_len))
goto err;
if (!EVP_DigestFinal_ex(md2, temp_buf, NULL))
return NULL;
if ((p_bytes = OPENSSL_zalloc(passwd_len)) == NULL)
goto err;
for (cp = p_bytes, n = passwd_len; n > buf_size; n -= buf_size, cp += buf_size)
memcpy(cp, temp_buf, buf_size);
memcpy(cp, temp_buf, n);
/* S sequence */
if (!EVP_DigestInit_ex(md2, sha, NULL))
goto err;
for (n = 16 + buf[0]; n > 0; n--)
if (!EVP_DigestUpdate(md2, ascii_salt, salt_len))
goto err;
if (!EVP_DigestFinal_ex(md2, temp_buf, NULL))
return NULL;
if ((s_bytes = OPENSSL_zalloc(salt_len)) == NULL)
goto err;
for (cp = s_bytes, n = salt_len; n > buf_size; n -= buf_size, cp += buf_size)
memcpy(cp, temp_buf, buf_size);
memcpy(cp, temp_buf, n);
for (n = 0; n < rounds; n++) {
if (!EVP_DigestInit_ex(md2, sha, NULL))
goto err;
if (!EVP_DigestUpdate(md2,
(n & 1) ? (unsigned const char *)p_bytes : buf,
(n & 1) ? passwd_len : buf_size))
goto err;
if (n % 3) {
if (!EVP_DigestUpdate(md2, s_bytes, salt_len))
goto err;
}
if (n % 7) {
if (!EVP_DigestUpdate(md2, p_bytes, passwd_len))
goto err;
}
if (!EVP_DigestUpdate(md2,
(n & 1) ? buf : (unsigned const char *)p_bytes,
(n & 1) ? buf_size : passwd_len))
goto err;
if (!EVP_DigestFinal_ex(md2, buf, NULL))
goto err;
}
EVP_MD_CTX_free(md2);
EVP_MD_CTX_free(md);
md2 = NULL;
md = NULL;
OPENSSL_free(p_bytes);
OPENSSL_free(s_bytes);
p_bytes = NULL;
s_bytes = NULL;
cp = out_buf + strlen(out_buf);
*cp++ = ascii_dollar[0];
# define b64_from_24bit(B2, B1, B0, N) \
do { \
unsigned int w = ((B2) << 16) | ((B1) << 8) | (B0); \
int i = (N); \
while (i-- > 0) \
{ \
*cp++ = cov_2char[w & 0x3f]; \
w >>= 6; \
} \
} while (0)
switch (magic[0]) {
case '5':
b64_from_24bit (buf[0], buf[10], buf[20], 4);
b64_from_24bit (buf[21], buf[1], buf[11], 4);
b64_from_24bit (buf[12], buf[22], buf[2], 4);
b64_from_24bit (buf[3], buf[13], buf[23], 4);
b64_from_24bit (buf[24], buf[4], buf[14], 4);
b64_from_24bit (buf[15], buf[25], buf[5], 4);
b64_from_24bit (buf[6], buf[16], buf[26], 4);
b64_from_24bit (buf[27], buf[7], buf[17], 4);
b64_from_24bit (buf[18], buf[28], buf[8], 4);
b64_from_24bit (buf[9], buf[19], buf[29], 4);
b64_from_24bit (0, buf[31], buf[30], 3);
break;
case '6':
b64_from_24bit (buf[0], buf[21], buf[42], 4);
b64_from_24bit (buf[22], buf[43], buf[1], 4);
b64_from_24bit (buf[44], buf[2], buf[23], 4);
b64_from_24bit (buf[3], buf[24], buf[45], 4);
b64_from_24bit (buf[25], buf[46], buf[4], 4);
b64_from_24bit (buf[47], buf[5], buf[26], 4);
b64_from_24bit (buf[6], buf[27], buf[48], 4);
b64_from_24bit (buf[28], buf[49], buf[7], 4);
b64_from_24bit (buf[50], buf[8], buf[29], 4);
b64_from_24bit (buf[9], buf[30], buf[51], 4);
b64_from_24bit (buf[31], buf[52], buf[10], 4);
b64_from_24bit (buf[53], buf[11], buf[32], 4);
b64_from_24bit (buf[12], buf[33], buf[54], 4);
b64_from_24bit (buf[34], buf[55], buf[13], 4);
b64_from_24bit (buf[56], buf[14], buf[35], 4);
b64_from_24bit (buf[15], buf[36], buf[57], 4);
b64_from_24bit (buf[37], buf[58], buf[16], 4);
b64_from_24bit (buf[59], buf[17], buf[38], 4);
b64_from_24bit (buf[18], buf[39], buf[60], 4);
b64_from_24bit (buf[40], buf[61], buf[19], 4);
b64_from_24bit (buf[62], buf[20], buf[41], 4);
b64_from_24bit (0, 0, buf[63], 2);
break;
default:
goto err;
}
*cp = '\0';
#ifdef CHARSET_EBCDIC
ascii2ebcdic(out_buf, out_buf, strlen(out_buf));
#endif
return out_buf;
err:
EVP_MD_CTX_free(md2);
EVP_MD_CTX_free(md);
OPENSSL_free(p_bytes);
OPENSSL_free(s_bytes);
OPENSSL_free(ascii_passwd);
return NULL;
}
# endif
static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
char *passwd, BIO *out, int quiet, int table,
int reverse, size_t pw_maxlen, int usecrypt, int use1,
int useapr1)
int reverse, size_t pw_maxlen, passwd_modes mode)
{
char *hash = NULL;
@@ -433,36 +782,34 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
/* first make sure we have a salt */
if (!passed_salt) {
# ifndef OPENSSL_NO_DES
if (usecrypt) {
if (*salt_malloc_p == NULL)
*salt_p = *salt_malloc_p = app_malloc(3, "salt buffer");
if (RAND_bytes((unsigned char *)*salt_p, 2) <= 0)
goto end;
(*salt_p)[0] = cov_2char[(*salt_p)[0] & 0x3f]; /* 6 bits */
(*salt_p)[1] = cov_2char[(*salt_p)[1] & 0x3f]; /* 6 bits */
(*salt_p)[2] = 0;
# ifdef CHARSET_EBCDIC
ascii2ebcdic(*salt_p, *salt_p, 2); /* des_crypt will convert back
* to ASCII */
# endif
}
# endif /* !OPENSSL_NO_DES */
size_t saltlen = 0;
size_t i;
# ifndef NO_MD5CRYPT_1
if (use1 || useapr1) {
int i;
#ifndef OPENSSL_NO_DES
if (mode == passwd_crypt)
saltlen = 2;
#endif /* !OPENSSL_NO_DES */
if (*salt_malloc_p == NULL)
*salt_p = *salt_malloc_p = app_malloc(9, "salt buffer");
if (RAND_bytes((unsigned char *)*salt_p, 8) <= 0)
goto end;
if (mode == passwd_md5 || mode == passwd_apr1 || mode == passwd_aixmd5)
saltlen = 8;
for (i = 0; i < 8; i++)
(*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */
(*salt_p)[8] = 0;
}
# endif /* !NO_MD5CRYPT_1 */
if (mode == passwd_sha256 || mode == passwd_sha512)
saltlen = 16;
assert(saltlen != 0);
if (*salt_malloc_p == NULL)
*salt_p = *salt_malloc_p = app_malloc(saltlen + 1, "salt buffer");
if (RAND_bytes((unsigned char *)*salt_p, saltlen) <= 0)
goto end;
for (i = 0; i < saltlen; i++)
(*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */
(*salt_p)[i] = 0;
# ifdef CHARSET_EBCDIC
/* The password encryption function will convert back to ASCII */
ascii2ebcdic(*salt_p, *salt_p, saltlen);
# endif
}
assert(*salt_p != NULL);
@@ -481,14 +828,16 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
assert(strlen(passwd) <= pw_maxlen);
/* now compute password hash */
# ifndef OPENSSL_NO_DES
if (usecrypt)
#ifndef OPENSSL_NO_DES
if (mode == passwd_crypt)
hash = DES_crypt(passwd, *salt_p);
# endif
# ifndef NO_MD5CRYPT_1
if (use1 || useapr1)
hash = md5crypt(passwd, (use1 ? "1" : "apr1"), *salt_p);
# endif
#endif
if (mode == passwd_md5 || mode == passwd_apr1)
hash = md5crypt(passwd, (mode == passwd_md5 ? "1" : "apr1"), *salt_p);
if (mode == passwd_aixmd5)
hash = md5crypt(passwd, "", *salt_p);
if (mode == passwd_sha256 || mode == passwd_sha512)
hash = shacrypt(passwd, (mode == passwd_sha256 ? "5" : "6"), *salt_p);
assert(hash != NULL);
if (table && !reverse)
@@ -502,11 +851,3 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
end:
return 0;
}
#else
int passwd_main(int argc, char **argv)
{
BIO_printf(bio_err, "Program not available.\n");
return (1);
}
#endif

235
apps/pkcs12.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -8,24 +8,23 @@
*/
#include <openssl/opensslconf.h>
#if defined(OPENSSL_NO_DES)
NON_EMPTY_TRANSLATION_UNIT
#else
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "apps.h"
#include "progs.h"
#include <openssl/crypto.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/pkcs12.h>
# include <stdio.h>
# include <stdlib.h>
# include <string.h>
# include "apps.h"
# include <openssl/crypto.h>
# include <openssl/err.h>
# include <openssl/pem.h>
# include <openssl/pkcs12.h>
#define NOKEYS 0x1
#define NOCERTS 0x2
#define INFO 0x4
#define CLCERTS 0x8
#define CACERTS 0x10
# define NOKEYS 0x1
# define NOCERTS 0x2
# define INFO 0x4
# define CLCERTS 0x8
# define CACERTS 0x10
#define PASSWD_BUF_SIZE 2048
static int get_cert_chain(X509 *cert, X509_STORE *store,
STACK_OF(X509) **chain);
@@ -38,6 +37,7 @@ int dump_certs_pkeys_bags(BIO *out, const STACK_OF(PKCS12_SAFEBAG) *bags,
int dump_certs_pkeys_bag(BIO *out, const PKCS12_SAFEBAG *bags,
const char *pass, int passlen,
int options, char *pempass, const EVP_CIPHER *enc);
void print_attribute(BIO *out, const ASN1_TYPE *av);
int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst,
const char *name);
void hex_prin(BIO *out, unsigned char *buf, int len);
@@ -51,12 +51,13 @@ typedef enum OPTION_choice {
OPT_CACERTS, OPT_NOOUT, OPT_INFO, OPT_CHAIN, OPT_TWOPASS, OPT_NOMACVER,
OPT_DESCERT, OPT_EXPORT, OPT_NOITER, OPT_MACITER, OPT_NOMACITER,
OPT_NOMAC, OPT_LMK, OPT_NODES, OPT_MACALG, OPT_CERTPBE, OPT_KEYPBE,
OPT_RAND, OPT_INKEY, OPT_CERTFILE, OPT_NAME, OPT_CSP, OPT_CANAME,
OPT_INKEY, OPT_CERTFILE, OPT_NAME, OPT_CSP, OPT_CANAME,
OPT_IN, OPT_OUT, OPT_PASSIN, OPT_PASSOUT, OPT_PASSWORD, OPT_CAPATH,
OPT_CAFILE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_ENGINE
OPT_CAFILE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_ENGINE,
OPT_R_ENUM
} OPTION_CHOICE;
OPTIONS pkcs12_options[] = {
const OPTIONS pkcs12_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"nokeys", OPT_NOKEYS, '-', "Don't output private keys"},
{"keyex", OPT_KEYEX, '-', "Set MS key exchange type"},
@@ -69,15 +70,15 @@ OPTIONS pkcs12_options[] = {
{"chain", OPT_CHAIN, '-', "Add certificate chain"},
{"twopass", OPT_TWOPASS, '-', "Separate MAC, encryption passwords"},
{"nomacver", OPT_NOMACVER, '-', "Don't verify MAC"},
# ifndef OPENSSL_NO_RC2
#ifndef OPENSSL_NO_RC2
{"descert", OPT_DESCERT, '-',
"Encrypt output with 3DES (default RC2-40)"},
{"certpbe", OPT_CERTPBE, 's',
"Certificate PBE algorithm (default RC2-40)"},
# else
#else
{"descert", OPT_DESCERT, '-', "Encrypt output with 3DES (the default)"},
{"certpbe", OPT_CERTPBE, 's', "Certificate PBE algorithm (default 3DES)"},
# endif
#endif
{"export", OPT_EXPORT, '-', "Output PKCS12 file"},
{"noiter", OPT_NOITER, '-', "Don't use encryption iteration"},
{"maciter", OPT_MACITER, '-', "Use MAC iteration"},
@@ -89,8 +90,7 @@ OPTIONS pkcs12_options[] = {
{"macalg", OPT_MACALG, 's',
"Digest algorithm used in MAC (default SHA1)"},
{"keypbe", OPT_KEYPBE, 's', "Private key PBE algorithm (default 3DES)"},
{"rand", OPT_RAND, 's',
"Load the file(s) into the random number generator"},
OPT_R_OPTIONS,
{"inkey", OPT_INKEY, 's', "Private key if not infile"},
{"certfile", OPT_CERTFILE, '<', "Load certs from file"},
{"name", OPT_NAME, 's', "Use name as friendly name"},
@@ -109,9 +109,9 @@ OPTIONS pkcs12_options[] = {
{"no-CApath", OPT_NOCAPATH, '-',
"Do not load certificates from the default certificates directory"},
{"", OPT_CIPHER, '-', "Any supported cipher"},
# ifndef OPENSSL_NO_ENGINE
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
# endif
#endif
{NULL}
};
@@ -119,19 +119,19 @@ int pkcs12_main(int argc, char **argv)
{
char *infile = NULL, *outfile = NULL, *keyname = NULL, *certfile = NULL;
char *name = NULL, *csp_name = NULL;
char pass[2048] = "", macpass[2048] = "";
char pass[PASSWD_BUF_SIZE] = "", macpass[PASSWD_BUF_SIZE] = "";
int export_cert = 0, options = 0, chain = 0, twopass = 0, keytype = 0;
int iter = PKCS12_DEFAULT_ITER, maciter = PKCS12_DEFAULT_ITER;
# ifndef OPENSSL_NO_RC2
#ifndef OPENSSL_NO_RC2
int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
# else
#else
int cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
# endif
#endif
int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
int ret = 1, macver = 1, add_lmk = 0, private = 0;
int noprompt = 0;
char *passinarg = NULL, *passoutarg = NULL, *passarg = NULL;
char *passin = NULL, *passout = NULL, *inrand = NULL, *macalg = NULL;
char *passin = NULL, *passout = NULL, *macalg = NULL;
char *cpass = NULL, *mpass = NULL, *badpass = NULL;
const char *CApath = NULL, *CAfile = NULL, *prog;
int noCApath = 0, noCAfile = 0;
@@ -223,8 +223,9 @@ int pkcs12_main(int argc, char **argv)
if (!set_pbe(&key_pbe, opt_arg()))
goto opthelp;
break;
case OPT_RAND:
inrand = opt_arg();
case OPT_R_CASES:
if (!opt_rand(o))
goto end;
break;
case OPT_INKEY:
keyname = opt_arg();
@@ -285,7 +286,7 @@ int pkcs12_main(int argc, char **argv)
private = 1;
if (passarg) {
if (passarg != NULL) {
if (export_cert)
passoutarg = passarg;
else
@@ -297,33 +298,34 @@ int pkcs12_main(int argc, char **argv)
goto end;
}
if (!cpass) {
if (cpass == NULL) {
if (export_cert)
cpass = passout;
else
cpass = passin;
}
if (cpass) {
if (cpass != NULL) {
mpass = cpass;
noprompt = 1;
if (twopass) {
if (export_cert)
BIO_printf(bio_err, "Option -twopass cannot be used with -passout or -password\n");
else
BIO_printf(bio_err, "Option -twopass cannot be used with -passin or -password\n");
goto end;
}
} else {
cpass = pass;
mpass = macpass;
}
if (export_cert || inrand) {
app_RAND_load_file(NULL, (inrand != NULL));
if (inrand != NULL)
BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
}
if (twopass) {
/* To avoid bit rot */
if (1) {
#ifndef OPENSSL_NO_UI
if (EVP_read_pw_string
(macpass, sizeof(macpass), "Enter MAC Password:", export_cert)) {
#ifndef OPENSSL_NO_UI_CONSOLE
if (EVP_read_pw_string(
macpass, sizeof(macpass), "Enter MAC Password:", export_cert)) {
BIO_printf(bio_err, "Can't read Password\n");
goto end;
}
@@ -353,7 +355,7 @@ int pkcs12_main(int argc, char **argv)
if (!(options & NOKEYS)) {
key = load_key(keyname ? keyname : infile,
FORMAT_PEM, 1, passin, e, "private key");
if (!key)
if (key == NULL)
goto export_end;
}
@@ -363,7 +365,7 @@ int pkcs12_main(int argc, char **argv)
"certificates"))
goto export_end;
if (key) {
if (key != NULL) {
/* Look for matching private key */
for (i = 0; i < sk_X509_num(certs); i++) {
x = sk_X509_value(certs, i);
@@ -377,7 +379,7 @@ int pkcs12_main(int argc, char **argv)
break;
}
}
if (!ucert) {
if (ucert == NULL) {
BIO_printf(bio_err,
"No certificate matches private key\n");
goto export_end;
@@ -387,7 +389,7 @@ int pkcs12_main(int argc, char **argv)
}
/* Add any more certificates asked for */
if (certfile) {
if (certfile != NULL) {
if (!load_certs(certfile, &certs, FORMAT_PEM, NULL,
"certificates from certfile"))
goto export_end;
@@ -429,19 +431,20 @@ int pkcs12_main(int argc, char **argv)
X509_alias_set1(sk_X509_value(certs, i), catmp, -1);
}
if (csp_name && key)
if (csp_name != NULL && key != NULL)
EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name,
MBSTRING_ASC, (unsigned char *)csp_name,
-1);
if (add_lmk && key)
if (add_lmk && key != NULL)
EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1);
if (!noprompt) {
/* To avoid bit rot */
if (1) {
#ifndef OPENSSL_NO_UI
if (EVP_read_pw_string(pass, sizeof(pass), "Enter Export Password:",
1)) {
#ifndef OPENSSL_NO_UI_CONSOLE
if (EVP_read_pw_string(pass, sizeof(pass),
"Enter Export Password:", 1)) {
BIO_printf(bio_err, "Can't read Password\n");
goto export_end;
}
@@ -505,7 +508,7 @@ int pkcs12_main(int argc, char **argv)
if (!noprompt) {
if (1) {
#ifndef OPENSSL_NO_UI
#ifndef OPENSSL_NO_UI_CONSOLE
if (EVP_read_pw_string(pass, sizeof(pass), "Enter Import Password:",
0)) {
BIO_printf(bio_err, "Can't read Password\n");
@@ -525,12 +528,20 @@ int pkcs12_main(int argc, char **argv)
const ASN1_INTEGER *tmaciter;
const X509_ALGOR *macalgid;
const ASN1_OBJECT *macobj;
PKCS12_get0_mac(NULL, &macalgid, NULL, &tmaciter, p12);
const ASN1_OCTET_STRING *tmac;
const ASN1_OCTET_STRING *tsalt;
PKCS12_get0_mac(&tmac, &macalgid, &tsalt, &tmaciter, p12);
/* current hash algorithms do not use parameters so extract just name,
in future alg_print() may be needed */
X509_ALGOR_get0(&macobj, NULL, NULL, macalgid);
BIO_puts(bio_err, "MAC:");
BIO_puts(bio_err, "MAC: ");
i2a_ASN1_OBJECT(bio_err, macobj);
BIO_printf(bio_err, " Iteration %ld\n",
tmaciter != NULL ? ASN1_INTEGER_get(tmaciter) : 1L);
BIO_printf(bio_err, ", Iteration %ld\n",
tmaciter != NULL ? ASN1_INTEGER_get(tmaciter) : 1L);
BIO_printf(bio_err, "MAC length: %ld, salt length: %ld\n",
tmac != NULL ? ASN1_STRING_length(tmac) : 0L,
tsalt != NULL ? ASN1_STRING_length(tsalt) : 0L);
}
if (macver) {
/* If we enter empty password try no password first */
@@ -572,8 +583,6 @@ int pkcs12_main(int argc, char **argv)
ret = 0;
end:
PKCS12_free(p12);
if (export_cert || inrand)
app_RAND_write_file(NULL);
release_engine(e);
BIO_free(in);
BIO_free_all(out);
@@ -581,7 +590,7 @@ int pkcs12_main(int argc, char **argv)
OPENSSL_free(badpass);
OPENSSL_free(passin);
OPENSSL_free(passout);
return (ret);
return ret;
}
int dump_certs_keys_p12(BIO *out, const PKCS12 *p12, const char *pass,
@@ -609,8 +618,9 @@ int dump_certs_keys_p12(BIO *out, const PKCS12 *p12, const char *pass,
alg_print(p7->d.encrypted->enc_data->algorithm);
}
bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
} else
} else {
continue;
}
if (!bags)
goto err;
if (!dump_certs_pkeys_bags(out, bags, pass, passlen,
@@ -785,7 +795,7 @@ static int alg_print(const X509_ALGOR *alg)
if (aparamtype == V_ASN1_SEQUENCE)
pbe2 = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(PBE2PARAM));
if (pbe2 == NULL) {
BIO_puts(bio_err, "<unsupported parameters>");
BIO_puts(bio_err, ", <unsupported parameters>");
goto done;
}
X509_ALGOR_get0(&aoid, &aparamtype, &aparam, pbe2->keyfunc);
@@ -801,7 +811,7 @@ static int alg_print(const X509_ALGOR *alg)
if (aparamtype == V_ASN1_SEQUENCE)
kdf = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(PBKDF2PARAM));
if (kdf == NULL) {
BIO_puts(bio_err, "<unsupported parameters>");
BIO_puts(bio_err, ", <unsupported parameters>");
goto done;
}
@@ -814,13 +824,31 @@ static int alg_print(const X509_ALGOR *alg)
BIO_printf(bio_err, ", Iteration %ld, PRF %s",
ASN1_INTEGER_get(kdf->iter), OBJ_nid2sn(prfnid));
PBKDF2PARAM_free(kdf);
#ifndef OPENSSL_NO_SCRYPT
} else if (pbenid == NID_id_scrypt) {
SCRYPT_PARAMS *kdf = NULL;
if (aparamtype == V_ASN1_SEQUENCE)
kdf = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(SCRYPT_PARAMS));
if (kdf == NULL) {
BIO_puts(bio_err, ", <unsupported parameters>");
goto done;
}
BIO_printf(bio_err, ", Salt length: %d, Cost(N): %ld, "
"Block size(r): %ld, Parallelism(p): %ld",
ASN1_STRING_length(kdf->salt),
ASN1_INTEGER_get(kdf->costParameter),
ASN1_INTEGER_get(kdf->blockSize),
ASN1_INTEGER_get(kdf->parallelizationParameter));
SCRYPT_PARAMS_free(kdf);
#endif
}
PBE2PARAM_free(pbe2);
} else {
if (aparamtype == V_ASN1_SEQUENCE)
pbe = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(PBEPARAM));
if (pbe == NULL) {
BIO_puts(bio_err, "<unsupported parameters>");
BIO_puts(bio_err, ", <unsupported parameters>");
goto done;
}
BIO_printf(bio_err, ", Iteration %ld", ASN1_INTEGER_get(pbe->iter));
@@ -847,6 +875,38 @@ int cert_load(BIO *in, STACK_OF(X509) *sk)
return ret;
}
/* Generalised x509 attribute value print */
void print_attribute(BIO *out, const ASN1_TYPE *av)
{
char *value;
switch (av->type) {
case V_ASN1_BMPSTRING:
value = OPENSSL_uni2asc(av->value.bmpstring->data,
av->value.bmpstring->length);
BIO_printf(out, "%s\n", value);
OPENSSL_free(value);
break;
case V_ASN1_OCTET_STRING:
hex_prin(out, av->value.octet_string->data,
av->value.octet_string->length);
BIO_printf(out, "\n");
break;
case V_ASN1_BIT_STRING:
hex_prin(out, av->value.bit_string->data,
av->value.bit_string->length);
BIO_printf(out, "\n");
break;
default:
BIO_printf(out, "<Unsupported tag %d>\n", av->type);
break;
}
}
/* Generalised attribute print: handle PKCS#8 and bag attributes */
int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst,
@@ -854,8 +914,7 @@ int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst,
{
X509_ATTRIBUTE *attr;
ASN1_TYPE *av;
char *value;
int i, attr_nid;
int i, j, attr_nid;
if (!attrlst) {
BIO_printf(out, "%s: <No Attributes>\n", name);
return 1;
@@ -874,37 +933,19 @@ int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst,
if (attr_nid == NID_undef) {
i2a_ASN1_OBJECT(out, attr_obj);
BIO_printf(out, ": ");
} else
} else {
BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid));
}
if (X509_ATTRIBUTE_count(attr)) {
av = X509_ATTRIBUTE_get0_type(attr, 0);
switch (av->type) {
case V_ASN1_BMPSTRING:
value = OPENSSL_uni2asc(av->value.bmpstring->data,
av->value.bmpstring->length);
BIO_printf(out, "%s\n", value);
OPENSSL_free(value);
break;
case V_ASN1_OCTET_STRING:
hex_prin(out, av->value.octet_string->data,
av->value.octet_string->length);
BIO_printf(out, "\n");
break;
case V_ASN1_BIT_STRING:
hex_prin(out, av->value.bit_string->data,
av->value.bit_string->length);
BIO_printf(out, "\n");
break;
default:
BIO_printf(out, "<Unsupported tag %d>\n", av->type);
break;
for (j = 0; j < X509_ATTRIBUTE_count(attr); j++)
{
av = X509_ATTRIBUTE_get0_type(attr, j);
print_attribute(out, av);
}
} else
} else {
BIO_printf(out, "<No Values>\n");
}
}
return 1;
}
@@ -931,5 +972,3 @@ static int set_pbe(int *ppbe, const char *str)
}
return 1;
}
#endif

9
apps/pkcs7.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -12,6 +12,7 @@
#include <string.h>
#include <time.h>
#include "apps.h"
#include "progs.h"
#include <openssl/err.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
@@ -25,7 +26,7 @@ typedef enum OPTION_choice {
OPT_TEXT, OPT_PRINT, OPT_PRINT_CERTS, OPT_ENGINE
} OPTION_CHOICE;
OPTIONS pkcs7_options[] = {
const OPTIONS pkcs7_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"inform", OPT_INFORM, 'F', "Input format - DER or PEM"},
{"in", OPT_IN, '<', "Input file"},
@@ -163,7 +164,7 @@ int pkcs7_main(int argc, char **argv)
for (i = 0; i < sk_X509_CRL_num(crls); i++) {
crl = sk_X509_CRL_value(crls, i);
X509_CRL_print(out, crl);
X509_CRL_print_ex(out, crl, get_nameopt());
if (!noout)
PEM_write_bio_X509_CRL(out, crl);
@@ -193,5 +194,5 @@ int pkcs7_main(int argc, char **argv)
release_engine(e);
BIO_free(in);
BIO_free_all(out);
return (ret);
return ret;
}

54
apps/pkcs8.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -11,6 +11,7 @@
#include <stdlib.h>
#include <string.h>
#include "apps.h"
#include "progs.h"
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/evp.h>
@@ -24,10 +25,11 @@ typedef enum OPTION_choice {
OPT_SCRYPT, OPT_SCRYPT_N, OPT_SCRYPT_R, OPT_SCRYPT_P,
#endif
OPT_V2, OPT_V1, OPT_V2PRF, OPT_ITER, OPT_PASSIN, OPT_PASSOUT,
OPT_TRADITIONAL
OPT_TRADITIONAL,
OPT_R_ENUM
} OPTION_CHOICE;
OPTIONS pkcs8_options[] = {
const OPTIONS pkcs8_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"inform", OPT_INFORM, 'F', "Input format (DER or PEM)"},
{"outform", OPT_OUTFORM, 'F', "Output format (DER or PEM)"},
@@ -36,6 +38,7 @@ OPTIONS pkcs8_options[] = {
{"topk8", OPT_TOPK8, '-', "Output PKCS8 file"},
{"noiter", OPT_NOITER, '-', "Use 1 as iteration count"},
{"nocrypt", OPT_NOCRYPT, '-', "Use or expect unencrypted private key"},
OPT_R_OPTIONS,
{"v2", OPT_V2, 's', "Use PKCS#5 v2.0 and cipher"},
{"v1", OPT_V1, 's', "Use PKCS#5 v1.5 and cipher"},
{"v2prf", OPT_V2PRF, 's', "Set the PRF algorithm to use with PKCS#5 v2.0"},
@@ -65,7 +68,7 @@ int pkcs8_main(int argc, char **argv)
const EVP_CIPHER *cipher = NULL;
char *infile = NULL, *outfile = NULL;
char *passinarg = NULL, *passoutarg = NULL, *prog;
#ifndef OPENSSL_NO_UI
#ifndef OPENSSL_NO_UI_CONSOLE
char pass[APP_PASS_LEN];
#endif
char *passin = NULL, *passout = NULL, *p8pass = NULL;
@@ -112,6 +115,10 @@ int pkcs8_main(int argc, char **argv)
case OPT_NOCRYPT:
nocrypt = 1;
break;
case OPT_R_CASES:
if (!opt_rand(o))
goto end;
break;
case OPT_TRADITIONAL:
traditional = 1;
break;
@@ -196,7 +203,7 @@ int pkcs8_main(int argc, char **argv)
if (topk8) {
pkey = load_key(infile, informat, 1, passin, e, "key");
if (!pkey)
if (pkey == NULL)
goto end;
if ((p8inf = EVP_PKEY2PKCS8(pkey)) == NULL) {
BIO_printf(bio_err, "Error converting key\n");
@@ -205,11 +212,11 @@ int pkcs8_main(int argc, char **argv)
}
if (nocrypt) {
assert(private);
if (outformat == FORMAT_PEM)
if (outformat == FORMAT_PEM) {
PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf);
else if (outformat == FORMAT_ASN1)
} else if (outformat == FORMAT_ASN1) {
i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf);
else {
} else {
BIO_printf(bio_err, "Bad format specified for key\n");
goto end;
}
@@ -232,10 +239,11 @@ int pkcs8_main(int argc, char **argv)
ERR_print_errors(bio_err);
goto end;
}
if (passout)
if (passout != NULL) {
p8pass = passout;
else if (1) {
#ifndef OPENSSL_NO_UI
} else if (1) {
/* To avoid bit rot */
#ifndef OPENSSL_NO_UI_CONSOLE
p8pass = pass;
if (EVP_read_pw_string
(pass, sizeof(pass), "Enter Encryption Password:", 1)) {
@@ -247,7 +255,6 @@ int pkcs8_main(int argc, char **argv)
BIO_printf(bio_err, "Password required\n");
goto end;
}
app_RAND_load_file(NULL, 0);
p8 = PKCS8_set0_pbe(p8pass, strlen(p8pass), p8inf, pbe);
if (p8 == NULL) {
X509_ALGOR_free(pbe);
@@ -255,7 +262,6 @@ int pkcs8_main(int argc, char **argv)
ERR_print_errors(bio_err);
goto end;
}
app_RAND_write_file(NULL);
assert(private);
if (outformat == FORMAT_PEM)
PEM_write_bio_PKCS8(out, p8);
@@ -272,33 +278,33 @@ int pkcs8_main(int argc, char **argv)
}
if (nocrypt) {
if (informat == FORMAT_PEM)
if (informat == FORMAT_PEM) {
p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in, NULL, NULL, NULL);
else if (informat == FORMAT_ASN1)
} else if (informat == FORMAT_ASN1) {
p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL);
else {
} else {
BIO_printf(bio_err, "Bad format specified for key\n");
goto end;
}
} else {
if (informat == FORMAT_PEM)
if (informat == FORMAT_PEM) {
p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL);
else if (informat == FORMAT_ASN1)
} else if (informat == FORMAT_ASN1) {
p8 = d2i_PKCS8_bio(in, NULL);
else {
} else {
BIO_printf(bio_err, "Bad format specified for key\n");
goto end;
}
if (!p8) {
if (p8 == NULL) {
BIO_printf(bio_err, "Error reading key\n");
ERR_print_errors(bio_err);
goto end;
}
if (passin)
if (passin != NULL) {
p8pass = passin;
else if (1) {
#ifndef OPENSSL_NO_UI
} else if (1) {
#ifndef OPENSSL_NO_UI_CONSOLE
p8pass = pass;
if (EVP_read_pw_string(pass, sizeof(pass), "Enter Password:", 0)) {
BIO_printf(bio_err, "Can't read Password\n");
@@ -312,7 +318,7 @@ int pkcs8_main(int argc, char **argv)
p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass));
}
if (!p8inf) {
if (p8inf == NULL) {
BIO_printf(bio_err, "Error decrypting key\n");
ERR_print_errors(bio_err);
goto end;

53
apps/pkey.c
View File

@@ -10,6 +10,7 @@
#include <stdio.h>
#include <string.h>
#include "apps.h"
#include "progs.h"
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/evp.h>
@@ -18,10 +19,10 @@ typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_PASSIN, OPT_PASSOUT, OPT_ENGINE,
OPT_IN, OPT_OUT, OPT_PUBIN, OPT_PUBOUT, OPT_TEXT_PUB,
OPT_TEXT, OPT_NOOUT, OPT_MD, OPT_TRADITIONAL
OPT_TEXT, OPT_NOOUT, OPT_MD, OPT_TRADITIONAL, OPT_CHECK, OPT_PUB_CHECK
} OPTION_CHOICE;
OPTIONS pkey_options[] = {
const OPTIONS pkey_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"inform", OPT_INFORM, 'f', "Input format (DER or PEM)"},
{"outform", OPT_OUTFORM, 'F', "Output format (DER or PEM)"},
@@ -41,6 +42,8 @@ OPTIONS pkey_options[] = {
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
{"check", OPT_CHECK, '-', "Check key consistency"},
{"pubcheck", OPT_PUB_CHECK, '-', "Check public key consistency"},
{NULL}
};
@@ -55,7 +58,7 @@ int pkey_main(int argc, char **argv)
OPTION_CHOICE o;
int informat = FORMAT_PEM, outformat = FORMAT_PEM;
int pubin = 0, pubout = 0, pubtext = 0, text = 0, noout = 0, ret = 1;
int private = 0, traditional = 0;
int private = 0, traditional = 0, check = 0, pub_check = 0;
prog = opt_init(argc, argv, pkey_options);
while ((o = opt_next()) != OPT_EOF) {
@@ -110,6 +113,12 @@ int pkey_main(int argc, char **argv)
case OPT_TRADITIONAL:
traditional = 1;
break;
case OPT_CHECK:
check = 1;
break;
case OPT_PUB_CHECK:
pub_check = 1;
break;
case OPT_MD:
if (!opt_cipher(opt_unknown(), &cipher))
goto opthelp;
@@ -136,9 +145,44 @@ int pkey_main(int argc, char **argv)
pkey = load_pubkey(infile, informat, 1, passin, e, "Public Key");
else
pkey = load_key(infile, informat, 1, passin, e, "key");
if (!pkey)
if (pkey == NULL)
goto end;
if (check || pub_check) {
int r;
EVP_PKEY_CTX *ctx;
ctx = EVP_PKEY_CTX_new(pkey, e);
if (ctx == NULL) {
ERR_print_errors(bio_err);
goto end;
}
if (check)
r = EVP_PKEY_check(ctx);
else
r = EVP_PKEY_public_check(ctx);
if (r == 1) {
BIO_printf(out, "Key is valid\n");
} else {
/*
* Note: at least for RSA keys if this function returns
* -1, there will be no error reasons.
*/
unsigned long err;
BIO_printf(out, "Key is invalid\n");
while ((err = ERR_peek_error()) != 0) {
BIO_printf(out, "Detailed error: %s\n",
ERR_reason_error_string(err));
ERR_get_error(); /* remove err from error stack */
}
}
EVP_PKEY_CTX_free(ctx);
}
if (!noout) {
if (outformat == FORMAT_PEM) {
if (pubout) {
@@ -170,7 +214,6 @@ int pkey_main(int argc, char **argv)
BIO_printf(bio_err, "Bad format specified for key\n");
goto end;
}
}
if (text) {

48
apps/pkeyparam.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -10,16 +10,18 @@
#include <stdio.h>
#include <string.h>
#include "apps.h"
#include "progs.h"
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/evp.h>
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_IN, OPT_OUT, OPT_TEXT, OPT_NOOUT, OPT_ENGINE
OPT_IN, OPT_OUT, OPT_TEXT, OPT_NOOUT,
OPT_ENGINE, OPT_CHECK
} OPTION_CHOICE;
OPTIONS pkeyparam_options[] = {
const OPTIONS pkeyparam_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"in", OPT_IN, '<', "Input file"},
{"out", OPT_OUT, '>', "Output file"},
@@ -28,6 +30,7 @@ OPTIONS pkeyparam_options[] = {
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
{"check", OPT_CHECK, '-', "Check key param consistency"},
{NULL}
};
@@ -36,7 +39,7 @@ int pkeyparam_main(int argc, char **argv)
ENGINE *e = NULL;
BIO *in = NULL, *out = NULL;
EVP_PKEY *pkey = NULL;
int text = 0, noout = 0, ret = 1;
int text = 0, noout = 0, ret = 1, check = 0;
OPTION_CHOICE o;
char *infile = NULL, *outfile = NULL, *prog;
@@ -67,6 +70,9 @@ int pkeyparam_main(int argc, char **argv)
case OPT_NOOUT:
noout = 1;
break;
case OPT_CHECK:
check = 1;
break;
}
}
argc = opt_num_rest();
@@ -80,12 +86,44 @@ int pkeyparam_main(int argc, char **argv)
if (out == NULL)
goto end;
pkey = PEM_read_bio_Parameters(in, NULL);
if (!pkey) {
if (pkey == NULL) {
BIO_printf(bio_err, "Error reading parameters\n");
ERR_print_errors(bio_err);
goto end;
}
if (check) {
int r;
EVP_PKEY_CTX *ctx;
ctx = EVP_PKEY_CTX_new(pkey, e);
if (ctx == NULL) {
ERR_print_errors(bio_err);
goto end;
}
r = EVP_PKEY_param_check(ctx);
if (r == 1) {
BIO_printf(out, "Parameters are valid\n");
} else {
/*
* Note: at least for RSA keys if this function returns
* -1, there will be no error reasons.
*/
unsigned long err;
BIO_printf(out, "Parameters are invalid\n");
while ((err = ERR_peek_error()) != 0) {
BIO_printf(out, "Detailed error: %s\n",
ERR_reason_error_string(err));
ERR_get_error(); /* remove err from error stack */
}
}
EVP_PKEY_CTX_free(ctx);
}
if (!noout)
PEM_write_bio_Parameters(out, pkey);

50
apps/pkeyutl.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -8,6 +8,7 @@
*/
#include "apps.h"
#include "progs.h"
#include <string.h>
#include <openssl/err.h>
#include <openssl/pem.h>
@@ -36,10 +37,11 @@ typedef enum OPTION_choice {
OPT_PUBIN, OPT_CERTIN, OPT_ASN1PARSE, OPT_HEXDUMP, OPT_SIGN,
OPT_VERIFY, OPT_VERIFYRECOVER, OPT_REV, OPT_ENCRYPT, OPT_DECRYPT,
OPT_DERIVE, OPT_SIGFILE, OPT_INKEY, OPT_PEERKEY, OPT_PASSIN,
OPT_PEERFORM, OPT_KEYFORM, OPT_PKEYOPT, OPT_KDF, OPT_KDFLEN
OPT_PEERFORM, OPT_KEYFORM, OPT_PKEYOPT, OPT_KDF, OPT_KDFLEN,
OPT_R_ENUM
} OPTION_CHOICE;
OPTIONS pkeyutl_options[] = {
const OPTIONS pkeyutl_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"in", OPT_IN, '<', "Input file - default stdin"},
{"out", OPT_OUT, '>', "Output file - default stdout"},
@@ -64,6 +66,7 @@ OPTIONS pkeyutl_options[] = {
{"peerform", OPT_PEERFORM, 'E', "Peer key format - default PEM"},
{"keyform", OPT_KEYFORM, 'E', "Private key format - default PEM"},
{"pkeyopt", OPT_PKEYOPT, 's', "Public key options as opt:value"},
OPT_R_OPTIONS,
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
{"engine_impl", OPT_ENGINE_IMPL, '-',
@@ -133,6 +136,10 @@ int pkeyutl_main(int argc, char **argv)
if (!opt_format(opt_arg(), OPT_FMT_PDE, &keyform))
goto opthelp;
break;
case OPT_R_CASES:
if (!opt_rand(o))
goto end;
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
@@ -234,21 +241,18 @@ int pkeyutl_main(int argc, char **argv)
}
}
if (sigfile && (pkey_op != EVP_PKEY_OP_VERIFY)) {
if (sigfile != NULL && (pkey_op != EVP_PKEY_OP_VERIFY)) {
BIO_printf(bio_err,
"%s: Signature file specified for non verify\n", prog);
goto end;
}
if (!sigfile && (pkey_op == EVP_PKEY_OP_VERIFY)) {
if (sigfile == NULL && (pkey_op == EVP_PKEY_OP_VERIFY)) {
BIO_printf(bio_err,
"%s: No signature file specified for verify\n", prog);
goto end;
}
/* FIXME: seed PRNG only if needed */
app_RAND_load_file(NULL, 0);
if (pkey_op != EVP_PKEY_OP_DERIVE) {
in = bio_open_default(infile, 'r', FORMAT_BINARY);
if (in == NULL)
@@ -258,9 +262,10 @@ int pkeyutl_main(int argc, char **argv)
if (out == NULL)
goto end;
if (sigfile) {
if (sigfile != NULL) {
BIO *sigbio = BIO_new_file(sigfile, "rb");
if (!sigbio) {
if (sigbio == NULL) {
BIO_printf(bio_err, "Can't open signature file %s\n", sigfile);
goto end;
}
@@ -272,12 +277,12 @@ int pkeyutl_main(int argc, char **argv)
}
}
if (in) {
if (in != NULL) {
/* Read the input data */
buf_inlen = bio_to_mem(&buf_in, keysize * 10, in);
if (buf_inlen < 0) {
BIO_printf(bio_err, "Error reading input Data\n");
exit(1);
goto end;
}
if (rev) {
size_t i;
@@ -291,14 +296,24 @@ int pkeyutl_main(int argc, char **argv)
}
}
/* Sanity check the input */
if (buf_inlen > EVP_MAX_MD_SIZE
&& (pkey_op == EVP_PKEY_OP_SIGN
|| pkey_op == EVP_PKEY_OP_VERIFY)) {
BIO_printf(bio_err,
"Error: The input data looks too long to be a hash\n");
goto end;
}
if (pkey_op == EVP_PKEY_OP_VERIFY) {
rv = EVP_PKEY_verify(ctx, sig, (size_t)siglen,
buf_in, (size_t)buf_inlen);
if (rv == 1) {
BIO_puts(out, "Signature Verified Successfully\n");
ret = 0;
} else
} else {
BIO_puts(out, "Signature Verification Failure\n");
}
goto end;
}
if (kdflen != 0) {
@@ -328,10 +343,11 @@ int pkeyutl_main(int argc, char **argv)
if (asn1parse) {
if (!ASN1_parse_dump(out, buf_out, buf_outlen, 1, -1))
ERR_print_errors(bio_err);
} else if (hexdump)
} else if (hexdump) {
BIO_dump(out, (char *)buf_out, buf_outlen);
else
} else {
BIO_write(out, buf_out, buf_outlen);
}
end:
EVP_PKEY_CTX_free(ctx);
@@ -393,7 +409,7 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
impl = e;
#endif
if (kdfalg) {
if (kdfalg != NULL) {
int kdfnid = OBJ_sn2nid(kdfalg);
if (kdfnid == NID_undef) {
@@ -463,7 +479,7 @@ static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file,
if (peerform == FORMAT_ENGINE)
engine = e;
peer = load_pubkey(file, peerform, 0, NULL, engine, "Peer Key");
if (!peer) {
if (peer == NULL) {
BIO_printf(bio_err, "Error reading peer key %s\n", file);
ERR_print_errors(bio_err);
return 0;

5
apps/prime.c
View File

@@ -10,6 +10,7 @@
#include <string.h>
#include "apps.h"
#include "progs.h"
#include <openssl/bn.h>
typedef enum OPTION_choice {
@@ -17,7 +18,7 @@ typedef enum OPTION_choice {
OPT_HEX, OPT_GENERATE, OPT_BITS, OPT_SAFE, OPT_CHECKS
} OPTION_CHOICE;
OPTIONS prime_options[] = {
const OPTIONS prime_options[] = {
{OPT_HELP_STR, 1, '-', "Usage: %s [options] [number...]\n"},
{OPT_HELP_STR, 1, '-',
" number Number to check for primality\n"},
@@ -112,7 +113,7 @@ opthelp:
else
r = BN_dec2bn(&bn, argv[0]);
if(!r) {
if (!r) {
BIO_printf(bio_err, "Failed to process value (%s)\n", argv[0]);
goto end;
}

165
apps/progs.pl
View File

@@ -14,34 +14,36 @@ use warnings;
use lib '.';
use configdata qw/@disablables %unified_info/;
my %commands = ();
my $cmdre = qr/^\s*int\s+([a-z_][a-z0-9_]*)_main\(\s*int\s+argc\s*,/;
my %commands = ();
my $cmdre = qr/^\s*int\s+([a-z_][a-z0-9_]*)_main\(\s*int\s+argc\s*,/;
my $apps_openssl = shift @ARGV;
my $YEAR = [localtime()]->[5] + 1900;
# because the program apps/openssl has object files as sources, and
# they then have the corresponding C files as source, we need to chain
# the lookups in %unified_info
my @openssl_source =
map { @{$unified_info{sources}->{$_}} }
@{$unified_info{sources}->{$apps_openssl}};
grep { /\.o$/ }
@{$unified_info{sources}->{$apps_openssl}};
foreach my $filename (@openssl_source) {
open F, $filename or die "Couldn't open $filename: $!\n";
foreach (grep /$cmdre/, <F>) {
my @foo = /$cmdre/;
$commands{$1} = 1;
}
close F;
open F, $filename or die "Couldn't open $filename: $!\n";
foreach ( grep /$cmdre/, <F> ) {
my @foo = /$cmdre/;
$commands{$1} = 1;
}
close F;
}
@ARGV = sort keys %commands;
print <<'EOF';
print <<"EOF";
/*
* WARNING: do not edit!
* Generated by apps/progs.pl
*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-$YEAR The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -66,17 +68,15 @@ DEFINE_LHASH_OF(FUNCTION);
EOF
foreach (@ARGV) {
printf "extern int %s_main(int argc, char *argv[]);\n", $_;
printf "extern int %s_main(int argc, char *argv[]);\n", $_;
}
print "\n";
foreach (@ARGV) {
printf "extern OPTIONS %s_options[];\n", $_;
printf "extern const OPTIONS %s_options[];\n", $_;
}
print "\n";
print "\n#ifdef INCLUDE_FUNCTION_TABLE\n";
print "static FUNCTION functions[] = {\n";
my %cmd_disabler = (
ciphers => "sock",
genrsa => "rsa",
@@ -87,78 +87,95 @@ my %cmd_disabler = (
dhparam => "dh",
ecparam => "ec",
pkcs12 => "des",
);
foreach my $cmd (@ARGV) {
my $str=" { FT_general, \"$cmd\", ${cmd}_main, ${cmd}_options },\n";
if ($cmd =~ /^s_/) {
print "#ifndef OPENSSL_NO_SOCK\n${str}#endif\n";
} elsif (grep { $cmd eq $_ } @disablables) {
print "#ifndef OPENSSL_NO_".uc($cmd)."\n${str}#endif\n";
} elsif (my $disabler = $cmd_disabler{$cmd}) {
print "#ifndef OPENSSL_NO_".uc($disabler)."\n${str}#endif\n";
} else {
print $str;
}
);
print "#ifdef INCLUDE_FUNCTION_TABLE\n";
print "static FUNCTION functions[] = {\n";
foreach my $cmd ( @ARGV ) {
my $str = " {FT_general, \"$cmd\", ${cmd}_main, ${cmd}_options},\n";
if ($cmd =~ /^s_/) {
print "#ifndef OPENSSL_NO_SOCK\n${str}#endif\n";
} elsif (grep { $cmd eq $_ } @disablables) {
print "#ifndef OPENSSL_NO_" . uc($cmd) . "\n${str}#endif\n";
} elsif (my $disabler = $cmd_disabler{$cmd}) {
print "#ifndef OPENSSL_NO_" . uc($disabler) . "\n${str}#endif\n";
} else {
print $str;
}
}
my %md_disabler = (
blake2b512 => "blake2",
blake2s256 => "blake2",
);
);
foreach my $cmd (
"md2", "md4", "md5",
"gost",
"sha1", "sha224", "sha256", "sha384", "sha512",
"mdc2", "rmd160", "blake2b512", "blake2s256"
"md2", "md4", "md5",
"gost",
"sha1", "sha224", "sha256", "sha384",
"sha512", "sha512-224", "sha512-256",
"sha3-224", "sha3-256", "sha3-384", "sha3-512",
"shake128", "shake256",
"mdc2", "rmd160", "blake2b512", "blake2s256",
"sm3"
) {
my $str = " { FT_md, \"".$cmd."\", dgst_main},\n";
if (grep { $cmd eq $_ } @disablables) {
print "#ifndef OPENSSL_NO_".uc($cmd)."\n${str}#endif\n";
} elsif (my $disabler = $md_disabler{$cmd}) {
print "#ifndef OPENSSL_NO_".uc($disabler)."\n${str}#endif\n";
} else {
print $str;
}
my $str = " {FT_md, \"$cmd\", dgst_main},\n";
if (grep { $cmd eq $_ } @disablables) {
print "#ifndef OPENSSL_NO_" . uc($cmd) . "\n${str}#endif\n";
} elsif (my $disabler = $md_disabler{$cmd}) {
print "#ifndef OPENSSL_NO_" . uc($disabler) . "\n${str}#endif\n";
} else {
print $str;
}
}
my %cipher_disabler = (
des3 => "des",
desx => "des",
cast5 => "cast",
);
);
foreach my $cmd (
"aes-128-cbc", "aes-128-ecb",
"aes-192-cbc", "aes-192-ecb",
"aes-256-cbc", "aes-256-ecb",
"camellia-128-cbc", "camellia-128-ecb",
"camellia-192-cbc", "camellia-192-ecb",
"camellia-256-cbc", "camellia-256-ecb",
"base64", "zlib",
"des", "des3", "desx", "idea", "seed", "rc4", "rc4-40",
"rc2", "bf", "cast", "rc5",
"des-ecb", "des-ede", "des-ede3",
"des-cbc", "des-ede-cbc","des-ede3-cbc",
"des-cfb", "des-ede-cfb","des-ede3-cfb",
"des-ofb", "des-ede-ofb","des-ede3-ofb",
"idea-cbc","idea-ecb", "idea-cfb", "idea-ofb",
"seed-cbc","seed-ecb", "seed-cfb", "seed-ofb",
"rc2-cbc", "rc2-ecb", "rc2-cfb","rc2-ofb", "rc2-64-cbc", "rc2-40-cbc",
"bf-cbc", "bf-ecb", "bf-cfb", "bf-ofb",
"cast5-cbc","cast5-ecb", "cast5-cfb","cast5-ofb",
"cast-cbc", "rc5-cbc", "rc5-ecb", "rc5-cfb", "rc5-ofb"
"aes-128-cbc", "aes-128-ecb",
"aes-192-cbc", "aes-192-ecb",
"aes-256-cbc", "aes-256-ecb",
"aria-128-cbc", "aria-128-cfb",
"aria-128-ctr", "aria-128-ecb", "aria-128-ofb",
"aria-128-cfb1", "aria-128-cfb8",
"aria-192-cbc", "aria-192-cfb",
"aria-192-ctr", "aria-192-ecb", "aria-192-ofb",
"aria-192-cfb1", "aria-192-cfb8",
"aria-256-cbc", "aria-256-cfb",
"aria-256-ctr", "aria-256-ecb", "aria-256-ofb",
"aria-256-cfb1", "aria-256-cfb8",
"camellia-128-cbc", "camellia-128-ecb",
"camellia-192-cbc", "camellia-192-ecb",
"camellia-256-cbc", "camellia-256-ecb",
"base64", "zlib",
"des", "des3", "desx", "idea", "seed", "rc4", "rc4-40",
"rc2", "bf", "cast", "rc5",
"des-ecb", "des-ede", "des-ede3",
"des-cbc", "des-ede-cbc","des-ede3-cbc",
"des-cfb", "des-ede-cfb","des-ede3-cfb",
"des-ofb", "des-ede-ofb","des-ede3-ofb",
"idea-cbc","idea-ecb", "idea-cfb", "idea-ofb",
"seed-cbc","seed-ecb", "seed-cfb", "seed-ofb",
"rc2-cbc", "rc2-ecb", "rc2-cfb","rc2-ofb", "rc2-64-cbc", "rc2-40-cbc",
"bf-cbc", "bf-ecb", "bf-cfb", "bf-ofb",
"cast5-cbc","cast5-ecb", "cast5-cfb","cast5-ofb",
"cast-cbc", "rc5-cbc", "rc5-ecb", "rc5-cfb", "rc5-ofb",
"sm4-cbc", "sm4-ecb", "sm4-cfb", "sm4-ofb", "sm4-ctr"
) {
my $str=" { FT_cipher, \"$cmd\", enc_main, enc_options },\n";
(my $algo= $cmd) =~ s/-.*//g;
if ($cmd eq "zlib") {
print "#ifdef ZLIB\n${str}#endif\n";
} elsif (grep { $algo eq $_ } @disablables) {
print "#ifndef OPENSSL_NO_".uc($algo)."\n${str}#endif\n";
} elsif (my $disabler = $cipher_disabler{$algo}) {
print "#ifndef OPENSSL_NO_".uc($disabler)."\n${str}#endif\n";
} else {
print $str;
}
my $str = " {FT_cipher, \"$cmd\", enc_main, enc_options},\n";
(my $algo = $cmd) =~ s/-.*//g;
if ($cmd eq "zlib") {
print "#ifdef ZLIB\n${str}#endif\n";
} elsif (grep { $algo eq $_ } @disablables) {
print "#ifndef OPENSSL_NO_" . uc($algo) . "\n${str}#endif\n";
} elsif (my $disabler = $cipher_disabler{$algo}) {
print "#ifndef OPENSSL_NO_" . uc($disabler) . "\n${str}#endif\n";
} else {
print $str;
}
}
print " { 0, NULL, NULL}\n};\n";
print " {0, NULL, NULL}\n};\n";
print "#endif\n";

25
apps/rand.c
View File

@@ -8,6 +8,7 @@
*/
#include "apps.h"
#include "progs.h"
#include <ctype.h>
#include <stdio.h>
@@ -19,16 +20,16 @@
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_OUT, OPT_ENGINE, OPT_RAND, OPT_BASE64, OPT_HEX
OPT_OUT, OPT_ENGINE, OPT_BASE64, OPT_HEX,
OPT_R_ENUM
} OPTION_CHOICE;
OPTIONS rand_options[] = {
const OPTIONS rand_options[] = {
{OPT_HELP_STR, 1, '-', "Usage: %s [flags] num\n"},
{OPT_HELP_STR, 1, '-', "Valid options are:\n"},
{"help", OPT_HELP, '-', "Display this summary"},
{"out", OPT_OUT, '>', "Output file"},
{"rand", OPT_RAND, 's',
"Load the file(s) into the random number generator"},
OPT_R_OPTIONS,
{"base64", OPT_BASE64, '-', "Base64 encode output"},
{"hex", OPT_HEX, '-', "Hex encode output"},
#ifndef OPENSSL_NO_ENGINE
@@ -41,7 +42,7 @@ int rand_main(int argc, char **argv)
{
ENGINE *e = NULL;
BIO *out = NULL;
char *inrand = NULL, *outfile = NULL, *prog;
char *outfile = NULL, *prog;
OPTION_CHOICE o;
int format = FORMAT_BINARY, i, num = -1, r, ret = 1;
@@ -63,8 +64,9 @@ int rand_main(int argc, char **argv)
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_RAND:
inrand = opt_arg();
case OPT_R_CASES:
if (!opt_rand(o))
goto end;
break;
case OPT_BASE64:
format = FORMAT_BASE64;
@@ -84,11 +86,6 @@ int rand_main(int argc, char **argv)
goto opthelp;
}
app_RAND_load_file(NULL, (inrand != NULL));
if (inrand != NULL)
BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
app_RAND_load_files(inrand));
out = bio_open_default(outfile, 'w', format);
if (out == NULL)
goto end;
@@ -122,7 +119,7 @@ int rand_main(int argc, char **argv)
}
if (format == FORMAT_TEXT)
BIO_puts(out, "\n");
if (BIO_flush(out) <= 0 || !app_RAND_write_file(NULL))
if (BIO_flush(out) <= 0)
goto end;
ret = 0;
@@ -132,5 +129,5 @@ int rand_main(int argc, char **argv)
ERR_print_errors(bio_err);
release_engine(e);
BIO_free_all(out);
return (ret);
return ret;
}

91
apps/rehash.c
View File

@@ -1,5 +1,6 @@
/*
* Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2013-2014 Timo Teräs <timo.teras@gmail.com>
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -7,13 +8,8 @@
* https://www.openssl.org/source/license.html
*/
/*
* C implementation based on the original Perl and shell versions
*
* Copyright (c) 2013-2014 Timo Teräs <timo.teras@iki.fi>
*/
#include "apps.h"
#include "progs.h"
#if defined(OPENSSL_SYS_UNIX) || defined(__APPLE__) || \
(defined(__VMS) && defined(__DECC) && __CRTL_VER >= 80300000)
@@ -55,6 +51,26 @@
# endif
# define MAX_COLLISIONS 256
# if defined(OPENSSL_SYS_VXWORKS)
/*
* VxWorks has no symbolic links
*/
# define lstat(path, buf) stat(path, buf)
int symlink(const char *target, const char *linkpath)
{
errno = ENOSYS;
return -1;
}
ssize_t readlink(const char *pathname, char *buf, size_t bufsiz)
{
errno = ENOSYS;
return -1;
}
# endif
typedef struct hentry_st {
struct hentry_st *next;
char *filename;
@@ -255,19 +271,27 @@ static int do_file(const char *filename, const char *fullpath, enum Hash h)
goto end;
}
x = sk_X509_INFO_value(inf, 0);
if (x->x509) {
if (x->x509 != NULL) {
type = TYPE_CERT;
name = X509_get_subject_name(x->x509);
X509_digest(x->x509, evpmd, digest, NULL);
} else if (x->crl) {
if (!X509_digest(x->x509, evpmd, digest, NULL)) {
BIO_printf(bio_err, "out of memory\n");
++errs;
goto end;
}
} else if (x->crl != NULL) {
type = TYPE_CRL;
name = X509_CRL_get_issuer(x->crl);
X509_CRL_digest(x->crl, evpmd, digest, NULL);
if (!X509_CRL_digest(x->crl, evpmd, digest, NULL)) {
BIO_printf(bio_err, "out of memory\n");
++errs;
goto end;
}
} else {
++errs;
goto end;
}
if (name) {
if (name != NULL) {
if ((h == HASH_NEW) || (h == HASH_BOTH))
errs += add_entry(type, X509_NAME_hash(name), filename, digest, 1, ~0);
if ((h == HASH_OLD) || (h == HASH_BOTH))
@@ -298,24 +322,6 @@ static int ends_with_dirsep(const char *path)
return *path == '/';
}
static int massage_filename(char *name)
{
# ifdef __VMS
char *p = strchr(name, ';');
char *q = p;
if (q != NULL) {
for (q++; *q != '\0'; q++) {
if (!isdigit((unsigned char)*q))
return 1;
}
}
*p = '\0';
# endif
return 1;
}
/*
* Process a directory; return number of errors found.
*/
@@ -330,7 +336,7 @@ static int do_dir(const char *dirname, enum Hash h)
size_t i;
const char *pathsep;
const char *filename;
char *buf, *copy;
char *buf, *copy = NULL;
STACK_OF(OPENSSL_STRING) *files = NULL;
if (app_access(dirname, W_OK) < 0) {
@@ -347,14 +353,16 @@ static int do_dir(const char *dirname, enum Hash h)
if ((files = sk_OPENSSL_STRING_new_null()) == NULL) {
BIO_printf(bio_err, "Skipping %s, out of memory\n", dirname);
exit(1);
errs = 1;
goto err;
}
while ((filename = OPENSSL_DIR_read(&d, dirname)) != NULL) {
if ((copy = strdup(filename)) == NULL
|| !massage_filename(copy)
if ((copy = OPENSSL_strdup(filename)) == NULL
|| sk_OPENSSL_STRING_push(files, copy) == 0) {
OPENSSL_free(copy);
BIO_puts(bio_err, "out of memory\n");
exit(1);
errs = 1;
goto err;
}
}
OPENSSL_DIR_end(&d);
@@ -372,7 +380,6 @@ static int do_dir(const char *dirname, enum Hash h)
continue;
errs += do_file(filename, buf, h);
}
sk_OPENSSL_STRING_pop_free(files, str_free);
for (i = 0; i < OSSL_NELEM(hash_table); i++) {
for (bp = hash_table[i]; bp; bp = nextbp) {
@@ -440,6 +447,8 @@ static int do_dir(const char *dirname, enum Hash h)
hash_table[i] = NULL;
}
err:
sk_OPENSSL_STRING_pop_free(files, str_free);
OPENSSL_free(buf);
return errs;
}
@@ -449,7 +458,7 @@ typedef enum OPTION_choice {
OPT_COMPAT, OPT_OLD, OPT_N, OPT_VERBOSE
} OPTION_CHOICE;
OPTIONS rehash_options[] = {
const OPTIONS rehash_options[] = {
{OPT_HELP_STR, 1, '-', "Usage: %s [options] [cert-directory...]\n"},
{OPT_HELP_STR, 1, '-', "Valid options are:\n"},
{"help", OPT_HELP, '-', "Display this summary"},
@@ -500,8 +509,8 @@ int rehash_main(int argc, char **argv)
evpmd = EVP_sha1();
evpmdsize = EVP_MD_size(evpmd);
if (*argv) {
while (*argv)
if (*argv != NULL) {
while (*argv != NULL)
errs += do_dir(*argv++, h);
} else if ((env = getenv(X509_get_default_cert_dir_env())) != NULL) {
char lsc[2] = { LIST_SEPARATOR_CHAR, '\0' };
@@ -518,14 +527,14 @@ int rehash_main(int argc, char **argv)
}
#else
OPTIONS rehash_options[] = {
const OPTIONS rehash_options[] = {
{NULL}
};
int rehash_main(int argc, char **argv)
{
BIO_printf(bio_err, "Not available; use c_rehash script\n");
return (1);
return 1;
}
#endif /* defined(OPENSSL_SYS_UNIX) || defined(__APPLE__) */

528
apps/req.c
View File

File diff suppressed because it is too large Load Diff

87
apps/rsa.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -8,22 +8,19 @@
*/
#include <openssl/opensslconf.h>
#ifdef OPENSSL_NO_RSA
NON_EMPTY_TRANSLATION_UNIT
#else
# include <stdio.h>
# include <stdlib.h>
# include <string.h>
# include <time.h>
# include "apps.h"
# include <openssl/bio.h>
# include <openssl/err.h>
# include <openssl/rsa.h>
# include <openssl/evp.h>
# include <openssl/x509.h>
# include <openssl/pem.h>
# include <openssl/bn.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include "apps.h"
#include "progs.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/bn.h>
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
@@ -35,10 +32,10 @@ typedef enum OPTION_choice {
OPT_NOOUT, OPT_TEXT, OPT_MODULUS, OPT_CHECK, OPT_CIPHER
} OPTION_CHOICE;
OPTIONS rsa_options[] = {
const OPTIONS rsa_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"inform", OPT_INFORM, 'f', "Input format, one of DER NET PEM"},
{"outform", OPT_OUTFORM, 'f', "Output format, one of DER NET PEM PVK"},
{"inform", OPT_INFORM, 'f', "Input format, one of DER PEM"},
{"outform", OPT_OUTFORM, 'f', "Output format, one of DER PEM PVK"},
{"in", OPT_IN, 's', "Input file"},
{"out", OPT_OUT, '>', "Output file"},
{"pubin", OPT_PUBIN, '-', "Expect a public key in input file"},
@@ -52,14 +49,14 @@ OPTIONS rsa_options[] = {
{"modulus", OPT_MODULUS, '-', "Print the RSA key modulus"},
{"check", OPT_CHECK, '-', "Verify key consistency"},
{"", OPT_CIPHER, '-', "Any supported cipher"},
# if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
{"pvk-strong", OPT_PVK_STRONG, '-', "Enable 'Strong' PVK encoding level (default)"},
{"pvk-weak", OPT_PVK_WEAK, '-', "Enable 'Weak' PVK encoding level"},
{"pvk-none", OPT_PVK_NONE, '-', "Don't enforce PVK encoding"},
# endif
# ifndef OPENSSL_NO_ENGINE
#endif
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
# endif
#endif
{NULL}
};
@@ -74,9 +71,9 @@ int rsa_main(int argc, char **argv)
int i, private = 0;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, check = 0;
int noout = 0, modulus = 0, pubin = 0, pubout = 0, ret = 1;
# if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
int pvk_encr = 2;
# endif
#endif
OPTION_CHOICE o;
prog = opt_init(argc, argv, rsa_options);
@@ -129,9 +126,9 @@ int rsa_main(int argc, char **argv)
case OPT_PVK_STRONG: /* pvk_encr:= 2 */
case OPT_PVK_WEAK: /* pvk_encr:= 1 */
case OPT_PVK_NONE: /* pvk_encr:= 0 */
# if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
pvk_encr = (o - OPT_PVK_NONE);
# endif
#endif
break;
case OPT_NOOUT:
noout = 1;
@@ -176,12 +173,14 @@ int rsa_main(int argc, char **argv)
tmpformat = FORMAT_PEMRSA;
else if (informat == FORMAT_ASN1)
tmpformat = FORMAT_ASN1RSA;
} else
} else {
tmpformat = informat;
}
pkey = load_pubkey(infile, tmpformat, 1, passin, e, "Public Key");
} else
} else {
pkey = load_key(infile, informat, 1, passin, e, "Private Key");
}
if (pkey != NULL)
rsa = EVP_PKEY_get1_RSA(pkey);
@@ -217,9 +216,9 @@ int rsa_main(int argc, char **argv)
if (check) {
int r = RSA_check_key_ex(rsa, NULL);
if (r == 1)
if (r == 1) {
BIO_printf(out, "RSA key ok\n");
else if (r == 0) {
} else if (r == 0) {
unsigned long err;
while ((err = ERR_peek_error()) != 0 &&
@@ -228,7 +227,7 @@ int rsa_main(int argc, char **argv)
ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE) {
BIO_printf(out, "RSA key error: %s\n",
ERR_reason_error_string(err));
ERR_get_error(); /* remove e from error stack */
ERR_get_error(); /* remove err from error stack */
}
} else if (r == -1) {
ERR_print_errors(bio_err);
@@ -251,8 +250,7 @@ int rsa_main(int argc, char **argv)
assert(private);
i = i2d_RSAPrivateKey_bio(out, rsa);
}
}
else if (outformat == FORMAT_PEM) {
} else if (outformat == FORMAT_PEM) {
if (pubout || pubin) {
if (pubout == 2)
i = PEM_write_bio_RSAPublicKey(out, rsa);
@@ -263,10 +261,13 @@ int rsa_main(int argc, char **argv)
i = PEM_write_bio_RSAPrivateKey(out, rsa,
enc, NULL, 0, NULL, passout);
}
# ifndef OPENSSL_NO_DSA
#ifndef OPENSSL_NO_DSA
} else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
EVP_PKEY *pk;
pk = EVP_PKEY_new();
if (pk == NULL)
goto end;
EVP_PKEY_set1_RSA(pk, rsa);
if (outformat == FORMAT_PVK) {
if (pubin) {
@@ -275,13 +276,13 @@ int rsa_main(int argc, char **argv)
goto end;
}
assert(private);
# ifdef OPENSSL_NO_RC4
# ifdef OPENSSL_NO_RC4
BIO_printf(bio_err, "PVK format not supported\n");
EVP_PKEY_free(pk);
goto end;
# else
# else
i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout);
# endif
# endif
} else if (pubin || pubout) {
i = i2b_PublicKey_bio(out, pk);
} else {
@@ -289,7 +290,7 @@ int rsa_main(int argc, char **argv)
i = i2b_PrivateKey_bio(out, pk);
}
EVP_PKEY_free(pk);
# endif
#endif
} else {
BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end;
@@ -297,14 +298,14 @@ int rsa_main(int argc, char **argv)
if (i <= 0) {
BIO_printf(bio_err, "unable to write key\n");
ERR_print_errors(bio_err);
} else
} else {
ret = 0;
}
end:
release_engine(e);
BIO_free_all(out);
RSA_free(rsa);
OPENSSL_free(passin);
OPENSSL_free(passout);
return (ret);
return ret;
}
#endif

4
apps/rsa8192.pem
View File

@@ -1,5 +1,4 @@
-----BEGIN RSA PRIVATE KEY-----
MIISKAIBAAKCBAEAiQ2f1X6Bte1DKD0OoCBKEikzPW+5w3oXk3WwnE97Wxzy6wJZ
ebbZC3CZKKBnJeBMrysPf+lK+9+fP6Vm8bp1wvbcSIA59BDrX6irFSuM/bdnkbuF
MFlDjt+uVrxwoyqfPi2IPot1HQg3l5mdyBqcTWvbOnU2L9HZxJfPUCjfzdTMPrMY
@@ -62,7 +61,7 @@ JH1/Qx7C/mTAMRsN5SkOthnGq0djCNWfPv/3JV0H67Uf5krFlnwLebrgfTYoPPdo
yO7iBUNJzv6Qh22malLp4P8gzACkD7DGlSTnoB5cLwcjmDGg+i9WrUBbOiVTeQfZ
kOj1o+Tz35ndpq/DDUVlqliB9krcxva+QHeJPH53EGI+YVg1nD+s/vUDZ3mQMGX9
DQou2L8uU6RnWNv/BihGcL8QvS4Ty6QyPOUPpD3zc70JQAEcQk9BxQNaELgJX0IN
22cYn22tYvElew9G41OpDqzBRcfbdJmKXQ2HcroShutYJQRGUpAXHk24fy6JVkIU
2cYUn22tYvElew9G41OpDqzBRcfbdJmKXQ2HcroShutYJQRGUpAXHk24fy6JVkIU
ojF5U6cwextMja1ZIIZgh9eugIRUeIE7319nQNDzuXWjRCcoBLA25P7wnpHWDRpz
D9ovXCIvdja74lL5psqobV6L5+fbLPkSgXoImKR0LQKCAgAIC9Jk8kxumCyIVGCP
PeM5Uby9M3GMuKrfYsn0Y5e97+kSJF1dpojTodBgR2KQar6eVrvXt+8uZCcIjfx8
@@ -98,4 +97,3 @@ TwEgE67iOb2iIoUpon/NyP4LesMzvdpsu2JFlfz13PmmQ34mFI7tWvOb3NA5DP3c
rMlMLtKfp2w8HlMZpsUlToNCx6CI+tJrohzcs3BAVAbjFAXRKWGijB1rxwyDdHPv
I+/wJTNaRNPQ1M0SwtEL/zJd21y3KSPn4eL+GP3efhlDSjtlDvZqkdAUsU8=
-----END RSA PRIVATE KEY-----

59
apps/rsautl.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -8,34 +8,32 @@
*/
#include <openssl/opensslconf.h>
#ifdef OPENSSL_NO_RSA
NON_EMPTY_TRANSLATION_UNIT
#else
#include "apps.h"
#include "progs.h"
#include <string.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/rsa.h>
# include "apps.h"
# include <string.h>
# include <openssl/err.h>
# include <openssl/pem.h>
# include <openssl/rsa.h>
#define RSA_SIGN 1
#define RSA_VERIFY 2
#define RSA_ENCRYPT 3
#define RSA_DECRYPT 4
# define RSA_SIGN 1
# define RSA_VERIFY 2
# define RSA_ENCRYPT 3
# define RSA_DECRYPT 4
# define KEY_PRIVKEY 1
# define KEY_PUBKEY 2
# define KEY_CERT 3
#define KEY_PRIVKEY 1
#define KEY_PUBKEY 2
#define KEY_CERT 3
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_ENGINE, OPT_IN, OPT_OUT, OPT_ASN1PARSE, OPT_HEXDUMP,
OPT_RAW, OPT_OAEP, OPT_SSL, OPT_PKCS, OPT_X931,
OPT_SIGN, OPT_VERIFY, OPT_REV, OPT_ENCRYPT, OPT_DECRYPT,
OPT_PUBIN, OPT_CERTIN, OPT_INKEY, OPT_PASSIN, OPT_KEYFORM
OPT_PUBIN, OPT_CERTIN, OPT_INKEY, OPT_PASSIN, OPT_KEYFORM,
OPT_R_ENUM
} OPTION_CHOICE;
OPTIONS rsautl_options[] = {
const OPTIONS rsautl_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"in", OPT_IN, '<', "Input file"},
{"out", OPT_OUT, '>', "Output file"},
@@ -57,9 +55,10 @@ OPTIONS rsautl_options[] = {
{"encrypt", OPT_ENCRYPT, '-', "Encrypt with public key"},
{"decrypt", OPT_DECRYPT, '-', "Decrypt with private key"},
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
# ifndef OPENSSL_NO_ENGINE
OPT_R_OPTIONS,
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
# endif
#endif
{NULL}
};
@@ -153,6 +152,10 @@ int rsautl_main(int argc, char **argv)
case OPT_PASSIN:
passinarg = opt_arg();
break;
case OPT_R_CASES:
if (!opt_rand(o))
goto end;
break;
}
}
argc = opt_num_rest();
@@ -169,9 +172,6 @@ int rsautl_main(int argc, char **argv)
goto end;
}
/* FIXME: seed PRNG only if needed */
app_RAND_load_file(NULL, 0);
switch (key_type) {
case KEY_PRIVKEY:
pkey = load_key(keyfile, keyformat, 0, passin, e, "Private Key");
@@ -190,14 +190,13 @@ int rsautl_main(int argc, char **argv)
break;
}
if (!pkey) {
if (pkey == NULL)
return 1;
}
rsa = EVP_PKEY_get1_RSA(pkey);
EVP_PKEY_free(pkey);
if (!rsa) {
if (rsa == NULL) {
BIO_printf(bio_err, "Error getting RSA key\n");
ERR_print_errors(bio_err);
goto end;
@@ -261,10 +260,11 @@ int rsautl_main(int argc, char **argv)
if (!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) {
ERR_print_errors(bio_err);
}
} else if (hexdump)
} else if (hexdump) {
BIO_dump(out, (char *)rsa_out, rsa_outlen);
else
} else {
BIO_write(out, rsa_out, rsa_outlen);
}
end:
RSA_free(rsa);
release_engine(e);
@@ -275,4 +275,3 @@ int rsautl_main(int argc, char **argv)
OPENSSL_free(passin);
return ret;
}
#endif

69
apps/s_apps.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -9,79 +9,54 @@
#include <openssl/opensslconf.h>
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
# include <conio.h>
#endif
#if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32)
# define _kbhit kbhit
#endif
#if defined(OPENSSL_SYS_VMS) && !defined(FD_SET)
/*
* VAX C does not defined fd_set and friends, but it's actually quite simple
*/
/* These definitions are borrowed from SOCKETSHR. /Richard Levitte */
# define MAX_NOFILE 32
# define NBBY 8 /* number of bits in a byte */
# ifndef FD_SETSIZE
# define FD_SETSIZE MAX_NOFILE
# endif /* FD_SETSIZE */
/* How many things we'll allow select to use. 0 if unlimited */
# define MAXSELFD MAX_NOFILE
typedef int fd_mask; /* int here! VMS prototypes int, not long */
# define NFDBITS (sizeof(fd_mask) * NBBY)/* bits per mask (power of 2!) */
# define NFDSHIFT 5 /* Shift based on above */
typedef fd_mask fd_set;
# define FD_SET(n, p) (*(p) |= (1 << ((n) % NFDBITS)))
# define FD_CLR(n, p) (*(p) &= ~(1 << ((n) % NFDBITS)))
# define FD_ISSET(n, p) (*(p) & (1 << ((n) % NFDBITS)))
# define FD_ZERO(p) memset((p), 0, sizeof(*(p)))
#endif
#include <openssl/ssl.h>
#define PORT "4433"
#define PROTOCOL "tcp"
typedef int (*do_server_cb)(int s, int stype, unsigned char *context);
typedef int (*do_server_cb)(int s, int stype, int prot, unsigned char *context);
int do_server(int *accept_sock, const char *host, const char *port,
int family, int type,
do_server_cb cb,
unsigned char *context, int naccept);
#ifdef HEADER_X509_H
int family, int type, int protocol, do_server_cb cb,
unsigned char *context, int naccept, BIO *bio_s_out);
int verify_callback(int ok, X509_STORE_CTX *ctx);
#endif
#ifdef HEADER_SSL_H
int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
STACK_OF(X509) *chain, int build_chain);
int ssl_print_sigalgs(BIO *out, SSL *s);
int ssl_print_point_formats(BIO *out, SSL *s);
int ssl_print_curves(BIO *out, SSL *s, int noshared);
#endif
int ssl_print_groups(BIO *out, SSL *s, int noshared);
int ssl_print_tmp_key(BIO *out, SSL *s);
int init_client(int *sock, const char *host, const char *port,
int family, int type);
const char *bindhost, const char *bindport,
int family, int type, int protocol);
int should_retry(int i);
long bio_dump_callback(BIO *bio, int cmd, const char *argp,
int argi, long argl, long ret);
#ifdef HEADER_SSL_H
void apps_ssl_info_callback(const SSL *s, int where, int ret);
void msg_cb(int write_p, int version, int content_type, const void *buf,
size_t len, SSL *ssl, void *arg);
void tlsext_cb(SSL *s, int client_server, int type, const unsigned char *data,
int len, void *arg);
#endif
int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
unsigned int *cookie_len);
int verify_cookie_callback(SSL *ssl, const unsigned char *cookie,
unsigned int cookie_len);
#ifdef __VMS /* 31 char symbol name limit */
# define generate_stateless_cookie_callback generate_stateless_cookie_cb
# define verify_stateless_cookie_callback verify_stateless_cookie_cb
#endif
int generate_stateless_cookie_callback(SSL *ssl, unsigned char *cookie,
size_t *cookie_len);
int verify_stateless_cookie_callback(SSL *ssl, const unsigned char *cookie,
size_t cookie_len);
typedef struct ssl_excert_st SSL_EXCERT;
void ssl_ctx_set_excert(SSL_CTX *ctx, SSL_EXCERT *exc);
@@ -90,7 +65,6 @@ int args_excert(int option, SSL_EXCERT **pexc);
int load_excert(SSL_EXCERT **pexc);
void print_verify_detail(SSL *s, BIO *bio);
void print_ssl_summary(SSL *s);
#ifdef HEADER_SSL_H
int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str, SSL_CTX *ctx);
int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls,
int crl_download);
@@ -99,4 +73,5 @@ int ssl_load_stores(SSL_CTX *ctx, const char *vfyCApath,
const char *chCAfile, STACK_OF(X509_CRL) *crls,
int crl_download);
void ssl_ctx_security_debug(SSL_CTX *ctx, int verbose);
#endif
int set_keylog_file(SSL_CTX *ctx, const char *keylog_file);
void print_ca_names(BIO *bio, SSL *s);

Some files were not shown because too many files have changed in this diff Show More