cctest
cctest.c
cctest.a
+libcrypto.so.*
+libssl.so.*
Changes between 0.9.5a and 0.9.6 [xx XXX 2000]
+ *) Fix SSL 2.0 rollback checking: Due to an off-by-one error in
+ RSA_padding_check_SSLv23(), special padding was never detected
+ and thus the SSL 3.0/TLS 1.0 countermeasure against protocol
+ version rollback attacks was not effective.
+
+ In s23_clnt.c, don't use special rollback-attack detection padding
+ (RSA_SSLV23_PADDING) if SSL 2.0 is the only protocol enabled in the
+ client; similarly, in s23_srvr.c, don't do the rollback check if
+ SSL 2.0 is the only protocol enabled in the server.
+ [Bodo Moeller]
+
+ *) Make it possible to get hexdumps of unprintable data with 'openssl
+ asn1parse'. By implication, the functions ASN1_parse_dump() and
+ BIO_dump_indent() are added.
+ [Richard Levitte]
+
+ *) New functions ASN1_STRING_print_ex() and X509_NAME_print_ex()
+ these print out strings and name structures based on various
+ flags including RFC2253 support and proper handling of
+ multibyte characters. Added options to the 'x509' utility
+ to allow the various flags to be set.
+ [Steve Henson]
+
+ *) Various fixes to use ASN1_TIME instead of ASN1_UTCTIME.
+ Also change the functions X509_cmp_current_time() and
+ X509_gmtime_adj() work with an ASN1_TIME structure,
+ this will enable certificates using GeneralizedTime in validity
+ dates to be checked.
+ [Steve Henson]
+
+ *) Make the NEG_PUBKEY_BUG code (which tolerates invalid
+ negative public key encodings) on by default,
+ NO_NEG_PUBKEY_BUG can be set to disable it.
+ [Steve Henson]
+
+ *) New function c2i_ASN1_OBJECT() which acts on ASN1_OBJECT
+ content octets. An i2c_ASN1_OBJECT is unnecessary because
+ the encoding can be trivially obtained from the structure.
+ [Steve Henson]
+
+ *) crypto/err.c locking bugfix: Use write locks (CRYPTO_w_[un]lock),
+ not read locks (CRYPTO_r_[un]lock).
+ [Bodo Moeller]
+
+ *) A first attempt at creating official support for shared
+ libraries through configuration. I've kept it so the
+ default is static libraries only, and the OpenSSL programs
+ are always statically linked for now, but there are
+ preparations for dynamic linking in place.
+ This has been tested on Linux and True64.
+ [Richard Levitte]
+
+ *) Randomness polling function for Win9x, as described in:
+ Peter Gutmann, Software Generation of Practically Strong
+ Random Numbers.
+ [Ulf Möller]
+
+ *) Fix so PRNG is seeded in req if using an already existing
+ DSA key.
+ [Steve Henson]
+
*) New options to smime application. -inform and -outform
allow alternative formats for the S/MIME message including
PEM and DER. The -content option allows the content to be
# [no-]threads [don't] try to create a library that is suitable for
# multithreaded applications (default is "threads" if we
# know how to do it)
+# [no-]shared [don't] try to create shared libraries instead of static
+# ones when possible.
# no-asm do not use assembler
# no-dso do not compile in any native shared-library methods. This
# will ensure that all methods just return NULL.
# -DB_ENDIAN slows things down on a sparc for md5, but helps sha1.
# So the md5_locl.h file has an undef B_ENDIAN if sun is defined
-#config-string $cc : $cflags : $unistd : $thread_cflag : $lflags : $bn_ops : $bn_obj : $des_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $dso_scheme
+#config-string $cc : $cflags : $unistd : $thread_cflag : $lflags : $bn_ops : $bn_obj : $des_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $dso_scheme : $shared_target : $shared_cflag
my %table=(
#"b", "${tcc}:${tflags}::${tlib}:${bits1}:${tbn_mul}::",
# Dec Alpha, OSF/1 - the alpha164-cc is the flags for a 21164A with
# the new compiler
# For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version
-"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:asm/alpha.o:::::::::dlfcn",
-"alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o:::::::::dlfcn",
-"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o::",
+"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:asm/alpha.o:::::::::dlfcn:true64-shared",
+"alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o:::::::::dlfcn:true64-shared",
+"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o:::::::::dlfcn:true64-shared",
"FreeBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2:::",
#### Alpha Linux with GNU C and Compaq C setups
# The intel boxes :-), It would be worth seeing if bsdi-gcc can use the
# bn86-elf.o file file since it is hand tweaked assembler.
-"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC",
"debug-linux-elf","gcc:-DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
"debug-linux-elf-noefence","gcc:-DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown):-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::",
# Linux on ARM
-"linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::::::::::dlfcn",
+"linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::::::::::dlfcn:linux-shared:-fPIC",
# UnixWare 2.0
"unixware-2.0","cc:-O -DFILIO_H::(unknown):-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::",
my $openssldir="";
my $install_prefix="";
my $no_threads=0;
+my $no_shared=1;
my $threads=0;
my $no_asm=0;
my $no_dso=0;
{ $no_threads=1; }
elsif (/^threads$/)
{ $threads=1; }
+ elsif (/^no-shared$/)
+ { $no_shared=1; }
+ elsif (/^shared$/)
+ { $no_shared=0; }
elsif (/^no-symlinks$/)
{ $symlink=0; }
elsif (/^no-(.+)$/)
print "IsWindows=$IsWindows\n";
(my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj,
- $md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj,my $dso_scheme)=
- split(/\s*:\s*/,$table{$target} . ":" x 20 , -1);
+ $md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag)=
+ split(/\s*:\s*/,$table{$target} . ":" x 21 , -1);
$cflags="$flags$cflags" if ($flags ne "");
# The DSO code currently always implements all functions so that no
$openssl_thread_defines .= $thread_defines;
}
+# You will find shlib_mark1 and shlib_mark2 explained in Makefile.org
+my $shared_mark1 = "";
+my $shared_mark2 = "";
+if ($shared_cflag ne "")
+ {
+ $cflags = "$shared_cflag $cflags";
+ if (!$no_shared)
+ {
+ $shared_mark1 = ".shlib-clean.";
+ $shared_mark2 = ".shlib.";
+ }
+ }
+
#my ($bn1)=split(/\s+/,$bn_obj);
#$bn1 = "" unless defined $bn1;
#$bn1=$bn_asm unless ($bn1 =~ /\.o$/);
my $version = "unknown";
my $major = "unknown";
my $minor = "unknown";
+my $shlib_version_number = "unknown";
+my $shlib_version_history = "unknown";
+my $shlib_major = "unknown";
+my $shlib_minor = "unknown";
open(IN,'<crypto/opensslv.h') || die "unable to read opensslv.h:$!\n";
while (<IN>)
{
$version=$1 if /OPENSSL.VERSION.TEXT.*OpenSSL (\S+) /;
+ $shlib_version_number=$1 if /SHLIB_VERSION_NUMBER *"([^"]+)"/;
+ $shlib_version_history=$1 if /SHLIB_VERSION_HISTORY *"([^"]*)"/;
}
close(IN);
+if ($shlib_version_history ne "") { $shlib_version_history .= ":"; }
if ($version =~ /(^[0-9]*)\.([0-9\.]*)/)
{
$minor=$2;
}
+if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/)
+ {
+ $shlib_major=$1;
+ $shlib_minor=$2;
+ }
+
open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
open(OUT,">$Makefile") || die "unable to create $Makefile:$!\n";
print OUT "### Generated automatically from Makefile.org by Configure.\n\n";
s/^VERSION=.*/VERSION=$version/;
s/^MAJOR=.*/MAJOR=$major/;
s/^MINOR=.*/MINOR=$minor/;
+ s/^SHLIB_VERSION_NUMBER=.*/SHLIB_VERSION_NUMBER=$shlib_version_number/;
+ s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/;
+ s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/;
+ s/^SHLIB_MINOR=.*/SHLIB_MINOR=$shlib_minor/;
s/^INSTALLTOP=.*$/INSTALLTOP=$prefix/;
s/^OPENSSLDIR=.*$/OPENSSLDIR=$openssldir/;
s/^INSTALL_PREFIX=.*$/INSTALL_PREFIX=$install_prefix/;
s/^PROCESSOR=.*/PROCESSOR= $processor/;
s/^RANLIB=.*/RANLIB= $ranlib/;
s/^PERL=.*/PERL= $perl/;
+ s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
+ s/^SHLIB_MARK1=.*/SHLIB_MARK1=$shared_mark1/;
+ s/^SHLIB_MARK2=.*/SHLIB_MARK2=$shared_mark2/;
+ s/^LIBS=.*/LIBS=libcrypto\.so\* libssl\.so\*/ if (!$no_shared);
print OUT $_."\n";
}
close(IN);
\$rmd160_obj = $rmd160_obj
\$rc5_obj = $rc5_obj
\$dso_scheme = $dso_scheme
+\$shared_target= $shared_target
+\$shared_cflag = $shared_cflag
EOF
}
desired, GNU bc can be built with CygWin32 without change.
+ Installation
+ ------------
+
+ There's currently no real installation procedure for Win32. There are,
+ however, some suggestions:
+
+ - do nothing. The include files are found in the inc32/ subdirectory,
+ all binaries are found in out32dll/ or out32/ depending if you built
+ dynamic or static libraries.
+
+ - do as is written in INSTALL.Win32 that comes with modssl:
+
+ $ md c:\openssl
+ $ md c:\openssl\bin
+ $ md c:\openssl\lib
+ $ md c:\openssl\include
+ $ md c:\openssl\include\openssl
+ $ copy /b inc32\* c:\openssl\include\openssl
+ $ copy /b out32dll\ssleay32.lib c:\openssl\lib
+ $ copy /b out32dll\libeay32.lib c:\openssl\lib
+ $ copy /b out32dll\ssleay32.dll c:\openssl\bin
+ $ copy /b out32dll\libeay32.dll c:\openssl\bin
+ $ copy /b out32dll\openssl.exe c:\openssl\bin
+
+ Of course, you can choose another device than c:. C: is used here
+ because that's usually the first (and often only) harddisk device.
+ Note: in the modssl INSTALL.Win32, p: is used rather than c:.
+
+
Troubleshooting
---------------
VERSION=
MAJOR=
MINOR=
+SHLIB_VERSION_NUMBER=
+SHLIB_VERSION_HISTORY=
+SHLIB_MAJOR=
+SHLIB_MINOR=
PLATFORM=dist
OPTIONS=
+SHLIB_TARGET=
+
# INSTALL_PREFIX is for package builders so that they can configure
# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
# Normally it is left empty.
#RMD160_ASM_OBJ= asm/rm86-out.o # a.out, FreeBSD
#RMD160_ASM_OBJ= asm/rm86bsdi.o # bsdi
-DIRS= crypto ssl rsaref apps test tools
+# To do special treatment, use "directory names" starting with a period.
+# When we're prepared to use shared libraries in the programs we link here
+# we might have SHLIB_MARK1 get the value ".shlib." and SHLIB_MARK2 be empty,
+# or have that configurable.
+SHLIB_MARK1=.shlib-clean.
+SHLIB_MARK2=.shlib.
+
+DIRS= crypto ssl rsaref $(SHLIB_MARK1) apps test tools $(SHLIB_MARK2)
SHLIBDIRS= crypto ssl
# dirs in crypto to build
ONEDIRS=out tmp
EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS
WDIRS= windows
-LIBS= libcrypto.a libssl.a
+LIBS= libcrypto.a libssl.a
+SHARED_LIBS=libcrypto.so libssl.so
GENERAL= Makefile
BASENAME= openssl
HEADER= e_os.h
all: Makefile.ssl
- @for i in $(DIRS) ;\
+ @need_shlib=true; \
+ for i in $(DIRS) ;\
do \
- (cd $$i && echo "making all in $$i..." && \
- $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
- done
- -@# cd crypto; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' testapps
- -@# cd perl; $(PERL) Makefile.PL; make
+ if [ "$$i" = ".shlib-clean." ]; then \
+ if [ "$(SHLIB_TARGET)" != "" ]; then \
+ $(MAKE) clean-shared; \
+ fi; \
+ elif [ "$$i" = ".shlib." ]; then \
+ if [ "$(SHLIB_TARGET)" != "" ]; then \
+ $(MAKE) $(SHARED_LIBS); \
+ fi; \
+ need_shlib=false; \
+ else \
+ (cd $$i && echo "making all in $$i..." && \
+ $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
+ fi; \
+ done; \
+ if $$need_shlib && [ "$(SHLIB_MARK1)" != "" -o "$(SHLIB_MARK1)" != "" ]; then \
+ $(MAKE) $(SHARED_LIBS); \
+ fi
sub_all:
- @for i in $(DIRS) ;\
+ @need_shlib=true; \
+ for i in $(DIRS) ;\
do \
- (cd $$i && echo "making all in $$i..." && \
- $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
- done;
+ if [ "$$i" = ".shlib-clean." ]; then \
+ if [ "$(SHLIB_TARGET)" != "" ]; then \
+ $(MAKE) clean-shared; \
+ fi; \
+ elif [ "$$i" = ".shlib." ]; then \
+ if [ "$(SHLIB_TARGET)" != "" ]; then \
+ $(MAKE) $(SHARED_LIBS); \
+ fi; \
+ need_shlib=false; \
+ else \
+ (cd $$i && echo "making all in $$i..." && \
+ $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
+ fi; \
+ done; \
+ if $$need_shlib && [ "$(SHLIB_MARK1)" != "" -o "$(SHLIB_MARK1)" != "" ]; then \
+ $(MAKE) $(SHARED_LIBS); \
+ fi
+
+libcrypto.so: libcrypto.a
+ @if [ "$(SHLIB_TARGET)" != "" ]; then \
+ $(MAKE) SHLIBDIRS=crypto $(SHLIB_TARGET); \
+ else \
+ echo "There's no support for shared libraries on this platform" >&2; \
+ fi
+libssl.so: libcrypto.so libssl.a
+ @if [ "$(SHLIB_TARGET)" != "" ]; then \
+ $(MAKE) SHLIBDIRS=ssl $(SHLIB_TARGET); \
+ else \
+ echo "There's no support for shared libraries on this platform" >&2; \
+ fi
+
+clean-shared:
+ for i in ${SHLIBDIRS}; do \
+ rm -f lib$$i.so \
+ lib$$i.so.${SHLIB_MAJOR} \
+ lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
+ done
linux-shared:
- for i in ${SHLIBDIRS}; do \
- rm -f lib$$i.a lib$$i.so \
- lib$$i.so.${MAJOR} lib$$i.so.${MAJOR}.${MINOR}; \
- ${MAKE} CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='-fPIC ${CFLAG}' SDIRS='${SDIRS}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' DIRS=$$i clean all || exit 1; \
- ( set -x; ${CC} -shared -o lib$$i.so.${MAJOR}.${MINOR} \
- -Wl,-S,-soname=lib$$i.so.${MAJOR} \
+ libs=; for i in ${SHLIBDIRS}; do \
+ rm -f lib$$i.so \
+ lib$$i.so.${SHLIB_MAJOR} \
+ lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
+ ( set -x; ${CC} -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+ -Wl,-S,-soname=lib$$i.so.${SHLIB_MAJOR} \
-Wl,--whole-archive lib$$i.a \
- -Wl,--no-whole-archive -lc ) || exit 1; \
- rm -f lib$$i.a; make -C $$i clean || exit 1 ;\
+ -Wl,--no-whole-archive -lc $$libs ) || exit 1; \
+ libs="$$libs -L. -l$$i"; \
+ ( set -x; \
+ ln -s lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+ lib$$i.so.${SHLIB_MAJOR}; \
+ ln -s lib$$i.so.${SHLIB_MAJOR} lib$$i.so ); \
done;
+
+# This assumes that GNU utilities are *not* used
+true64-shared:
+ libs=; for i in ${SHLIBDIRS}; do \
+ ( set -x; ${CC} -shared -no_archive -o lib$$i.so \
+ -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
+ -all lib$$i.a -none -lc $$libs ) || exit 1; \
+ libs="$$libs -L. -l$$i"; \
+ done;
+
+# This assumes that GNU utilities are *not* used
+solaris-shared:
+ libs=; for i in ${SHLIBDIRS}; do \
+ rm -f lib$$i.so \
+ lib$$i.so.${SHLIB_MAJOR} \
+ lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
+ ( set -x; ${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+ -h lib$$i.so.${SHLIB_MAJOR} \
+ -z allextract lib$$i.a $$libs ) || exit 1; \
+ libs="$$libs -L. -l$$i"; \
+ ln -s lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+ lib$$i.so.${SHLIB_MAJOR}; \
+ ln -s lib$$i.so.${SHLIB_MAJOR} lib$$i.so; \
+ done; \
@set -x; \
for i in ${SHLIBDIRS}; do \
- ln -s lib$$i.so.${MAJOR}.${MINOR} lib$$i.so.${MAJOR}; \
- ln -s lib$$i.so.${MAJOR} lib$$i.so; \
done;
Makefile.ssl: Makefile.org
rm -f shlib/*.o *.o core a.out fluff *.map rehash.time testlog make.log cctest cctest.c
@for i in $(DIRS) ;\
do \
- (cd $$i && echo "making clean in $$i..." && \
- $(MAKE) SDIRS='${SDIRS}' clean ) || exit 1; \
- rm -f $(LIBS); \
+ if echo "$$i" | grep -v '^\.'; then \
+ (cd $$i && echo "making clean in $$i..." && \
+ $(MAKE) SDIRS='${SDIRS}' clean ) || exit 1; \
+ rm -f $(LIBS); \
+ fi; \
done;
rm -f *.a *.o speed.* *.map *.so .pure core
rm -f $(TARFILE)
$(PERL) $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO
@for i in $(DIRS) ;\
do \
- (cd $$i && echo "making 'files' in $$i..." && \
- $(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' files ) || exit 1; \
+ if echo "$$i" | grep -v '^\.'; then \
+ (cd $$i && echo "making 'files' in $$i..." && \
+ $(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' files ) || exit 1; \
+ fi; \
done;
links:
@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
@for i in $(DIRS); do \
- (cd $$i && echo "making links in $$i..." && \
- $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' links ) || exit 1; \
+ if echo "$$i" | grep -v '^\.'; then \
+ (cd $$i && echo "making links in $$i..." && \
+ $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' links ) || exit 1; \
+ fi; \
done;
dclean:
rm -f *.bak
@for i in $(DIRS) ;\
do \
- (cd $$i && echo "making dclean in $$i..." && \
- $(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' dclean ) || exit 1; \
+ if echo "$$i" | grep -v '^\.'; then \
+ (cd $$i && echo "making dclean in $$i..." && \
+ $(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' dclean ) || exit 1; \
+ fi; \
done;
rehash: rehash.time
depend:
@for i in $(DIRS) ;\
do \
- (cd $$i && echo "making dependencies $$i..." && \
- $(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' depend ) || exit 1; \
+ if echo "$$i" | grep -v '^\.'; then \
+ (cd $$i && echo "making dependencies $$i..." && \
+ $(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' depend ) || exit 1; \
+ fi; \
done;
lint:
@for i in $(DIRS) ;\
do \
- (cd $$i && echo "making lint $$i..." && \
- $(MAKE) SDIRS='${SDIRS}' lint ) || exit 1; \
+ if echo "$$i" | grep -v '^\.'; then \
+ (cd $$i && echo "making lint $$i..." && \
+ $(MAKE) SDIRS='${SDIRS}' lint ) || exit 1; \
+ fi; \
done;
tags:
@for i in $(DIRS) ;\
do \
- (cd $$i && echo "making tags $$i..." && \
- $(MAKE) SDIRS='${SDIRS}' tags ) || exit 1; \
+ if echo "$$i" | grep -v '^\.'; then \
+ (cd $$i && echo "making tags $$i..." && \
+ $(MAKE) SDIRS='${SDIRS}' tags ) || exit 1; \
+ fi; \
done;
errors:
done;
@for i in $(DIRS) ;\
do \
- (cd $$i; echo "installing $$i..."; \
- $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' install ); \
+ if echo "$$i" | grep -v '^\.'; then \
+ (cd $$i; echo "installing $$i..."; \
+ $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' install ); \
+ fi; \
done
@for i in $(LIBS) ;\
do \
- ( echo installing $$i; \
- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
- $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+ if [ -f "$$i" ]; then \
+ ( echo installing $$i; \
+ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+ $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+ fi \
done
install_docs:
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** BC-32
$cc = bcc32
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** BS2000-OSD
$cc = c89
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** CygWin32
$cc = gcc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** FreeBSD
$cc = gcc
$rmd160_obj = asm/rm86-out.o
$rc5_obj = asm/r586-out.o
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** FreeBSD-alpha
$cc = gcc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** FreeBSD-elf
$cc = gcc
$rmd160_obj = asm/rm86-elf.o
$rc5_obj = asm/r586-elf.o
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** Mingw32
$cc = gcc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** NetBSD-m68
$cc = gcc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** NetBSD-sparc
$cc = gcc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** NetBSD-x86
$cc = gcc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** OpenBSD
$cc = gcc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** OpenBSD-alpha
$cc = gcc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** OpenBSD-mips
$cc = gcc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** OpenBSD-x86
$cc = gcc
$rmd160_obj = asm/rm86-out.o
$rc5_obj = asm/r586-out.o
$dso_scheme = dlfcn
+$shared_target=
+$shared_cflag =
*** ReliantUNIX
$cc = cc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** SINIX
$cc = cc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** SINIX-N
$cc = /usr/ucb/cc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** VC-MSDOS
$cc = cl
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** VC-NT
$cc = cl
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** VC-W31-16
$cc = cl
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** VC-W31-32
$cc = cl
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** VC-WIN16
$cc = cl
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** VC-WIN32
$cc = cl
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** aix-cc
$cc = cc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** aix-gcc
$cc = gcc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** alpha-cc
$cc = cc
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
+$shared_target=
+$shared_cflag =
*** alpha-gcc
$cc = gcc
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
+$shared_target=
+$shared_cflag =
*** alpha164-cc
$cc = cc
$rc4_obj =
$rmd160_obj =
$rc5_obj =
-$dso_scheme =
+$dso_scheme = dlfcn
+$shared_target=
+$shared_cflag =
*** bsdi-elf-gcc
$cc = gcc
$rmd160_obj = asm/rm86-elf.o
$rc5_obj = asm/r586-elf.o
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** bsdi-gcc
$cc = gcc
$rmd160_obj = asm/rm86bsdi.o
$rc5_obj = asm/r586bsdi.o
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** cc
$cc = cc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** cray-t3e
$cc = cc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** cray-t90-cc
$cc = cc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** debug
$cc = gcc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** debug-ben
$cc = gcc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** debug-ben-debug
$cc = gcc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** debug-ben-strict
$cc = gcc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** debug-bodo
$cc = gcc
$rmd160_obj = asm/rm86-elf.o
$rc5_obj = asm/r586-elf.o
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** debug-levitte-linux-elf
$cc = gcc
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
+$shared_target=
+$shared_cflag =
*** debug-linux-elf
$cc = gcc
$rmd160_obj = asm/rm86-elf.o
$rc5_obj = asm/r586-elf.o
$dso_scheme = dlfcn
+$shared_target=
+$shared_cflag =
*** debug-linux-elf-noefence
$cc = gcc
$rmd160_obj = asm/rm86-elf.o
$rc5_obj = asm/r586-elf.o
$dso_scheme = dlfcn
+$shared_target=
+$shared_cflag =
*** debug-rse
$cc = cc
$rmd160_obj = asm/rm86-elf.o
$rc5_obj = asm/r586-elf.o
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** debug-solaris-sparcv8-cc
$cc = cc
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
+$shared_target=
+$shared_cflag =
*** debug-solaris-sparcv8-gcc
$cc = gcc
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
+$shared_target=
+$shared_cflag =
*** debug-solaris-sparcv9-cc
$cc = cc
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
+$shared_target=
+$shared_cflag =
*** debug-solaris-sparcv9-gcc
$cc = gcc
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
+$shared_target=
+$shared_cflag =
*** debug-steve
$cc = gcc
$rmd160_obj = asm/rm86-elf.o
$rc5_obj = asm/r586-elf.o
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** debug-ulf
$cc = gcc
$rmd160_obj = asm/rm86-elf.o
$rc5_obj = asm/r586-elf.o
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** dgux-R3-gcc
$cc = gcc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** dgux-R4-gcc
$cc = gcc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** dgux-R4-x86-gcc
$cc = gcc
$rmd160_obj = asm/rm86-elf.o
$rc5_obj = asm/r586-elf.o
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** dist
$cc = cc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** gcc
$cc = gcc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** hpux-brokencc
$cc = cc
$rmd160_obj =
$rc5_obj =
$dso_scheme = dl
+$shared_target=
+$shared_cflag =
*** hpux-brokengcc
$cc = gcc
$rmd160_obj =
$rc5_obj =
$dso_scheme = dl
+$shared_target=
+$shared_cflag =
*** hpux-cc
$cc = cc
$rmd160_obj =
$rc5_obj =
$dso_scheme = dl
+$shared_target=
+$shared_cflag =
*** hpux-gcc
$cc = gcc
$rmd160_obj =
$rc5_obj =
$dso_scheme = dl
+$shared_target=
+$shared_cflag =
*** hpux-parisc-cc
$cc = cc
$rmd160_obj =
$rc5_obj =
$dso_scheme = dl
+$shared_target=
+$shared_cflag =
*** hpux-parisc-cc-o4
$cc = cc
$rmd160_obj =
$rc5_obj =
$dso_scheme = dl
+$shared_target=
+$shared_cflag =
*** hpux-parisc-gcc
$cc = gcc
$rmd160_obj =
$rc5_obj =
$dso_scheme = dl
+$shared_target=
+$shared_cflag =
*** hpux10-brokencc
$cc = cc
$rmd160_obj =
$rc5_obj =
$dso_scheme = dl
+$shared_target=
+$shared_cflag =
*** hpux10-brokengcc
$cc = gcc
$rmd160_obj =
$rc5_obj =
$dso_scheme = dl
+$shared_target=
+$shared_cflag =
*** hpux10-cc
$cc = cc
$rmd160_obj =
$rc5_obj =
$dso_scheme = dl
+$shared_target=
+$shared_cflag =
*** hpux10-gcc
$cc = gcc
$rmd160_obj =
$rc5_obj =
$dso_scheme = dl
+$shared_target=
+$shared_cflag =
*** hpux64-parisc-cc
$cc = cc
$rmd160_obj =
$rc5_obj =
$dso_scheme = dl
+$shared_target=
+$shared_cflag =
*** irix-cc
$cc = cc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** irix-gcc
$cc = gcc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** irix-mips3-cc
$cc = cc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** irix-mips3-gcc
$cc = gcc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** irix64-mips4-cc
$cc = cc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** irix64-mips4-gcc
$cc = gcc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** linux-alpha+bwx-ccc
$cc = ccc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** linux-alpha+bwx-gcc
$cc = gcc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** linux-alpha-ccc
$cc = ccc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** linux-alpha-gcc
$cc = gcc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** linux-aout
$cc = gcc
$rmd160_obj = asm/rm86-out.o
$rc5_obj = asm/r586-out.o
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** linux-elf
$cc = gcc
$rmd160_obj = asm/rm86-elf.o
$rc5_obj = asm/r586-elf.o
$dso_scheme = dlfcn
+$shared_target=
+$shared_cflag =
*** linux-elf-arm
$cc = gcc
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
+$shared_target=
+$shared_cflag =
*** linux-ia64
$cc = gcc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** linux-m68k
$cc = gcc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** linux-mips
$cc = gcc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** linux-ppc
$cc = gcc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** linux-sparcv7
$cc = gcc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** linux-sparcv8
$cc = gcc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** linux-sparcv9
$cc = gcc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** ncr-scde
$cc = cc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** nextstep
$cc = cc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** nextstep3.3
$cc = cc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** purify
$cc = purify gcc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** rhapsody-ppc-cc
$cc = cc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** sco5-cc
$cc = cc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** sco5-gcc
$cc = gcc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** solaris-sparc-sc3
$cc = cc
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
+$shared_target=
+$shared_cflag =
*** solaris-sparcv7-cc
$cc = cc
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
+$shared_target=
+$shared_cflag =
*** solaris-sparcv7-gcc
$cc = gcc
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
+$shared_target=
+$shared_cflag =
*** solaris-sparcv8-cc
$cc = cc
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
+$shared_target=
+$shared_cflag =
*** solaris-sparcv8-gcc
$cc = gcc
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
+$shared_target=
+$shared_cflag =
*** solaris-sparcv9-cc
$cc = cc
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
+$shared_target=
+$shared_cflag =
*** solaris-sparcv9-gcc
$cc = gcc
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
+$shared_target=
+$shared_cflag =
*** solaris-sparcv9-gcc27
$cc = gcc
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
+$shared_target=
+$shared_cflag =
*** solaris-x86-gcc
$cc = gcc
$rmd160_obj = asm/rm86-sol.o
$rc5_obj = asm/r586-sol.o
$dso_scheme = dlfcn
+$shared_target=
+$shared_cflag =
*** solaris64-sparcv9-cc
$cc = cc
$rmd160_obj =
$rc5_obj =
$dso_scheme = dlfcn
+$shared_target=
+$shared_cflag =
*** sunos-gcc
$cc = gcc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** ultrix-cc
$cc = cc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** ultrix-gcc
$cc = gcc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** unixware-2.0
$cc = cc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** unixware-2.0-pentium
$cc = cc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
*** unixware-7
$cc = cc
$rmd160_obj =
$rc5_obj =
$dso_scheme =
+$shared_target=
+$shared_cflag =
return(othercerts);
}
+typedef struct {
+ char *name;
+ unsigned long flag;
+ unsigned long mask;
+} NAME_EX_TBL;
+
+int set_name_ex(unsigned long *flags, const char *arg)
+{
+ char c;
+ const NAME_EX_TBL *ptbl, ex_tbl[] = {
+ { "esc_2253", ASN1_STRFLGS_ESC_2253, 0},
+ { "esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
+ { "esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
+ { "use_quote", ASN1_STRFLGS_ESC_QUOTE, 0},
+ { "utf8", ASN1_STRFLGS_UTF8_CONVERT, 0},
+ { "ignore_type", ASN1_STRFLGS_IGNORE_TYPE, 0},
+ { "show_type", ASN1_STRFLGS_SHOW_TYPE, 0},
+ { "dump_all", ASN1_STRFLGS_DUMP_ALL, 0},
+ { "dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN, 0},
+ { "dump_der", ASN1_STRFLGS_DUMP_DER, 0},
+ { "compat", XN_FLAG_COMPAT, 0xffffffffL},
+ { "sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_MASK},
+ { "sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_MASK},
+ { "sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC, XN_FLAG_SEP_MASK},
+ { "sep_multiline", XN_FLAG_SEP_MULTILINE, XN_FLAG_SEP_MASK},
+ { "dn_rev", XN_FLAG_DN_REV, 0},
+ { "nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK},
+ { "sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK},
+ { "lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK},
+ { "oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK},
+ { "space_eq", XN_FLAG_SPC_EQ, 0},
+ { "dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0},
+ { "RFC2253", XN_FLAG_RFC2253, 0xffffffffL},
+ { "oneline", XN_FLAG_ONELINE, 0xffffffffL},
+ { "multiline", XN_FLAG_MULTILINE, 0xffffffffL},
+ { NULL, 0, 0}
+ };
+
+ c = arg[0];
+
+ if(c == '-') {
+ c = 0;
+ arg++;
+ } else if (c == '+') {
+ c = 1;
+ arg++;
+ } else c = 1;
+
+ for(ptbl = ex_tbl; ptbl->name; ptbl++) {
+ if(!strcmp(arg, ptbl->name)) {
+ *flags &= ~ptbl->mask;
+ if(c) *flags |= ptbl->flag;
+ else *flags &= ~ptbl->flag;
+ return 1;
+ }
+ }
+ return 0;
+}
+
+void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags)
+{
+ char buf[256];
+ char mline = 0;
+ int indent = 0;
+ if(title) BIO_puts(out, title);
+ if((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
+ mline = 1;
+ indent = 4;
+ }
+ if(lflags == XN_FLAG_COMPAT) {
+ X509_NAME_oneline(nm,buf,256);
+ BIO_puts(out,buf);
+ BIO_puts(out, "\n");
+ } else {
+ if(mline) BIO_puts(out, "\n");
+ X509_NAME_print_ex(out, nm, indent, lflags);
+ BIO_puts(out, "\n");
+ }
+}
+
int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
#ifdef HEADER_X509_H
int dump_cert_text(BIO *out, X509 *x);
+void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags);
#endif
+int set_name_ex(unsigned long *flags, const char *arg);
int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
int add_oid_section(BIO *err, LHASH *conf);
X509 *load_cert(BIO *err, char *file, int format);
unsigned int length=0;
long num,tmplen;
BIO *in=NULL,*out=NULL,*b64=NULL, *derout = NULL;
- int informat,indent=0, noout = 0;
+ int informat,indent=0, noout = 0, dump = 0;
char *infile=NULL,*str=NULL,*prog,*oidfile=NULL, *derfile=NULL;
unsigned char *tmpbuf;
BUF_MEM *buf=NULL;
length= atoi(*(++argv));
if (length == 0) goto bad;
}
+ else if (strcmp(*argv,"-dump") == 0)
+ {
+ dump= -1;
+ }
+ else if (strcmp(*argv,"-dlimit") == 0)
+ {
+ if (--argc < 1) goto bad;
+ dump= atoi(*(++argv));
+ if (dump <= 0) goto bad;
+ }
else if (strcmp(*argv,"-strparse") == 0)
{
if (--argc < 1) goto bad;
BIO_printf(bio_err," -offset arg offset into file\n");
BIO_printf(bio_err," -length arg length of section in file\n");
BIO_printf(bio_err," -i indent entries\n");
+ BIO_printf(bio_err," -dump dump unknown data in hex form\n");
+ BIO_printf(bio_err," -dlimit arg dump the first arg bytes of unknown data in hex form\n");
BIO_printf(bio_err," -oid file file of extra oid definitions\n");
BIO_printf(bio_err," -strparse offset\n");
BIO_printf(bio_err," a series of these can be used to 'dig' into multiple\n");
}
}
if (!noout &&
- !ASN1_parse(out,(unsigned char *)&(str[offset]),length,indent))
+ !ASN1_parse_dump(out,(unsigned char *)&(str[offset]),length,
+ indent,dump))
{
ERR_print_errors(bio_err);
goto end;
char *passwd, BIO *out, int quiet, int table, int reverse,
size_t pw_maxlen, int usecrypt, int use1, int useapr1);
-/* -crypt - standard Unix password algorithm (default, only choice)
+/* -crypt - standard Unix password algorithm (default)
* -1 - MD5-based password algorithm
* -apr1 - MD5-based password algorithm, Apache variant
* -salt string - salt
BIO_printf(bio_err,"unable to load Private key\n");
goto end;
}
+ if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA)
+ {
+ char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE");
+ app_RAND_load_file(randfile, bio_err, 0);
+ }
}
if (newreq && (pkey == NULL))
BIO_printf (bio_err, "-signer file signer certificate file\n");
BIO_printf (bio_err, "-recip file recipient certificate file for decryption\n");
BIO_printf (bio_err, "-in file input file\n");
+ BIO_printf (bio_err, "-inform arg input format SMIME (default), PEM or DER\n");
BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n");
BIO_printf (bio_err, "-out file output file\n");
+ BIO_printf (bio_err, "-outform arg output format SMIME (default), PEM or DER\n");
+ BIO_printf (bio_err, "-content file supply or override content for detached signature\n");
BIO_printf (bio_err, "-to addr to address\n");
BIO_printf (bio_err, "-from ad from address\n");
BIO_printf (bio_err, "-subject s subject\n");
ret=0;
end:
if (ret == 1) {
- BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] cert1 cert2 ...\n");
+ BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] cert1 cert2 ...\n");
BIO_printf(bio_err,"recognized usages:\n");
for(i = 0; i < X509_PURPOSE_get_count(); i++) {
X509_PURPOSE *ptmp;
" -extfile - configuration file with X509V3 extensions to add\n",
" -extensions - section from config file with X509V3 extensions to add\n",
" -clrext - delete extensions before signing and input certificate\n",
+" -nameopt arg - various certificate name options\n",
NULL
};
char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
int need_rand = 0;
int checkend=0,checkoffset=0;
+ unsigned long nmflag = 0;
reqfile=0;
alias= *(++argv);
trustout = 1;
}
+ else if (strcmp(*argv,"-nameopt") == 0)
+ {
+ if (--argc < 1) goto bad;
+ if(!set_name_ex(&nmflag, *(++argv))) goto bad;
+ }
else if (strcmp(*argv,"-setalias") == 0)
{
if (--argc < 1) goto bad;
}
else
BIO_printf(bio_err,"Signature ok\n");
-
- X509_NAME_oneline(req->req_info->subject,buf,256);
- BIO_printf(bio_err,"subject=%s\n",buf);
+
+ print_name(bio_err, "subject=", X509_REQ_get_subject_name(req), nmflag);
if ((x=X509_new()) == NULL) goto end;
ci=x->cert_info;
{
if (issuer == i)
{
- X509_NAME_oneline(X509_get_issuer_name(x),
- buf,256);
- BIO_printf(STDout,"issuer= %s\n",buf);
+ print_name(STDout, "issuer= ",
+ X509_get_issuer_name(x), nmflag);
}
else if (subject == i)
{
- X509_NAME_oneline(X509_get_subject_name(x),
- buf,256);
- BIO_printf(STDout,"subject=%s\n",buf);
+ print_name(STDout, "issuer= ",
+ X509_get_subject_name(x), nmflag);
}
else if (serial == i)
{
static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
{
- char buf[256];
int err;
X509 *err_cert;
else
{
err_cert=X509_STORE_CTX_get_current_cert(ctx);
- X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256);
- BIO_printf(bio_err,"%s\n",buf);
+ print_name(bio_err, NULL, X509_get_subject_name(err_cert),0);
BIO_printf(bio_err,"error with certificate - error %d at depth %d\n%s\n",
err,X509_STORE_CTX_get_error_depth(ctx),
X509_verify_cert_error_string(err));
LIB=$(TOP)/libcrypto.a
LIBSRC= a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
a_null.c a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c a_bmp.c \
- a_enum.c a_vis.c a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c \
+ a_enum.c a_vis.c a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \
x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c \
x_name.c x_cinf.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c \
d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c \
evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c
LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
a_null.o a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o a_bmp.o \
- a_enum.o a_vis.o a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o \
+ a_enum.o a_vis.o a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \
x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o \
x_name.o x_cinf.o x_x509.o x_x509a.o x_crl.o x_info.o x_spki.o nsseq.o \
d2i_r_pr.o i2d_r_pr.o d2i_r_pu.o i2d_r_pu.o \
a_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
a_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
a_sign.o: ../cryptlib.h
+a_strex.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_strex.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+a_strex.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+a_strex.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+a_strex.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+a_strex.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h
+a_strex.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+a_strex.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+a_strex.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+a_strex.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_strex.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+a_strex.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+a_strex.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+a_strex.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+a_strex.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+a_strex.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+a_strex.o: charmap.h
a_strnid.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
a_strnid.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
a_strnid.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
int i2d_ASN1_ENUMERATED(ASN1_ENUMERATED *a, unsigned char **pp)
{
int len, ret;
+ if(!a) return 0;
len = i2c_ASN1_INTEGER(a, NULL);
ret=ASN1_object_size(0,len,V_ASN1_ENUMERATED);
if(pp) {
int i2d_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
{
int len, ret;
+ if(!a) return 0;
len = i2c_ASN1_INTEGER(a, NULL);
ret=ASN1_object_size(0,len,V_ASN1_INTEGER);
if(pp) {
ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp,
long length)
- {
- ASN1_OBJECT *ret=NULL;
+{
unsigned char *p;
long len;
int tag,xclass;
int inf,i;
-
- /* only the ASN1_OBJECTs from the 'table' will have values
- * for ->sn or ->ln */
- if ((a == NULL) || ((*a) == NULL) ||
- !((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC))
- {
- if ((ret=ASN1_OBJECT_new()) == NULL) return(NULL);
- }
- else ret=(*a);
-
+ ASN1_OBJECT *ret = NULL;
p= *pp;
-
inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
if (inf & 0x80)
{
i=ASN1_R_EXPECTING_AN_OBJECT;
goto err;
}
+ ret = c2i_ASN1_OBJECT(a, &p, len);
+ if(ret) *pp = p;
+ return ret;
+err:
+ ASN1err(ASN1_F_D2I_ASN1_OBJECT,i);
+ if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+ ASN1_OBJECT_free(ret);
+ return(NULL);
+}
+ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp,
+ long len)
+ {
+ ASN1_OBJECT *ret=NULL;
+ unsigned char *p;
+ int i;
+
+ /* only the ASN1_OBJECTs from the 'table' will have values
+ * for ->sn or ->ln */
+ if ((a == NULL) || ((*a) == NULL) ||
+ !((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC))
+ {
+ if ((ret=ASN1_OBJECT_new()) == NULL) return(NULL);
+ }
+ else ret=(*a);
+
+ p= *pp;
if ((ret->data == NULL) || (ret->length < len))
{
if (ret->data != NULL) OPENSSL_free(ret->data);
#define ASN1_BMPSTRING ASN1_STRING
#define ASN1_VISIBLESTRING ASN1_STRING
#define ASN1_UTF8STRING ASN1_STRING
+#define ASN1_BOOLEAN int
#else
typedef struct asn1_string_st ASN1_INTEGER;
typedef struct asn1_string_st ASN1_ENUMERATED;
typedef struct asn1_string_st ASN1_GENERALIZEDTIME;
typedef struct asn1_string_st ASN1_VISIBLESTRING;
typedef struct asn1_string_st ASN1_UTF8STRING;
+typedef int ASN1_BOOLEAN;
#endif
typedef int ASN1_NULL;
+/* Parameters used by ASN1_STRING_print_ex() */
+
+/* These determine which characters to escape:
+ * RFC2253 special characters, control characters and
+ * MSB set characters
+ */
+
+#define ASN1_STRFLGS_ESC_2253 1
+#define ASN1_STRFLGS_ESC_CTRL 2
+#define ASN1_STRFLGS_ESC_MSB 4
+
+
+/* This flag determines how we do escaping: normally
+ * RC2253 backslash only, set this to use backslash and
+ * quote.
+ */
+
+#define ASN1_STRFLGS_ESC_QUOTE 8
+
+
+/* These three flags are internal use only. */
+
+/* Character is a valid PrintableString character */
+#define CHARTYPE_PRINTABLESTRING 0x10
+/* Character needs escaping if it is the first character */
+#define CHARTYPE_FIRST_ESC_2253 0x20
+/* Character needs escaping if it is the last character */
+#define CHARTYPE_LAST_ESC_2253 0x40
+
+/* NB the internal flags are safely reused below by flags
+ * handled at the top level.
+ */
+
+/* If this is set we convert all character strings
+ * to UTF8 first
+ */
+
+#define ASN1_STRFLGS_UTF8_CONVERT 0x10
+
+/* If this is set we don't attempt to interpret content:
+ * just assume all strings are 1 byte per character. This
+ * will produce some pretty odd looking output!
+ */
+
+#define ASN1_STRFLGS_IGNORE_TYPE 0x20
+
+/* If this is set we include the string type in the output */
+#define ASN1_STRFLGS_SHOW_TYPE 0x40
+
+/* This determines which strings to display and which to
+ * 'dump' (hex dump of content octets or DER encoding). We can
+ * only dump non character strings or everything. If we
+ * don't dump 'unknown' they are interpreted as character
+ * strings with 1 octet per character and are subject to
+ * the usual escaping options.
+ */
+
+#define ASN1_STRFLGS_DUMP_ALL 0x80
+#define ASN1_STRFLGS_DUMP_UNKNOWN 0x100
+
+/* These determine what 'dumping' does, we can dump the
+ * content octets or the DER encoding: both use the
+ * RFC2253 #XXXXX notation.
+ */
+
+#define ASN1_STRFLGS_DUMP_DER 0x200
+
+/* All the string flags consistent with RFC2253,
+ * escaping control characters isn't essential in
+ * RFC2253 but it is advisable anyway.
+ */
+
+#define ASN1_STRFLGS_RFC2253 (ASN1_STRFLGS_ESC_2253 | \
+ ASN1_STRFLGS_ESC_CTRL | \
+ ASN1_STRFLGS_ESC_MSB | \
+ ASN1_STRFLGS_UTF8_CONVERT | \
+ ASN1_STRFLGS_DUMP_UNKNOWN | \
+ ASN1_STRFLGS_DUMP_DER)
+
DECLARE_STACK_OF(ASN1_INTEGER)
DECLARE_ASN1_SET_OF(ASN1_INTEGER)
int type;
union {
char *ptr;
+ ASN1_BOOLEAN boolean;
ASN1_STRING * asn1_string;
ASN1_OBJECT * object;
ASN1_INTEGER * integer;
ASN1_OBJECT * ASN1_OBJECT_new(void );
void ASN1_OBJECT_free(ASN1_OBJECT *a);
int i2d_ASN1_OBJECT(ASN1_OBJECT *a,unsigned char **pp);
+ASN1_OBJECT * c2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp,
+ long length);
ASN1_OBJECT * d2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp,
long length);
#ifndef NO_FP_API
char *ASN1_d2i_fp(char *(*xnew)(),char *(*d2i)(),FILE *fp,unsigned char **x);
int ASN1_i2d_fp(int (*i2d)(),FILE *out,unsigned char *x);
+int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags);
#endif
#ifndef NO_BIO
int ASN1_GENERALIZEDTIME_print(BIO *fp,ASN1_GENERALIZEDTIME *a);
int ASN1_TIME_print(BIO *fp,ASN1_TIME *a);
int ASN1_STRING_print(BIO *bp,ASN1_STRING *v);
+int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags);
int ASN1_parse(BIO *bp,unsigned char *pp,long len,int indent);
+int ASN1_parse_dump(BIO *bp,unsigned char *pp,long len,int indent,int dump);
#endif
const char *ASN1_tag2str(int tag);
static int asn1_print_info(BIO *bp, int tag, int xclass,int constructed,
int indent);
static int asn1_parse2(BIO *bp, unsigned char **pp, long length,
- int offset, int depth, int indent);
+ int offset, int depth, int indent, int dump);
static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
int indent)
{
int ASN1_parse(BIO *bp, unsigned char *pp, long len, int indent)
{
- return(asn1_parse2(bp,&pp,len,0,0,indent));
+ return(asn1_parse2(bp,&pp,len,0,0,indent,0));
+ }
+
+int ASN1_parse_dump(BIO *bp, unsigned char *pp, long len, int indent, int dump)
+ {
+ return(asn1_parse2(bp,&pp,len,0,0,indent,dump));
}
static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset,
- int depth, int indent)
+ int depth, int indent, int dump)
{
unsigned char *p,*ep,*tot,*op,*opp;
long len;
ASN1_OBJECT *o=NULL;
ASN1_OCTET_STRING *os=NULL;
/* ASN1_BMPSTRING *bmp=NULL;*/
+ int dump_indent;
+#if 0
+ dump_indent = indent;
+#else
+ dump_indent = 6; /* Because we know BIO_dump_indent() */
+#endif
p= *pp;
tot=p+length;
op=p-1;
{
r=asn1_parse2(bp,&p,(long)(tot-p),
offset+(p - *pp),depth+1,
- indent);
+ indent,dump);
if (r == 0) { ret=0; goto end; }
if ((r == 2) || (p >= tot)) break;
}
{
r=asn1_parse2(bp,&p,(long)len,
offset+(p - *pp),depth+1,
- indent);
+ indent,dump);
if (r == 0) { ret=0; goto end; }
}
}
os->length) <= 0)
goto end;
}
+ if (!printable && (os->length > 0)
+ && dump)
+ {
+ if (!nl)
+ {
+ if (BIO_write(bp,"\n",1) <= 0)
+ goto end;
+ }
+ if (BIO_dump_indent(bp,opp,
+ ((dump == -1 || dump > os->length)?os->length:dump),
+ dump_indent) <= 0)
+ goto end;
+ nl=1;
+ }
M_ASN1_OCTET_STRING_free(os);
os=NULL;
}
}
M_ASN1_ENUMERATED_free(bs);
}
+ else if (len > 0 && dump)
+ {
+ if (!nl)
+ {
+ if (BIO_write(bp,"\n",1) <= 0)
+ goto end;
+ }
+ if (BIO_dump_indent(bp,p,
+ ((dump == -1 || dump > len)?len:dump),
+ dump_indent) <= 0)
+ goto end;
+ nl=1;
+ }
if (!nl)
{
#include <openssl/objects.h>
#include <openssl/asn1_mac.h>
-#ifdef NEG_PUBKEY_BUG
+#ifndef NO_NEG_PUBKEY_BUG
#define d2i_ASN1_INTEGER d2i_ASN1_UINTEGER
#endif
#include <openssl/objects.h>
#include <openssl/asn1_mac.h>
-#ifdef NEG_PUBKEY_BUG
+#ifndef NO_NEG_PUBKEY_BUG
#define d2i_ASN1_INTEGER d2i_ASN1_UINTEGER
#endif
#include <openssl/objects.h>
#include <openssl/asn1_mac.h>
-#ifdef NEG_PUBKEY_BUG
+#ifndef NO_NEG_PUBKEY_BUG
#define d2i_ASN1_INTEGER d2i_ASN1_UINTEGER
#endif
#define TRUNCATE
#define DUMP_WIDTH 16
+#define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH-((i-(i>6?6:i)+3)/4))
int BIO_dump(BIO *bio, const char *s, int len)
+ {
+ return BIO_dump_indent(bio, s, len, 0);
+ }
+
+int BIO_dump_indent(BIO *bio, const char *s, int len, int indent)
{
int ret=0;
- char buf[160+1],tmp[20];
+ char buf[288+1],tmp[20],str[128+1];
int i,j,rows,trunc;
unsigned char ch;
+ int dump_width;
trunc=0;
trunc++;
#endif
- rows=(len/DUMP_WIDTH);
- if ((rows*DUMP_WIDTH)<len)
+ if (indent < 0)
+ indent = 0;
+ if (indent) {
+ if (indent > 128) indent=128;
+ memset(str,' ',indent);
+ }
+ str[indent]='\0';
+
+ dump_width=DUMP_WIDTH_LESS_INDENT(indent);
+ rows=(len/dump_width);
+ if ((rows*dump_width)<len)
rows++;
for(i=0;i<rows;i++) {
buf[0]='\0'; /* start with empty string */
- sprintf(tmp,"%04x - ",i*DUMP_WIDTH);
- strcpy(buf,tmp);
- for(j=0;j<DUMP_WIDTH;j++) {
- if (((i*DUMP_WIDTH)+j)>=len) {
+ strcpy(buf,str);
+ sprintf(tmp,"%04x - ",i*dump_width);
+ strcat(buf,tmp);
+ for(j=0;j<dump_width;j++) {
+ if (((i*dump_width)+j)>=len) {
strcat(buf," ");
} else {
- ch=((unsigned char)*(s+i*DUMP_WIDTH+j)) & 0xff;
+ ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
sprintf(tmp,"%02x%c",ch,j==7?'-':' ');
strcat(buf,tmp);
}
}
strcat(buf," ");
- for(j=0;j<DUMP_WIDTH;j++) {
- if (((i*DUMP_WIDTH)+j)>=len)
+ for(j=0;j<dump_width;j++) {
+ if (((i*dump_width)+j)>=len)
break;
- ch=((unsigned char)*(s+i*DUMP_WIDTH+j)) & 0xff;
+ ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
#ifndef CHARSET_EBCDIC
sprintf(tmp,"%c",((ch>=' ')&&(ch<='~'))?ch:'.');
#else
}
#ifdef TRUNCATE
if (trunc > 0) {
- sprintf(buf,"%04x - <SPACES/NULS>\n",len+trunc);
+ sprintf(buf,"%s%04x - <SPACES/NULS>\n",str,len+trunc);
ret+=BIO_write(bio,(char *)buf,strlen(buf));
}
#endif
struct hostent *he;
i=get_ip(str,ip);
- if (i > 0) return(1);
if (i < 0)
{
BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_INVALID_IP_ADDRESS);
goto err;
}
- /* do a gethostbyname */
+ /* At this point, we have something that is most probably correct
+ in some way, so let's init the socket. */
if (!BIO_sock_init())
return(0); /* don't generate another error code here */
+ /* If the string actually contained an IP address, we need not do
+ anything more */
+ if (i > 0) return(1);
+
+ /* do a gethostbyname */
CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME);
locked = 1;
he=BIO_gethostbyname(str);
int BIO_fd_should_retry(int i);
int BIO_fd_non_fatal_error(int error);
int BIO_dump(BIO *b,const char *bytes,int len);
+int BIO_dump_indent(BIO *b,const char *bytes,int len,int indent);
struct hostent *BIO_gethostbyname(const char *name);
/* We might want a thread-safe interface too:
al=a->top;
bl=b->top;
- r->neg=a->neg^b->neg;
if ((al == 0) || (bl == 0))
{
}
else
rr = r;
+ rr->neg=a->neg^b->neg;
#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
i = al-bl;
a->neg=0;
i=BN_sub_word(a,w);
if (!BN_is_zero(a))
- a->neg=1;
+ a->neg=!(a->neg);
return(i);
}
w&=BN_MASK2;
{
int i;
- if (a->neg)
+ if (BN_is_zero(a) || a->neg)
{
a->neg=0;
i=BN_add_word(a,w);
* unless CRYPTO_MDEBUG is defined) */
#define CRYPTO_malloc_debug_init() do {\
CRYPTO_set_mem_debug_functions(\
- (void (*)())CRYPTO_dbg_malloc,\
- (void (*)())CRYPTO_dbg_realloc,\
- (void (*)())CRYPTO_dbg_free,\
- (void (*)())CRYPTO_dbg_set_options,\
- (long (*)())CRYPTO_dbg_get_options);\
+ CRYPTO_dbg_malloc,\
+ CRYPTO_dbg_realloc,\
+ CRYPTO_dbg_free,\
+ CRYPTO_dbg_set_options,\
+ CRYPTO_dbg_get_options);\
} while(0)
int CRYPTO_mem_ctrl(int mode);
l=ERR_GET_LIB(e);
- CRYPTO_r_lock(CRYPTO_LOCK_ERR_HASH);
+ CRYPTO_w_lock(CRYPTO_LOCK_ERR_HASH);
if (error_hash != NULL)
{
p=(ERR_STRING_DATA *)lh_retrieve(error_hash,&d);
}
- CRYPTO_r_unlock(CRYPTO_LOCK_ERR_HASH);
+ CRYPTO_w_unlock(CRYPTO_LOCK_ERR_HASH);
return((p == NULL)?NULL:p->string);
}
l=ERR_GET_LIB(e);
f=ERR_GET_FUNC(e);
- CRYPTO_r_lock(CRYPTO_LOCK_ERR_HASH);
+ CRYPTO_w_lock(CRYPTO_LOCK_ERR_HASH);
if (error_hash != NULL)
{
p=(ERR_STRING_DATA *)lh_retrieve(error_hash,&d);
}
- CRYPTO_r_unlock(CRYPTO_LOCK_ERR_HASH);
+ CRYPTO_w_unlock(CRYPTO_LOCK_ERR_HASH);
return((p == NULL)?NULL:p->string);
}
l=ERR_GET_LIB(e);
r=ERR_GET_REASON(e);
- CRYPTO_r_lock(CRYPTO_LOCK_ERR_HASH);
+ CRYPTO_w_lock(CRYPTO_LOCK_ERR_HASH);
if (error_hash != NULL)
{
}
}
- CRYPTO_r_unlock(CRYPTO_LOCK_ERR_HASH);
+ CRYPTO_w_unlock(CRYPTO_LOCK_ERR_HASH);
return((p == NULL)?NULL:p->string);
}
void ERR_remove_state(unsigned long pid)
{
- ERR_STATE *p,tmp;
+ ERR_STATE *p = NULL,tmp;
if (thread_hash == NULL)
return;
pid=(unsigned long)CRYPTO_thread_id();
tmp.pid=pid;
CRYPTO_w_lock(CRYPTO_LOCK_ERR);
- p=(ERR_STATE *)lh_delete(thread_hash,&tmp);
- if (lh_num_items(thread_hash) == 0)
+ if (thread_hash)
{
- /* make sure we don't leak memory */
- lh_free(thread_hash);
- thread_hash = NULL;
+ p=(ERR_STATE *)lh_delete(thread_hash,&tmp);
+ if (lh_num_items(thread_hash) == 0)
+ {
+ /* make sure we don't leak memory */
+ lh_free(thread_hash);
+ thread_hash = NULL;
+ }
}
CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
pid=(unsigned long)CRYPTO_thread_id();
- CRYPTO_r_lock(CRYPTO_LOCK_ERR);
+ CRYPTO_w_lock(CRYPTO_LOCK_ERR);
if (thread_hash != NULL)
{
tmp.pid=pid;
ret=(ERR_STATE *)lh_retrieve(thread_hash,&tmp);
}
- CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
+ CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
/* ret == the error state, if NULL, make a new one */
if (ret == NULL)
n-=i;
}
/* at this point all pending data has been written */
+ ctx->buf_off=0;
+ ctx->buf_len=0;
if ((in == NULL) || (inl <= 0)) return(0);
- ctx->buf_off=0;
while (inl > 0)
{
n=(inl > B64_BLOCK_SIZE)?B64_BLOCK_SIZE:inl;
if (ctx->tmp_len > 0)
{
n=3-ctx->tmp_len;
+ /* There's a teoretical possibility for this */
+ if (n > inl)
+ n=inl;
memcpy(&(ctx->tmp[ctx->tmp_len]),in,n);
ctx->tmp_len+=n;
- n=ctx->tmp_len;
- if (n < 3)
+ if (ctx->tmp_len < 3)
break;
ctx->buf_len=EVP_EncodeBlock(
(unsigned char *)ctx->buf,
- (unsigned char *)ctx->tmp,n);
+ (unsigned char *)ctx->tmp,
+ ctx->tmp_len);
+ /* Since we're now done using the temporary
+ buffer, the length should be 0'd */
+ ctx->tmp_len=0;
}
else
{
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.5b-dev 1 Apr 2000"
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
+
+/* The macros below are to be used for shared library (.so, .dll, ...)
+ * versioning. That kind of versioning works a bit differently between
+ * operating systems. The most usual scheme is to set a major and a minor
+ * number, and have the runtime loader check that the major number is equal
+ * to what it was at application link time, while the minor number has to
+ * be greater or equal to what it was at application link time. With this
+ * scheme, the version number is usually part of the file name, like this:
+ *
+ * libcrypto.so.0.9
+ *
+ * Some unixen also make a softlink with the major verson number only:
+ *
+ * libcrypto.so.0
+ *
+ * On True64 it works a little bit differently. There, the shared library
+ * version is stored in the file, and is actually a series of versions,
+ * separated by colons. The rightmost version present in the library when
+ * linking an application is stored in the application to be matched at
+ * run time. When the application is run, a check is done to see if the
+ * library version stored in the application matches any of the versions
+ * in the version string of the library itself.
+ * This version string can be constructed in any way, depending on what
+ * kind of matching is desired. However, to implement the same scheme as
+ * the one used in the other unixen, all compatible versions, from lowest
+ * to highest, should be part of the string. Consecutive builds would
+ * give the following versions strings:
+ *
+ * 3.0
+ * 3.0:3.1
+ * 3.0:3.1:3.2
+ * 4.0
+ * 4.0:4.1
+ *
+ * Notice how version 4 is completely incompatible with version, and
+ * therefore give the breach you can see.
+ *
+ * There may be other schemes as well that I haven't yet discovered.
+ *
+ * So, here's the way it works here: first of all, the library version
+ * number doesn't need at all to match the overall OpenSSL version.
+ * However, it's nice and more understandable if it actually does.
+ * The current library version is stored in the macro SHLIB_VERSION_NUMBER,
+ * which is just a piece of text in the format "M.m.e" (Major, minor, edit).
+ * For the sake of True64 and any other OS that behaves in similar ways,
+ * we need to keep a history of version numbers, which is done in the
+ * macro SHLIB_VERSION_HISTORY. The numbers are separated by colons and
+ * should only keep the versions that are binary compatible with the current.
+ */
+#define SHLIB_VERSION_HISTORY ""
+#define SHLIB_VERSION_NUMBER "0.9.5b"
+
+
#endif /* HEADER_OPENSSLV_H */
md_rand.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
md_rand.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
md_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-md_rand.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+md_rand.o: ../../include/openssl/sha.h ../../include/openssl/stack.h rand_lcl.h
rand_egd.o: ../../include/openssl/opensslconf.h ../../include/openssl/rand.h
rand_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
rand_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
rand_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
rand_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
rand_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+rand_win.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+rand_win.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+rand_win.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rand_win.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rand_win.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+rand_win.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rand_win.o: ../../include/openssl/stack.h ../cryptlib.h rand_lcl.h
randfile.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
randfile.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
randfile.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
*
*/
-#define ENTROPY_NEEDED 20 /* require 160 bits = 20 bytes of randomness */
-
#ifdef MD_RAND_DEBUG
# ifndef NDEBUG
# define NDEBUG
#include <assert.h>
#include <stdio.h>
-#include <time.h>
#include <string.h>
#include "openssl/e_os.h"
+#include <openssl/rand.h>
+#include "rand_lcl.h"
+
#include <openssl/crypto.h>
#include <openssl/err.h>
-#if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
-#if !defined(NO_SHA) && !defined(NO_SHA1)
-#define USE_SHA1_RAND
-#elif !defined(NO_MD5)
-#define USE_MD5_RAND
-#elif !defined(NO_MDC2) && !defined(NO_DES)
-#define USE_MDC2_RAND
-#elif !defined(NO_MD2)
-#define USE_MD2_RAND
-#else
-#error No message digest algorithm available
-#endif
-#endif
-
-/* Changed how the state buffer used. I now attempt to 'wrap' such
- * that I don't run over the same locations the next time go through
- * the 1023 bytes - many thanks to
- * Robert J. LeBlanc <rjl@renaissoft.com> for his comments
- */
-
-#if defined(USE_MD5_RAND)
-#include <openssl/md5.h>
-#define MD_DIGEST_LENGTH MD5_DIGEST_LENGTH
-#define MD_CTX MD5_CTX
-#define MD_Init(a) MD5_Init(a)
-#define MD_Update(a,b,c) MD5_Update(a,b,c)
-#define MD_Final(a,b) MD5_Final(a,b)
-#define MD(a,b,c) MD5(a,b,c)
-#elif defined(USE_SHA1_RAND)
-#include <openssl/sha.h>
-#define MD_DIGEST_LENGTH SHA_DIGEST_LENGTH
-#define MD_CTX SHA_CTX
-#define MD_Init(a) SHA1_Init(a)
-#define MD_Update(a,b,c) SHA1_Update(a,b,c)
-#define MD_Final(a,b) SHA1_Final(a,b)
-#define MD(a,b,c) SHA1(a,b,c)
-#elif defined(USE_MDC2_RAND)
-#include <openssl/mdc2.h>
-#define MD_DIGEST_LENGTH MDC2_DIGEST_LENGTH
-#define MD_CTX MDC2_CTX
-#define MD_Init(a) MDC2_Init(a)
-#define MD_Update(a,b,c) MDC2_Update(a,b,c)
-#define MD_Final(a,b) MDC2_Final(a,b)
-#define MD(a,b,c) MDC2(a,b,c)
-#elif defined(USE_MD2_RAND)
-#include <openssl/md2.h>
-#define MD_DIGEST_LENGTH MD2_DIGEST_LENGTH
-#define MD_CTX MD2_CTX
-#define MD_Init(a) MD2_Init(a)
-#define MD_Update(a,b,c) MD2_Update(a,b,c)
-#define MD_Final(a,b) MD2_Final(a,b)
-#define MD(a,b,c) MD2(a,b,c)
-#endif
-
-#include <openssl/rand.h>
-
#ifdef BN_DEBUG
# define PREDICT
#endif
-/* #define NORAND 1 */
/* #define PREDICT 1 */
#define STATE_SIZE 1023
static double entropy=0;
static int initialized=0;
+/* This should be set to 1 only when ssleay_rand_add() is called inside
+ an already locked state, so it doesn't try to lock and thereby cause
+ a hang. And it should always be reset back to 0 before unlocking. */
+static int add_do_not_lock=0;
+
#ifdef PREDICT
int rand_predictable=0;
#endif
unsigned char local_md[MD_DIGEST_LENGTH];
MD_CTX m;
-#ifdef NORAND
- return;
-#endif
-
/*
* (Based on the rand(3) manpage)
*
* hash function.
*/
- CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+ if (!add_do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
st_idx=state_index;
/* use our own copies of the counters so that even
md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0);
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+ if (!add_do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
for (i=0; i<num; i+=MD_DIGEST_LENGTH)
{
}
memset((char *)&m,0,sizeof(m));
- CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+ if (!add_do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
/* Don't just copy back local_md into md -- this could mean that
* other thread's seeding remains without effect (except for
* the incremented counter). By XORing it we keep at least as
}
if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */
entropy += add;
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+ if (!add_do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-#ifndef THREADS
+#if !defined(THREADS) && !defined(WIN32)
assert(md_c[1] == md_count[1]);
#endif
}
ssleay_rand_add(buf, num, num);
}
-static void ssleay_rand_initialize(void) /* not exported in RAND_METHOD */
- {
- unsigned long l;
-#ifndef GETPID_IS_MEANINGLESS
- pid_t curr_pid = getpid();
-#endif
-#ifdef DEVRANDOM
- FILE *fh;
-#endif
-
-#ifdef NORAND
- return;
-#endif
-
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
- /* put in some default random data, we need more than just this */
-#ifndef GETPID_IS_MEANINGLESS
- l=curr_pid;
- RAND_add(&l,sizeof(l),0);
- l=getuid();
- RAND_add(&l,sizeof(l),0);
-#endif
- l=time(NULL);
- RAND_add(&l,sizeof(l),0);
-
-#ifdef DEVRANDOM
- /* Use a random entropy pool device. Linux, FreeBSD and OpenBSD
- * have this. Use /dev/urandom if you can as /dev/random may block
- * if it runs out of random entries. */
-
- if ((fh = fopen(DEVRANDOM, "r")) != NULL)
- {
- unsigned char tmpbuf[ENTROPY_NEEDED];
- int n;
-
- setvbuf(fh, NULL, _IONBF, 0);
- n=fread((unsigned char *)tmpbuf,1,ENTROPY_NEEDED,fh);
- fclose(fh);
- RAND_add(tmpbuf,sizeof tmpbuf,n);
- memset(tmpbuf,0,n);
- }
-#endif
-#ifdef PURIFY
- memset(state,0,STATE_SIZE);
- memset(md,0,MD_DIGEST_LENGTH);
-#endif
- CRYPTO_w_lock(CRYPTO_LOCK_RAND);
- initialized=1;
- }
-
static int ssleay_rand_bytes(unsigned char *buf, int num)
{
static volatile int stirred_pool = 0;
* global 'md'.
*/
- CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-
if (!initialized)
- ssleay_rand_initialize();
+ RAND_poll();
+
+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+ add_do_not_lock = 1; /* Since we call ssleay_rand_add while in
+ this locked state. */
+ initialized = 1;
if (!stirred_pool)
do_stir_pool = 1;
* are now ours (but other threads may use them too) */
md_count[0] += 1;
+
+ add_do_not_lock = 0; /* If this would ever be forgotten, we can
+ expect any evil god to eat our souls. */
CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
while (num > 0)
{
int ret;
- CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-
if (!initialized)
- ssleay_rand_initialize();
- ret = entropy >= ENTROPY_NEEDED;
+ RAND_poll();
+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+ initialized = 1;
+ ret = entropy >= ENTROPY_NEEDED;
CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
return ret;
int RAND_egd(const char *path);
int RAND_egd_bytes(const char *path,int bytes);
void ERR_load_RAND_strings(void);
+int RAND_poll(void);
#ifdef __cplusplus
}
*
*/
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#include "rand_lcl.h"
#if defined(WINDOWS) || defined(WIN32)
-#include "cryptlib.h"
#include <windows.h>
-#include <openssl/rand.h>
-/* XXX There are probably other includes missing here ... */
-
-
-#if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
-#if !defined(NO_SHA) && !defined(NO_SHA1)
-#define USE_SHA1_RAND
-#elif !defined(NO_MD5)
-#define USE_MD5_RAND
-#elif !defined(NO_MDC2) && !defined(NO_DES)
-#define USE_MDC2_RAND
-#elif !defined(NO_MD2)
-#define USE_MD2_RAND
-#else
-#error No message digest algorithm available
+#ifndef _WIN32_WINNT
+# define _WIN32_WINNT 0x0400
#endif
+#include <wincrypt.h>
+#include <tlhelp32.h>
+
+/* Intel hardware RNG CSP -- available from
+ * http://developer.intel.com/design/security/rng/redist_license.htm
+ */
+#define PROV_INTEL_SEC 22
+#define INTEL_DEF_PROV "Intel Hardware Cryptographic Service Provider"
+
+static void readtimer(void);
+static void readscreen(void);
+
+typedef BOOL (WINAPI *CRYPTACQUIRECONTEXT)(HCRYPTPROV *, LPCTSTR, LPCTSTR,
+ DWORD, DWORD);
+typedef BOOL (WINAPI *CRYPTGENRANDOM)(HCRYPTPROV, DWORD, BYTE *);
+typedef BOOL (WINAPI *CRYPTRELEASECONTEXT)(HCRYPTPROV, DWORD);
+
+typedef HWND (WINAPI *GETFOREGROUNDWINDOW)(VOID);
+typedef BOOL (WINAPI *GETCURSORINFO)(PCURSORINFO);
+typedef DWORD (WINAPI *GETQUEUESTATUS)(UINT);
+
+typedef HANDLE (WINAPI *CREATETOOLHELP32SNAPSHOT)(DWORD, DWORD);
+typedef BOOL (WINAPI *HEAP32FIRST)(LPHEAPENTRY32, DWORD, DWORD);
+typedef BOOL (WINAPI *HEAP32NEXT)(LPHEAPENTRY32);
+typedef BOOL (WINAPI *HEAP32LIST)(HANDLE, LPHEAPLIST32);
+typedef BOOL (WINAPI *PROCESS32)(HANDLE, LPPROCESSENTRY32);
+typedef BOOL (WINAPI *THREAD32)(HANDLE, LPTHREADENTRY32);
+typedef BOOL (WINAPI *MODULE32)(HANDLE, LPMODULEENTRY32);
+
+int RAND_poll(void)
+{
+ MEMORYSTATUS m;
+ HCRYPTPROV hProvider = 0;
+ BYTE buf[64];
+ DWORD w;
+ HWND h;
+
+ HMODULE advapi, kernel, user;
+ CRYPTACQUIRECONTEXT acquire;
+ CRYPTGENRANDOM gen;
+ CRYPTRELEASECONTEXT release;
+
+ /* load functions dynamically - not available on all systems */
+ advapi = GetModuleHandle("ADVAPI32.DLL");
+ kernel = GetModuleHandle("KERNEL32.DLL");
+ user = GetModuleHandle("USER32.DLL");
+
+ if (advapi)
+ {
+ acquire = (CRYPTACQUIRECONTEXT) GetProcAddress(advapi,
+ "CryptAcquireContextA");
+ gen = (CRYPTGENRANDOM) GetProcAddress(advapi,
+ "CryptGenRandom");
+ release = (CRYPTRELEASECONTEXT) GetProcAddress(advapi,
+ "CryptReleaseContext");
+ }
+
+ if (acquire && gen && release)
+ {
+ /* poll the CryptoAPI PRNG */
+ if (acquire(&hProvider, 0, 0, PROV_RSA_FULL,
+ CRYPT_VERIFYCONTEXT))
+ {
+ if (gen(hProvider, sizeof(buf), buf) != 0)
+ {
+ RAND_add(buf, sizeof(buf), 0);
+#ifdef DEBUG
+ printf("randomness from PROV_RSA_FULL\n");
#endif
+ }
+ release(hProvider, 0);
+ }
+
+ /* poll the Pentium PRG with CryptoAPI */
+ if (acquire(&hProvider, 0, INTEL_DEF_PROV, PROV_INTEL_SEC, 0))
+ {
+ if (gen(hProvider, sizeof(buf), buf) != 0)
+ {
+ RAND_add(buf, sizeof(buf), 0);
+#ifdef DEBUG
+ printf("randomness from PROV_INTEL_SEC\n");
+#endif
+ }
+ release(hProvider, 0);
+ }
+ }
+
+ /* timer data */
+ readtimer();
+
+ /* memory usage statistics */
+ GlobalMemoryStatus(&m);
+ RAND_add(&m, sizeof(m), 1);
+
+ /* process ID */
+ w = GetCurrentProcessId();
+ RAND_add(&w, sizeof(w), 0);
+
+ if (user)
+ {
+ GETCURSORINFO cursor;
+ GETFOREGROUNDWINDOW win;
+ GETQUEUESTATUS queue;
+
+ win = (GETFOREGROUNDWINDOW) GetProcAddress(user, "GetForegroundWindow");
+ cursor = (GETCURSORINFO) GetProcAddress(user, "GetCursorInfo");
+ queue = (GETQUEUESTATUS) GetProcAddress(user, "GetQueueStatus");
+
+ if (win)
+ {
+ /* window handle */
+ h = win();
+ RAND_add(&h, sizeof(h), 0);
+ }
+
+ if (cursor)
+ {
+ /* cursor position */
+ cursor(buf);
+ RAND_add(buf, sizeof(buf), 0);
+ }
+
+ if (queue)
+ {
+ /* message queue status */
+ w = queue(QS_ALLEVENTS);
+ RAND_add(&w, sizeof(w), 0);
+ }
+ }
+
+ /* Toolhelp32 snapshot: enumerate processes, threads, modules and heap
+ * http://msdn.microsoft.com/library/psdk/winbase/toolhelp_5pfd.htm
+ * (Win 9x only, not available on NT)
+ *
+ * This seeding method was proposed in Peter Gutmann, Software
+ * Generation of Practically Strong Random Numbers,
+ * http://www.cs.auckland.ac.nz/~pgut001/pubs/random2.pdf
+ * (The assignment of entropy estimates below is arbitrary, but based
+ * on Peter's analysis the full poll appears to be safe. Additional
+ * interactive seeding is encouraged.)
+ */
+
+ if (kernel)
+ {
+ CREATETOOLHELP32SNAPSHOT snap;
+ HANDLE handle;
+
+ HEAP32FIRST heap_first;
+ HEAP32NEXT heap_next;
+ HEAP32LIST heaplist_first, heaplist_next;
+ PROCESS32 process_first, process_next;
+ THREAD32 thread_first, thread_next;
+ MODULE32 module_first, module_next;
+
+ HEAPLIST32 hlist;
+ HEAPENTRY32 hentry;
+ PROCESSENTRY32 p;
+ THREADENTRY32 t;
+ MODULEENTRY32 m;
+
+ snap = (CREATETOOLHELP32SNAPSHOT)
+ GetProcAddress(kernel, "CreateToolhelp32Snapshot");
+ heap_first = (HEAP32FIRST) GetProcAddress(kernel, "Heap32First");
+ heap_next = (HEAP32NEXT) GetProcAddress(kernel, "Heap32Next");
+ heaplist_first = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListFirst");
+ heaplist_next = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListNext");
+ process_first = (PROCESS32) GetProcAddress(kernel, "Process32First");
+ process_next = (PROCESS32) GetProcAddress(kernel, "Process32Next");
+ thread_first = (THREAD32) GetProcAddress(kernel, "Thread32First");
+ thread_next = (THREAD32) GetProcAddress(kernel, "Thread32Next");
+ module_first = (MODULE32) GetProcAddress(kernel, "Module32First");
+ module_next = (MODULE32) GetProcAddress(kernel, "Module32Next");
+
+ if (snap && heap_first && heap_next && heaplist_first &&
+ heaplist_next && process_first && process_next &&
+ thread_first && thread_next && module_first &&
+ module_next && (handle = snap(TH32CS_SNAPALL,0))
+ != NULL)
+ {
+ /* heap list and heap walking */
+ hlist.dwSize = sizeof(HEAPLIST32);
+ if (heaplist_first(handle, &hlist))
+ do
+ {
+ RAND_add(&hlist, hlist.dwSize, 0);
+ hentry.dwSize = sizeof(HEAPENTRY32);
+ if (heap_first(&hentry,
+ hlist.th32ProcessID,
+ hlist.th32HeapID))
+ do
+ RAND_add(&hentry,
+ hentry.dwSize, 0);
+ while (heap_next(&hentry));
+ } while (heaplist_next(handle,
+ &hlist));
-#if defined(USE_MD5_RAND)
-#include <openssl/md5.h>
-#define MD_DIGEST_LENGTH MD5_DIGEST_LENGTH
-#define MD(a,b,c) MD5(a,b,c)
-#elif defined(USE_SHA1_RAND)
-#include <openssl/sha.h>
-#define MD_DIGEST_LENGTH SHA_DIGEST_LENGTH
-#define MD(a,b,c) SHA1(a,b,c)
-#elif defined(USE_MDC2_RAND)
-#include <openssl/mdc2.h>
-#define MD_DIGEST_LENGTH MDC2_DIGEST_LENGTH
-#define MD(a,b,c) MDC2(a,b,c)
-#elif defined(USE_MD2_RAND)
-#include <openssl/md2.h>
-#define MD_DIGEST_LENGTH MD2_DIGEST_LENGTH
-#define MD(a,b,c) MD2(a,b,c)
+ /* process walking */
+ p.dwSize = sizeof(PROCESSENTRY32);
+ if (process_first(handle, &p))
+ do
+ RAND_add(&p, p.dwSize, 0);
+ while (process_next(handle, &p));
+
+ /* thread walking */
+ t.dwSize = sizeof(THREADENTRY32);
+ if (thread_first(handle, &t))
+ do
+ RAND_add(&t, t.dwSize, 0);
+ while (thread_next(handle, &t));
+
+ /* module walking */
+ m.dwSize = sizeof(MODULEENTRY32);
+ if (module_first(handle, &m))
+ do
+ RAND_add(&m, m.dwSize, 1);
+ while (module_next(handle, &m));
+
+ CloseHandle(handle);
+ }
+ }
+
+#ifdef DEBUG
+ printf("Exiting RAND_poll\n");
#endif
+ return(1);
+}
int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam)
{
double add_entropy=0;
- SYSTEMTIME t;
switch (iMsg)
{
break;
}
- GetSystemTime(&t);
+ readtimer();
RAND_add(&iMsg, sizeof(iMsg), add_entropy);
RAND_add(&wParam, sizeof(wParam), 0);
RAND_add(&lParam, sizeof(lParam), 0);
- RAND_add(&t, sizeof(t), 0);
-
+
return (RAND_status());
}
+void RAND_screen(void) /* function available for backward compatibility */
+{
+ RAND_poll();
+ readscreen();
+}
+
+
+/* feed timing information to the PRNG */
+static void readtimer(void)
+{
+ DWORD w, cyclecount;
+ LARGE_INTEGER l;
+ static int have_perfc = 1;
+#ifndef __GNUC__
+ static int have_tsc = 1;
+
+ if (have_tsc) {
+ __try {
+ __asm {
+ rdtsc
+ mov cyclecount, eax
+ }
+ RAND_add(&cyclecount, sizeof(cyclecount), 1);
+ } __except(EXCEPTION_EXECUTE_HANDLER) {
+ have_tsc = 0;
+ }
+ }
+#else
+# define have_tsc 0
+#endif
+
+ if (have_perfc) {
+ if (QueryPerformanceCounter(&l) == 0)
+ have_perfc = 0;
+ else
+ RAND_add(&l, sizeof(l), 0);
+ }
+
+ if (!have_tsc && !have_perfc) {
+ w = GetTickCount();
+ RAND_add(&w, sizeof(w), 0);
+ }
+}
+
+/* feed screen contents to PRNG */
/*****************************************************************************
- * Initialisation function for the SSL random generator. Takes the contents
- * of the screen as random seed.
*
* Created 960901 by Gertjan van Oosten, gertjan@West.NL, West Consulting B.V.
*
* Microsoft has no warranty obligations or liability for any
* Sample Application Files which are modified.
*/
-/*
- * I have modified the loading of bytes via RAND_seed() mechanism since
- * the original would have been very very CPU intensive since RAND_seed()
- * does an MD5 per 16 bytes of input. The cost to digest 16 bytes is the same
- * as that to digest 56 bytes. So under the old system, a screen of
- * 1024*768*256 would have been CPU cost of approximately 49,000 56 byte MD5
- * digests or digesting 2.7 mbytes. What I have put in place would
- * be 48 16k MD5 digests, or effectively 48*16+48 MD5 bytes or 816 kbytes
- * or about 3.5 times as much.
- * - eric
- */
-void RAND_screen(void)
+
+static void readscreen(void)
{
HDC hScrDC; /* screen DC */
HDC hMemDC; /* memory DC */
/* Copy bitmap bits from memory DC to bmbits */
GetBitmapBits(hBitmap, size, bmbits);
- /* Get the MD5 of the bitmap */
+ /* Get the hash of the bitmap */
MD(bmbits,size,md);
- /* Seed the random generator with the MD5 digest */
- RAND_seed(md, MD_DIGEST_LENGTH);
+ /* Seed the random generator with the hash value */
+ RAND_add(md, MD_DIGEST_LENGTH, 0);
}
OPENSSL_free(bmbits);
DeleteDC(hScrDC);
}
-#else
+#else /* Unix version */
+
+#include <time.h>
+
+int RAND_poll(void)
+{
+ unsigned long l;
+ pid_t curr_pid = getpid();
+#ifdef DEVRANDOM
+ FILE *fh;
+#endif
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
+#ifdef DEVRANDOM
+ /* Use a random entropy pool device. Linux, FreeBSD and OpenBSD
+ * have this. Use /dev/urandom if you can as /dev/random may block
+ * if it runs out of random entries. */
+
+ if ((fh = fopen(DEVRANDOM, "r")) != NULL)
+ {
+ unsigned char tmpbuf[ENTROPY_NEEDED];
+ int n;
+
+ setvbuf(fh, NULL, _IONBF, 0);
+ n=fread((unsigned char *)tmpbuf,1,ENTROPY_NEEDED,fh);
+ fclose(fh);
+ RAND_add(tmpbuf,sizeof tmpbuf,n);
+ memset(tmpbuf,0,n);
+ }
+#endif
+
+ /* put in some default random data, we need more than just this */
+ l=curr_pid;
+ RAND_add(&l,sizeof(l),0);
+ l=getuid();
+ RAND_add(&l,sizeof(l),0);
+
+ l=time(NULL);
+ RAND_add(&l,sizeof(l),0);
+
+#ifdef DEVRANDOM
+ return 1;
+#endif
+ return 0;
+}
#endif
{
if (p[k] != 0x03) break;
}
- if (k == 0)
+ if (k == -1)
{
RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_SSLV3_ROLLBACK_ATTACK);
return(-1);
typedef struct X509_val_st
{
- ASN1_UTCTIME *notBefore;
- ASN1_UTCTIME *notAfter;
+ ASN1_TIME *notBefore;
+ ASN1_TIME *notAfter;
} X509_VAL;
typedef struct X509_pubkey_st
#define X509_TRUST_REJECTED 2
#define X509_TRUST_UNTRUSTED 3
+/* Flags specific to X509_NAME_print_ex() */
+
+/* The field separator information */
+
+#define XN_FLAG_SEP_MASK (0xf << 16)
+
+#define XN_FLAG_COMPAT 0 /* Traditional SSLeay: use old X509_NAME_print */
+#define XN_FLAG_SEP_COMMA_PLUS (1 << 16) /* RFC2253 ,+ */
+#define XN_FLAG_SEP_CPLUS_SPC (2 << 16) /* ,+ spaced: more readable */
+#define XN_FLAG_SEP_SPLUS_SPC (3 << 16) /* ;+ spaced */
+#define XN_FLAG_SEP_MULTILINE (4 << 16) /* One line per field */
+
+#define XN_FLAG_DN_REV (1 << 20) /* Reverse DN order */
+
+/* How the field name is shown */
+
+#define XN_FLAG_FN_MASK (0x3 << 21)
+
+#define XN_FLAG_FN_SN 0 /* Object short name */
+#define XN_FLAG_FN_LN (1 << 21) /* Object long name */
+#define XN_FLAG_FN_OID (2 << 21) /* Always use OIDs */
+#define XN_FLAG_FN_NONE (3 << 21) /* No field names */
+
+#define XN_FLAG_SPC_EQ (1 << 23) /* Put spaces round '=' */
+
+/* This determines if we dump fields we don't recognise:
+ * RFC2253 requires this.
+ */
+
+#define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24)
+
+/* Complete set of RFC2253 flags */
+
+#define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \
+ XN_FLAG_SEP_COMMA_PLUS | \
+ XN_FLAG_DN_REV | \
+ XN_FLAG_FN_SN | \
+ XN_FLAG_DUMP_UNKNOWN_FIELDS)
+
+/* readable oneline form */
+
+#define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \
+ ASN1_STRFLGS_ESC_QUOTE | \
+ XN_FLAG_SEP_CPLUS_SPC | \
+ XN_FLAG_SPC_EQ | \
+ XN_FLAG_FN_SN)
+
+/* readable multiline form */
+
+#define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \
+ ASN1_STRFLGS_ESC_MSB | \
+ XN_FLAG_SEP_MULTILINE | \
+ XN_FLAG_SPC_EQ | \
+ XN_FLAG_FN_LN)
+
typedef struct X509_revoked_st
{
ASN1_INTEGER *serialNumber;
- ASN1_UTCTIME *revocationDate;
+ ASN1_TIME *revocationDate;
STACK_OF(X509_EXTENSION) /* optional */ *extensions;
int sequence; /* load sequence */
} X509_REVOKED;
ASN1_INTEGER *version;
X509_ALGOR *sig_alg;
X509_NAME *issuer;
- ASN1_UTCTIME *lastUpdate;
- ASN1_UTCTIME *nextUpdate;
+ ASN1_TIME *lastUpdate;
+ ASN1_TIME *nextUpdate;
STACK_OF(X509_REVOKED) *revoked;
STACK_OF(X509_EXTENSION) /* [0] */ *extensions;
} X509_CRL_INFO;
#endif /* !SSLEAY_MACROS */
-int X509_cmp_current_time(ASN1_UTCTIME *s);
-ASN1_UTCTIME * X509_gmtime_adj(ASN1_UTCTIME *s, long adj);
+int X509_cmp_current_time(ASN1_TIME *s);
+ASN1_TIME * X509_gmtime_adj(ASN1_TIME *s, long adj);
const char * X509_get_default_cert_area(void );
const char * X509_get_default_cert_dir(void );
X509_NAME * X509_get_issuer_name(X509 *a);
int X509_set_subject_name(X509 *x, X509_NAME *name);
X509_NAME * X509_get_subject_name(X509 *a);
-int X509_set_notBefore(X509 *x, ASN1_UTCTIME *tm);
-int X509_set_notAfter(X509 *x, ASN1_UTCTIME *tm);
+int X509_set_notBefore(X509 *x, ASN1_TIME *tm);
+int X509_set_notAfter(X509 *x, ASN1_TIME *tm);
int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
EVP_PKEY * X509_get_pubkey(X509 *x);
int X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */);
int X509_print_fp(FILE *bp,X509 *x);
int X509_CRL_print_fp(FILE *bp,X509_CRL *x);
int X509_REQ_print_fp(FILE *bp,X509_REQ *req);
+int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags);
#endif
#ifndef NO_BIO
int X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
+int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags);
int X509_print(BIO *bp,X509 *x);
int X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent);
int X509_CRL_print(BIO *bp,X509_CRL *x);
return(X509_NAME_set(&x->cert_info->subject,name));
}
-int X509_set_notBefore(X509 *x, ASN1_UTCTIME *tm)
+int X509_set_notBefore(X509 *x, ASN1_TIME *tm)
{
- ASN1_UTCTIME *in;
+ ASN1_TIME *in;
if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
in=x->cert_info->validity->notBefore;
if (in != tm)
{
- in=M_ASN1_UTCTIME_dup(tm);
+ in=M_ASN1_TIME_dup(tm);
if (in != NULL)
{
- M_ASN1_UTCTIME_free(x->cert_info->validity->notBefore);
+ M_ASN1_TIME_free(x->cert_info->validity->notBefore);
x->cert_info->validity->notBefore=in;
}
}
return(in != NULL);
}
-int X509_set_notAfter(X509 *x, ASN1_UTCTIME *tm)
+int X509_set_notAfter(X509 *x, ASN1_TIME *tm)
{
- ASN1_UTCTIME *in;
+ ASN1_TIME *in;
if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
in=x->cert_info->validity->notAfter;
if (in != tm)
{
- in=M_ASN1_UTCTIME_dup(tm);
+ in=M_ASN1_TIME_dup(tm);
if (in != NULL)
{
- M_ASN1_UTCTIME_free(x->cert_info->validity->notAfter);
+ M_ASN1_TIME_free(x->cert_info->validity->notAfter);
x->cert_info->validity->notAfter=in;
}
}
return(ok);
}
-int X509_cmp_current_time(ASN1_UTCTIME *ctm)
+int X509_cmp_current_time(ASN1_TIME *ctm)
{
char *str;
- ASN1_UTCTIME atm;
+ ASN1_TIME atm;
time_t offset;
char buff1[24],buff2[24],*p;
int i,j;
p=buff1;
i=ctm->length;
str=(char *)ctm->data;
- if ((i < 11) || (i > 17)) return(0);
- memcpy(p,str,10);
- p+=10;
- str+=10;
+ if(ctm->type == V_ASN1_UTCTIME) {
+ if ((i < 11) || (i > 17)) return(0);
+ memcpy(p,str,10);
+ p+=10;
+ str+=10;
+ } else {
+ if(i < 13) return 0;
+ memcpy(p,str,12);
+ p+=12;
+ str+=12;
+ }
if ((*str == 'Z') || (*str == '-') || (*str == '+'))
{ *(p++)='0'; *(p++)='0'; }
- else { *(p++)= *(str++); *(p++)= *(str++); }
+ else
+ {
+ *(p++)= *(str++);
+ *(p++)= *(str++);
+ /* Skip any fractional seconds... */
+ if(*str == '.')
+ {
+ str++;
+ while((*str >= '0') && (*str <= '9')) str++;
+ }
+
+ }
*(p++)='Z';
*(p++)='\0';
if (*str == '-')
offset= -offset;
}
- atm.type=V_ASN1_UTCTIME;
+ atm.type=ctm->type;
atm.length=sizeof(buff2);
atm.data=(unsigned char *)buff2;
X509_gmtime_adj(&atm,-offset*60);
- i=(buff1[0]-'0')*10+(buff1[1]-'0');
- if (i < 50) i+=100; /* cf. RFC 2459 */
- j=(buff2[0]-'0')*10+(buff2[1]-'0');
- if (j < 50) j+=100;
+ if(ctm->type == V_ASN1_UTCTIME)
+ {
+ i=(buff1[0]-'0')*10+(buff1[1]-'0');
+ if (i < 50) i+=100; /* cf. RFC 2459 */
+ j=(buff2[0]-'0')*10+(buff2[1]-'0');
+ if (j < 50) j+=100;
- if (i < j) return (-1);
- if (i > j) return (1);
+ if (i < j) return (-1);
+ if (i > j) return (1);
+ }
i=strcmp(buff1,buff2);
if (i == 0) /* wait a second then return younger :-) */
return(-1);
return(i);
}
-ASN1_UTCTIME *X509_gmtime_adj(ASN1_UTCTIME *s, long adj)
+ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)
{
time_t t;
time(&t);
t+=adj;
- return(ASN1_UTCTIME_set(s,t));
+ if(s->type == V_ASN1_UTCTIME) return(ASN1_UTCTIME_set(s,t));
+ return ASN1_GENERALIZEDTIME_set(s, t);
}
int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
calls the B<ca> program to sign a certificate request. It expects the request
to be in the file "newreq.pem". The new certificate is written to the file
-"newcert.pem" except in the case of the B<-xcert> option when it is written
+"newcert.pem" except in the case of the B<-xsign> option when it is written
to standard output.
=item B<-signcert>
enter cacert.pem when prompted for the CA file name.
-Create a DSA certificate request and privat key (a different set of parameters
+Create a DSA certificate request and private key (a different set of parameters
can optionally be created first):
openssl req -out newreq.pem -newkey dsa:dsap.pem
B<openssl passwd>
[B<-crypt>]
+[B<-1>]
[B<-apr1>]
[B<-salt> I<string>]
[B<-in> I<file>]
run-time or the hash of each password in a list. The password list is
taken from the named file for option B<-in file>, from stdin for
option B<-stdin>, and from the command line otherwise.
-The Unix standard algorithm B<crypt> and the MD5-based B<apr1> algorithm
-are available.
+The Unix standard algorithm B<crypt> and the MD5-based BSD password
+algorithm B<1> and its Apache variant B<apr1> are available.
=head1 OPTIONS
Use the B<crypt> algorithm (default).
+=item B<-1>
+
+Use the MD5 based BSD password algorithm B<1>.
+
=item B<-apr1>
-Use the B<apr1> algorithm.
+Use the B<apr1> algorithm (Apache variant of the BSD algorithm).
=item B<-salt> I<string>
B<openssl passwd -crypt -salt xx password> prints B<xxj31ZMTZzkVA>.
+B<openssl passwd -1 -salt xxxxxxxx password> prints B<$1$xxxxxxxx$8XJIcl6ZXqBMCK0qFevqT1>.
+
B<openssl passwd -apr1 -salt xxxxxxxx password> prints B<$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0>.
=cut
[B<-signer file>]
[B<-recip file>]
[B<-in file>]
+[B<-inform SMIME|PEM|DER>]
[B<-inkey file>]
[B<-out file>]
+[B<-outform SMIME|PEM|DER>]
+[B<-content file>]
[B<-to addr>]
[B<-from ad>]
[B<-subject s>]
the input message to be encrypted or signed or the MIME message to
be decrypted or verified.
+=item B<-inform SMIME|PEM|DER>
+
+this specifies the input format for the PKCS#7 structure. The default
+is B<SMIME> which reads an S/MIME format message. B<PEM> and B<DER>
+format change this to expect PEM and DER format PKCS#7 structures
+instead. This currently only affects the input format of the PKCS#7
+structure, if no PKCS#7 structure is being input (for example with
+B<-encrypt> or B<-sign>) this option has no effect.
+
=item B<-out filename>
the message text that has been decrypted or verified or the output MIME
format message that has been signed or verified.
+=item B<-outform SMIME|PEM|DER>
+
+this specifies the output format for the PKCS#7 structure. The default
+is B<SMIME> which write an S/MIME format message. B<PEM> and B<DER>
+format change this to write PEM and DER format PKCS#7 structures
+instead. This currently only affects the output format of the PKCS#7
+structure, if no PKCS#7 structure is being output (for example with
+B<-verify> or B<-decrypt>) this option has no effect.
+
+=item B<-content filename>
+
+This specifies a file containing the detached content, this is only
+useful with the B<-verify> command. This is only usable if the PKCS#7
+structure is using the detached signature form where the content is
+not included. This option will override any content if the input format
+is S/MIME and it uses the multipart/signed MIME content type.
+
=item B<-text>
this option adds plain text (text/plain) MIME headers to the supplied
achieve the correct format.
The supplied message to be signed or encrypted must include the
-necessary MIME headers: or many S/MIME clients wont display it
+necessary MIME headers or many S/MIME clients wont display it
properly (if at all). You can use the B<-text> option to automatically
add plain text headers.
openssl smime -decrypt -in mail.msg -recip mycert.pem -inkey key.pem
+The output from Netscape form signing is a PKCS#7 structure with the
+detached signature format. You can use this program to verify the
+signature by line wrapping the base64 encoded structure and surrounding
+it with:
+
+ -----BEGIN PKCS7----
+ -----END PKCS7----
+
+and using the command,
+
+ openssl smime -verify -inform PEM -in signature.pem -content content.txt
+
+alternatively you can base64 decode the signature and use
+
+ openssl smime -verify -inform DER -in signature.der -content content.txt
+
=head1 BUGS
The MIME parser isn't very clever: it seems to handle most messages that I've thrown
[B<-hash>]
[B<-subject>]
[B<-issuer>]
+[B<-nameopt option>]
[B<-email>]
[B<-startdate>]
[B<-enddate>]
outputs the issuer name.
+=item B<-nameopt option>
+
+option which determine how the subject or issuer names are displayed. This
+option may be used more than once to set multiple options. See the B<NAME
+OPTIONS> section for more information.
+
=item B<-email>
outputs the email address(es) if any.
=back
+=head1 NAME OPTIONS
+
+The B<nameopt> command line switch determines how the subject and issuer
+names are displayed. If no B<nameopt> switch is present the default "oneline"
+format is used which is compatible with previous versions of OpenSSL.
+Each option is described in detail below, all options can be preceded by
+a B<-> to turn the option off. Only the first four will normally be used.
+
+=over 4
+
+=item B<compat>
+
+use the old format. This is equivalent to specifying no name options at all.
+
+=item B<RFC2253>
+
+displays names compatible with RFC2253 equivalent to B<esc_2253>, B<esc_ctrl>,
+B<esc_msb>, B<utf8>, B<dump_nostr>, B<dump_unknown>, B<dump_der>,
+B<sep_comma_plus>, B<dn_rev> and B<sname>.
+
+=item B<oneline>
+
+a oneline format which is more readable than RFC2253. It is equivalent to
+specifying the B<esc_2253>, B<esc_ctrl>, B<esc_msb>, B<utf8>, B<dump_nostr>,
+B<dump_der>, B<use_quote>, B<sep_comma_plus_spc>, B<spc_eq> and B<sname>
+options.
+
+=item B<multiline>
+
+a multiline format. It is equivalent B<esc_ctrl>, B<esc_msb>, B<sep_multiline>,
+B<spc_eq> and B<lname>.
+
+=item B<esc_2253>
+
+escape the "special" characters required by RFC2253 in a field That is
+B<,+"E<lt>E<gt>;>. Additionally B<#> is escaped at the beginnging of a string
+and a space character at the beginning or end of a string.
+
+=item B<esc_ctrl>
+
+escape and control characters. That is those with ASCII values less than
+0x20 (space) and the delete (0x7f) character. They are escaped using the
+RFC2253 \XX notation (where XX are two hex digits representing the
+character value).
+
+=item B<esc_msb>
+
+escape characters with the MSB set, that is with ASCII values larger than
+127.
+
+=item B<use_quote>
+
+escapes some characters by surrounding the whole string with B<"> characters,
+without the option all escaping is done with the B<\> character.
+
+=item B<utf8>
+
+convert all strings to UTF8 format first. This is required by RFC2253. If
+you are lucky enough to have a UTF8 compatible terminal then the use
+of this option (and B<not> setting B<esc_msb>) may result in the correct
+display of multibyte (international) characters. Is this option is not
+present then multibyte characters larger than 0xff will be represented
+using the format \UXXXX for 16 bits and \WXXXXXXXX for 32 bits.
+Also if this option is off any UTF8Strings will be converted to their
+character form first.
+
+=item B<no_type>
+
+this option does not attempt to interpret multibyte characters in any
+way. That is their content octets are merely dumped as though one octet
+represents each character. This is useful for diagnostic purposes but
+will result in rather odd looking output.
+
+=item B<show_type>
+
+show the type of the ASN1 character string. The type precedes the
+field contents. For example "BMPSTRING: Hello World".
+
+=item B<dump_der>
+
+when this option is set any fields that need to be hexdumped will
+be dumped using the DER encoding of the field. Otherwise just the
+content octets will be displayed. Both options use the RFC2253
+B<#XXXX...> format.
+
+=item B<dump_nostr>
+
+dump non character string types (for example OCTET STRING) if this
+option is not set then non character string types will be displayed
+as though each content octet repesents a single character.
+
+=item B<dump_all>
+
+dump all fields. This option when used with B<dump_der> allows the
+DER encoding of the structure to be unambiguously determined.
+
+=item B<dump_unknown>
+
+dump any field whose OID is not recognised by OpenSSL.
+
+=item B<sep_comma_plus>, B<sep_comma_plus_space>, B<sep_semi_plus_space>,
+B<sep_multiline>
+
+these options determine the field separators. The first character is
+between RDNs and the second between multiple AVAs (multiple AVAs are
+very rare and their use is discouraged). The options ending in
+"space" additionally place a space after the separator to make it
+more readable. The B<sep_multiline> uses a linefeed character for
+the RDN separator and a spaced B<+> for the AVA separator. It also
+indents the fields by four characters.
+
+=item B<dn_rev>
+
+reverse the fields of the DN. This is required by RFC2253. As a side
+effect this also reveress the order of multiple AVAs but this is
+permissible.
+
+=item B<nofname>, B<sname>, B<lname>, B<oid>
+
+these options alter how the field name is displayed. B<nofname> does
+not display the field at all. B<sname> uses the "short name" form
+(CN for commonName for example). B<lname> uses the long form.
+B<oid> represents the OID in numerical form and is useful for
+diagnostic purpose.
+
+=item B<spc_eq>
+
+places spaces round the B<=> character which follows the field
+name.
+
+=back
+
=head1 EXAMPLES
Note: in these examples the '\' means the example should be all on one
openssl x509 -in cert.pem -noout -serial
+Display the certificate subject name:
+
+ openssl x509 -in cert.pem -noout -subject
+
+Display the certificate subject name in RFC2253 form:
+
+ openssl x509 -in cert.pem -noout -subject -nameopt RFC2253
+
+Display the certificate subject name in oneline form on a terminal
+supporting UTF8:
+
+ openssl x509 -in cert.pem -noout -subject -nameopt oneline -nameopt -escmsb
+
Display the certificate MD5 fingerprint:
openssl x509 -in cert.pem -noout -fingerprint
-----BEGIN TRUSTED CERTIFICATE----
-----END TRUSTED CERTIFICATE----
+The conversion to UTF8 format used with the name options assumes that
+T61Strings use the ISO8859-1 character set. This is wrong but Netscape
+and MSIE do this as do many certificates. So although this is incorrect
+it is more likely to display the majority of certificates correctly.
+
The B<-fingerprint> option takes the digest of the DER encoded certificate.
This is commonly called a "fingerprint". Because of the nature of message
digests the fingerprint of a certificate is unique to that certificate and
=head1 BUGS
-The way DNs are printed is in a "historical SSLeay" format which doesn't
-follow any published standard. It should follow some standard like RFC2253
-or RFC1779 with options to make the stuff more readable.
-
Extensions in certificates are not transferred to certificate requests and
vice versa.
Profile. R. Housley, W. Ford, W. Polk, D. Solo. January 1999.
(Format: TXT=278438 bytes) (Status: PROPOSED STANDARD)
+PKCS#8: Private-Key Information Syntax Standard
+
PKCS#12: Personal Information Exchange Syntax Standard, version 1.0.
}
s->state=SSL2_ST_GET_SERVER_HELLO_A;
- s->s2->ssl2_rollback=1;
+ if (!(s->client_version == SSL2_VERSION))
+ /* use special padding (SSL 3.0 draft/RFC 2246, App. E.2) */
+ s->s2->ssl2_rollback=1;
/* setup the 5 bytes we have read so we get them from
* the sslv2 buffer */
s->state=SSL2_ST_GET_CLIENT_HELLO_A;
if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) ||
- use_sslv2_strong)
+ use_sslv2_strong ||
+ (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3))
s->s2->ssl2_rollback=0;
else
+ /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0
+ * (SSL 3.0 draft/RFC 2246, App. E.2) */
s->s2->ssl2_rollback=1;
/* setup the n bytes we have read so we get them from
CRYPTO_get_dynlock_destroy_callback 2418
CRYPTO_get_dynlock_value 2419
CRYPTO_get_dynlock_create_callback 2420
-ERR_load_ENGINE_strings 2421
-ENGINE_set_DSA 2422
-ENGINE_get_default_RSA 2423
-ENGINE_get_BN_mod_exp 2424
-DSA_get_default_openssl_method 2425
-ENGINE_set_DH 2426
-ENGINE_set_default_BN_mod_exp_crt 2427
-ENGINE_init 2428
-DH_get_default_openssl_method 2429
-RSA_set_default_openssl_method 2430
-ENGINE_finish 2431
-ENGINE_get_DH 2432
-ENGINE_set_default_DSA 2433
-ENGINE_get_name 2434
-ENGINE_get_last 2435
-ENGINE_get_prev 2436
-ENGINE_get_default_DH 2437
-ENGINE_get_RSA 2438
-ENGINE_set_default 2439
-ENGINE_get_RAND 2440
-ENGINE_get_first 2441
-ENGINE_by_id 2442
-ENGINE_get_default_BN_mod_exp_crt 2443
-RSA_get_default_openssl_method 2444
-ENGINE_set_RSA 2445
-ENGINE_set_default_RAND 2446
-ENGINE_set_BN_mod_exp 2447
-ENGINE_remove 2448
-ENGINE_free 2449
-ENGINE_get_BN_mod_exp_crt 2450
-ENGINE_get_next 2451
-ENGINE_set_name 2452
-ENGINE_get_default_DSA 2453
-ENGINE_set_default_BN_mod_exp 2454
-ENGINE_set_default_RSA 2455
-ENGINE_get_default_RAND 2456
-ENGINE_get_default_BN_mod_exp 2457
-ENGINE_set_RAND 2458
-ENGINE_set_id 2459
-ENGINE_set_BN_mod_exp_crt 2460
-ENGINE_set_default_DH 2461
-ENGINE_new 2462
-ENGINE_get_id 2463
-DSA_set_default_openssl_method 2464
-ENGINE_add 2465
-DH_set_default_openssl_method 2466
-ENGINE_get_DSA 2467
-ENGINE_ctrl 2468
-ENGINE_get_finish_function 2469
-ENGINE_get_init_function 2470
-ENGINE_set_init_function 2471
-ENGINE_set_finish_function 2472
-ENGINE_get_ctrl_function 2473
-ENGINE_set_ctrl_function 2474
-ENGINE_load_public_key 2475
-ENGINE_load_private_key 2476
-c2i_ASN1_BIT_STRING 2477
-i2c_ASN1_BIT_STRING 2478
-c2i_ASN1_INTEGER 2479
-i2c_ASN1_INTEGER 2480
+c2i_ASN1_BIT_STRING 2421
+i2c_ASN1_BIT_STRING 2422
+RAND_poll 2423
+c2i_ASN1_INTEGER 2424
+i2c_ASN1_INTEGER 2425
+ERR_load_ENGINE_strings 2426
+ENGINE_set_DSA 2427
+ENGINE_get_finish_function 2428
+ENGINE_get_default_RSA 2429
+BIO_dump_indent 2430
+ENGINE_get_BN_mod_exp 2431
+ASN1_parse_dump 2432
+DSA_get_default_openssl_method 2433
+c2i_ASN1_OBJECT 2434
+ENGINE_set_DH 2435
+ENGINE_set_default_BN_mod_exp_crt 2436
+ENGINE_init 2437
+DH_get_default_openssl_method 2438
+RSA_set_default_openssl_method 2439
+ENGINE_finish 2440
+ENGINE_load_public_key 2441
+ENGINE_get_DH 2442
+ENGINE_ctrl 2443
+ENGINE_get_init_function 2444
+ENGINE_set_init_function 2445
+ENGINE_set_default_DSA 2446
+ENGINE_get_name 2447
+ENGINE_get_last 2448
+ENGINE_get_prev 2449
+ENGINE_get_default_DH 2450
+ENGINE_get_RSA 2451
+X509_NAME_print_ex_fp 2452
+ASN1_STRING_print_ex_fp 2453
+ENGINE_set_default 2454
+ENGINE_get_RAND 2455
+ENGINE_get_first 2456
+ENGINE_by_id 2457
+ENGINE_set_finish_function 2458
+ENGINE_get_default_BN_mod_exp_crt 2459
+RSA_get_default_openssl_method 2460
+ENGINE_set_RSA 2461
+ENGINE_load_private_key 2462
+ENGINE_set_default_RAND 2463
+ENGINE_set_BN_mod_exp 2464
+ENGINE_remove 2465
+ENGINE_free 2466
+ENGINE_get_BN_mod_exp_crt 2467
+ENGINE_get_next 2468
+ENGINE_set_name 2469
+ENGINE_get_default_DSA 2470
+ENGINE_set_default_BN_mod_exp 2471
+ENGINE_set_default_RSA 2472
+ENGINE_get_default_RAND 2473
+ENGINE_get_default_BN_mod_exp 2474
+ENGINE_set_RAND 2475
+ENGINE_set_id 2476
+X509_NAME_print_ex 2477
+ENGINE_set_BN_mod_exp_crt 2478
+ENGINE_set_default_DH 2479
+ENGINE_new 2480
+ENGINE_get_id 2481
+DSA_set_default_openssl_method 2482
+ENGINE_add 2483
+DH_set_default_openssl_method 2484
+ASN1_STRING_print_ex 2485
+ENGINE_get_DSA 2486
+ENGINE_get_ctrl_function 2487
+ENGINE_set_ctrl_function 2488
no-err - No error strings
dll/shlib - Build shared libraries (MS)
debug - Debug build
+ profile - Profiling build
gcc - Use Gcc (unix)
rsaref - Build to require RSAref
$cflags.=" -DNO_ERR" if $no_err;
$cflags.=" -DRSAref" if $rsaref ne "";
-if ($unix)
- { $cflags="$c_flags" if ($c_flags ne ""); }
-else { $cflags="$c_flags$cflags" if ($c_flags ne ""); }
+## if ($unix)
+## { $cflags="$c_flags" if ($c_flags ne ""); }
+##else
+ { $cflags="$c_flags$cflags" if ($c_flags ne ""); }
$ex_libs="$l_flags$ex_libs" if ($l_flags ne "");
elsif (/^rsaref$/) { $rsaref=1; }
elsif (/^gcc$/) { $gcc=1; }
elsif (/^debug$/) { $debug=1; }
+ elsif (/^profile$/) { $profile=1; }
elsif (/^shlib$/) { $shlib=1; }
elsif (/^dll$/) { $shlib=1; }
+ elsif (/^shared$/) { } # We just need to ignore it for now...
elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; }
elsif (/^-[lL].*$/) { $l_flags.="$_ "; }
elsif ((!/^-help/) && (!/^-h/) && (!/^-\?/) && /^-.*$/)
next if($hdr eq "NONE");
print STDERR "Scanning header file $hdr\n" if $debug;
open(IN, "<$hdr") || die "Can't open Header file $hdr\n";
- my $line = "", $def= "";
+ my $line = "", $def= "", $linenr = 0;
while(<IN>) {
+ $linenr++;
+ print STDERR "line: $linenr\r" if $debug;
+
last if(/BEGIN\s+ERROR\s+CODES/);
if ($line ne '') {
$_ = $line . $_;
}
}
+ print STDERR " \r" if $debug;
+ $defnr = 0;
foreach (split /;/, $def) {
+ $defnr++;
+ print STDERR "def: $defnr\r" if $debug;
+
s/^[\n\s]*//g;
s/[\n\s]*$//g;
next if(/typedef\W/);
}
}
+ print STDERR " \r" if $debug;
+
next if $reindex;
# Scan function and reason codes and store them: keep a note of the
$cc='gcc';
if ($debug)
{ $cflags="-g2 -ggdb -DREF_CHECK -DCRYPTO_MDEBUG"; }
+elsif ($profile)
+ { $cflags="-pg -O3"; }
else
{ $cflags="-O3 -fomit-frame-pointer"; }
projects / oweals / openssl.git / commitdiff