ag/cpython-source-deps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: ag:openssl-1.1.1l
Branches Tags
ag:master ag:tcl ag:tk ag:sqlite ag:libffi ag:openssl-1.1.1 ag:bzip2 ag:openssl-1.0.2 ag:openssl ag:tk85 ag:tcl85 ag:zlib ag:bsddb ag:xz ag:tix
ag:tcl-core-8.6.12.0 ag:tk-8.6.12.0 ag:sqlite-3.36.0.0 ag:libffi-3.4.2 ag:openssl-1.1.1l ag:bzip2-1.0.8 ag:sqlite-3.35.5.0 ag:sqlite-3.35.0.0 ag:tk-8.6.11.1 ag:tk-8.6.11.0 ag:tcl-core-8.6.11.1 ag:tcl-core-8.6.11.0 ag:openssl-1.1.1k ag:sqlite-3.34.0.0 ag:openssl-1.1.1i ag:sqlite-3.33.0.0 ag:tk-8.6.10.0 ag:tk-8.6.10 ag:tcl-core-8.6.10.0 ag:sqlite-3.32.3.0 ag:openssl-1.1.1g ag:sqlite-3.32.2.0 ag:sqlite-3.32.1.0 ag:openssl-1.1.1f ag:sqlite-3.31.1.0 ag:sqlite-3.30.1.0 ag:libffi-3.3.0 ag:openssl-1.0.2t ag:openssl-1.1.0l ag:openssl-1.1.1d ag:sqlite-3.28.0.0 ag:openssl-1.0.2s ag:openssl-1.1.1c ag:openssl-1.1.1b ag:libffi-3.3.0-rc0-r1 ag:openssl-1.1.1a ag:tcl-core-8.6.9.0 ag:tk-8.6.9.0 ag:openssl-1.1.0j ag:openssl-1.0.2q ag:openssl-1.0.2p ag:openssl-1.1.0i ag:openssl-1.1.0h ag:openssl-1.0.2o ag:tcl-core-8.6.8.0 ag:tk-8.6.8.0 ag:tk-8.5.19.0 ag:tcl-8.5.19.0 ag:sqlite-3.21.0.0 ag:openssl-1.1.0f ag:zlib-1.2.11 ag:tk-8.5.15.0 ag:tcl-8.5.15.0 ag:bsddb-4.7.25.0 ag:xz-5.2.2 ag:tix-8.4.3.6 ag:tix-8.4.3.5 ag:sqlite-3.14.2.0 ag:tk-8.6.6.0 ag:tcl-core-8.6.6.0 ag:openssl-1.0.2k ag:bzip2-1.0.6
..
compare: ag:xz-5.2.2
Branches Tags
ag:tcl ag:tk ag:sqlite ag:master ag:libffi ag:openssl-1.1.1 ag:bzip2 ag:openssl-1.0.2 ag:openssl ag:tk85 ag:tcl85 ag:zlib ag:bsddb ag:xz ag:tix
ag:tcl-core-8.6.12.0 ag:tk-8.6.12.0 ag:sqlite-3.36.0.0 ag:libffi-3.4.2 ag:openssl-1.1.1l ag:bzip2-1.0.8 ag:sqlite-3.35.5.0 ag:sqlite-3.35.0.0 ag:tk-8.6.11.1 ag:tk-8.6.11.0 ag:tcl-core-8.6.11.1 ag:tcl-core-8.6.11.0 ag:openssl-1.1.1k ag:sqlite-3.34.0.0 ag:openssl-1.1.1i ag:sqlite-3.33.0.0 ag:tk-8.6.10.0 ag:tk-8.6.10 ag:tcl-core-8.6.10.0 ag:sqlite-3.32.3.0 ag:openssl-1.1.1g ag:sqlite-3.32.2.0 ag:sqlite-3.32.1.0 ag:openssl-1.1.1f ag:sqlite-3.31.1.0 ag:sqlite-3.30.1.0 ag:libffi-3.3.0 ag:openssl-1.0.2t ag:openssl-1.1.0l ag:openssl-1.1.1d ag:sqlite-3.28.0.0 ag:openssl-1.0.2s ag:openssl-1.1.1c ag:openssl-1.1.1b ag:libffi-3.3.0-rc0-r1 ag:openssl-1.1.1a ag:tcl-core-8.6.9.0 ag:tk-8.6.9.0 ag:openssl-1.1.0j ag:openssl-1.0.2q ag:openssl-1.0.2p ag:openssl-1.1.0i ag:openssl-1.1.0h ag:openssl-1.0.2o ag:tcl-core-8.6.8.0 ag:tk-8.6.8.0 ag:tk-8.5.19.0 ag:tcl-8.5.19.0 ag:sqlite-3.21.0.0 ag:openssl-1.1.0f ag:zlib-1.2.11 ag:tk-8.5.15.0 ag:tcl-8.5.15.0 ag:bsddb-4.7.25.0 ag:xz-5.2.2 ag:tix-8.4.3.6 ag:tix-8.4.3.5 ag:sqlite-3.14.2.0 ag:tk-8.6.6.0 ag:tcl-core-8.6.6.0 ag:openssl-1.0.2k ag:bzip2-1.0.6

1 Commits
openssl-1. ... xz-5.2.2

Author SHA1 Message Date
Zachary Ware
60cae1c5a1 Import xz 5.2.2 (as of svn r86089) 2017-05-22 16:21:28 -05:00
3535 changed files with 147201 additions and 1097402 deletions
Expand all files Collapse all files

1327
ABOUT-NLS Normal file
View File

File diff suppressed because it is too large Load Diff

2
ACKNOWLEDGEMENTS
View File

@@ -1,2 +0,0 @@
Please https://www.openssl.org/community/thanks.html for the current
acknowledgements.

67
AUTHORS
View File

@@ -1,42 +1,27 @@
# This is the list of OpenSSL authors for copyright purposes.
#
# This does not necessarily list everyone who has contributed code, since in
# some cases, their employer may be the copyright holder. To see the full list
# of contributors, see the revision history in source control.
OpenSSL Software Services, Inc.
OpenSSL Software Foundation, Inc.
# Individuals Authors of XZ Utils
Andy Polyakov ===================
Ben Laurie
Ben Kaduk XZ Utils is developed and maintained by Lasse Collin
Bernd Edlinger <lasse.collin@tukaani.org>.
Bodo Möller
David Benjamin Major parts of liblzma are based on code written by Igor Pavlov,
David von Oheimb specifically the LZMA SDK <http://7-zip.org/sdk.html>. Without
Dmitry Belyavskiy (Дмитрий Белявский) this code, XZ Utils wouldn't exist.
Emilia Käsper
Eric Young The SHA-256 implementation in liblzma is based on the code found from
Geoff Thorpe 7-Zip <http://7-zip.org/>, which has a modified version of the SHA-256
Holger Reif code found from Crypto++ <http://www.cryptopp.com/>. The SHA-256 code
Kurt Roeckx in Crypto++ was written by Kevin Springle and Wei Dai.
Lutz Jänicke
Mark J. Cox Some scripts have been adapted from gzip. The original versions
Matt Caswell were written by Jean-loup Gailly, Charles Levert, and Paul Eggert.
Matthias St. Pierre Andrew Dudman helped adapting the scripts and their man pages for
Nicola Tuveri XZ Utils.
Nils Larsch
Patrick Steuer The GNU Autotools-based build system contains files from many authors,
Paul Dale which I'm not trying to list here.
Paul C. Sutton
Paul Yang Several people have contributed fixes or reported bugs. Most of them
Ralf S. Engelschall are mentioned in the file THANKS.
Rich Salz
Richard Levitte
Shane Lontis
Stephen Henson
Steve Marquess
Tim Hudson
Tomáš Mráz
Ulf Möller
Viktor Dukhovni

13670
CHANGES
View File

File diff suppressed because it is too large Load Diff

72
CONTRIBUTING
View File

@@ -1,72 +0,0 @@
HOW TO CONTRIBUTE TO OpenSSL
----------------------------
(Please visit https://www.openssl.org/community/getting-started.html for
other ideas about how to contribute.)
Development is done on GitHub, https://github.com/openssl/openssl.
To request new features or report bugs, please open an issue on GitHub
To submit a patch, please open a pull request on GitHub. If you are thinking
of making a large contribution, open an issue for it before starting work,
to get comments from the community. Someone may be already working on
the same thing or there may be reasons why that feature isn't implemented.
To make it easier to review and accept your pull request, please follow these
guidelines:
1. Anything other than a trivial contribution requires a Contributor
License Agreement (CLA), giving us permission to use your code. See
https://www.openssl.org/policies/cla.html for details. If your
contribution is too small to require a CLA, put "CLA: trivial" on a
line by itself in your commit message body.
2. All source files should start with the following text (with
appropriate comment characters at the start of each line and the
year(s) updated):
Copyright 20xx-20yy The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
https://www.openssl.org/source/license.html
3. Patches should be as current as possible; expect to have to rebase
often. We do not accept merge commits, you will have to remove them
(usually by rebasing) before it will be acceptable.
4. Patches should follow our coding style (see
https://www.openssl.org/policies/codingstyle.html) and compile
without warnings. Where gcc or clang is available you should use the
--strict-warnings Configure option. OpenSSL compiles on many varied
platforms: try to ensure you only use portable features. Clean builds via
GitHub Actions and AppVeyor are required, and they are started automatically
whenever a PR is created or updated.
5. When at all possible, patches should include tests. These can
either be added to an existing test, or completely new. Please see
test/README for information on the test framework.
6. New features or changed functionality must include
documentation. Please look at the "pod" files in doc/man[1357] for
examples of our style. Run "make doc-nits" to make sure that your
documentation changes are clean.
7. For user visible changes (API changes, behaviour changes, ...),
consider adding a note in CHANGES. This could be a summarising
description of the change, and could explain the grander details.
Have a look through existing entries for inspiration.
Please note that this is NOT simply a copy of git-log one-liners.
Also note that security fixes get an entry in CHANGES.
This file helps users get more in depth information of what comes
with a specific release without having to sift through the higher
noise ratio in git-log.
8. For larger or more important user visible changes, as well as
security fixes, please add a line in NEWS. On exception, it might be
worth adding a multi-line entry (such as the entry that announces all
the types that became opaque with OpenSSL 1.1.0).
This file helps users get a very quick summary of what comes with a
specific release, to see if an upgrade is worth the effort.

65
COPYING Normal file
View File

@@ -0,0 +1,65 @@
XZ Utils Licensing
==================
Different licenses apply to different files in this package. Here
is a rough summary of which licenses apply to which parts of this
package (but check the individual files to be sure!):
- liblzma is in the public domain.
- xz, xzdec, and lzmadec command line tools are in the public
domain unless GNU getopt_long had to be compiled and linked
in from the lib directory. The getopt_long code is under
GNU LGPLv2.1+.
- The scripts to grep, diff, and view compressed files have been
adapted from gzip. These scripts and their documentation are
under GNU GPLv2+.
- All the documentation in the doc directory and most of the
XZ Utils specific documentation files in other directories
are in the public domain.
- Translated messages are in the public domain.
- The build system contains public domain files, and files that
are under GNU GPLv2+ or GNU GPLv3+. None of these files end up
in the binaries being built.
- Test files and test code in the tests directory, and debugging
utilities in the debug directory are in the public domain.
- The extra directory may contain public domain files, and files
that are under various free software licenses.
You can do whatever you want with the files that have been put into
the public domain. If you find public domain legally problematic,
take the previous sentence as a license grant. If you still find
the lack of copyright legally problematic, you have too many
lawyers.
As usual, this software is provided "as is", without any warranty.
If you copy significant amounts of public domain code from XZ Utils
into your project, acknowledging this somewhere in your software is
polite (especially if it is proprietary, non-free software), but
naturally it is not legally required. Here is an example of a good
notice to put into "about box" or into documentation:
This software includes code from XZ Utils <http://tukaani.org/xz/>.
The following license texts are included in the following files:
- COPYING.LGPLv2.1: GNU Lesser General Public License version 2.1
- COPYING.GPLv2: GNU General Public License version 2
- COPYING.GPLv3: GNU General Public License version 3
Note that the toolchain (compiler, linker etc.) may add some code
pieces that are copyrighted. Thus, it is possible that e.g. liblzma
binary wouldn't actually be in the public domain in its entirety
even though it contains no copyrighted code from the XZ Utils source
package.
If you have questions, don't hesitate to ask the author(s) for more
information.

339
COPYING.GPLv2 Normal file
View File

@@ -0,0 +1,339 @@
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Lesser General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) year name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License.

674
COPYING.GPLv3 Normal file
View File

@@ -0,0 +1,674 @@
GNU GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The GNU General Public License is a free, copyleft license for
software and other kinds of works.
The licenses for most software and other practical works are designed
to take away your freedom to share and change the works. By contrast,
the GNU General Public License is intended to guarantee your freedom to
share and change all versions of a program--to make sure it remains free
software for all its users. We, the Free Software Foundation, use the
GNU General Public License for most of our software; it applies also to
any other work released this way by its authors. You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
them if you wish), that you receive source code or can get it if you
want it, that you can change the software or use pieces of it in new
free programs, and that you know you can do these things.
To protect your rights, we need to prevent others from denying you
these rights or asking you to surrender the rights. Therefore, you have
certain responsibilities if you distribute copies of the software, or if
you modify it: responsibilities to respect the freedom of others.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must pass on to the recipients the same
freedoms that you received. You must make sure that they, too, receive
or can get the source code. And you must show them these terms so they
know their rights.
Developers that use the GNU GPL protect your rights with two steps:
(1) assert copyright on the software, and (2) offer you this License
giving you legal permission to copy, distribute and/or modify it.
For the developers' and authors' protection, the GPL clearly explains
that there is no warranty for this free software. For both users' and
authors' sake, the GPL requires that modified versions be marked as
changed, so that their problems will not be attributed erroneously to
authors of previous versions.
Some devices are designed to deny users access to install or run
modified versions of the software inside them, although the manufacturer
can do so. This is fundamentally incompatible with the aim of
protecting users' freedom to change the software. The systematic
pattern of such abuse occurs in the area of products for individuals to
use, which is precisely where it is most unacceptable. Therefore, we
have designed this version of the GPL to prohibit the practice for those
products. If such problems arise substantially in other domains, we
stand ready to extend this provision to those domains in future versions
of the GPL, as needed to protect the freedom of users.
Finally, every program is threatened constantly by software patents.
States should not allow patents to restrict development and use of
software on general-purpose computers, but in those that do, we wish to
avoid the special danger that patents applied to a free program could
make it effectively proprietary. To prevent this, the GPL assures that
patents cannot be used to render the program non-free.
The precise terms and conditions for copying, distribution and
modification follow.
TERMS AND CONDITIONS
0. Definitions.
"This License" refers to version 3 of the GNU General Public License.
"Copyright" also means copyright-like laws that apply to other kinds of
works, such as semiconductor masks.
"The Program" refers to any copyrightable work licensed under this
License. Each licensee is addressed as "you". "Licensees" and
"recipients" may be individuals or organizations.
To "modify" a work means to copy from or adapt all or part of the work
in a fashion requiring copyright permission, other than the making of an
exact copy. The resulting work is called a "modified version" of the
earlier work or a work "based on" the earlier work.
A "covered work" means either the unmodified Program or a work based
on the Program.
To "propagate" a work means to do anything with it that, without
permission, would make you directly or secondarily liable for
infringement under applicable copyright law, except executing it on a
computer or modifying a private copy. Propagation includes copying,
distribution (with or without modification), making available to the
public, and in some countries other activities as well.
To "convey" a work means any kind of propagation that enables other
parties to make or receive copies. Mere interaction with a user through
a computer network, with no transfer of a copy, is not conveying.
An interactive user interface displays "Appropriate Legal Notices"
to the extent that it includes a convenient and prominently visible
feature that (1) displays an appropriate copyright notice, and (2)
tells the user that there is no warranty for the work (except to the
extent that warranties are provided), that licensees may convey the
work under this License, and how to view a copy of this License. If
the interface presents a list of user commands or options, such as a
menu, a prominent item in the list meets this criterion.
1. Source Code.
The "source code" for a work means the preferred form of the work
for making modifications to it. "Object code" means any non-source
form of a work.
A "Standard Interface" means an interface that either is an official
standard defined by a recognized standards body, or, in the case of
interfaces specified for a particular programming language, one that
is widely used among developers working in that language.
The "System Libraries" of an executable work include anything, other
than the work as a whole, that (a) is included in the normal form of
packaging a Major Component, but which is not part of that Major
Component, and (b) serves only to enable use of the work with that
Major Component, or to implement a Standard Interface for which an
implementation is available to the public in source code form. A
"Major Component", in this context, means a major essential component
(kernel, window system, and so on) of the specific operating system
(if any) on which the executable work runs, or a compiler used to
produce the work, or an object code interpreter used to run it.
The "Corresponding Source" for a work in object code form means all
the source code needed to generate, install, and (for an executable
work) run the object code and to modify the work, including scripts to
control those activities. However, it does not include the work's
System Libraries, or general-purpose tools or generally available free
programs which are used unmodified in performing those activities but
which are not part of the work. For example, Corresponding Source
includes interface definition files associated with source files for
the work, and the source code for shared libraries and dynamically
linked subprograms that the work is specifically designed to require,
such as by intimate data communication or control flow between those
subprograms and other parts of the work.
The Corresponding Source need not include anything that users
can regenerate automatically from other parts of the Corresponding
Source.
The Corresponding Source for a work in source code form is that
same work.
2. Basic Permissions.
All rights granted under this License are granted for the term of
copyright on the Program, and are irrevocable provided the stated
conditions are met. This License explicitly affirms your unlimited
permission to run the unmodified Program. The output from running a
covered work is covered by this License only if the output, given its
content, constitutes a covered work. This License acknowledges your
rights of fair use or other equivalent, as provided by copyright law.
You may make, run and propagate covered works that you do not
convey, without conditions so long as your license otherwise remains
in force. You may convey covered works to others for the sole purpose
of having them make modifications exclusively for you, or provide you
with facilities for running those works, provided that you comply with
the terms of this License in conveying all material for which you do
not control copyright. Those thus making or running the covered works
for you must do so exclusively on your behalf, under your direction
and control, on terms that prohibit them from making any copies of
your copyrighted material outside their relationship with you.
Conveying under any other circumstances is permitted solely under
the conditions stated below. Sublicensing is not allowed; section 10
makes it unnecessary.
3. Protecting Users' Legal Rights From Anti-Circumvention Law.
No covered work shall be deemed part of an effective technological
measure under any applicable law fulfilling obligations under article
11 of the WIPO copyright treaty adopted on 20 December 1996, or
similar laws prohibiting or restricting circumvention of such
measures.
When you convey a covered work, you waive any legal power to forbid
circumvention of technological measures to the extent such circumvention
is effected by exercising rights under this License with respect to
the covered work, and you disclaim any intention to limit operation or
modification of the work as a means of enforcing, against the work's
users, your or third parties' legal rights to forbid circumvention of
technological measures.
4. Conveying Verbatim Copies.
You may convey verbatim copies of the Program's source code as you
receive it, in any medium, provided that you conspicuously and
appropriately publish on each copy an appropriate copyright notice;
keep intact all notices stating that this License and any
non-permissive terms added in accord with section 7 apply to the code;
keep intact all notices of the absence of any warranty; and give all
recipients a copy of this License along with the Program.
You may charge any price or no price for each copy that you convey,
and you may offer support or warranty protection for a fee.
5. Conveying Modified Source Versions.
You may convey a work based on the Program, or the modifications to
produce it from the Program, in the form of source code under the
terms of section 4, provided that you also meet all of these conditions:
a) The work must carry prominent notices stating that you modified
it, and giving a relevant date.
b) The work must carry prominent notices stating that it is
released under this License and any conditions added under section
7. This requirement modifies the requirement in section 4 to
"keep intact all notices".
c) You must license the entire work, as a whole, under this
License to anyone who comes into possession of a copy. This
License will therefore apply, along with any applicable section 7
additional terms, to the whole of the work, and all its parts,
regardless of how they are packaged. This License gives no
permission to license the work in any other way, but it does not
invalidate such permission if you have separately received it.
d) If the work has interactive user interfaces, each must display
Appropriate Legal Notices; however, if the Program has interactive
interfaces that do not display Appropriate Legal Notices, your
work need not make them do so.
A compilation of a covered work with other separate and independent
works, which are not by their nature extensions of the covered work,
and which are not combined with it such as to form a larger program,
in or on a volume of a storage or distribution medium, is called an
"aggregate" if the compilation and its resulting copyright are not
used to limit the access or legal rights of the compilation's users
beyond what the individual works permit. Inclusion of a covered work
in an aggregate does not cause this License to apply to the other
parts of the aggregate.
6. Conveying Non-Source Forms.
You may convey a covered work in object code form under the terms
of sections 4 and 5, provided that you also convey the
machine-readable Corresponding Source under the terms of this License,
in one of these ways:
a) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by the
Corresponding Source fixed on a durable physical medium
customarily used for software interchange.
b) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by a
written offer, valid for at least three years and valid for as
long as you offer spare parts or customer support for that product
model, to give anyone who possesses the object code either (1) a
copy of the Corresponding Source for all the software in the
product that is covered by this License, on a durable physical
medium customarily used for software interchange, for a price no
more than your reasonable cost of physically performing this
conveying of source, or (2) access to copy the
Corresponding Source from a network server at no charge.
c) Convey individual copies of the object code with a copy of the
written offer to provide the Corresponding Source. This
alternative is allowed only occasionally and noncommercially, and
only if you received the object code with such an offer, in accord
with subsection 6b.
d) Convey the object code by offering access from a designated
place (gratis or for a charge), and offer equivalent access to the
Corresponding Source in the same way through the same place at no
further charge. You need not require recipients to copy the
Corresponding Source along with the object code. If the place to
copy the object code is a network server, the Corresponding Source
may be on a different server (operated by you or a third party)
that supports equivalent copying facilities, provided you maintain
clear directions next to the object code saying where to find the
Corresponding Source. Regardless of what server hosts the
Corresponding Source, you remain obligated to ensure that it is
available for as long as needed to satisfy these requirements.
e) Convey the object code using peer-to-peer transmission, provided
you inform other peers where the object code and Corresponding
Source of the work are being offered to the general public at no
charge under subsection 6d.
A separable portion of the object code, whose source code is excluded
from the Corresponding Source as a System Library, need not be
included in conveying the object code work.
A "User Product" is either (1) a "consumer product", which means any
tangible personal property which is normally used for personal, family,
or household purposes, or (2) anything designed or sold for incorporation
into a dwelling. In determining whether a product is a consumer product,
doubtful cases shall be resolved in favor of coverage. For a particular
product received by a particular user, "normally used" refers to a
typical or common use of that class of product, regardless of the status
of the particular user or of the way in which the particular user
actually uses, or expects or is expected to use, the product. A product
is a consumer product regardless of whether the product has substantial
commercial, industrial or non-consumer uses, unless such uses represent
the only significant mode of use of the product.
"Installation Information" for a User Product means any methods,
procedures, authorization keys, or other information required to install
and execute modified versions of a covered work in that User Product from
a modified version of its Corresponding Source. The information must
suffice to ensure that the continued functioning of the modified object
code is in no case prevented or interfered with solely because
modification has been made.
If you convey an object code work under this section in, or with, or
specifically for use in, a User Product, and the conveying occurs as
part of a transaction in which the right of possession and use of the
User Product is transferred to the recipient in perpetuity or for a
fixed term (regardless of how the transaction is characterized), the
Corresponding Source conveyed under this section must be accompanied
by the Installation Information. But this requirement does not apply
if neither you nor any third party retains the ability to install
modified object code on the User Product (for example, the work has
been installed in ROM).
The requirement to provide Installation Information does not include a
requirement to continue to provide support service, warranty, or updates
for a work that has been modified or installed by the recipient, or for
the User Product in which it has been modified or installed. Access to a
network may be denied when the modification itself materially and
adversely affects the operation of the network or violates the rules and
protocols for communication across the network.
Corresponding Source conveyed, and Installation Information provided,
in accord with this section must be in a format that is publicly
documented (and with an implementation available to the public in
source code form), and must require no special password or key for
unpacking, reading or copying.
7. Additional Terms.
"Additional permissions" are terms that supplement the terms of this
License by making exceptions from one or more of its conditions.
Additional permissions that are applicable to the entire Program shall
be treated as though they were included in this License, to the extent
that they are valid under applicable law. If additional permissions
apply only to part of the Program, that part may be used separately
under those permissions, but the entire Program remains governed by
this License without regard to the additional permissions.
When you convey a copy of a covered work, you may at your option
remove any additional permissions from that copy, or from any part of
it. (Additional permissions may be written to require their own
removal in certain cases when you modify the work.) You may place
additional permissions on material, added by you to a covered work,
for which you have or can give appropriate copyright permission.
Notwithstanding any other provision of this License, for material you
add to a covered work, you may (if authorized by the copyright holders of
that material) supplement the terms of this License with terms:
a) Disclaiming warranty or limiting liability differently from the
terms of sections 15 and 16 of this License; or
b) Requiring preservation of specified reasonable legal notices or
author attributions in that material or in the Appropriate Legal
Notices displayed by works containing it; or
c) Prohibiting misrepresentation of the origin of that material, or
requiring that modified versions of such material be marked in
reasonable ways as different from the original version; or
d) Limiting the use for publicity purposes of names of licensors or
authors of the material; or
e) Declining to grant rights under trademark law for use of some
trade names, trademarks, or service marks; or
f) Requiring indemnification of licensors and authors of that
material by anyone who conveys the material (or modified versions of
it) with contractual assumptions of liability to the recipient, for
any liability that these contractual assumptions directly impose on
those licensors and authors.
All other non-permissive additional terms are considered "further
restrictions" within the meaning of section 10. If the Program as you
received it, or any part of it, contains a notice stating that it is
governed by this License along with a term that is a further
restriction, you may remove that term. If a license document contains
a further restriction but permits relicensing or conveying under this
License, you may add to a covered work material governed by the terms
of that license document, provided that the further restriction does
not survive such relicensing or conveying.
If you add terms to a covered work in accord with this section, you
must place, in the relevant source files, a statement of the
additional terms that apply to those files, or a notice indicating
where to find the applicable terms.
Additional terms, permissive or non-permissive, may be stated in the
form of a separately written license, or stated as exceptions;
the above requirements apply either way.
8. Termination.
You may not propagate or modify a covered work except as expressly
provided under this License. Any attempt otherwise to propagate or
modify it is void, and will automatically terminate your rights under
this License (including any patent licenses granted under the third
paragraph of section 11).
However, if you cease all violation of this License, then your
license from a particular copyright holder is reinstated (a)
provisionally, unless and until the copyright holder explicitly and
finally terminates your license, and (b) permanently, if the copyright
holder fails to notify you of the violation by some reasonable means
prior to 60 days after the cessation.
Moreover, your license from a particular copyright holder is
reinstated permanently if the copyright holder notifies you of the
violation by some reasonable means, this is the first time you have
received notice of violation of this License (for any work) from that
copyright holder, and you cure the violation prior to 30 days after
your receipt of the notice.
Termination of your rights under this section does not terminate the
licenses of parties who have received copies or rights from you under
this License. If your rights have been terminated and not permanently
reinstated, you do not qualify to receive new licenses for the same
material under section 10.
9. Acceptance Not Required for Having Copies.
You are not required to accept this License in order to receive or
run a copy of the Program. Ancillary propagation of a covered work
occurring solely as a consequence of using peer-to-peer transmission
to receive a copy likewise does not require acceptance. However,
nothing other than this License grants you permission to propagate or
modify any covered work. These actions infringe copyright if you do
not accept this License. Therefore, by modifying or propagating a
covered work, you indicate your acceptance of this License to do so.
10. Automatic Licensing of Downstream Recipients.
Each time you convey a covered work, the recipient automatically
receives a license from the original licensors, to run, modify and
propagate that work, subject to this License. You are not responsible
for enforcing compliance by third parties with this License.
An "entity transaction" is a transaction transferring control of an
organization, or substantially all assets of one, or subdividing an
organization, or merging organizations. If propagation of a covered
work results from an entity transaction, each party to that
transaction who receives a copy of the work also receives whatever
licenses to the work the party's predecessor in interest had or could
give under the previous paragraph, plus a right to possession of the
Corresponding Source of the work from the predecessor in interest, if
the predecessor has it or can get it with reasonable efforts.
You may not impose any further restrictions on the exercise of the
rights granted or affirmed under this License. For example, you may
not impose a license fee, royalty, or other charge for exercise of
rights granted under this License, and you may not initiate litigation
(including a cross-claim or counterclaim in a lawsuit) alleging that
any patent claim is infringed by making, using, selling, offering for
sale, or importing the Program or any portion of it.
11. Patents.
A "contributor" is a copyright holder who authorizes use under this
License of the Program or a work on which the Program is based. The
work thus licensed is called the contributor's "contributor version".
A contributor's "essential patent claims" are all patent claims
owned or controlled by the contributor, whether already acquired or
hereafter acquired, that would be infringed by some manner, permitted
by this License, of making, using, or selling its contributor version,
but do not include claims that would be infringed only as a
consequence of further modification of the contributor version. For
purposes of this definition, "control" includes the right to grant
patent sublicenses in a manner consistent with the requirements of
this License.
Each contributor grants you a non-exclusive, worldwide, royalty-free
patent license under the contributor's essential patent claims, to
make, use, sell, offer for sale, import and otherwise run, modify and
propagate the contents of its contributor version.
In the following three paragraphs, a "patent license" is any express
agreement or commitment, however denominated, not to enforce a patent
(such as an express permission to practice a patent or covenant not to
sue for patent infringement). To "grant" such a patent license to a
party means to make such an agreement or commitment not to enforce a
patent against the party.
If you convey a covered work, knowingly relying on a patent license,
and the Corresponding Source of the work is not available for anyone
to copy, free of charge and under the terms of this License, through a
publicly available network server or other readily accessible means,
then you must either (1) cause the Corresponding Source to be so
available, or (2) arrange to deprive yourself of the benefit of the
patent license for this particular work, or (3) arrange, in a manner
consistent with the requirements of this License, to extend the patent
license to downstream recipients. "Knowingly relying" means you have
actual knowledge that, but for the patent license, your conveying the
covered work in a country, or your recipient's use of the covered work
in a country, would infringe one or more identifiable patents in that
country that you have reason to believe are valid.
If, pursuant to or in connection with a single transaction or
arrangement, you convey, or propagate by procuring conveyance of, a
covered work, and grant a patent license to some of the parties
receiving the covered work authorizing them to use, propagate, modify
or convey a specific copy of the covered work, then the patent license
you grant is automatically extended to all recipients of the covered
work and works based on it.
A patent license is "discriminatory" if it does not include within
the scope of its coverage, prohibits the exercise of, or is
conditioned on the non-exercise of one or more of the rights that are
specifically granted under this License. You may not convey a covered
work if you are a party to an arrangement with a third party that is
in the business of distributing software, under which you make payment
to the third party based on the extent of your activity of conveying
the work, and under which the third party grants, to any of the
parties who would receive the covered work from you, a discriminatory
patent license (a) in connection with copies of the covered work
conveyed by you (or copies made from those copies), or (b) primarily
for and in connection with specific products or compilations that
contain the covered work, unless you entered into that arrangement,
or that patent license was granted, prior to 28 March 2007.
Nothing in this License shall be construed as excluding or limiting
any implied license or other defenses to infringement that may
otherwise be available to you under applicable patent law.
12. No Surrender of Others' Freedom.
If conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot convey a
covered work so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you may
not convey it at all. For example, if you agree to terms that obligate you
to collect a royalty for further conveying from those to whom you convey
the Program, the only way you could satisfy both those terms and this
License would be to refrain entirely from conveying the Program.
13. Use with the GNU Affero General Public License.
Notwithstanding any other provision of this License, you have
permission to link or combine any covered work with a work licensed
under version 3 of the GNU Affero General Public License into a single
combined work, and to convey the resulting work. The terms of this
License will continue to apply to the part which is the covered work,
but the special requirements of the GNU Affero General Public License,
section 13, concerning interaction through a network will apply to the
combination as such.
14. Revised Versions of this License.
The Free Software Foundation may publish revised and/or new versions of
the GNU General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the
Program specifies that a certain numbered version of the GNU General
Public License "or any later version" applies to it, you have the
option of following the terms and conditions either of that numbered
version or of any later version published by the Free Software
Foundation. If the Program does not specify a version number of the
GNU General Public License, you may choose any version ever published
by the Free Software Foundation.
If the Program specifies that a proxy can decide which future
versions of the GNU General Public License can be used, that proxy's
public statement of acceptance of a version permanently authorizes you
to choose that version for the Program.
Later license versions may give you additional or different
permissions. However, no additional obligations are imposed on any
author or copyright holder as a result of your choosing to follow a
later version.
15. Disclaimer of Warranty.
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
16. Limitation of Liability.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES.
17. Interpretation of Sections 15 and 16.
If the disclaimer of warranty and limitation of liability provided
above cannot be given local legal effect according to their terms,
reviewing courts shall apply local law that most closely approximates
an absolute waiver of all civil liability in connection with the
Program, unless a warranty or assumption of liability accompanies a
copy of the Program in return for a fee.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
state the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
Also add information on how to contact you by electronic and paper mail.
If the program does terminal interaction, make it output a short
notice like this when it starts in an interactive mode:
<program> Copyright (C) <year> <name of author>
This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, your program's commands
might be different; for a GUI interface, you would use an "about box".
You should also get your employer (if you work as a programmer) or school,
if any, to sign a "copyright disclaimer" for the program, if necessary.
For more information on this, and how to apply and follow the GNU GPL, see
<http://www.gnu.org/licenses/>.
The GNU General Public License does not permit incorporating your program
into proprietary programs. If your program is a subroutine library, you
may consider it more useful to permit linking proprietary applications with
the library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License. But first, please read
<http://www.gnu.org/philosophy/why-not-lgpl.html>.

502
COPYING.LGPLv2.1 Normal file
View File

@@ -0,0 +1,502 @@
GNU LESSER GENERAL PUBLIC LICENSE
Version 2.1, February 1999
Copyright (C) 1991, 1999 Free Software Foundation, Inc.
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
[This is the first released version of the Lesser GPL. It also counts
as the successor of the GNU Library Public License, version 2, hence
the version number 2.1.]
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
Licenses are intended to guarantee your freedom to share and change
free software--to make sure the software is free for all its users.
This license, the Lesser General Public License, applies to some
specially designated software packages--typically libraries--of the
Free Software Foundation and other authors who decide to use it. You
can use it too, but we suggest you first think carefully about whether
this license or the ordinary General Public License is the better
strategy to use in any particular case, based on the explanations below.
When we speak of free software, we are referring to freedom of use,
not price. Our General Public Licenses are designed to make sure that
you have the freedom to distribute copies of free software (and charge
for this service if you wish); that you receive source code or can get
it if you want it; that you can change the software and use pieces of
it in new free programs; and that you are informed that you can do
these things.
To protect your rights, we need to make restrictions that forbid
distributors to deny you these rights or to ask you to surrender these
rights. These restrictions translate to certain responsibilities for
you if you distribute copies of the library or if you modify it.
For example, if you distribute copies of the library, whether gratis
or for a fee, you must give the recipients all the rights that we gave
you. You must make sure that they, too, receive or can get the source
code. If you link other code with the library, you must provide
complete object files to the recipients, so that they can relink them
with the library after making changes to the library and recompiling
it. And you must show them these terms so they know their rights.
We protect your rights with a two-step method: (1) we copyright the
library, and (2) we offer you this license, which gives you legal
permission to copy, distribute and/or modify the library.
To protect each distributor, we want to make it very clear that
there is no warranty for the free library. Also, if the library is
modified by someone else and passed on, the recipients should know
that what they have is not the original version, so that the original
author's reputation will not be affected by problems that might be
introduced by others.
Finally, software patents pose a constant threat to the existence of
any free program. We wish to make sure that a company cannot
effectively restrict the users of a free program by obtaining a
restrictive license from a patent holder. Therefore, we insist that
any patent license obtained for a version of the library must be
consistent with the full freedom of use specified in this license.
Most GNU software, including some libraries, is covered by the
ordinary GNU General Public License. This license, the GNU Lesser
General Public License, applies to certain designated libraries, and
is quite different from the ordinary General Public License. We use
this license for certain libraries in order to permit linking those
libraries into non-free programs.
When a program is linked with a library, whether statically or using
a shared library, the combination of the two is legally speaking a
combined work, a derivative of the original library. The ordinary
General Public License therefore permits such linking only if the
entire combination fits its criteria of freedom. The Lesser General
Public License permits more lax criteria for linking other code with
the library.
We call this license the "Lesser" General Public License because it
does Less to protect the user's freedom than the ordinary General
Public License. It also provides other free software developers Less
of an advantage over competing non-free programs. These disadvantages
are the reason we use the ordinary General Public License for many
libraries. However, the Lesser license provides advantages in certain
special circumstances.
For example, on rare occasions, there may be a special need to
encourage the widest possible use of a certain library, so that it becomes
a de-facto standard. To achieve this, non-free programs must be
allowed to use the library. A more frequent case is that a free
library does the same job as widely used non-free libraries. In this
case, there is little to gain by limiting the free library to free
software only, so we use the Lesser General Public License.
In other cases, permission to use a particular library in non-free
programs enables a greater number of people to use a large body of
free software. For example, permission to use the GNU C Library in
non-free programs enables many more people to use the whole GNU
operating system, as well as its variant, the GNU/Linux operating
system.
Although the Lesser General Public License is Less protective of the
users' freedom, it does ensure that the user of a program that is
linked with the Library has the freedom and the wherewithal to run
that program using a modified version of the Library.
The precise terms and conditions for copying, distribution and
modification follow. Pay close attention to the difference between a
"work based on the library" and a "work that uses the library". The
former contains code derived from the library, whereas the latter must
be combined with the library in order to run.
GNU LESSER GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License Agreement applies to any software library or other
program which contains a notice placed by the copyright holder or
other authorized party saying it may be distributed under the terms of
this Lesser General Public License (also called "this License").
Each licensee is addressed as "you".
A "library" means a collection of software functions and/or data
prepared so as to be conveniently linked with application programs
(which use some of those functions and data) to form executables.
The "Library", below, refers to any such software library or work
which has been distributed under these terms. A "work based on the
Library" means either the Library or any derivative work under
copyright law: that is to say, a work containing the Library or a
portion of it, either verbatim or with modifications and/or translated
straightforwardly into another language. (Hereinafter, translation is
included without limitation in the term "modification".)
"Source code" for a work means the preferred form of the work for
making modifications to it. For a library, complete source code means
all the source code for all modules it contains, plus any associated
interface definition files, plus the scripts used to control compilation
and installation of the library.
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running a program using the Library is not restricted, and output from
such a program is covered only if its contents constitute a work based
on the Library (independent of the use of the Library in a tool for
writing it). Whether that is true depends on what the Library does
and what the program that uses the Library does.
1. You may copy and distribute verbatim copies of the Library's
complete source code as you receive it, in any medium, provided that
you conspicuously and appropriately publish on each copy an
appropriate copyright notice and disclaimer of warranty; keep intact
all the notices that refer to this License and to the absence of any
warranty; and distribute a copy of this License along with the
Library.
You may charge a fee for the physical act of transferring a copy,
and you may at your option offer warranty protection in exchange for a
fee.
2. You may modify your copy or copies of the Library or any portion
of it, thus forming a work based on the Library, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) The modified work must itself be a software library.
b) You must cause the files modified to carry prominent notices
stating that you changed the files and the date of any change.
c) You must cause the whole of the work to be licensed at no
charge to all third parties under the terms of this License.
d) If a facility in the modified Library refers to a function or a
table of data to be supplied by an application program that uses
the facility, other than as an argument passed when the facility
is invoked, then you must make a good faith effort to ensure that,
in the event an application does not supply such function or
table, the facility still operates, and performs whatever part of
its purpose remains meaningful.
(For example, a function in a library to compute square roots has
a purpose that is entirely well-defined independent of the
application. Therefore, Subsection 2d requires that any
application-supplied function or table used by this function must
be optional: if the application does not supply it, the square
root function must still compute square roots.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Library,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Library, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote
it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Library.
In addition, mere aggregation of another work not based on the Library
with the Library (or with a work based on the Library) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may opt to apply the terms of the ordinary GNU General Public
License instead of this License to a given copy of the Library. To do
this, you must alter all the notices that refer to this License, so
that they refer to the ordinary GNU General Public License, version 2,
instead of to this License. (If a newer version than version 2 of the
ordinary GNU General Public License has appeared, then you can specify
that version instead if you wish.) Do not make any other change in
these notices.
Once this change is made in a given copy, it is irreversible for
that copy, so the ordinary GNU General Public License applies to all
subsequent copies and derivative works made from that copy.
This option is useful when you wish to copy part of the code of
the Library into a program that is not a library.
4. You may copy and distribute the Library (or a portion or
derivative of it, under Section 2) in object code or executable form
under the terms of Sections 1 and 2 above provided that you accompany
it with the complete corresponding machine-readable source code, which
must be distributed under the terms of Sections 1 and 2 above on a
medium customarily used for software interchange.
If distribution of object code is made by offering access to copy
from a designated place, then offering equivalent access to copy the
source code from the same place satisfies the requirement to
distribute the source code, even though third parties are not
compelled to copy the source along with the object code.
5. A program that contains no derivative of any portion of the
Library, but is designed to work with the Library by being compiled or
linked with it, is called a "work that uses the Library". Such a
work, in isolation, is not a derivative work of the Library, and
therefore falls outside the scope of this License.
However, linking a "work that uses the Library" with the Library
creates an executable that is a derivative of the Library (because it
contains portions of the Library), rather than a "work that uses the
library". The executable is therefore covered by this License.
Section 6 states terms for distribution of such executables.
When a "work that uses the Library" uses material from a header file
that is part of the Library, the object code for the work may be a
derivative work of the Library even though the source code is not.
Whether this is true is especially significant if the work can be
linked without the Library, or if the work is itself a library. The
threshold for this to be true is not precisely defined by law.
If such an object file uses only numerical parameters, data
structure layouts and accessors, and small macros and small inline
functions (ten lines or less in length), then the use of the object
file is unrestricted, regardless of whether it is legally a derivative
work. (Executables containing this object code plus portions of the
Library will still fall under Section 6.)
Otherwise, if the work is a derivative of the Library, you may
distribute the object code for the work under the terms of Section 6.
Any executables containing that work also fall under Section 6,
whether or not they are linked directly with the Library itself.
6. As an exception to the Sections above, you may also combine or
link a "work that uses the Library" with the Library to produce a
work containing portions of the Library, and distribute that work
under terms of your choice, provided that the terms permit
modification of the work for the customer's own use and reverse
engineering for debugging such modifications.
You must give prominent notice with each copy of the work that the
Library is used in it and that the Library and its use are covered by
this License. You must supply a copy of this License. If the work
during execution displays copyright notices, you must include the
copyright notice for the Library among them, as well as a reference
directing the user to the copy of this License. Also, you must do one
of these things:
a) Accompany the work with the complete corresponding
machine-readable source code for the Library including whatever
changes were used in the work (which must be distributed under
Sections 1 and 2 above); and, if the work is an executable linked
with the Library, with the complete machine-readable "work that
uses the Library", as object code and/or source code, so that the
user can modify the Library and then relink to produce a modified
executable containing the modified Library. (It is understood
that the user who changes the contents of definitions files in the
Library will not necessarily be able to recompile the application
to use the modified definitions.)
b) Use a suitable shared library mechanism for linking with the
Library. A suitable mechanism is one that (1) uses at run time a
copy of the library already present on the user's computer system,
rather than copying library functions into the executable, and (2)
will operate properly with a modified version of the library, if
the user installs one, as long as the modified version is
interface-compatible with the version that the work was made with.
c) Accompany the work with a written offer, valid for at
least three years, to give the same user the materials
specified in Subsection 6a, above, for a charge no more
than the cost of performing this distribution.
d) If distribution of the work is made by offering access to copy
from a designated place, offer equivalent access to copy the above
specified materials from the same place.
e) Verify that the user has already received a copy of these
materials or that you have already sent this user a copy.
For an executable, the required form of the "work that uses the
Library" must include any data and utility programs needed for
reproducing the executable from it. However, as a special exception,
the materials to be distributed need not include anything that is
normally distributed (in either source or binary form) with the major
components (compiler, kernel, and so on) of the operating system on
which the executable runs, unless that component itself accompanies
the executable.
It may happen that this requirement contradicts the license
restrictions of other proprietary libraries that do not normally
accompany the operating system. Such a contradiction means you cannot
use both them and the Library together in an executable that you
distribute.
7. You may place library facilities that are a work based on the
Library side-by-side in a single library together with other library
facilities not covered by this License, and distribute such a combined
library, provided that the separate distribution of the work based on
the Library and of the other library facilities is otherwise
permitted, and provided that you do these two things:
a) Accompany the combined library with a copy of the same work
based on the Library, uncombined with any other library
facilities. This must be distributed under the terms of the
Sections above.
b) Give prominent notice with the combined library of the fact
that part of it is a work based on the Library, and explaining
where to find the accompanying uncombined form of the same work.
8. You may not copy, modify, sublicense, link with, or distribute
the Library except as expressly provided under this License. Any
attempt otherwise to copy, modify, sublicense, link with, or
distribute the Library is void, and will automatically terminate your
rights under this License. However, parties who have received copies,
or rights, from you under this License will not have their licenses
terminated so long as such parties remain in full compliance.
9. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Library or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Library (or any work based on the
Library), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Library or works based on it.
10. Each time you redistribute the Library (or any work based on the
Library), the recipient automatically receives a license from the
original licensor to copy, distribute, link with or modify the Library
subject to these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties with
this License.
11. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Library at all. For example, if a patent
license would not permit royalty-free redistribution of the Library by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Library.
If any portion of this section is held invalid or unenforceable under any
particular circumstance, the balance of the section is intended to apply,
and the section as a whole is intended to apply in other circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
12. If the distribution and/or use of the Library is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Library under this License may add
an explicit geographical distribution limitation excluding those countries,
so that distribution is permitted only in or among countries not thus
excluded. In such case, this License incorporates the limitation as if
written in the body of this License.
13. The Free Software Foundation may publish revised and/or new
versions of the Lesser General Public License from time to time.
Such new versions will be similar in spirit to the present version,
but may differ in detail to address new problems or concerns.
Each version is given a distinguishing version number. If the Library
specifies a version number of this License which applies to it and
"any later version", you have the option of following the terms and
conditions either of that version or of any later version published by
the Free Software Foundation. If the Library does not specify a
license version number, you may choose any version ever published by
the Free Software Foundation.
14. If you wish to incorporate parts of the Library into other free
programs whose distribution conditions are incompatible with these,
write to the author to ask for permission. For software which is
copyrighted by the Free Software Foundation, write to the Free
Software Foundation; we sometimes make exceptions for this. Our
decision will be guided by the two goals of preserving the free status
of all derivatives of our free software and of promoting the sharing
and reuse of software generally.
NO WARRANTY
15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY
KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME
THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY
AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU
FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR
CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Libraries
If you develop a new library, and you want it to be of the greatest
possible use to the public, we recommend making it free software that
everyone can redistribute and change. You can do so by permitting
redistribution under these terms (or, alternatively, under the terms of the
ordinary General Public License).
To apply these terms, attach the following notices to the library. It is
safest to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least the
"copyright" line and a pointer to where the full notice is found.
<one line to give the library's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Also add information on how to contact you by electronic and paper mail.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the library, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the
library `Frob' (a library for tweaking knobs) written by James Random Hacker.
<signature of Ty Coon>, 1 April 1990
Ty Coon, President of Vice
That's all there is to it!

14953
ChangeLog Normal file
View File

File diff suppressed because it is too large Load Diff

356
Configurations/00-base-templates.conf
View File

@@ -1,356 +0,0 @@
# -*- Mode: perl -*-
my %targets=(
DEFAULTS => {
template => 1,
cflags => "",
cppflags => "",
lflags => "",
defines => [],
includes => [],
lib_cflags => "",
lib_cppflags => "",
lib_defines => [],
thread_scheme => "(unknown)", # Assume we don't know
thread_defines => [],
apps_aux_src => "",
apps_init_src => "",
cpuid_asm_src => "mem_clr.c",
uplink_aux_src => "",
bn_asm_src => "bn_asm.c",
ec_asm_src => "",
des_asm_src => "des_enc.c fcrypt_b.c",
aes_asm_src => "aes_core.c aes_cbc.c",
bf_asm_src => "bf_enc.c",
md5_asm_src => "",
cast_asm_src => "c_enc.c",
rc4_asm_src => "rc4_enc.c rc4_skey.c",
rmd160_asm_src => "",
rc5_asm_src => "rc5_enc.c",
wp_asm_src => "wp_block.c",
cmll_asm_src => "camellia.c cmll_misc.c cmll_cbc.c",
modes_asm_src => "",
padlock_asm_src => "",
chacha_asm_src => "chacha_enc.c",
poly1305_asm_src => "",
keccak1600_asm_src => "keccak1600.c",
unistd => "<unistd.h>",
shared_target => "",
shared_cflag => "",
shared_defines => [],
shared_ldflag => "",
shared_rcflag => "",
shared_extension => "",
#### Defaults for the benefit of the config targets who don't inherit
#### a BASE and assume Unix defaults
#### THESE WILL DISAPPEAR IN OpenSSL 1.2
build_scheme => [ "unified", "unix" ],
build_file => "Makefile",
AR => "ar",
ARFLAGS => "r",
CC => "cc",
HASHBANGPERL => "/usr/bin/env perl",
RANLIB => sub { which("$config{cross_compile_prefix}ranlib")
? "ranlib" : "" },
RC => "windres",
#### THESE WILL BE ENABLED IN OpenSSL 1.2
#HASHBANGPERL => "PERL", # Only Unix actually cares
},
BASE_common => {
template => 1,
enable => [],
disable => [],
defines =>
sub {
my @defs = ();
push @defs, "ZLIB" unless $disabled{zlib};
push @defs, "ZLIB_SHARED" unless $disabled{"zlib-dynamic"};
return [ @defs ];
},
includes =>
sub {
my @incs = ();
push @incs, $withargs{zlib_include}
if !$disabled{zlib} && $withargs{zlib_include};
return [ @incs ];
},
},
BASE_unix => {
inherit_from => [ "BASE_common" ],
template => 1,
AR => "ar",
ARFLAGS => "r",
CC => "cc",
lflags =>
sub { $withargs{zlib_lib} ? "-L".$withargs{zlib_lib} : () },
ex_libs =>
sub { !defined($disabled{zlib})
&& defined($disabled{"zlib-dynamic"})
? "-lz" : () },
HASHBANGPERL => "/usr/bin/env perl", # Only Unix actually cares
RANLIB => sub { which("$config{cross_compile_prefix}ranlib")
? "ranlib" : "" },
RC => "windres",
shared_extension => ".so",
build_scheme => [ "unified", "unix" ],
build_file => "Makefile",
},
BASE_Windows => {
inherit_from => [ "BASE_common" ],
template => 1,
lib_defines =>
sub {
my @defs = ();
unless ($disabled{"zlib-dynamic"}) {
my $zlib = $withargs{zlib_lib} // "ZLIB1";
push @defs, 'LIBZ=' . (quotify("perl", $zlib))[0];
}
return [ @defs ];
},
ex_libs =>
sub {
unless ($disabled{zlib}) {
if (defined($disabled{"zlib-dynamic"})) {
return $withargs{zlib_lib} // "ZLIB1";
}
}
return ();
},
LD => "link",
LDFLAGS => "/nologo",
ldoutflag => "/out:",
AR => "lib",
ARFLAGS => "/nologo",
aroutflag => "/out:",
RC => "rc",
rcoutflag => "/fo",
MT => "mt",
MTFLAGS => "-nologo",
mtinflag => "-manifest ",
mtoutflag => "-outputresource:",
shared_extension => ".dll",
build_file => "makefile",
build_scheme => [ "unified", "windows" ],
},
BASE_VMS => {
inherit_from => [ "BASE_common" ],
template => 1,
includes =>
add(sub {
my @incs = ();
# GNV$ZLIB_INCLUDE is the standard logical name for later
# zlib incarnations.
push @incs, 'GNV$ZLIB_INCLUDE:'
if !$disabled{zlib} && !$withargs{zlib_include};
return [ @incs ];
}),
shared_extension => ".exe",
build_file => "descrip.mms",
build_scheme => [ "unified", "VMS" ],
},
uplink_common => {
template => 1,
apps_init_src => add("../ms/applink.c"),
uplink_aux_src => add("../ms/uplink.c"),
defines => add("OPENSSL_USE_APPLINK"),
},
x86_uplink => {
inherit_from => [ "uplink_common" ],
template => 1,
uplink_aux_src => add("uplink-x86.s"),
},
x86_64_uplink => {
inherit_from => [ "uplink_common" ],
template => 1,
uplink_aux_src => add("uplink-x86_64.s"),
},
ia64_uplink => {
inherit_from => [ "uplink_common" ],
template => 1,
uplink_aux_src => add("uplink-ia64.s"),
},
x86_asm => {
template => 1,
cpuid_asm_src => "x86cpuid.s",
bn_asm_src => "bn-586.s co-586.s x86-mont.s x86-gf2m.s",
ec_asm_src => "ecp_nistz256.c ecp_nistz256-x86.s",
des_asm_src => "des-586.s crypt586.s",
aes_asm_src => "aes_core.c aes_cbc.c vpaes-x86.s aesni-x86.s",
bf_asm_src => "bf-586.s",
md5_asm_src => "md5-586.s",
cast_asm_src => "cast-586.s",
sha1_asm_src => "sha1-586.s sha256-586.s sha512-586.s",
rc4_asm_src => "rc4-586.s",
rmd160_asm_src => "rmd-586.s",
rc5_asm_src => "rc5-586.s",
wp_asm_src => "wp_block.c wp-mmx.s",
cmll_asm_src => "cmll-x86.s",
modes_asm_src => "ghash-x86.s",
padlock_asm_src => "e_padlock-x86.s",
chacha_asm_src => "chacha-x86.s",
poly1305_asm_src=> "poly1305-x86.s",
},
x86_elf_asm => {
template => 1,
inherit_from => [ "x86_asm" ],
perlasm_scheme => "elf"
},
x86_64_asm => {
template => 1,
cpuid_asm_src => "x86_64cpuid.s",
bn_asm_src => "asm/x86_64-gcc.c x86_64-mont.s x86_64-mont5.s x86_64-gf2m.s rsaz_exp.c rsaz-x86_64.s rsaz-avx2.s",
ec_asm_src => "ecp_nistz256.c ecp_nistz256-x86_64.s x25519-x86_64.s",
aes_asm_src => "aes_core.c aes_cbc.c vpaes-x86_64.s aesni-x86_64.s aesni-sha1-x86_64.s aesni-sha256-x86_64.s aesni-mb-x86_64.s",
md5_asm_src => "md5-x86_64.s",
sha1_asm_src => "sha1-x86_64.s sha256-x86_64.s sha512-x86_64.s sha1-mb-x86_64.s sha256-mb-x86_64.s",
rc4_asm_src => "rc4-x86_64.s rc4-md5-x86_64.s",
wp_asm_src => "wp-x86_64.s",
cmll_asm_src => "cmll-x86_64.s cmll_misc.c",
modes_asm_src => "ghash-x86_64.s aesni-gcm-x86_64.s",
padlock_asm_src => "e_padlock-x86_64.s",
chacha_asm_src => "chacha-x86_64.s",
poly1305_asm_src=> "poly1305-x86_64.s",
keccak1600_asm_src => "keccak1600-x86_64.s",
},
ia64_asm => {
template => 1,
cpuid_asm_src => "ia64cpuid.s",
bn_asm_src => "bn-ia64.s ia64-mont.s",
aes_asm_src => "aes_core.c aes_cbc.c aes-ia64.s",
sha1_asm_src => "sha1-ia64.s sha256-ia64.s sha512-ia64.s",
modes_asm_src => "ghash-ia64.s",
perlasm_scheme => "void"
},
sparcv9_asm => {
template => 1,
cpuid_asm_src => "sparcv9cap.c sparccpuid.S",
bn_asm_src => "asm/sparcv8plus.S sparcv9-mont.S sparcv9a-mont.S vis3-mont.S sparct4-mont.S sparcv9-gf2m.S",
ec_asm_src => "ecp_nistz256.c ecp_nistz256-sparcv9.S",
des_asm_src => "des_enc-sparc.S fcrypt_b.c dest4-sparcv9.S",
aes_asm_src => "aes_core.c aes_cbc.c aes-sparcv9.S aest4-sparcv9.S aesfx-sparcv9.S",
md5_asm_src => "md5-sparcv9.S",
sha1_asm_src => "sha1-sparcv9.S sha256-sparcv9.S sha512-sparcv9.S",
cmll_asm_src => "camellia.c cmll_misc.c cmll_cbc.c cmllt4-sparcv9.S",
modes_asm_src => "ghash-sparcv9.S",
poly1305_asm_src=> "poly1305-sparcv9.S",
perlasm_scheme => "void"
},
sparcv8_asm => {
template => 1,
cpuid_asm_src => "",
bn_asm_src => "asm/sparcv8.S",
des_asm_src => "des_enc-sparc.S fcrypt_b.c",
perlasm_scheme => "void"
},
alpha_asm => {
template => 1,
cpuid_asm_src => "alphacpuid.s",
bn_asm_src => "bn_asm.c alpha-mont.S",
sha1_asm_src => "sha1-alpha.S",
modes_asm_src => "ghash-alpha.S",
perlasm_scheme => "void"
},
mips32_asm => {
template => 1,
bn_asm_src => "bn-mips.S mips-mont.S",
aes_asm_src => "aes_cbc.c aes-mips.S",
sha1_asm_src => "sha1-mips.S sha256-mips.S",
},
mips64_asm => {
inherit_from => [ "mips32_asm" ],
template => 1,
sha1_asm_src => add("sha512-mips.S"),
poly1305_asm_src=> "poly1305-mips.S",
},
s390x_asm => {
template => 1,
cpuid_asm_src => "s390xcap.c s390xcpuid.S",
bn_asm_src => "asm/s390x.S s390x-mont.S s390x-gf2m.s",
aes_asm_src => "aes-s390x.S aes-ctr.fake aes-xts.fake",
sha1_asm_src => "sha1-s390x.S sha256-s390x.S sha512-s390x.S",
rc4_asm_src => "rc4-s390x.s",
modes_asm_src => "ghash-s390x.S",
chacha_asm_src => "chacha-s390x.S",
poly1305_asm_src=> "poly1305-s390x.S",
keccak1600_asm_src => "keccak1600-s390x.S",
},
armv4_asm => {
template => 1,
cpuid_asm_src => "armcap.c armv4cpuid.S",
bn_asm_src => "bn_asm.c armv4-mont.S armv4-gf2m.S",
ec_asm_src => "ecp_nistz256.c ecp_nistz256-armv4.S",
aes_asm_src => "aes_cbc.c aes-armv4.S bsaes-armv7.S aesv8-armx.S",
sha1_asm_src => "sha1-armv4-large.S sha256-armv4.S sha512-armv4.S",
modes_asm_src => "ghash-armv4.S ghashv8-armx.S",
chacha_asm_src => "chacha-armv4.S",
poly1305_asm_src=> "poly1305-armv4.S",
keccak1600_asm_src => "keccak1600-armv4.S",
perlasm_scheme => "void"
},
aarch64_asm => {
template => 1,
cpuid_asm_src => "armcap.c arm64cpuid.S",
ec_asm_src => "ecp_nistz256.c ecp_nistz256-armv8.S",
bn_asm_src => "bn_asm.c armv8-mont.S",
aes_asm_src => "aes_core.c aes_cbc.c aesv8-armx.S vpaes-armv8.S",
sha1_asm_src => "sha1-armv8.S sha256-armv8.S sha512-armv8.S",
modes_asm_src => "ghashv8-armx.S",
chacha_asm_src => "chacha-armv8.S",
poly1305_asm_src=> "poly1305-armv8.S",
keccak1600_asm_src => "keccak1600-armv8.S",
},
parisc11_asm => {
template => 1,
cpuid_asm_src => "pariscid.s",
bn_asm_src => "bn_asm.c parisc-mont.s",
aes_asm_src => "aes_core.c aes_cbc.c aes-parisc.s",
sha1_asm_src => "sha1-parisc.s sha256-parisc.s sha512-parisc.s",
rc4_asm_src => "rc4-parisc.s",
modes_asm_src => "ghash-parisc.s",
perlasm_scheme => "32"
},
parisc20_64_asm => {
template => 1,
inherit_from => [ "parisc11_asm" ],
perlasm_scheme => "64",
},
ppc32_asm => {
template => 1,
cpuid_asm_src => "ppccpuid.s ppccap.c",
bn_asm_src => "bn-ppc.s ppc-mont.s",
aes_asm_src => "aes_core.c aes_cbc.c aes-ppc.s vpaes-ppc.s aesp8-ppc.s",
sha1_asm_src => "sha1-ppc.s sha256-ppc.s sha512-ppc.s sha256p8-ppc.s sha512p8-ppc.s",
modes_asm_src => "ghashp8-ppc.s",
chacha_asm_src => "chacha-ppc.s",
poly1305_asm_src=> "poly1305-ppc.s poly1305-ppcfp.s",
},
ppc64_asm => {
inherit_from => [ "ppc32_asm" ],
template => 1,
ec_asm_src => "ecp_nistz256.c ecp_nistz256-ppc64.s x25519-ppc64.s",
keccak1600_asm_src => "keccak1600-ppc64.s",
},
);

1821
Configurations/10-main.conf
View File

File diff suppressed because it is too large Load Diff

281
Configurations/15-android.conf
View File

@@ -1,281 +0,0 @@
#### Android...
#
# See NOTES.ANDROID for details, and don't miss platform-specific
# comments below...
{
use File::Spec::Functions;
my $android_ndk = {};
my %triplet = (
arm => "arm-linux-androideabi",
arm64 => "aarch64-linux-android",
mips => "mipsel-linux-android",
mips64 => "mips64el-linux-android",
x86 => "i686-linux-android",
x86_64 => "x86_64-linux-android",
);
sub android_ndk {
unless (%$android_ndk) {
if ($now_printing =~ m|^android|) {
return $android_ndk = { bn_ops => "BN_AUTO" };
}
my $ndk_var;
my $ndk;
foreach (qw(ANDROID_NDK_HOME ANDROID_NDK)) {
$ndk_var = $_;
$ndk = $ENV{$ndk_var};
last if defined $ndk;
}
die "\$ANDROID_NDK_HOME is not defined" if (!$ndk);
my $is_standalone_toolchain = -f "$ndk/AndroidVersion.txt";
my $ndk_src_props = "$ndk/source.properties";
my $is_ndk = -f $ndk_src_props;
if ($is_ndk == $is_standalone_toolchain) {
die "\$ANDROID_NDK_HOME=$ndk is invalid";
}
$ndk = canonpath($ndk);
my $ndkver = undef;
if (open my $fh, "<$ndk_src_props") {
local $_;
while(<$fh>) {
if (m|Pkg\.Revision\s*=\s*([0-9]+)|) {
$ndkver = $1;
last;
}
}
close $fh;
}
my ($sysroot, $api, $arch);
$config{target} =~ m|[^-]+-([^-]+)$|; # split on dash
$arch = $1;
if ($sysroot = $ENV{CROSS_SYSROOT}) {
$sysroot =~ m|/android-([0-9]+)/arch-(\w+)/?$|;
($api, $arch) = ($1, $2);
} elsif ($is_standalone_toolchain) {
$sysroot = "$ndk/sysroot";
} else {
$api = "*";
# see if user passed -D__ANDROID_API__=N
foreach (@{$useradd{CPPDEFINES}}, @{$user{CPPFLAGS}}) {
if (m|__ANDROID_API__=([0-9]+)|) {
$api = $1;
last;
}
}
if (-d "$ndk/platforms") {
# list available platforms (numerically)
my @platforms = sort { $a =~ m/-([0-9]+)$/; my $aa = $1;
$b =~ m/-([0-9]+)$/; $aa <=> $1;
} glob("$ndk/platforms/android-$api");
die "no $ndk/platforms/android-$api" if ($#platforms < 0);
$sysroot = "@platforms[$#platforms]/arch-$arch";
$sysroot =~ m|/android-([0-9]+)/arch-$arch|;
$api = $1;
} elsif ($api eq "*") {
# r22 Removed platforms dir, use this JSON file
my $path = "$ndk/meta/platforms.json";
open my $fh, $path or die "Could not open '$path' $!";
while (<$fh>) {
if (/"max": (\d+),/) {
$api = $1;
last;
}
}
close $fh;
}
die "Could not get default API Level" if ($api eq "*");
}
die "no sysroot=$sysroot" if (length $sysroot && !-d $sysroot);
my $triarch = $triplet{$arch};
my $cflags;
my $cppflags;
# see if there is NDK clang on $PATH, "universal" or "standalone"
if (which("clang") =~ m|^$ndk/.*/prebuilt/([^/]+)/|) {
my $host=$1;
# harmonize with gcc default
my $arm = $ndkver > 16 ? "armv7a" : "armv5te";
(my $tridefault = $triarch) =~ s/^arm-/$arm-/;
(my $tritools = $triarch) =~ s/(?:x|i6)86(_64)?-.*/x86$1/;
if (length $sysroot) {
$cflags .= " -target $tridefault "
. "-gcc-toolchain \$($ndk_var)/toolchains"
. "/$tritools-4.9/prebuilt/$host";
$user{CC} = "clang" if ($user{CC} !~ m|clang|);
} else {
$user{CC} = "$tridefault$api-clang";
}
$user{CROSS_COMPILE} = undef;
if (which("llvm-ar") =~ m|^$ndk/.*/prebuilt/([^/]+)/|) {
$user{AR} = "llvm-ar";
$user{ARFLAGS} = [ "rs" ];
$user{RANLIB} = ":";
}
} elsif ($is_standalone_toolchain) {
my $cc = $user{CC} // "clang";
# One can probably argue that both clang and gcc should be
# probed, but support for "standalone toolchain" was added
# *after* announcement that gcc is being phased out, so
# favouring clang is considered adequate. Those who insist
# have option to enforce test for gcc with CC=gcc.
if (which("$triarch-$cc") !~ m|^$ndk|) {
die "no NDK $triarch-$cc on \$PATH";
}
$user{CC} = $cc;
$user{CROSS_COMPILE} = "$triarch-";
} elsif ($user{CC} eq "clang") {
die "no NDK clang on \$PATH";
} else {
if (which("$triarch-gcc") !~ m|^$ndk/.*/prebuilt/([^/]+)/|) {
die "no NDK $triarch-gcc on \$PATH";
}
$cflags .= " -mandroid";
$user{CROSS_COMPILE} = "$triarch-";
}
if (length $sysroot) {
if (!-d "$sysroot/usr/include") {
my $incroot = "$ndk/sysroot/usr/include";
die "no $incroot" if (!-d $incroot);
die "no $incroot/$triarch" if (!-d "$incroot/$triarch");
$incroot =~ s|^$ndk/||;
$cppflags = "-D__ANDROID_API__=$api";
$cppflags .= " -isystem \$($ndk_var)/$incroot/$triarch";
$cppflags .= " -isystem \$($ndk_var)/$incroot";
}
$sysroot =~ s|^$ndk/||;
$sysroot = " --sysroot=\$($ndk_var)/$sysroot";
}
$android_ndk = {
cflags => $cflags . $sysroot,
cppflags => $cppflags,
bn_ops => $arch =~ m/64$/ ? "SIXTY_FOUR_BIT_LONG"
: "BN_LLONG",
};
}
return $android_ndk;
}
}
my %targets = (
"android" => {
inherit_from => [ "linux-generic32" ],
template => 1,
################################################################
# Special note about -pie. The underlying reason is that
# Lollipop refuses to run non-PIE. But what about older systems
# and NDKs? -fPIC was never problem, so the only concern is -pie.
# Older toolchains, e.g. r4, appear to handle it and binaries
# turn out mostly functional. "Mostly" means that oldest
# Androids, such as Froyo, fail to handle executable, but newer
# systems are perfectly capable of executing binaries targeting
# Froyo. Keep in mind that in the nutshell Android builds are
# about JNI, i.e. shared libraries, not applications.
cflags => add(sub { android_ndk()->{cflags} }),
cppflags => add(sub { android_ndk()->{cppflags} }),
cxxflags => add(sub { android_ndk()->{cflags} }),
bn_ops => sub { android_ndk()->{bn_ops} },
bin_cflags => "-pie",
enable => [ ],
},
"android-arm" => {
################################################################
# Contemporary Android applications can provide multiple JNI
# providers in .apk, targeting multiple architectures. Among
# them there is "place" for two ARM flavours: generic eabi and
# armv7-a/hard-float. However, it should be noted that OpenSSL's
# ability to engage NEON is not constrained by ABI choice, nor
# is your ability to call OpenSSL from your application code
# compiled with floating-point ABI other than default 'soft'.
# (Latter thanks to __attribute__((pcs("aapcs"))) declaration.)
# This means that choice of ARM libraries you provide in .apk
# is driven by application needs. For example if application
# itself benefits from NEON or is floating-point intensive, then
# it might be appropriate to provide both libraries. Otherwise
# just generic eabi would do. But in latter case it would be
# appropriate to
#
# ./Configure android-arm -D__ARM_MAX_ARCH__=8
#
# in order to build "universal" binary and allow OpenSSL take
# advantage of NEON when it's available.
#
# Keep in mind that (just like with linux-armv4) we rely on
# compiler defaults, which is not necessarily what you had
# in mind, in which case you would have to pass additional
# -march and/or -mfloat-abi flags. NDK defaults to armv5te.
# Newer NDK versions reportedly require additional -latomic.
#
inherit_from => [ "android", asm("armv4_asm") ],
bn_ops => add("RC4_CHAR"),
},
"android-arm64" => {
inherit_from => [ "android", asm("aarch64_asm") ],
bn_ops => add("RC4_CHAR"),
perlasm_scheme => "linux64",
},
"android-mips" => {
inherit_from => [ "android", asm("mips32_asm") ],
bn_ops => add("RC4_CHAR"),
perlasm_scheme => "o32",
},
"android-mips64" => {
################################################################
# You are more than likely have to specify target processor
# on ./Configure command line. Trouble is that toolchain's
# default is MIPS64r6 (at least in r10d), but there are no
# such processors around (or they are too rare to spot one).
# Actual problem is that MIPS64r6 is binary incompatible
# with previous MIPS ISA versions, in sense that unlike
# prior versions original MIPS binary code will fail.
#
inherit_from => [ "android", asm("mips64_asm") ],
bn_ops => add("RC4_CHAR"),
perlasm_scheme => "64",
},
"android-x86" => {
inherit_from => [ "android", asm("x86_asm") ],
CFLAGS => add(picker(release => "-fomit-frame-pointer")),
bn_ops => add("RC4_INT"),
perlasm_scheme => "android",
},
"android-x86_64" => {
inherit_from => [ "android", asm("x86_64_asm") ],
bn_ops => add("RC4_INT"),
perlasm_scheme => "elf",
},
####################################################################
# Backward compatible targets, (might) require $CROSS_SYSROOT
#
"android-armeabi" => {
inherit_from => [ "android-arm" ],
},
"android64" => {
inherit_from => [ "android" ],
},
"android64-aarch64" => {
inherit_from => [ "android-arm64" ],
},
"android64-x86_64" => {
inherit_from => [ "android-x86_64" ],
},
"android64-mips64" => {
inherit_from => [ "android-mips64" ],
},
);

62
Configurations/15-ios.conf
View File

@@ -1,62 +0,0 @@
#### iPhoneOS/iOS
#
# It takes recent enough Xcode to use following two targets. It shouldn't
# be a problem by now, but if they don't work, original targets below
# that depend on manual definition of environment variables should still
# work...
#
my %targets = (
"ios-common" => {
template => 1,
inherit_from => [ "darwin-common" ],
sys_id => "iOS",
disable => [ "engine", "async" ],
},
"ios-xcrun" => {
inherit_from => [ "ios-common", asm("armv4_asm") ],
# It should be possible to go below iOS 6 and even add -arch armv6,
# thus targeting iPhone pre-3GS, but it's assumed to be irrelevant
# at this point.
CC => "xcrun -sdk iphoneos cc",
cflags => add("-arch armv7 -mios-version-min=6.0.0 -fno-common"),
perlasm_scheme => "ios32",
},
"ios64-xcrun" => {
inherit_from => [ "ios-common", asm("aarch64_asm") ],
CC => "xcrun -sdk iphoneos cc",
cflags => add("-arch arm64 -mios-version-min=7.0.0 -fno-common"),
bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
perlasm_scheme => "ios64",
},
"iossimulator-xcrun" => {
inherit_from => [ "ios-common" ],
CC => "xcrun -sdk iphonesimulator cc",
},
# It takes three prior-set environment variables to make it work:
#
# CROSS_COMPILE=/where/toolchain/is/usr/bin/ [note ending slash]
# CROSS_TOP=/where/SDKs/are
# CROSS_SDK=iPhoneOSx.y.sdk
#
# Exact paths vary with Xcode releases, but for couple of last ones
# they would look like this:
#
# CROSS_COMPILE=`xcode-select --print-path`/Toolchains/XcodeDefault.xctoolchain/usr/bin/
# CROSS_TOP=`xcode-select --print-path`/Platforms/iPhoneOS.platform/Developer
# CROSS_SDK=iPhoneOS.sdk
#
"iphoneos-cross" => {
inherit_from => [ "ios-common" ],
cflags => add("-isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common"),
},
"ios-cross" => {
inherit_from => [ "ios-xcrun" ],
CC => "cc",
cflags => add("-isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK)"),
},
"ios64-cross" => {
inherit_from => [ "ios64-xcrun" ],
CC => "cc",
cflags => add("-isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK)"),
},
);

17
Configurations/50-djgpp.conf
View File

@@ -1,17 +0,0 @@
# We can't make any commitment to support the DJGPP platform,
# and rely entirely on the OpenSSL community to help is fine
# tune and test.
my %targets = (
"DJGPP" => {
inherit_from => [ asm("x86_asm") ],
CC => "gcc",
CFLAGS => "-fomit-frame-pointer -O2 -Wall",
cflags => "-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN",
sys_id => "MSDOS",
lflags => add("-L/dev/env/WATT_ROOT/lib"),
ex_libs => add("-lwatt"),
bn_ops => "BN_LLONG",
perlasm_scheme => "a.out",
},
);

30
Configurations/50-haiku.conf
View File

@@ -1,30 +0,0 @@
my %targets = (
"haiku-common" => {
template => 1,
CC => "cc",
CFLAGS => add_before(picker(default => "-Wall",
debug => "-g -O0",
release => "-O2")),
cflags => add_before("-DL_ENDIAN -include \$(SRCDIR)/os-dep/haiku.h",
threads("-D_REENTRANT")),
sys_id => "HAIKU",
ex_libs => "-lnetwork",
perlasm_scheme => "elf",
thread_scheme => "pthreads",
dso_scheme => "dlfcn",
shared_target => "gnu-shared",
shared_cflag => "-fPIC",
shared_ldflag => "-shared",
shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)",
},
"haiku-x86" => {
inherit_from => [ "haiku-common", asm("x86_elf_asm") ],
CFLAGS => add(picker(release => "-fomit-frame-pointer")),
bn_ops => "BN_LLONG",
},
"haiku-x86_64" => {
inherit_from => [ "haiku-common" ],
cflags => add("-m64"),
bn_ops => "SIXTY_FOUR_BIT_LONG",
},
);

23
Configurations/50-masm.conf
View File

@@ -1,23 +0,0 @@
# We can't make commitment to supporting Microsoft assembler,
# because it would mean supporting all masm versions. This in
# in turn is because masm is not really an interchangeable option,
# while users tend to have reasons to stick with specific Visual
# Studio versions. It's usually lesser hassle to make it work
# with latest assembler, but tweaking for older versions had
# proven to be daunting task. This is experimental target, for
# production builds stick with [up-to-date version of] nasm.
my %targets = (
"VC-WIN64A-masm" => {
inherit_from => [ "VC-WIN64-common", asm("x86_64_asm"),
sub { $disabled{shared} ? () : "x86_64_uplink" } ],
AS => "ml64",
ASFLAGS => "/nologo /Zi",
asoutflag => "/Fo",
asflags => "/c /Cp /Cx",
sys_id => "WIN64A",
bn_asm_src => sub { return undef unless @_;
my $r=join(" ",@_); $r=~s|asm/x86_64-gcc|bn_asm|; $r; },
perlasm_scheme => "masm",
},
);

64
Configurations/50-win-onecore.conf
View File

@@ -1,64 +0,0 @@
# Windows OneCore targets.
#
# OneCore is new API stability "contract" that transcends Desktop, IoT and
# Mobile[?] Windows editions. It's a set up "umbrella" libraries that
# export subset of Win32 API that are common to all Windows 10 devices.
#
# OneCore Configuration temporarily dedicated for console applications
# due to disabled event logging, which is incompatible with one core.
# Error messages are provided via standard error only.
# TODO: extend error handling to use ETW based eventing
# (Or rework whole error messaging)
my %targets = (
"VC-WIN32-ONECORE" => {
inherit_from => [ "VC-WIN32" ],
# /NODEFAULTLIB:kernel32.lib is needed, because MSVCRT.LIB has
# hidden reference to kernel32.lib, but we don't actually want
# it in "onecore" build.
lflags => add("/NODEFAULTLIB:kernel32.lib"),
defines => add("OPENSSL_SYS_WIN_CORE"),
ex_libs => "onecore.lib",
},
"VC-WIN64A-ONECORE" => {
inherit_from => [ "VC-WIN64A" ],
lflags => add("/NODEFAULTLIB:kernel32.lib"),
defines => add("OPENSSL_SYS_WIN_CORE"),
ex_libs => "onecore.lib",
},
# Windows on ARM targets. ARM compilers are additional components in
# VS2017, i.e. they are not installed by default. And when installed,
# there are no "ARM Tool Command Prompt"s on Start menu, you have
# to locate vcvarsall.bat and act accordingly. VC-WIN32-ARM has
# received limited testing with evp_test.exe on Windows 10 IoT Core,
# but not VC-WIN64-ARM, no hardware... In other words they are not
# actually supported...
#
# Another thing to keep in mind [in cross-compilation scenario such
# as this one] is that target's file system has nothing to do with
# compilation system's one. This means that you're are likely to use
# --prefix and --openssldir with target-specific values. 'nmake install'
# step is effectively meaningless in cross-compilation case, though
# it might be useful to 'nmake install DESTDIR=S:\ome\where' where you
# can point Visual Studio to when compiling custom application code.
"VC-WIN32-ARM" => {
inherit_from => [ "VC-noCE-common" ],
defines => add("_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE",
"OPENSSL_SYS_WIN_CORE"),
bn_ops => "BN_LLONG RC4_CHAR EXPORT_VAR_AS_FN",
lflags => add("/NODEFAULTLIB:kernel32.lib"),
ex_libs => "onecore.lib",
multilib => "-arm",
},
"VC-WIN64-ARM" => {
inherit_from => [ "VC-noCE-common" ],
defines => add("_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE",
"OPENSSL_SYS_WIN_CORE"),
bn_ops => "SIXTY_FOUR_BIT RC4_CHAR EXPORT_VAR_AS_FN",
lflags => add("/NODEFAULTLIB:kernel32.lib"),
ex_libs => "onecore.lib",
multilib => "-arm64",
},
);

136
Configurations/INTERNALS.Configure
View File

@@ -1,136 +0,0 @@
Configure Internals
===================
[ note: this file uses markdown for formatting ]
Intro
-----
This is a collection of notes that are hopefully of interest to those
who decide to dive into Configure and what it does. This is a living
document and anyone is encouraged to add to it and submit changes.
There's no claim for this document to be complete at any time, but it
will hopefully reach such a point in time.
----------------------------------------------------------------------
Parsing build.info files, processing conditions
-----------------------------------------------
Processing conditions in build.info files is done with the help of a
condition stack that tell if a build.info should be processed or if it
should just be skipped over. The possible states of the stack top are
expressed in the following comment from Configure:
# The top item of this stack has the following values
# -2 positive already run and we found ELSE (following ELSIF should fail)
# -1 positive already run (skip until ENDIF)
# 0 negatives so far (if we're at a condition, check it)
# 1 last was positive (don't skip lines until next ELSE, ELSIF or ENDIF)
# 2 positive ELSE (following ELSIF should fail)
Ground rule is that non-condition lines are skipped over if the
stack top is > 0. Condition lines (IF, ELSIF, ELSE and ENDIF
statements) need to be processed either way to keep track of the skip
stack states, so they are a little more intricate.
Instead of trying to describe in words, here are some example of what
the skip stack should look like after each line is processed:
Example 1:
| IF[1] | 1 | |
| ... whatever ... | | this line is processed |
| IF[1] | 1 1 | |
| ... whatever ... | | this line is processed |
| ELSIF[1] | 1 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSE | 1 -2 | |
| ... whatever ... | | this line is skipped over |
| ENDIF | 1 | |
| ... whatever ... | | this line is processed |
| ELSIF[1] | -1 | |
| ... whatever ... | | this line is skipped over |
| IF[1] | -1 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[1] | -1 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSE | -1 -2 | |
| ... whatever ... | | this line is skipped over |
| ENDIF | -1 | |
| ... whatever ... | | this line is skipped over |
| ENDIF | | |
Example 2:
| IF[0] | 0 | |
| ... whatever ... | | this line is skipped over |
| IF[1] | 0 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[1] | 0 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSE | 0 -2 | |
| ... whatever ... | | this line is skipped over |
| ENDIF | 0 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[1] | 1 | |
| ... whatever ... | | this line is processed |
| IF[1] | 1 1 | |
| ... whatever ... | | this line is processed |
| ELSIF[1] | 1 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSE | 1 -2 | |
| ... whatever ... | | this line is skipped over |
| ENDIF | 1 | |
| ... whatever ... | | this line is processed |
| ENDIF | | |
Example 3:
| IF[0] | 0 | |
| ... whatever ... | | this line is skipped over |
| IF[0] | 0 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[1] | 0 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSE | 0 -2 | |
| ... whatever ... | | this line is skipped over |
| ENDIF | 0 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[1] | 1 | |
| ... whatever ... | | this line is processed |
| IF[0] | 1 0 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[1] | 1 1 | |
| ... whatever ... | | this line is processed |
| ELSE | 1 -2 | |
| ... whatever ... | | this line is skipped over |
| ENDIF | 1 | |
| ... whatever ... | | this line is processed |
| ENDIF | | |
Example 4:
| IF[0] | 0 | |
| ... whatever ... | | this line is skipped over |
| IF[0] | 0 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[0] | 0 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSE | 0 -2 | |
| ... whatever ... | | this line is skipped over |
| ENDIF | 0 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[1] | 1 | |
| ... whatever ... | | this line is processed |
| IF[0] | 1 0 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[0] | 1 0 | |
| ... whatever ... | | this line is skipped over |
| ELSE | 1 2 | |
| ... whatever ... | | this line is processed |
| ENDIF | 1 | |
| ... whatever ... | | this line is processed |
| ENDIF | | |

763
Configurations/README
View File

@@ -1,763 +0,0 @@
Intro
=====
This directory contains a few sets of files that are used for
configuration in diverse ways:
*.conf Target platform configurations, please read
'Configurations of OpenSSL target platforms' for more
information.
*.tmpl Build file templates, please read 'Build-file
programming with the "unified" build system' as well
as 'Build info files' for more information.
*.pm Helper scripts / modules for the main `Configure`
script. See 'Configure helper scripts for more
information.
Configurations of OpenSSL target platforms
==========================================
Configuration targets are a collection of facts that we know about
different platforms and their capabilities. We organise them in a
hash table, where each entry represent a specific target.
Note that configuration target names must be unique across all config
files. The Configure script does check that a config file doesn't
have config targets that shadow config targets from other files.
In each table entry, the following keys are significant:
inherit_from => Other targets to inherit values from.
Explained further below. [1]
template => Set to 1 if this isn't really a platform
target. Instead, this target is a template
upon which other targets can be built.
Explained further below. [1]
sys_id => System identity for systems where that
is difficult to determine automatically.
enable => Enable specific configuration features.
This MUST be an array of words.
disable => Disable specific configuration features.
This MUST be an array of words.
Note: if the same feature is both enabled
and disabled, disable wins.
as => The assembler command. This is not always
used (for example on Unix, where the C
compiler is used instead).
asflags => Default assembler command flags [4].
cpp => The C preprocessor command, normally not
given, as the build file defaults are
usually good enough.
cppflags => Default C preprocessor flags [4].
defines => As an alternative, macro definitions may be
given here instead of in `cppflags' [4].
If given here, they MUST be as an array of
the string such as "MACRO=value", or just
"MACRO" for definitions without value.
includes => As an alternative, inclusion directories
may be given here instead of in `cppflags'
[4]. If given here, the MUST be an array
of strings, one directory specification
each.
cc => The C compiler command, usually one of "cc",
"gcc" or "clang". This command is normally
also used to link object files and
libraries into the final program.
cxx => The C++ compiler command, usually one of
"c++", "g++" or "clang++". This command is
also used when linking a program where at
least one of the object file is made from
C++ source.
cflags => Defaults C compiler flags [4].
cxxflags => Default C++ compiler flags [4]. If unset,
it gets the same value as cflags.
(linking is a complex thing, see [3] below)
ld => Linker command, usually not defined
(meaning the compiler command is used
instead).
(NOTE: this is here for future use, it's
not implemented yet)
lflags => Default flags used when linking apps,
shared libraries or DSOs [4].
ex_libs => Extra libraries that are needed when
linking shared libraries, DSOs or programs.
The value is also assigned to Libs.private
in $(libdir)/pkgconfig/libcrypto.pc.
shared_cppflags => Extra C preprocessor flags used when
processing C files for shared libraries.
shared_cflag => Extra C compiler flags used when compiling
for shared libraries, typically something
like "-fPIC".
shared_ldflag => Extra linking flags used when linking
shared libraries.
module_cppflags
module_cflags
module_ldflags => Has the same function as the corresponding
`shared_' attributes, but for building DSOs.
When unset, they get the same values as the
corresponding `shared_' attributes.
ar => The library archive command, the default is
"ar".
(NOTE: this is here for future use, it's
not implemented yet)
arflags => Flags to be used with the library archive
command. On Unix, this includes the
command letter, 'r' by default.
ranlib => The library archive indexing command, the
default is 'ranlib' it it exists.
unistd => An alternative header to the typical
'<unistd.h>'. This is very rarely needed.
shared_extension => File name extension used for shared
libraries.
obj_extension => File name extension used for object files.
On unix, this defaults to ".o" (NOTE: this
is here for future use, it's not
implemented yet)
exe_extension => File name extension used for executable
files. On unix, this defaults to "" (NOTE:
this is here for future use, it's not
implemented yet)
shlib_variant => A "variant" identifier inserted between the base
shared library name and the extension. On "unixy"
platforms (BSD, Linux, Solaris, MacOS/X, ...) this
supports installation of custom OpenSSL libraries
that don't conflict with other builds of OpenSSL
installed on the system. The variant identifier
becomes part of the SONAME of the library and also
any symbol versions (symbol versions are not used or
needed with MacOS/X). For example, on a system
where a default build would normally create the SSL
shared library as 'libssl.so -> libssl.so.1.1' with
the value of the symlink as the SONAME, a target
definition that sets 'shlib_variant => "-abc"' will
create 'libssl.so -> libssl-abc.so.1.1', again with
an SONAME equal to the value of the symlink. The
symbol versions associated with the variant library
would then be 'OPENSSL_ABC_<version>' rather than
the default 'OPENSSL_<version>'. The string inserted
into symbol versions is obtained by mapping all
letters in the "variant" identifier to upper case
and all non-alphanumeric characters to '_'.
thread_scheme => The type of threads is used on the
configured platform. Currently known
values are "(unknown)", "pthreads",
"uithreads" (a.k.a solaris threads) and
"winthreads". Except for "(unknown)", the
actual value is currently ignored but may
be used in the future. See further notes
below [2].
dso_scheme => The type of dynamic shared objects to build
for. This mostly comes into play with
engines, but can be used for other purposes
as well. Valid values are "DLFCN"
(dlopen() et al), "DLFCN_NO_H" (for systems
that use dlopen() et al but do not have
fcntl.h), "DL" (shl_load() et al), "WIN32"
and "VMS".
perlasm_scheme => The perlasm method used to create the
assembler files used when compiling with
assembler implementations.
shared_target => The shared library building method used.
This is a target found in Makefile.shared.
build_scheme => The scheme used to build up a Makefile.
In its simplest form, the value is a string
with the name of the build scheme.
The value may also take the form of a list
of strings, if the build_scheme is to have
some options. In this case, the first
string in the list is the name of the build
scheme.
Currently recognised build scheme is "unified".
For the "unified" build scheme, this item
*must* be an array with the first being the
word "unified" and the second being a word
to identify the platform family.
multilib => On systems that support having multiple
implementations of a library (typically a
32-bit and a 64-bit variant), this is used
to have the different variants in different
directories.
bn_ops => Building options (was just bignum options in
the earlier history of this option, hence the
name). This is a string of words that describe
algorithms' implementation parameters that
are optimal for the designated target platform,
such as the type of integers used to build up
the bignum, different ways to implement certain
ciphers and so on. To fully comprehend the
meaning, the best is to read the affected
source.
The valid words are:
THIRTY_TWO_BIT bignum limbs are 32 bits,
this is default if no
option is specified, it
works on any supported
system [unless "wider"
limb size is implied in
assembly code];
BN_LLONG bignum limbs are 32 bits,
but 64-bit 'unsigned long
long' is used internally
in calculations;
SIXTY_FOUR_BIT_LONG bignum limbs are 64 bits
and sizeof(long) is 8;
SIXTY_FOUR_BIT bignums limbs are 64 bits,
but execution environment
is ILP32;
RC4_CHAR RC4 key schedule is made
up of 'unsigned char's;
RC4_INT RC4 key schedule is made
up of 'unsigned int's;
EXPORT_VAR_AS_FN for shared libraries,
export vars as
accessor functions.
apps_aux_src => Extra source to build apps/openssl and other
apps, as needed by the target and that can be
collected in a library.
apps_init_src => Init source to build apps/openssl and other
apps, as needed by the target. This code
cannot be placed in a library, as the rest
of the code isn't expected to link to it
explicitly.
cpuid_asm_src => assembler implementation of cpuid code as
well as OPENSSL_cleanse().
Default to mem_clr.c
bn_asm_src => Assembler implementation of core bignum
functions.
Defaults to bn_asm.c
ec_asm_src => Assembler implementation of core EC
functions.
des_asm_src => Assembler implementation of core DES
encryption functions.
Defaults to 'des_enc.c fcrypt_b.c'
aes_asm_src => Assembler implementation of core AES
functions.
Defaults to 'aes_core.c aes_cbc.c'
bf_asm_src => Assembler implementation of core BlowFish
functions.
Defaults to 'bf_enc.c'
md5_asm_src => Assembler implementation of core MD5
functions.
sha1_asm_src => Assembler implementation of core SHA1,
functions, and also possibly SHA256 and
SHA512 ones.
cast_asm_src => Assembler implementation of core CAST
functions.
Defaults to 'c_enc.c'
rc4_asm_src => Assembler implementation of core RC4
functions.
Defaults to 'rc4_enc.c rc4_skey.c'
rmd160_asm_src => Assembler implementation of core RMD160
functions.
rc5_asm_src => Assembler implementation of core RC5
functions.
Defaults to 'rc5_enc.c'
wp_asm_src => Assembler implementation of core WHIRLPOOL
functions.
cmll_asm_src => Assembler implementation of core CAMELLIA
functions.
Defaults to 'camellia.c cmll_misc.c cmll_cbc.c'
modes_asm_src => Assembler implementation of cipher modes,
currently the functions gcm_gmult_4bit and
gcm_ghash_4bit.
padlock_asm_src => Assembler implementation of core parts of
the padlock engine. This is mandatory on
any platform where the padlock engine might
actually be built.
[1] as part of the target configuration, one can have a key called
'inherit_from' that indicate what other configurations to inherit
data from. These are resolved recursively.
Inheritance works as a set of default values that can be overridden
by corresponding key values in the inheriting configuration.
Note 1: any configuration table can be used as a template.
Note 2: pure templates have the attribute 'template => 1' and
cannot be used as build targets.
If several configurations are given in the 'inherit_from' array,
the values of same attribute are concatenated with space
separation. With this, it's possible to have several smaller
templates for different configuration aspects that can be combined
into a complete configuration.
instead of a scalar value or an array, a value can be a code block
of the form 'sub { /* your code here */ }'. This code block will
be called with the list of inherited values for that key as
arguments. In fact, the concatenation of strings is really done
by using 'sub { join(" ",@_) }' on the list of inherited values.
An example:
"foo" => {
template => 1,
haha => "ha ha",
hoho => "ho",
ignored => "This should not appear in the end result",
},
"bar" => {
template => 1,
haha => "ah",
hoho => "haho",
hehe => "hehe"
},
"laughter" => {
inherit_from => [ "foo", "bar" ],
hehe => sub { join(" ",(@_,"!!!")) },
ignored => "",
}
The entry for "laughter" will become as follows after processing:
"laughter" => {
haha => "ha ha ah",
hoho => "ho haho",
hehe => "hehe !!!",
ignored => ""
}
[2] OpenSSL is built with threading capabilities unless the user
specifies 'no-threads'. The value of the key 'thread_scheme' may
be "(unknown)", in which case the user MUST give some compilation
flags to Configure.
[3] OpenSSL has three types of things to link from object files or
static libraries:
- shared libraries; that would be libcrypto and libssl.
- shared objects (sometimes called dynamic libraries); that would
be the engines.
- applications; those are apps/openssl and all the test apps.
Very roughly speaking, linking is done like this (words in braces
represent the configuration settings documented at the beginning
of this file):
shared libraries:
{ld} $(CFLAGS) {lflags} {shared_ldflag} -o libfoo.so \
foo/something.o foo/somethingelse.o {ex_libs}
shared objects:
{ld} $(CFLAGS) {lflags} {module_ldflags} -o libeng.so \
blah1.o blah2.o -lcrypto {ex_libs}
applications:
{ld} $(CFLAGS) {lflags} -o app \
app1.o utils.o -lssl -lcrypto {ex_libs}
[4] There are variants of these attribute, prefixed with `lib_',
`dso_' or `bin_'. Those variants replace the unprefixed attribute
when building library, DSO or program modules specifically.
Historically, the target configurations came in form of a string with
values separated by colons. This use is deprecated. The string form
looked like this:
"target" => "{cc}:{cflags}:{unistd}:{thread_cflag}:{sys_id}:{lflags}:{bn_ops}:{cpuid_obj}:{bn_obj}:{ec_obj}:{des_obj}:{aes_obj}:{bf_obj}:{md5_obj}:{sha1_obj}:{cast_obj}:{rc4_obj}:{rmd160_obj}:{rc5_obj}:{wp_obj}:{cmll_obj}:{modes_obj}:{padlock_obj}:{perlasm_scheme}:{dso_scheme}:{shared_target}:{shared_cflag}:{shared_ldflag}:{shared_extension}:{ranlib}:{arflags}:{multilib}"
Build info files
================
The build.info files that are spread over the source tree contain the
minimum information needed to build and distribute OpenSSL. It uses a
simple and yet fairly powerful language to determine what needs to be
built, from what sources, and other relationships between files.
For every build.info file, all file references are relative to the
directory of the build.info file for source files, and the
corresponding build directory for built files if the build tree
differs from the source tree.
When processed, every line is processed with the perl module
Text::Template, using the delimiters "{-" and "-}". The hashes
%config and %target are passed to the perl fragments, along with
$sourcedir and $builddir, which are the locations of the source
directory for the current build.info file and the corresponding build
directory, all relative to the top of the build tree.
To begin with, things to be built are declared by setting specific
variables:
PROGRAMS=foo bar
LIBS=libsomething
ENGINES=libeng
SCRIPTS=myhack
EXTRA=file1 file2
Note that the files mentioned for PROGRAMS, LIBS and ENGINES *must* be
without extensions. The build file templates will figure them out.
For each thing to be built, it is then possible to say what sources
they are built from:
PROGRAMS=foo bar
SOURCE[foo]=foo.c common.c
SOURCE[bar]=bar.c extra.c common.c
It's also possible to tell some other dependencies:
DEPEND[foo]=libsomething
DEPEND[libbar]=libsomethingelse
(it could be argued that 'libsomething' and 'libsomethingelse' are
source as well. However, the files given through SOURCE are expected
to be located in the source tree while files given through DEPEND are
expected to be located in the build tree)
It's also possible to depend on static libraries explicitly:
DEPEND[foo]=libsomething.a
DEPEND[libbar]=libsomethingelse.a
This should be rarely used, and care should be taken to make sure it's
only used when supported. For example, native Windows build doesn't
support building static libraries and DLLs at the same time, so using
static libraries on Windows can only be done when configured
'no-shared'.
One some platforms, shared libraries come with a name that's different
from their static counterpart. That's declared as follows:
SHARED_NAME[libfoo]=cygfoo-{- $config{shlibver} -}
The example is from Cygwin, which has a required naming convention.
Sometimes, it makes sense to rename an output file, for example a
library:
RENAME[libfoo]=libbar
That line has "libfoo" renamed to "libbar". While it makes no
sense at all to just have a rename like that (why not just use
"libbar" everywhere?), it does make sense when it can be used
conditionally. See a little further below for an example.
In some cases, it's desirable to include some source files in the
shared form of a library only:
SHARED_SOURCE[libfoo]=dllmain.c
For any file to be built, it's also possible to tell what extra
include paths the build of their source files should use:
INCLUDE[foo]=include
In some cases, one might want to generate some source files from
others, that's done as follows:
GENERATE[foo.s]=asm/something.pl $(CFLAGS)
GENERATE[bar.s]=asm/bar.S
The value of each GENERATE line is a command line or part of it.
Configure places no rules on the command line, except that the first
item must be the generator file. It is, however, entirely up to the
build file template to define exactly how those command lines should
be handled, how the output is captured and so on.
Sometimes, the generator file itself depends on other files, for
example if it is a perl script that depends on other perl modules.
This can be expressed using DEPEND like this:
DEPEND[asm/something.pl]=../perlasm/Foo.pm
There may also be cases where the exact file isn't easily specified,
but an inclusion directory still needs to be specified. INCLUDE can
be used in that case:
INCLUDE[asm/something.pl]=../perlasm
NOTE: GENERATE lines are limited to one command only per GENERATE.
As a last resort, it's possible to have raw build file lines, between
BEGINRAW and ENDRAW lines as follows:
BEGINRAW[Makefile(unix)]
haha.h: {- $builddir -}/Makefile
echo "/* haha */" > haha.h
ENDRAW[Makefile(unix)]
The word within square brackets is the build_file configuration item
or the build_file configuration item followed by the second word in the
build_scheme configuration item for the configured target within
parenthesis as shown above. For example, with the following relevant
configuration items:
build_file => "build.ninja"
build_scheme => [ "unified", "unix" ]
... these lines will be considered:
BEGINRAW[build.ninja]
build haha.h: echo "/* haha */" > haha.h
ENDRAW[build.ninja]
BEGINRAW[build.ninja(unix)]
build hoho.h: echo "/* hoho */" > hoho.h
ENDRAW[build.ninja(unix)]
Should it be needed because the recipes within a RAW section might
clash with those generated by Configure, it's possible to tell it
not to generate them with the use of OVERRIDES, for example:
SOURCE[libfoo]=foo.c bar.c
OVERRIDES=bar.o
BEGINRAW[Makefile(unix)]
bar.o: bar.c
$(CC) $(CFLAGS) -DSPECIAL -c -o $@ $<
ENDRAW[Makefile(unix)]
See the documentation further up for more information on configuration
items.
Finally, you can have some simple conditional use of the build.info
information, looking like this:
IF[1]
something
ELSIF[2]
something other
ELSE
something else
ENDIF
The expression in square brackets is interpreted as a string in perl,
and will be seen as true if perl thinks it is, otherwise false. For
example, the above would have "something" used, since 1 is true.
Together with the use of Text::Template, this can be used as
conditions based on something in the passed variables, for example:
IF[{- $disabled{shared} -}]
LIBS=libcrypto
SOURCE[libcrypto]=...
ELSE
LIBS=libfoo
SOURCE[libfoo]=...
ENDIF
or:
# VMS has a cultural standard where all libraries are prefixed.
# For OpenSSL, the choice is 'ossl_'
IF[{- $config{target} =~ /^vms/ -}]
RENAME[libcrypto]=ossl_libcrypto
RENAME[libssl]=ossl_libssl
ENDIF
Build-file programming with the "unified" build system
======================================================
"Build files" are called "Makefile" on Unix-like operating systems,
"descrip.mms" for MMS on VMS, "makefile" for nmake on Windows, etc.
To use the "unified" build system, the target configuration needs to
set the three items 'build_scheme', 'build_file' and 'build_command'.
In the rest of this section, we will assume that 'build_scheme' is set
to "unified" (see the configurations documentation above for the
details).
For any name given by 'build_file', the "unified" system expects a
template file in Configurations/ named like the build file, with
".tmpl" appended, or in case of possible ambiguity, a combination of
the second 'build_scheme' list item and the 'build_file' name. For
example, if 'build_file' is set to "Makefile", the template could be
Configurations/Makefile.tmpl or Configurations/unix-Makefile.tmpl.
In case both Configurations/unix-Makefile.tmpl and
Configurations/Makefile.tmpl are present, the former takes
precedence.
The build-file template is processed with the perl module
Text::Template, using "{-" and "-}" as delimiters that enclose the
perl code fragments that generate configuration-dependent content.
Those perl fragments have access to all the hash variables from
configdata.pem.
The build-file template is expected to define at least the following
perl functions in a perl code fragment enclosed with "{-" and "-}".
They are all expected to return a string with the lines they produce.
generatesrc - function that produces build file lines to generate
a source file from some input.
It's called like this:
generatesrc(src => "PATH/TO/tobegenerated",
generator => [ "generatingfile", ... ]
generator_incs => [ "INCL/PATH", ... ]
generator_deps => [ "dep1", ... ]
generator => [ "generatingfile", ... ]
incs => [ "INCL/PATH", ... ],
deps => [ "dep1", ... ],
intent => one of "libs", "dso", "bin" );
'src' has the name of the file to be generated.
'generator' is the command or part of command to
generate the file, of which the first item is
expected to be the file to generate from.
generatesrc() is expected to analyse and figure out
exactly how to apply that file and how to capture
the result. 'generator_incs' and 'generator_deps'
are include directories and files that the generator
file itself depends on. 'incs' and 'deps' are
include directories and files that are used if $(CC)
is used as an intermediary step when generating the
end product (the file indicated by 'src'). 'intent'
indicates what the generated file is going to be
used for.
src2obj - function that produces build file lines to build an
object file from source files and associated data.
It's called like this:
src2obj(obj => "PATH/TO/objectfile",
srcs => [ "PATH/TO/sourcefile", ... ],
deps => [ "dep1", ... ],
incs => [ "INCL/PATH", ... ]
intent => one of "lib", "dso", "bin" );
'obj' has the intended object file *without*
extension, src2obj() is expected to add that.
'srcs' has the list of source files to build the
object file, with the first item being the source
file that directly corresponds to the object file.
'deps' is a list of explicit dependencies. 'incs'
is a list of include file directories. Finally,
'intent' indicates what this object file is going
to be used for.
obj2lib - function that produces build file lines to build a
static library file ("libfoo.a" in Unix terms) from
object files.
called like this:
obj2lib(lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ]);
'lib' has the intended library file name *without*
extension, obj2lib is expected to add that. 'objs'
has the list of object files (also *without*
extension) to build this library.
libobj2shlib - function that produces build file lines to build a
shareable object library file ("libfoo.so" in Unix
terms) from the corresponding static library file
or object files.
called like this:
libobj2shlib(shlib => "PATH/TO/shlibfile",
lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/otherlibfile", ... ]);
'lib' has the intended library file name *without*
extension, libobj2shlib is expected to add that.
'shlib' has the corresponding shared library name
*without* extension. 'deps' has the list of other
libraries (also *without* extension) this library
needs to be linked with. 'objs' has the list of
object files (also *without* extension) to build
this library.
This function has a choice; it can use the
corresponding static library as input to make the
shared library, or the list of object files.
obj2dso - function that produces build file lines to build a
dynamic shared object file from object files.
called like this:
obj2dso(lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/otherlibfile",
... ]);
This is almost the same as libobj2shlib, but the
intent is to build a shareable library that can be
loaded in runtime (a "plugin"...). The differences
are subtle, one of the most visible ones is that the
resulting shareable library is produced from object
files only.
obj2bin - function that produces build file lines to build an
executable file from object files.
called like this:
obj2bin(bin => "PATH/TO/binfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/libfile", ... ]);
'bin' has the intended executable file name
*without* extension, obj2bin is expected to add
that. 'objs' has the list of object files (also
*without* extension) to build this library. 'deps'
has the list of library files (also *without*
extension) that the programs needs to be linked
with.
in2script - function that produces build file lines to build a
script file from some input.
called like this:
in2script(script => "PATH/TO/scriptfile",
sources => [ "PATH/TO/infile", ... ]);
'script' has the intended script file name.
'sources' has the list of source files to build the
resulting script from.
In all cases, file file paths are relative to the build tree top, and
the build file actions run with the build tree top as current working
directory.
Make sure to end the section with these functions with a string that
you thing is appropriate for the resulting build file. If nothing
else, end it like this:
""; # Make sure no lingering values end up in the Makefile
-}
Configure helper scripts
========================
Configure uses helper scripts in this directory:
Checker scripts
---------------
These scripts are per platform family, to check the integrity of the
tools used for configuration and building. The checker script used is
either {build_platform}-{build_file}-checker.pm or
{build_platform}-checker.pm, where {build_platform} is the second
'build_scheme' list element from the configuration target data, and
{build_file} is 'build_file' from the same target data.
If the check succeeds, the script is expected to end with a non-zero
expression. If the check fails, the script can end with a zero, or
with a `die`.

623
Configurations/README.design
View File

@@ -1,623 +0,0 @@
Design document for the unified scheme data
===========================================
How are things connected?
-------------------------
The unified scheme takes all its data from the build.info files seen
throughout the source tree. These files hold the minimum information
needed to build end product files from diverse sources. See the
section on build.info files below.
From the information in build.info files, Configure builds up an
information database as a hash table called %unified_info, which is
stored in configdata.pm, found at the top of the build tree (which may
or may not be the same as the source tree).
Configurations/common.tmpl uses the data from %unified_info to
generate the rules for building end product files as well as
intermediary files with the help of a few functions found in the
build-file templates. See the section on build-file templates further
down for more information.
build.info files
----------------
As mentioned earlier, build.info files are meant to hold the minimum
information needed to build output files, and therefore only (with a
few possible exceptions [1]) have information about end products (such
as scripts, library files and programs) and source files (such as C
files, C header files, assembler files, etc). Intermediate files such
as object files are rarely directly referred to in build.info files (and
when they are, it's always with the file name extension .o), they are
inferred by Configure. By the same rule of minimalism, end product
file name extensions (such as .so, .a, .exe, etc) are never mentioned
in build.info. Their file name extensions will be inferred by the
build-file templates, adapted for the platform they are meant for (see
sections on %unified_info and build-file templates further down).
The variables PROGRAMS, LIBS, ENGINES and SCRIPTS are used to declare
end products. There are variants for them with '_NO_INST' as suffix
(PROGRAM_NO_INST etc) to specify end products that shouldn't get
installed.
The variables SOURCE, DEPEND and INCLUDE are indexed by a produced
file, and their values are the source used to produce that particular
produced file, extra dependencies, and include directories needed.
All their values in all the build.info throughout the source tree are
collected together and form a set of programs, libraries, engines and
scripts to be produced, source files, dependencies, etc etc etc.
Let's have a pretend example, a very limited contraption of OpenSSL,
composed of the program 'apps/openssl', the libraries 'libssl' and
'libcrypto', an engine 'engines/ossltest' and their sources and
dependencies.
# build.info
LIBS=libcrypto libssl
INCLUDE[libcrypto]=include
INCLUDE[libssl]=include
DEPEND[libssl]=libcrypto
This is the top directory build.info file, and it tells us that two
libraries are to be built, the include directory 'include/' shall be
used throughout when building anything that will end up in each
library, and that the library 'libssl' depend on the library
'libcrypto' to function properly.
# apps/build.info
PROGRAMS=openssl
SOURCE[openssl]=openssl.c
INCLUDE[openssl]=.. ../include
DEPEND[openssl]=../libssl
This is the build.info file in 'apps/', one may notice that all file
paths mentioned are relative to the directory the build.info file is
located in. This one tells us that there's a program to be built
called 'apps/openssl' (the file name extension will depend on the
platform and is therefore not mentioned in the build.info file). It's
built from one source file, 'apps/openssl.c', and building it requires
the use of '.' and 'include' include directories (both are declared
from the point of view of the 'apps/' directory), and that the program
depends on the library 'libssl' to function properly.
# crypto/build.info
LIBS=../libcrypto
SOURCE[../libcrypto]=aes.c evp.c cversion.c
DEPEND[cversion.o]=buildinf.h
GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)"
DEPEND[buildinf.h]=../Makefile
DEPEND[../util/mkbuildinf.pl]=../util/Foo.pm
This is the build.info file in 'crypto', and it tells us a little more
about what's needed to produce 'libcrypto'. LIBS is used again to
declare that 'libcrypto' is to be produced. This declaration is
really unnecessary as it's already mentioned in the top build.info
file, but can make the info file easier to understand. This is to
show that duplicate information isn't an issue.
This build.info file informs us that 'libcrypto' is built from a few
source files, 'crypto/aes.c', 'crypto/evp.c' and 'crypto/cversion.c'.
It also shows us that building the object file inferred from
'crypto/cversion.c' depends on 'crypto/buildinf.h'. Finally, it
also shows the possibility to declare how some files are generated
using some script, in this case a perl script, and how such scripts
can be declared to depend on other files, in this case a perl module.
Two things are worth an extra note:
'DEPEND[cversion.o]' mentions an object file. DEPEND indexes is the
only location where it's valid to mention them
Lines in 'BEGINRAW'..'ENDRAW' sections must always mention files as
seen from the top directory, no exception.
# ssl/build.info
LIBS=../libssl
SOURCE[../libssl]=tls.c
This is the build.info file in 'ssl/', and it tells us that the
library 'libssl' is built from the source file 'ssl/tls.c'.
# engines/build.info
ENGINES=dasync
SOURCE[dasync]=e_dasync.c
DEPEND[dasync]=../libcrypto
INCLUDE[dasync]=../include
ENGINES_NO_INST=ossltest
SOURCE[ossltest]=e_ossltest.c
DEPEND[ossltest]=../libcrypto.a
INCLUDE[ossltest]=../include
This is the build.info file in 'engines/', telling us that two engines
called 'engines/dasync' and 'engines/ossltest' shall be built, that
dasync's source is 'engines/e_dasync.c' and ossltest's source is
'engines/e_ossltest.c' and that the include directory 'include/' may
be used when building anything that will be part of these engines.
Also, both engines depend on the library 'libcrypto' to function
properly. ossltest is explicitly linked with the static variant of
the library 'libcrypto'. Finally, only dasync is being installed, as
ossltest is only for internal testing.
When Configure digests these build.info files, the accumulated
information comes down to this:
LIBS=libcrypto libssl
SOURCE[libcrypto]=crypto/aes.c crypto/evp.c crypto/cversion.c
DEPEND[crypto/cversion.o]=crypto/buildinf.h
INCLUDE[libcrypto]=include
SOURCE[libssl]=ssl/tls.c
INCLUDE[libssl]=include
DEPEND[libssl]=libcrypto
PROGRAMS=apps/openssl
SOURCE[apps/openssl]=apps/openssl.c
INCLUDE[apps/openssl]=. include
DEPEND[apps/openssl]=libssl
ENGINES=engines/dasync
SOURCE[engines/dasync]=engines/e_dasync.c
DEPEND[engines/dasync]=libcrypto
INCLUDE[engines/dasync]=include
ENGINES_NO_INST=engines/ossltest
SOURCE[engines/ossltest]=engines/e_ossltest.c
DEPEND[engines/ossltest]=libcrypto.a
INCLUDE[engines/ossltest]=include
GENERATE[crypto/buildinf.h]=util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)"
DEPEND[crypto/buildinf.h]=Makefile
DEPEND[util/mkbuildinf.pl]=util/Foo.pm
A few notes worth mentioning:
LIBS may be used to declare routine libraries only.
PROGRAMS may be used to declare programs only.
ENGINES may be used to declare engines only.
The indexes for SOURCE must only be end product files, such as
libraries, programs or engines. The values of SOURCE variables must
only be source files (possibly generated).
INCLUDE and DEPEND shows a relationship between different files
(usually produced files) or between files and directories, such as a
program depending on a library, or between an object file and some
extra source file.
When Configure processes the build.info files, it will take it as
truth without question, and will therefore perform very few checks.
If the build tree is separate from the source tree, it will assume
that all built files and up in the build directory and that all source
files are to be found in the source tree, if they can be found there.
Configure will assume that source files that can't be found in the
source tree (such as 'crypto/bildinf.h' in the example above) are
generated and will be found in the build tree.
The %unified_info database
--------------------------
The information in all the build.info get digested by Configure and
collected into the %unified_info database, divided into the following
indexes:
depends => a hash table containing 'file' => [ 'dependency' ... ]
pairs. These are directly inferred from the DEPEND
variables in build.info files.
engines => a list of engines. These are directly inferred from
the ENGINES variable in build.info files.
generate => a hash table containing 'file' => [ 'generator' ... ]
pairs. These are directly inferred from the GENERATE
variables in build.info files.
includes => a hash table containing 'file' => [ 'include' ... ]
pairs. These are directly inferred from the INCLUDE
variables in build.info files.
install => a hash table containing 'type' => [ 'file' ... ] pairs.
The types are 'programs', 'libraries', 'engines' and
'scripts', and the array of files list the files of
that type that should be installed.
libraries => a list of libraries. These are directly inferred from
the LIBS variable in build.info files.
programs => a list of programs. These are directly inferred from
the PROGRAMS variable in build.info files.
rawlines => a list of build-file lines. These are a direct copy of
the BEGINRAW..ENDRAW lines in build.info files. Note:
only the BEGINRAW..ENDRAW section for the current
platform are copied, the rest are ignored.
scripts => a list of scripts. There are directly inferred from
the SCRIPTS variable in build.info files.
sources => a hash table containing 'file' => [ 'sourcefile' ... ]
pairs. These are indirectly inferred from the SOURCE
variables in build.info files. Object files are
mentioned in this hash table, with source files from
SOURCE variables, and AS source files for programs and
libraries.
shared_sources =>
a hash table just like 'sources', but only as source
files (object files) for building shared libraries.
As an example, here is how the build.info files example from the
section above would be digested into a %unified_info table:
our %unified_info = (
"depends" =>
{
"apps/openssl" =>
[
"libssl",
],
"crypto/buildinf.h" =>
[
"Makefile",
],
"crypto/cversion.o" =>
[
"crypto/buildinf.h",
],
"engines/dasync" =>
[
"libcrypto",
],
"engines/ossltest" =>
[
"libcrypto.a",
],
"libssl" =>
[
"libcrypto",
],
"util/mkbuildinf.pl" =>
[
"util/Foo.pm",
],
},
"engines" =>
[
"engines/dasync",
"engines/ossltest",
],
"generate" =>
{
"crypto/buildinf.h" =>
[
"util/mkbuildinf.pl",
"\"\$(CC)",
"\$(CFLAGS)\"",
"\"$(PLATFORM)\"",
],
},
"includes" =>
{
"apps/openssl" =>
[
".",
"include",
],
"engines/ossltest" =>
[
"include"
],
"libcrypto" =>
[
"include",
],
"libssl" =>
[
"include",
],
"util/mkbuildinf.pl" =>
[
"util",
],
}
"install" =>
{
"engines" =>
[
"engines/dasync",
],
"libraries" =>
[
"libcrypto",
"libssl",
],
"programs" =>
[
"apps/openssl",
],
},
"libraries" =>
[
"libcrypto",
"libssl",
],
"programs" =>
[
"apps/openssl",
],
"rawlines" =>
[
],
"sources" =>
{
"apps/openssl" =>
[
"apps/openssl.o",
],
"apps/openssl.o" =>
[
"apps/openssl.c",
],
"crypto/aes.o" =>
[
"crypto/aes.c",
],
"crypto/cversion.o" =>
[
"crypto/cversion.c",
],
"crypto/evp.o" =>
[
"crypto/evp.c",
],
"engines/e_dasync.o" =>
[
"engines/e_dasync.c",
],
"engines/dasync" =>
[
"engines/e_dasync.o",
],
"engines/e_ossltest.o" =>
[
"engines/e_ossltest.c",
],
"engines/ossltest" =>
[
"engines/e_ossltest.o",
],
"libcrypto" =>
[
"crypto/aes.c",
"crypto/cversion.c",
"crypto/evp.c",
],
"libssl" =>
[
"ssl/tls.c",
],
"ssl/tls.o" =>
[
"ssl/tls.c",
],
},
);
As can be seen, everything in %unified_info is fairly simple suggest
of information. Still, it tells us that to build all programs, we
must build 'apps/openssl', and to build the latter, we will need to
build all its sources ('apps/openssl.o' in this case) and all the
other things it depends on (such as 'libssl'). All those dependencies
need to be built as well, using the same logic, so to build 'libssl',
we need to build 'ssl/tls.o' as well as 'libcrypto', and to build the
latter...
Build-file templates
--------------------
Build-file templates are essentially build-files (such as Makefile on
Unix) with perl code fragments mixed in. Those perl code fragment
will generate all the configuration dependent data, including all the
rules needed to build end product files and intermediary files alike.
At a minimum, there must be a perl code fragment that defines a set of
functions that are used to generates specific build-file rules, to
build static libraries from object files, to build shared libraries
from static libraries, to programs from object files and libraries,
etc.
generatesrc - function that produces build file lines to generate
a source file from some input.
It's called like this:
generatesrc(src => "PATH/TO/tobegenerated",
generator => [ "generatingfile", ... ]
generator_incs => [ "INCL/PATH", ... ]
generator_deps => [ "dep1", ... ]
incs => [ "INCL/PATH", ... ],
deps => [ "dep1", ... ],
intent => one of "libs", "dso", "bin" );
'src' has the name of the file to be generated.
'generator' is the command or part of command to
generate the file, of which the first item is
expected to be the file to generate from.
generatesrc() is expected to analyse and figure out
exactly how to apply that file and how to capture
the result. 'generator_incs' and 'generator_deps'
are include directories and files that the generator
file itself depends on. 'incs' and 'deps' are
include directories and files that are used if $(CC)
is used as an intermediary step when generating the
end product (the file indicated by 'src'). 'intent'
indicates what the generated file is going to be
used for.
src2obj - function that produces build file lines to build an
object file from source files and associated data.
It's called like this:
src2obj(obj => "PATH/TO/objectfile",
srcs => [ "PATH/TO/sourcefile", ... ],
deps => [ "dep1", ... ],
incs => [ "INCL/PATH", ... ]
intent => one of "lib", "dso", "bin" );
'obj' has the intended object file *without*
extension, src2obj() is expected to add that.
'srcs' has the list of source files to build the
object file, with the first item being the source
file that directly corresponds to the object file.
'deps' is a list of explicit dependencies. 'incs'
is a list of include file directories. Finally,
'intent' indicates what this object file is going
to be used for.
obj2lib - function that produces build file lines to build a
static library file ("libfoo.a" in Unix terms) from
object files.
called like this:
obj2lib(lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ]);
'lib' has the intended library file name *without*
extension, obj2lib is expected to add that. 'objs'
has the list of object files (also *without*
extension) to build this library.
libobj2shlib - function that produces build file lines to build a
shareable object library file ("libfoo.so" in Unix
terms) from the corresponding static library file
or object files.
called like this:
libobj2shlib(shlib => "PATH/TO/shlibfile",
lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/otherlibfile", ... ]);
'lib' has the intended library file name *without*
extension, libobj2shlib is expected to add that.
'shlib' has the corresponding shared library name
*without* extension. 'deps' has the list of other
libraries (also *without* extension) this library
needs to be linked with. 'objs' has the list of
object files (also *without* extension) to build
this library.
This function has a choice; it can use the
corresponding static library as input to make the
shared library, or the list of object files.
obj2dynlib - function that produces build file lines to build a
dynamically loadable library file ("libfoo.so" on
Unix) from object files.
called like this:
obj2dynlib(lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/otherlibfile",
... ]);
This is almost the same as libobj2shlib, but the
intent is to build a shareable library that can be
loaded in runtime (a "plugin"...). The differences
are subtle, one of the most visible ones is that the
resulting shareable library is produced from object
files only.
obj2bin - function that produces build file lines to build an
executable file from object files.
called like this:
obj2bin(bin => "PATH/TO/binfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/libfile", ... ]);
'bin' has the intended executable file name
*without* extension, obj2bin is expected to add
that. 'objs' has the list of object files (also
*without* extension) to build this library. 'deps'
has the list of library files (also *without*
extension) that the programs needs to be linked
with.
in2script - function that produces build file lines to build a
script file from some input.
called like this:
in2script(script => "PATH/TO/scriptfile",
sources => [ "PATH/TO/infile", ... ]);
'script' has the intended script file name.
'sources' has the list of source files to build the
resulting script from.
Along with the build-file templates is the driving engine
Configurations/common.tmpl, which looks through all the information in
%unified_info and generates all the rulesets to build libraries,
programs and all intermediate files, using the rule generating
functions defined in the build-file template.
As an example with the smaller build.info set we've seen as an
example, producing the rules to build 'libcrypto' would result in the
following calls:
# Note: libobj2shlib will only be called if shared libraries are
# to be produced.
# Note 2: libobj2shlib gets both the name of the static library
# and the names of all the object files that go into it. It's up
# to the implementation to decide which to use as input.
# Note 3: common.tmpl peals off the ".o" extension from all object
# files, as the platform at hand may have a different one.
libobj2shlib(shlib => "libcrypto",
lib => "libcrypto",
objs => [ "crypto/aes", "crypto/evp", "crypto/cversion" ],
deps => [ ]);
obj2lib(lib => "libcrypto"
objs => [ "crypto/aes", "crypto/evp", "crypto/cversion" ]);
src2obj(obj => "crypto/aes"
srcs => [ "crypto/aes.c" ],
deps => [ ],
incs => [ "include" ],
intent => "lib");
src2obj(obj => "crypto/evp"
srcs => [ "crypto/evp.c" ],
deps => [ ],
incs => [ "include" ],
intent => "lib");
src2obj(obj => "crypto/cversion"
srcs => [ "crypto/cversion.c" ],
deps => [ "crypto/buildinf.h" ],
incs => [ "include" ],
intent => "lib");
generatesrc(src => "crypto/buildinf.h",
generator => [ "util/mkbuildinf.pl", "\"$(CC)",
"$(CFLAGS)\"", "\"$(PLATFORM)\"" ],
generator_incs => [ "util" ],
generator_deps => [ "util/Foo.pm" ],
incs => [ ],
deps => [ ],
intent => "lib");
The returned strings from all those calls are then concatenated
together and written to the resulting build-file.

221
Configurations/common.tmpl
View File

@@ -1,221 +0,0 @@
{- # -*- Mode: perl -*-
use File::Basename;
# A cache of objects for which a recipe has already been generated
my %cache;
# resolvedepends and reducedepends work in tandem to make sure
# there are no duplicate dependencies and that they are in the
# right order. This is especially used to sort the list of
# libraries that a build depends on.
sub extensionlesslib {
my @result = map { $_ =~ /(\.a)?$/; $` } @_;
return @result if wantarray;
return $result[0];
}
sub resolvedepends {
my $thing = shift;
my $extensionlessthing = extensionlesslib($thing);
my @listsofar = @_; # to check if we're looping
my @list = @{$unified_info{depends}->{$thing} //
$unified_info{depends}->{$extensionlessthing}};
my @newlist = ();
if (scalar @list) {
foreach my $item (@list) {
my $extensionlessitem = extensionlesslib($item);
# It's time to break off when the dependency list starts looping
next if grep { extensionlesslib($_) eq $extensionlessitem } @listsofar;
push @newlist, $item, resolvedepends($item, @listsofar, $item);
}
}
@newlist;
}
sub reducedepends {
my @list = @_;
my @newlist = ();
my %replace = ();
while (@list) {
my $item = shift @list;
my $extensionlessitem = extensionlesslib($item);
if (grep { $extensionlessitem eq extensionlesslib($_) } @list) {
if ($item ne $extensionlessitem) {
# If this instance of the library is explicitly static, we
# prefer that to any shared library name, since it must have
# been done on purpose.
$replace{$extensionlessitem} = $item;
}
} else {
push @newlist, $item;
}
}
map { $replace{$_} // $_; } @newlist;
}
# is_installed checks if a given file will be installed (i.e. they are
# not defined _NO_INST in build.info)
sub is_installed {
my $product = shift;
if (grep { $product eq $_ }
map { (@{$unified_info{install}->{$_}}) }
keys %{$unified_info{install}}) {
return 1;
}
return 0;
}
# dogenerate is responsible for producing all the recipes that build
# generated source files. It recurses in case a dependency is also a
# generated source file.
sub dogenerate {
my $src = shift;
return "" if $cache{$src};
my $obj = shift;
my $bin = shift;
my %opts = @_;
if ($unified_info{generate}->{$src}) {
die "$src is generated by Configure, should not appear in build file\n"
if ref $unified_info{generate}->{$src} eq "";
my $script = $unified_info{generate}->{$src}->[0];
$OUT .= generatesrc(src => $src,
generator => $unified_info{generate}->{$src},
generator_incs => $unified_info{includes}->{$script},
generator_deps => $unified_info{depends}->{$script},
deps => $unified_info{depends}->{$src},
incs => $unified_info{includes}->{$obj},
%opts);
foreach (@{$unified_info{depends}->{$src}}) {
dogenerate($_, $obj, $bin, %opts);
}
}
$cache{$src} = 1;
}
# doobj is responsible for producing all the recipes that build
# object files as well as dependency files.
sub doobj {
my $obj = shift;
return "" if $cache{$obj};
my $bin = shift;
my %opts = @_;
if (@{$unified_info{sources}->{$obj}}) {
$OUT .= src2obj(obj => $obj,
product => $bin,
srcs => $unified_info{sources}->{$obj},
deps => $unified_info{depends}->{$obj},
incs => $unified_info{includes}->{$obj},
%opts);
foreach ((@{$unified_info{sources}->{$obj}},
@{$unified_info{depends}->{$obj}})) {
dogenerate($_, $obj, $bin, %opts);
}
}
$cache{$obj} = 1;
}
# dolib is responsible for building libraries. It will call
# libobj2shlib is shared libraries are produced, and obj2lib in all
# cases. It also makes sure all object files for the library are
# built.
sub dolib {
my $lib = shift;
return "" if $cache{$lib};
unless ($disabled{shared} || $lib =~ /\.a$/) {
$OUT .= libobj2shlib(shlib => $unified_info{sharednames}->{$lib},
lib => $lib,
objs => [ @{$unified_info{shared_sources}->{$lib}},
@{$unified_info{sources}->{$lib}} ],
deps => [ reducedepends(resolvedepends($lib)) ],
installed => is_installed($lib));
foreach ((@{$unified_info{shared_sources}->{$lib}},
@{$unified_info{sources}->{$lib}})) {
# If this is somehow a compiled object, take care of it that way
# Otherwise, it might simply be generated
if (defined $unified_info{sources}->{$_}) {
doobj($_, $lib, intent => "lib", installed => is_installed($lib));
} else {
dogenerate($_, undef, undef, intent => "lib");
}
}
}
$OUT .= obj2lib(lib => $lib,
objs => [ @{$unified_info{sources}->{$lib}} ]);
foreach (@{$unified_info{sources}->{$lib}}) {
doobj($_, $lib, intent => "lib", installed => is_installed($lib));
}
$cache{$lib} = 1;
}
# doengine is responsible for building engines. It will call
# obj2dso, and also makes sure all object files for the library
# are built.
sub doengine {
my $lib = shift;
return "" if $cache{$lib};
$OUT .= obj2dso(lib => $lib,
objs => [ @{$unified_info{sources}->{$lib}},
@{$unified_info{shared_sources}->{$lib}} ],
deps => [ resolvedepends($lib) ],
installed => is_installed($lib));
foreach ((@{$unified_info{sources}->{$lib}},
@{$unified_info{shared_sources}->{$lib}})) {
doobj($_, $lib, intent => "dso", installed => is_installed($lib));
}
$cache{$lib} = 1;
}
# dobin is responsible for building programs. It will call obj2bin,
# and also makes sure all object files for the library are built.
sub dobin {
my $bin = shift;
return "" if $cache{$bin};
my $deps = [ reducedepends(resolvedepends($bin)) ];
$OUT .= obj2bin(bin => $bin,
objs => [ @{$unified_info{sources}->{$bin}} ],
deps => $deps,
installed => is_installed($bin));
foreach (@{$unified_info{sources}->{$bin}}) {
doobj($_, $bin, intent => "bin", installed => is_installed($bin));
}
$cache{$bin} = 1;
}
# dobin is responsible for building scripts from templates. It will
# call in2script.
sub doscript {
my $script = shift;
return "" if $cache{$script};
$OUT .= in2script(script => $script,
sources => $unified_info{sources}->{$script},
installed => is_installed($script));
$cache{$script} = 1;
}
sub dodir {
my $dir = shift;
return "" if !exists(&generatedir) or $cache{$dir};
$OUT .= generatedir(dir => $dir,
deps => $unified_info{dirinfo}->{$dir}->{deps},
%{$unified_info{dirinfo}->{$_}->{products}});
$cache{$dir} = 1;
}
# Start with populating the cache with all the overrides
%cache = map { $_ => 1 } @{$unified_info{overrides}};
# Build mandatory generated headers
foreach (@{$unified_info{depends}->{""}}) { dogenerate($_); }
# Build all known libraries, engines, programs and scripts.
# Everything else will be handled as a consequence.
foreach (@{$unified_info{libraries}}) { dolib($_); }
foreach (@{$unified_info{engines}}) { doengine($_); }
foreach (@{$unified_info{programs}}) { dobin($_); }
foreach (@{$unified_info{scripts}}) { doscript($_); }
foreach (sort keys %{$unified_info{dirinfo}}) { dodir($_); }
# Finally, should there be any applicable BEGINRAW/ENDRAW sections,
# they are added here.
$OUT .= $_."\n" foreach @{$unified_info{rawlines}};
-}

31
Configurations/common0.tmpl
View File

@@ -1,31 +0,0 @@
{- # -*- Mode: perl -*-
# Commonly used list of generated files
# The reason for the complexity is that the build.info files provide
# GENERATE rules for *all* platforms without discrimination, while the
# build files only want those for a particular build. Therefore, we
# need to extrapolate exactly what we need to generate. The way to do
# that is to extract all possible source files from diverse tables and
# filter out all that are not generated
my %generatables =
map { $_ => 1 }
( # The sources of stuff may be generated
( map { @{$unified_info{sources}->{$_}} }
keys %{$unified_info{sources}} ),
$disabled{shared}
? ()
: ( map { @{$unified_info{shared_sources}->{$_}} }
keys %{$unified_info{shared_sources}} ),
# Things we explicitly depend on are usually generated
( map { $_ eq "" ? () : @{$unified_info{depends}->{$_}} }
keys %{$unified_info{depends}} ));
our @generated =
sort ( ( grep { defined $unified_info{generate}->{$_} }
sort keys %generatables ),
# Scripts are assumed to be generated, so add them too
( grep { defined $unified_info{sources}->{$_} }
@{$unified_info{scripts}} ) );
# Avoid strange output
"";
-}

1123
Configurations/descrip.mms.tmpl
View File

File diff suppressed because it is too large Load Diff

82
Configurations/shared-info.pl
View File

@@ -1,82 +0,0 @@
#! /usr/bin/env perl
# -*- mode: perl; -*-
# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
# This is a collection of extra attributes to be used as input for creating
# shared libraries, currently on any Unix variant, including Unix like
# environments on Windows.
sub detect_gnu_ld {
my @lines =
`$config{CROSS_COMPILE}$config{CC} -Wl,-V /dev/null 2>&1`;
return grep /^GNU ld/, @lines;
}
sub detect_gnu_cc {
my @lines =
`$config{CROSS_COMPILE}$config{CC} -v 2>&1`;
return grep /gcc/, @lines;
}
my %shared_info;
%shared_info = (
'gnu-shared' => {
shared_ldflag => '-shared -Wl,-Bsymbolic',
shared_sonameflag => '-Wl,-soname=',
},
'linux-shared' => sub {
return {
%{$shared_info{'gnu-shared'}},
shared_defflag => '-Wl,--version-script=',
};
},
'bsd-gcc-shared' => sub { return $shared_info{'linux-shared'}; },
'bsd-shared' => sub {
return $shared_info{'gnu-shared'} if detect_gnu_ld();
return {
shared_ldflag => '-shared -nostdlib',
};
},
'darwin-shared' => {
module_ldflags => '-bundle',
shared_ldflag => '-dynamiclib -current_version $(SHLIB_VERSION_NUMBER) -compatibility_version $(SHLIB_VERSION_NUMBER)',
shared_sonameflag => '-install_name $(INSTALLTOP)/$(LIBDIR)/',
},
'cygwin-shared' => {
shared_ldflag => '-shared -Wl,--enable-auto-image-base',
shared_impflag => '-Wl,--out-implib=',
},
'mingw-shared' => sub {
return {
%{$shared_info{'cygwin-shared'}},
# def_flag made to empty string so it still generates
# something
shared_defflag => '',
};
},
'alpha-osf1-shared' => sub {
return $shared_info{'gnu-shared'} if detect_gnu_ld();
return {
module_ldflags => '-shared -Wl,-Bsymbolic',
shared_ldflag => '-shared -Wl,-Bsymbolic -set_version $(SHLIB_VERSION_NUMBER)',
};
},
'svr3-shared' => sub {
return $shared_info{'gnu-shared'} if detect_gnu_ld();
return {
shared_ldflag => '-G',
shared_sonameflag => '-h ',
};
},
'svr5-shared' => sub {
return $shared_info{'gnu-shared'} if detect_gnu_ld();
return {
shared_ldflag => detect_gnu_cc() ? '-shared' : '-G',
shared_sonameflag => '-h ',
};
},
);

1354
Configurations/unix-Makefile.tmpl
View File

File diff suppressed because it is too large Load Diff

22
Configurations/unix-checker.pm
View File

@@ -1,22 +0,0 @@
#! /usr/bin/perl
use Config;
# Check that the perl implementation file modules generate paths that
# we expect for the platform
use File::Spec::Functions qw(:DEFAULT rel2abs);
if (rel2abs('.') !~ m|/|) {
die <<EOF;
******************************************************************************
This perl implementation doesn't produce Unix like paths (with forward slash
directory separators). Please use an implementation that matches your
building platform.
This Perl version: $Config{version} for $Config{archname}
******************************************************************************
EOF
}
1;

22
Configurations/windows-checker.pm
View File

@@ -1,22 +0,0 @@
#! /usr/bin/perl
use Config;
# Check that the perl implementation file modules generate paths that
# we expect for the platform
use File::Spec::Functions qw(:DEFAULT rel2abs);
if (!$ENV{CONFIGURE_INSIST} && rel2abs('.') !~ m|\\|) {
die <<EOF;
******************************************************************************
This perl implementation doesn't produce Windows like paths (with backward
slash directory separators). Please use an implementation that matches your
building platform.
This Perl version: $Config{version} for $Config{archname}
******************************************************************************
EOF
}
1;

761
Configurations/windows-makefile.tmpl
View File

@@ -1,761 +0,0 @@
##
## Makefile for OpenSSL
##
## {- join("\n## ", @autowarntext) -}
{-
our $objext = $target{obj_extension} || ".obj";
our $resext = $target{res_extension} || ".res";
our $depext = $target{dep_extension} || ".d";
our $exeext = $target{exe_extension} || ".exe";
our $libext = $target{lib_extension} || ".lib";
our $shlibext = $target{shared_extension} || ".dll";
our $shlibextimport = $target{shared_import_extension} || ".lib";
our $dsoext = $target{dso_extension} || ".dll";
(our $sover_dirname = $config{shlib_version_number}) =~ s|\.|_|g;
my $build_scheme = $target{build_scheme};
my $install_flavour = $build_scheme->[$#$build_scheme]; # last element
my $win_installenv =
$install_flavour eq "VC-WOW" ? "ProgramFiles(x86)"
: "ProgramW6432";
my $win_commonenv =
$install_flavour eq "VC-WOW" ? "CommonProgramFiles(x86)"
: "CommonProgramW6432";
our $win_installroot =
defined($ENV{$win_installenv}) ? $win_installenv : 'ProgramFiles';
our $win_commonroot =
defined($ENV{$win_commonenv}) ? $win_commonenv : 'CommonProgramFiles';
# expand variables early
$win_installroot = $ENV{$win_installroot};
$win_commonroot = $ENV{$win_commonroot};
sub shlib {
my $lib = shift;
return () if $disabled{shared} || $lib =~ /\.a$/;
return () unless defined $unified_info{sharednames}->{$lib};
return $unified_info{sharednames}->{$lib} . $shlibext;
}
sub lib {
(my $lib = shift) =~ s/\.a$//;
$lib .= '_static'
if (defined $unified_info{sharednames}->{$lib});
return $lib . $libext;
}
sub shlib_import {
my $lib = shift;
return () if $disabled{shared} || $lib =~ /\.a$/;
return $lib . $shlibextimport;
}
sub dso {
my $dso = shift;
return $dso . $dsoext;
}
# This makes sure things get built in the order they need
# to. You're welcome.
sub dependmagic {
my $target = shift;
return "$target: build_generated\n\t\$(MAKE) /\$(MAKEFLAGS) depend && \$(MAKE) /\$(MAKEFLAGS) _$target\n_$target";
}
'';
-}
PLATFORM={- $config{target} -}
SRCDIR={- $config{sourcedir} -}
BLDDIR={- $config{builddir} -}
VERSION={- $config{version} -}
MAJOR={- $config{major} -}
MINOR={- $config{minor} -}
SHLIB_VERSION_NUMBER={- $config{shlib_version_number} -}
LIBS={- join(" ", map { ( shlib_import($_), lib($_) ) } @{$unified_info{libraries}}) -}
SHLIBS={- join(" ", map { shlib($_) } @{$unified_info{libraries}}) -}
SHLIBPDBS={- join(" ", map { local $shlibext = ".pdb"; shlib($_) } @{$unified_info{libraries}}) -}
ENGINES={- join(" ", map { dso($_) } @{$unified_info{engines}}) -}
ENGINEPDBS={- join(" ", map { local $dsoext = ".pdb"; dso($_) } @{$unified_info{engines}}) -}
PROGRAMS={- our @PROGRAMS = map { $_.$exeext } @{$unified_info{programs}}; join(" ", @PROGRAMS) -}
PROGRAMPDBS={- join(" ", map { $_.".pdb" } @{$unified_info{programs}}) -}
SCRIPTS={- join(" ", @{$unified_info{scripts}}) -}
{- output_off() if $disabled{makedepend}; "" -}
DEPS={- join(" ", map { (my $x = $_) =~ s|\.o$|$depext|; $x; }
grep { $unified_info{sources}->{$_}->[0] =~ /\.c$/ }
keys %{$unified_info{sources}}); -}
{- output_on() if $disabled{makedepend}; "" -}
GENERATED_MANDATORY={- join(" ", @{$unified_info{depends}->{""}} ) -}
GENERATED={- # common0.tmpl provides @generated
join(" ", map { (my $x = $_) =~ s|\.[sS]$|.asm|; $x }
@generated) -}
INSTALL_LIBS={- join(" ", map { quotify1(shlib_import($_) or lib($_)) } @{$unified_info{install}->{libraries}}) -}
INSTALL_SHLIBS={- join(" ", map { quotify_l(shlib($_)) } @{$unified_info{install}->{libraries}}) -}
INSTALL_SHLIBPDBS={- join(" ", map { local $shlibext = ".pdb"; quotify_l(shlib($_)) } @{$unified_info{install}->{libraries}}) -}
INSTALL_ENGINES={- join(" ", map { quotify1(dso($_)) } @{$unified_info{install}->{engines}}) -}
INSTALL_ENGINEPDBS={- join(" ", map { local $dsoext = ".pdb"; quotify1(dso($_)) } @{$unified_info{install}->{engines}}) -}
INSTALL_PROGRAMS={- join(" ", map { quotify1($_.$exeext) } grep { !m|^test\\| } @{$unified_info{install}->{programs}}) -}
INSTALL_PROGRAMPDBS={- join(" ", map { quotify1($_.".pdb") } grep { !m|^test\\| } @{$unified_info{install}->{programs}}) -}
{- output_off() if $disabled{apps}; "" -}
BIN_SCRIPTS="$(BLDDIR)\tools\c_rehash.pl"
MISC_SCRIPTS="$(BLDDIR)\apps\CA.pl" "$(BLDDIR)\apps\tsget.pl"
{- output_on() if $disabled{apps}; "" -}
APPS_OPENSSL={- use File::Spec::Functions;
"\"".catfile("apps","openssl")."\"" -}
# Do not edit these manually. Use Configure with --prefix or --openssldir
# to change this! Short explanation in the top comment in Configure
INSTALLTOP_dev={- # $prefix is used in the OPENSSLDIR perl snippet
#
use File::Spec::Functions qw(:DEFAULT splitpath);
our $prefix = canonpath($config{prefix}
|| "$win_installroot\\OpenSSL");
our ($prefix_dev, $prefix_dir, $prefix_file) =
splitpath($prefix, 1);
$prefix_dev -}
INSTALLTOP_dir={- canonpath($prefix_dir) -}
OPENSSLDIR_dev={- #
# The logic here is that if no --openssldir was given,
# OPENSSLDIR will get the value "$win_commonroot\\SSL".
# If --openssldir was given and the value is an absolute
# path, OPENSSLDIR will get its value without change.
# If the value from --openssldir is a relative path,
# OPENSSLDIR will get $prefix with the --openssldir
# value appended as a subdirectory.
#
use File::Spec::Functions qw(:DEFAULT splitpath);
our $openssldir =
$config{openssldir} ?
(file_name_is_absolute($config{openssldir}) ?
canonpath($config{openssldir})
: catdir($prefix, $config{openssldir}))
: canonpath("$win_commonroot\\SSL");
our ($openssldir_dev, $openssldir_dir, $openssldir_file) =
splitpath($openssldir, 1);
$openssldir_dev -}
OPENSSLDIR_dir={- canonpath($openssldir_dir) -}
LIBDIR={- our $libdir = $config{libdir} || "lib";
file_name_is_absolute($libdir) ? "" : $libdir -}
ENGINESDIR_dev={- use File::Spec::Functions qw(:DEFAULT splitpath);
our $enginesdir = catdir($prefix,$libdir,"engines-$sover_dirname");
our ($enginesdir_dev, $enginesdir_dir, $enginesdir_file) =
splitpath($enginesdir, 1);
$enginesdir_dev -}
ENGINESDIR_dir={- canonpath($enginesdir_dir) -}
!IF "$(DESTDIR)" != ""
INSTALLTOP=$(DESTDIR)$(INSTALLTOP_dir)
OPENSSLDIR=$(DESTDIR)$(OPENSSLDIR_dir)
ENGINESDIR=$(DESTDIR)$(ENGINESDIR_dir)
!ELSE
INSTALLTOP=$(INSTALLTOP_dev)$(INSTALLTOP_dir)
OPENSSLDIR=$(OPENSSLDIR_dev)$(OPENSSLDIR_dir)
ENGINESDIR=$(ENGINESDIR_dev)$(ENGINESDIR_dir)
!ENDIF
# $(libdir) is chosen to be compatible with the GNU coding standards
libdir={- file_name_is_absolute($libdir)
? $libdir : '$(INSTALLTOP)\$(LIBDIR)' -}
##### User defined commands and flags ################################
CC={- $config{CC} -}
CPP={- $config{CPP} -}
CPPFLAGS={- our $cppflags1 = join(" ",
(map { "-D".$_} @{$config{CPPDEFINES}}),
(map { " /I ".$_} @{$config{CPPINCLUDES}}),
@{$config{CPPFLAGS}}) -}
CFLAGS={- join(' ', @{$config{CFLAGS}}) -}
LD={- $config{LD} -}
LDFLAGS={- join(' ', @{$config{LDFLAGS}}) -}
EX_LIBS={- join(' ', @{$config{LDLIBS}}) -}
PERL={- $config{PERL} -}
AR={- $config{AR} -}
ARFLAGS= {- join(' ', @{$config{ARFLAGS}}) -}
MT={- $config{MT} -}
MTFLAGS= {- join(' ', @{$config{MTFLAGS}}) -}
AS={- $config{AS} -}
ASFLAGS={- join(' ', @{$config{ASFLAGS}}) -}
RC={- $config{RC} -}
RCFLAGS={- join(' ', @{$config{RCFLAGS}}) -}
ECHO="$(PERL)" "$(SRCDIR)\util\echo.pl"
##### Special command flags ##########################################
COUTFLAG={- $target{coutflag} -}$(OSSL_EMPTY)
LDOUTFLAG={- $target{ldoutflag} -}$(OSSL_EMPTY)
AROUTFLAG={- $target{aroutflag} -}$(OSSL_EMPTY)
MTINFLAG={- $target{mtinflag} -}$(OSSL_EMPTY)
MTOUTFLAG={- $target{mtoutflag} -}$(OSSL_EMPTY)
ASOUTFLAG={- $target{asoutflag} -}$(OSSL_EMPTY)
RCOUTFLAG={- $target{rcoutflag} -}$(OSSL_EMPTY)
##### Project flags ##################################################
# Variables starting with CNF_ are common variables for all product types
CNF_ASFLAGS={- join(' ', $target{asflags} || (),
@{$config{asflags}}) -}
CNF_CPPFLAGS={- our $cppfags2 =
join(' ', $target{cppflags} || (),
(map { '-D'.quotify1($_) } @{$target{defines}},
@{$config{defines}}),
(map { '-I'.'"'.$_.'"' } @{$target{includes}},
@{$config{includes}}),
@{$config{cppflags}}) -}
CNF_CFLAGS={- join(' ', $target{cflags} || (),
@{$config{cflags}}) -}
CNF_CXXFLAGS={- join(' ', $target{cxxflags} || (),
@{$config{cxxflags}}) -}
CNF_LDFLAGS={- join(' ', $target{lflags} || (),
@{$config{lflags}}) -}
CNF_EX_LIBS={- join(' ', $target{ex_libs} || (),
@{$config{ex_libs}}) -}
# Variables starting with LIB_ are used to build library object files
# and shared libraries.
# Variables starting with DSO_ are used to build DSOs and their object files.
# Variables starting with BIN_ are used to build programs and their object
# files.
LIB_ASFLAGS={- join(' ', $target{lib_asflags} || (),
@{$config{lib_asflags}},
'$(CNF_ASFLAGS)', '$(ASFLAGS)') -}
LIB_CPPFLAGS={- our $lib_cppflags =
join(' ', $target{lib_cppflags} || (),
$target{shared_cppflag} || (),
(map { '-D'.quotify1($_) }
@{$target{lib_defines}},
@{$target{shared_defines}},
@{$config{lib_defines}},
@{$config{shared_defines}}),
(map { '-I'.quotify1($_) }
@{$target{lib_includes}},
@{$target{shared_includes}},
@{$config{lib_includes}},
@{$config{shared_includes}}),
@{$config{lib_cppflags}},
@{$config{shared_cppflag}});
join(' ', $lib_cppflags,
(map { '-D'.quotify1($_) }
"OPENSSLDIR=\"$openssldir\"",
"ENGINESDIR=\"$enginesdir\""),
'$(CNF_CPPFLAGS)', '$(CPPFLAGS)') -}
LIB_CFLAGS={- join(' ', $target{lib_cflags} || (),
$target{shared_cflag} || (),
@{$config{lib_cflags}},
@{$config{shared_cflag}},
'$(CNF_CFLAGS)', '$(CFLAGS)') -}
LIB_LDFLAGS={- join(' ', $target{shared_ldflag} || (),
$config{shared_ldflag} || (),
'$(CNF_LDFLAGS)', '$(LDFLAGS)') -}
LIB_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS)
DSO_ASFLAGS={- join(' ', $target{dso_asflags} || (),
$target{module_asflags} || (),
@{$config{dso_asflags}},
@{$config{module_asflags}},
'$(CNF_ASFLAGS)', '$(ASFLAGS)') -}
DSO_CPPFLAGS={- join(' ', $target{dso_cppflags} || (),
$target{module_cppflags} || (),
@{$config{dso_cppflags}},
@{$config{module_cppflags}},
'$(CNF_CPPFLAGS)', '$(CPPFLAGS)') -}
DSO_CFLAGS={- join(' ', $target{dso_cflags} || (),
$target{module_cflags} || (),
@{$config{dso_cflags}},
@{$config{module_cflags}},
'$(CNF_CFLAGS)', '$(CFLAGS)') -}
DSO_LDFLAGS={- join(' ', $target{dso_lflags} || (),
$target{module_ldflags} || (),
@{$config{dso_lflags}},
@{$config{module_ldflags}},
'$(CNF_LDFLAGS)', '$(LDFLAGS)') -}
DSO_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS)
BIN_ASFLAGS={- join(' ', $target{bin_asflags} || (),
@{$config{bin_asflags}},
'$(CNF_ASFLAGS)', '$(ASFLAGS)') -}
BIN_CPPFLAGS={- join(' ', $target{bin_cppflags} || (),
@{$config{bin_cppflags}},
'$(CNF_CPPFLAGS)', '$(CPPFLAGS)') -}
BIN_CFLAGS={- join(' ', $target{bin_cflags} || (),
@{$config{bin_cflags}},
'$(CNF_CFLAGS)', '$(CFLAGS)') -}
BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (),
@{$config{bin_lflags}},
'$(CNF_LDFLAGS)', '$(LDFLAGS)') -}
BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS)
# CPPFLAGS_Q is used for one thing only: to build up buildinf.h
CPPFLAGS_Q={- $cppflags1 =~ s|([\\"])|\\$1|g;
$cppflags2 =~ s|([\\"])|\\$1|g;
join(' ', $lib_cppflags || (), $cppflags2 || (),
$cppflags1 || ()) -}
PERLASM_SCHEME= {- $target{perlasm_scheme} -}
PROCESSOR= {- $config{processor} -}
# The main targets ###################################################
{- dependmagic('all'); -}: build_libs_nodep build_engines_nodep build_programs_nodep
{- dependmagic('build_libs'); -}: build_libs_nodep
{- dependmagic('build_engines'); -}: build_engines_nodep
{- dependmagic('build_programs'); -}: build_programs_nodep
build_generated: $(GENERATED_MANDATORY)
build_libs_nodep: $(LIBS) {- join(" ",map { shlib_import($_) } @{$unified_info{libraries}}) -}
build_engines_nodep: $(ENGINES)
build_programs_nodep: $(PROGRAMS) $(SCRIPTS)
# Kept around for backward compatibility
build_apps build_tests: build_programs
# Convenience target to prebuild all generated files, not just the mandatory
# ones
build_all_generated: $(GENERATED_MANDATORY) $(GENERATED)
@{- output_off() if $disabled{makedepend}; "\@rem" -}
@$(ECHO) "Warning: consider configuring with no-makedepend, because if"
@$(ECHO) " target system doesn't have $(PERL),"
@$(ECHO) " then make will fail..."
@{- output_on() if $disabled{makedepend}; "\@rem" -}
test: tests
{- dependmagic('tests'); -}: build_programs_nodep build_engines_nodep
@{- output_off() if $disabled{tests}; "\@rem" -}
-mkdir $(BLDDIR)\test\test-runs
set SRCTOP=$(SRCDIR)
set BLDTOP=$(BLDDIR)
set RESULT_D=$(BLDDIR)\test\test-runs
set PERL=$(PERL)
set OPENSSL_ENGINES=$(MAKEDIR)\engines
set OPENSSL_DEBUG_MEMORY=on
"$(PERL)" "$(SRCDIR)\test\run_tests.pl" $(TESTS)
@{- if ($disabled{tests}) { output_on(); } else { output_off(); } "\@rem" -}
@$(ECHO) "Tests are not supported with your chosen Configure options"
@{- output_on() if !$disabled{tests}; "\@rem" -}
list-tests:
@{- output_off() if $disabled{tests}; "\@rem" -}
@set SRCTOP=$(SRCDIR)
@"$(PERL)" "$(SRCDIR)\test\run_tests.pl" list
@{- if ($disabled{tests}) { output_on(); } else { output_off(); } "\@rem" -}
@$(ECHO) "Tests are not supported with your chosen Configure options"
@{- output_on() if !$disabled{tests}; "\@rem" -}
install: install_sw install_ssldirs install_docs
uninstall: uninstall_docs uninstall_sw
libclean:
"$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """{.,apps,test,fuzz}/$$1.*"""; } @ARGV" $(SHLIBS)
-del /Q /F $(LIBS) libcrypto.* libssl.* ossl_static.pdb
clean: libclean
{- join("\n\t", map { "-del /Q /F $_" } @PROGRAMS) || "\@rem" -}
-del /Q /F $(ENGINES)
-del /Q /F $(SCRIPTS)
-del /Q /F $(GENERATED_MANDATORY)
-del /Q /F $(GENERATED)
-del /Q /S /F *.d *.obj *.pdb *.ilk *.manifest
-del /Q /S /F engines\*.lib engines\*.exp
-del /Q /S /F apps\*.lib apps\*.rc apps\*.res apps\*.exp
-del /Q /S /F test\*.exp
-rmdir /Q /S test\test-runs
distclean: clean
-del /Q /F configdata.pm
-del /Q /F makefile
depend:
@ {- output_off() if $disabled{makedepend}; "\@rem" -}
@ "$(PERL)" "$(SRCDIR)\util\add-depends.pl" "VC"
@ {- output_on() if $disabled{makedepend}; "\@rem" -}
# Install helper targets #############################################
install_sw: install_dev install_engines install_runtime
uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev
install_docs: install_html_docs
uninstall_docs: uninstall_html_docs
install_ssldirs:
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(OPENSSLDIR)\certs"
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(OPENSSLDIR)\private"
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(OPENSSLDIR)\misc"
@"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\apps\openssl.cnf" \
"$(OPENSSLDIR)\openssl.cnf.dist"
@IF NOT EXIST "$(OPENSSLDIR)\openssl.cnf" \
"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\apps\openssl.cnf" \
"$(OPENSSLDIR)\openssl.cnf"
@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(MISC_SCRIPTS) \
"$(OPENSSLDIR)\misc"
@"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\apps\ct_log_list.cnf" \
"$(OPENSSLDIR)\ct_log_list.cnf.dist"
@IF NOT EXIST "$(OPENSSLDIR)\ct_log_list.cnf" \
"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\apps\ct_log_list.cnf" \
"$(OPENSSLDIR)\ct_log_list.cnf"
install_dev: install_runtime_libs
@if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 )
@$(ECHO) "*** Installing development files"
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\include\openssl"
@{- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "\@rem" -}
@"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\ms\applink.c" \
"$(INSTALLTOP)\include\openssl"
@{- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "\@rem" -}
@"$(PERL)" "$(SRCDIR)\util\copy.pl" "-exclude_re=/__DECC_" \
"$(SRCDIR)\include\openssl\*.h" \
"$(INSTALLTOP)\include\openssl"
@"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(BLDDIR)\include\openssl\*.h" \
"$(INSTALLTOP)\include\openssl"
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(libdir)"
@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_LIBS) "$(libdir)"
@if "$(SHLIBS)"=="" \
"$(PERL)" "$(SRCDIR)\util\copy.pl" ossl_static.pdb "$(libdir)"
uninstall_dev:
install_engines: install_runtime_libs build_engines
@if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 )
@$(ECHO) "*** Installing engines"
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(ENGINESDIR)"
@if not "$(ENGINES)"=="" \
"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_ENGINES) "$(ENGINESDIR)"
@if not "$(ENGINES)"=="" \
"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_ENGINEPDBS) "$(ENGINESDIR)"
uninstall_engines:
install_runtime: install_programs
install_runtime_libs: build_libs
@if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 )
@$(ECHO) "*** Installing runtime libraries"
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\bin"
@if not "$(SHLIBS)"=="" \
"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_SHLIBS) "$(INSTALLTOP)\bin"
@if not "$(SHLIBS)"=="" \
"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_SHLIBPDBS) \
"$(INSTALLTOP)\bin"
install_programs: install_runtime_libs build_programs
@if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 )
@$(ECHO) "*** Installing runtime programs"
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\bin"
@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_PROGRAMS) \
"$(INSTALLTOP)\bin"
@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_PROGRAMPDBS) \
"$(INSTALLTOP)\bin"
@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(BIN_SCRIPTS) \
"$(INSTALLTOP)\bin"
uninstall_runtime:
install_html_docs:
"$(PERL)" "$(SRCDIR)\util\process_docs.pl" \
"--destdir=$(INSTALLTOP)\html" --type=html
uninstall_html_docs:
# Building targets ###################################################
configdata.pm: "$(SRCDIR)\Configure" {- join(" ", map { '"'.$_.'"' } @{$config{build_file_templates}}, @{$config{build_infos}}, @{$config{conf_files}}) -}
@$(ECHO) "Detected changed: $?"
"$(PERL)" configdata.pm -r
@$(ECHO) "**************************************************"
@$(ECHO) "*** ***"
@$(ECHO) "*** Please run the same make command again ***"
@$(ECHO) "*** ***"
@$(ECHO) "**************************************************"
@exit 1
reconfigure reconf:
"$(PERL)" configdata.pm -r
{-
use File::Basename;
use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs/;
# Helper function to figure out dependencies on libraries
# It takes a list of library names and outputs a list of dependencies
sub compute_lib_depends {
if ($disabled{shared}) {
return map { lib($_) } @_;
}
return map { shlib_import($_) or lib($_) } @_;
}
sub generatesrc {
my %args = @_;
(my $target = $args{src}) =~ s/\.[sS]$/.asm/;
my ($gen0, @gens) = @{$args{generator}};
my $generator = '"'.$gen0.'"'.join('', map { " $_" } @gens);
my $generator_incs = join("", map { " -I \"$_\"" } @{$args{generator_incs}});
my $incs = join("", map { " /I \"$_\"" } @{$args{incs}});
my $deps = @{$args{deps}} ?
'"'.join('" "', @{$args{generator_deps}}, @{$args{deps}}).'"' : '';
if ($target !~ /\.asm$/) {
if ($args{generator}->[0] =~ m|^.*\.in$|) {
my $dofile = abs2rel(rel2abs(catfile($config{sourcedir},
"util", "dofile.pl")),
rel2abs($config{builddir}));
return <<"EOF";
$target: "$args{generator}->[0]" $deps
"\$(PERL)" "-I\$(BLDDIR)" -Mconfigdata "$dofile" \\
"-o$target{build_file}" $generator > \$@
EOF
} else {
return <<"EOF";
$target: "$args{generator}->[0]" $deps
"\$(PERL)"$generator_incs $generator > \$@
EOF
}
} else {
if ($args{generator}->[0] =~ /\.pl$/) {
$generator = '"$(PERL)"'.$generator_incs.' '.$generator;
} elsif ($args{generator}->[0] =~ /\.S$/) {
$generator = undef;
} else {
die "Generator type for $src unknown: $generator\n";
}
my $cppflags = $incs;
$cppflags .= {
lib => ' $(LIB_CFLAGS) $(LIB_CPPFLAGS)',
dso => ' $(DSO_CFLAGS) $(DSO_CPPFLAGS)',
bin => ' $(BIN_CFLAGS) $(BIN_CPPFLAGS)'
} -> {$args{intent}};
if (defined($generator)) {
# If the target is named foo.S in build.info, we want to
# end up generating foo.s in two steps.
if ($args{src} =~ /\.S$/) {
return <<"EOF";
$target: "$args{generator}->[0]" $deps
set ASM=\$(AS)
$generator \$@.S
\$(CPP) $cppflags \$@.S > \$@.i && move /Y \$@.i \$@
del /Q \$@.S
EOF
}
# Otherwise....
return <<"EOF";
$target: "$args{generator}->[0]" $deps
set ASM=\$(AS)
$generator \$@
EOF
}
return <<"EOF";
$target: "$args{generator}->[0]" $deps
\$(CPP) $incs $cppflags "$args{generator}->[0]" > \$@.i && move /Y \$@.i \$@
EOF
}
}
sub src2obj {
my %args = @_;
my @srcs = map { (my $x = $_) =~ s/\.s$/.asm/; $x
} ( @{$args{srcs}} );
my $srcs = '"'.join('" "', @srcs).'"';
my $deps = '"'.join('" "', @srcs, @{$args{deps}}).'"';
my $incs = join("", map { ' /I "'.$_.'"' } @{$args{incs}});
my $cflags = { lib => ' $(LIB_CFLAGS)',
dso => ' $(DSO_CFLAGS)',
bin => ' $(BIN_CFLAGS)' } -> {$args{intent}};
$cflags .= $incs;
$cflags .= { lib => ' $(LIB_CPPFLAGS)',
dso => ' $(DSO_CPPFLAGS)',
bin => ' $(BIN_CPPFLAGS)' } -> {$args{intent}};
my $asflags = { lib => ' $(LIB_ASFLAGS)',
dso => ' $(DSO_ASFLAGS)',
bin => ' $(BIN_ASFLAGS)' } -> {$args{intent}};
my $makedepprog = $config{makedepprog};
if ($srcs[0] =~ /\.rc$/) {
return <<"EOF";
$args{obj}: $deps
\$(RC) \$(RCFLAGS) \$(RCOUTFLAG)\$\@ $srcs
EOF
}
(my $obj = $args{obj}) =~ s|\.o$||;
if ($srcs[0] =~ /\.asm$/) {
return <<"EOF";
$obj$objext: $deps
\$(AS) $asflags \$(ASOUTFLAG)\$\@ $srcs
EOF
} elsif ($srcs[0] =~ /.S$/) {
return <<"EOF";
$obj$objext: $deps
\$(CC) /EP /D__ASSEMBLER__ $cflags $srcs > \$@.asm && \$(AS) $asflags \$(ASOUTFLAG)\$\@ \$@.asm
EOF
}
my $recipe = <<"EOF";
$obj$objext: $deps
\$(CC) $cflags -c \$(COUTFLAG)\$\@ $srcs
EOF
$recipe .= <<"EOF" unless $disabled{makedepend};
\$(CC) $cflags /Zs /showIncludes $srcs 2>&1 > $obj$depext
EOF
return $recipe;
}
# We *know* this routine is only called when we've configure 'shared'.
# Also, note that even though the import library built here looks like
# a static library, it really isn't.
sub libobj2shlib {
my %args = @_;
my $lib = $args{lib};
my @objs = map { (my $x = $_) =~ s|\.o$|$objext|; $x }
grep { $_ =~ m/\.(?:o|res)$/ }
@{$args{objs}};
my @defs = grep { $_ =~ /\.def$/ } @{$args{objs}};
my @deps = compute_lib_depends(@{$args{deps}});
die "More than one exported symbols list" if scalar @defs > 1;
my $linklibs = join("", map { "$_\n" } @deps);
my $objs = join("\n", @objs);
my $deps = join(" ", @objs, @defs, @deps);
my $import = shlib_import($lib);
my $dll = shlib($lib);
my $shared_def = join("", map { " /def:$_" } @defs);
return <<"EOF"
# The import library may look like a static library, but it is not.
# We MUST make the import library depend on the DLL, in case someone
# mistakenly removes the latter.
$import: $dll
$dll: $deps
IF EXIST $full.manifest DEL /F /Q $full.manifest
IF EXIST \$@ DEL /F /Q \$@
\$(LD) \$(LDFLAGS) \$(LIB_LDFLAGS) \\
/implib:$import \$(LDOUTFLAG)$dll$shared_def @<< || (DEL /Q \$(\@B).* $import && EXIT 1)
$objs
$linklibs\$(LIB_EX_LIBS)
<<
IF EXIST $dll.manifest \\
\$(MT) \$(MTFLAGS) \$(MTINFLAG)$dll.manifest \$(MTOUTFLAG)$dll
IF EXIST apps\\$dll DEL /Q /F apps\\$dll
IF EXIST test\\$dll DEL /Q /F test\\$dll
IF EXIST fuzz\\$dll DEL /Q /F fuzz\\$dll
COPY $dll apps
COPY $dll test
COPY $dll fuzz
EOF
}
sub obj2dso {
my %args = @_;
my $dso = $args{lib};
my $dso_n = basename($dso);
my @objs = map { (my $x = $_) =~ s|\.o$|$objext|; $x } @{$args{objs}};
my @deps = compute_lib_depends(@{$args{deps}});
my $objs = join("\n", @objs);
my $linklibs = join("", map { "$_\n" } @deps);
my $deps = join(" ", @objs, @deps);
return <<"EOF";
$dso$dsoext: $deps
IF EXIST $dso$dsoext.manifest DEL /F /Q $dso$dsoext.manifest
\$(LD) \$(LDFLAGS) \$(DSO_LDFLAGS) \$(LDOUTFLAG)$dso$dsoext /def:<< @<<
LIBRARY $dso_n
EXPORTS
bind_engine @1
v_check @2
<<
$objs
$linklibs \$(DSO_EX_LIBS)
<<
IF EXIST $dso$dsoext.manifest \\
\$(MT) \$(MTFLAGS) \$(MTINFLAG)$dso$dsoext.manifest \$(MTOUTFLAG)$dso$dsoext
EOF
}
sub obj2lib {
my %args = @_;
my $lib = lib($args{lib});
my @objs = map { (my $x = $_) =~ s|\.o$|$objext|; $x } @{$args{objs}};
my $objs = join("\n", @objs);
my $deps = join(" ", @objs);
return <<"EOF";
$lib: $deps
\$(AR) \$(ARFLAGS) \$(AROUTFLAG)$lib @<<
$objs
<<
EOF
}
sub obj2bin {
my %args = @_;
my $bin = $args{bin};
my @objs = map { (my $x = $_) =~ s|\.o$|$objext|; $x } @{$args{objs}};
my @deps = compute_lib_depends(@{$args{deps}});
my $objs = join("\n", @objs);
my $linklibs = join("", map { "$_\n" } @deps);
my $deps = join(" ", @objs, @deps);
return <<"EOF";
$bin$exeext: $deps
IF EXIST $bin$exeext.manifest DEL /F /Q $bin$exeext.manifest
\$(LD) \$(LDFLAGS) \$(BIN_LDFLAGS) \$(LDOUTFLAG)$bin$exeext @<<
$objs
setargv.obj
$linklibs\$(BIN_EX_LIBS)
<<
IF EXIST $bin$exeext.manifest \\
\$(MT) \$(MTFLAGS) \$(MTINFLAG)$bin$exeext.manifest \$(MTOUTFLAG)$bin$exeext
EOF
}
sub in2script {
my %args = @_;
my $script = $args{script};
my $sources = '"'.join('" "', @{$args{sources}}).'"';
my $dofile = abs2rel(rel2abs(catfile($config{sourcedir},
"util", "dofile.pl")),
rel2abs($config{builddir}));
return <<"EOF";
$script: $sources
"\$(PERL)" "-I\$(BLDDIR)" -Mconfigdata "$dofile" \\
"-o$target{build_file}" $sources > "$script"
EOF
}
sub generatedir {
my %args = @_;
my $dir = $args{dir};
my @deps = map { s|\.o$|$objext|; $_ } @{$args{deps}};
my @actions = ();
my %extinfo = ( dso => $dsoext,
lib => $libext,
bin => $exeext );
# We already have a 'test' target, and the top directory is just plain
# silly
return if $dir eq "test" || $dir eq ".";
foreach my $type (("dso", "lib", "bin", "script")) {
next unless defined($unified_info{dirinfo}->{$dir}->{products}->{$type});
# For lib object files, we could update the library. However,
# LIB on Windows doesn't work that way, so we won't create any
# actions for it, and the dependencies are already taken care of.
if ($type ne "lib") {
foreach my $prod (@{$unified_info{dirinfo}->{$dir}->{products}->{$type}}) {
if (dirname($prod) eq $dir) {
push @deps, $prod.$extinfo{$type};
}
}
}
}
my $deps = join(" ", @deps);
my $actions = join("\n", "", @actions);
return <<"EOF";
$dir $dir\\ : $deps$actions
EOF
}
"" # Important! This becomes part of the template result.
-}

3612
Configure
View File

File diff suppressed because it is too large Load Diff

1234
Doxyfile.in Normal file
View File

File diff suppressed because it is too large Load Diff

2
FAQ
View File

@@ -1,2 +0,0 @@
The FAQ is now maintained on the web:
https://www.openssl.org/docs/faq.html

1609
INSTALL
View File

File diff suppressed because it is too large Load Diff

365
INSTALL.generic Normal file
View File

@@ -0,0 +1,365 @@
Installation Instructions
*************************
Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005,
2006, 2007, 2008, 2009, 2010 Free Software Foundation, Inc.
Copying and distribution of this file, with or without modification,
are permitted in any medium without royalty provided the copyright
notice and this notice are preserved. This file is offered as-is,
without warranty of any kind.
Basic Installation
==================
Briefly, the shell commands `./configure; make; make install' should
configure, build, and install this package. The following
more-detailed instructions are generic; see the `README' file for
instructions specific to this package. Some packages provide this
`INSTALL' file but do not implement all of the features documented
below. The lack of an optional feature in a given package is not
necessarily a bug. More recommendations for GNU packages can be found
in *note Makefile Conventions: (standards)Makefile Conventions.
The `configure' shell script attempts to guess correct values for
various system-dependent variables used during compilation. It uses
those values to create a `Makefile' in each directory of the package.
It may also create one or more `.h' files containing system-dependent
definitions. Finally, it creates a shell script `config.status' that
you can run in the future to recreate the current configuration, and a
file `config.log' containing compiler output (useful mainly for
debugging `configure').
It can also use an optional file (typically called `config.cache'
and enabled with `--cache-file=config.cache' or simply `-C') that saves
the results of its tests to speed up reconfiguring. Caching is
disabled by default to prevent problems with accidental use of stale
cache files.
If you need to do unusual things to compile the package, please try
to figure out how `configure' could check whether to do them, and mail
diffs or instructions to the address given in the `README' so they can
be considered for the next release. If you are using the cache, and at
some point `config.cache' contains results you don't want to keep, you
may remove or edit it.
The file `configure.ac' (or `configure.in') is used to create
`configure' by a program called `autoconf'. You need `configure.ac' if
you want to change it or regenerate `configure' using a newer version
of `autoconf'.
The simplest way to compile this package is:
1. `cd' to the directory containing the package's source code and type
`./configure' to configure the package for your system.
Running `configure' might take a while. While running, it prints
some messages telling which features it is checking for.
2. Type `make' to compile the package.
3. Optionally, type `make check' to run any self-tests that come with
the package, generally using the just-built uninstalled binaries.
4. Type `make install' to install the programs and any data files and
documentation. When installing into a prefix owned by root, it is
recommended that the package be configured and built as a regular
user, and only the `make install' phase executed with root
privileges.
5. Optionally, type `make installcheck' to repeat any self-tests, but
this time using the binaries in their final installed location.
This target does not install anything. Running this target as a
regular user, particularly if the prior `make install' required
root privileges, verifies that the installation completed
correctly.
6. You can remove the program binaries and object files from the
source code directory by typing `make clean'. To also remove the
files that `configure' created (so you can compile the package for
a different kind of computer), type `make distclean'. There is
also a `make maintainer-clean' target, but that is intended mainly
for the package's developers. If you use it, you may have to get
all sorts of other programs in order to regenerate files that came
with the distribution.
7. Often, you can also type `make uninstall' to remove the installed
files again. In practice, not all packages have tested that
uninstallation works correctly, even though it is required by the
GNU Coding Standards.
8. Some packages, particularly those that use Automake, provide `make
distcheck', which can by used by developers to test that all other
targets like `make install' and `make uninstall' work correctly.
This target is generally not run by end users.
Compilers and Options
=====================
Some systems require unusual options for compilation or linking that
the `configure' script does not know about. Run `./configure --help'
for details on some of the pertinent environment variables.
You can give `configure' initial values for configuration parameters
by setting variables in the command line or in the environment. Here
is an example:
./configure CC=c99 CFLAGS=-g LIBS=-lposix
*Note Defining Variables::, for more details.
Compiling For Multiple Architectures
====================================
You can compile the package for more than one kind of computer at the
same time, by placing the object files for each architecture in their
own directory. To do this, you can use GNU `make'. `cd' to the
directory where you want the object files and executables to go and run
the `configure' script. `configure' automatically checks for the
source code in the directory that `configure' is in and in `..'. This
is known as a "VPATH" build.
With a non-GNU `make', it is safer to compile the package for one
architecture at a time in the source code directory. After you have
installed the package for one architecture, use `make distclean' before
reconfiguring for another architecture.
On MacOS X 10.5 and later systems, you can create libraries and
executables that work on multiple system types--known as "fat" or
"universal" binaries--by specifying multiple `-arch' options to the
compiler but only a single `-arch' option to the preprocessor. Like
this:
./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
CPP="gcc -E" CXXCPP="g++ -E"
This is not guaranteed to produce working output in all cases, you
may have to build one architecture at a time and combine the results
using the `lipo' tool if you have problems.
Installation Names
==================
By default, `make install' installs the package's commands under
`/usr/local/bin', include files under `/usr/local/include', etc. You
can specify an installation prefix other than `/usr/local' by giving
`configure' the option `--prefix=PREFIX', where PREFIX must be an
absolute file name.
You can specify separate installation prefixes for
architecture-specific files and architecture-independent files. If you
pass the option `--exec-prefix=PREFIX' to `configure', the package uses
PREFIX as the prefix for installing programs and libraries.
Documentation and other data files still use the regular prefix.
In addition, if you use an unusual directory layout you can give
options like `--bindir=DIR' to specify different values for particular
kinds of files. Run `configure --help' for a list of the directories
you can set and what kinds of files go in them. In general, the
default for these options is expressed in terms of `${prefix}', so that
specifying just `--prefix' will affect all of the other directory
specifications that were not explicitly provided.
The most portable way to affect installation locations is to pass the
correct locations to `configure'; however, many packages provide one or
both of the following shortcuts of passing variable assignments to the
`make install' command line to change installation locations without
having to reconfigure or recompile.
The first method involves providing an override variable for each
affected directory. For example, `make install
prefix=/alternate/directory' will choose an alternate location for all
directory configuration variables that were expressed in terms of
`${prefix}'. Any directories that were specified during `configure',
but not in terms of `${prefix}', must each be overridden at install
time for the entire installation to be relocated. The approach of
makefile variable overrides for each directory variable is required by
the GNU Coding Standards, and ideally causes no recompilation.
However, some platforms have known limitations with the semantics of
shared libraries that end up requiring recompilation when using this
method, particularly noticeable in packages that use GNU Libtool.
The second method involves providing the `DESTDIR' variable. For
example, `make install DESTDIR=/alternate/directory' will prepend
`/alternate/directory' before all installation names. The approach of
`DESTDIR' overrides is not required by the GNU Coding Standards, and
does not work on platforms that have drive letters. On the other hand,
it does better at avoiding recompilation issues, and works well even
when some directory options were not specified in terms of `${prefix}'
at `configure' time.
Optional Features
=================
If the package supports it, you can cause programs to be installed
with an extra prefix or suffix on their names by giving `configure' the
option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
Some packages pay attention to `--enable-FEATURE' options to
`configure', where FEATURE indicates an optional part of the package.
They may also pay attention to `--with-PACKAGE' options, where PACKAGE
is something like `gnu-as' or `x' (for the X Window System). The
`README' should mention any `--enable-' and `--with-' options that the
package recognizes.
For packages that use the X Window System, `configure' can usually
find the X include and library files automatically, but if it doesn't,
you can use the `configure' options `--x-includes=DIR' and
`--x-libraries=DIR' to specify their locations.
Some packages offer the ability to configure how verbose the
execution of `make' will be. For these packages, running `./configure
--enable-silent-rules' sets the default to minimal output, which can be
overridden with `make V=1'; while running `./configure
--disable-silent-rules' sets the default to verbose, which can be
overridden with `make V=0'.
Particular systems
==================
On HP-UX, the default C compiler is not ANSI C compatible. If GNU
CC is not installed, it is recommended to use the following options in
order to use an ANSI C compiler:
./configure CC="cc -Ae -D_XOPEN_SOURCE=500"
and if that doesn't work, install pre-built binaries of GCC for HP-UX.
On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot
parse its `<wchar.h>' header file. The option `-nodtk' can be used as
a workaround. If GNU CC is not installed, it is therefore recommended
to try
./configure CC="cc"
and if that doesn't work, try
./configure CC="cc -nodtk"
On Solaris, don't put `/usr/ucb' early in your `PATH'. This
directory contains several dysfunctional programs; working variants of
these programs are available in `/usr/bin'. So, if you need `/usr/ucb'
in your `PATH', put it _after_ `/usr/bin'.
On Haiku, software installed for all users goes in `/boot/common',
not `/usr/local'. It is recommended to use the following options:
./configure --prefix=/boot/common
Specifying the System Type
==========================
There may be some features `configure' cannot figure out
automatically, but needs to determine by the type of machine the package
will run on. Usually, assuming the package is built to be run on the
_same_ architectures, `configure' can figure that out, but if it prints
a message saying it cannot guess the machine type, give it the
`--build=TYPE' option. TYPE can either be a short name for the system
type, such as `sun4', or a canonical name which has the form:
CPU-COMPANY-SYSTEM
where SYSTEM can have one of these forms:
OS
KERNEL-OS
See the file `config.sub' for the possible values of each field. If
`config.sub' isn't included in this package, then this package doesn't
need to know the machine type.
If you are _building_ compiler tools for cross-compiling, you should
use the option `--target=TYPE' to select the type of system they will
produce code for.
If you want to _use_ a cross compiler, that generates code for a
platform different from the build platform, you should specify the
"host" platform (i.e., that on which the generated programs will
eventually be run) with `--host=TYPE'.
Sharing Defaults
================
If you want to set default values for `configure' scripts to share,
you can create a site shell script called `config.site' that gives
default values for variables like `CC', `cache_file', and `prefix'.
`configure' looks for `PREFIX/share/config.site' if it exists, then
`PREFIX/etc/config.site' if it exists. Or, you can set the
`CONFIG_SITE' environment variable to the location of the site script.
A warning: not all `configure' scripts look for a site script.
Defining Variables
==================
Variables not defined in a site shell script can be set in the
environment passed to `configure'. However, some packages may run
configure again during the build, and the customized values of these
variables may be lost. In order to avoid this problem, you should set
them in the `configure' command line, using `VAR=value'. For example:
./configure CC=/usr/local2/bin/gcc
causes the specified `gcc' to be used as the C compiler (unless it is
overridden in the site shell script).
Unfortunately, this technique does not work for `CONFIG_SHELL' due to
an Autoconf bug. Until the bug is fixed you can use this workaround:
CONFIG_SHELL=/bin/bash /bin/bash ./configure CONFIG_SHELL=/bin/bash
`configure' Invocation
======================
`configure' recognizes the following options to control how it
operates.
`--help'
`-h'
Print a summary of all of the options to `configure', and exit.
`--help=short'
`--help=recursive'
Print a summary of the options unique to this package's
`configure', and exit. The `short' variant lists options used
only in the top level, while the `recursive' variant lists options
also present in any nested packages.
`--version'
`-V'
Print the version of Autoconf used to generate the `configure'
script, and exit.
`--cache-file=FILE'
Enable the cache: use and save the results of the tests in FILE,
traditionally `config.cache'. FILE defaults to `/dev/null' to
disable caching.
`--config-cache'
`-C'
Alias for `--cache-file=config.cache'.
`--quiet'
`--silent'
`-q'
Do not print messages saying which checks are being made. To
suppress all normal output, redirect it to `/dev/null' (any error
messages will still be shown).
`--srcdir=DIR'
Look for the package's source code in directory DIR. Usually
`configure' can determine that directory automatically.
`--prefix=DIR'
Use DIR as the installation prefix. *note Installation Names::
for more details, including other options available for fine-tuning
the installation locations.
`--no-create'
`-n'
Run the configure checks, but stop before creating any output
files.
`configure' also accepts some other, not widely useful, options. Run
`configure --help' for more details.

125
LICENSE
View File

@@ -1,125 +0,0 @@
LICENSE ISSUES
==============
The OpenSSL toolkit stays under a double license, i.e. both the conditions of
the OpenSSL License and the original SSLeay license apply to the toolkit.
See below for the actual license texts.
OpenSSL License
---------------
/* ====================================================================
* Copyright (c) 1998-2019 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
Original SSLeay License
-----------------------
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/

109
Makefile.am Normal file
View File

@@ -0,0 +1,109 @@
##
## Author: Lasse Collin
##
## This file has been put into the public domain.
## You can do whatever you want with this file.
##
# Use -n to prevent gzip from adding a timestamp to the .gz headers.
GZIP_ENV = -9n
DIST_SUBDIRS = lib src po tests debug
SUBDIRS =
if COND_GNULIB
SUBDIRS += lib
endif
SUBDIRS += src po tests
if COND_DOC
dist_doc_DATA = \
AUTHORS \
COPYING \
COPYING.GPLv2 \
NEWS \
README \
THANKS \
TODO \
doc/faq.txt \
doc/history.txt \
doc/xz-file-format.txt \
doc/lzma-file-format.txt
examplesdir = $(docdir)/examples
dist_examples_DATA = \
doc/examples/00_README.txt \
doc/examples/01_compress_easy.c \
doc/examples/02_decompress.c \
doc/examples/03_compress_custom.c \
doc/examples/04_compress_easy_mt.c \
doc/examples/Makefile
examplesolddir = $(docdir)/examples_old
dist_examplesold_DATA = \
doc/examples_old/xz_pipe_comp.c \
doc/examples_old/xz_pipe_decomp.c
endif
EXTRA_DIST = \
extra \
dos \
windows \
macosx \
autogen.sh \
Doxyfile.in \
COPYING.GPLv2 \
COPYING.GPLv3 \
COPYING.LGPLv2.1 \
INSTALL.generic \
PACKAGERS \
build-aux/manconv.sh \
build-aux/version.sh
ACLOCAL_AMFLAGS = -I m4
# List of man pages to conver to PDF and plain text in the dist-hook target.
manfiles = \
src/xz/xz.1 \
src/xzdec/xzdec.1 \
src/lzmainfo/lzmainfo.1 \
src/scripts/xzdiff.1 \
src/scripts/xzgrep.1 \
src/scripts/xzless.1 \
src/scripts/xzmore.1
# Create ChangeLog from output of "git log --date=iso --stat".
# Convert the man pages to PDF and plain text (ASCII only) formats.
dist-hook:
if test -d "$(srcdir)/.git" && type git > /dev/null 2>&1; then \
( cd "$(srcdir)" && git log --date=iso --stat ) \
> "$(distdir)/ChangeLog"; \
fi
if type groff > /dev/null 2>&1 && type ps2pdf > /dev/null 2>&1; then \
dest="$(distdir)/doc/man" && \
$(MKDIR_P) "$$dest/pdf-a4" "$$dest/pdf-letter" "$$dest/txt" && \
for FILE in $(manfiles); do \
BASE=`basename $$FILE .1` && \
sh "$(srcdir)/build-aux/manconv.sh" pdf a4 \
< "$(srcdir)/$$FILE" \
> "$$dest/pdf-a4/$$BASE-a4.pdf" && \
sh "$(srcdir)/build-aux/manconv.sh" pdf letter \
< "$(srcdir)/$$FILE" \
> "$$dest/pdf-letter/$$BASE-letter.pdf" && \
sh "$(srcdir)/build-aux/manconv.sh" ascii \
< "$(srcdir)/$$FILE" \
> "$$dest/txt/$$BASE.txt"; \
done; \
fi
# This works with GNU tar and gives cleaner package than normal 'make dist'.
mydist:
sh "$(srcdir)/src/liblzma/validate_map.sh"
VERSION=$(VERSION); \
if test -d "$(srcdir)/.git" && type git > /dev/null 2>&1; then \
SNAPSHOT=`cd "$(srcdir)" && git describe --abbrev=4 | cut -b2-`; \
test -n "$$SNAPSHOT" && VERSION=$$SNAPSHOT; \
fi; \
TAR_OPTIONS='--owner=0 --group=0 --numeric-owner --mode=u+rw,go+r-w' \
$(MAKE) VERSION="$$VERSION" dist-gzip

1079
Makefile.in Normal file
View File

File diff suppressed because it is too large Load Diff

1408
NEWS
View File

File diff suppressed because it is too large Load Diff

87
NOTES.ANDROID
View File

@@ -1,87 +0,0 @@
NOTES FOR ANDROID PLATFORMS
===========================
Requirement details
-------------------
Beside basic tools like perl and make you'll need to download the Android
NDK. It's available for Linux, macOS and Windows, but only Linux
version was actually tested. There is no reason to believe that macOS
wouldn't work. And as for Windows, it's unclear which "shell" would be
suitable, MSYS2 might have best chances. NDK version should play lesser
role, the goal is to support a range of most recent versions.
Configuration
-------------
Android is a naturally cross-compiled target and you can't use ./config.
You have to use ./Configure and name your target explicitly; there are
android-arm, android-arm64, android-mips, android-mip64, android-x86
and android-x86_64 (*MIPS targets are no longer supported with NDK R20+).
Do not pass --cross-compile-prefix (as you might be tempted), as it will
be "calculated" automatically based on chosen platform. Though you still
need to know the prefix to extend your PATH, in order to invoke
$(CROSS_COMPILE)clang [*gcc on NDK 19 and lower] and company. (Configure
will fail and give you a hint if you get it wrong.) Apart from PATH
adjustment you need to set ANDROID_NDK_HOME environment to point at the
NDK directory. If you're using a side-by-side NDK the path will look
something like /some/where/android-sdk/ndk/<ver>, and for a standalone
NDK the path will be something like /some/where/android-ndk-<ver>.
Both variables are significant at both configuration and compilation times.
The NDK customarily supports multiple Android API levels, e.g. android-14,
android-21, etc. By default latest API level is chosen. If you need to
target an older platform pass the argument -D__ANDROID_API__=N to Configure,
with N being the numerical value of the target platform version. For example,
to compile for Android 10 arm64 with a side-by-side NDK r20.0.5594570
export ANDROID_NDK_HOME=/home/whoever/Android/android-sdk/ndk/20.0.5594570
PATH=$ANDROID_NDK_HOME/toolchains/llvm/prebuilt/linux-x86_64/bin:$ANDROID_NDK_HOME/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/bin:$PATH
./Configure android-arm64 -D__ANDROID_API__=29
make
Older versions of the NDK have GCC under their common prebuilt tools directory, so the bin path
will be slightly different. EG: to compile for ICS on ARM with NDK 10d:
export ANDROID_NDK_HOME=/some/where/android-ndk-10d
PATH=$ANDROID_NDK_HOME/toolchains/arm-linux-androideabi-4.8/prebuilt/linux-x86_64/bin:$PATH
./Configure android-arm -D__ANDROID_API__=14
make
Caveat lector! Earlier OpenSSL versions relied on additional CROSS_SYSROOT
variable set to $ANDROID_NDK_HOME/platforms/android-<api>/arch-<arch> to
appoint headers-n-libraries' location. It's still recognized in order
to facilitate migration from older projects. However, since API level
appears in CROSS_SYSROOT value, passing -D__ANDROID_API__=N can be in
conflict, and mixing the two is therefore not supported. Migration to
CROSS_SYSROOT-less setup is recommended.
One can engage clang by adjusting PATH to cover same NDK's clang. Just
keep in mind that if you miss it, Configure will try to use gcc...
Also, PATH would need even further adjustment to cover unprefixed, yet
target-specific, ar and ranlib. It's possible that you don't need to
bother, if binutils-multiarch is installed on your Linux system.
Another option is to create so called "standalone toolchain" tailored
for single specific platform including Android API level, and assign its
location to ANDROID_NDK_HOME. In such case you have to pass matching
target name to Configure and shouldn't use -D__ANDROID_API__=N. PATH
adjustment becomes simpler, $ANDROID_NDK_HOME/bin:$PATH suffices.
Running tests (on Linux)
------------------------
This is not actually supported. Notes are meant rather as inspiration.
Even though build output targets alien system, it's possible to execute
test suite on Linux system by employing qemu-user. The trick is static
linking. Pass -static to Configure, then edit generated Makefile and
remove occurrences of -ldl and -pie flags. You would also need to pick
API version that comes with usable static libraries, 42/2=21 used to
work. Once built, you should be able to
env EXE_SHELL=qemu-<arch> make test
If you need to pass additional flag to qemu, quotes are your friend, e.g.
env EXE_SHELL="qemu-mips64el -cpu MIPS64R6-generic" make test

48
NOTES.DJGPP
View File

@@ -1,48 +0,0 @@
INSTALLATION ON THE DOS PLATFORM WITH DJGPP
-------------------------------------------
OpenSSL has been ported to DJGPP, a Unix look-alike 32-bit run-time
environment for 16-bit DOS, but only with long filename support.
If you wish to compile on native DOS with 8+3 filenames, you will
have to tweak the installation yourself, including renaming files
with illegal or duplicate names.
You should have a full DJGPP environment installed, including the
latest versions of DJGPP, GCC, BINUTILS, BASH, etc. This package
requires that PERL and the PERL module Text::Template also be
installed (see NOTES.PERL).
All of these can be obtained from the usual DJGPP mirror sites or
directly at "http://www.delorie.com/pub/djgpp". For help on which
files to download, see the DJGPP "ZIP PICKER" page at
"http://www.delorie.com/djgpp/zip-picker.html". You also need to have
the WATT-32 networking package installed before you try to compile
OpenSSL. This can be obtained from "http://www.watt-32.net/".
The Makefile assumes that the WATT-32 code is in the directory
specified by the environment variable WATT_ROOT. If you have watt-32
in directory "watt32" under your main DJGPP directory, specify
WATT_ROOT="/dev/env/DJDIR/watt32".
To compile OpenSSL, start your BASH shell, then configure for DJGPP by
running "./Configure" with appropriate arguments:
./Configure no-threads --prefix=/dev/env/DJDIR DJGPP
And finally fire up "make". You may run out of DPMI selectors when
running in a DOS box under Windows. If so, just close the BASH
shell, go back to Windows, and restart BASH. Then run "make" again.
RUN-TIME CAVEAT LECTOR
--------------
Quoting FAQ:
"Cryptographic software needs a source of unpredictable data to work
correctly. Many open source operating systems provide a "randomness
device" (/dev/urandom or /dev/random) that serves this purpose."
As of version 0.9.7f DJGPP port checks upon /dev/urandom$ for a 3rd
party "randomness" DOS driver. One such driver, NOISE.SYS, can be
obtained from "http://www.rahul.net/dkaufman/index.html".

119
NOTES.PERL
View File

@@ -1,119 +0,0 @@
TOC
===
- Notes on Perl
- Notes on Perl on Windows
- Notes on Perl modules we use
- Notes on installing a perl module
Notes on Perl
-------------
For our scripts, we rely quite a bit on Perl, and increasingly on
some core Perl modules. These Perl modules are part of the Perl
source, so if you build Perl on your own, you should be set.
However, if you install Perl as binary packages, the outcome might
differ, and you may have to check that you do get the core modules
installed properly. We do not claim to know them all, but experience
has told us the following:
- on Linux distributions based on Debian, the package 'perl' will
install the core Perl modules as well, so you will be fine.
- on Linux distributions based on RPMs, you will need to install
'perl-core' rather than just 'perl'.
You MUST have at least Perl version 5.10.0 installed. This minimum
requirement is due to our use of regexp backslash sequence \R among
other features that didn't exist in core Perl before that version.
Notes on Perl on Windows
------------------------
There are a number of build targets that can be viewed as "Windows".
Indeed, there are VC-* configs targeting VisualStudio C, as well as
MinGW and Cygwin. The key recommendation is to use "matching" Perl,
one that matches build environment. For example, if you will build
on Cygwin be sure to use the Cygwin package manager to install Perl.
For MSYS builds use the MSYS provided Perl. For VC-* builds we
recommend ActiveState Perl, available from
http://www.activestate.com/ActivePerl.
Notes on Perl on VMS
--------------------
You will need to install Perl separately. One way to do so is to
download the source from http://perl.org/, unpacking it, reading
README.vms and follow the instructions. Another way is to download a
.PCSI file from http://www.vmsperl.com/ and install it using the
POLYCENTER install tool.
Notes on Perl modules we use
----------------------------
We make increasing use of Perl modules, and do our best to limit
ourselves to core Perl modules to keep the requirements down. There
are just a few exceptions:
Test::More We require the minimum version to be 0.96, which
appeared in Perl 5.13.4, because that version was
the first to have all the features we're using.
This module is required for testing only! If you
don't plan on running the tests, you don't need to
bother with this one.
Text::Template This module is not part of the core Perl modules.
As a matter of fact, the core Perl modules do not
include any templating module to date.
This module is absolutely needed, configuration
depends on it.
To avoid unnecessary initial hurdles, we have bundled a copy of the
following modules in our source. They will work as fallbacks if
these modules aren't already installed on the system.
Text::Template
Notes on installing a perl module
---------------------------------
There are a number of ways to install a perl module. In all
descriptions below, Text::Template will serve as an example.
1. for Linux users, the easiest is to install with the use of your
favorite package manager. Usually, all you need to do is search
for the module name and to install the package that comes up.
On Debian based Linux distributions, it would go like this:
$ apt-cache search Text::Template
...
libtext-template-perl - perl module to process text templates
$ sudo apt-get install libtext-template-perl
Perl modules in Debian based distributions use package names like
the name of the module in question, with "lib" prepended and
"-perl" appended.
2. Install using CPAN. This is very easy, but usually requires root
access:
$ cpan -i Text::Template
Note that this runs all the tests that the module to be installed
comes with. This is usually a smooth operation, but there are
platforms where a failure is indicated even though the actual tests
were successful. Should that happen, you can force an
installation regardless (that should be safe since you've already
seen the tests succeed!):
$ cpan -f -i Text::Template
Note: on VMS, you must quote any argument that contains uppercase
characters, so the lines above would be:
$ cpan -i "Text::Template"
and:
$ cpan -f -i "Text::Template"

117
NOTES.UNIX
View File

@@ -1,117 +0,0 @@
NOTES FOR UNIX LIKE PLATFORMS
=============================
For Unix/POSIX runtime systems on Windows, please see NOTES.WIN.
OpenSSL uses the compiler to link programs and shared libraries
---------------------------------------------------------------
OpenSSL's generated Makefile uses the C compiler command line to
link programs, shared libraries and dynamically loadable shared
objects. Because of this, any linking option that's given to the
configuration scripts MUST be in a form that the compiler can accept.
This varies between systems, where some have compilers that accept
linker flags directly, while others take them in '-Wl,' form. You need
to read your compiler documentation to figure out what is acceptable,
and ld(1) to figure out what linker options are available.
Shared libraries and installation in non-default locations
----------------------------------------------------------
Every Unix system has its own set of default locations for shared
libraries, such as /lib, /usr/lib or possibly /usr/local/lib. If
libraries are installed in non-default locations, dynamically linked
binaries will not find them and therefore fail to run, unless they get
a bit of help from a defined runtime shared library search path.
For OpenSSL's application (the 'openssl' command), our configuration
scripts do NOT generally set the runtime shared library search path for
you. It's therefore advisable to set it explicitly when configuring,
unless the libraries are to be installed in directories that you know
to be in the default list.
Runtime shared library search paths are specified with different
linking options depending on operating system and versions thereof, and
are talked about differently in their respective documentation;
variations of RPATH are the most usual (note: ELF systems have two such
tags, more on that below).
Possible options to set the runtime shared library search path include
the following:
-Wl,-rpath,/whatever/path # Linux, *BSD, etc.
-R /whatever/path # Solaris
-Wl,-R,/whatever/path # AIX (-bsvr4 is passed internally)
-Wl,+b,/whatever/path # HP-UX
-rpath /whatever/path # Tru64, IRIX
OpenSSL's configuration scripts recognise all these options and pass
them to the Makefile that they build. (In fact, all arguments starting
with '-Wl,' are recognised as linker options.)
Please do not use verbatim directories in your runtime shared library
search path! Some OpenSSL config targets add an extra directory level
for multilib installations. To help with that, the produced Makefile
includes the variable LIBRPATH, which is a convenience variable to be
used with the runtime shared library search path options, as shown in
this example:
$ ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl \
'-Wl,-rpath,$(LIBRPATH)'
On modern ELF based systems, there are two runtime search paths tags to
consider, DT_RPATH and DT_RUNPATH. Shared objects are searched for in
this order:
1. Using directories specified in DT_RPATH, unless DT_RUNPATH is
also set.
2. Using the environment variable LD_LIBRARY_PATH
3. Using directories specified in DT_RUNPATH.
4. Using system shared object caches and default directories.
This means that the values in the environment variable LD_LIBRARY_PATH
won't matter if the library is found in the paths given by DT_RPATH
(and DT_RUNPATH isn't set).
Exactly which of DT_RPATH or DT_RUNPATH is set by default appears to
depend on the system. For example, according to documentation,
DT_RPATH appears to be deprecated on Solaris in favor of DT_RUNPATH,
while on Debian GNU/Linux, either can be set, and DT_RPATH is the
default at the time of writing.
How to choose which runtime search path tag is to be set depends on
your system, please refer to ld(1) for the exact information on your
system. As an example, the way to ensure the DT_RUNPATH is set on
Debian GNU/Linux systems rather than DT_RPATH is to tell the linker to
set new dtags, like this:
$ ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl \
'-Wl,--enable-new-dtags,-rpath,$(LIBRPATH)'
It might be worth noting that some/most ELF systems implement support
for runtime search path relative to the directory containing current
executable, by interpreting $ORIGIN along with some other internal
variables. Consult your system documentation.
Linking your application
------------------------
Third-party applications dynamically linked with OpenSSL (or any other)
shared library face exactly the same problem with non-default locations.
The OpenSSL config options mentioned above might or might not have bearing
on linking of the target application. "Might" means that under some
circumstances it would be sufficient to link with OpenSSL shared library
"naturally", i.e. with -L/whatever/path -lssl -lcrypto. But there are
also cases when you'd have to explicitly specify runtime search path
when linking your application. Consult your system documentation and use
above section as inspiration...
Shared OpenSSL builds also install static libraries. Linking with the
latter is likely to require special care, because linkers usually look
for shared libraries first and tend to remain "blind" to static OpenSSL
libraries. Referring to system documentation would suffice, if not for
a corner case. On AIX static libraries (in shared build) are named
differently, add _a suffix to link with them, e.g. -lcrypto_a.

115
NOTES.VMS
View File

@@ -1,115 +0,0 @@
NOTES FOR THE OPENVMS PLATFORM
==============================
Requirement details
-------------------
In addition to the requirements and instructions listed in INSTALL,
this are required as well:
* At least ODS-5 disk organization for source and build.
Installation can be done on any existing disk organization.
About ANSI C compiler
---------------------
An ANSI C compiled is needed among other things. This means that
VAX C is not and will not be supported.
We have only tested with DEC C (aka HP VMS C / VSI C) and require
version 7.1 or later. Compiling with a different ANSI C compiler may
require some work.
Please avoid using C RTL feature logical names DECC$* when building
and testing OpenSSL. Most of all, they can be disruptive when
running the tests, as they affect the Perl interpreter.
About ODS-5 directory names and Perl
------------------------------------
It seems that the perl function canonpath() in the File::Spec module
doesn't treat file specifications where the last directory name
contains periods very well. Unfortunately, some versions of VMS tar
will keep the periods in the OpenSSL source directory instead of
converting them to underscore, thereby leaving your source in
something like [.openssl-1^.1^.0]. This will lead to issues when
configuring and building OpenSSL.
We have no replacement for Perl's canonpath(), so the best workaround
for now is to rename the OpenSSL source directory, as follows (please
adjust for the actual source directory name you have):
$ rename openssl-1^.1^.0.DIR openssl-1_1_0.DIR
About MMS and DCL
-----------------
MMS has certain limitations when it comes to line length, and DCL has
certain limitations when it comes to total command length. We do
what we can to mitigate, but there is the possibility that it's not
enough. Should you run into issues, a very simple solution is to set
yourself up a few logical names for the directory trees you're going
to use.
About debugging
---------------
If you build for debugging, the default on VMS is that image
activation starts the debugger automatically, giving you a debug
prompt. Unfortunately, this disrupts all other uses, such as running
test programs in the test framework.
Generally speaking, if you build for debugging, only use the programs
directly for debugging. Do not try to use them from a script, such
as running the test suite.
*The following is not available on Alpha*
As a compromise, we're turning off the flag that makes the debugger
start automatically. If there is a program that you need to debug,
you need to turn that flag back on first, for example:
$ set image /flag=call_debug [.test]evp_test.exe
Then just run it and you will find yourself in a debugging session.
When done, we recommend that you turn that flag back off:
$ set image /flag=nocall_debug [.test]evp_test.exe
Checking the distribution
-------------------------
There have been reports of places where the distribution didn't quite
get through, for example if you've copied the tree from a NFS-mounted
Unix mount point.
The easiest way to check if everything got through as it should is to
check that this file exists:
[.include.openssl]opensslconf^.h.in
The best way to get a correct distribution is to download the gzipped
tar file from ftp://ftp.openssl.org/source/, use GZIP -d to uncompress
it and VMSTAR to unpack the resulting tar file.
Gzip and VMSTAR are available here:
http://antinode.info/dec/index.html#Software
Should you need it, you can find UnZip for VMS here:
http://www.info-zip.org/UnZip.html
How the value of 'arch' is determined
-------------------------------------
'arch' is mentioned in INSTALL. It's value is determined like this:
arch = f$edit( f$getsyi( "arch_name"), "upcase")

180
NOTES.WIN
View File

@@ -1,180 +0,0 @@
NOTES FOR THE WINDOWS PLATFORMS
===============================
Windows targets can be classified as "native", ones that use Windows API
directly, and "hosted" which rely on POSIX-compatible layer. "Native"
targets are VC-* (where "VC" stems from abbreviating Microsoft Visual C
compiler) and mingw[64]. "Hosted" platforms are Cygwin and MSYS[2]. Even
though the latter is not directly supported by OpenSSL Team, it's #1
popular choice for building MinGW targets. In the nutshell MinGW builds
are always cross-compiled. On Linux and Cygwin they look exactly as such
and require --cross-compile-prefix option. While on MSYS[2] it's solved
rather by placing gcc that produces "MinGW binary" code 1st on $PATH.
This is customarily source of confusion. "Hosted" applications "live" in
emulated filesystem name space with POSIX-y root, mount points, /dev
and even /proc. Confusion is intensified by the fact that MSYS2 shell
(or rather emulated execve(2) call) examines the binary it's about to
start, and if it's found *not* to be linked with MSYS2 POSIX-y thing,
command line arguments that look like filenames get translated from
emulated name space to "native". For example '/c/some/where' becomes
'c:\some\where', '/dev/null' - 'nul'. This creates an illusion that
there is no difference between MSYS2 shell and "MinGW binary", but
there is. Just keep in mind that "MinGW binary" "experiences" Windows
system in exactly same way as one produced by VC, and in its essence
is indistinguishable from the latter. (Which by the way is why
it's referred to in quotes here, as "MinGW binary", it's just as
"native" as it can get.)
Visual C++ builds, aka VC-*
==============================
Requirement details
-------------------
In addition to the requirements and instructions listed in INSTALL,
these are required as well:
- Perl. We recommend ActiveState Perl, available from
https://www.activestate.com/ActivePerl. Another viable alternative
appears to be Strawberry Perl, http://strawberryperl.com.
You also need the perl module Text::Template, available on CPAN.
Please read NOTES.PERL for more information.
- Microsoft Visual C compiler. Since we can't test them all, there is
unavoidable uncertainty about which versions are supported. Latest
version along with couple of previous are certainly supported. On
the other hand oldest one is known not to work. Everything between
falls into best-effort category.
- Netwide Assembler, aka NASM, available from https://www.nasm.us,
is required. Note that NASM is the only supported assembler. Even
though Microsoft provided assembler is NOT supported, contemporary
64-bit version is exercised through continuous integration of
VC-WIN64A-masm target.
Installation directories
------------------------
The default installation directories are derived from environment
variables.
For VC-WIN32, the following defaults are use:
PREFIX: %ProgramFiles(x86)%\OpenSSL
OPENSSLDIR: %CommonProgramFiles(x86)%\SSL
For VC-WIN64, the following defaults are use:
PREFIX: %ProgramW6432%\OpenSSL
OPENSSLDIR: %CommonProgramW6432%\SSL
Should those environment variables not exist (on a pure Win32
installation for examples), these fallbacks are used:
PREFIX: %ProgramFiles%\OpenSSL
OPENSSLDIR: %CommonProgramFiles%\SSL
ALSO NOTE that those directories are usually write protected, even if
your account is in the Administrators group. To work around that,
start the command prompt by right-clicking on it and choosing "Run as
Administrator" before running 'nmake install'. The other solution
is, of course, to choose a different set of directories by using
--prefix and --openssldir when configuring.
mingw and mingw64
=================
* MSYS2 shell and development environment installation:
Download MSYS2 from https://msys2.github.io/ and follow installation
instructions. Once up and running install even make, perl, (git if
needed,) mingw-w64-i686-gcc and/or mingw-w64-x86_64-gcc. You should
have corresponding MinGW items on your start menu, use *them*, not
generic MSYS2. As implied in opening note, difference between them
is which compiler is found 1st on $PATH. At this point ./config
should recognize correct target, roll as if it was Unix...
* It is also possible to build mingw[64] on Linux or Cygwin by
configuring with corresponding --cross-compile-prefix= option. For
example
./Configure mingw --cross-compile-prefix=i686-w64-mingw32- ...
or
./Configure mingw64 --cross-compile-prefix=x86_64-w64-mingw32- ...
This naturally implies that you've installed corresponding add-on
packages.
Independently of the method chosen to build for mingw, the installation
paths are similar to those used when building with VC-* targets, except
that in case the fallbacks mentioned there aren't possible (typically
when cross compiling on Linux), the paths will be the following:
For mingw:
PREFIX: C:/Program Files (x86)/OpenSSL
OPENSSLDIR C:/Program Files (x86)/Common Files/SSL
For mingw64:
PREFIX: C:/Program Files/OpenSSL
OPENSSLDIR C:/Program Files/Common Files/SSL
Linking your application
========================
This section applies to all "native" builds.
If you link with static OpenSSL libraries then you're expected to
additionally link your application with WS2_32.LIB, GDI32.LIB,
ADVAPI32.LIB, CRYPT32.LIB and USER32.LIB. Those developing
noninteractive service applications might feel concerned about
linking with GDI32.LIB and USER32.LIB, as they are justly associated
with interactive desktop, which is not available to service
processes. The toolkit is designed to detect in which context it's
currently executed, GUI, console app or service, and act accordingly,
namely whether or not to actually make GUI calls. Additionally those
who wish to /DELAYLOAD:GDI32.DLL and /DELAYLOAD:USER32.DLL and
actually keep them off service process should consider implementing
and exporting from .exe image in question own _OPENSSL_isservice not
relying on USER32.DLL. E.g., on Windows Vista and later you could:
__declspec(dllexport) __cdecl BOOL _OPENSSL_isservice(void)
{ DWORD sess;
if (ProcessIdToSessionId(GetCurrentProcessId(),&sess))
return sess==0;
return FALSE;
}
If you link with OpenSSL .DLLs, then you're expected to include into
your application code small "shim" snippet, which provides glue between
OpenSSL BIO layer and your compiler run-time. See the OPENSSL_Applink
manual page for further details.
Cygwin, "hosted" environment
============================
Cygwin implements a Posix/Unix runtime system (cygwin1.dll) on top of the
Windows subsystem and provides a bash shell and GNU tools environment.
Consequently, a make of OpenSSL with Cygwin is virtually identical to the
Unix procedure.
To build OpenSSL using Cygwin, you need to:
* Install Cygwin (see https://cygwin.com/)
* Install Cygwin Perl and ensure it is in the path. Recall that
as least 5.10.0 is required.
* Run the Cygwin bash shell
Apart from that, follow the Unix instructions in INSTALL.
NOTE: "make test" and normal file operations may fail in directories
mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin
stripping of carriage returns. To avoid this ensure that a binary
mount is used, e.g. mount -b c:\somewhere /home.

231
PACKAGERS Normal file
View File

@@ -0,0 +1,231 @@
Information to packagers of XZ Utils
====================================
0. Preface
1. Package naming
2. Package description
3. License
4. configure options
5. Additional documentation
6. Extra files
7. Installing XZ Utils and LZMA Utils in parallel
8. Example
0. Preface
----------
This document is meant for people who create and maintain XZ Utils
packages for operating system distributions. The focus is on GNU/Linux
systems, but most things apply to other systems too.
While the standard "configure && make DESTDIR=$PKG install" should
give a pretty good package, there are some details which packagers
may want to tweak.
Packagers should also read the INSTALL file.
1. Package naming
-----------------
The preferred name for the XZ Utils package is "xz", because that's
the name of the upstream tarball. Naturally you may have good reasons
to use some other name; I won't get angry about it. ;-) It's just nice
to be able to point people to the correct package name without asking
what distro they have.
If your distro policy is to split things into small pieces, here is
one suggestion:
xz xz, xzdec, scripts (xzdiff, xzgrep, etc.), docs
xz-lzma lzma, unlzma, lzcat, lzgrep etc. symlinks and
lzmadec binary for compatibility with LZMA Utils
liblzma liblzma.so.*
liblzma-devel liblzma.so, liblzma.a, API headers
2. Package description
----------------------
Here is a suggestion which you may use as the package description.
If you can use only one-line description, pick only the first line.
Naturally, feel free to use some other description if you find it
better, and maybe send it to me too.
Library and command line tools for XZ and LZMA compressed files
XZ Utils provide a general purpose data compression library
and command line tools. The native file format is the .xz
format, but also the legacy .lzma format is supported. The .xz
format supports multiple compression algorithms, of which LZMA2
is currently the primary algorithm. With typical files, XZ Utils
create about 30 % smaller files than gzip.
If you are splitting XZ Utils into multiple packages, here are some
suggestions for package descriptions:
xz:
Command line tools for XZ and LZMA compressed files
This package includes the xz compression tool and other command
line tools from XZ Utils. xz has command line syntax similar to
that of gzip. The native file format is the .xz format, but also
the legacy .lzma format is supported. The .xz format supports
multiple compression algorithms, of which LZMA2 is currently the
primary algorithm. With typical files, XZ Utils create about 30 %
smaller files than gzip.
Note that this package doesn't include the files needed for
LZMA Utils 4.32.x compatibility. Install also the xz-lzma
package to make XZ Utils emulate LZMA Utils 4.32.x.
xz-lzma:
LZMA Utils emulation with XZ Utils
This package includes executables and symlinks to make
XZ Utils emulate lzma, unlzma, lzcat, and other command
line tools found from the legacy LZMA Utils 4.32.x package.
liblzma:
Library for XZ and LZMA compressed files
liblzma is a general purpose data compression library with
an API similar to that of zlib. liblzma supports multiple
algorithms, of which LZMA2 is currently the primary algorithm.
The native file format is .xz, but also the legacy .lzma
format and raw streams (no headers at all) are supported.
This package includes the shared library.
liblzma-devel:
Library for XZ and LZMA compressed files
This package includes the API headers, static library, and
other development files related to liblzma.
3. License
----------
If the package manager supports a license field, you probably should
put GPLv2+ there (GNU GPL v2 or later). The interesting parts of
XZ Utils are in the public domain, but some less important files
ending up into the binary package are under GPLv2+. So it is simplest
to just say GPLv2+ if you cannot specify "public domain and GPLv2+".
If you split XZ Utils into multiple packages as described earlier
in this file, liblzma and liblzma-dev packages will contain only
public domain code (from XZ Utils at least; compiler or linker may
add some third-party code, which may be copyrighted).
4. configure options
--------------------
Unless you are building a package for a distribution that is meant
only for embedded systems, don't use the following configure options:
--enable-debug
--enable-encoders (*)
--enable-decoders
--enable-match-finders
--enable-checks
--enable-small (*)
--disable-threads (*)
(*) These are OK when building xzdec and lzmadec as described
in INSTALL.
xzdec and lzmadec don't provide any functionality that isn't already
available in the xz tool. Shipping xzdec and lzmadec without size
optimization and statically-linked liblzma isn't very useful. Doing
that would give users the xzdec man page, which may make it easier
for people to find out that such tools exists, but the executables
wouldn't have any advantage over the full-featured xz.
5. Additional documentation
---------------------------
"make install" copies some additional documentation to $docdir
(--docdir in configure). There is a copy of the GNU GPL v2, which
can be replaced with a symlink if your distro ships with shared
copies of the common license texts.
liblzma API is currently only documented using Doxygen tags in the
API headers. It hasn't been tested much how good results Doxygen
is able to make from the tags (e.g. Doxyfile might need tweaking,
the tagging may need to be improved etc.), so it might be simpler
to just let people read docs directly from the .h files for now,
and also save quite a bit in package size at the same time.
6. Extra files
--------------
The "extra" directory contains some small extra tools or other files.
The exact set of extra files can vary between XZ Utils releases. The
extra files have only limited use or they are too dangerous to be
put directly to $bindir (7z2lzma.sh is a good example, since it can
silently create corrupt output if certain conditions are not met).
If you feel like it, you may copy the extra directory under the doc
directory (e.g. /usr/share/doc/xz/extra). Maybe some people will find
them useful. However, most people needing these tools probably are
able to find them from the source package too.
The "debug" directory contains some tools that are useful only when
hacking on XZ Utils. Don't package these tools.
7. Installing XZ Utils and LZMA Utils in parallel
-------------------------------------------------
XZ Utils and LZMA Utils 4.32.x can be installed in parallel by
omitting the compatibility symlinks (lzma, unlzma, lzcat, lzgrep etc.)
from the XZ Utils package. It's probably a good idea to still package
the symlinks into a separate package so that users may choose if they
want to use XZ Utils or LZMA Utils for handling .lzma files.
8. Example
----------
Here is an example for i686 GNU/Linux that
- links xz and lzmainfo against shared liblzma;
- links size-optimized xzdec and lzmadec against static liblzma
while avoiding libpthread dependency;
- includes only shared liblzma in the final package; and
- copies also the "extra" directory to the package.
PKG=/tmp/xz-pkg
tar xf xz-x.y.z.tar.gz
cd xz-x.y.z
./configure \
--prefix=/usr \
--disable-static \
--disable-xzdec \
--disable-lzmadec \
CFLAGS='-march=i686 -mtune=generic -O2'
make
make DESTDIR=$PKG install-strip
make clean
./configure \
--prefix=/usr \
--disable-shared \
--disable-nls \
--disable-encoders \
--enable-small \
--disable-threads \
CFLAGS='-march=i686 -mtune=generic -Os'
make -C src/liblzma
make -C src/xzdec
make -C src/xzdec DESTDIR=$PKG install-strip
cp -a extra $PKG/usr/share/doc/xz

355
README
View File

@@ -1,93 +1,308 @@
OpenSSL 1.1.1l 24 Aug 2021 XZ Utils
========
Copyright (c) 1998-2021 The OpenSSL Project 0. Overview
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson 1. Documentation
All rights reserved. 1.1. Overall documentation
1.2. Documentation for command-line tools
1.3. Documentation for liblzma
2. Version numbering
3. Reporting bugs
4. Translating the xz tool
5. Other implementations of the .xz format
6. Contact information
DESCRIPTION
-----------
The OpenSSL Project is a collaborative effort to develop a robust, 0. Overview
commercial-grade, fully featured, and Open Source toolkit implementing the -----------
Transport Layer Security (TLS) protocols (including SSLv3) as well as a
full-strength general purpose cryptographic library.
OpenSSL is descended from the SSLeay library developed by Eric A. Young XZ Utils provide a general-purpose data-compression library plus
and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the command-line tools. The native file format is the .xz format, but
OpenSSL license plus the SSLeay license), which means that you are free to also the legacy .lzma format is supported. The .xz format supports
get and use it for commercial and non-commercial purposes as long as you multiple compression algorithms, which are called "filters" in the
fulfill the conditions of both licenses. context of XZ Utils. The primary filter is currently LZMA2. With
typical files, XZ Utils create about 30 % smaller files than gzip.
OVERVIEW To ease adapting support for the .xz format into existing applications
-------- and scripts, the API of liblzma is somewhat similar to the API of the
popular zlib library. For the same reason, the command-line tool xz
has a command-line syntax similar to that of gzip.
The OpenSSL toolkit includes: When aiming for the highest compression ratio, the LZMA2 encoder uses
a lot of CPU time and may use, depending on the settings, even
hundreds of megabytes of RAM. However, in fast modes, the LZMA2 encoder
competes with bzip2 in compression speed, RAM usage, and compression
ratio.
libssl (with platform specific naming): LZMA2 is reasonably fast to decompress. It is a little slower than
Provides the client and server-side implementations for SSLv3 and TLS. gzip, but a lot faster than bzip2. Being fast to decompress means
that the .xz format is especially nice when the same file will be
decompressed very many times (usually on different computers), which
is the case e.g. when distributing software packages. In such
situations, it's not too bad if the compression takes some time,
since that needs to be done only once to benefit many people.
libcrypto (with platform specific naming): With some file types, combining (or "chaining") LZMA2 with an
Provides general cryptographic and X.509 support needed by SSL/TLS but additional filter can improve the compression ratio. A filter chain may
not logically part of it. contain up to four filters, although usually only one or two are used.
For example, putting a BCJ (Branch/Call/Jump) filter before LZMA2
in the filter chain can improve compression ratio of executable files.
openssl: Since the .xz format allows adding new filter IDs, it is possible that
A command line tool that can be used for: some day there will be a filter that is, for example, much faster to
Creation of key parameters compress than LZMA2 (but probably with worse compression ratio).
Creation of X.509 certificates, CSRs and CRLs Similarly, it is possible that some day there is a filter that will
Calculation of message digests compress better than LZMA2.
Encryption and decryption
SSL/TLS client and server tests
Handling of S/MIME signed or encrypted mail
And more...
INSTALLATION XZ Utils doesn't support multithreaded compression or decompression
------------ yet. It has been planned though and taken into account when designing
the .xz file format.
See the appropriate file:
INSTALL Linux, Unix, Windows, OpenVMS, ...
NOTES.* INSTALL addendums for different platforms
SUPPORT 1. Documentation
------- ----------------
See the OpenSSL website www.openssl.org for details on how to obtain 1.1. Overall documentation
commercial technical support. Free community support is available through the
openssl-users email list (see
https://www.openssl.org/community/mailinglists.html for further details).
If you have any problems with OpenSSL then please take the following steps README This file
first:
- Download the latest version from the repository INSTALL.generic Generic install instructions for those not familiar
to see if the problem has already been addressed with packages using GNU Autotools
- Configure with no-asm INSTALL Installation instructions specific to XZ Utils
- Remove compiler optimization flags PACKAGERS Information to packagers of XZ Utils
If you wish to report a bug then please include the following information COPYING XZ Utils copyright and license information
and create an issue on GitHub: COPYING.GPLv2 GNU General Public License version 2
COPYING.GPLv3 GNU General Public License version 3
COPYING.LGPLv2.1 GNU Lesser General Public License version 2.1
- OpenSSL version: output of 'openssl version -a' AUTHORS The main authors of XZ Utils
- Configuration data: output of 'perl configdata.pm --dump' THANKS Incomplete list of people who have helped making
- OS Name, Version, Hardware platform this software
- Compiler Details (name, version) NEWS User-visible changes between XZ Utils releases
- Application Details (name, version) ChangeLog Detailed list of changes (commit log)
- Problem Description (steps that will reproduce the problem, if known) TODO Known bugs and some sort of to-do list
- Stack Traceback (if the application dumps core)
Just because something doesn't work the way you expect does not mean it Note that only some of the above files are included in binary
is necessarily a bug in OpenSSL. Use the openssl-users email list for this type packages.
of query.
HOW TO CONTRIBUTE TO OpenSSL
----------------------------
See CONTRIBUTING 1.2. Documentation for command-line tools
LEGALITIES The command-line tools are documented as man pages. In source code
---------- releases (and possibly also in some binary packages), the man pages
are also provided in plain text (ASCII only) and PDF formats in the
directory "doc/man" to make the man pages more accessible to those
whose operating system doesn't provide an easy way to view man pages.
1.3. Documentation for liblzma
The liblzma API headers include short docs about each function
and data type as Doxygen tags. These docs should be quite OK as
a quick reference.
I have planned to write a bunch of very well documented example
programs, which (due to comments) should work as a tutorial to
various features of liblzma. No such example programs have been
written yet.
For now, if you have never used liblzma, libbzip2, or zlib, I
recommend learning the *basics* of the zlib API. Once you know that,
it should be easier to learn liblzma.
http://zlib.net/manual.html
http://zlib.net/zlib_how.html
2. Version numbering
--------------------
The version number format of XZ Utils is X.Y.ZS:
- X is the major version. When this is incremented, the library
API and ABI break.
- Y is the minor version. It is incremented when new features
are added without breaking the existing API or ABI. An even Y
indicates a stable release and an odd Y indicates unstable
(alpha or beta version).
- Z is the revision. This has a different meaning for stable and
unstable releases:
* Stable: Z is incremented when bugs get fixed without adding
any new features. This is intended to be convenient for
downstream distributors that want bug fixes but don't want
any new features to minimize the risk of introducing new bugs.
* Unstable: Z is just a counter. API or ABI of features added
in earlier unstable releases having the same X.Y may break.
- S indicates stability of the release. It is missing from the
stable releases, where Y is an even number. When Y is odd, S
is either "alpha" or "beta" to make it very clear that such
versions are not stable releases. The same X.Y.Z combination is
not used for more than one stability level, i.e. after X.Y.Zalpha,
the next version can be X.Y.(Z+1)beta but not X.Y.Zbeta.
3. Reporting bugs
-----------------
Naturally it is easiest for me if you already know what causes the
unexpected behavior. Even better if you have a patch to propose.
However, quite often the reason for unexpected behavior is unknown,
so here are a few things to do before sending a bug report:
1. Try to create a small example how to reproduce the issue.
2. Compile XZ Utils with debugging code using configure switches
--enable-debug and, if possible, --disable-shared. If you are
using GCC, use CFLAGS='-O0 -ggdb3'. Don't strip the resulting
binaries.
3. Turn on core dumps. The exact command depends on your shell;
for example in GNU bash it is done with "ulimit -c unlimited",
and in tcsh with "limit coredumpsize unlimited".
4. Try to reproduce the suspected bug. If you get "assertion failed"
message, be sure to include the complete message in your bug
report. If the application leaves a coredump, get a backtrace
using gdb:
$ gdb /path/to/app-binary # Load the app to the debugger.
(gdb) core core # Open the coredump.
(gdb) bt # Print the backtrace. Copy & paste to bug report.
(gdb) quit # Quit gdb.
Report your bug via email or IRC (see Contact information below).
Don't send core dump files or any executables. If you have a small
example file(s) (total size less than 256 KiB), please include
it/them as an attachment. If you have bigger test files, put them
online somewhere and include a URL to the file(s) in the bug report.
Always include the exact version number of XZ Utils in the bug report.
If you are using a snapshot from the git repository, use "git describe"
to get the exact snapshot version. If you are using XZ Utils shipped
in an operating system distribution, mention the distribution name,
distribution version, and exact xz package version; if you cannot
repeat the bug with the code compiled from unpatched source code,
you probably need to report a bug to your distribution's bug tracking
system.
4. Translating the xz tool
--------------------------
The messages from the xz tool have been translated into a few
languages. Before starting to translate into a new language, ask
the author whether someone else hasn't already started working on it.
Test your translation. Testing includes comparing the translated
output to the original English version by running the same commands
in both your target locale and with LC_ALL=C. Ask someone to
proof-read and test the translation.
Testing can be done e.g. by installing xz into a temporary directory:
./configure --disable-shared --prefix=/tmp/xz-test
# <Edit the .po file in the po directory.>
make -C po update-po
make install
bash debug/translation.bash | less
bash debug/translation.bash | less -S # For --list outputs
Repeat the above as needed (no need to re-run configure though).
Note especially the following:
- The output of --help and --long-help must look nice on
an 80-column terminal. It's OK to add extra lines if needed.
- In contrast, don't add extra lines to error messages and such.
They are often preceded with e.g. a filename on the same line,
so you have no way to predict where to put a \n. Let the terminal
do the wrapping even if it looks ugly. Adding new lines will be
even uglier in the generic case even if it looks nice in a few
limited examples.
- Be careful with column alignment in tables and table-like output
(--list, --list --verbose --verbose, --info-memory, --help, and
--long-help):
* All descriptions of options in --help should start in the
same column (but it doesn't need to be the same column as
in the English messages; just be consistent if you change it).
Check that both --help and --long-help look OK, since they
share several strings.
* --list --verbose and --info-memory print lines that have
the format "Description: %s". If you need a longer
description, you can put extra space between the colon
and %s. Then you may need to add extra space to other
strings too so that the result as a whole looks good (all
values start at the same column).
* The columns of the actual tables in --list --verbose --verbose
should be aligned properly. Abbreviate if necessary. It might
be good to keep at least 2 or 3 spaces between column headings
and avoid spaces in the headings so that the columns stand out
better, but this is a matter of opinion. Do what you think
looks best.
- Be careful to put a period at the end of a sentence when the
original version has it, and don't put it when the original
doesn't have it. Similarly, be careful with \n characters
at the beginning and end of the strings.
- Read the TRANSLATORS comments that have been extracted from the
source code and included in xz.pot. If they suggest testing the
translation with some type of command, do it. If testing needs
input files, use e.g. tests/files/good-*.xz.
- When updating the translation, read the fuzzy (modified) strings
carefully, and don't mark them as updated before you actually
have updated them. Reading through the unchanged messages can be
good too; sometimes you may find a better wording for them.
- If you find language problems in the original English strings,
feel free to suggest improvements. Ask if something is unclear.
- The translated messages should be understandable (sometimes this
may be a problem with the original English messages too). Don't
make a direct word-by-word translation from English especially if
the result doesn't sound good in your language.
In short, take your time and pay attention to the details. Making
a good translation is not a quick and trivial thing to do. The
translated xz should look as polished as the English version.
5. Other implementations of the .xz format
------------------------------------------
7-Zip and the p7zip port of 7-Zip support the .xz format starting
from the version 9.00alpha.
http://7-zip.org/
http://p7zip.sourceforge.net/
XZ Embedded is a limited implementation written for use in the Linux
kernel, but it is also suitable for other embedded use.
http://tukaani.org/xz/embedded.html
6. Contact information
----------------------
If you have questions, bug reports, patches etc. related to XZ Utils,
contact Lasse Collin <lasse.collin@tukaani.org> (in Finnish or English).
I'm sometimes slow at replying. If you haven't got a reply within two
weeks, assume that your email has got lost and resend it or use IRC.
You can find me also from #tukaani on Freenode; my nick is Larhzu.
The channel tends to be pretty quiet, so just ask your question and
someone may wake up.
A number of nations restrict the use or export of cryptography. If you
are potentially subject to such restrictions you should seek competent
professional legal advice before attempting to develop or distribute
cryptographic code.

287
README.ENGINE
View File

@@ -1,287 +0,0 @@
ENGINE
======
With OpenSSL 0.9.6, a new component was added to support alternative
cryptography implementations, most commonly for interfacing with external
crypto devices (eg. accelerator cards). This component is called ENGINE,
and its presence in OpenSSL 0.9.6 (and subsequent bug-fix releases)
caused a little confusion as 0.9.6** releases were rolled in two
versions, a "standard" and an "engine" version. In development for 0.9.7,
the ENGINE code has been merged into the main branch and will be present
in the standard releases from 0.9.7 forwards.
There are currently built-in ENGINE implementations for the following
crypto devices:
o Microsoft CryptoAPI
o VIA Padlock
o nCipher CHIL
In addition, dynamic binding to external ENGINE implementations is now
provided by a special ENGINE called "dynamic". See the "DYNAMIC ENGINE"
section below for details.
At this stage, a number of things are still needed and are being worked on:
1 Integration of EVP support.
2 Configuration support.
3 Documentation!
1 With respect to EVP, this relates to support for ciphers and digests in
the ENGINE model so that alternative implementations of existing
algorithms/modes (or previously unimplemented ones) can be provided by
ENGINE implementations.
2 Configuration support currently exists in the ENGINE API itself, in the
form of "control commands". These allow an application to expose to the
user/admin the set of commands and parameter types a given ENGINE
implementation supports, and for an application to directly feed string
based input to those ENGINEs, in the form of name-value pairs. This is an
extensible way for ENGINEs to define their own "configuration" mechanisms
that are specific to a given ENGINE (eg. for a particular hardware
device) but that should be consistent across *all* OpenSSL-based
applications when they use that ENGINE. Work is in progress (or at least
in planning) for supporting these control commands from the CONF (or
NCONF) code so that applications using OpenSSL's existing configuration
file format can have ENGINE settings specified in much the same way.
Presently however, applications must use the ENGINE API itself to provide
such functionality. To see first hand the types of commands available
with the various compiled-in ENGINEs (see further down for dynamic
ENGINEs), use the "engine" openssl utility with full verbosity, ie;
openssl engine -vvvv
3 Documentation? Volunteers welcome! The source code is reasonably well
self-documenting, but some summaries and usage instructions are needed -
moreover, they are needed in the same POD format the existing OpenSSL
documentation is provided in. Any complete or incomplete contributions
would help make this happen.
STABILITY & BUG-REPORTS
=======================
What already exists is fairly stable as far as it has been tested, but
the test base has been a bit small most of the time. For the most part,
the vendors of the devices these ENGINEs support have contributed to the
development and/or testing of the implementations, and *usually* (with no
guarantees) have experience in using the ENGINE support to drive their
devices from common OpenSSL-based applications. Bugs and/or inexplicable
behaviour in using a specific ENGINE implementation should be sent to the
author of that implementation (if it is mentioned in the corresponding C
file), and in the case of implementations for commercial hardware
devices, also through whatever vendor support channels are available. If
none of this is possible, or the problem seems to be something about the
ENGINE API itself (ie. not necessarily specific to a particular ENGINE
implementation) then you should mail complete details to the relevant
OpenSSL mailing list. For a definition of "complete details", refer to
the OpenSSL "README" file. As for which list to send it to;
openssl-users: if you are *using* the ENGINE abstraction, either in an
pre-compiled application or in your own application code.
openssl-dev: if you are discussing problems with OpenSSL source code.
USAGE
=====
The default "openssl" ENGINE is always chosen when performing crypto
operations unless you specify otherwise. You must actively tell the
openssl utility commands to use anything else through a new command line
switch called "-engine". Also, if you want to use the ENGINE support in
your own code to do something similar, you must likewise explicitly
select the ENGINE implementation you want.
Depending on the type of hardware, system, and configuration, "settings"
may need to be applied to an ENGINE for it to function as expected/hoped.
The recommended way of doing this is for the application to support
ENGINE "control commands" so that each ENGINE implementation can provide
whatever configuration primitives it might require and the application
can allow the user/admin (and thus the hardware vendor's support desk
also) to provide any such input directly to the ENGINE implementation.
This way, applications do not need to know anything specific to any
device, they only need to provide the means to carry such user/admin
input through to the ENGINE in question. Ie. this connects *you* (and
your helpdesk) to the specific ENGINE implementation (and device), and
allows application authors to not get buried in hassle supporting
arbitrary devices they know (and care) nothing about.
A new "openssl" utility, "openssl engine", has been added in that allows
for testing and examination of ENGINE implementations. Basic usage
instructions are available by specifying the "-?" command line switch.
DYNAMIC ENGINES
===============
The new "dynamic" ENGINE provides a low-overhead way to support ENGINE
implementations that aren't pre-compiled and linked into OpenSSL-based
applications. This could be because existing compiled-in implementations
have known problems and you wish to use a newer version with an existing
application. It could equally be because the application (or OpenSSL
library) you are using simply doesn't have support for the ENGINE you
wish to use, and the ENGINE provider (eg. hardware vendor) is providing
you with a self-contained implementation in the form of a shared-library.
The other use-case for "dynamic" is with applications that wish to
maintain the smallest foot-print possible and so do not link in various
ENGINE implementations from OpenSSL, but instead leaves you to provide
them, if you want them, in the form of "dynamic"-loadable
shared-libraries. It should be possible for hardware vendors to provide
their own shared-libraries to support arbitrary hardware to work with
applications based on OpenSSL 0.9.7 or later. If you're using an
application based on 0.9.7 (or later) and the support you desire is only
announced for versions later than the one you need, ask the vendor to
backport their ENGINE to the version you need.
How does "dynamic" work?
------------------------
The dynamic ENGINE has a special flag in its implementation such that
every time application code asks for the 'dynamic' ENGINE, it in fact
gets its own copy of it. As such, multi-threaded code (or code that
multiplexes multiple uses of 'dynamic' in a single application in any
way at all) does not get confused by 'dynamic' being used to do many
independent things. Other ENGINEs typically don't do this so there is
only ever 1 ENGINE structure of its type (and reference counts are used
to keep order). The dynamic ENGINE itself provides absolutely no
cryptographic functionality, and any attempt to "initialise" the ENGINE
automatically fails. All it does provide are a few "control commands"
that can be used to control how it will load an external ENGINE
implementation from a shared-library. To see these control commands,
use the command-line;
openssl engine -vvvv dynamic
The "SO_PATH" control command should be used to identify the
shared-library that contains the ENGINE implementation, and "NO_VCHECK"
might possibly be useful if there is a minor version conflict and you
(or a vendor helpdesk) is convinced you can safely ignore it.
"ID" is probably only needed if a shared-library implements
multiple ENGINEs, but if you know the engine id you expect to be using,
it doesn't hurt to specify it (and this provides a sanity check if
nothing else). "LIST_ADD" is only required if you actually wish the
loaded ENGINE to be discoverable by application code later on using the
ENGINE's "id". For most applications, this isn't necessary - but some
application authors may have nifty reasons for using it. The "LOAD"
command is the only one that takes no parameters and is the command
that uses the settings from any previous commands to actually *load*
the shared-library ENGINE implementation. If this command succeeds, the
(copy of the) 'dynamic' ENGINE will magically morph into the ENGINE
that has been loaded from the shared-library. As such, any control
commands supported by the loaded ENGINE could then be executed as per
normal. Eg. if ENGINE "foo" is implemented in the shared-library
"libfoo.so" and it supports some special control command "CMD_FOO", the
following code would load and use it (NB: obviously this code has no
error checking);
ENGINE *e = ENGINE_by_id("dynamic");
ENGINE_ctrl_cmd_string(e, "SO_PATH", "/lib/libfoo.so", 0);
ENGINE_ctrl_cmd_string(e, "ID", "foo", 0);
ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0);
ENGINE_ctrl_cmd_string(e, "CMD_FOO", "some input data", 0);
For testing, the "openssl engine" utility can be useful for this sort
of thing. For example the above code excerpt would achieve much the
same result as;
openssl engine dynamic \
-pre SO_PATH:/lib/libfoo.so \
-pre ID:foo \
-pre LOAD \
-pre "CMD_FOO:some input data"
Or to simply see the list of commands supported by the "foo" ENGINE;
openssl engine -vvvv dynamic \
-pre SO_PATH:/lib/libfoo.so \
-pre ID:foo \
-pre LOAD
Applications that support the ENGINE API and more specifically, the
"control commands" mechanism, will provide some way for you to pass
such commands through to ENGINEs. As such, you would select "dynamic"
as the ENGINE to use, and the parameters/commands you pass would
control the *actual* ENGINE used. Each command is actually a name-value
pair and the value can sometimes be omitted (eg. the "LOAD" command).
Whilst the syntax demonstrated in "openssl engine" uses a colon to
separate the command name from the value, applications may provide
their own syntax for making that separation (eg. a win32 registry
key-value pair may be used by some applications). The reason for the
"-pre" syntax in the "openssl engine" utility is that some commands
might be issued to an ENGINE *after* it has been initialised for use.
Eg. if an ENGINE implementation requires a smart-card to be inserted
during initialisation (or a PIN to be typed, or whatever), there may be
a control command you can issue afterwards to "forget" the smart-card
so that additional initialisation is no longer possible. In
applications such as web-servers, where potentially volatile code may
run on the same host system, this may provide some arguable security
value. In such a case, the command would be passed to the ENGINE after
it has been initialised for use, and so the "-post" switch would be
used instead. Applications may provide a different syntax for
supporting this distinction, and some may simply not provide it at all
("-pre" is almost always what you're after, in reality).
How do I build a "dynamic" ENGINE?
----------------------------------
This question is trickier - currently OpenSSL bundles various ENGINE
implementations that are statically built in, and any application that
calls the "ENGINE_load_builtin_engines()" function will automatically
have all such ENGINEs available (and occupying memory). Applications
that don't call that function have no ENGINEs available like that and
would have to use "dynamic" to load any such ENGINE - but on the other
hand such applications would only have the memory footprint of any
ENGINEs explicitly loaded using user/admin provided control commands.
The main advantage of not statically linking ENGINEs and only using
"dynamic" for hardware support is that any installation using no
"external" ENGINE suffers no unnecessary memory footprint from unused
ENGINEs. Likewise, installations that do require an ENGINE incur the
overheads from only *that* ENGINE once it has been loaded.
Sounds good? Maybe, but currently building an ENGINE implementation as
a shared-library that can be loaded by "dynamic" isn't automated in
OpenSSL's build process. It can be done manually quite easily however.
Such a shared-library can either be built with any OpenSSL code it
needs statically linked in, or it can link dynamically against OpenSSL
if OpenSSL itself is built as a shared library. The instructions are
the same in each case, but in the former (statically linked any
dependencies on OpenSSL) you must ensure OpenSSL is built with
position-independent code ("PIC"). The default OpenSSL compilation may
already specify the relevant flags to do this, but you should consult
with your compiler documentation if you are in any doubt.
This example will show building the "atalla" ENGINE in the
crypto/engine/ directory as a shared-library for use via the "dynamic"
ENGINE.
1) "cd" to the crypto/engine/ directory of a pre-compiled OpenSSL
source tree.
2) Recompile at least one source file so you can see all the compiler
flags (and syntax) being used to build normally. Eg;
touch hw_atalla.c ; make
will rebuild "hw_atalla.o" using all such flags.
3) Manually enter the same compilation line to compile the
"hw_atalla.c" file but with the following two changes;
(a) add "-DENGINE_DYNAMIC_SUPPORT" to the command line switches,
(b) change the output file from "hw_atalla.o" to something new,
eg. "tmp_atalla.o"
4) Link "tmp_atalla.o" into a shared-library using the top-level
OpenSSL libraries to resolve any dependencies. The syntax for doing
this depends heavily on your system/compiler and is a nightmare
known well to anyone who has worked with shared-library portability
before. 'gcc' on Linux, for example, would use the following syntax;
gcc -shared -o dyn_atalla.so tmp_atalla.o -L../.. -lcrypto
5) Test your shared library using "openssl engine" as explained in the
previous section. Eg. from the top-level directory, you might try;
apps/openssl engine -vvvv dynamic \
-pre SO_PATH:./crypto/engine/dyn_atalla.so -pre LOAD
If the shared-library loads successfully, you will see both "-pre"
commands marked as "SUCCESS" and the list of control commands
displayed (because of "-vvvv") will be the control commands for the
*atalla* ENGINE (ie. *not* the 'dynamic' ENGINE). You can also add
the "-t" switch to the utility if you want it to try and initialise
the atalla ENGINE for use to test any possible hardware/driver
issues.
PROBLEMS
========
It seems like the ENGINE part doesn't work too well with CryptoSwift on Win32.
A quick test done right before the release showed that trying "openssl speed
-engine cswift" generated errors. If the DSO gets enabled, an attempt is made
to write at memory address 0x00000002.

1
README.FIPS
View File

@@ -1 +0,0 @@
This release does not support a FIPS 140-2 validated module.

116
THANKS Normal file
View File

@@ -0,0 +1,116 @@
Thanks
======
Some people have helped more, some less, but nevertheless everyone's help
has been important. :-) In alphabetical order:
- Mark Adler
- H. Peter Anvin
- Jeff Bastian
- Nelson H. F. Beebe
- Karl Berry
- Anders F. Björklund
- Emmanuel Blot
- Martin Blumenstingl
- Jakub Bogusz
- Maarten Bosmans
- Trent W. Buck
- James Buren
- David Burklund
- Daniel Mealha Cabrita
- Milo Casagrande
- Marek Černocký
- Tomer Chachamu
- Gabi Davar
- Chris Donawa
- Andrew Dudman
- Markus Duft
- İsmail Dönmez
- Robert Elz
- Gilles Espinasse
- Denis Excoffier
- Michael Felt
- Michael Fox
- Mike Frysinger
- Daniel Richard G.
- Bill Glessner
- Jason Gorski
- Juan Manuel Guerrero
- Diederik de Haas
- Joachim Henke
- Christian Hesse
- Vincenzo Innocente
- Peter Ivanov
- Jouk Jansen
- Jun I Jin
- Per Øyvind Karlsen
- Thomas Klausner
- Richard Koch
- Ville Koskinen
- Jan Kratochvil
- Christian Kujau
- Stephan Kulow
- Peter Lawler
- James M Leddy
- Hin-Tak Leung
- Andraž 'ruskie' Levstik
- Cary Lewis
- Wim Lewis
- Lorenzo De Liso
- Bela Lubkin
- Gregory Margo
- Jim Meyering
- Arkadiusz Miskiewicz
- Conley Moorhous
- Rafał Mużyło
- Adrien Nader
- Hongbo Ni
- Jonathan Nieder
- Andre Noll
- Peter O'Gorman
- Peter Pallinger
- Rui Paulo
- Igor Pavlov
- Diego Elio Pettenò
- Elbert Pol
- Mikko Pouru
- Trần Ngọc Quân
- Pavel Raiskup
- Ole André Vadla Ravnås
- Robert Readman
- Bernhard Reutner-Fischer
- Eric S. Raymond
- Cristian Rodríguez
- Christian von Roques
- Torsten Rupp
- Jukka Salmi
- Alexandre Sauvé
- Benno Schulenberg
- Andreas Schwab
- Dan Shechter
- Stuart Shelton
- Brad Smith
- Jonathan Stott
- Dan Stromberg
- Vincent Torri
- Paul Townsend
- Mohammed Adnène Trojette
- Alexey Tourbin
- Patrick J. Volkerding
- Martin Väth
- Adam Walling
- Christian Weisgerber
- Bert Wesarg
- Fredrik Wikstrom
- Ralf Wildenhues
- Charles Wilson
- Lars Wirzenius
- Pilorz Wojciech
- Ryan Young
- Andreas Zieringer
Also thanks to all the people who have participated in the Tukaani project.
I have probably forgot to add some names to the above list. Sorry about
that and thanks for your help.

111
TODO Normal file
View File

@@ -0,0 +1,111 @@
XZ Utils To-Do List
===================
Known bugs
----------
The test suite is too incomplete.
If the memory usage limit is less than about 13 MiB, xz is unable to
automatically scale down the compression settings enough even though
it would be possible by switching from BT2/BT3/BT4 match finder to
HC3/HC4.
XZ Utils compress some files significantly worse than LZMA Utils.
This is due to faster compression presets used by XZ Utils, and
can often be worked around by using "xz --extreme". With some files
--extreme isn't enough though: it's most likely with files that
compress extremely well, so going from compression ratio of 0.003
to 0.004 means big relative increase in the compressed file size.
xz doesn't quote unprintable characters when it displays file names
given on the command line.
tuklib_exit() doesn't block signals => EINTR is possible.
SIGTSTP is not handled. If xz is stopped, the estimated remaining
time and calculated (de)compression speed won't make sense in the
progress indicator (xz --verbose).
If liblzma has created threads and fork() gets called, liblzma
code will break in the child process unless it calls exec() and
doesn't touch liblzma.
Missing features
----------------
Add support for storing metadata in .xz files. A preliminary
idea is to create a new Stream type for metadata. When both
metadata and data are wanted in the same .xz file, two or more
Streams would be concatenated.
The state stored in lzma_stream should be cloneable, which would
be mostly useful when using a preset dictionary in LZMA2, but
it may have other uses too. Compare to deflateCopy() in zlib.
Support LZMA_FINISH in raw decoder to indicate end of LZMA1 and
other streams that don't have an end of payload marker.
Adjust dictionary size when the input file size is known.
Maybe do this only if an option is given.
xz doesn't support copying extended attributes, access control
lists etc. from source to target file.
Multithreaded compression:
- Reduce memory usage of the current method.
- Implement threaded match finders.
- Implement pigz-style threading in LZMA2.
Multithreaded decompression
Buffer-to-buffer coding could use less RAM (especially when
decompressing LZMA1 or LZMA2).
I/O library is not implemented (similar to gzopen() in zlib).
It will be a separate library that supports uncompressed, .gz,
.bz2, .lzma, and .xz files.
Support changing lzma_options_lzma.mode with lzma_filters_update().
Support LZMA_FULL_FLUSH for lzma_stream_decoder() to stop at
Block and Stream boundaries.
lzma_strerror() to convert lzma_ret to human readable form?
This is tricky, because the same error codes are used with
slightly different meanings, and this cannot be fixed anymore.
Make it possible to adjust LZMA2 options in the middle of a Block
so that the encoding speed vs. compression ratio can be optimized
when the compressed data is streamed over network.
Improved BCJ filters. The current filters are small but they aren't
so great when compressing binary packages that contain various file
types. Specifically, they make things worse if there are static
libraries or Linux kernel modules. The filtering could also be
more effective (without getting overly complex), for example,
streamable variant BCJ2 from 7-Zip could be implemented.
Filter that autodetects specific data types in the input stream
and applies appropriate filters for the corrects parts of the input.
Perhaps combine this with the BCJ filter improvement point above.
Long-range LZ77 method as a separate filter or as a new LZMA2
match finder.
Documentation
-------------
More tutorial programs are needed for liblzma.
Document the LZMA1 and LZMA2 algorithms.
Miscellaneous
------------
Try to get the media type for .xz registered at IANA.

41
VMS/VMSify-conf.pl
View File

@@ -1,41 +0,0 @@
#! /usr/bin/env perl
# Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
use strict;
use warnings;
my @directory_vars = ( "dir", "certs", "crl_dir", "new_certs_dir" );
my @file_vars = ( "database", "certificate", "serial", "crlnumber",
"crl", "private_key", "RANDFILE" );
while(<STDIN>) {
s|\R$||;
foreach my $d (@directory_vars) {
if (/^(\s*\#?\s*${d}\s*=\s*)\.\/([^\s\#]*)([\s\#].*)$/) {
$_ = "$1sys\\\$disk:\[.$2$3";
} elsif (/^(\s*\#?\s*${d}\s*=\s*)(\w[^\s\#]*)([\s\#].*)$/) {
$_ = "$1sys\\\$disk:\[.$2$3";
}
s/^(\s*\#?\s*${d}\s*=\s*\$\w+)\/([^\s\#]*)([\s\#].*)$/$1.$2\]$3/;
while(/^(\s*\#?\s*${d}\s*=\s*(\$\w+\.|sys\\\$disk:\[\.)[\w\.]+)\/([^\]]*)\](.*)$/) {
$_ = "$1.$3]$4";
}
}
foreach my $f (@file_vars) {
s/^(\s*\#?\s*${f}\s*=\s*)\.\/(.*)$/$1sys\\\$disk:\[\/$2/;
while(/^(\s*\#?\s*${f}\s*=\s*(\$\w+|sys\\\$disk:\[)[^\/]*)\/(\w+\/[^\s\#]*)([\s\#].*)$/) {
$_ = "$1.$3$4";
}
if (/^(\s*\#?\s*${f}\s*=\s*(\$\w+|sys\\\$disk:\[)[^\/]*)\/(\w+)([\s\#].*)$/) {
$_ = "$1]$3.$4";
} elsif (/^(\s*\#?\s*${f}\s*=\s*(\$\w+|sys\\\$disk:\[)[^\/]*)\/([^\s\#]*)([\s\#].*)$/) {
$_ = "$1]$3$4";
}
}
print $_,"\n";
}

3
VMS/engine.opt
View File

@@ -1,3 +0,0 @@
CASE_SENSITIVE=YES
SYMBOL_VECTOR=(BIND_ENGINE=PROCEDURE,V_CHECK=PROCEDURE,-
bind_engine/BIND_ENGINE=PROCEDURE,v_check/V_CHECK=PROCEDURE)

19
VMS/msg_install.com
View File

@@ -1,19 +0,0 @@
$ ! Used by the main descrip.mms to print the installation complete
$ ! message.
$ ! Arguments:
$ ! P1 startup / setup / shutdown scripts directory
$ ! P2 distinguishing version number ("major version")
$
$ systartup = p1
$ osslver = p2
$
$ WRITE SYS$OUTPUT "Installation complete"
$ WRITE SYS$OUTPUT ""
$ WRITE SYS$OUTPUT "The following commands need to be executed to enable you to use OpenSSL:"
$ WRITE SYS$OUTPUT ""
$ WRITE SYS$OUTPUT "- to set up OpenSSL logical names:"
$ WRITE SYS$OUTPUT " @''systartup'openssl_startup''osslver'"
$ WRITE SYS$OUTPUT ""
$ WRITE SYS$OUTPUT "- to define the OpenSSL command"
$ WRITE SYS$OUTPUT " @''systartup'openssl_utils''osslver'"
$ WRITE SYS$OUTPUT ""

37
VMS/msg_staging.com
View File

@@ -1,37 +0,0 @@
$ ! Used by the main descrip.mms to print the statging installation
$ ! complete
$ ! message.
$ ! Arguments:
$ ! P1 staging software installation directory
$ ! P2 staging data installation directory
$ ! P3 final software installation directory
$ ! P4 final data installation directory
$ ! P5 startup / setup / shutdown scripts directory
$ ! P6 distinguishing version number ("major version")
$
$ staging_instdir = p1
$ staging_datadir = p2
$ final_instdir = p3
$ final_datadir = p4
$ systartup = p5
$ osslver = p6
$
$ WRITE SYS$OUTPUT "Staging installation complete"
$ WRITE SYS$OUTPUT ""
$ WRITE SYS$OUTPUT "Finish or package in such a way that the contents of the following directory"
$ WRITE SYS$OUTPUT "trees end up being copied:"
$ WRITE SYS$OUTPUT ""
$ WRITE SYS$OUTPUT "- from ", staging_instdir
$ WRITE SYS$OUTPUT " to ", final_instdir
$ WRITE SYS$OUTPUT "- from ", staging_datadir
$ WRITE SYS$OUTPUT " to ", final_datadir
$ WRITE SYS$OUTPUT ""
$ WRITE SYS$OUTPUT "When in its final destination, the following commands need to be executed"
$ WRITE SYS$OUTPUT "to use OpenSSL:"
$ WRITE SYS$OUTPUT ""
$ WRITE SYS$OUTPUT "- to set up OpenSSL logical names:"
$ WRITE SYS$OUTPUT " @''systartup'openssl_startup''osslver'"
$ WRITE SYS$OUTPUT ""
$ WRITE SYS$OUTPUT "- to define the OpenSSL command"
$ WRITE SYS$OUTPUT " @''systartup'openssl_utils''osslver'"
$ WRITE SYS$OUTPUT ""

50
VMS/openssl_ivp.com.in
View File

@@ -1,50 +0,0 @@
$ ! OpenSSL Internal Verification Procedure
$ !
$ ! This script checks the consistency of a OpenSSL installation
$ ! It had better be spawned, as it creates process logicals
$
$ ! Generated information
$ INSTALLTOP := {- $config{INSTALLTOP} -}
$ OPENSSLDIR := {- $config{OPENSSLDIR} -}
$
$ ! Make sure that INSTALLTOP and OPENSSLDIR become something one
$ ! can use to call the startup procedure
$ INSTALLTOP_ = F$PARSE("A.;",INSTALLTOP,,,"NO_CONCEAL") -
- ".][000000" - "[000000." - "][" - "]A.;" + "."
$ OPENSSLDIR_ = F$PARSE("A.;",OPENSSLDIR,,,"NO_CONCEAL") -
- ".][000000" - "[000000." - "][" - "]A.;" + "."
$
$ v := {- sprintf "%02d%02d", split(/\./, $config{version}) -}
$ pz := {- $config{pointer_size} -}
$
$ @'INSTALLTOP_'SYS$STARTUP]openssl_startup'v'
$ @'INSTALLTOP_'SYS$STARTUP]openssl_utils'v'
$
$ IF F$SEARCH("OSSL$LIBCRYPTO''pz'") .EQS. "" -
.OR. F$SEARCH("OSSL$LIBSSL''pz'") .EQS. "" {- output_off() if $config{no_shared}; "" -}-
.OR. F$SEARCH("OSSL$LIBCRYPTO_SHR''pz'") .EQS. "" -
.OR. F$SEARCH("OSSL$LIBSSL_SHR''pz'") .EQS. "" {- output_on() if $config{no_shared}; "" -}-
.OR. F$SEARCH("OSSL$INCLUDE:[OPENSSL]crypto.h") .EQS. "" -
.OR. F$SEARCH("OPENSSL:crypto.h") .EQS. "" -
.OR. F$SEARCH("OSSL$EXE:OPENSSL''v'.EXE") .EQS. ""
$ THEN
$ WRITE SYS$ERROR "Installation inconsistent"
$ EXIT %x00018292 ! RMS$_FNF, file not found
$ ENDIF
$
$ ON ERROR THEN GOTO error
$
$ ! If something else is wrong with the installation, we're likely
$ ! to get an image activation error here
$ openssl version -a
$
$ ! FUTURE ENHANCEMENT: Verify that engines are where they should be.
$ ! openssl engine -c -t checker
$
$ WRITE SYS$ERROR "OpenSSL IVP passed"
$ EXIT %x10000001
$
$ error:
$ save_status = $STATUS
$ WRITE SYS$ERROR "OpenSSL IVP failed"
$ EXIT 'save_status'

56
VMS/openssl_shutdown.com.in
View File

@@ -1,56 +0,0 @@
$ ! OpenSSL shutdown script
$ !
$ ! This script deassigns the logical names used by the installation
$ ! of OpenSSL. It can do so at any level, defined by P1.
$ !
$ ! P1 Qualifier(s) for DEASSIGN.
$ ! Default: /PROCESS
$ !
$ ! P2 If the value is "NOALIASES", no alias logical names are
$ ! deassigned.
$
$ status = %x10000001 ! Generic success
$
$ ! In case there's a problem
$ ON CONTROL_Y THEN GOTO bailout
$ ON ERROR THEN GOTO bailout
$
$ ! Find the architecture
$ IF F$GETSYI("CPU") .LT. 128
$ THEN
$ arch := VAX
$ ELSE
$ arch := F$EDIT(F$GETSYI("ARCH_NAME"),"UPCASE")
$ IF arch .EQS. "" THEN GOTO unknown_arch
$ ENDIF
$
$ ! Abbrevs
$ DEAS := DEASSIGN /NOLOG 'P1'
$ sv := {- sprintf "%02d%02d", split m|\.|, $config{shlib_version_number} -}
$ pz := {- $config{pointer_size} -}
$
$ DEAS OSSL$DATAROOT
$ DEAS OSSL$INSTROOT
$ DEAS OSSL$INCLUDE
$ DEAS OSSL$LIB
$ DEAS OSSL$SHARE
$ DEAS OSSL$ENGINES'sv'
$ DEAS OSSL$EXE
$ DEAS OSSL$LIBCRYPTO'pz'
$ DEAS OSSL$LIBSSL'pz'
${- output_off() if $config{no_shared}; "" -}
$ DEAS OSSL$LIBCRYPTO'sv'_SHR'pz'
$ DEAS OSSL$LIBSSL'sv'_SHR'pz'
${- output_on() if $config{no_shared}; "" -}
$ DEAS OPENSSL
$
$ IF P2 .NES. "NOALIASES"
$ THEN
$ DEAS OSSL$ENGINES
${- output_off() if $config{no_shared}; "" -}
$ DEAS OSSL$LIBCRYPTO_SHR'pz'
$ DEAS OSSL$LIBSSL_SHR'pz'
${- output_on() if $config{no_shared}; "" -}
$ ENDIF
$
$ EXIT 'status'

123
VMS/openssl_startup.com.in
View File

@@ -1,123 +0,0 @@
$ ! OpenSSL startup script
$ !
$ ! This script defines the logical names used by the installation
$ ! of OpenSSL. It can provide those logical names at any level,
$ ! defined by P1.
$ !
$ ! The logical names created are:
$ !
$ ! OSSL$INSTROOT Installation root
$ ! OSSL$DATAROOT Data root (common directory
$ ! for certs etc)
$ ! OSSL$INCLUDE Include directory root
$ ! OSSL$LIB Where the static library files
$ ! are located
$ ! OSSL$SHARE Where the shareable image files
$ ! are located
$ ! OSSL$EXE Where the executables are located
$ ! OSSL$ENGINESnnn Where the shareable images are located
$ ! OSSL$LIBCRYPTO The static crypto library
$ ! OSSL$LIBSSL The static ssl library
$ ! OSSL$LIBCRYPTOnnn_SHR The shareable crypto image
$ ! OSSL$LIBSSLnnn_SHR The shareable ssl image
$ ! OPENSSL is OSSL$INCLUDE:[OPENSSL]
$ !
$ ! In all these, nnn is the OpenSSL version number. This allows
$ ! several OpenSSL versions to be installed simultaneously, which
$ ! matters for applications that are linked to the shareable images
$ ! or that depend on engines.
$ !
$ ! In addition, unless P2 is "NOALIASES", these logical names are
$ ! created:
$ !
$ ! OSSL$ENGINES Alias for OSSL$ENGINESnnn
$ ! OSSL$LIBCRYPTO_SHR Alias for OSSL$LIBCRYPTOnnn_SHR
$ ! OSSL$LIBSSL_SHR Alias for OSSL$LIBSSLnnn_SHR
$ !
$ ! P1 Qualifier(s) for DEFINE. "/SYSTEM" would be typical when
$ ! calling this script from SYS$STARTUP:SYSTARTUP_VMS.COM,
$ ! while "/PROCESS" would be typical for a personal install.
$ ! Default: /PROCESS
$ !
$ ! P2 If the value is "NOALIASES", no alias logical names are
$ ! created.
$
$ status = %x10000001 ! Generic success
$
$ ! In case there's a problem
$ ON CONTROL_Y THEN GOTO bailout
$ ON ERROR THEN GOTO bailout
$
$ ! Find the architecture
$ IF F$GETSYI("CPU") .LT. 128
$ THEN
$ arch := VAX
$ ELSE
$ arch = F$EDIT(F$GETSYI("ARCH_NAME"),"UPCASE")
$ IF arch .EQS. "" THEN GOTO unknown_arch
$ ENDIF
$
$ ! Generated information
$ INSTALLTOP := {- $config{INSTALLTOP} -}
$ OPENSSLDIR := {- $config{OPENSSLDIR} -}
$
$ ! Make sure that INSTALLTOP and OPENSSLDIR become something one
$ ! can build concealed logical names on
$ INSTALLTOP_ = F$PARSE("A.;",INSTALLTOP,,,"NO_CONCEAL") -
- ".][000000" - "[000000." - "][" - "]A.;" + "."
$ OPENSSLDIR_ = F$PARSE("A.;",OPENSSLDIR,,,"NO_CONCEAL") -
- ".][000000" - "[000000." - "][" - "]A.;" + "."
$
$ DEFINE /TRANSLATION=CONCEALED /NOLOG WRK_INSTALLTOP 'INSTALLTOP_']
$ DEFINE /TRANSLATION=CONCEALED /NOLOG WRK_OPENSSLDIR 'OPENSSLDIR_']
$
$ ! Check that things are in place, and specifically, the stuff
$ ! belonging to this architecture
$ IF F$SEARCH("WRK_INSTALLTOP:[000000]INCLUDE.DIR;1") .EQS. "" -
.OR. F$SEARCH("WRK_INSTALLTOP:[000000]LIB.DIR;1") .EQS. "" -
.OR. F$SEARCH("WRK_INSTALLTOP:[000000]EXE.DIR;1") .EQS. "" -
.OR. F$SEARCH("WRK_INSTALLTOP:[LIB]''arch'.DIR;1") .EQS. "" -
.OR. F$SEARCH("WRK_INSTALLTOP:[EXE]''arch'.DIR;1") .EQS. "" -
.OR. F$SEARCH("WRK_OPENSSLDIR:[000000]openssl.cnf") .EQS. ""
$ THEN
$ WRITE SYS$ERROR "''INSTALLTOP' doesn't look like an OpenSSL installation for ''arch'"
$ status = %x00018292 ! RMS$_FNF, file not found
$ GOTO bailout
$ ENDIF
$
$ ! Abbrevs
$ DEFT := DEFINE /TRANSLATION=CONCEALED /NOLOG 'P1'
$ DEF := DEFINE /NOLOG 'P1'
$ sv := {- sprintf "%02d%02d", split m|\.|, $config{shlib_version_number} -}
$ pz := {- $config{pointer_size} -}
$
$ DEFT OSSL$DATAROOT 'OPENSSLDIR_']
$ DEFT OSSL$INSTROOT 'INSTALLTOP_']
$ DEFT OSSL$INCLUDE 'INSTALLTOP_'INCLUDE.]
$ DEF OSSL$LIB OSSL$INSTROOT:[LIB.'arch']
$ DEF OSSL$SHARE OSSL$INSTROOT:[LIB.'arch']
$ DEF OSSL$ENGINES'sv''pz' OSSL$INSTROOT:[ENGINES'sv''pz'.'arch']
$ DEF OSSL$EXE OSSL$INSTROOT:[EXE.'arch'],-
OSSL$INSTROOT:[EXE]
$ DEF OSSL$LIBCRYPTO'pz' OSSL$LIB:OSSL$LIBCRYPTO'pz'.OLB
$ DEF OSSL$LIBSSL'pz' OSSL$LIB:OSSL$LIBSSL'pz'.OLB
${- output_off() if $config{no_shared}; "" -}
$ DEF OSSL$LIBCRYPTO'sv'_SHR'pz' OSSL$SHARE:OSSL$LIBCRYPTO'sv'_SHR'pz'.EXE
$ DEF OSSL$LIBSSL'sv'_SHR'pz' OSSL$SHARE:OSSL$LIBSSL'sv'_SHR'pz'.EXE
${- output_on() if $config{no_shared}; "" -}
$ DEF OPENSSL OSSL$INCLUDE:[OPENSSL]
$
$ IF P2 .NES. "NOALIASES"
$ THEN
$ DEF OSSL$ENGINES'pz' OSSL$ENGINES'sv''pz'
${- output_off() if $config{no_shared}; "" -}
$ DEF OSSL$LIBCRYPTO_SHR'pz' OSSL$LIBCRYPTO'sv'_SHR'pz'
$ DEF OSSL$LIBSSL_SHR'pz' OSSL$LIBSSL'sv'_SHR'pz'
${- output_on() if $config{no_shared}; "" -}
$ ENDIF
$
$ bailout:
$ DEASSIGN WRK_INSTALLTOP
$ DEASSIGN WRK_OPENSSLDIR
$
$ EXIT 'status'

14
VMS/openssl_utils.com.in
View File

@@ -1,14 +0,0 @@
$ ! OpenSSL utilities
$ !
$
$ v := {- sprintf "%02d%02d", split(/\./, $config{version}) -}
$
$ OPENSSL'v' :== $OSSL$EXE:OPENSSL'v'
$ OPENSSL :== $OSSL$EXE:OPENSSL'v'
$
$ IF F$TYPE(PERL) .EQS. "STRING"
$ THEN
$ C_REHASH :== 'PERL' OSSL$EXE:c_rehash.pl
$ ELSE
$ WRITE SYS$ERROR "NOTE: no perl => no C_REHASH"
$ ENDIF

28
VMS/test-includes.com
View File

@@ -1,28 +0,0 @@
$! Quick script to check how well including individual header files works
$! on VMS, even when the VMS macro isn't defined.
$
$ sav_def = f$env("DEFAULT")
$ here = f$parse("A.;0",f$ENV("PROCEDURE")) - "A.;0"
$ set default 'here'
$ set default [-.include.openssl]
$ define openssl 'f$env("DEFAULT")'
$ set default [--]
$
$ loop:
$ f = f$search("openssl:*.h")
$ if f .eqs. "" then goto loop_end
$ write sys$output "Checking ",f
$ open/write foo foo.c
$ write foo "#undef VMS"
$ write foo "#include <stdio.h>"
$ write foo "#include <openssl/",f$parse(f,,,"NAME"),".h>"
$ write foo "main()"
$ write foo "{printf(""foo\n"");}"
$ close foo
$ cc/STANDARD=ANSI89/NOLIST/PREFIX=ALL foo.c
$ delete foo.c;
$ goto loop
$ loop_end:
$ set default 'save_def'
$ exit

62
VMS/translatesyms.pl
View File

@@ -1,62 +0,0 @@
#! /usr/bin/env perl
# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
# This script will translate any SYMBOL_VECTOR item that has a translation
# in CXX$DEMANGLER_DB. The latter is generated by and CC/DECC command that
# uses the qualifier /REPOSITORY with the build directory as value. When
# /NAMES=SHORTENED has been used, this file will hold the translations from
# the original symbols to the shortened variants.
#
# CXX$DEMAGLER_DB. is an ISAM file, but with the magic of RMS, it can be
# read as a text file, with each record as one line.
#
# The lines will have the following syntax for any symbol found that's longer
# than 31 characters:
#
# LONG_symbol_34567890123{cksum}$LONG_symbol_34567890123_more_than_31_chars
#
# $ is present at the end of the shortened symbol name, and is preceded by a
# 7 character checksum. The $ makes it easy to separate the shortened name
# from the original one.
use strict;
use warnings;
usage() if scalar @ARGV < 1;
my %translations = ();
open DEMANGLER_DATA, $ARGV[0]
or die "Couldn't open $ARGV[0]: $!\n";
while(<DEMANGLER_DATA>) {
s|\R$||;
(my $translated, my $original) = split /\$/;
$translations{$original} = $translated.'$';
}
close DEMANGLER_DATA;
$| = 1; # Autoflush
while(<STDIN>) {
s@
((?:[A-Za-z0-9_]+)\/)?([A-Za-z0-9_]+)=(PROCEDURE|DATA)
@
if (defined($translations{$2})) {
my $trans = $translations{$2};
my $trans_uc = uc $trans;
if (defined($1) && $trans ne $trans_uc) {
"$trans_uc/$trans=$3"
} else {
"$trans=$3"
}
} else {
$&
}
@gxe;
print $_;
}

1228
aclocal.m4 vendored Normal file
View File

File diff suppressed because it is too large Load Diff

214
apps/CA.pl.in
View File

@@ -1,214 +0,0 @@
#!{- $config{HASHBANGPERL} -}
# Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
#
# Wrapper around the ca to make it easier to use
#
# {- join("\n# ", @autowarntext) -}
use strict;
use warnings;
my $openssl = "openssl";
if(defined $ENV{'OPENSSL'}) {
$openssl = $ENV{'OPENSSL'};
} else {
$ENV{'OPENSSL'} = $openssl;
}
my $verbose = 1;
my $OPENSSL_CONFIG = $ENV{"OPENSSL_CONFIG"} || "";
my $DAYS = "-days 365";
my $CADAYS = "-days 1095"; # 3 years
my $REQ = "$openssl req $OPENSSL_CONFIG";
my $CA = "$openssl ca $OPENSSL_CONFIG";
my $VERIFY = "$openssl verify";
my $X509 = "$openssl x509";
my $PKCS12 = "$openssl pkcs12";
# default openssl.cnf file has setup as per the following
my $CATOP = "./demoCA";
my $CAKEY = "cakey.pem";
my $CAREQ = "careq.pem";
my $CACERT = "cacert.pem";
my $CACRL = "crl.pem";
my $DIRMODE = 0777;
my $NEWKEY = "newkey.pem";
my $NEWREQ = "newreq.pem";
my $NEWCERT = "newcert.pem";
my $NEWP12 = "newcert.p12";
my $RET = 0;
my $WHAT = shift @ARGV || "";
my @OPENSSL_CMDS = ("req", "ca", "pkcs12", "x509", "verify");
my %EXTRA = extra_args(\@ARGV, "-extra-");
my $FILE;
sub extra_args {
my ($args_ref, $arg_prefix) = @_;
my %eargs = map {
if ($_ < $#$args_ref) {
my ($arg, $value) = splice(@$args_ref, $_, 2);
$arg =~ s/$arg_prefix//;
($arg, $value);
} else {
();
}
} reverse grep($$args_ref[$_] =~ /$arg_prefix/, 0..$#$args_ref);
my %empty = map { ($_, "") } @OPENSSL_CMDS;
return (%empty, %eargs);
}
# See if reason for a CRL entry is valid; exit if not.
sub crl_reason_ok
{
my $r = shift;
if ($r eq 'unspecified' || $r eq 'keyCompromise'
|| $r eq 'CACompromise' || $r eq 'affiliationChanged'
|| $r eq 'superseded' || $r eq 'cessationOfOperation'
|| $r eq 'certificateHold' || $r eq 'removeFromCRL') {
return 1;
}
print STDERR "Invalid CRL reason; must be one of:\n";
print STDERR " unspecified, keyCompromise, CACompromise,\n";
print STDERR " affiliationChanged, superseded, cessationOfOperation\n";
print STDERR " certificateHold, removeFromCRL";
exit 1;
}
# Copy a PEM-format file; return like exit status (zero means ok)
sub copy_pemfile
{
my ($infile, $outfile, $bound) = @_;
my $found = 0;
open IN, $infile || die "Cannot open $infile, $!";
open OUT, ">$outfile" || die "Cannot write to $outfile, $!";
while (<IN>) {
$found = 1 if /^-----BEGIN.*$bound/;
print OUT $_ if $found;
$found = 2, last if /^-----END.*$bound/;
}
close IN;
close OUT;
return $found == 2 ? 0 : 1;
}
# Wrapper around system; useful for debugging. Returns just the exit status
sub run
{
my $cmd = shift;
print "====\n$cmd\n" if $verbose;
my $status = system($cmd);
print "==> $status\n====\n" if $verbose;
return $status >> 8;
}
if ( $WHAT =~ /^(-\?|-h|-help)$/ ) {
print STDERR "usage: CA.pl -newcert | -newreq | -newreq-nodes | -xsign | -sign | -signCA | -signcert | -crl | -newca [-extra-cmd extra-params]\n";
print STDERR " CA.pl -pkcs12 [-extra-pkcs12 extra-params] [certname]\n";
print STDERR " CA.pl -verify [-extra-verify extra-params] certfile ...\n";
print STDERR " CA.pl -revoke [-extra-ca extra-params] certfile [reason]\n";
exit 0;
}
if ($WHAT eq '-newcert' ) {
# create a certificate
$RET = run("$REQ -new -x509 -keyout $NEWKEY -out $NEWCERT $DAYS $EXTRA{req}");
print "Cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0;
} elsif ($WHAT eq '-precert' ) {
# create a pre-certificate
$RET = run("$REQ -x509 -precert -keyout $NEWKEY -out $NEWCERT $DAYS");
print "Pre-cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0;
} elsif ($WHAT =~ /^\-newreq(\-nodes)?$/ ) {
# create a certificate request
$RET = run("$REQ -new $1 -keyout $NEWKEY -out $NEWREQ $DAYS $EXTRA{req}");
print "Request is in $NEWREQ, private key is in $NEWKEY\n" if $RET == 0;
} elsif ($WHAT eq '-newca' ) {
# create the directory hierarchy
mkdir ${CATOP}, $DIRMODE;
mkdir "${CATOP}/certs", $DIRMODE;
mkdir "${CATOP}/crl", $DIRMODE ;
mkdir "${CATOP}/newcerts", $DIRMODE;
mkdir "${CATOP}/private", $DIRMODE;
open OUT, ">${CATOP}/index.txt";
close OUT;
open OUT, ">${CATOP}/crlnumber";
print OUT "01\n";
close OUT;
# ask user for existing CA certificate
print "CA certificate filename (or enter to create)\n";
$FILE = "" unless defined($FILE = <STDIN>);
$FILE =~ s{\R$}{};
if ($FILE ne "") {
copy_pemfile($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
copy_pemfile($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
} else {
print "Making CA certificate ...\n";
$RET = run("$REQ -new -keyout"
. " ${CATOP}/private/$CAKEY"
. " -out ${CATOP}/$CAREQ $EXTRA{req}");
$RET = run("$CA -create_serial"
. " -out ${CATOP}/$CACERT $CADAYS -batch"
. " -keyfile ${CATOP}/private/$CAKEY -selfsign"
. " -extensions v3_ca $EXTRA{ca}"
. " -infiles ${CATOP}/$CAREQ") if $RET == 0;
print "CA certificate is in ${CATOP}/$CACERT\n" if $RET == 0;
}
} elsif ($WHAT eq '-pkcs12' ) {
my $cname = $ARGV[0];
$cname = "My Certificate" unless defined $cname;
$RET = run("$PKCS12 -in $NEWCERT -inkey $NEWKEY"
. " -certfile ${CATOP}/$CACERT"
. " -out $NEWP12"
. " -export -name \"$cname\" $EXTRA{pkcs12}");
print "PKCS #12 file is in $NEWP12\n" if $RET == 0;
} elsif ($WHAT eq '-xsign' ) {
$RET = run("$CA -policy policy_anything $EXTRA{ca} -infiles $NEWREQ");
} elsif ($WHAT eq '-sign' ) {
$RET = run("$CA -policy policy_anything -out $NEWCERT $EXTRA{ca} -infiles $NEWREQ");
print "Signed certificate is in $NEWCERT\n" if $RET == 0;
} elsif ($WHAT eq '-signCA' ) {
$RET = run("$CA -policy policy_anything -out $NEWCERT"
. " -extensions v3_ca $EXTRA{ca} -infiles $NEWREQ");
print "Signed CA certificate is in $NEWCERT\n" if $RET == 0;
} elsif ($WHAT eq '-signcert' ) {
$RET = run("$X509 -x509toreq -in $NEWREQ -signkey $NEWREQ"
. " -out tmp.pem $EXTRA{x509}");
$RET = run("$CA -policy policy_anything -out $NEWCERT"
. "$EXTRA{ca} -infiles tmp.pem") if $RET == 0;
print "Signed certificate is in $NEWCERT\n" if $RET == 0;
} elsif ($WHAT eq '-verify' ) {
my @files = @ARGV ? @ARGV : ( $NEWCERT );
my $file;
foreach $file (@files) {
my $status = run("$VERIFY \"-CAfile\" ${CATOP}/$CACERT $file $EXTRA{verify}");
$RET = $status if $status != 0;
}
} elsif ($WHAT eq '-crl' ) {
$RET = run("$CA -gencrl -out ${CATOP}/crl/$CACRL $EXTRA{ca}");
print "Generated CRL is in ${CATOP}/crl/$CACRL\n" if $RET == 0;
} elsif ($WHAT eq '-revoke' ) {
my $cname = $ARGV[0];
if (!defined $cname) {
print "Certificate filename is required; reason optional.\n";
exit 1;
}
my $reason = $ARGV[1];
$reason = " -crl_reason $reason"
if defined $reason && crl_reason_ok($reason);
$RET = run("$CA -revoke \"$cname\"" . $reason . $EXTRA{ca});
} else {
print STDERR "Unknown arg \"$WHAT\"\n";
print STDERR "Use -help for help.\n";
exit 1;
}
exit $RET;

93
apps/app_rand.c
View File

@@ -1,93 +0,0 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "apps.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#include <openssl/conf.h>
static char *save_rand_file;
void app_RAND_load_conf(CONF *c, const char *section)
{
const char *randfile = NCONF_get_string(c, section, "RANDFILE");
if (randfile == NULL) {
ERR_clear_error();
return;
}
if (RAND_load_file(randfile, -1) < 0) {
BIO_printf(bio_err, "Can't load %s into RNG\n", randfile);
ERR_print_errors(bio_err);
}
if (save_rand_file == NULL)
save_rand_file = OPENSSL_strdup(randfile);
}
static int loadfiles(char *name)
{
char *p;
int last, ret = 1;
for ( ; ; ) {
last = 0;
for (p = name; *p != '\0' && *p != LIST_SEPARATOR_CHAR; p++)
continue;
if (*p == '\0')
last = 1;
*p = '\0';
if (RAND_load_file(name, -1) < 0) {
BIO_printf(bio_err, "Can't load %s into RNG\n", name);
ERR_print_errors(bio_err);
ret = 0;
}
if (last)
break;
name = p + 1;
if (*name == '\0')
break;
}
return ret;
}
void app_RAND_write(void)
{
if (save_rand_file == NULL)
return;
if (RAND_write_file(save_rand_file) == -1) {
BIO_printf(bio_err, "Cannot write random bytes:\n");
ERR_print_errors(bio_err);
}
OPENSSL_free(save_rand_file);
save_rand_file = NULL;
}
/*
* See comments in opt_verify for explanation of this.
*/
enum r_range { OPT_R_ENUM };
int opt_rand(int opt)
{
switch ((enum r_range)opt) {
case OPT_R__FIRST:
case OPT_R__LAST:
break;
case OPT_R_RAND:
return loadfiles(opt_arg());
break;
case OPT_R_WRITERAND:
OPENSSL_free(save_rand_file);
save_rand_file = OPENSSL_strdup(opt_arg());
break;
}
return 1;
}

2779
apps/apps.c
View File

File diff suppressed because it is too large Load Diff

632
apps/apps.h
View File

@@ -1,632 +0,0 @@
/*
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#ifndef OSSL_APPS_H
# define OSSL_APPS_H
# include "e_os.h" /* struct timeval for DTLS */
# include "internal/nelem.h"
# include <assert.h>
# include <sys/types.h>
# ifndef OPENSSL_NO_POSIX_IO
# include <sys/stat.h>
# include <fcntl.h>
# endif
# include <openssl/e_os2.h>
# include <openssl/ossl_typ.h>
# include <openssl/bio.h>
# include <openssl/x509.h>
# include <openssl/conf.h>
# include <openssl/txt_db.h>
# include <openssl/engine.h>
# include <openssl/ocsp.h>
# include <signal.h>
# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINCE)
# define openssl_fdset(a,b) FD_SET((unsigned int)a, b)
# else
# define openssl_fdset(a,b) FD_SET(a, b)
# endif
/*
* quick macro when you need to pass an unsigned char instead of a char.
* this is true for some implementations of the is*() functions, for
* example.
*/
#define _UC(c) ((unsigned char)(c))
void app_RAND_load_conf(CONF *c, const char *section);
void app_RAND_write(void);
extern char *default_config_file;
extern BIO *bio_in;
extern BIO *bio_out;
extern BIO *bio_err;
extern const unsigned char tls13_aes128gcmsha256_id[];
extern const unsigned char tls13_aes256gcmsha384_id[];
extern BIO_ADDR *ourpeer;
BIO_METHOD *apps_bf_prefix(void);
/*
* The control used to set the prefix with BIO_ctrl()
* We make it high enough so the chance of ever clashing with the BIO library
* remains unlikely for the foreseeable future and beyond.
*/
#define PREFIX_CTRL_SET_PREFIX (1 << 15)
/*
* apps_bf_prefix() returns a dynamically created BIO_METHOD, which we
* need to destroy at some point. When created internally, it's stored
* in an internal pointer which can be freed with the following function
*/
void destroy_prefix_method(void);
BIO *dup_bio_in(int format);
BIO *dup_bio_out(int format);
BIO *dup_bio_err(int format);
BIO *bio_open_owner(const char *filename, int format, int private);
BIO *bio_open_default(const char *filename, char mode, int format);
BIO *bio_open_default_quiet(const char *filename, char mode, int format);
CONF *app_load_config_bio(BIO *in, const char *filename);
CONF *app_load_config(const char *filename);
CONF *app_load_config_quiet(const char *filename);
int app_load_modules(const CONF *config);
void unbuffer(FILE *fp);
void wait_for_async(SSL *s);
# if defined(OPENSSL_SYS_MSDOS)
int has_stdin_waiting(void);
# endif
void corrupt_signature(const ASN1_STRING *signature);
int set_cert_times(X509 *x, const char *startdate, const char *enddate,
int days);
/*
* Common verification options.
*/
# define OPT_V_ENUM \
OPT_V__FIRST=2000, \
OPT_V_POLICY, OPT_V_PURPOSE, OPT_V_VERIFY_NAME, OPT_V_VERIFY_DEPTH, \
OPT_V_ATTIME, OPT_V_VERIFY_HOSTNAME, OPT_V_VERIFY_EMAIL, \
OPT_V_VERIFY_IP, OPT_V_IGNORE_CRITICAL, OPT_V_ISSUER_CHECKS, \
OPT_V_CRL_CHECK, OPT_V_CRL_CHECK_ALL, OPT_V_POLICY_CHECK, \
OPT_V_EXPLICIT_POLICY, OPT_V_INHIBIT_ANY, OPT_V_INHIBIT_MAP, \
OPT_V_X509_STRICT, OPT_V_EXTENDED_CRL, OPT_V_USE_DELTAS, \
OPT_V_POLICY_PRINT, OPT_V_CHECK_SS_SIG, OPT_V_TRUSTED_FIRST, \
OPT_V_SUITEB_128_ONLY, OPT_V_SUITEB_128, OPT_V_SUITEB_192, \
OPT_V_PARTIAL_CHAIN, OPT_V_NO_ALT_CHAINS, OPT_V_NO_CHECK_TIME, \
OPT_V_VERIFY_AUTH_LEVEL, OPT_V_ALLOW_PROXY_CERTS, \
OPT_V__LAST
# define OPT_V_OPTIONS \
{ "policy", OPT_V_POLICY, 's', "adds policy to the acceptable policy set"}, \
{ "purpose", OPT_V_PURPOSE, 's', \
"certificate chain purpose"}, \
{ "verify_name", OPT_V_VERIFY_NAME, 's', "verification policy name"}, \
{ "verify_depth", OPT_V_VERIFY_DEPTH, 'n', \
"chain depth limit" }, \
{ "auth_level", OPT_V_VERIFY_AUTH_LEVEL, 'n', \
"chain authentication security level" }, \
{ "attime", OPT_V_ATTIME, 'M', "verification epoch time" }, \
{ "verify_hostname", OPT_V_VERIFY_HOSTNAME, 's', \
"expected peer hostname" }, \
{ "verify_email", OPT_V_VERIFY_EMAIL, 's', \
"expected peer email" }, \
{ "verify_ip", OPT_V_VERIFY_IP, 's', \
"expected peer IP address" }, \
{ "ignore_critical", OPT_V_IGNORE_CRITICAL, '-', \
"permit unhandled critical extensions"}, \
{ "issuer_checks", OPT_V_ISSUER_CHECKS, '-', "(deprecated)"}, \
{ "crl_check", OPT_V_CRL_CHECK, '-', "check leaf certificate revocation" }, \
{ "crl_check_all", OPT_V_CRL_CHECK_ALL, '-', "check full chain revocation" }, \
{ "policy_check", OPT_V_POLICY_CHECK, '-', "perform rfc5280 policy checks"}, \
{ "explicit_policy", OPT_V_EXPLICIT_POLICY, '-', \
"set policy variable require-explicit-policy"}, \
{ "inhibit_any", OPT_V_INHIBIT_ANY, '-', \
"set policy variable inhibit-any-policy"}, \
{ "inhibit_map", OPT_V_INHIBIT_MAP, '-', \
"set policy variable inhibit-policy-mapping"}, \
{ "x509_strict", OPT_V_X509_STRICT, '-', \
"disable certificate compatibility work-arounds"}, \
{ "extended_crl", OPT_V_EXTENDED_CRL, '-', \
"enable extended CRL features"}, \
{ "use_deltas", OPT_V_USE_DELTAS, '-', \
"use delta CRLs"}, \
{ "policy_print", OPT_V_POLICY_PRINT, '-', \
"print policy processing diagnostics"}, \
{ "check_ss_sig", OPT_V_CHECK_SS_SIG, '-', \
"check root CA self-signatures"}, \
{ "trusted_first", OPT_V_TRUSTED_FIRST, '-', \
"search trust store first (default)" }, \
{ "suiteB_128_only", OPT_V_SUITEB_128_ONLY, '-', "Suite B 128-bit-only mode"}, \
{ "suiteB_128", OPT_V_SUITEB_128, '-', \
"Suite B 128-bit mode allowing 192-bit algorithms"}, \
{ "suiteB_192", OPT_V_SUITEB_192, '-', "Suite B 192-bit-only mode" }, \
{ "partial_chain", OPT_V_PARTIAL_CHAIN, '-', \
"accept chains anchored by intermediate trust-store CAs"}, \
{ "no_alt_chains", OPT_V_NO_ALT_CHAINS, '-', "(deprecated)" }, \
{ "no_check_time", OPT_V_NO_CHECK_TIME, '-', "ignore certificate validity time" }, \
{ "allow_proxy_certs", OPT_V_ALLOW_PROXY_CERTS, '-', "allow the use of proxy certificates" }
# define OPT_V_CASES \
OPT_V__FIRST: case OPT_V__LAST: break; \
case OPT_V_POLICY: \
case OPT_V_PURPOSE: \
case OPT_V_VERIFY_NAME: \
case OPT_V_VERIFY_DEPTH: \
case OPT_V_VERIFY_AUTH_LEVEL: \
case OPT_V_ATTIME: \
case OPT_V_VERIFY_HOSTNAME: \
case OPT_V_VERIFY_EMAIL: \
case OPT_V_VERIFY_IP: \
case OPT_V_IGNORE_CRITICAL: \
case OPT_V_ISSUER_CHECKS: \
case OPT_V_CRL_CHECK: \
case OPT_V_CRL_CHECK_ALL: \
case OPT_V_POLICY_CHECK: \
case OPT_V_EXPLICIT_POLICY: \
case OPT_V_INHIBIT_ANY: \
case OPT_V_INHIBIT_MAP: \
case OPT_V_X509_STRICT: \
case OPT_V_EXTENDED_CRL: \
case OPT_V_USE_DELTAS: \
case OPT_V_POLICY_PRINT: \
case OPT_V_CHECK_SS_SIG: \
case OPT_V_TRUSTED_FIRST: \
case OPT_V_SUITEB_128_ONLY: \
case OPT_V_SUITEB_128: \
case OPT_V_SUITEB_192: \
case OPT_V_PARTIAL_CHAIN: \
case OPT_V_NO_ALT_CHAINS: \
case OPT_V_NO_CHECK_TIME: \
case OPT_V_ALLOW_PROXY_CERTS
/*
* Common "extended validation" options.
*/
# define OPT_X_ENUM \
OPT_X__FIRST=1000, \
OPT_X_KEY, OPT_X_CERT, OPT_X_CHAIN, OPT_X_CHAIN_BUILD, \
OPT_X_CERTFORM, OPT_X_KEYFORM, \
OPT_X__LAST
# define OPT_X_OPTIONS \
{ "xkey", OPT_X_KEY, '<', "key for Extended certificates"}, \
{ "xcert", OPT_X_CERT, '<', "cert for Extended certificates"}, \
{ "xchain", OPT_X_CHAIN, '<', "chain for Extended certificates"}, \
{ "xchain_build", OPT_X_CHAIN_BUILD, '-', \
"build certificate chain for the extended certificates"}, \
{ "xcertform", OPT_X_CERTFORM, 'F', \
"format of Extended certificate (PEM or DER) PEM default " }, \
{ "xkeyform", OPT_X_KEYFORM, 'F', \
"format of Extended certificate's key (PEM or DER) PEM default"}
# define OPT_X_CASES \
OPT_X__FIRST: case OPT_X__LAST: break; \
case OPT_X_KEY: \
case OPT_X_CERT: \
case OPT_X_CHAIN: \
case OPT_X_CHAIN_BUILD: \
case OPT_X_CERTFORM: \
case OPT_X_KEYFORM
/*
* Common SSL options.
* Any changes here must be coordinated with ../ssl/ssl_conf.c
*/
# define OPT_S_ENUM \
OPT_S__FIRST=3000, \
OPT_S_NOSSL3, OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \
OPT_S_NOTLS1_3, OPT_S_BUGS, OPT_S_NO_COMP, OPT_S_NOTICKET, \
OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_LEGACYCONN, \
OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_ALLOW_NO_DHE_KEX, \
OPT_S_PRIORITIZE_CHACHA, \
OPT_S_STRICT, OPT_S_SIGALGS, OPT_S_CLIENTSIGALGS, OPT_S_GROUPS, \
OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, OPT_S_CIPHERSUITES, \
OPT_S_RECORD_PADDING, OPT_S_DEBUGBROKE, OPT_S_COMP, \
OPT_S_MINPROTO, OPT_S_MAXPROTO, \
OPT_S_NO_RENEGOTIATION, OPT_S_NO_MIDDLEBOX, OPT_S__LAST
# define OPT_S_OPTIONS \
{"no_ssl3", OPT_S_NOSSL3, '-',"Just disable SSLv3" }, \
{"no_tls1", OPT_S_NOTLS1, '-', "Just disable TLSv1"}, \
{"no_tls1_1", OPT_S_NOTLS1_1, '-', "Just disable TLSv1.1" }, \
{"no_tls1_2", OPT_S_NOTLS1_2, '-', "Just disable TLSv1.2"}, \
{"no_tls1_3", OPT_S_NOTLS1_3, '-', "Just disable TLSv1.3"}, \
{"bugs", OPT_S_BUGS, '-', "Turn on SSL bug compatibility"}, \
{"no_comp", OPT_S_NO_COMP, '-', "Disable SSL/TLS compression (default)" }, \
{"comp", OPT_S_COMP, '-', "Use SSL/TLS-level compression" }, \
{"no_ticket", OPT_S_NOTICKET, '-', \
"Disable use of TLS session tickets"}, \
{"serverpref", OPT_S_SERVERPREF, '-', "Use server's cipher preferences"}, \
{"legacy_renegotiation", OPT_S_LEGACYRENEG, '-', \
"Enable use of legacy renegotiation (dangerous)"}, \
{"no_renegotiation", OPT_S_NO_RENEGOTIATION, '-', \
"Disable all renegotiation."}, \
{"legacy_server_connect", OPT_S_LEGACYCONN, '-', \
"Allow initial connection to servers that don't support RI"}, \
{"no_resumption_on_reneg", OPT_S_ONRESUMP, '-', \
"Disallow session resumption on renegotiation"}, \
{"no_legacy_server_connect", OPT_S_NOLEGACYCONN, '-', \
"Disallow initial connection to servers that don't support RI"}, \
{"allow_no_dhe_kex", OPT_S_ALLOW_NO_DHE_KEX, '-', \
"In TLSv1.3 allow non-(ec)dhe based key exchange on resumption"}, \
{"prioritize_chacha", OPT_S_PRIORITIZE_CHACHA, '-', \
"Prioritize ChaCha ciphers when preferred by clients"}, \
{"strict", OPT_S_STRICT, '-', \
"Enforce strict certificate checks as per TLS standard"}, \
{"sigalgs", OPT_S_SIGALGS, 's', \
"Signature algorithms to support (colon-separated list)" }, \
{"client_sigalgs", OPT_S_CLIENTSIGALGS, 's', \
"Signature algorithms to support for client certificate" \
" authentication (colon-separated list)" }, \
{"groups", OPT_S_GROUPS, 's', \
"Groups to advertise (colon-separated list)" }, \
{"curves", OPT_S_CURVES, 's', \
"Groups to advertise (colon-separated list)" }, \
{"named_curve", OPT_S_NAMEDCURVE, 's', \
"Elliptic curve used for ECDHE (server-side only)" }, \
{"cipher", OPT_S_CIPHER, 's', "Specify TLSv1.2 and below cipher list to be used"}, \
{"ciphersuites", OPT_S_CIPHERSUITES, 's', "Specify TLSv1.3 ciphersuites to be used"}, \
{"min_protocol", OPT_S_MINPROTO, 's', "Specify the minimum protocol version to be used"}, \
{"max_protocol", OPT_S_MAXPROTO, 's', "Specify the maximum protocol version to be used"}, \
{"record_padding", OPT_S_RECORD_PADDING, 's', \
"Block size to pad TLS 1.3 records to."}, \
{"debug_broken_protocol", OPT_S_DEBUGBROKE, '-', \
"Perform all sorts of protocol violations for testing purposes"}, \
{"no_middlebox", OPT_S_NO_MIDDLEBOX, '-', \
"Disable TLSv1.3 middlebox compat mode" }
# define OPT_S_CASES \
OPT_S__FIRST: case OPT_S__LAST: break; \
case OPT_S_NOSSL3: \
case OPT_S_NOTLS1: \
case OPT_S_NOTLS1_1: \
case OPT_S_NOTLS1_2: \
case OPT_S_NOTLS1_3: \
case OPT_S_BUGS: \
case OPT_S_NO_COMP: \
case OPT_S_COMP: \
case OPT_S_NOTICKET: \
case OPT_S_SERVERPREF: \
case OPT_S_LEGACYRENEG: \
case OPT_S_LEGACYCONN: \
case OPT_S_ONRESUMP: \
case OPT_S_NOLEGACYCONN: \
case OPT_S_ALLOW_NO_DHE_KEX: \
case OPT_S_PRIORITIZE_CHACHA: \
case OPT_S_STRICT: \
case OPT_S_SIGALGS: \
case OPT_S_CLIENTSIGALGS: \
case OPT_S_GROUPS: \
case OPT_S_CURVES: \
case OPT_S_NAMEDCURVE: \
case OPT_S_CIPHER: \
case OPT_S_CIPHERSUITES: \
case OPT_S_RECORD_PADDING: \
case OPT_S_NO_RENEGOTIATION: \
case OPT_S_MINPROTO: \
case OPT_S_MAXPROTO: \
case OPT_S_DEBUGBROKE: \
case OPT_S_NO_MIDDLEBOX
#define IS_NO_PROT_FLAG(o) \
(o == OPT_S_NOSSL3 || o == OPT_S_NOTLS1 || o == OPT_S_NOTLS1_1 \
|| o == OPT_S_NOTLS1_2 || o == OPT_S_NOTLS1_3)
/*
* Random state options.
*/
# define OPT_R_ENUM \
OPT_R__FIRST=1500, OPT_R_RAND, OPT_R_WRITERAND, OPT_R__LAST
# define OPT_R_OPTIONS \
{"rand", OPT_R_RAND, 's', "Load the file(s) into the random number generator"}, \
{"writerand", OPT_R_WRITERAND, '>', "Write random data to the specified file"}
# define OPT_R_CASES \
OPT_R__FIRST: case OPT_R__LAST: break; \
case OPT_R_RAND: case OPT_R_WRITERAND
/*
* Option parsing.
*/
extern const char OPT_HELP_STR[];
extern const char OPT_MORE_STR[];
typedef struct options_st {
const char *name;
int retval;
/*
* value type: - no value (also the value zero), n number, p positive
* number, u unsigned, l long, s string, < input file, > output file,
* f any format, F der/pem format, E der/pem/engine format identifier.
* l, n and u include zero; p does not.
*/
int valtype;
const char *helpstr;
} OPTIONS;
/*
* A string/int pairing; widely use for option value lookup, hence the
* name OPT_PAIR. But that name is misleading in s_cb.c, so we also use
* the "generic" name STRINT_PAIR.
*/
typedef struct string_int_pair_st {
const char *name;
int retval;
} OPT_PAIR, STRINT_PAIR;
/* Flags to pass into opt_format; see FORMAT_xxx, below. */
# define OPT_FMT_PEMDER (1L << 1)
# define OPT_FMT_PKCS12 (1L << 2)
# define OPT_FMT_SMIME (1L << 3)
# define OPT_FMT_ENGINE (1L << 4)
# define OPT_FMT_MSBLOB (1L << 5)
/* (1L << 6) was OPT_FMT_NETSCAPE, but wasn't used */
# define OPT_FMT_NSS (1L << 7)
# define OPT_FMT_TEXT (1L << 8)
# define OPT_FMT_HTTP (1L << 9)
# define OPT_FMT_PVK (1L << 10)
# define OPT_FMT_PDE (OPT_FMT_PEMDER | OPT_FMT_ENGINE)
# define OPT_FMT_PDS (OPT_FMT_PEMDER | OPT_FMT_SMIME)
# define OPT_FMT_ANY ( \
OPT_FMT_PEMDER | OPT_FMT_PKCS12 | OPT_FMT_SMIME | \
OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NSS | \
OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK)
char *opt_progname(const char *argv0);
char *opt_getprog(void);
char *opt_init(int ac, char **av, const OPTIONS * o);
int opt_next(void);
int opt_format(const char *s, unsigned long flags, int *result);
int opt_int(const char *arg, int *result);
int opt_ulong(const char *arg, unsigned long *result);
int opt_long(const char *arg, long *result);
#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \
defined(INTMAX_MAX) && defined(UINTMAX_MAX)
int opt_imax(const char *arg, intmax_t *result);
int opt_umax(const char *arg, uintmax_t *result);
#else
# define opt_imax opt_long
# define opt_umax opt_ulong
# define intmax_t long
# define uintmax_t unsigned long
#endif
int opt_pair(const char *arg, const OPT_PAIR * pairs, int *result);
int opt_cipher(const char *name, const EVP_CIPHER **cipherp);
int opt_md(const char *name, const EVP_MD **mdp);
char *opt_arg(void);
char *opt_flag(void);
char *opt_unknown(void);
char **opt_rest(void);
int opt_num_rest(void);
int opt_verify(int i, X509_VERIFY_PARAM *vpm);
int opt_rand(int i);
void opt_help(const OPTIONS * list);
int opt_format_error(const char *s, unsigned long flags);
typedef struct args_st {
int size;
int argc;
char **argv;
} ARGS;
/*
* VMS C only for now, implemented in vms_decc_init.c
* If other C compilers forget to terminate argv with NULL, this function
* can be re-used.
*/
char **copy_argv(int *argc, char *argv[]);
/*
* Win32-specific argv initialization that splits OS-supplied UNICODE
* command line string to array of UTF8-encoded strings.
*/
void win32_utf8argv(int *argc, char **argv[]);
# define PW_MIN_LENGTH 4
typedef struct pw_cb_data {
const void *password;
const char *prompt_info;
} PW_CB_DATA;
int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_data);
int setup_ui_method(void);
void destroy_ui_method(void);
const UI_METHOD *get_ui_method(void);
int chopup_args(ARGS *arg, char *buf);
int dump_cert_text(BIO *out, X509 *x);
void print_name(BIO *out, const char *title, X509_NAME *nm,
unsigned long lflags);
void print_bignum_var(BIO *, const BIGNUM *, const char*,
int, unsigned char *);
void print_array(BIO *, const char *, int, const unsigned char *);
int set_nameopt(const char *arg);
unsigned long get_nameopt(void);
int set_cert_ex(unsigned long *flags, const char *arg);
int set_name_ex(unsigned long *flags, const char *arg);
int set_ext_copy(int *copy_type, const char *arg);
int copy_extensions(X509 *x, X509_REQ *req, int copy_type);
int app_passwd(const char *arg1, const char *arg2, char **pass1, char **pass2);
int add_oid_section(CONF *conf);
X509 *load_cert(const char *file, int format, const char *cert_descrip);
X509_CRL *load_crl(const char *infile, int format);
EVP_PKEY *load_key(const char *file, int format, int maybe_stdin,
const char *pass, ENGINE *e, const char *key_descrip);
EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin,
const char *pass, ENGINE *e, const char *key_descrip);
int load_certs(const char *file, STACK_OF(X509) **certs, int format,
const char *pass, const char *cert_descrip);
int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format,
const char *pass, const char *cert_descrip);
X509_STORE *setup_verify(const char *CAfile, const char *CApath,
int noCAfile, int noCApath);
__owur int ctx_set_verify_locations(SSL_CTX *ctx, const char *CAfile,
const char *CApath, int noCAfile,
int noCApath);
#ifndef OPENSSL_NO_CT
/*
* Sets the file to load the Certificate Transparency log list from.
* If path is NULL, loads from the default file path.
* Returns 1 on success, 0 otherwise.
*/
__owur int ctx_set_ctlog_list_file(SSL_CTX *ctx, const char *path);
#endif
ENGINE *setup_engine(const char *engine, int debug);
void release_engine(ENGINE *e);
# ifndef OPENSSL_NO_OCSP
OCSP_RESPONSE *process_responder(OCSP_REQUEST *req,
const char *host, const char *path,
const char *port, int use_ssl,
STACK_OF(CONF_VALUE) *headers,
int req_timeout);
# endif
/* Functions defined in ca.c and also used in ocsp.c */
int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
ASN1_GENERALIZEDTIME **pinvtm, const char *str);
# define DB_type 0
# define DB_exp_date 1
# define DB_rev_date 2
# define DB_serial 3 /* index - unique */
# define DB_file 4
# define DB_name 5 /* index - unique when active and not
* disabled */
# define DB_NUMBER 6
# define DB_TYPE_REV 'R' /* Revoked */
# define DB_TYPE_EXP 'E' /* Expired */
# define DB_TYPE_VAL 'V' /* Valid ; inserted with: ca ... -valid */
# define DB_TYPE_SUSP 'S' /* Suspended */
typedef struct db_attr_st {
int unique_subject;
} DB_ATTR;
typedef struct ca_db_st {
DB_ATTR attributes;
TXT_DB *db;
char *dbfname;
# ifndef OPENSSL_NO_POSIX_IO
struct stat dbst;
# endif
} CA_DB;
void* app_malloc(int sz, const char *what);
BIGNUM *load_serial(const char *serialfile, int create, ASN1_INTEGER **retai);
int save_serial(const char *serialfile, const char *suffix, const BIGNUM *serial,
ASN1_INTEGER **retai);
int rotate_serial(const char *serialfile, const char *new_suffix,
const char *old_suffix);
int rand_serial(BIGNUM *b, ASN1_INTEGER *ai);
CA_DB *load_index(const char *dbfile, DB_ATTR *dbattr);
int index_index(CA_DB *db);
int save_index(const char *dbfile, const char *suffix, CA_DB *db);
int rotate_index(const char *dbfile, const char *new_suffix,
const char *old_suffix);
void free_index(CA_DB *db);
# define index_name_cmp_noconst(a, b) \
index_name_cmp((const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, a), \
(const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, b))
int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b);
int parse_yesno(const char *str, int def);
X509_NAME *parse_name(const char *str, long chtype, int multirdn);
void policies_print(X509_STORE_CTX *ctx);
int bio_to_mem(unsigned char **out, int maxlen, BIO *in);
int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value);
int init_gen_str(EVP_PKEY_CTX **pctx,
const char *algname, ENGINE *e, int do_param);
int do_X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md,
STACK_OF(OPENSSL_STRING) *sigopts);
int do_X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md,
STACK_OF(OPENSSL_STRING) *sigopts);
int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md,
STACK_OF(OPENSSL_STRING) *sigopts);
extern char *psk_key;
unsigned char *next_protos_parse(size_t *outlen, const char *in);
void print_cert_checks(BIO *bio, X509 *x,
const char *checkhost,
const char *checkemail, const char *checkip);
void store_setup_crl_download(X509_STORE *st);
/* See OPT_FMT_xxx, above. */
/* On some platforms, it's important to distinguish between text and binary
* files. On some, there might even be specific file formats for different
* contents. The FORMAT_xxx macros are meant to express an intent with the
* file being read or created.
*/
# define B_FORMAT_TEXT 0x8000
# define FORMAT_UNDEF 0
# define FORMAT_TEXT (1 | B_FORMAT_TEXT) /* Generic text */
# define FORMAT_BINARY 2 /* Generic binary */
# define FORMAT_BASE64 (3 | B_FORMAT_TEXT) /* Base64 */
# define FORMAT_ASN1 4 /* ASN.1/DER */
# define FORMAT_PEM (5 | B_FORMAT_TEXT)
# define FORMAT_PKCS12 6
# define FORMAT_SMIME (7 | B_FORMAT_TEXT)
# define FORMAT_ENGINE 8 /* Not really a file format */
# define FORMAT_PEMRSA (9 | B_FORMAT_TEXT) /* PEM RSAPubicKey format */
# define FORMAT_ASN1RSA 10 /* DER RSAPubicKey format */
# define FORMAT_MSBLOB 11 /* MS Key blob format */
# define FORMAT_PVK 12 /* MS PVK file format */
# define FORMAT_HTTP 13 /* Download using HTTP */
# define FORMAT_NSS 14 /* NSS keylog format */
# define EXT_COPY_NONE 0
# define EXT_COPY_ADD 1
# define EXT_COPY_ALL 2
# define NETSCAPE_CERT_HDR "certificate"
# define APP_PASS_LEN 1024
/*
* IETF RFC 5280 says serial number must be <= 20 bytes. Use 159 bits
* so that the first bit will never be one, so that the DER encoding
* rules won't force a leading octet.
*/
# define SERIAL_RAND_BITS 159
int app_isdir(const char *);
int app_access(const char *, int flag);
int fileno_stdin(void);
int fileno_stdout(void);
int raw_read_stdin(void *, int);
int raw_write_stdout(const void *, int);
# define TM_START 0
# define TM_STOP 1
double app_tminterval(int stop, int usertime);
void make_uppercase(char *string);
typedef struct verify_options_st {
int depth;
int quiet;
int error;
int return_error;
} VERIFY_CB_ARGS;
extern VERIFY_CB_ARGS verify_args;
#endif

355
apps/asn1pars.c
View File

@@ -1,355 +0,0 @@
/*
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "apps.h"
#include "progs.h"
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/asn1t.h>
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_IN, OPT_OUT, OPT_INDENT, OPT_NOOUT,
OPT_OID, OPT_OFFSET, OPT_LENGTH, OPT_DUMP, OPT_DLIMIT,
OPT_STRPARSE, OPT_GENSTR, OPT_GENCONF, OPT_STRICTPEM,
OPT_ITEM
} OPTION_CHOICE;
const OPTIONS asn1parse_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"inform", OPT_INFORM, 'F', "input format - one of DER PEM"},
{"in", OPT_IN, '<', "input file"},
{"out", OPT_OUT, '>', "output file (output format is always DER)"},
{"i", OPT_INDENT, 0, "indents the output"},
{"noout", OPT_NOOUT, 0, "do not produce any output"},
{"offset", OPT_OFFSET, 'p', "offset into file"},
{"length", OPT_LENGTH, 'p', "length of section in file"},
{"oid", OPT_OID, '<', "file of extra oid definitions"},
{"dump", OPT_DUMP, 0, "unknown data in hex form"},
{"dlimit", OPT_DLIMIT, 'p',
"dump the first arg bytes of unknown data in hex form"},
{"strparse", OPT_STRPARSE, 'p',
"offset; a series of these can be used to 'dig'"},
{OPT_MORE_STR, 0, 0, "into multiple ASN1 blob wrappings"},
{"genstr", OPT_GENSTR, 's', "string to generate ASN1 structure from"},
{"genconf", OPT_GENCONF, 's', "file to generate ASN1 structure from"},
{OPT_MORE_STR, 0, 0, "(-inform will be ignored)"},
{"strictpem", OPT_STRICTPEM, 0,
"do not attempt base64 decode outside PEM markers"},
{"item", OPT_ITEM, 's', "item to parse and print"},
{NULL}
};
static int do_generate(char *genstr, const char *genconf, BUF_MEM *buf);
int asn1parse_main(int argc, char **argv)
{
ASN1_TYPE *at = NULL;
BIO *in = NULL, *b64 = NULL, *derout = NULL;
BUF_MEM *buf = NULL;
STACK_OF(OPENSSL_STRING) *osk = NULL;
char *genstr = NULL, *genconf = NULL;
char *infile = NULL, *oidfile = NULL, *derfile = NULL;
unsigned char *str = NULL;
char *name = NULL, *header = NULL, *prog;
const unsigned char *ctmpbuf;
int indent = 0, noout = 0, dump = 0, strictpem = 0, informat = FORMAT_PEM;
int offset = 0, ret = 1, i, j;
long num, tmplen;
unsigned char *tmpbuf;
unsigned int length = 0;
OPTION_CHOICE o;
const ASN1_ITEM *it = NULL;
prog = opt_init(argc, argv, asn1parse_options);
if ((osk = sk_OPENSSL_STRING_new_null()) == NULL) {
BIO_printf(bio_err, "%s: Memory allocation failure\n", prog);
goto end;
}
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(asn1parse_options);
ret = 0;
goto end;
case OPT_INFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
goto opthelp;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUT:
derfile = opt_arg();
break;
case OPT_INDENT:
indent = 1;
break;
case OPT_NOOUT:
noout = 1;
break;
case OPT_OID:
oidfile = opt_arg();
break;
case OPT_OFFSET:
offset = strtol(opt_arg(), NULL, 0);
break;
case OPT_LENGTH:
length = strtol(opt_arg(), NULL, 0);
break;
case OPT_DUMP:
dump = -1;
break;
case OPT_DLIMIT:
dump = strtol(opt_arg(), NULL, 0);
break;
case OPT_STRPARSE:
sk_OPENSSL_STRING_push(osk, opt_arg());
break;
case OPT_GENSTR:
genstr = opt_arg();
break;
case OPT_GENCONF:
genconf = opt_arg();
break;
case OPT_STRICTPEM:
strictpem = 1;
informat = FORMAT_PEM;
break;
case OPT_ITEM:
it = ASN1_ITEM_lookup(opt_arg());
if (it == NULL) {
size_t tmp;
BIO_printf(bio_err, "Unknown item name %s\n", opt_arg());
BIO_puts(bio_err, "Supported types:\n");
for (tmp = 0;; tmp++) {
it = ASN1_ITEM_get(tmp);
if (it == NULL)
break;
BIO_printf(bio_err, " %s\n", it->sname);
}
goto end;
}
break;
}
}
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
if (oidfile != NULL) {
in = bio_open_default(oidfile, 'r', FORMAT_TEXT);
if (in == NULL)
goto end;
OBJ_create_objects(in);
BIO_free(in);
}
if ((in = bio_open_default(infile, 'r', informat)) == NULL)
goto end;
if (derfile && (derout = bio_open_default(derfile, 'w', FORMAT_ASN1)) == NULL)
goto end;
if ((buf = BUF_MEM_new()) == NULL)
goto end;
if (strictpem) {
if (PEM_read_bio(in, &name, &header, &str, &num) != 1) {
BIO_printf(bio_err, "Error reading PEM file\n");
ERR_print_errors(bio_err);
goto end;
}
buf->data = (char *)str;
buf->length = buf->max = num;
} else {
if (!BUF_MEM_grow(buf, BUFSIZ * 8))
goto end; /* Pre-allocate :-) */
if (genstr || genconf) {
num = do_generate(genstr, genconf, buf);
if (num < 0) {
ERR_print_errors(bio_err);
goto end;
}
} else {
if (informat == FORMAT_PEM) {
BIO *tmp;
if ((b64 = BIO_new(BIO_f_base64())) == NULL)
goto end;
BIO_push(b64, in);
tmp = in;
in = b64;
b64 = tmp;
}
num = 0;
for (;;) {
if (!BUF_MEM_grow(buf, num + BUFSIZ))
goto end;
i = BIO_read(in, &(buf->data[num]), BUFSIZ);
if (i <= 0)
break;
num += i;
}
}
str = (unsigned char *)buf->data;
}
/* If any structs to parse go through in sequence */
if (sk_OPENSSL_STRING_num(osk)) {
tmpbuf = str;
tmplen = num;
for (i = 0; i < sk_OPENSSL_STRING_num(osk); i++) {
ASN1_TYPE *atmp;
int typ;
j = strtol(sk_OPENSSL_STRING_value(osk, i), NULL, 0);
if (j <= 0 || j >= tmplen) {
BIO_printf(bio_err, "'%s' is out of range\n",
sk_OPENSSL_STRING_value(osk, i));
continue;
}
tmpbuf += j;
tmplen -= j;
atmp = at;
ctmpbuf = tmpbuf;
at = d2i_ASN1_TYPE(NULL, &ctmpbuf, tmplen);
ASN1_TYPE_free(atmp);
if (!at) {
BIO_printf(bio_err, "Error parsing structure\n");
ERR_print_errors(bio_err);
goto end;
}
typ = ASN1_TYPE_get(at);
if ((typ == V_ASN1_OBJECT)
|| (typ == V_ASN1_BOOLEAN)
|| (typ == V_ASN1_NULL)) {
BIO_printf(bio_err, "Can't parse %s type\n", ASN1_tag2str(typ));
ERR_print_errors(bio_err);
goto end;
}
/* hmm... this is a little evil but it works */
tmpbuf = at->value.asn1_string->data;
tmplen = at->value.asn1_string->length;
}
str = tmpbuf;
num = tmplen;
}
if (offset < 0 || offset >= num) {
BIO_printf(bio_err, "Error: offset out of range\n");
goto end;
}
num -= offset;
if (length == 0 || length > (unsigned int)num)
length = (unsigned int)num;
if (derout != NULL) {
if (BIO_write(derout, str + offset, length) != (int)length) {
BIO_printf(bio_err, "Error writing output\n");
ERR_print_errors(bio_err);
goto end;
}
}
if (!noout) {
const unsigned char *p = str + offset;
if (it != NULL) {
ASN1_VALUE *value = ASN1_item_d2i(NULL, &p, length, it);
if (value == NULL) {
BIO_printf(bio_err, "Error parsing item %s\n", it->sname);
ERR_print_errors(bio_err);
goto end;
}
ASN1_item_print(bio_out, value, 0, it, NULL);
ASN1_item_free(value, it);
} else {
if (!ASN1_parse_dump(bio_out, p, length, indent, dump)) {
ERR_print_errors(bio_err);
goto end;
}
}
}
ret = 0;
end:
BIO_free(derout);
BIO_free(in);
BIO_free(b64);
if (ret != 0)
ERR_print_errors(bio_err);
BUF_MEM_free(buf);
OPENSSL_free(name);
OPENSSL_free(header);
ASN1_TYPE_free(at);
sk_OPENSSL_STRING_free(osk);
return ret;
}
static int do_generate(char *genstr, const char *genconf, BUF_MEM *buf)
{
CONF *cnf = NULL;
int len;
unsigned char *p;
ASN1_TYPE *atyp = NULL;
if (genconf != NULL) {
if ((cnf = app_load_config(genconf)) == NULL)
goto err;
if (genstr == NULL)
genstr = NCONF_get_string(cnf, "default", "asn1");
if (genstr == NULL) {
BIO_printf(bio_err, "Can't find 'asn1' in '%s'\n", genconf);
goto err;
}
}
atyp = ASN1_generate_nconf(genstr, cnf);
NCONF_free(cnf);
cnf = NULL;
if (atyp == NULL)
return -1;
len = i2d_ASN1_TYPE(atyp, NULL);
if (len <= 0)
goto err;
if (!BUF_MEM_grow(buf, len))
goto err;
p = (unsigned char *)buf->data;
i2d_ASN1_TYPE(atyp, &p);
ASN1_TYPE_free(atyp);
return len;
err:
NCONF_free(cnf);
ASN1_TYPE_free(atyp);
return -1;
}

177
apps/bf_prefix.c
View File

@@ -1,177 +0,0 @@
/*
* Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <string.h>
#include <errno.h>
#include <openssl/bio.h>
#include "apps.h"
static int prefix_write(BIO *b, const char *out, size_t outl,
size_t *numwritten);
static int prefix_read(BIO *b, char *buf, size_t size, size_t *numread);
static int prefix_puts(BIO *b, const char *str);
static int prefix_gets(BIO *b, char *str, int size);
static long prefix_ctrl(BIO *b, int cmd, long arg1, void *arg2);
static int prefix_create(BIO *b);
static int prefix_destroy(BIO *b);
static long prefix_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp);
static BIO_METHOD *prefix_meth = NULL;
BIO_METHOD *apps_bf_prefix(void)
{
if (prefix_meth == NULL) {
if ((prefix_meth =
BIO_meth_new(BIO_TYPE_FILTER, "Prefix filter")) == NULL
|| !BIO_meth_set_create(prefix_meth, prefix_create)
|| !BIO_meth_set_destroy(prefix_meth, prefix_destroy)
|| !BIO_meth_set_write_ex(prefix_meth, prefix_write)
|| !BIO_meth_set_read_ex(prefix_meth, prefix_read)
|| !BIO_meth_set_puts(prefix_meth, prefix_puts)
|| !BIO_meth_set_gets(prefix_meth, prefix_gets)
|| !BIO_meth_set_ctrl(prefix_meth, prefix_ctrl)
|| !BIO_meth_set_callback_ctrl(prefix_meth, prefix_callback_ctrl)) {
BIO_meth_free(prefix_meth);
prefix_meth = NULL;
}
}
return prefix_meth;
}
typedef struct prefix_ctx_st {
char *prefix;
int linestart; /* flag to indicate we're at the line start */
} PREFIX_CTX;
static int prefix_create(BIO *b)
{
PREFIX_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
if (ctx == NULL)
return 0;
ctx->prefix = NULL;
ctx->linestart = 1;
BIO_set_data(b, ctx);
BIO_set_init(b, 1);
return 1;
}
static int prefix_destroy(BIO *b)
{
PREFIX_CTX *ctx = BIO_get_data(b);
OPENSSL_free(ctx->prefix);
OPENSSL_free(ctx);
return 1;
}
static int prefix_read(BIO *b, char *in, size_t size, size_t *numread)
{
return BIO_read_ex(BIO_next(b), in, size, numread);
}
static int prefix_write(BIO *b, const char *out, size_t outl,
size_t *numwritten)
{
PREFIX_CTX *ctx = BIO_get_data(b);
if (ctx == NULL)
return 0;
/* If no prefix is set or if it's empty, we've got nothing to do here */
if (ctx->prefix == NULL || *ctx->prefix == '\0') {
/* We do note if what comes next will be a new line, though */
if (outl > 0)
ctx->linestart = (out[outl-1] == '\n');
return BIO_write_ex(BIO_next(b), out, outl, numwritten);
}
*numwritten = 0;
while (outl > 0) {
size_t i;
char c;
/* If we know that we're at the start of the line, output the prefix */
if (ctx->linestart) {
size_t dontcare;
if (!BIO_write_ex(BIO_next(b), ctx->prefix, strlen(ctx->prefix),
&dontcare))
return 0;
ctx->linestart = 0;
}
/* Now, go look for the next LF, or the end of the string */
for (i = 0, c = '\0'; i < outl && (c = out[i]) != '\n'; i++)
continue;
if (c == '\n')
i++;
/* Output what we found so far */
while (i > 0) {
size_t num = 0;
if (!BIO_write_ex(BIO_next(b), out, i, &num))
return 0;
out += num;
outl -= num;
*numwritten += num;
i -= num;
}
/* If we found a LF, what follows is a new line, so take note */
if (c == '\n')
ctx->linestart = 1;
}
return 1;
}
static long prefix_ctrl(BIO *b, int cmd, long num, void *ptr)
{
long ret = 0;
switch (cmd) {
case PREFIX_CTRL_SET_PREFIX:
{
PREFIX_CTX *ctx = BIO_get_data(b);
if (ctx == NULL)
break;
OPENSSL_free(ctx->prefix);
ctx->prefix = OPENSSL_strdup((const char *)ptr);
ret = ctx->prefix != NULL;
}
break;
default:
if (BIO_next(b) != NULL)
ret = BIO_ctrl(BIO_next(b), cmd, num, ptr);
break;
}
return ret;
}
static long prefix_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
{
return BIO_callback_ctrl(BIO_next(b), cmd, fp);
}
static int prefix_gets(BIO *b, char *buf, int size)
{
return BIO_gets(BIO_next(b), buf, size);
}
static int prefix_puts(BIO *b, const char *str)
{
return BIO_write(b, str, strlen(str));
}

79
apps/build.info
View File

@@ -1,79 +0,0 @@
{- our @apps_openssl_src =
qw(openssl.c
asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c dgst.c
enc.c errstr.c
genpkey.c nseq.c passwd.c pkcs7.c pkcs8.c
pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c
s_client.c s_server.c s_time.c sess_id.c smime.c speed.c spkac.c
verify.c version.c x509.c rehash.c storeutl.c);
our @apps_lib_src =
( qw(apps.c opt.c s_cb.c s_socket.c app_rand.c bf_prefix.c),
split(/\s+/, $target{apps_aux_src}) );
our @apps_init_src = split(/\s+/, $target{apps_init_src});
"" -}
IF[{- !$disabled{apps} -}]
LIBS_NO_INST=libapps.a
SOURCE[libapps.a]={- join(" ", @apps_lib_src) -}
INCLUDE[libapps.a]=.. ../include
PROGRAMS=openssl
SOURCE[openssl]={- join(" ", @apps_init_src) -}
SOURCE[openssl]={- join(" ", @apps_openssl_src) -}
INCLUDE[openssl]=.. ../include
DEPEND[openssl]=libapps.a ../libssl
IF[{- !$disabled{'des'} -}]
SOURCE[openssl]=pkcs12.c
DEPEND[pkcs12.o]=progs.h
ENDIF
IF[{- !$disabled{'ec'} -}]
SOURCE[openssl]=ec.c ecparam.c
DEPEND[ec.o]=progs.h
DEPEND[ecparam.o]=progs.h
ENDIF
IF[{- !$disabled{'ocsp'} -}]
SOURCE[openssl]=ocsp.c
DEPEND[ocsp.o]=progs.h
ENDIF
IF[{- !$disabled{'srp'} -}]
SOURCE[openssl]=srp.c
DEPEND[srp.o]=progs.h
ENDIF
IF[{- !$disabled{'ts'} -}]
SOURCE[openssl]=ts.c
DEPEND[ts.o]=progs.h
ENDIF
IF[{- !$disabled{'dh'} -}]
SOURCE[openssl]=dhparam.c
DEPEND[dhparam.o]=progs.h
ENDIF
IF[{- !$disabled{'dsa'} -}]
SOURCE[openssl]=dsa.c dsaparam.c gendsa.c
DEPEND[dsa.o]=progs.h
DEPEND[dsaparam.o]=progs.h
DEPEND[gendsa.o]=progs.h
ENDIF
IF[{- !$disabled{'engine'} -}]
SOURCE[openssl]=engine.c
DEPEND[engine.o]=progs.h
ENDIF
IF[{- !$disabled{'rsa'} -}]
SOURCE[openssl]=rsa.c rsautl.c genrsa.c
DEPEND[rsa.o]=progs.h
DEPEND[rsautl.o]=progs.h
DEPEND[genrsa.o]=progs.h
ENDIF
IF[{- $config{target} =~ /^(?:Cygwin|mingw|VC-)/ -}]
GENERATE[openssl.rc]=../util/mkrc.pl openssl
SOURCE[openssl]=openssl.rc
ENDIF
{- join("\n ", map { (my $x = $_) =~ s|\.c$|.o|; "DEPEND[$x]=progs.h" }
@apps_openssl_src) -}
GENERATE[progs.h]=progs.pl $(APPS_OPENSSL)
DEPEND[progs.h]=../configdata.pm
SCRIPTS=CA.pl tsget.pl
SOURCE[CA.pl]=CA.pl.in
SOURCE[tsget.pl]=tsget.in
ENDIF

1
apps/ca-cert.srl
View File

@@ -1 +0,0 @@
07

16
apps/ca-key.pem
View File

@@ -1,16 +0,0 @@
-----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAL4tQNyKy4U2zX6l
IZvORB1edmwMwIgSB4cgoFECrG5pixzYxKauZkAwKG9/+L4DB8qXRjfXWcvafcOU
DlYpRROykJ7wGkiqmqbZyrxY8DWjk5ZZQXiSuhYOAJB+Fyfb11JZV6+CvBQX/1g+
vhJr39Gmp6oAesoYrj90ecozClmnAgMBAAECgYA3j6sSg+5f9hnldUMzbPjTh8Sb
XsJlPrc6UFrmMBzGiUleXSpe9Dbla+x0XvQCN4pwMvAN4nnWp/f0Su5BV/9Y93nb
im5ijGNrfN9i6QrnqGCr+MMute+4E8HR2pCScX0mBLDDf40SmDvMzCaxtd21keyr
9DqHgInQZNEi6NKlkQJBAPCbUTFg6iQ6VTCQ8CsEf5q2xHhuTK23fJ999lvWVxN7
QsvWb9RP9Ng34HVtvB7Pl6P7FyHLQYiDJhhvYR0L0+kCQQDKV/09Kt6Wjf5Omp1I
wd3A+tFnipdqnPw+qNHGjevv0hYiEIWQOYbx00zXgaX+WN/pzV9eeNN2XAxlNJ++
dxcPAkBrzeuPKFFAcjKBVC+H1rgl5gYZv7Hzk+buv02G0H6rZ+sB0c7BXiHiTwbv
Fn/XfkP/YR14Ms3mEH0dLaphjU8hAkEAh3Ar/rRiN04mCcEuRFQXtaNtZSv8PA2G
Pf7MI2Y9pdHupLCAZlBLRjTUO2/5hu1AO4QPMPIZQSFN3rRBtMCL+wJAMp/m2hvI
TmtbMp/IrKGfma09e3yFiCmoNn7cHLJ7jLvXcacV2XNzpr9YHfBxiZo0g9FqZKvv
PZoQ5B2XJ7bhTQ==
-----END PRIVATE KEY-----

11
apps/ca-req.pem
View File

@@ -1,11 +0,0 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIBmzCCAQQCAQAwWzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClF1ZWVuc2xhbmQx
GjAYBgNVBAoMEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDDBJUZXN0IENBICgx
MDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL4tQNyKy4U2zX6l
IZvORB1edmwMwIgSB4cgoFECrG5pixzYxKauZkAwKG9/+L4DB8qXRjfXWcvafcOU
DlYpRROykJ7wGkiqmqbZyrxY8DWjk5ZZQXiSuhYOAJB+Fyfb11JZV6+CvBQX/1g+
vhJr39Gmp6oAesoYrj90ecozClmnAgMBAAGgADANBgkqhkiG9w0BAQsFAAOBgQCo
2jE7J1SNV7kyRm9m8CoPw8xYsuVcVFxPheBymYp8BlO0/rSdYygRjobpYnLVRUPZ
pV792wzT1Rp4sXfZWO10lkFY4yi0pH2cdK2RX7qedibV1Xu9vt/yYANFBKVpA4dy
PRyTQwi3In1N8hdfddpYR8f5MIUYRe5poFMIJcf8JA==
-----END CERTIFICATE REQUEST-----

2595
apps/ca.c
View File

File diff suppressed because it is too large Load Diff

11
apps/cert.pem
View File

@@ -1,11 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIBoDCCAUoCAQAwDQYJKoZIhvcNAQEEBQAwYzELMAkGA1UEBhMCQVUxEzARBgNV
BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYD
VQQDExpTZXJ2ZXIgdGVzdCBjZXJ0ICg1MTIgYml0KTAeFw05NzA5MDkwMzQxMjZa
Fw05NzEwMDkwMzQxMjZaMF4xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0
YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxFzAVBgNVBAMT
DkVyaWMgdGhlIFlvdW5nMFEwCQYFKw4DAgwFAANEAAJBALVEqPODnpI4rShlY8S7
tB713JNvabvn6Gned7zylwLLiXQAo/PAT6mfdWPTyCX9RlId/Aroh1ou893BA32Q
sggwDQYJKoZIhvcNAQEEBQADQQCU5SSgapJSdRXJoX+CpCvFy+JVh9HpSjCpSNKO
19raHv98hKAUJuP9HyM+SUsffO6mAIgitUaqW8/wDMePhEC3
-----END CERTIFICATE-----

266
apps/ciphers.c
View File

@@ -1,266 +0,0 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "apps.h"
#include "progs.h"
#include <openssl/err.h>
#include <openssl/ssl.h>
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_STDNAME,
OPT_CONVERT,
OPT_SSL3,
OPT_TLS1,
OPT_TLS1_1,
OPT_TLS1_2,
OPT_TLS1_3,
OPT_PSK,
OPT_SRP,
OPT_CIPHERSUITES,
OPT_V, OPT_UPPER_V, OPT_S
} OPTION_CHOICE;
const OPTIONS ciphers_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers"},
{"V", OPT_UPPER_V, '-', "Even more verbose"},
{"s", OPT_S, '-', "Only supported ciphers"},
#ifndef OPENSSL_NO_SSL3
{"ssl3", OPT_SSL3, '-', "SSL3 mode"},
#endif
#ifndef OPENSSL_NO_TLS1
{"tls1", OPT_TLS1, '-', "TLS1 mode"},
#endif
#ifndef OPENSSL_NO_TLS1_1
{"tls1_1", OPT_TLS1_1, '-', "TLS1.1 mode"},
#endif
#ifndef OPENSSL_NO_TLS1_2
{"tls1_2", OPT_TLS1_2, '-', "TLS1.2 mode"},
#endif
#ifndef OPENSSL_NO_TLS1_3
{"tls1_3", OPT_TLS1_3, '-', "TLS1.3 mode"},
#endif
{"stdname", OPT_STDNAME, '-', "Show standard cipher names"},
#ifndef OPENSSL_NO_PSK
{"psk", OPT_PSK, '-', "include ciphersuites requiring PSK"},
#endif
#ifndef OPENSSL_NO_SRP
{"srp", OPT_SRP, '-', "include ciphersuites requiring SRP"},
#endif
{"convert", OPT_CONVERT, 's', "Convert standard name into OpenSSL name"},
{"ciphersuites", OPT_CIPHERSUITES, 's',
"Configure the TLSv1.3 ciphersuites to use"},
{NULL}
};
#ifndef OPENSSL_NO_PSK
static unsigned int dummy_psk(SSL *ssl, const char *hint, char *identity,
unsigned int max_identity_len,
unsigned char *psk,
unsigned int max_psk_len)
{
return 0;
}
#endif
#ifndef OPENSSL_NO_SRP
static char *dummy_srp(SSL *ssl, void *arg)
{
return "";
}
#endif
int ciphers_main(int argc, char **argv)
{
SSL_CTX *ctx = NULL;
SSL *ssl = NULL;
STACK_OF(SSL_CIPHER) *sk = NULL;
const SSL_METHOD *meth = TLS_server_method();
int ret = 1, i, verbose = 0, Verbose = 0, use_supported = 0;
int stdname = 0;
#ifndef OPENSSL_NO_PSK
int psk = 0;
#endif
#ifndef OPENSSL_NO_SRP
int srp = 0;
#endif
const char *p;
char *ciphers = NULL, *prog, *convert = NULL, *ciphersuites = NULL;
char buf[512];
OPTION_CHOICE o;
int min_version = 0, max_version = 0;
prog = opt_init(argc, argv, ciphers_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(ciphers_options);
ret = 0;
goto end;
case OPT_V:
verbose = 1;
break;
case OPT_UPPER_V:
verbose = Verbose = 1;
break;
case OPT_S:
use_supported = 1;
break;
case OPT_STDNAME:
stdname = verbose = 1;
break;
case OPT_CONVERT:
convert = opt_arg();
break;
case OPT_SSL3:
min_version = SSL3_VERSION;
max_version = SSL3_VERSION;
break;
case OPT_TLS1:
min_version = TLS1_VERSION;
max_version = TLS1_VERSION;
break;
case OPT_TLS1_1:
min_version = TLS1_1_VERSION;
max_version = TLS1_1_VERSION;
break;
case OPT_TLS1_2:
min_version = TLS1_2_VERSION;
max_version = TLS1_2_VERSION;
break;
case OPT_TLS1_3:
min_version = TLS1_3_VERSION;
max_version = TLS1_3_VERSION;
break;
case OPT_PSK:
#ifndef OPENSSL_NO_PSK
psk = 1;
#endif
break;
case OPT_SRP:
#ifndef OPENSSL_NO_SRP
srp = 1;
#endif
break;
case OPT_CIPHERSUITES:
ciphersuites = opt_arg();
break;
}
}
argv = opt_rest();
argc = opt_num_rest();
if (argc == 1)
ciphers = *argv;
else if (argc != 0)
goto opthelp;
if (convert != NULL) {
BIO_printf(bio_out, "OpenSSL cipher name: %s\n",
OPENSSL_cipher_name(convert));
goto end;
}
ctx = SSL_CTX_new(meth);
if (ctx == NULL)
goto err;
if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
goto err;
if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
goto err;
#ifndef OPENSSL_NO_PSK
if (psk)
SSL_CTX_set_psk_client_callback(ctx, dummy_psk);
#endif
#ifndef OPENSSL_NO_SRP
if (srp)
SSL_CTX_set_srp_client_pwd_callback(ctx, dummy_srp);
#endif
if (ciphersuites != NULL && !SSL_CTX_set_ciphersuites(ctx, ciphersuites)) {
BIO_printf(bio_err, "Error setting TLSv1.3 ciphersuites\n");
goto err;
}
if (ciphers != NULL) {
if (!SSL_CTX_set_cipher_list(ctx, ciphers)) {
BIO_printf(bio_err, "Error in cipher list\n");
goto err;
}
}
ssl = SSL_new(ctx);
if (ssl == NULL)
goto err;
if (use_supported)
sk = SSL_get1_supported_ciphers(ssl);
else
sk = SSL_get_ciphers(ssl);
if (!verbose) {
for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i);
p = SSL_CIPHER_get_name(c);
if (p == NULL)
break;
if (i != 0)
BIO_printf(bio_out, ":");
BIO_printf(bio_out, "%s", p);
}
BIO_printf(bio_out, "\n");
} else {
for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
const SSL_CIPHER *c;
c = sk_SSL_CIPHER_value(sk, i);
if (Verbose) {
unsigned long id = SSL_CIPHER_get_id(c);
int id0 = (int)(id >> 24);
int id1 = (int)((id >> 16) & 0xffL);
int id2 = (int)((id >> 8) & 0xffL);
int id3 = (int)(id & 0xffL);
if ((id & 0xff000000L) == 0x03000000L)
BIO_printf(bio_out, " 0x%02X,0x%02X - ", id2, id3); /* SSL3
* cipher */
else
BIO_printf(bio_out, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */
}
if (stdname) {
const char *nm = SSL_CIPHER_standard_name(c);
if (nm == NULL)
nm = "UNKNOWN";
BIO_printf(bio_out, "%s - ", nm);
}
BIO_puts(bio_out, SSL_CIPHER_description(c, buf, sizeof(buf)));
}
}
ret = 0;
goto end;
err:
ERR_print_errors(bio_err);
end:
if (use_supported)
sk_SSL_CIPHER_free(sk);
SSL_CTX_free(ctx);
SSL_free(ssl);
return ret;
}

52
apps/client.pem
View File

@@ -1,52 +0,0 @@
subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Client Cert
issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA
-----BEGIN CERTIFICATE-----
MIID5zCCAs+gAwIBAgIJALnu1NlVpZ6yMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt
ZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoXDTIxMTAxNjE0MDE0OFowZDELMAkG
A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU
RVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgQ2xpZW50IENlcnQw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0ranbHRLcLVqN+0BzcZpY
+yOLqxzDWT1LD9eW1stC4NzXX9/DCtSIVyN7YIHdGLrIPr64IDdXXaMRzgZ2rOKs
lmHCAiFpO/ja99gGCJRxH0xwQatqAULfJVHeUhs7OEGOZc2nWifjqKvGfNTilP7D
nwi69ipQFq9oS19FmhwVHk2wg7KZGHI1qDyG04UrfCZMRitvS9+UVhPpIPjuiBi2
x3/FZIpL5gXJvvFK6xHY63oq2asyzBATntBgnP4qJFWWcvRx24wF1PnZabxuVoL2
bPnQ/KvONDrw3IdqkKhYNTul7jEcu3OlcZIMw+7DiaKJLAzKb/bBF5gm/pwW6As9
AgMBAAGjgY8wgYwwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwLAYJYIZI
AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
BBSZHKyLoTh7Mb409Zn/mK1ceSDAjDAfBgNVHSMEGDAWgBQ2w2yI55X+sL3szj49
hqshgYfa2jANBgkqhkiG9w0BAQUFAAOCAQEAD0mL7PtPYgCEuDyOQSbLpeND5hVS
curxQdGnrJ6Acrhodb7E9ccATokeb0PLx6HBLQUicxhTZIQ9FbO43YkQcOU6C3BB
IlwskqmtN6+VmrQzNolHCDzvxNZs9lYL2VbGPGqVRyjZeHpoAlf9cQr8PgDb4d4b
vUx2KAhHQvV2nkmYvKyXcgnRuHggumF87mkxidriGAEFwH4qfOqetUg64WyxP7P2
QLipm04SyQa7ONtIApfVXgHcE42Py4/f4arzCzMjKe3VyhGkS7nsT55X/fWgTaRm
CQPkO+H94P958WTvQDt77bQ+D3IvYaVvfil8n6HJMOJfFT0LJuSUbpSXJg==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAtK2p2x0S3C1ajftAc3GaWPsji6scw1k9Sw/XltbLQuDc11/f
wwrUiFcje2CB3Ri6yD6+uCA3V12jEc4GdqzirJZhwgIhaTv42vfYBgiUcR9McEGr
agFC3yVR3lIbOzhBjmXNp1on46irxnzU4pT+w58IuvYqUBavaEtfRZocFR5NsIOy
mRhyNag8htOFK3wmTEYrb0vflFYT6SD47ogYtsd/xWSKS+YFyb7xSusR2Ot6Ktmr
MswQE57QYJz+KiRVlnL0cduMBdT52Wm8blaC9mz50PyrzjQ68NyHapCoWDU7pe4x
HLtzpXGSDMPuw4miiSwMym/2wReYJv6cFugLPQIDAQABAoIBAAZOyc9MhIwLSU4L
p4RgQvM4UVVe8/Id+3XTZ8NsXExJbWxXfIhiqGjaIfL8u4vsgRjcl+v1s/jo2/iT
KMab4o4D8gXD7UavQVDjtjb/ta79WL3SjRl2Uc9YjjMkyq6WmDNQeo2NKDdafCTB
1uzSJtLNipB8Z53ELPuHJhxX9QMHrMnuha49riQgXZ7buP9iQrHJFhImBjSzbxJx
L+TI6rkyLSf9Wi0Pd3L27Ob3QWNfNRYNSeTE+08eSRChkur5W0RuXAcuAICdQlCl
LBvWO/LmmvbzCqiDcgy/TliSb6CGGwgiNG7LJZmlkYNj8laGwalNlYZs3UrVv6NO
Br2loAECgYEA2kvCvPGj0Dg/6g7WhXDvAkEbcaL1tSeCxBbNH+6HS2UWMWvyTtCn
/bbD519QIdkvayy1QjEf32GV/UjUVmlULMLBcDy0DGjtL3+XpIhLKWDNxN1v1/ai
1oz23ZJCOgnk6K4qtFtlRS1XtynjA+rBetvYvLP9SKeFrnpzCgaA2r0CgYEA0+KX
1ACXDTNH5ySX3kMjSS9xdINf+OOw4CvPHFwbtc9aqk2HePlEsBTz5I/W3rKwXva3
NqZ/bRqVVeZB/hHKFywgdUQk2Uc5z/S7Lw70/w1HubNTXGU06Ngb6zOFAo/o/TwZ
zTP1BMIKSOB6PAZPS3l+aLO4FRIRotfFhgRHOoECgYEAmiZbqt8cJaJDB/5YYDzC
mp3tSk6gIb936Q6M5VqkMYp9pIKsxhk0N8aDCnTU+kIK6SzWBpr3/d9Ecmqmfyq7
5SvWO3KyVf0WWK9KH0abhOm2BKm2HBQvI0DB5u8sUx2/hsvOnjPYDISbZ11t0MtK
u35Zy89yMYcSsIYJjG/ROCUCgYEAgI2P9G5PNxEP5OtMwOsW84Y3Xat/hPAQFlI+
HES+AzbFGWJkeT8zL2nm95tVkFP1sggZ7Kxjz3w7cpx7GX0NkbWSE9O+T51pNASV
tN1sQ3p5M+/a+cnlqgfEGJVvc7iAcXQPa3LEi5h2yPR49QYXAgG6cifn3dDSpmwn
SUI7PQECgYEApGCIIpSRPLAEHTGmP87RBL1smurhwmy2s/pghkvUkWehtxg0sGHh
kuaqDWcskogv+QC0sVdytiLSz8G0DwcEcsHK1Fkyb8A+ayiw6jWJDo2m9+IF4Fww
1Te6jFPYDESnbhq7+TLGgHGhtwcu5cnb4vSuYXGXKupZGzoLOBbv1Zw=
-----END RSA PRIVATE KEY-----

1292
apps/cms.c
View File

File diff suppressed because it is too large Load Diff

342
apps/crl.c
View File

@@ -1,342 +0,0 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "apps.h"
#include "progs.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/pem.h>
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_IN, OPT_OUTFORM, OPT_OUT, OPT_KEYFORM, OPT_KEY,
OPT_ISSUER, OPT_LASTUPDATE, OPT_NEXTUPDATE, OPT_FINGERPRINT,
OPT_CRLNUMBER, OPT_BADSIG, OPT_GENDELTA, OPT_CAPATH, OPT_CAFILE,
OPT_NOCAPATH, OPT_NOCAFILE, OPT_VERIFY, OPT_TEXT, OPT_HASH, OPT_HASH_OLD,
OPT_NOOUT, OPT_NAMEOPT, OPT_MD
} OPTION_CHOICE;
const OPTIONS crl_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"inform", OPT_INFORM, 'F', "Input format; default PEM"},
{"in", OPT_IN, '<', "Input file - default stdin"},
{"outform", OPT_OUTFORM, 'F', "Output format - default PEM"},
{"out", OPT_OUT, '>', "output file - default stdout"},
{"keyform", OPT_KEYFORM, 'F', "Private key file format (PEM or ENGINE)"},
{"key", OPT_KEY, '<', "CRL signing Private key to use"},
{"issuer", OPT_ISSUER, '-', "Print issuer DN"},
{"lastupdate", OPT_LASTUPDATE, '-', "Set lastUpdate field"},
{"nextupdate", OPT_NEXTUPDATE, '-', "Set nextUpdate field"},
{"noout", OPT_NOOUT, '-', "No CRL output"},
{"fingerprint", OPT_FINGERPRINT, '-', "Print the crl fingerprint"},
{"crlnumber", OPT_CRLNUMBER, '-', "Print CRL number"},
{"badsig", OPT_BADSIG, '-', "Corrupt last byte of loaded CRL signature (for test)" },
{"gendelta", OPT_GENDELTA, '<', "Other CRL to compare/diff to the Input one"},
{"CApath", OPT_CAPATH, '/', "Verify CRL using certificates in dir"},
{"CAfile", OPT_CAFILE, '<', "Verify CRL using certificates in file name"},
{"no-CAfile", OPT_NOCAFILE, '-',
"Do not load the default certificates file"},
{"no-CApath", OPT_NOCAPATH, '-',
"Do not load certificates from the default certificates directory"},
{"verify", OPT_VERIFY, '-', "Verify CRL signature"},
{"text", OPT_TEXT, '-', "Print out a text format version"},
{"hash", OPT_HASH, '-', "Print hash value"},
{"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"},
{"", OPT_MD, '-', "Any supported digest"},
#ifndef OPENSSL_NO_MD5
{"hash_old", OPT_HASH_OLD, '-', "Print old-style (MD5) hash value"},
#endif
{NULL}
};
int crl_main(int argc, char **argv)
{
X509_CRL *x = NULL;
BIO *out = NULL;
X509_STORE *store = NULL;
X509_STORE_CTX *ctx = NULL;
X509_LOOKUP *lookup = NULL;
X509_OBJECT *xobj = NULL;
EVP_PKEY *pkey;
const EVP_MD *digest = EVP_sha1();
char *infile = NULL, *outfile = NULL, *crldiff = NULL, *keyfile = NULL;
const char *CAfile = NULL, *CApath = NULL, *prog;
OPTION_CHOICE o;
int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout = 0;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyformat = FORMAT_PEM;
int ret = 1, num = 0, badsig = 0, fingerprint = 0, crlnumber = 0;
int text = 0, do_ver = 0, noCAfile = 0, noCApath = 0;
int i;
#ifndef OPENSSL_NO_MD5
int hash_old = 0;
#endif
prog = opt_init(argc, argv, crl_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(crl_options);
ret = 0;
goto end;
case OPT_INFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
goto opthelp;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUTFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
goto opthelp;
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_KEYFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &keyformat))
goto opthelp;
break;
case OPT_KEY:
keyfile = opt_arg();
break;
case OPT_GENDELTA:
crldiff = opt_arg();
break;
case OPT_CAPATH:
CApath = opt_arg();
do_ver = 1;
break;
case OPT_CAFILE:
CAfile = opt_arg();
do_ver = 1;
break;
case OPT_NOCAPATH:
noCApath = 1;
break;
case OPT_NOCAFILE:
noCAfile = 1;
break;
case OPT_HASH_OLD:
#ifndef OPENSSL_NO_MD5
hash_old = ++num;
#endif
break;
case OPT_VERIFY:
do_ver = 1;
break;
case OPT_TEXT:
text = 1;
break;
case OPT_HASH:
hash = ++num;
break;
case OPT_ISSUER:
issuer = ++num;
break;
case OPT_LASTUPDATE:
lastupdate = ++num;
break;
case OPT_NEXTUPDATE:
nextupdate = ++num;
break;
case OPT_NOOUT:
noout = ++num;
break;
case OPT_FINGERPRINT:
fingerprint = ++num;
break;
case OPT_CRLNUMBER:
crlnumber = ++num;
break;
case OPT_BADSIG:
badsig = 1;
break;
case OPT_NAMEOPT:
if (!set_nameopt(opt_arg()))
goto opthelp;
break;
case OPT_MD:
if (!opt_md(opt_unknown(), &digest))
goto opthelp;
}
}
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
x = load_crl(infile, informat);
if (x == NULL)
goto end;
if (do_ver) {
if ((store = setup_verify(CAfile, CApath, noCAfile, noCApath)) == NULL)
goto end;
lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
if (lookup == NULL)
goto end;
ctx = X509_STORE_CTX_new();
if (ctx == NULL || !X509_STORE_CTX_init(ctx, store, NULL, NULL)) {
BIO_printf(bio_err, "Error initialising X509 store\n");
goto end;
}
xobj = X509_STORE_CTX_get_obj_by_subject(ctx, X509_LU_X509,
X509_CRL_get_issuer(x));
if (xobj == NULL) {
BIO_printf(bio_err, "Error getting CRL issuer certificate\n");
goto end;
}
pkey = X509_get_pubkey(X509_OBJECT_get0_X509(xobj));
X509_OBJECT_free(xobj);
if (!pkey) {
BIO_printf(bio_err, "Error getting CRL issuer public key\n");
goto end;
}
i = X509_CRL_verify(x, pkey);
EVP_PKEY_free(pkey);
if (i < 0)
goto end;
if (i == 0)
BIO_printf(bio_err, "verify failure\n");
else
BIO_printf(bio_err, "verify OK\n");
}
if (crldiff) {
X509_CRL *newcrl, *delta;
if (!keyfile) {
BIO_puts(bio_err, "Missing CRL signing key\n");
goto end;
}
newcrl = load_crl(crldiff, informat);
if (!newcrl)
goto end;
pkey = load_key(keyfile, keyformat, 0, NULL, NULL, "CRL signing key");
if (!pkey) {
X509_CRL_free(newcrl);
goto end;
}
delta = X509_CRL_diff(x, newcrl, pkey, digest, 0);
X509_CRL_free(newcrl);
EVP_PKEY_free(pkey);
if (delta) {
X509_CRL_free(x);
x = delta;
} else {
BIO_puts(bio_err, "Error creating delta CRL\n");
goto end;
}
}
if (badsig) {
const ASN1_BIT_STRING *sig;
X509_CRL_get0_signature(x, &sig, NULL);
corrupt_signature(sig);
}
if (num) {
for (i = 1; i <= num; i++) {
if (issuer == i) {
print_name(bio_out, "issuer=", X509_CRL_get_issuer(x),
get_nameopt());
}
if (crlnumber == i) {
ASN1_INTEGER *crlnum;
crlnum = X509_CRL_get_ext_d2i(x, NID_crl_number, NULL, NULL);
BIO_printf(bio_out, "crlNumber=");
if (crlnum) {
i2a_ASN1_INTEGER(bio_out, crlnum);
ASN1_INTEGER_free(crlnum);
} else
BIO_puts(bio_out, "<NONE>");
BIO_printf(bio_out, "\n");
}
if (hash == i) {
BIO_printf(bio_out, "%08lx\n",
X509_NAME_hash(X509_CRL_get_issuer(x)));
}
#ifndef OPENSSL_NO_MD5
if (hash_old == i) {
BIO_printf(bio_out, "%08lx\n",
X509_NAME_hash_old(X509_CRL_get_issuer(x)));
}
#endif
if (lastupdate == i) {
BIO_printf(bio_out, "lastUpdate=");
ASN1_TIME_print(bio_out, X509_CRL_get0_lastUpdate(x));
BIO_printf(bio_out, "\n");
}
if (nextupdate == i) {
BIO_printf(bio_out, "nextUpdate=");
if (X509_CRL_get0_nextUpdate(x))
ASN1_TIME_print(bio_out, X509_CRL_get0_nextUpdate(x));
else
BIO_printf(bio_out, "NONE");
BIO_printf(bio_out, "\n");
}
if (fingerprint == i) {
int j;
unsigned int n;
unsigned char md[EVP_MAX_MD_SIZE];
if (!X509_CRL_digest(x, digest, md, &n)) {
BIO_printf(bio_err, "out of memory\n");
goto end;
}
BIO_printf(bio_out, "%s Fingerprint=",
OBJ_nid2sn(EVP_MD_type(digest)));
for (j = 0; j < (int)n; j++) {
BIO_printf(bio_out, "%02X%c", md[j], (j + 1 == (int)n)
? '\n' : ':');
}
}
}
}
out = bio_open_default(outfile, 'w', outformat);
if (out == NULL)
goto end;
if (text)
X509_CRL_print_ex(out, x, get_nameopt());
if (noout) {
ret = 0;
goto end;
}
if (outformat == FORMAT_ASN1)
i = (int)i2d_X509_CRL_bio(out, x);
else
i = PEM_write_bio_X509_CRL(out, x);
if (!i) {
BIO_printf(bio_err, "unable to write CRL\n");
goto end;
}
ret = 0;
end:
if (ret != 0)
ERR_print_errors(bio_err);
BIO_free_all(out);
X509_CRL_free(x);
X509_STORE_CTX_free(ctx);
X509_STORE_free(store);
return ret;
}

219
apps/crl2p7.c
View File

@@ -1,219 +0,0 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include "apps.h"
#include "progs.h"
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pkcs7.h>
#include <openssl/pem.h>
#include <openssl/objects.h>
static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile);
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_NOCRL, OPT_CERTFILE
} OPTION_CHOICE;
const OPTIONS crl2pkcs7_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"inform", OPT_INFORM, 'F', "Input format - DER or PEM"},
{"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
{"in", OPT_IN, '<', "Input file"},
{"out", OPT_OUT, '>', "Output file"},
{"nocrl", OPT_NOCRL, '-', "No crl to load, just certs from '-certfile'"},
{"certfile", OPT_CERTFILE, '<',
"File of chain of certs to a trusted CA; can be repeated"},
{NULL}
};
int crl2pkcs7_main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL;
PKCS7 *p7 = NULL;
PKCS7_SIGNED *p7s = NULL;
STACK_OF(OPENSSL_STRING) *certflst = NULL;
STACK_OF(X509) *cert_stack = NULL;
STACK_OF(X509_CRL) *crl_stack = NULL;
X509_CRL *crl = NULL;
char *infile = NULL, *outfile = NULL, *prog, *certfile;
int i = 0, informat = FORMAT_PEM, outformat = FORMAT_PEM, ret = 1, nocrl =
0;
OPTION_CHOICE o;
prog = opt_init(argc, argv, crl2pkcs7_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(crl2pkcs7_options);
ret = 0;
goto end;
case OPT_INFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
goto opthelp;
break;
case OPT_OUTFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
goto opthelp;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_NOCRL:
nocrl = 1;
break;
case OPT_CERTFILE:
if ((certflst == NULL)
&& (certflst = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
if (!sk_OPENSSL_STRING_push(certflst, opt_arg()))
goto end;
break;
}
}
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
if (!nocrl) {
in = bio_open_default(infile, 'r', informat);
if (in == NULL)
goto end;
if (informat == FORMAT_ASN1)
crl = d2i_X509_CRL_bio(in, NULL);
else if (informat == FORMAT_PEM)
crl = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
if (crl == NULL) {
BIO_printf(bio_err, "unable to load CRL\n");
ERR_print_errors(bio_err);
goto end;
}
}
if ((p7 = PKCS7_new()) == NULL)
goto end;
if ((p7s = PKCS7_SIGNED_new()) == NULL)
goto end;
p7->type = OBJ_nid2obj(NID_pkcs7_signed);
p7->d.sign = p7s;
p7s->contents->type = OBJ_nid2obj(NID_pkcs7_data);
if (!ASN1_INTEGER_set(p7s->version, 1))
goto end;
if (crl != NULL) {
if ((crl_stack = sk_X509_CRL_new_null()) == NULL)
goto end;
p7s->crl = crl_stack;
sk_X509_CRL_push(crl_stack, crl);
crl = NULL; /* now part of p7 for OPENSSL_freeing */
}
if (certflst != NULL) {
if ((cert_stack = sk_X509_new_null()) == NULL)
goto end;
p7s->cert = cert_stack;
for (i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) {
certfile = sk_OPENSSL_STRING_value(certflst, i);
if (add_certs_from_file(cert_stack, certfile) < 0) {
BIO_printf(bio_err, "error loading certificates\n");
ERR_print_errors(bio_err);
goto end;
}
}
}
out = bio_open_default(outfile, 'w', outformat);
if (out == NULL)
goto end;
if (outformat == FORMAT_ASN1)
i = i2d_PKCS7_bio(out, p7);
else if (outformat == FORMAT_PEM)
i = PEM_write_bio_PKCS7(out, p7);
if (!i) {
BIO_printf(bio_err, "unable to write pkcs7 object\n");
ERR_print_errors(bio_err);
goto end;
}
ret = 0;
end:
sk_OPENSSL_STRING_free(certflst);
BIO_free(in);
BIO_free_all(out);
PKCS7_free(p7);
X509_CRL_free(crl);
return ret;
}
/*-
*----------------------------------------------------------------------
* int add_certs_from_file
*
* Read a list of certificates to be checked from a file.
*
* Results:
* number of certs added if successful, -1 if not.
*----------------------------------------------------------------------
*/
static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
{
BIO *in = NULL;
int count = 0;
int ret = -1;
STACK_OF(X509_INFO) *sk = NULL;
X509_INFO *xi;
in = BIO_new_file(certfile, "r");
if (in == NULL) {
BIO_printf(bio_err, "error opening the file, %s\n", certfile);
goto end;
}
/* This loads from a file, a stack of x509/crl/pkey sets */
sk = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
if (sk == NULL) {
BIO_printf(bio_err, "error reading the file, %s\n", certfile);
goto end;
}
/* scan over it and pull out the CRL's */
while (sk_X509_INFO_num(sk)) {
xi = sk_X509_INFO_shift(sk);
if (xi->x509 != NULL) {
sk_X509_push(stack, xi->x509);
xi->x509 = NULL;
count++;
}
X509_INFO_free(xi);
}
ret = count;
end:
/* never need to OPENSSL_free x */
BIO_free(in);
sk_X509_INFO_free(sk);
return ret;
}

9
apps/ct_log_list.cnf
View File

@@ -1,9 +0,0 @@
# This file specifies the Certificate Transparency logs
# that are to be trusted.
# Google's list of logs can be found here:
# www.certificate-transparency.org/known-logs
# A Python program to convert the log list to OpenSSL's format can be
# found here:
# https://github.com/google/certificate-transparency/blob/master/python/utilities/log_list/print_log_list.py
# Use the "--openssl_output" flag.

6
apps/demoSRP/srp_verifier.txt
View File

@@ -1,6 +0,0 @@
# This is a file that will be filled by the openssl srp routine.
# You can initialize the file with additional groups, these are
# records starting with a I followed by the g and N values and the id.
# The exact values ... you have to dig this out from the source of srp.c
# or srp_vfy.c
# The last value of an I is used as the default group for new users.

1
apps/demoSRP/srp_verifier.txt.attr
View File

@@ -1 +0,0 @@
unique_subject = yes

596
apps/dgst.c
View File

@@ -1,596 +0,0 @@
/*
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include "apps.h"
#include "progs.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/hmac.h>
#include <ctype.h>
#undef BUFSIZE
#define BUFSIZE 1024*8
int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
EVP_PKEY *key, unsigned char *sigin, int siglen,
const char *sig_name, const char *md_name,
const char *file);
static void show_digests(const OBJ_NAME *name, void *bio_);
struct doall_dgst_digests {
BIO *bio;
int n;
};
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_LIST,
OPT_C, OPT_R, OPT_OUT, OPT_SIGN, OPT_PASSIN, OPT_VERIFY,
OPT_PRVERIFY, OPT_SIGNATURE, OPT_KEYFORM, OPT_ENGINE, OPT_ENGINE_IMPL,
OPT_HEX, OPT_BINARY, OPT_DEBUG, OPT_FIPS_FINGERPRINT,
OPT_HMAC, OPT_MAC, OPT_SIGOPT, OPT_MACOPT,
OPT_DIGEST,
OPT_R_ENUM
} OPTION_CHOICE;
const OPTIONS dgst_options[] = {
{OPT_HELP_STR, 1, '-', "Usage: %s [options] [file...]\n"},
{OPT_HELP_STR, 1, '-',
" file... files to digest (default is stdin)\n"},
{"help", OPT_HELP, '-', "Display this summary"},
{"list", OPT_LIST, '-', "List digests"},
{"c", OPT_C, '-', "Print the digest with separating colons"},
{"r", OPT_R, '-', "Print the digest in coreutils format"},
{"out", OPT_OUT, '>', "Output to filename rather than stdout"},
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"sign", OPT_SIGN, 's', "Sign digest using private key"},
{"verify", OPT_VERIFY, 's',
"Verify a signature using public key"},
{"prverify", OPT_PRVERIFY, 's',
"Verify a signature using private key"},
{"signature", OPT_SIGNATURE, '<', "File with signature to verify"},
{"keyform", OPT_KEYFORM, 'f', "Key file format (PEM or ENGINE)"},
{"hex", OPT_HEX, '-', "Print as hex dump"},
{"binary", OPT_BINARY, '-', "Print in binary form"},
{"d", OPT_DEBUG, '-', "Print debug info"},
{"debug", OPT_DEBUG, '-', "Print debug info"},
{"fips-fingerprint", OPT_FIPS_FINGERPRINT, '-',
"Compute HMAC with the key used in OpenSSL-FIPS fingerprint"},
{"hmac", OPT_HMAC, 's', "Create hashed MAC with key"},
{"mac", OPT_MAC, 's', "Create MAC (not necessarily HMAC)"},
{"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
{"macopt", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form or key"},
{"", OPT_DIGEST, '-', "Any supported digest"},
OPT_R_OPTIONS,
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
{"engine_impl", OPT_ENGINE_IMPL, '-',
"Also use engine given by -engine for digest operations"},
#endif
{NULL}
};
int dgst_main(int argc, char **argv)
{
BIO *in = NULL, *inp, *bmd = NULL, *out = NULL;
ENGINE *e = NULL, *impl = NULL;
EVP_PKEY *sigkey = NULL;
STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL;
char *hmac_key = NULL;
char *mac_name = NULL;
char *passinarg = NULL, *passin = NULL;
const EVP_MD *md = NULL, *m;
const char *outfile = NULL, *keyfile = NULL, *prog = NULL;
const char *sigfile = NULL;
OPTION_CHOICE o;
int separator = 0, debug = 0, keyform = FORMAT_PEM, siglen = 0;
int i, ret = 1, out_bin = -1, want_pub = 0, do_verify = 0;
unsigned char *buf = NULL, *sigbuf = NULL;
int engine_impl = 0;
struct doall_dgst_digests dec;
prog = opt_progname(argv[0]);
buf = app_malloc(BUFSIZE, "I/O buffer");
md = EVP_get_digestbyname(prog);
prog = opt_init(argc, argv, dgst_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(dgst_options);
ret = 0;
goto end;
case OPT_LIST:
BIO_printf(bio_out, "Supported digests:\n");
dec.bio = bio_out;
dec.n = 0;
OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_MD_METH,
show_digests, &dec);
BIO_printf(bio_out, "\n");
ret = 0;
goto end;
case OPT_C:
separator = 1;
break;
case OPT_R:
separator = 2;
break;
case OPT_R_CASES:
if (!opt_rand(o))
goto end;
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_SIGN:
keyfile = opt_arg();
break;
case OPT_PASSIN:
passinarg = opt_arg();
break;
case OPT_VERIFY:
keyfile = opt_arg();
want_pub = do_verify = 1;
break;
case OPT_PRVERIFY:
keyfile = opt_arg();
do_verify = 1;
break;
case OPT_SIGNATURE:
sigfile = opt_arg();
break;
case OPT_KEYFORM:
if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyform))
goto opthelp;
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_ENGINE_IMPL:
engine_impl = 1;
break;
case OPT_HEX:
out_bin = 0;
break;
case OPT_BINARY:
out_bin = 1;
break;
case OPT_DEBUG:
debug = 1;
break;
case OPT_FIPS_FINGERPRINT:
hmac_key = "etaonrishdlcupfm";
break;
case OPT_HMAC:
hmac_key = opt_arg();
break;
case OPT_MAC:
mac_name = opt_arg();
break;
case OPT_SIGOPT:
if (!sigopts)
sigopts = sk_OPENSSL_STRING_new_null();
if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, opt_arg()))
goto opthelp;
break;
case OPT_MACOPT:
if (!macopts)
macopts = sk_OPENSSL_STRING_new_null();
if (!macopts || !sk_OPENSSL_STRING_push(macopts, opt_arg()))
goto opthelp;
break;
case OPT_DIGEST:
if (!opt_md(opt_unknown(), &m))
goto opthelp;
md = m;
break;
}
}
argc = opt_num_rest();
argv = opt_rest();
if (keyfile != NULL && argc > 1) {
BIO_printf(bio_err, "%s: Can only sign or verify one file.\n", prog);
goto end;
}
if (do_verify && sigfile == NULL) {
BIO_printf(bio_err,
"No signature to verify: use the -signature option\n");
goto end;
}
if (engine_impl)
impl = e;
in = BIO_new(BIO_s_file());
bmd = BIO_new(BIO_f_md());
if ((in == NULL) || (bmd == NULL)) {
ERR_print_errors(bio_err);
goto end;
}
if (debug) {
BIO_set_callback(in, BIO_debug_callback);
/* needed for windows 3.1 */
BIO_set_callback_arg(in, (char *)bio_err);
}
if (!app_passwd(passinarg, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
if (out_bin == -1) {
if (keyfile != NULL)
out_bin = 1;
else
out_bin = 0;
}
out = bio_open_default(outfile, 'w', out_bin ? FORMAT_BINARY : FORMAT_TEXT);
if (out == NULL)
goto end;
if ((!(mac_name == NULL) + !(keyfile == NULL) + !(hmac_key == NULL)) > 1) {
BIO_printf(bio_err, "MAC and Signing key cannot both be specified\n");
goto end;
}
if (keyfile != NULL) {
int type;
if (want_pub)
sigkey = load_pubkey(keyfile, keyform, 0, NULL, e, "key file");
else
sigkey = load_key(keyfile, keyform, 0, passin, e, "key file");
if (sigkey == NULL) {
/*
* load_[pub]key() has already printed an appropriate message
*/
goto end;
}
type = EVP_PKEY_id(sigkey);
if (type == EVP_PKEY_ED25519 || type == EVP_PKEY_ED448) {
/*
* We implement PureEdDSA for these which doesn't have a separate
* digest, and only supports one shot.
*/
BIO_printf(bio_err, "Key type not supported for this operation\n");
goto end;
}
}
if (mac_name != NULL) {
EVP_PKEY_CTX *mac_ctx = NULL;
int r = 0;
if (!init_gen_str(&mac_ctx, mac_name, impl, 0))
goto mac_end;
if (macopts != NULL) {
char *macopt;
for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++) {
macopt = sk_OPENSSL_STRING_value(macopts, i);
if (pkey_ctrl_string(mac_ctx, macopt) <= 0) {
BIO_printf(bio_err,
"MAC parameter error \"%s\"\n", macopt);
ERR_print_errors(bio_err);
goto mac_end;
}
}
}
if (EVP_PKEY_keygen(mac_ctx, &sigkey) <= 0) {
BIO_puts(bio_err, "Error generating key\n");
ERR_print_errors(bio_err);
goto mac_end;
}
r = 1;
mac_end:
EVP_PKEY_CTX_free(mac_ctx);
if (r == 0)
goto end;
}
if (hmac_key != NULL) {
sigkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, impl,
(unsigned char *)hmac_key, -1);
if (sigkey == NULL)
goto end;
}
if (sigkey != NULL) {
EVP_MD_CTX *mctx = NULL;
EVP_PKEY_CTX *pctx = NULL;
int r;
if (!BIO_get_md_ctx(bmd, &mctx)) {
BIO_printf(bio_err, "Error getting context\n");
ERR_print_errors(bio_err);
goto end;
}
if (do_verify)
r = EVP_DigestVerifyInit(mctx, &pctx, md, impl, sigkey);
else
r = EVP_DigestSignInit(mctx, &pctx, md, impl, sigkey);
if (!r) {
BIO_printf(bio_err, "Error setting context\n");
ERR_print_errors(bio_err);
goto end;
}
if (sigopts != NULL) {
char *sigopt;
for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) {
sigopt = sk_OPENSSL_STRING_value(sigopts, i);
if (pkey_ctrl_string(pctx, sigopt) <= 0) {
BIO_printf(bio_err, "parameter error \"%s\"\n", sigopt);
ERR_print_errors(bio_err);
goto end;
}
}
}
}
/* we use md as a filter, reading from 'in' */
else {
EVP_MD_CTX *mctx = NULL;
if (!BIO_get_md_ctx(bmd, &mctx)) {
BIO_printf(bio_err, "Error getting context\n");
ERR_print_errors(bio_err);
goto end;
}
if (md == NULL)
md = EVP_sha256();
if (!EVP_DigestInit_ex(mctx, md, impl)) {
BIO_printf(bio_err, "Error setting digest\n");
ERR_print_errors(bio_err);
goto end;
}
}
if (sigfile != NULL && sigkey != NULL) {
BIO *sigbio = BIO_new_file(sigfile, "rb");
if (sigbio == NULL) {
BIO_printf(bio_err, "Error opening signature file %s\n", sigfile);
ERR_print_errors(bio_err);
goto end;
}
siglen = EVP_PKEY_size(sigkey);
sigbuf = app_malloc(siglen, "signature buffer");
siglen = BIO_read(sigbio, sigbuf, siglen);
BIO_free(sigbio);
if (siglen <= 0) {
BIO_printf(bio_err, "Error reading signature file %s\n", sigfile);
ERR_print_errors(bio_err);
goto end;
}
}
inp = BIO_push(bmd, in);
if (md == NULL) {
EVP_MD_CTX *tctx;
BIO_get_md_ctx(bmd, &tctx);
md = EVP_MD_CTX_md(tctx);
}
if (argc == 0) {
BIO_set_fp(in, stdin, BIO_NOCLOSE);
ret = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf,
siglen, NULL, NULL, "stdin");
} else {
const char *md_name = NULL, *sig_name = NULL;
if (!out_bin) {
if (sigkey != NULL) {
const EVP_PKEY_ASN1_METHOD *ameth;
ameth = EVP_PKEY_get0_asn1(sigkey);
if (ameth)
EVP_PKEY_asn1_get0_info(NULL, NULL,
NULL, NULL, &sig_name, ameth);
}
if (md != NULL)
md_name = EVP_MD_name(md);
}
ret = 0;
for (i = 0; i < argc; i++) {
int r;
if (BIO_read_filename(in, argv[i]) <= 0) {
perror(argv[i]);
ret++;
continue;
} else {
r = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf,
siglen, sig_name, md_name, argv[i]);
}
if (r)
ret = r;
(void)BIO_reset(bmd);
}
}
end:
OPENSSL_clear_free(buf, BUFSIZE);
BIO_free(in);
OPENSSL_free(passin);
BIO_free_all(out);
EVP_PKEY_free(sigkey);
sk_OPENSSL_STRING_free(sigopts);
sk_OPENSSL_STRING_free(macopts);
OPENSSL_free(sigbuf);
BIO_free(bmd);
release_engine(e);
return ret;
}
static void show_digests(const OBJ_NAME *name, void *arg)
{
struct doall_dgst_digests *dec = (struct doall_dgst_digests *)arg;
const EVP_MD *md = NULL;
/* Filter out signed digests (a.k.a signature algorithms) */
if (strstr(name->name, "rsa") != NULL || strstr(name->name, "RSA") != NULL)
return;
if (!islower((unsigned char)*name->name))
return;
/* Filter out message digests that we cannot use */
md = EVP_get_digestbyname(name->name);
if (md == NULL)
return;
BIO_printf(dec->bio, "-%-25s", name->name);
if (++dec->n == 3) {
BIO_printf(dec->bio, "\n");
dec->n = 0;
} else {
BIO_printf(dec->bio, " ");
}
}
/*
* The newline_escape_filename function performs newline escaping for any
* filename that contains a newline. This function also takes a pointer
* to backslash. The backslash pointer is a flag to indicating whether a newline
* is present in the filename. If a newline is present, the backslash flag is
* set and the output format will contain a backslash at the beginning of the
* digest output. This output format is to replicate the output format found
* in the '*sum' checksum programs. This aims to preserve backward
* compatibility.
*/
static const char *newline_escape_filename(const char *file, int * backslash)
{
size_t i, e = 0, length = strlen(file), newline_count = 0, mem_len = 0;
char *file_cpy = NULL;
for (i = 0; i < length; i++)
if (file[i] == '\n')
newline_count++;
mem_len = length + newline_count + 1;
file_cpy = app_malloc(mem_len, file);
i = 0;
while(e < length) {
const char c = file[e];
if (c == '\n') {
file_cpy[i++] = '\\';
file_cpy[i++] = 'n';
*backslash = 1;
} else {
file_cpy[i++] = c;
}
e++;
}
file_cpy[i] = '\0';
return (const char*)file_cpy;
}
int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
EVP_PKEY *key, unsigned char *sigin, int siglen,
const char *sig_name, const char *md_name,
const char *file)
{
size_t len = BUFSIZE;
int i, backslash = 0, ret = 1;
unsigned char *sigbuf = NULL;
while (BIO_pending(bp) || !BIO_eof(bp)) {
i = BIO_read(bp, (char *)buf, BUFSIZE);
if (i < 0) {
BIO_printf(bio_err, "Read Error in %s\n", file);
ERR_print_errors(bio_err);
goto end;
}
if (i == 0)
break;
}
if (sigin != NULL) {
EVP_MD_CTX *ctx;
BIO_get_md_ctx(bp, &ctx);
i = EVP_DigestVerifyFinal(ctx, sigin, (unsigned int)siglen);
if (i > 0) {
BIO_printf(out, "Verified OK\n");
} else if (i == 0) {
BIO_printf(out, "Verification Failure\n");
goto end;
} else {
BIO_printf(bio_err, "Error Verifying Data\n");
ERR_print_errors(bio_err);
goto end;
}
ret = 0;
goto end;
}
if (key != NULL) {
EVP_MD_CTX *ctx;
int pkey_len;
BIO_get_md_ctx(bp, &ctx);
pkey_len = EVP_PKEY_size(key);
if (pkey_len > BUFSIZE) {
len = pkey_len;
sigbuf = app_malloc(len, "Signature buffer");
buf = sigbuf;
}
if (!EVP_DigestSignFinal(ctx, buf, &len)) {
BIO_printf(bio_err, "Error Signing Data\n");
ERR_print_errors(bio_err);
goto end;
}
} else {
len = BIO_gets(bp, (char *)buf, BUFSIZE);
if ((int)len < 0) {
ERR_print_errors(bio_err);
goto end;
}
}
if (binout) {
BIO_write(out, buf, len);
} else if (sep == 2) {
file = newline_escape_filename(file, &backslash);
if (backslash == 1)
BIO_puts(out, "\\");
for (i = 0; i < (int)len; i++)
BIO_printf(out, "%02x", buf[i]);
BIO_printf(out, " *%s\n", file);
OPENSSL_free((char *)file);
} else {
if (sig_name != NULL) {
BIO_puts(out, sig_name);
if (md_name != NULL)
BIO_printf(out, "-%s", md_name);
BIO_printf(out, "(%s)= ", file);
} else if (md_name != NULL) {
BIO_printf(out, "%s(%s)= ", md_name, file);
} else {
BIO_printf(out, "(%s)= ", file);
}
for (i = 0; i < (int)len; i++) {
if (sep && (i != 0))
BIO_printf(out, ":");
BIO_printf(out, "%02x", buf[i]);
}
BIO_printf(out, "\n");
}
ret = 0;
end:
if (sigbuf != NULL)
OPENSSL_clear_free(sigbuf, len);
return ret;
}

10
apps/dh1024.pem
View File

@@ -1,10 +0,0 @@
-----BEGIN DH PARAMETERS-----
MIGHAoGBAP//////////yQ/aoiFowjTExmKLgNwc0SkCTgiKZ8x0Agu+pjsTmyJR
Sgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL
/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AgEC
-----END DH PARAMETERS-----
These are the 1024-bit DH parameters from "Internet Key Exchange
Protocol Version 2 (IKEv2)": https://tools.ietf.org/html/rfc5996
See https://tools.ietf.org/html/rfc2412 for how they were generated.

14
apps/dh2048.pem
View File

@@ -1,14 +0,0 @@
-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb
IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft
awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT
mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh
fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq
5RXSJhiY+gUQFXKOWoqsqmj//////////wIBAg==
-----END DH PARAMETERS-----
These are the 2048-bit DH parameters from "More Modular Exponential
(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)":
https://tools.ietf.org/html/rfc3526
See https://tools.ietf.org/html/rfc2412 for how they were generated.

19
apps/dh4096.pem
View File

@@ -1,19 +0,0 @@
-----BEGIN DH PARAMETERS-----
MIICCAKCAgEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb
IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft
awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT
mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh
fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq
5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM
fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq
ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqSEI
ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTOjbu8LbBN6O
+S6O/BQfvsqmKHxZR05rwF2ZspZPoJDDoiM7oYZRW+ftH2EpcM7i16+4G912IXBI
HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0BjGZ//////////8CAQI=
-----END DH PARAMETERS-----
These are the 4096-bit DH parameters from "More Modular Exponential
(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)":
https://tools.ietf.org/html/rfc3526
See https://tools.ietf.org/html/rfc2412 for how they were generated.

374
apps/dhparam.c
View File

@@ -1,374 +0,0 @@
/*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/opensslconf.h>
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
#include <string.h>
#include "apps.h"
#include "progs.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/bn.h>
#include <openssl/dh.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#ifndef OPENSSL_NO_DSA
# include <openssl/dsa.h>
#endif
#define DEFBITS 2048
static int dh_cb(int p, int n, BN_GENCB *cb);
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT,
OPT_ENGINE, OPT_CHECK, OPT_TEXT, OPT_NOOUT,
OPT_DSAPARAM, OPT_C, OPT_2, OPT_5,
OPT_R_ENUM
} OPTION_CHOICE;
const OPTIONS dhparam_options[] = {
{OPT_HELP_STR, 1, '-', "Usage: %s [flags] [numbits]\n"},
{OPT_HELP_STR, 1, '-', "Valid options are:\n"},
{"help", OPT_HELP, '-', "Display this summary"},
{"in", OPT_IN, '<', "Input file"},
{"inform", OPT_INFORM, 'F', "Input format, DER or PEM"},
{"outform", OPT_OUTFORM, 'F', "Output format, DER or PEM"},
{"out", OPT_OUT, '>', "Output file"},
{"check", OPT_CHECK, '-', "Check the DH parameters"},
{"text", OPT_TEXT, '-', "Print a text form of the DH parameters"},
{"noout", OPT_NOOUT, '-', "Don't output any DH parameters"},
OPT_R_OPTIONS,
{"C", OPT_C, '-', "Print C code"},
{"2", OPT_2, '-', "Generate parameters using 2 as the generator value"},
{"5", OPT_5, '-', "Generate parameters using 5 as the generator value"},
#ifndef OPENSSL_NO_DSA
{"dsaparam", OPT_DSAPARAM, '-',
"Read or generate DSA parameters, convert to DH"},
#endif
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
#endif
{NULL}
};
int dhparam_main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL;
DH *dh = NULL;
char *infile = NULL, *outfile = NULL, *prog;
ENGINE *e = NULL;
#ifndef OPENSSL_NO_DSA
int dsaparam = 0;
#endif
int i, text = 0, C = 0, ret = 1, num = 0, g = 0;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, check = 0, noout = 0;
OPTION_CHOICE o;
prog = opt_init(argc, argv, dhparam_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(dhparam_options);
ret = 0;
goto end;
case OPT_INFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
goto opthelp;
break;
case OPT_OUTFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
goto opthelp;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_CHECK:
check = 1;
break;
case OPT_TEXT:
text = 1;
break;
case OPT_DSAPARAM:
#ifndef OPENSSL_NO_DSA
dsaparam = 1;
#endif
break;
case OPT_C:
C = 1;
break;
case OPT_2:
g = 2;
break;
case OPT_5:
g = 5;
break;
case OPT_NOOUT:
noout = 1;
break;
case OPT_R_CASES:
if (!opt_rand(o))
goto end;
break;
}
}
argc = opt_num_rest();
argv = opt_rest();
if (argv[0] != NULL && (!opt_int(argv[0], &num) || num <= 0))
goto end;
if (g && !num)
num = DEFBITS;
#ifndef OPENSSL_NO_DSA
if (dsaparam && g) {
BIO_printf(bio_err,
"generator may not be chosen for DSA parameters\n");
goto end;
}
#endif
out = bio_open_default(outfile, 'w', outformat);
if (out == NULL)
goto end;
/* DH parameters */
if (num && !g)
g = 2;
if (num) {
BN_GENCB *cb;
cb = BN_GENCB_new();
if (cb == NULL) {
ERR_print_errors(bio_err);
goto end;
}
BN_GENCB_set(cb, dh_cb, bio_err);
#ifndef OPENSSL_NO_DSA
if (dsaparam) {
DSA *dsa = DSA_new();
BIO_printf(bio_err,
"Generating DSA parameters, %d bit long prime\n", num);
if (dsa == NULL
|| !DSA_generate_parameters_ex(dsa, num, NULL, 0, NULL, NULL,
cb)) {
DSA_free(dsa);
BN_GENCB_free(cb);
ERR_print_errors(bio_err);
goto end;
}
dh = DSA_dup_DH(dsa);
DSA_free(dsa);
if (dh == NULL) {
BN_GENCB_free(cb);
ERR_print_errors(bio_err);
goto end;
}
} else
#endif
{
dh = DH_new();
BIO_printf(bio_err,
"Generating DH parameters, %d bit long safe prime, generator %d\n",
num, g);
BIO_printf(bio_err, "This is going to take a long time\n");
if (dh == NULL || !DH_generate_parameters_ex(dh, num, g, cb)) {
BN_GENCB_free(cb);
ERR_print_errors(bio_err);
goto end;
}
}
BN_GENCB_free(cb);
} else {
in = bio_open_default(infile, 'r', informat);
if (in == NULL)
goto end;
#ifndef OPENSSL_NO_DSA
if (dsaparam) {
DSA *dsa;
if (informat == FORMAT_ASN1)
dsa = d2i_DSAparams_bio(in, NULL);
else /* informat == FORMAT_PEM */
dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL);
if (dsa == NULL) {
BIO_printf(bio_err, "unable to load DSA parameters\n");
ERR_print_errors(bio_err);
goto end;
}
dh = DSA_dup_DH(dsa);
DSA_free(dsa);
if (dh == NULL) {
ERR_print_errors(bio_err);
goto end;
}
} else
#endif
{
if (informat == FORMAT_ASN1) {
/*
* We have no PEM header to determine what type of DH params it
* is. We'll just try both.
*/
dh = d2i_DHparams_bio(in, NULL);
/* BIO_reset() returns 0 for success for file BIOs only!!! */
if (dh == NULL && BIO_reset(in) == 0)
dh = d2i_DHxparams_bio(in, NULL);
} else {
/* informat == FORMAT_PEM */
dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
}
if (dh == NULL) {
BIO_printf(bio_err, "unable to load DH parameters\n");
ERR_print_errors(bio_err);
goto end;
}
}
/* dh != NULL */
}
if (text) {
DHparams_print(out, dh);
}
if (check) {
if (!DH_check(dh, &i)) {
ERR_print_errors(bio_err);
goto end;
}
if (i & DH_CHECK_P_NOT_PRIME)
BIO_printf(bio_err, "WARNING: p value is not prime\n");
if (i & DH_CHECK_P_NOT_SAFE_PRIME)
BIO_printf(bio_err, "WARNING: p value is not a safe prime\n");
if (i & DH_CHECK_Q_NOT_PRIME)
BIO_printf(bio_err, "WARNING: q value is not a prime\n");
if (i & DH_CHECK_INVALID_Q_VALUE)
BIO_printf(bio_err, "WARNING: q value is invalid\n");
if (i & DH_CHECK_INVALID_J_VALUE)
BIO_printf(bio_err, "WARNING: j value is invalid\n");
if (i & DH_UNABLE_TO_CHECK_GENERATOR)
BIO_printf(bio_err,
"WARNING: unable to check the generator value\n");
if (i & DH_NOT_SUITABLE_GENERATOR)
BIO_printf(bio_err, "WARNING: the g value is not a generator\n");
if (i == 0)
BIO_printf(bio_err, "DH parameters appear to be ok.\n");
if (num != 0 && i != 0) {
/*
* We have generated parameters but DH_check() indicates they are
* invalid! This should never happen!
*/
BIO_printf(bio_err, "ERROR: Invalid parameters generated\n");
goto end;
}
}
if (C) {
unsigned char *data;
int len, bits;
const BIGNUM *pbn, *gbn;
len = DH_size(dh);
bits = DH_bits(dh);
DH_get0_pqg(dh, &pbn, NULL, &gbn);
data = app_malloc(len, "print a BN");
BIO_printf(out, "static DH *get_dh%d(void)\n{\n", bits);
print_bignum_var(out, pbn, "dhp", bits, data);
print_bignum_var(out, gbn, "dhg", bits, data);
BIO_printf(out, " DH *dh = DH_new();\n"
" BIGNUM *p, *g;\n"
"\n"
" if (dh == NULL)\n"
" return NULL;\n");
BIO_printf(out, " p = BN_bin2bn(dhp_%d, sizeof(dhp_%d), NULL);\n",
bits, bits);
BIO_printf(out, " g = BN_bin2bn(dhg_%d, sizeof(dhg_%d), NULL);\n",
bits, bits);
BIO_printf(out, " if (p == NULL || g == NULL\n"
" || !DH_set0_pqg(dh, p, NULL, g)) {\n"
" DH_free(dh);\n"
" BN_free(p);\n"
" BN_free(g);\n"
" return NULL;\n"
" }\n");
if (DH_get_length(dh) > 0)
BIO_printf(out,
" if (!DH_set_length(dh, %ld)) {\n"
" DH_free(dh);\n"
" return NULL;\n"
" }\n", DH_get_length(dh));
BIO_printf(out, " return dh;\n}\n");
OPENSSL_free(data);
}
if (!noout) {
const BIGNUM *q;
DH_get0_pqg(dh, NULL, &q, NULL);
if (outformat == FORMAT_ASN1) {
if (q != NULL)
i = i2d_DHxparams_bio(out, dh);
else
i = i2d_DHparams_bio(out, dh);
} else if (q != NULL) {
i = PEM_write_bio_DHxparams(out, dh);
} else {
i = PEM_write_bio_DHparams(out, dh);
}
if (!i) {
BIO_printf(bio_err, "unable to write DH parameters\n");
ERR_print_errors(bio_err);
goto end;
}
}
ret = 0;
end:
BIO_free(in);
BIO_free_all(out);
DH_free(dh);
release_engine(e);
return ret;
}
static int dh_cb(int p, int n, BN_GENCB *cb)
{
static const char symbols[] = ".+*\n";
char c = (p >= 0 && (size_t)p < sizeof(symbols) - 1) ? symbols[p] : '?';
BIO_write(BN_GENCB_get_arg(cb), &c, 1);
(void)BIO_flush(BN_GENCB_get_arg(cb));
return 1;
}

47
apps/dsa-ca.pem
View File

@@ -1,47 +0,0 @@
-----BEGIN DSA PRIVATE KEY-----
MIIBugIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ
PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel
u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH
Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso
hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu
SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y
Mu0OArgCgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuHvSLw9YUrJahcBHmbpvt4
94lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUqAylOVFJJJXuirVJ+o+0T
tOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u3enxhqnDGQIUB78dhW77
J6zsFbSEHaQGUmfSeoM=
-----END DSA PRIVATE KEY-----
-----BEGIN CERTIFICATE REQUEST-----
MIICVjCCAhMCAQAwUjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDELMAkGA1UEAwwCQ0Ew
ggG2MIIBKwYHKoZIzjgEATCCAR4CgYEApz9uhb9Bail98J9HGTCQmgkd2mozHsU9
hpazFeBTLo/gWYJzkD51MZlHelL7heTZpns4m2iKhJuHxh61foZLU1tZz3FlGYhu
zmaua4g2++wo3MLXpbvlLDkmS9qacBiVN5UQViP2Fe26BF7eOU/9t0MftaRlb82A
EeRwlVtQzUkCFQD3BzHt+mwGA9WFihysnGXnUGZlbwKBgE3fTAOmkYr1GW9QRiWZ
5WhvMONp4eWzXZi7KIZI/N6ZBD9fiAyccyQNIF25Kpo/GJYn5GKHwXt0YlP8YSeo
epEJnbbxTZxUD1gG7kl0B85VfiPOFvbK3FphAX7JcbVN9tw0KYdo9l4gk7Pb9eQJ
bEEXlZLrAbVzpWp+2DLtDgK4A4GEAAKBgBqmWXqKrP1etkWWTYYJVwH4qKHFacfs
i4e9IvD1hSslqFwEeZum+3j3iUXiALnDdY8z69cmh9u6yTgahAQSxA0wNpqHibj2
5SoDKU5UUkkle6KtUn6j7RO04UMhMQCX5hllquJc4Pu105I6X1Esw8Lr51ocpL17
ry7d6fGGqcMZoAAwCwYJYIZIAWUDBAMCAzAAMC0CFCp7rUwGJNtxK6Aqo6k6US+S
KP8sAhUAyfSi8Zs3QAvkJoFG0IMRaq8M03I=
-----END CERTIFICATE REQUEST-----
-----BEGIN CERTIFICATE-----
MIIDMDCCAuygAwIBAgIBAjALBglghkgBZQMEAwIwUzELMAkGA1UEBhMCQVUxEzAR
BgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5
IEx0ZDEMMAoGA1UEAwwDUENBMCAXDTE2MDExMzIxNDE0OVoYDzMwMTUwNTE2MjE0
MTQ5WjBSMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UE
CgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQswCQYDVQQDDAJDQTCCAbYwggEr
BgcqhkjOOAQBMIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMu
j+BZgnOQPnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb7
7Cjcwtelu+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DN
SQIVAPcHMe36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh
5bNdmLsohkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFN
nFQPWAbuSXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusB
tXOlan7YMu0OArgDgYQAAoGAGqZZeoqs/V62RZZNhglXAfioocVpx+yLh70i8PWF
KyWoXAR5m6b7ePeJReIAucN1jzPr1yaH27rJOBqEBBLEDTA2moeJuPblKgMpTlRS
SSV7oq1SfqPtE7ThQyExAJfmGWWq4lzg+7XTkjpfUSzDwuvnWhykvXuvLt3p8Yap
wxmjUDBOMB0GA1UdDgQWBBTMZcORcBEVlqO/CD4pf4V6N1NM1zAfBgNVHSMEGDAW
gBTGjwJ33uvjSa20RNrMKWoGptOLdDAMBgNVHRMEBTADAQH/MAsGCWCGSAFlAwQD
AgMxADAuAhUA4V6MrHufG8R79E+AtVO02olPxK8CFQDkZyo/TWpavsUBRDJbCeD9
jgjIkA==
-----END CERTIFICATE-----

47
apps/dsa-pca.pem
View File

@@ -1,47 +0,0 @@
-----BEGIN DSA PRIVATE KEY-----
MIIBvAIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ
PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel
u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH
Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso
hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu
SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y
Mu0OArgCgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk
umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A
29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUCFQDNvrBz
6TicfImU7UFRn9h00j0lJQ==
-----END DSA PRIVATE KEY-----
-----BEGIN CERTIFICATE REQUEST-----
MIICWDCCAhUCAQAwUzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAwwDUENB
MIIBtzCCASsGByqGSM44BAEwggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7F
PYaWsxXgUy6P4FmCc5A+dTGZR3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmI
bs5mrmuINvvsKNzC16W75Sw5JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/N
gBHkcJVbUM1JAhUA9wcx7fpsBgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYl
meVobzDjaeHls12YuyiGSPzemQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEn
qHqRCZ228U2cVA9YBu5JdAfOVX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/Xk
CWxBF5WS6wG1c6Vqftgy7Q4CuAOBhQACgYEApu25HkB1b4gKMIV7aLGNSIknMzYg
rB7o1kQxeDf34dDVRM9OZ8tkumz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQ
lNnKvbtlmMDULpqkZJD0bO7A29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgT
mvTPT2j9TPjq7RWgADALBglghkgBZQMEAwIDMAAwLQIVAPA6/jxCT1D2HgzE4iZR
AEup/C7YAhRPLTQvQnAiS5FRrA+8SwBLvDAsaw==
-----END CERTIFICATE REQUEST-----
-----BEGIN CERTIFICATE-----
MIIDMDCCAu6gAwIBAgIBATALBglghkgBZQMEAwIwUzELMAkGA1UEBhMCQVUxEzAR
BgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5
IEx0ZDEMMAoGA1UEAwwDUENBMCAXDTE2MDExMzIxNDE0OVoYDzMwMTUwNTE2MjE0
MTQ5WjBTMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UE
CgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQwwCgYDVQQDDANQQ0EwggG3MIIB
KwYHKoZIzjgEATCCAR4CgYEApz9uhb9Bail98J9HGTCQmgkd2mozHsU9hpazFeBT
Lo/gWYJzkD51MZlHelL7heTZpns4m2iKhJuHxh61foZLU1tZz3FlGYhuzmaua4g2
++wo3MLXpbvlLDkmS9qacBiVN5UQViP2Fe26BF7eOU/9t0MftaRlb82AEeRwlVtQ
zUkCFQD3BzHt+mwGA9WFihysnGXnUGZlbwKBgE3fTAOmkYr1GW9QRiWZ5WhvMONp
4eWzXZi7KIZI/N6ZBD9fiAyccyQNIF25Kpo/GJYn5GKHwXt0YlP8YSeoepEJnbbx
TZxUD1gG7kl0B85VfiPOFvbK3FphAX7JcbVN9tw0KYdo9l4gk7Pb9eQJbEEXlZLr
AbVzpWp+2DLtDgK4A4GFAAKBgQCm7bkeQHVviAowhXtosY1IiSczNiCsHujWRDF4
N/fh0NVEz05ny2S6bPq2X6JRw17kSjF2xhXUhdJ12M6LTws4uxmrsBCU2cq9u2WY
wNQumqRkkPRs7sDb2eKwl8rLVRGoAEvDkOB9w+HVkte2YN9SAm+aOBOa9M9PaP1M
+OrtFaNQME4wHQYDVR0OBBYEFMaPAnfe6+NJrbRE2swpagam04t0MB8GA1UdIwQY
MBaAFMaPAnfe6+NJrbRE2swpagam04t0MAwGA1UdEwQFMAMBAf8wCwYJYIZIAWUD
BAMCAy8AMCwCFFhdz4fzQo9BBF20U1CHldYTi/D7AhQydDnDMj21y+U1UhDZJrvh
lnt88g==
-----END CERTIFICATE-----

260
apps/dsa.c
View File

@@ -1,260 +0,0 @@
/*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/opensslconf.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include "apps.h"
#include "progs.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/dsa.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/bn.h>
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_ENGINE,
/* Do not change the order here; see case statements below */
OPT_PVK_NONE, OPT_PVK_WEAK, OPT_PVK_STRONG,
OPT_NOOUT, OPT_TEXT, OPT_MODULUS, OPT_PUBIN,
OPT_PUBOUT, OPT_CIPHER, OPT_PASSIN, OPT_PASSOUT
} OPTION_CHOICE;
const OPTIONS dsa_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"inform", OPT_INFORM, 'f', "Input format, DER PEM PVK"},
{"outform", OPT_OUTFORM, 'f', "Output format, DER PEM PVK"},
{"in", OPT_IN, 's', "Input key"},
{"out", OPT_OUT, '>', "Output file"},
{"noout", OPT_NOOUT, '-', "Don't print key out"},
{"text", OPT_TEXT, '-', "Print the key in text"},
{"modulus", OPT_MODULUS, '-', "Print the DSA public value"},
{"pubin", OPT_PUBIN, '-', "Expect a public key in input file"},
{"pubout", OPT_PUBOUT, '-', "Output public key, not private"},
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
{"", OPT_CIPHER, '-', "Any supported cipher"},
#ifndef OPENSSL_NO_RC4
{"pvk-strong", OPT_PVK_STRONG, '-', "Enable 'Strong' PVK encoding level (default)"},
{"pvk-weak", OPT_PVK_WEAK, '-', "Enable 'Weak' PVK encoding level"},
{"pvk-none", OPT_PVK_NONE, '-', "Don't enforce PVK encoding"},
#endif
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
#endif
{NULL}
};
int dsa_main(int argc, char **argv)
{
BIO *out = NULL;
DSA *dsa = NULL;
ENGINE *e = NULL;
const EVP_CIPHER *enc = NULL;
char *infile = NULL, *outfile = NULL, *prog;
char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
OPTION_CHOICE o;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0;
int i, modulus = 0, pubin = 0, pubout = 0, ret = 1;
#ifndef OPENSSL_NO_RC4
int pvk_encr = 2;
#endif
int private = 0;
prog = opt_init(argc, argv, dsa_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
ret = 0;
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(dsa_options);
ret = 0;
goto end;
case OPT_INFORM:
if (!opt_format(opt_arg(), OPT_FMT_ANY, &informat))
goto opthelp;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUTFORM:
if (!opt_format(opt_arg(), OPT_FMT_ANY, &outformat))
goto opthelp;
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_PASSIN:
passinarg = opt_arg();
break;
case OPT_PASSOUT:
passoutarg = opt_arg();
break;
case OPT_PVK_STRONG: /* pvk_encr:= 2 */
case OPT_PVK_WEAK: /* pvk_encr:= 1 */
case OPT_PVK_NONE: /* pvk_encr:= 0 */
#ifndef OPENSSL_NO_RC4
pvk_encr = (o - OPT_PVK_NONE);
#endif
break;
case OPT_NOOUT:
noout = 1;
break;
case OPT_TEXT:
text = 1;
break;
case OPT_MODULUS:
modulus = 1;
break;
case OPT_PUBIN:
pubin = 1;
break;
case OPT_PUBOUT:
pubout = 1;
break;
case OPT_CIPHER:
if (!opt_cipher(opt_unknown(), &enc))
goto end;
break;
}
}
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
private = pubin || pubout ? 0 : 1;
if (text && !pubin)
private = 1;
if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
}
BIO_printf(bio_err, "read DSA key\n");
{
EVP_PKEY *pkey;
if (pubin)
pkey = load_pubkey(infile, informat, 1, passin, e, "Public Key");
else
pkey = load_key(infile, informat, 1, passin, e, "Private Key");
if (pkey != NULL) {
dsa = EVP_PKEY_get1_DSA(pkey);
EVP_PKEY_free(pkey);
}
}
if (dsa == NULL) {
BIO_printf(bio_err, "unable to load Key\n");
ERR_print_errors(bio_err);
goto end;
}
out = bio_open_owner(outfile, outformat, private);
if (out == NULL)
goto end;
if (text) {
assert(pubin || private);
if (!DSA_print(out, dsa, 0)) {
perror(outfile);
ERR_print_errors(bio_err);
goto end;
}
}
if (modulus) {
const BIGNUM *pub_key = NULL;
DSA_get0_key(dsa, &pub_key, NULL);
BIO_printf(out, "Public Key=");
BN_print(out, pub_key);
BIO_printf(out, "\n");
}
if (noout) {
ret = 0;
goto end;
}
BIO_printf(bio_err, "writing DSA key\n");
if (outformat == FORMAT_ASN1) {
if (pubin || pubout) {
i = i2d_DSA_PUBKEY_bio(out, dsa);
} else {
assert(private);
i = i2d_DSAPrivateKey_bio(out, dsa);
}
} else if (outformat == FORMAT_PEM) {
if (pubin || pubout) {
i = PEM_write_bio_DSA_PUBKEY(out, dsa);
} else {
assert(private);
i = PEM_write_bio_DSAPrivateKey(out, dsa, enc,
NULL, 0, NULL, passout);
}
#ifndef OPENSSL_NO_RSA
} else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
EVP_PKEY *pk;
pk = EVP_PKEY_new();
if (pk == NULL)
goto end;
EVP_PKEY_set1_DSA(pk, dsa);
if (outformat == FORMAT_PVK) {
if (pubin) {
BIO_printf(bio_err, "PVK form impossible with public key input\n");
EVP_PKEY_free(pk);
goto end;
}
assert(private);
# ifdef OPENSSL_NO_RC4
BIO_printf(bio_err, "PVK format not supported\n");
EVP_PKEY_free(pk);
goto end;
# else
i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout);
# endif
} else if (pubin || pubout) {
i = i2b_PublicKey_bio(out, pk);
} else {
assert(private);
i = i2b_PrivateKey_bio(out, pk);
}
EVP_PKEY_free(pk);
#endif
} else {
BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end;
}
if (i <= 0) {
BIO_printf(bio_err, "unable to write private key\n");
ERR_print_errors(bio_err);
goto end;
}
ret = 0;
end:
BIO_free_all(out);
DSA_free(dsa);
release_engine(e);
OPENSSL_free(passin);
OPENSSL_free(passout);
return ret;
}

9
apps/dsa1024.pem
View File

@@ -1,9 +0,0 @@
-----BEGIN DSA PARAMETERS-----
MIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQPnUx
mUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtelu+Us
OSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcHMe36
bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLsohkj8
3pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbuSXQH
zlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7YMu0O
Arg=
-----END DSA PARAMETERS-----

6
apps/dsa512.pem
View File

@@ -1,6 +0,0 @@
-----BEGIN DSA PARAMETERS-----
MIGdAkEAnRtpjibb8isRcBmG9hnI+BnyGFOURgbQYlAzSwI8UjADizv5X9EkBk97
TLqqQJv9luQ3M7stWtdaEUBmonZ9MQIVAPtT71C0QJIxVoZTeuiLIppJ+3GPAkEA
gz6I5cWJc847bAFJv7PHnwrqRJHlMKrZvltftxDXibeOdPvPKR7rqCxUUbgQ3qDO
L8wka5B33qJoplISogOdIA==
-----END DSA PARAMETERS-----

6
apps/dsap.pem
View File

@@ -1,6 +0,0 @@
-----BEGIN DSA PARAMETERS-----
MIGcAkEA+ZiKEvZmc9MtnaFZh4NiZ3oZS4J1PHvPrm9MXj5ntVheDPkdmBDTncya
GAJcMjwsyB/GvLDGd6yGCw/8eF+09wIVAK3VagOxGd/Q4Af5NbxR5FB7CXEjAkA2
t/q7HgVLi0KeKvcDG8BRl3wuy7bCvpjgtWiJc/tpvcuzeuAayH89UofjAGueKjXD
ADiRffvSdhrNw5dkqdql
-----END DSA PARAMETERS-----

253
apps/dsaparam.c
View File

@@ -1,253 +0,0 @@
/*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/opensslconf.h>
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
#include <string.h>
#include "apps.h"
#include "progs.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/bn.h>
#include <openssl/dsa.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
static int dsa_cb(int p, int n, BN_GENCB *cb);
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT, OPT_C,
OPT_NOOUT, OPT_GENKEY, OPT_ENGINE, OPT_R_ENUM
} OPTION_CHOICE;
const OPTIONS dsaparam_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"inform", OPT_INFORM, 'F', "Input format - DER or PEM"},
{"in", OPT_IN, '<', "Input file"},
{"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
{"out", OPT_OUT, '>', "Output file"},
{"text", OPT_TEXT, '-', "Print as text"},
{"C", OPT_C, '-', "Output C code"},
{"noout", OPT_NOOUT, '-', "No output"},
{"genkey", OPT_GENKEY, '-', "Generate a DSA key"},
OPT_R_OPTIONS,
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
#endif
{NULL}
};
int dsaparam_main(int argc, char **argv)
{
ENGINE *e = NULL;
DSA *dsa = NULL;
BIO *in = NULL, *out = NULL;
BN_GENCB *cb = NULL;
int numbits = -1, num = 0, genkey = 0;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, noout = 0, C = 0;
int ret = 1, i, text = 0, private = 0;
char *infile = NULL, *outfile = NULL, *prog;
OPTION_CHOICE o;
prog = opt_init(argc, argv, dsaparam_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(dsaparam_options);
ret = 0;
goto end;
case OPT_INFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
goto opthelp;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUTFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
goto opthelp;
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_TEXT:
text = 1;
break;
case OPT_C:
C = 1;
break;
case OPT_GENKEY:
genkey = 1;
break;
case OPT_R_CASES:
if (!opt_rand(o))
goto end;
break;
case OPT_NOOUT:
noout = 1;
break;
}
}
argc = opt_num_rest();
argv = opt_rest();
if (argc == 1) {
if (!opt_int(argv[0], &num) || num < 0)
goto end;
/* generate a key */
numbits = num;
}
private = genkey ? 1 : 0;
in = bio_open_default(infile, 'r', informat);
if (in == NULL)
goto end;
out = bio_open_owner(outfile, outformat, private);
if (out == NULL)
goto end;
if (numbits > 0) {
if (numbits > OPENSSL_DSA_MAX_MODULUS_BITS)
BIO_printf(bio_err,
"Warning: It is not recommended to use more than %d bit for DSA keys.\n"
" Your key size is %d! Larger key size may behave not as expected.\n",
OPENSSL_DSA_MAX_MODULUS_BITS, numbits);
cb = BN_GENCB_new();
if (cb == NULL) {
BIO_printf(bio_err, "Error allocating BN_GENCB object\n");
goto end;
}
BN_GENCB_set(cb, dsa_cb, bio_err);
dsa = DSA_new();
if (dsa == NULL) {
BIO_printf(bio_err, "Error allocating DSA object\n");
goto end;
}
BIO_printf(bio_err, "Generating DSA parameters, %d bit long prime\n",
num);
BIO_printf(bio_err, "This could take some time\n");
if (!DSA_generate_parameters_ex(dsa, num, NULL, 0, NULL, NULL, cb)) {
ERR_print_errors(bio_err);
BIO_printf(bio_err, "Error, DSA key generation failed\n");
goto end;
}
} else if (informat == FORMAT_ASN1) {
dsa = d2i_DSAparams_bio(in, NULL);
} else {
dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL);
}
if (dsa == NULL) {
BIO_printf(bio_err, "unable to load DSA parameters\n");
ERR_print_errors(bio_err);
goto end;
}
if (text) {
DSAparams_print(out, dsa);
}
if (C) {
const BIGNUM *p = NULL, *q = NULL, *g = NULL;
unsigned char *data;
int len, bits_p;
DSA_get0_pqg(dsa, &p, &q, &g);
len = BN_num_bytes(p);
bits_p = BN_num_bits(p);
data = app_malloc(len + 20, "BN space");
BIO_printf(bio_out, "static DSA *get_dsa%d(void)\n{\n", bits_p);
print_bignum_var(bio_out, p, "dsap", bits_p, data);
print_bignum_var(bio_out, q, "dsaq", bits_p, data);
print_bignum_var(bio_out, g, "dsag", bits_p, data);
BIO_printf(bio_out, " DSA *dsa = DSA_new();\n"
" BIGNUM *p, *q, *g;\n"
"\n");
BIO_printf(bio_out, " if (dsa == NULL)\n"
" return NULL;\n");
BIO_printf(bio_out, " if (!DSA_set0_pqg(dsa, p = BN_bin2bn(dsap_%d, sizeof(dsap_%d), NULL),\n",
bits_p, bits_p);
BIO_printf(bio_out, " q = BN_bin2bn(dsaq_%d, sizeof(dsaq_%d), NULL),\n",
bits_p, bits_p);
BIO_printf(bio_out, " g = BN_bin2bn(dsag_%d, sizeof(dsag_%d), NULL))) {\n",
bits_p, bits_p);
BIO_printf(bio_out, " DSA_free(dsa);\n"
" BN_free(p);\n"
" BN_free(q);\n"
" BN_free(g);\n"
" return NULL;\n"
" }\n"
" return dsa;\n}\n");
OPENSSL_free(data);
}
if (outformat == FORMAT_ASN1 && genkey)
noout = 1;
if (!noout) {
if (outformat == FORMAT_ASN1)
i = i2d_DSAparams_bio(out, dsa);
else
i = PEM_write_bio_DSAparams(out, dsa);
if (!i) {
BIO_printf(bio_err, "unable to write DSA parameters\n");
ERR_print_errors(bio_err);
goto end;
}
}
if (genkey) {
DSA *dsakey;
if ((dsakey = DSAparams_dup(dsa)) == NULL)
goto end;
if (!DSA_generate_key(dsakey)) {
ERR_print_errors(bio_err);
DSA_free(dsakey);
goto end;
}
assert(private);
if (outformat == FORMAT_ASN1)
i = i2d_DSAPrivateKey_bio(out, dsakey);
else
i = PEM_write_bio_DSAPrivateKey(out, dsakey, NULL, NULL, 0, NULL,
NULL);
DSA_free(dsakey);
}
ret = 0;
end:
BN_GENCB_free(cb);
BIO_free(in);
BIO_free_all(out);
DSA_free(dsa);
release_engine(e);
return ret;
}
static int dsa_cb(int p, int n, BN_GENCB *cb)
{
static const char symbols[] = ".+*\n";
char c = (p >= 0 && (size_t)p < sizeof(symbols) - 1) ? symbols[p] : '?';
BIO_write(BN_GENCB_get_arg(cb), &c, 1);
(void)BIO_flush(BN_GENCB_get_arg(cb));
return 1;
}

278
apps/ec.c
View File

@@ -1,278 +0,0 @@
/*
* Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/opensslconf.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "apps.h"
#include "progs.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
static OPT_PAIR conv_forms[] = {
{"compressed", POINT_CONVERSION_COMPRESSED},
{"uncompressed", POINT_CONVERSION_UNCOMPRESSED},
{"hybrid", POINT_CONVERSION_HYBRID},
{NULL}
};
static OPT_PAIR param_enc[] = {
{"named_curve", OPENSSL_EC_NAMED_CURVE},
{"explicit", 0},
{NULL}
};
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT,
OPT_NOOUT, OPT_TEXT, OPT_PARAM_OUT, OPT_PUBIN, OPT_PUBOUT,
OPT_PASSIN, OPT_PASSOUT, OPT_PARAM_ENC, OPT_CONV_FORM, OPT_CIPHER,
OPT_NO_PUBLIC, OPT_CHECK
} OPTION_CHOICE;
const OPTIONS ec_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"in", OPT_IN, 's', "Input file"},
{"inform", OPT_INFORM, 'f', "Input format - DER or PEM"},
{"out", OPT_OUT, '>', "Output file"},
{"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
{"noout", OPT_NOOUT, '-', "Don't print key out"},
{"text", OPT_TEXT, '-', "Print the key"},
{"param_out", OPT_PARAM_OUT, '-', "Print the elliptic curve parameters"},
{"pubin", OPT_PUBIN, '-', "Expect a public key in input file"},
{"pubout", OPT_PUBOUT, '-', "Output public key, not private"},
{"no_public", OPT_NO_PUBLIC, '-', "exclude public key from private key"},
{"check", OPT_CHECK, '-', "check key consistency"},
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
{"param_enc", OPT_PARAM_ENC, 's',
"Specifies the way the ec parameters are encoded"},
{"conv_form", OPT_CONV_FORM, 's', "Specifies the point conversion form "},
{"", OPT_CIPHER, '-', "Any supported cipher"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
{NULL}
};
int ec_main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL;
ENGINE *e = NULL;
EC_KEY *eckey = NULL;
const EC_GROUP *group;
const EVP_CIPHER *enc = NULL;
point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
char *infile = NULL, *outfile = NULL, *prog;
char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
OPTION_CHOICE o;
int asn1_flag = OPENSSL_EC_NAMED_CURVE, new_form = 0, new_asn1_flag = 0;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0;
int pubin = 0, pubout = 0, param_out = 0, i, ret = 1, private = 0;
int no_public = 0, check = 0;
prog = opt_init(argc, argv, ec_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(ec_options);
ret = 0;
goto end;
case OPT_INFORM:
if (!opt_format(opt_arg(), OPT_FMT_ANY, &informat))
goto opthelp;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUTFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
goto opthelp;
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_NOOUT:
noout = 1;
break;
case OPT_TEXT:
text = 1;
break;
case OPT_PARAM_OUT:
param_out = 1;
break;
case OPT_PUBIN:
pubin = 1;
break;
case OPT_PUBOUT:
pubout = 1;
break;
case OPT_PASSIN:
passinarg = opt_arg();
break;
case OPT_PASSOUT:
passoutarg = opt_arg();
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_CIPHER:
if (!opt_cipher(opt_unknown(), &enc))
goto opthelp;
break;
case OPT_CONV_FORM:
if (!opt_pair(opt_arg(), conv_forms, &i))
goto opthelp;
new_form = 1;
form = i;
break;
case OPT_PARAM_ENC:
if (!opt_pair(opt_arg(), param_enc, &i))
goto opthelp;
new_asn1_flag = 1;
asn1_flag = i;
break;
case OPT_NO_PUBLIC:
no_public = 1;
break;
case OPT_CHECK:
check = 1;
break;
}
}
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
private = param_out || pubin || pubout ? 0 : 1;
if (text && !pubin)
private = 1;
if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
}
if (informat != FORMAT_ENGINE) {
in = bio_open_default(infile, 'r', informat);
if (in == NULL)
goto end;
}
BIO_printf(bio_err, "read EC key\n");
if (informat == FORMAT_ASN1) {
if (pubin)
eckey = d2i_EC_PUBKEY_bio(in, NULL);
else
eckey = d2i_ECPrivateKey_bio(in, NULL);
} else if (informat == FORMAT_ENGINE) {
EVP_PKEY *pkey;
if (pubin)
pkey = load_pubkey(infile, informat, 1, passin, e, "Public Key");
else
pkey = load_key(infile, informat, 1, passin, e, "Private Key");
if (pkey != NULL) {
eckey = EVP_PKEY_get1_EC_KEY(pkey);
EVP_PKEY_free(pkey);
}
} else {
if (pubin)
eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL, NULL);
else
eckey = PEM_read_bio_ECPrivateKey(in, NULL, NULL, passin);
}
if (eckey == NULL) {
BIO_printf(bio_err, "unable to load Key\n");
ERR_print_errors(bio_err);
goto end;
}
out = bio_open_owner(outfile, outformat, private);
if (out == NULL)
goto end;
group = EC_KEY_get0_group(eckey);
if (new_form)
EC_KEY_set_conv_form(eckey, form);
if (new_asn1_flag)
EC_KEY_set_asn1_flag(eckey, asn1_flag);
if (no_public)
EC_KEY_set_enc_flags(eckey, EC_PKEY_NO_PUBKEY);
if (text) {
assert(pubin || private);
if (!EC_KEY_print(out, eckey, 0)) {
perror(outfile);
ERR_print_errors(bio_err);
goto end;
}
}
if (check) {
if (EC_KEY_check_key(eckey) == 1) {
BIO_printf(bio_err, "EC Key valid.\n");
} else {
BIO_printf(bio_err, "EC Key Invalid!\n");
ERR_print_errors(bio_err);
}
}
if (noout) {
ret = 0;
goto end;
}
BIO_printf(bio_err, "writing EC key\n");
if (outformat == FORMAT_ASN1) {
if (param_out) {
i = i2d_ECPKParameters_bio(out, group);
} else if (pubin || pubout) {
i = i2d_EC_PUBKEY_bio(out, eckey);
} else {
assert(private);
i = i2d_ECPrivateKey_bio(out, eckey);
}
} else {
if (param_out) {
i = PEM_write_bio_ECPKParameters(out, group);
} else if (pubin || pubout) {
i = PEM_write_bio_EC_PUBKEY(out, eckey);
} else {
assert(private);
i = PEM_write_bio_ECPrivateKey(out, eckey, enc,
NULL, 0, NULL, passout);
}
}
if (!i) {
BIO_printf(bio_err, "unable to write private key\n");
ERR_print_errors(bio_err);
} else {
ret = 0;
}
end:
BIO_free(in);
BIO_free_all(out);
EC_KEY_free(eckey);
release_engine(e);
OPENSSL_free(passin);
OPENSSL_free(passout);
return ret;
}

444
apps/ecparam.c
View File

@@ -1,444 +0,0 @@
/*
* Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/opensslconf.h>
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
#include <string.h>
#include "apps.h"
#include "progs.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/bn.h>
#include <openssl/ec.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT, OPT_C,
OPT_CHECK, OPT_LIST_CURVES, OPT_NO_SEED, OPT_NOOUT, OPT_NAME,
OPT_CONV_FORM, OPT_PARAM_ENC, OPT_GENKEY, OPT_ENGINE,
OPT_R_ENUM
} OPTION_CHOICE;
const OPTIONS ecparam_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"inform", OPT_INFORM, 'F', "Input format - default PEM (DER or PEM)"},
{"outform", OPT_OUTFORM, 'F', "Output format - default PEM"},
{"in", OPT_IN, '<', "Input file - default stdin"},
{"out", OPT_OUT, '>', "Output file - default stdout"},
{"text", OPT_TEXT, '-', "Print the ec parameters in text form"},
{"C", OPT_C, '-', "Print a 'C' function creating the parameters"},
{"check", OPT_CHECK, '-', "Validate the ec parameters"},
{"list_curves", OPT_LIST_CURVES, '-',
"Prints a list of all curve 'short names'"},
{"no_seed", OPT_NO_SEED, '-',
"If 'explicit' parameters are chosen do not use the seed"},
{"noout", OPT_NOOUT, '-', "Do not print the ec parameter"},
{"name", OPT_NAME, 's',
"Use the ec parameters with specified 'short name'"},
{"conv_form", OPT_CONV_FORM, 's', "Specifies the point conversion form "},
{"param_enc", OPT_PARAM_ENC, 's',
"Specifies the way the ec parameters are encoded"},
{"genkey", OPT_GENKEY, '-', "Generate ec key"},
OPT_R_OPTIONS,
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
{NULL}
};
static OPT_PAIR forms[] = {
{"compressed", POINT_CONVERSION_COMPRESSED},
{"uncompressed", POINT_CONVERSION_UNCOMPRESSED},
{"hybrid", POINT_CONVERSION_HYBRID},
{NULL}
};
static OPT_PAIR encodings[] = {
{"named_curve", OPENSSL_EC_NAMED_CURVE},
{"explicit", 0},
{NULL}
};
int ecparam_main(int argc, char **argv)
{
ENGINE *e = NULL;
BIGNUM *ec_gen = NULL, *ec_order = NULL, *ec_cofactor = NULL;
BIGNUM *ec_p = NULL, *ec_a = NULL, *ec_b = NULL;
BIO *in = NULL, *out = NULL;
EC_GROUP *group = NULL;
point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
char *curve_name = NULL;
char *infile = NULL, *outfile = NULL, *prog;
unsigned char *buffer = NULL;
OPTION_CHOICE o;
int asn1_flag = OPENSSL_EC_NAMED_CURVE, new_asn1_flag = 0;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, noout = 0, C = 0;
int ret = 1, private = 0;
int list_curves = 0, no_seed = 0, check = 0, new_form = 0;
int text = 0, i, genkey = 0;
prog = opt_init(argc, argv, ecparam_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(ecparam_options);
ret = 0;
goto end;
case OPT_INFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
goto opthelp;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUTFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
goto opthelp;
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_TEXT:
text = 1;
break;
case OPT_C:
C = 1;
break;
case OPT_CHECK:
check = 1;
break;
case OPT_LIST_CURVES:
list_curves = 1;
break;
case OPT_NO_SEED:
no_seed = 1;
break;
case OPT_NOOUT:
noout = 1;
break;
case OPT_NAME:
curve_name = opt_arg();
break;
case OPT_CONV_FORM:
if (!opt_pair(opt_arg(), forms, &new_form))
goto opthelp;
form = new_form;
new_form = 1;
break;
case OPT_PARAM_ENC:
if (!opt_pair(opt_arg(), encodings, &asn1_flag))
goto opthelp;
new_asn1_flag = 1;
break;
case OPT_GENKEY:
genkey = 1;
break;
case OPT_R_CASES:
if (!opt_rand(o))
goto end;
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
}
}
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
private = genkey ? 1 : 0;
in = bio_open_default(infile, 'r', informat);
if (in == NULL)
goto end;
out = bio_open_owner(outfile, outformat, private);
if (out == NULL)
goto end;
if (list_curves) {
EC_builtin_curve *curves = NULL;
size_t crv_len = EC_get_builtin_curves(NULL, 0);
size_t n;
curves = app_malloc((int)sizeof(*curves) * crv_len, "list curves");
if (!EC_get_builtin_curves(curves, crv_len)) {
OPENSSL_free(curves);
goto end;
}
for (n = 0; n < crv_len; n++) {
const char *comment;
const char *sname;
comment = curves[n].comment;
sname = OBJ_nid2sn(curves[n].nid);
if (comment == NULL)
comment = "CURVE DESCRIPTION NOT AVAILABLE";
if (sname == NULL)
sname = "";
BIO_printf(out, " %-10s: ", sname);
BIO_printf(out, "%s\n", comment);
}
OPENSSL_free(curves);
ret = 0;
goto end;
}
if (curve_name != NULL) {
int nid;
/*
* workaround for the SECG curve names secp192r1 and secp256r1 (which
* are the same as the curves prime192v1 and prime256v1 defined in
* X9.62)
*/
if (strcmp(curve_name, "secp192r1") == 0) {
BIO_printf(bio_err, "using curve name prime192v1 "
"instead of secp192r1\n");
nid = NID_X9_62_prime192v1;
} else if (strcmp(curve_name, "secp256r1") == 0) {
BIO_printf(bio_err, "using curve name prime256v1 "
"instead of secp256r1\n");
nid = NID_X9_62_prime256v1;
} else {
nid = OBJ_sn2nid(curve_name);
}
if (nid == 0)
nid = EC_curve_nist2nid(curve_name);
if (nid == 0) {
BIO_printf(bio_err, "unknown curve name (%s)\n", curve_name);
goto end;
}
group = EC_GROUP_new_by_curve_name(nid);
if (group == NULL) {
BIO_printf(bio_err, "unable to create curve (%s)\n", curve_name);
goto end;
}
EC_GROUP_set_asn1_flag(group, asn1_flag);
EC_GROUP_set_point_conversion_form(group, form);
} else if (informat == FORMAT_ASN1) {
group = d2i_ECPKParameters_bio(in, NULL);
} else {
group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL);
}
if (group == NULL) {
BIO_printf(bio_err, "unable to load elliptic curve parameters\n");
ERR_print_errors(bio_err);
goto end;
}
if (new_form)
EC_GROUP_set_point_conversion_form(group, form);
if (new_asn1_flag)
EC_GROUP_set_asn1_flag(group, asn1_flag);
if (no_seed) {
EC_GROUP_set_seed(group, NULL, 0);
}
if (text) {
if (!ECPKParameters_print(out, group, 0))
goto end;
}
if (check) {
BIO_printf(bio_err, "checking elliptic curve parameters: ");
if (!EC_GROUP_check(group, NULL)) {
BIO_printf(bio_err, "failed\n");
ERR_print_errors(bio_err);
goto end;
}
BIO_printf(bio_err, "ok\n");
}
if (C) {
size_t buf_len = 0, tmp_len = 0;
const EC_POINT *point;
int is_prime, len = 0;
const EC_METHOD *meth = EC_GROUP_method_of(group);
if ((ec_p = BN_new()) == NULL
|| (ec_a = BN_new()) == NULL
|| (ec_b = BN_new()) == NULL
|| (ec_gen = BN_new()) == NULL
|| (ec_order = BN_new()) == NULL
|| (ec_cofactor = BN_new()) == NULL) {
perror("Can't allocate BN");
goto end;
}
is_prime = (EC_METHOD_get_field_type(meth) == NID_X9_62_prime_field);
if (!is_prime) {
BIO_printf(bio_err, "Can only handle X9.62 prime fields\n");
goto end;
}
if (!EC_GROUP_get_curve(group, ec_p, ec_a, ec_b, NULL))
goto end;
if ((point = EC_GROUP_get0_generator(group)) == NULL)
goto end;
if (!EC_POINT_point2bn(group, point,
EC_GROUP_get_point_conversion_form(group),
ec_gen, NULL))
goto end;
if (!EC_GROUP_get_order(group, ec_order, NULL))
goto end;
if (!EC_GROUP_get_cofactor(group, ec_cofactor, NULL))
goto end;
if (!ec_p || !ec_a || !ec_b || !ec_gen || !ec_order || !ec_cofactor)
goto end;
len = BN_num_bits(ec_order);
if ((tmp_len = (size_t)BN_num_bytes(ec_p)) > buf_len)
buf_len = tmp_len;
if ((tmp_len = (size_t)BN_num_bytes(ec_a)) > buf_len)
buf_len = tmp_len;
if ((tmp_len = (size_t)BN_num_bytes(ec_b)) > buf_len)
buf_len = tmp_len;
if ((tmp_len = (size_t)BN_num_bytes(ec_gen)) > buf_len)
buf_len = tmp_len;
if ((tmp_len = (size_t)BN_num_bytes(ec_order)) > buf_len)
buf_len = tmp_len;
if ((tmp_len = (size_t)BN_num_bytes(ec_cofactor)) > buf_len)
buf_len = tmp_len;
buffer = app_malloc(buf_len, "BN buffer");
BIO_printf(out, "EC_GROUP *get_ec_group_%d(void)\n{\n", len);
print_bignum_var(out, ec_p, "ec_p", len, buffer);
print_bignum_var(out, ec_a, "ec_a", len, buffer);
print_bignum_var(out, ec_b, "ec_b", len, buffer);
print_bignum_var(out, ec_gen, "ec_gen", len, buffer);
print_bignum_var(out, ec_order, "ec_order", len, buffer);
print_bignum_var(out, ec_cofactor, "ec_cofactor", len, buffer);
BIO_printf(out, " int ok = 0;\n"
" EC_GROUP *group = NULL;\n"
" EC_POINT *point = NULL;\n"
" BIGNUM *tmp_1 = NULL;\n"
" BIGNUM *tmp_2 = NULL;\n"
" BIGNUM *tmp_3 = NULL;\n"
"\n");
BIO_printf(out, " if ((tmp_1 = BN_bin2bn(ec_p_%d, sizeof(ec_p_%d), NULL)) == NULL)\n"
" goto err;\n", len, len);
BIO_printf(out, " if ((tmp_2 = BN_bin2bn(ec_a_%d, sizeof(ec_a_%d), NULL)) == NULL)\n"
" goto err;\n", len, len);
BIO_printf(out, " if ((tmp_3 = BN_bin2bn(ec_b_%d, sizeof(ec_b_%d), NULL)) == NULL)\n"
" goto err;\n", len, len);
BIO_printf(out, " if ((group = EC_GROUP_new_curve_GFp(tmp_1, tmp_2, tmp_3, NULL)) == NULL)\n"
" goto err;\n"
"\n");
BIO_printf(out, " /* build generator */\n");
BIO_printf(out, " if ((tmp_1 = BN_bin2bn(ec_gen_%d, sizeof(ec_gen_%d), tmp_1)) == NULL)\n"
" goto err;\n", len, len);
BIO_printf(out, " point = EC_POINT_bn2point(group, tmp_1, NULL, NULL);\n");
BIO_printf(out, " if (point == NULL)\n"
" goto err;\n");
BIO_printf(out, " if ((tmp_2 = BN_bin2bn(ec_order_%d, sizeof(ec_order_%d), tmp_2)) == NULL)\n"
" goto err;\n", len, len);
BIO_printf(out, " if ((tmp_3 = BN_bin2bn(ec_cofactor_%d, sizeof(ec_cofactor_%d), tmp_3)) == NULL)\n"
" goto err;\n", len, len);
BIO_printf(out, " if (!EC_GROUP_set_generator(group, point, tmp_2, tmp_3))\n"
" goto err;\n"
"ok = 1;"
"\n");
BIO_printf(out, "err:\n"
" BN_free(tmp_1);\n"
" BN_free(tmp_2);\n"
" BN_free(tmp_3);\n"
" EC_POINT_free(point);\n"
" if (!ok) {\n"
" EC_GROUP_free(group);\n"
" return NULL;\n"
" }\n"
" return (group);\n"
"}\n");
}
if (outformat == FORMAT_ASN1 && genkey)
noout = 1;
if (!noout) {
if (outformat == FORMAT_ASN1)
i = i2d_ECPKParameters_bio(out, group);
else
i = PEM_write_bio_ECPKParameters(out, group);
if (!i) {
BIO_printf(bio_err, "unable to write elliptic "
"curve parameters\n");
ERR_print_errors(bio_err);
goto end;
}
}
if (genkey) {
EC_KEY *eckey = EC_KEY_new();
if (eckey == NULL)
goto end;
if (EC_KEY_set_group(eckey, group) == 0) {
BIO_printf(bio_err, "unable to set group when generating key\n");
EC_KEY_free(eckey);
ERR_print_errors(bio_err);
goto end;
}
if (new_form)
EC_KEY_set_conv_form(eckey, form);
if (!EC_KEY_generate_key(eckey)) {
BIO_printf(bio_err, "unable to generate key\n");
EC_KEY_free(eckey);
ERR_print_errors(bio_err);
goto end;
}
assert(private);
if (outformat == FORMAT_ASN1)
i = i2d_ECPrivateKey_bio(out, eckey);
else
i = PEM_write_bio_ECPrivateKey(out, eckey, NULL,
NULL, 0, NULL, NULL);
EC_KEY_free(eckey);
}
ret = 0;
end:
BN_free(ec_p);
BN_free(ec_a);
BN_free(ec_b);
BN_free(ec_gen);
BN_free(ec_order);
BN_free(ec_cofactor);
OPENSSL_free(buffer);
EC_GROUP_free(group);
release_engine(e);
BIO_free(in);
BIO_free_all(out);
return ret;
}

676
apps/enc.c
View File

@@ -1,676 +0,0 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <limits.h>
#include "apps.h"
#include "progs.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/rand.h>
#include <openssl/pem.h>
#ifndef OPENSSL_NO_COMP
# include <openssl/comp.h>
#endif
#include <ctype.h>
#undef SIZE
#undef BSIZE
#define SIZE (512)
#define BSIZE (8*1024)
static int set_hex(const char *in, unsigned char *out, int size);
static void show_ciphers(const OBJ_NAME *name, void *bio_);
struct doall_enc_ciphers {
BIO *bio;
int n;
};
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_LIST,
OPT_E, OPT_IN, OPT_OUT, OPT_PASS, OPT_ENGINE, OPT_D, OPT_P, OPT_V,
OPT_NOPAD, OPT_SALT, OPT_NOSALT, OPT_DEBUG, OPT_UPPER_P, OPT_UPPER_A,
OPT_A, OPT_Z, OPT_BUFSIZE, OPT_K, OPT_KFILE, OPT_UPPER_K, OPT_NONE,
OPT_UPPER_S, OPT_IV, OPT_MD, OPT_ITER, OPT_PBKDF2, OPT_CIPHER,
OPT_R_ENUM
} OPTION_CHOICE;
const OPTIONS enc_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"list", OPT_LIST, '-', "List ciphers"},
{"ciphers", OPT_LIST, '-', "Alias for -list"},
{"in", OPT_IN, '<', "Input file"},
{"out", OPT_OUT, '>', "Output file"},
{"pass", OPT_PASS, 's', "Passphrase source"},
{"e", OPT_E, '-', "Encrypt"},
{"d", OPT_D, '-', "Decrypt"},
{"p", OPT_P, '-', "Print the iv/key"},
{"P", OPT_UPPER_P, '-', "Print the iv/key and exit"},
{"v", OPT_V, '-', "Verbose output"},
{"nopad", OPT_NOPAD, '-', "Disable standard block padding"},
{"salt", OPT_SALT, '-', "Use salt in the KDF (default)"},
{"nosalt", OPT_NOSALT, '-', "Do not use salt in the KDF"},
{"debug", OPT_DEBUG, '-', "Print debug info"},
{"a", OPT_A, '-', "Base64 encode/decode, depending on encryption flag"},
{"base64", OPT_A, '-', "Same as option -a"},
{"A", OPT_UPPER_A, '-',
"Used with -[base64|a] to specify base64 buffer as a single line"},
{"bufsize", OPT_BUFSIZE, 's', "Buffer size"},
{"k", OPT_K, 's', "Passphrase"},
{"kfile", OPT_KFILE, '<', "Read passphrase from file"},
{"K", OPT_UPPER_K, 's', "Raw key, in hex"},
{"S", OPT_UPPER_S, 's', "Salt, in hex"},
{"iv", OPT_IV, 's', "IV in hex"},
{"md", OPT_MD, 's', "Use specified digest to create a key from the passphrase"},
{"iter", OPT_ITER, 'p', "Specify the iteration count and force use of PBKDF2"},
{"pbkdf2", OPT_PBKDF2, '-', "Use password-based key derivation function 2"},
{"none", OPT_NONE, '-', "Don't encrypt"},
{"", OPT_CIPHER, '-', "Any supported cipher"},
OPT_R_OPTIONS,
#ifdef ZLIB
{"z", OPT_Z, '-', "Compress or decompress encrypted data using zlib"},
#endif
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
{NULL}
};
int enc_main(int argc, char **argv)
{
static char buf[128];
static const char magic[] = "Salted__";
ENGINE *e = NULL;
BIO *in = NULL, *out = NULL, *b64 = NULL, *benc = NULL, *rbio =
NULL, *wbio = NULL;
EVP_CIPHER_CTX *ctx = NULL;
const EVP_CIPHER *cipher = NULL, *c;
const EVP_MD *dgst = NULL;
char *hkey = NULL, *hiv = NULL, *hsalt = NULL, *p;
char *infile = NULL, *outfile = NULL, *prog;
char *str = NULL, *passarg = NULL, *pass = NULL, *strbuf = NULL;
char mbuf[sizeof(magic) - 1];
OPTION_CHOICE o;
int bsize = BSIZE, verbose = 0, debug = 0, olb64 = 0, nosalt = 0;
int enc = 1, printkey = 0, i, k;
int base64 = 0, informat = FORMAT_BINARY, outformat = FORMAT_BINARY;
int ret = 1, inl, nopad = 0;
unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
unsigned char *buff = NULL, salt[PKCS5_SALT_LEN];
int pbkdf2 = 0;
int iter = 0;
long n;
struct doall_enc_ciphers dec;
#ifdef ZLIB
int do_zlib = 0;
BIO *bzl = NULL;
#endif
/* first check the program name */
prog = opt_progname(argv[0]);
if (strcmp(prog, "base64") == 0) {
base64 = 1;
#ifdef ZLIB
} else if (strcmp(prog, "zlib") == 0) {
do_zlib = 1;
#endif
} else {
cipher = EVP_get_cipherbyname(prog);
if (cipher == NULL && strcmp(prog, "enc") != 0) {
BIO_printf(bio_err, "%s is not a known cipher\n", prog);
goto end;
}
}
prog = opt_init(argc, argv, enc_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(enc_options);
ret = 0;
goto end;
case OPT_LIST:
BIO_printf(bio_out, "Supported ciphers:\n");
dec.bio = bio_out;
dec.n = 0;
OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
show_ciphers, &dec);
BIO_printf(bio_out, "\n");
ret = 0;
goto end;
case OPT_E:
enc = 1;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_PASS:
passarg = opt_arg();
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_D:
enc = 0;
break;
case OPT_P:
printkey = 1;
break;
case OPT_V:
verbose = 1;
break;
case OPT_NOPAD:
nopad = 1;
break;
case OPT_SALT:
nosalt = 0;
break;
case OPT_NOSALT:
nosalt = 1;
break;
case OPT_DEBUG:
debug = 1;
break;
case OPT_UPPER_P:
printkey = 2;
break;
case OPT_UPPER_A:
olb64 = 1;
break;
case OPT_A:
base64 = 1;
break;
case OPT_Z:
#ifdef ZLIB
do_zlib = 1;
#endif
break;
case OPT_BUFSIZE:
p = opt_arg();
i = (int)strlen(p) - 1;
k = i >= 1 && p[i] == 'k';
if (k)
p[i] = '\0';
if (!opt_long(opt_arg(), &n)
|| n < 0 || (k && n >= LONG_MAX / 1024))
goto opthelp;
if (k)
n *= 1024;
bsize = (int)n;
break;
case OPT_K:
str = opt_arg();
break;
case OPT_KFILE:
in = bio_open_default(opt_arg(), 'r', FORMAT_TEXT);
if (in == NULL)
goto opthelp;
i = BIO_gets(in, buf, sizeof(buf));
BIO_free(in);
in = NULL;
if (i <= 0) {
BIO_printf(bio_err,
"%s Can't read key from %s\n", prog, opt_arg());
goto opthelp;
}
while (--i > 0 && (buf[i] == '\r' || buf[i] == '\n'))
buf[i] = '\0';
if (i <= 0) {
BIO_printf(bio_err, "%s: zero length password\n", prog);
goto opthelp;
}
str = buf;
break;
case OPT_UPPER_K:
hkey = opt_arg();
break;
case OPT_UPPER_S:
hsalt = opt_arg();
break;
case OPT_IV:
hiv = opt_arg();
break;
case OPT_MD:
if (!opt_md(opt_arg(), &dgst))
goto opthelp;
break;
case OPT_CIPHER:
if (!opt_cipher(opt_unknown(), &c))
goto opthelp;
cipher = c;
break;
case OPT_ITER:
if (!opt_int(opt_arg(), &iter))
goto opthelp;
pbkdf2 = 1;
break;
case OPT_PBKDF2:
pbkdf2 = 1;
if (iter == 0) /* do not overwrite a chosen value */
iter = 10000;
break;
case OPT_NONE:
cipher = NULL;
break;
case OPT_R_CASES:
if (!opt_rand(o))
goto end;
break;
}
}
if (opt_num_rest() != 0) {
BIO_printf(bio_err, "Extra arguments given.\n");
goto opthelp;
}
if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
BIO_printf(bio_err, "%s: AEAD ciphers not supported\n", prog);
goto end;
}
if (cipher && (EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)) {
BIO_printf(bio_err, "%s XTS ciphers not supported\n", prog);
goto end;
}
if (dgst == NULL)
dgst = EVP_sha256();
if (iter == 0)
iter = 1;
/* It must be large enough for a base64 encoded line */
if (base64 && bsize < 80)
bsize = 80;
if (verbose)
BIO_printf(bio_err, "bufsize=%d\n", bsize);
#ifdef ZLIB
if (!do_zlib)
#endif
if (base64) {
if (enc)
outformat = FORMAT_BASE64;
else
informat = FORMAT_BASE64;
}
strbuf = app_malloc(SIZE, "strbuf");
buff = app_malloc(EVP_ENCODE_LENGTH(bsize), "evp buffer");
if (infile == NULL) {
in = dup_bio_in(informat);
} else {
in = bio_open_default(infile, 'r', informat);
}
if (in == NULL)
goto end;
if (str == NULL && passarg != NULL) {
if (!app_passwd(passarg, NULL, &pass, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
str = pass;
}
if ((str == NULL) && (cipher != NULL) && (hkey == NULL)) {
if (1) {
#ifndef OPENSSL_NO_UI_CONSOLE
for (;;) {
char prompt[200];
BIO_snprintf(prompt, sizeof(prompt), "enter %s %s password:",
OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
(enc) ? "encryption" : "decryption");
strbuf[0] = '\0';
i = EVP_read_pw_string((char *)strbuf, SIZE, prompt, enc);
if (i == 0) {
if (strbuf[0] == '\0') {
ret = 1;
goto end;
}
str = strbuf;
break;
}
if (i < 0) {
BIO_printf(bio_err, "bad password read\n");
goto end;
}
}
} else {
#endif
BIO_printf(bio_err, "password required\n");
goto end;
}
}
out = bio_open_default(outfile, 'w', outformat);
if (out == NULL)
goto end;
if (debug) {
BIO_set_callback(in, BIO_debug_callback);
BIO_set_callback(out, BIO_debug_callback);
BIO_set_callback_arg(in, (char *)bio_err);
BIO_set_callback_arg(out, (char *)bio_err);
}
rbio = in;
wbio = out;
#ifdef ZLIB
if (do_zlib) {
if ((bzl = BIO_new(BIO_f_zlib())) == NULL)
goto end;
if (debug) {
BIO_set_callback(bzl, BIO_debug_callback);
BIO_set_callback_arg(bzl, (char *)bio_err);
}
if (enc)
wbio = BIO_push(bzl, wbio);
else
rbio = BIO_push(bzl, rbio);
}
#endif
if (base64) {
if ((b64 = BIO_new(BIO_f_base64())) == NULL)
goto end;
if (debug) {
BIO_set_callback(b64, BIO_debug_callback);
BIO_set_callback_arg(b64, (char *)bio_err);
}
if (olb64)
BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
if (enc)
wbio = BIO_push(b64, wbio);
else
rbio = BIO_push(b64, rbio);
}
if (cipher != NULL) {
/*
* Note that str is NULL if a key was passed on the command line, so
* we get no salt in that case. Is this a bug?
*/
if (str != NULL) {
/*
* Salt handling: if encrypting generate a salt and write to
* output BIO. If decrypting read salt from input BIO.
*/
unsigned char *sptr;
size_t str_len = strlen(str);
if (nosalt) {
sptr = NULL;
} else {
if (enc) {
if (hsalt) {
if (!set_hex(hsalt, salt, sizeof(salt))) {
BIO_printf(bio_err, "invalid hex salt value\n");
goto end;
}
} else if (RAND_bytes(salt, sizeof(salt)) <= 0) {
goto end;
}
/*
* If -P option then don't bother writing
*/
if ((printkey != 2)
&& (BIO_write(wbio, magic,
sizeof(magic) - 1) != sizeof(magic) - 1
|| BIO_write(wbio,
(char *)salt,
sizeof(salt)) != sizeof(salt))) {
BIO_printf(bio_err, "error writing output file\n");
goto end;
}
} else if (BIO_read(rbio, mbuf, sizeof(mbuf)) != sizeof(mbuf)
|| BIO_read(rbio,
(unsigned char *)salt,
sizeof(salt)) != sizeof(salt)) {
BIO_printf(bio_err, "error reading input file\n");
goto end;
} else if (memcmp(mbuf, magic, sizeof(magic) - 1)) {
BIO_printf(bio_err, "bad magic number\n");
goto end;
}
sptr = salt;
}
if (pbkdf2 == 1) {
/*
* derive key and default iv
* concatenated into a temporary buffer
*/
unsigned char tmpkeyiv[EVP_MAX_KEY_LENGTH + EVP_MAX_IV_LENGTH];
int iklen = EVP_CIPHER_key_length(cipher);
int ivlen = EVP_CIPHER_iv_length(cipher);
/* not needed if HASH_UPDATE() is fixed : */
int islen = (sptr != NULL ? sizeof(salt) : 0);
if (!PKCS5_PBKDF2_HMAC(str, str_len, sptr, islen,
iter, dgst, iklen+ivlen, tmpkeyiv)) {
BIO_printf(bio_err, "PKCS5_PBKDF2_HMAC failed\n");
goto end;
}
/* split and move data back to global buffer */
memcpy(key, tmpkeyiv, iklen);
memcpy(iv, tmpkeyiv+iklen, ivlen);
} else {
BIO_printf(bio_err, "*** WARNING : "
"deprecated key derivation used.\n"
"Using -iter or -pbkdf2 would be better.\n");
if (!EVP_BytesToKey(cipher, dgst, sptr,
(unsigned char *)str, str_len,
1, key, iv)) {
BIO_printf(bio_err, "EVP_BytesToKey failed\n");
goto end;
}
}
/*
* zero the complete buffer or the string passed from the command
* line.
*/
if (str == strbuf)
OPENSSL_cleanse(str, SIZE);
else
OPENSSL_cleanse(str, str_len);
}
if (hiv != NULL) {
int siz = EVP_CIPHER_iv_length(cipher);
if (siz == 0) {
BIO_printf(bio_err, "warning: iv not used by this cipher\n");
} else if (!set_hex(hiv, iv, siz)) {
BIO_printf(bio_err, "invalid hex iv value\n");
goto end;
}
}
if ((hiv == NULL) && (str == NULL)
&& EVP_CIPHER_iv_length(cipher) != 0) {
/*
* No IV was explicitly set and no IV was generated.
* Hence the IV is undefined, making correct decryption impossible.
*/
BIO_printf(bio_err, "iv undefined\n");
goto end;
}
if (hkey != NULL) {
if (!set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) {
BIO_printf(bio_err, "invalid hex key value\n");
goto end;
}
/* wiping secret data as we no longer need it */
OPENSSL_cleanse(hkey, strlen(hkey));
}
if ((benc = BIO_new(BIO_f_cipher())) == NULL)
goto end;
/*
* Since we may be changing parameters work on the encryption context
* rather than calling BIO_set_cipher().
*/
BIO_get_cipher_ctx(benc, &ctx);
if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) {
BIO_printf(bio_err, "Error setting cipher %s\n",
EVP_CIPHER_name(cipher));
ERR_print_errors(bio_err);
goto end;
}
if (nopad)
EVP_CIPHER_CTX_set_padding(ctx, 0);
if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) {
BIO_printf(bio_err, "Error setting cipher %s\n",
EVP_CIPHER_name(cipher));
ERR_print_errors(bio_err);
goto end;
}
if (debug) {
BIO_set_callback(benc, BIO_debug_callback);
BIO_set_callback_arg(benc, (char *)bio_err);
}
if (printkey) {
if (!nosalt) {
printf("salt=");
for (i = 0; i < (int)sizeof(salt); i++)
printf("%02X", salt[i]);
printf("\n");
}
if (EVP_CIPHER_key_length(cipher) > 0) {
printf("key=");
for (i = 0; i < EVP_CIPHER_key_length(cipher); i++)
printf("%02X", key[i]);
printf("\n");
}
if (EVP_CIPHER_iv_length(cipher) > 0) {
printf("iv =");
for (i = 0; i < EVP_CIPHER_iv_length(cipher); i++)
printf("%02X", iv[i]);
printf("\n");
}
if (printkey == 2) {
ret = 0;
goto end;
}
}
}
/* Only encrypt/decrypt as we write the file */
if (benc != NULL)
wbio = BIO_push(benc, wbio);
while (BIO_pending(rbio) || !BIO_eof(rbio)) {
inl = BIO_read(rbio, (char *)buff, bsize);
if (inl <= 0)
break;
if (BIO_write(wbio, (char *)buff, inl) != inl) {
BIO_printf(bio_err, "error writing output file\n");
goto end;
}
}
if (!BIO_flush(wbio)) {
BIO_printf(bio_err, "bad decrypt\n");
goto end;
}
ret = 0;
if (verbose) {
BIO_printf(bio_err, "bytes read : %8ju\n", BIO_number_read(in));
BIO_printf(bio_err, "bytes written: %8ju\n", BIO_number_written(out));
}
end:
ERR_print_errors(bio_err);
OPENSSL_free(strbuf);
OPENSSL_free(buff);
BIO_free(in);
BIO_free_all(out);
BIO_free(benc);
BIO_free(b64);
#ifdef ZLIB
BIO_free(bzl);
#endif
release_engine(e);
OPENSSL_free(pass);
return ret;
}
static void show_ciphers(const OBJ_NAME *name, void *arg)
{
struct doall_enc_ciphers *dec = (struct doall_enc_ciphers *)arg;
const EVP_CIPHER *cipher;
if (!islower((unsigned char)*name->name))
return;
/* Filter out ciphers that we cannot use */
cipher = EVP_get_cipherbyname(name->name);
if (cipher == NULL ||
(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0 ||
EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)
return;
BIO_printf(dec->bio, "-%-25s", name->name);
if (++dec->n == 3) {
BIO_printf(dec->bio, "\n");
dec->n = 0;
} else
BIO_printf(dec->bio, " ");
}
static int set_hex(const char *in, unsigned char *out, int size)
{
int i, n;
unsigned char j;
i = size * 2;
n = strlen(in);
if (n > i) {
BIO_printf(bio_err, "hex string is too long, ignoring excess\n");
n = i; /* ignore exceeding part */
} else if (n < i) {
BIO_printf(bio_err, "hex string is too short, padding with zero bytes to length\n");
}
memset(out, 0, size);
for (i = 0; i < n; i++) {
j = (unsigned char)*in++;
if (!isxdigit(j)) {
BIO_printf(bio_err, "non-hex digit\n");
return 0;
}
j = (unsigned char)OPENSSL_hexchar2int(j);
if (i & 1)
out[i / 2] |= j;
else
out[i / 2] = (j << 4);
}
return 1;
}

484
apps/engine.c
View File

@@ -1,484 +0,0 @@
/*
* Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/opensslconf.h>
#include "apps.h"
#include "progs.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/err.h>
#include <openssl/engine.h>
#include <openssl/ssl.h>
#include <openssl/store.h>
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_C, OPT_T, OPT_TT, OPT_PRE, OPT_POST,
OPT_V = 100, OPT_VV, OPT_VVV, OPT_VVVV
} OPTION_CHOICE;
const OPTIONS engine_options[] = {
{OPT_HELP_STR, 1, '-', "Usage: %s [options] engine...\n"},
{OPT_HELP_STR, 1, '-',
" engine... Engines to load\n"},
{"help", OPT_HELP, '-', "Display this summary"},
{"v", OPT_V, '-', "List 'control commands' For each specified engine"},
{"vv", OPT_VV, '-', "Also display each command's description"},
{"vvv", OPT_VVV, '-', "Also add the input flags for each command"},
{"vvvv", OPT_VVVV, '-', "Also show internal input flags"},
{"c", OPT_C, '-', "List the capabilities of specified engine"},
{"t", OPT_T, '-', "Check that specified engine is available"},
{"tt", OPT_TT, '-', "Display error trace for unavailable engines"},
{"pre", OPT_PRE, 's', "Run command against the ENGINE before loading it"},
{"post", OPT_POST, 's', "Run command against the ENGINE after loading it"},
{OPT_MORE_STR, OPT_EOF, 1,
"Commands are like \"SO_PATH:/lib/libdriver.so\""},
{NULL}
};
static int append_buf(char **buf, int *size, const char *s)
{
const int expand = 256;
int len = strlen(s) + 1;
char *p = *buf;
if (p == NULL) {
*size = ((len + expand - 1) / expand) * expand;
p = *buf = app_malloc(*size, "engine buffer");
} else {
const int blen = strlen(p);
if (blen > 0)
len += 2 + blen;
if (len > *size) {
*size = ((len + expand - 1) / expand) * expand;
p = OPENSSL_realloc(p, *size);
if (p == NULL) {
OPENSSL_free(*buf);
*buf = NULL;
return 0;
}
*buf = p;
}
if (blen > 0) {
p += blen;
*p++ = ',';
*p++ = ' ';
}
}
strcpy(p, s);
return 1;
}
static int util_flags(BIO *out, unsigned int flags, const char *indent)
{
int started = 0, err = 0;
/* Indent before displaying input flags */
BIO_printf(out, "%s%s(input flags): ", indent, indent);
if (flags == 0) {
BIO_printf(out, "<no flags>\n");
return 1;
}
/*
* If the object is internal, mark it in a way that shows instead of
* having it part of all the other flags, even if it really is.
*/
if (flags & ENGINE_CMD_FLAG_INTERNAL) {
BIO_printf(out, "[Internal] ");
}
if (flags & ENGINE_CMD_FLAG_NUMERIC) {
BIO_printf(out, "NUMERIC");
started = 1;
}
/*
* Now we check that no combinations of the mutually exclusive NUMERIC,
* STRING, and NO_INPUT flags have been used. Future flags that can be
* OR'd together with these would need to added after these to preserve
* the testing logic.
*/
if (flags & ENGINE_CMD_FLAG_STRING) {
if (started) {
BIO_printf(out, "|");
err = 1;
}
BIO_printf(out, "STRING");
started = 1;
}
if (flags & ENGINE_CMD_FLAG_NO_INPUT) {
if (started) {
BIO_printf(out, "|");
err = 1;
}
BIO_printf(out, "NO_INPUT");
started = 1;
}
/* Check for unknown flags */
flags = flags & ~ENGINE_CMD_FLAG_NUMERIC &
~ENGINE_CMD_FLAG_STRING &
~ENGINE_CMD_FLAG_NO_INPUT & ~ENGINE_CMD_FLAG_INTERNAL;
if (flags) {
if (started)
BIO_printf(out, "|");
BIO_printf(out, "<0x%04X>", flags);
}
if (err)
BIO_printf(out, " <illegal flags!>");
BIO_printf(out, "\n");
return 1;
}
static int util_verbose(ENGINE *e, int verbose, BIO *out, const char *indent)
{
static const int line_wrap = 78;
int num;
int ret = 0;
char *name = NULL;
char *desc = NULL;
int flags;
int xpos = 0;
STACK_OF(OPENSSL_STRING) *cmds = NULL;
if (!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) ||
((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE,
0, NULL, NULL)) <= 0)) {
return 1;
}
cmds = sk_OPENSSL_STRING_new_null();
if (cmds == NULL)
goto err;
do {
int len;
/* Get the command input flags */
if ((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num,
NULL, NULL)) < 0)
goto err;
if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4) {
/* Get the command name */
if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_LEN_FROM_CMD, num,
NULL, NULL)) <= 0)
goto err;
name = app_malloc(len + 1, "name buffer");
if (ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_FROM_CMD, num, name,
NULL) <= 0)
goto err;
/* Get the command description */
if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_LEN_FROM_CMD, num,
NULL, NULL)) < 0)
goto err;
if (len > 0) {
desc = app_malloc(len + 1, "description buffer");
if (ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_FROM_CMD, num, desc,
NULL) <= 0)
goto err;
}
/* Now decide on the output */
if (xpos == 0)
/* Do an indent */
xpos = BIO_puts(out, indent);
else
/* Otherwise prepend a ", " */
xpos += BIO_printf(out, ", ");
if (verbose == 1) {
/*
* We're just listing names, comma-delimited
*/
if ((xpos > (int)strlen(indent)) &&
(xpos + (int)strlen(name) > line_wrap)) {
BIO_printf(out, "\n");
xpos = BIO_puts(out, indent);
}
xpos += BIO_printf(out, "%s", name);
} else {
/* We're listing names plus descriptions */
BIO_printf(out, "%s: %s\n", name,
(desc == NULL) ? "<no description>" : desc);
/* ... and sometimes input flags */
if ((verbose >= 3) && !util_flags(out, flags, indent))
goto err;
xpos = 0;
}
}
OPENSSL_free(name);
name = NULL;
OPENSSL_free(desc);
desc = NULL;
/* Move to the next command */
num = ENGINE_ctrl(e, ENGINE_CTRL_GET_NEXT_CMD_TYPE, num, NULL, NULL);
} while (num > 0);
if (xpos > 0)
BIO_printf(out, "\n");
ret = 1;
err:
sk_OPENSSL_STRING_free(cmds);
OPENSSL_free(name);
OPENSSL_free(desc);
return ret;
}
static void util_do_cmds(ENGINE *e, STACK_OF(OPENSSL_STRING) *cmds,
BIO *out, const char *indent)
{
int loop, res, num = sk_OPENSSL_STRING_num(cmds);
if (num < 0) {
BIO_printf(out, "[Error]: internal stack error\n");
return;
}
for (loop = 0; loop < num; loop++) {
char buf[256];
const char *cmd, *arg;
cmd = sk_OPENSSL_STRING_value(cmds, loop);
res = 1; /* assume success */
/* Check if this command has no ":arg" */
if ((arg = strstr(cmd, ":")) == NULL) {
if (!ENGINE_ctrl_cmd_string(e, cmd, NULL, 0))
res = 0;
} else {
if ((int)(arg - cmd) > 254) {
BIO_printf(out, "[Error]: command name too long\n");
return;
}
memcpy(buf, cmd, (int)(arg - cmd));
buf[arg - cmd] = '\0';
arg++; /* Move past the ":" */
/* Call the command with the argument */
if (!ENGINE_ctrl_cmd_string(e, buf, arg, 0))
res = 0;
}
if (res) {
BIO_printf(out, "[Success]: %s\n", cmd);
} else {
BIO_printf(out, "[Failure]: %s\n", cmd);
ERR_print_errors(out);
}
}
}
struct util_store_cap_data {
ENGINE *engine;
char **cap_buf;
int *cap_size;
int ok;
};
static void util_store_cap(const OSSL_STORE_LOADER *loader, void *arg)
{
struct util_store_cap_data *ctx = arg;
if (OSSL_STORE_LOADER_get0_engine(loader) == ctx->engine) {
char buf[256];
BIO_snprintf(buf, sizeof(buf), "STORE(%s)",
OSSL_STORE_LOADER_get0_scheme(loader));
if (!append_buf(ctx->cap_buf, ctx->cap_size, buf))
ctx->ok = 0;
}
}
int engine_main(int argc, char **argv)
{
int ret = 1, i;
int verbose = 0, list_cap = 0, test_avail = 0, test_avail_noise = 0;
ENGINE *e;
STACK_OF(OPENSSL_CSTRING) *engines = sk_OPENSSL_CSTRING_new_null();
STACK_OF(OPENSSL_STRING) *pre_cmds = sk_OPENSSL_STRING_new_null();
STACK_OF(OPENSSL_STRING) *post_cmds = sk_OPENSSL_STRING_new_null();
BIO *out;
const char *indent = " ";
OPTION_CHOICE o;
char *prog;
char *argv1;
out = dup_bio_out(FORMAT_TEXT);
if (engines == NULL || pre_cmds == NULL || post_cmds == NULL)
goto end;
/* Remember the original command name, parse/skip any leading engine
* names, and then setup to parse the rest of the line as flags. */
prog = argv[0];
while ((argv1 = argv[1]) != NULL && *argv1 != '-') {
sk_OPENSSL_CSTRING_push(engines, argv1);
argc--;
argv++;
}
argv[0] = prog;
opt_init(argc, argv, engine_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(engine_options);
ret = 0;
goto end;
case OPT_VVVV:
case OPT_VVV:
case OPT_VV:
case OPT_V:
/* Convert to an integer from one to four. */
i = (int)(o - OPT_V) + 1;
if (verbose < i)
verbose = i;
break;
case OPT_C:
list_cap = 1;
break;
case OPT_TT:
test_avail_noise++;
/* fall thru */
case OPT_T:
test_avail++;
break;
case OPT_PRE:
sk_OPENSSL_STRING_push(pre_cmds, opt_arg());
break;
case OPT_POST:
sk_OPENSSL_STRING_push(post_cmds, opt_arg());
break;
}
}
/* Allow any trailing parameters as engine names. */
argc = opt_num_rest();
argv = opt_rest();
for ( ; *argv; argv++) {
if (**argv == '-') {
BIO_printf(bio_err, "%s: Cannot mix flags and engine names.\n",
prog);
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
}
sk_OPENSSL_CSTRING_push(engines, *argv);
}
if (sk_OPENSSL_CSTRING_num(engines) == 0) {
for (e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e)) {
sk_OPENSSL_CSTRING_push(engines, ENGINE_get_id(e));
}
}
ret = 0;
for (i = 0; i < sk_OPENSSL_CSTRING_num(engines); i++) {
const char *id = sk_OPENSSL_CSTRING_value(engines, i);
if ((e = ENGINE_by_id(id)) != NULL) {
const char *name = ENGINE_get_name(e);
/*
* Do "id" first, then "name". Easier to auto-parse.
*/
BIO_printf(out, "(%s) %s\n", id, name);
util_do_cmds(e, pre_cmds, out, indent);
if (strcmp(ENGINE_get_id(e), id) != 0) {
BIO_printf(out, "Loaded: (%s) %s\n",
ENGINE_get_id(e), ENGINE_get_name(e));
}
if (list_cap) {
int cap_size = 256;
char *cap_buf = NULL;
int k, n;
const int *nids;
ENGINE_CIPHERS_PTR fn_c;
ENGINE_DIGESTS_PTR fn_d;
ENGINE_PKEY_METHS_PTR fn_pk;
if (ENGINE_get_RSA(e) != NULL
&& !append_buf(&cap_buf, &cap_size, "RSA"))
goto end;
if (ENGINE_get_DSA(e) != NULL
&& !append_buf(&cap_buf, &cap_size, "DSA"))
goto end;
if (ENGINE_get_DH(e) != NULL
&& !append_buf(&cap_buf, &cap_size, "DH"))
goto end;
if (ENGINE_get_RAND(e) != NULL
&& !append_buf(&cap_buf, &cap_size, "RAND"))
goto end;
fn_c = ENGINE_get_ciphers(e);
if (fn_c == NULL)
goto skip_ciphers;
n = fn_c(e, NULL, &nids, 0);
for (k = 0; k < n; ++k)
if (!append_buf(&cap_buf, &cap_size, OBJ_nid2sn(nids[k])))
goto end;
skip_ciphers:
fn_d = ENGINE_get_digests(e);
if (fn_d == NULL)
goto skip_digests;
n = fn_d(e, NULL, &nids, 0);
for (k = 0; k < n; ++k)
if (!append_buf(&cap_buf, &cap_size, OBJ_nid2sn(nids[k])))
goto end;
skip_digests:
fn_pk = ENGINE_get_pkey_meths(e);
if (fn_pk == NULL)
goto skip_pmeths;
n = fn_pk(e, NULL, &nids, 0);
for (k = 0; k < n; ++k)
if (!append_buf(&cap_buf, &cap_size, OBJ_nid2sn(nids[k])))
goto end;
skip_pmeths:
{
struct util_store_cap_data store_ctx;
store_ctx.engine = e;
store_ctx.cap_buf = &cap_buf;
store_ctx.cap_size = &cap_size;
store_ctx.ok = 1;
OSSL_STORE_do_all_loaders(util_store_cap, &store_ctx);
if (!store_ctx.ok)
goto end;
}
if (cap_buf != NULL && (*cap_buf != '\0'))
BIO_printf(out, " [%s]\n", cap_buf);
OPENSSL_free(cap_buf);
}
if (test_avail) {
BIO_printf(out, "%s", indent);
if (ENGINE_init(e)) {
BIO_printf(out, "[ available ]\n");
util_do_cmds(e, post_cmds, out, indent);
ENGINE_finish(e);
} else {
BIO_printf(out, "[ unavailable ]\n");
if (test_avail_noise)
ERR_print_errors_fp(stdout);
ERR_clear_error();
}
}
if ((verbose > 0) && !util_verbose(e, verbose, out, indent))
goto end;
ENGINE_free(e);
} else {
ERR_print_errors(bio_err);
/* because exit codes above 127 have special meaning on Unix */
if (++ret > 127)
ret = 127;
}
}
end:
ERR_print_errors(bio_err);
sk_OPENSSL_CSTRING_free(engines);
sk_OPENSSL_STRING_free(pre_cmds);
sk_OPENSSL_STRING_free(post_cmds);
BIO_free_all(out);
return ret;
}

67
apps/errstr.c
View File

@@ -1,67 +0,0 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "apps.h"
#include "progs.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP
} OPTION_CHOICE;
const OPTIONS errstr_options[] = {
{OPT_HELP_STR, 1, '-', "Usage: %s [options] errnum...\n"},
{OPT_HELP_STR, 1, '-', " errnum Error number\n"},
{"help", OPT_HELP, '-', "Display this summary"},
{NULL}
};
int errstr_main(int argc, char **argv)
{
OPTION_CHOICE o;
char buf[256], *prog;
int ret = 1;
unsigned long l;
prog = opt_init(argc, argv, errstr_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(errstr_options);
ret = 0;
goto end;
}
}
ret = 0;
for (argv = opt_rest(); *argv; argv++) {
if (sscanf(*argv, "%lx", &l) == 0) {
ret++;
} else {
/* We're not really an SSL application so this won't auto-init, but
* we're still interested in SSL error strings
*/
OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS
| OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
ERR_error_string_n(l, buf, sizeof(buf));
BIO_printf(bio_out, "%s\n", buf);
}
}
end:
return ret;
}

141
apps/gendsa.c
View File

@@ -1,141 +0,0 @@
/*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/opensslconf.h>
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>
#include "apps.h"
#include "progs.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/bn.h>
#include <openssl/dsa.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_OUT, OPT_PASSOUT, OPT_ENGINE, OPT_CIPHER,
OPT_R_ENUM
} OPTION_CHOICE;
const OPTIONS gendsa_options[] = {
{OPT_HELP_STR, 1, '-', "Usage: %s [args] dsaparam-file\n"},
{OPT_HELP_STR, 1, '-', "Valid options are:\n"},
{"help", OPT_HELP, '-', "Display this summary"},
{"out", OPT_OUT, '>', "Output the key to the specified file"},
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
OPT_R_OPTIONS,
{"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
{NULL}
};
int gendsa_main(int argc, char **argv)
{
ENGINE *e = NULL;
BIO *out = NULL, *in = NULL;
DSA *dsa = NULL;
const EVP_CIPHER *enc = NULL;
char *dsaparams = NULL;
char *outfile = NULL, *passoutarg = NULL, *passout = NULL, *prog;
OPTION_CHOICE o;
int ret = 1, private = 0;
const BIGNUM *p = NULL;
prog = opt_init(argc, argv, gendsa_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
ret = 0;
opt_help(gendsa_options);
goto end;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_PASSOUT:
passoutarg = opt_arg();
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_R_CASES:
if (!opt_rand(o))
goto end;
break;
case OPT_CIPHER:
if (!opt_cipher(opt_unknown(), &enc))
goto end;
break;
}
}
argc = opt_num_rest();
argv = opt_rest();
private = 1;
if (argc != 1)
goto opthelp;
dsaparams = *argv;
if (!app_passwd(NULL, passoutarg, NULL, &passout)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
in = bio_open_default(dsaparams, 'r', FORMAT_PEM);
if (in == NULL)
goto end2;
if ((dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL)) == NULL) {
BIO_printf(bio_err, "unable to load DSA parameter file\n");
goto end;
}
BIO_free(in);
in = NULL;
out = bio_open_owner(outfile, FORMAT_PEM, private);
if (out == NULL)
goto end2;
DSA_get0_pqg(dsa, &p, NULL, NULL);
if (BN_num_bits(p) > OPENSSL_DSA_MAX_MODULUS_BITS)
BIO_printf(bio_err,
"Warning: It is not recommended to use more than %d bit for DSA keys.\n"
" Your key size is %d! Larger key size may behave not as expected.\n",
OPENSSL_DSA_MAX_MODULUS_BITS, BN_num_bits(p));
BIO_printf(bio_err, "Generating DSA key, %d bits\n", BN_num_bits(p));
if (!DSA_generate_key(dsa))
goto end;
assert(private);
if (!PEM_write_bio_DSAPrivateKey(out, dsa, enc, NULL, 0, NULL, passout))
goto end;
ret = 0;
end:
if (ret != 0)
ERR_print_errors(bio_err);
end2:
BIO_free(in);
BIO_free_all(out);
DSA_free(dsa);
release_engine(e);
OPENSSL_free(passout);
return ret;
}

324
apps/genpkey.c
View File

@@ -1,324 +0,0 @@
/*
* Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <string.h>
#include "apps.h"
#include "progs.h"
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#ifndef OPENSSL_NO_ENGINE
# include <openssl/engine.h>
#endif
static int init_keygen_file(EVP_PKEY_CTX **pctx, const char *file, ENGINE *e);
static int genpkey_cb(EVP_PKEY_CTX *ctx);
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_ENGINE, OPT_OUTFORM, OPT_OUT, OPT_PASS, OPT_PARAMFILE,
OPT_ALGORITHM, OPT_PKEYOPT, OPT_GENPARAM, OPT_TEXT, OPT_CIPHER
} OPTION_CHOICE;
const OPTIONS genpkey_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"out", OPT_OUT, '>', "Output file"},
{"outform", OPT_OUTFORM, 'F', "output format (DER or PEM)"},
{"pass", OPT_PASS, 's', "Output file pass phrase source"},
{"paramfile", OPT_PARAMFILE, '<', "Parameters file"},
{"algorithm", OPT_ALGORITHM, 's', "The public key algorithm"},
{"pkeyopt", OPT_PKEYOPT, 's',
"Set the public key algorithm option as opt:value"},
{"genparam", OPT_GENPARAM, '-', "Generate parameters, not key"},
{"text", OPT_TEXT, '-', "Print the in text"},
{"", OPT_CIPHER, '-', "Cipher to use to encrypt the key"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
/* This is deliberately last. */
{OPT_HELP_STR, 1, 1,
"Order of options may be important! See the documentation.\n"},
{NULL}
};
int genpkey_main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL;
ENGINE *e = NULL;
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL;
char *outfile = NULL, *passarg = NULL, *pass = NULL, *prog;
const EVP_CIPHER *cipher = NULL;
OPTION_CHOICE o;
int outformat = FORMAT_PEM, text = 0, ret = 1, rv, do_param = 0;
int private = 0;
prog = opt_init(argc, argv, genpkey_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
ret = 0;
opt_help(genpkey_options);
goto end;
case OPT_OUTFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
goto opthelp;
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_PASS:
passarg = opt_arg();
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_PARAMFILE:
if (do_param == 1)
goto opthelp;
if (!init_keygen_file(&ctx, opt_arg(), e))
goto end;
break;
case OPT_ALGORITHM:
if (!init_gen_str(&ctx, opt_arg(), e, do_param))
goto end;
break;
case OPT_PKEYOPT:
if (ctx == NULL) {
BIO_printf(bio_err, "%s: No keytype specified.\n", prog);
goto opthelp;
}
if (pkey_ctrl_string(ctx, opt_arg()) <= 0) {
BIO_printf(bio_err,
"%s: Error setting %s parameter:\n",
prog, opt_arg());
ERR_print_errors(bio_err);
goto end;
}
break;
case OPT_GENPARAM:
if (ctx != NULL)
goto opthelp;
do_param = 1;
break;
case OPT_TEXT:
text = 1;
break;
case OPT_CIPHER:
if (!opt_cipher(opt_unknown(), &cipher)
|| do_param == 1)
goto opthelp;
if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE ||
EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE ||
EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE ||
EVP_CIPHER_mode(cipher) == EVP_CIPH_OCB_MODE) {
BIO_printf(bio_err, "%s: cipher mode not supported\n", prog);
goto end;
}
}
}
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
private = do_param ? 0 : 1;
if (ctx == NULL)
goto opthelp;
if (!app_passwd(passarg, NULL, &pass, NULL)) {
BIO_puts(bio_err, "Error getting password\n");
goto end;
}
out = bio_open_owner(outfile, outformat, private);
if (out == NULL)
goto end;
EVP_PKEY_CTX_set_cb(ctx, genpkey_cb);
EVP_PKEY_CTX_set_app_data(ctx, bio_err);
if (do_param) {
if (EVP_PKEY_paramgen(ctx, &pkey) <= 0) {
BIO_puts(bio_err, "Error generating parameters\n");
ERR_print_errors(bio_err);
goto end;
}
} else {
if (EVP_PKEY_keygen(ctx, &pkey) <= 0) {
BIO_puts(bio_err, "Error generating key\n");
ERR_print_errors(bio_err);
goto end;
}
}
if (do_param) {
rv = PEM_write_bio_Parameters(out, pkey);
} else if (outformat == FORMAT_PEM) {
assert(private);
rv = PEM_write_bio_PrivateKey(out, pkey, cipher, NULL, 0, NULL, pass);
} else if (outformat == FORMAT_ASN1) {
assert(private);
rv = i2d_PrivateKey_bio(out, pkey);
} else {
BIO_printf(bio_err, "Bad format specified for key\n");
goto end;
}
ret = 0;
if (rv <= 0) {
BIO_puts(bio_err, "Error writing key\n");
ERR_print_errors(bio_err);
ret = 1;
}
if (text) {
if (do_param)
rv = EVP_PKEY_print_params(out, pkey, 0, NULL);
else
rv = EVP_PKEY_print_private(out, pkey, 0, NULL);
if (rv <= 0) {
BIO_puts(bio_err, "Error printing key\n");
ERR_print_errors(bio_err);
ret = 1;
}
}
end:
EVP_PKEY_free(pkey);
EVP_PKEY_CTX_free(ctx);
BIO_free_all(out);
BIO_free(in);
release_engine(e);
OPENSSL_free(pass);
return ret;
}
static int init_keygen_file(EVP_PKEY_CTX **pctx, const char *file, ENGINE *e)
{
BIO *pbio;
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL;
if (*pctx) {
BIO_puts(bio_err, "Parameters already set!\n");
return 0;
}
pbio = BIO_new_file(file, "r");
if (!pbio) {
BIO_printf(bio_err, "Can't open parameter file %s\n", file);
return 0;
}
pkey = PEM_read_bio_Parameters(pbio, NULL);
BIO_free(pbio);
if (!pkey) {
BIO_printf(bio_err, "Error reading parameter file %s\n", file);
return 0;
}
ctx = EVP_PKEY_CTX_new(pkey, e);
if (ctx == NULL)
goto err;
if (EVP_PKEY_keygen_init(ctx) <= 0)
goto err;
EVP_PKEY_free(pkey);
*pctx = ctx;
return 1;
err:
BIO_puts(bio_err, "Error initializing context\n");
ERR_print_errors(bio_err);
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(pkey);
return 0;
}
int init_gen_str(EVP_PKEY_CTX **pctx,
const char *algname, ENGINE *e, int do_param)
{
EVP_PKEY_CTX *ctx = NULL;
const EVP_PKEY_ASN1_METHOD *ameth;
ENGINE *tmpeng = NULL;
int pkey_id;
if (*pctx) {
BIO_puts(bio_err, "Algorithm already set!\n");
return 0;
}
ameth = EVP_PKEY_asn1_find_str(&tmpeng, algname, -1);
#ifndef OPENSSL_NO_ENGINE
if (!ameth && e)
ameth = ENGINE_get_pkey_asn1_meth_str(e, algname, -1);
#endif
if (!ameth) {
BIO_printf(bio_err, "Algorithm %s not found\n", algname);
return 0;
}
ERR_clear_error();
EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth);
#ifndef OPENSSL_NO_ENGINE
ENGINE_finish(tmpeng);
#endif
ctx = EVP_PKEY_CTX_new_id(pkey_id, e);
if (!ctx)
goto err;
if (do_param) {
if (EVP_PKEY_paramgen_init(ctx) <= 0)
goto err;
} else {
if (EVP_PKEY_keygen_init(ctx) <= 0)
goto err;
}
*pctx = ctx;
return 1;
err:
BIO_printf(bio_err, "Error initializing %s context\n", algname);
ERR_print_errors(bio_err);
EVP_PKEY_CTX_free(ctx);
return 0;
}
static int genpkey_cb(EVP_PKEY_CTX *ctx)
{
char c = '*';
BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
int p;
p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
if (p == 0)
c = '.';
if (p == 1)
c = '+';
if (p == 2)
c = '*';
if (p == 3)
c = '\n';
BIO_write(b, &c, 1);
(void)BIO_flush(b);
return 1;
}

Some files were not shown because too many files have changed in this diff Show More