Merge commit 'f29c4f9afe6fbcc8c9b2a969289fc99ada05cb21' as 'lib/openssl'
This commit is contained in:
Коммит
7ded10e75f
|
@ -0,0 +1,120 @@
|
|||
# Object files
|
||||
*.o
|
||||
*.obj
|
||||
|
||||
# editor artefacts
|
||||
*.swp
|
||||
.#*
|
||||
#*#
|
||||
*~
|
||||
/.dir-locals.el
|
||||
|
||||
# Top level excludes
|
||||
/Makefile.bak
|
||||
/Makefile
|
||||
/MINFO
|
||||
/*.a
|
||||
/include
|
||||
/*.pc
|
||||
/rehash.time
|
||||
/inc.*
|
||||
/makefile.*
|
||||
/out.*
|
||||
/tmp.*
|
||||
|
||||
# Most *.c files under test/ are symlinks
|
||||
/test/*.c
|
||||
# Apart from these
|
||||
!/test/asn1test.c
|
||||
!/test/methtest.c
|
||||
!/test/dummytest.c
|
||||
!/test/igetest.c
|
||||
!/test/r160test.c
|
||||
!/test/fips_algvs.c
|
||||
!/test/ssltestlib.c
|
||||
|
||||
/test/*.ss
|
||||
/test/*.srl
|
||||
/test/.rnd
|
||||
/test/test*.pem
|
||||
/test/newkey.pem
|
||||
|
||||
# Certificate symbolic links
|
||||
*.0
|
||||
|
||||
# Links under apps
|
||||
/apps/CA.pl
|
||||
/apps/md4.c
|
||||
|
||||
|
||||
# Auto generated headers
|
||||
/crypto/buildinf.h
|
||||
/crypto/opensslconf.h
|
||||
|
||||
# Auto generated assembly language source files
|
||||
*.s
|
||||
!/crypto/bn/asm/pa-risc2.s
|
||||
!/crypto/bn/asm/pa-risc2W.s
|
||||
crypto/aes/asm/a_win32.asm
|
||||
crypto/bf/asm/b_win32.asm
|
||||
crypto/bn/asm/bn_win32.asm
|
||||
crypto/bn/asm/co_win32.asm
|
||||
crypto/bn/asm/mt_win32.asm
|
||||
crypto/cast/asm/c_win32.asm
|
||||
crypto/cpu_win32.asm
|
||||
crypto/des/asm/d_win32.asm
|
||||
crypto/des/asm/y_win32.asm
|
||||
crypto/md5/asm/m5_win32.asm
|
||||
crypto/rc4/asm/r4_win32.asm
|
||||
crypto/rc5/asm/r5_win32.asm
|
||||
crypto/ripemd/asm/rm_win32.asm
|
||||
crypto/sha/asm/s1_win32.asm
|
||||
crypto/sha/asm/sha512-sse2.asm
|
||||
|
||||
# Executables
|
||||
/apps/openssl
|
||||
/test/sha256t
|
||||
/test/sha512t
|
||||
/test/*test
|
||||
/test/fips_aesavs
|
||||
/test/fips_desmovs
|
||||
/test/fips_dhvs
|
||||
/test/fips_drbgvs
|
||||
/test/fips_dssvs
|
||||
/test/fips_ecdhvs
|
||||
/test/fips_ecdsavs
|
||||
/test/fips_rngvs
|
||||
/test/fips_test_suite
|
||||
*.so*
|
||||
*.dylib*
|
||||
*.dll*
|
||||
# Exceptions
|
||||
!/test/bctest
|
||||
!/crypto/des/times/486-50.sol
|
||||
|
||||
# Misc auto generated files
|
||||
/tools/c_rehash
|
||||
/test/evptests.txt
|
||||
lib
|
||||
Makefile.save
|
||||
*.bak
|
||||
tags
|
||||
TAGS
|
||||
|
||||
# Windows
|
||||
/tmp32
|
||||
/tmp32.dbg
|
||||
/tmp32dll
|
||||
/tmp32dll.dbg
|
||||
/out32
|
||||
/out32.dbg
|
||||
/out32dll
|
||||
/out32dll.dbg
|
||||
/inc32
|
||||
/MINFO
|
||||
ms/bcb.mak
|
||||
ms/libeay32.def
|
||||
ms/nt.mak
|
||||
ms/ntdll.mak
|
||||
ms/ssleay32.def
|
||||
ms/version32.rc
|
|
@ -0,0 +1,10 @@
|
|||
#! /bin/sh
|
||||
|
||||
# $1 is expected to be $TRAVIS_OS_NAME
|
||||
|
||||
if [ "$1" == osx ]; then
|
||||
make -f Makefile.org \
|
||||
DISTTARVARS="NAME=_srcdist TAR_COMMAND='\$\$(TAR) \$\$(TARFLAGS) -s \"|^|\$\$(NAME)/|\" -T \$\$(TARFILE).list -cvf -' TARFLAGS='-n' TARFILE=_srcdist.tar" SHELL='sh -vx' dist
|
||||
else
|
||||
make -f Makefile.org DISTTARVARS='TARFILE=_srcdist.tar NAME=_srcdist' SHELL='sh -v' dist
|
||||
fi
|
|
@ -0,0 +1,69 @@
|
|||
language: c
|
||||
|
||||
addons:
|
||||
apt_packages:
|
||||
- binutils-mingw-w64
|
||||
- gcc-mingw-w64
|
||||
|
||||
os:
|
||||
- linux
|
||||
|
||||
compiler:
|
||||
- clang
|
||||
- gcc
|
||||
- i686-w64-mingw32-gcc
|
||||
- x86_64-w64-mingw32-gcc
|
||||
|
||||
env:
|
||||
- CONFIG_OPTS=""
|
||||
- CONFIG_OPTS="shared"
|
||||
- CONFIG_OPTS="-d --strict-warnings"
|
||||
|
||||
matrix:
|
||||
exclude:
|
||||
- os: osx
|
||||
compiler: i686-w64-mingw32-gcc
|
||||
- os: osx
|
||||
compiler: x86_64-w64-mingw32-gcc
|
||||
- compiler: i686-w64-mingw32-gcc
|
||||
env: CONFIG_OPTS="-d --strict-warnings"
|
||||
- compiler: x86_64-w64-mingw32-gcc
|
||||
env: CONFIG_OPTS="-d --strict-warnings"
|
||||
|
||||
before_script:
|
||||
- sh .travis-create-release.sh $TRAVIS_OS_NAME
|
||||
- tar -xvzf _srcdist.tar.gz
|
||||
- cd _srcdist
|
||||
- if [ "$CC" == i686-w64-mingw32-gcc ]; then
|
||||
export CROSS_COMPILE=${CC%%gcc}; unset CC;
|
||||
./Configure mingw $CONFIG_OPTS;
|
||||
elif [ "$CC" == x86_64-w64-mingw32-gcc ]; then
|
||||
export CROSS_COMPILE=${CC%%gcc}; unset CC;
|
||||
./Configure mingw64 $CONFIG_OPTS;
|
||||
else
|
||||
if [ "$CC" == gcc ]; then
|
||||
export CONFIG_OPTS="$CONFIG_OPTS -Wno-error=shadow";
|
||||
fi;
|
||||
./config $CONFIG_OPTS;
|
||||
fi
|
||||
- cd ..
|
||||
|
||||
script:
|
||||
- cd _srcdist
|
||||
- if make ; then
|
||||
echo -e '+\057 MAKE OK';
|
||||
else
|
||||
echo -e '+\057 MAKE FAILED'; false;
|
||||
fi;
|
||||
- if [ -z "$CROSS_COMPILE" ]; then
|
||||
if make test; then
|
||||
echo -e '+\057\057 MAKE TEST OK';
|
||||
else
|
||||
echo -e '+\057\057 MAKE TEST FAILED'; false;
|
||||
fi;
|
||||
fi
|
||||
- cd ..
|
||||
|
||||
notifications:
|
||||
email:
|
||||
secure: "xeGNgWO7aoaDgRvcZubposqMsj36aU8c6F0oHfw+rUqltCQ14IgYCUwzocmR2O+Pa7B3Cx5VjMfBFHbQaajZsfod8vu7g+aGq/zkjwbhsr/SR4dljJjFJXLGZjIalm9KgP6KInmVDuINfCqP+MHIY5lZkNI7DMcyHDhVc5nSKvCXV7xTDNgmstvh8rB/z51WfHDqGqfBtiuK5FDNxmvYK8OFJ5W94Lu9LDlizcxwK3GAj7arOui7Z5w8bQ6p4seUE3IvJL1Zbj0pZHxvNb6Zeb2Pn8QF1qLlN8YmBktD4aiw0ce4wYRiL87uLgcOxZY7SVXtv2XYFIYWapU/FKjCqa6vK93V/H9eZWEIYNMKnN3wXm2beqVdnKek3OeGJ8v0y7MbSfuLfRtBqbTSNYnpU1Zuo4MQAvHvEPuwCAYkYQajOSRplMH5sULFKptuVqNtOMfjL8jHb8AEoL1acYIk43ydxeYrzzas4fqgCDJ52573/u0RNdF1lkQBLkuM365OB8VRqtpnoxcdEIY/qBc/8TzZ24fxyrs5qdHFcxGSgpN2EP6cJMqpvkemnCNSdhxUqfzm22N7a3O8+4LFSBGOnHto/PwdsvF/01yGYL0LoZTnoO1i6x7AMJPBh+eyDU0ZjGhj/msjmqeb9C8vRqQ+1WjHrIS1iqCD0Czib8tUPD4="
|
|
@ -0,0 +1,2 @@
|
|||
Please https://www.openssl.org/community/thanks.html for the current
|
||||
acknowledgements.
|
Разница между файлами не показана из-за своего большого размера
Загрузить разницу
|
@ -0,0 +1,968 @@
|
|||
This file contains the changes for the SSLeay library up to version
|
||||
0.9.0b. For later changes, see the file "CHANGES".
|
||||
|
||||
SSLeay CHANGES
|
||||
______________
|
||||
|
||||
Changes between 0.8.x and 0.9.0b
|
||||
|
||||
10-Apr-1998
|
||||
|
||||
I said the next version would go out at easter, and so it shall.
|
||||
I expect a 0.9.1 will follow with portability fixes in the next few weeks.
|
||||
|
||||
This is a quick, meet the deadline. Look to ssl-users for comments on what
|
||||
is new etc.
|
||||
|
||||
eric (about to go bushwalking for the 4 day easter break :-)
|
||||
|
||||
16-Mar-98
|
||||
- Patch for Cray T90 from Wayne Schroeder <schroede@SDSC.EDU>
|
||||
- Lots and lots of changes
|
||||
|
||||
29-Jan-98
|
||||
- ASN1_BIT_STRING_set_bit()/ASN1_BIT_STRING_get_bit() from
|
||||
Goetz Babin-Ebell <babinebell@trustcenter.de>.
|
||||
- SSL_version() now returns SSL2_VERSION, SSL3_VERSION or
|
||||
TLS1_VERSION.
|
||||
|
||||
7-Jan-98
|
||||
- Finally reworked the cipher string to ciphers again, so it
|
||||
works correctly
|
||||
- All the app_data stuff is now ex_data with funcion calls to access.
|
||||
The index is supplied by a function and 'methods' can be setup
|
||||
for the types that are called on XXX_new/XXX_free. This lets
|
||||
applications get notified on creation and destruction. Some of
|
||||
the RSA methods could be implemented this way and I may do so.
|
||||
- Oh yes, SSL under perl5 is working at the basic level.
|
||||
|
||||
15-Dec-97
|
||||
- Warning - the gethostbyname cache is not fully thread safe,
|
||||
but it should work well enough.
|
||||
- Major internal reworking of the app_data stuff. More functions
|
||||
but if you were accessing ->app_data directly, things will
|
||||
stop working.
|
||||
- The perlv5 stuff is working. Currently on message digests,
|
||||
ciphers and the bignum library.
|
||||
|
||||
9-Dec-97
|
||||
- Modified re-negotiation so that server initated re-neg
|
||||
will cause a SSL_read() to return -1 should retry.
|
||||
The danger otherwise was that the server and the
|
||||
client could end up both trying to read when using non-blocking
|
||||
sockets.
|
||||
|
||||
4-Dec-97
|
||||
- Lots of small changes
|
||||
- Fix for binaray mode in Windows for the FILE BIO, thanks to
|
||||
Bob Denny <rdenny@dc3.com>
|
||||
|
||||
17-Nov-97
|
||||
- Quite a few internal cleanups, (removal of errno, and using macros
|
||||
defined in e_os.h).
|
||||
- A bug in ca.c, pointed out by yasuyuki-ito@d-cruise.co.jp, where
|
||||
the automactic naming out output files was being stuffed up.
|
||||
|
||||
29-Oct-97
|
||||
- The Cast5 cipher has been added. MD5 and SHA-1 are now in assember
|
||||
for x86.
|
||||
|
||||
21-Oct-97
|
||||
- Fixed a bug in the BIO_gethostbyname() cache.
|
||||
|
||||
15-Oct-97
|
||||
- cbc mode for blowfish/des/3des is now in assember. Blowfish asm
|
||||
has also been improved. At this point in time, on the pentium,
|
||||
md5 is %80 faster, the unoptimesed sha-1 is %79 faster,
|
||||
des-cbc is %28 faster, des-ede3-cbc is %9 faster and blowfish-cbc
|
||||
is %62 faster.
|
||||
|
||||
12-Oct-97
|
||||
- MEM_BUF_grow() has been fixed so that it always sets the buf->length
|
||||
to the value we are 'growing' to. Think of MEM_BUF_grow() as the
|
||||
way to set the length value correctly.
|
||||
|
||||
10-Oct-97
|
||||
- I now hash for certificate lookup on the raw DER encoded RDN (md5).
|
||||
This breaks things again :-(. This is efficent since I cache
|
||||
the DER encoding of the RDN.
|
||||
- The text DN now puts in the numeric OID instead of UNKNOWN.
|
||||
- req can now process arbitary OIDs in the config file.
|
||||
- I've been implementing md5 in x86 asm, much faster :-).
|
||||
- Started sha1 in x86 asm, needs more work.
|
||||
- Quite a few speedups in the BN stuff. RSA public operation
|
||||
has been made faster by caching the BN_MONT_CTX structure.
|
||||
The calulating of the Ai where A*Ai === 1 mod m was rather
|
||||
expensive. Basically a 40-50% speedup on public operations.
|
||||
The RSA speedup is now 15% on pentiums and %20 on pentium
|
||||
pro.
|
||||
|
||||
30-Sep-97
|
||||
- After doing some profiling, I added x86 adm for bn_add_words(),
|
||||
which just adds 2 arrays of longs together. A %10 speedup
|
||||
for 512 and 1024 bit RSA on the pentium pro.
|
||||
|
||||
29-Sep-97
|
||||
- Converted the x86 bignum assembler to us the perl scripts
|
||||
for generation.
|
||||
|
||||
23-Sep-97
|
||||
- If SSL_set_session() is passed a NULL session, it now clears the
|
||||
current session-id.
|
||||
|
||||
22-Sep-97
|
||||
- Added a '-ss_cert file' to apps/ca.c. This will sign selfsigned
|
||||
certificates.
|
||||
- Bug in crypto/evp/encode.c where by decoding of 65 base64
|
||||
encoded lines, one line at a time (via a memory BIO) would report
|
||||
EOF after the first line was decoded.
|
||||
- Fix in X509_find_by_issuer_and_serial() from
|
||||
Dr Stephen Henson <shenson@bigfoot.com>
|
||||
|
||||
19-Sep-97
|
||||
- NO_FP_API and NO_STDIO added.
|
||||
- Put in sh config command. It auto runs Configure with the correct
|
||||
parameters.
|
||||
|
||||
18-Sep-97
|
||||
- Fix x509.c so if a DSA cert has different parameters to its parent,
|
||||
they are left in place. Not tested yet.
|
||||
|
||||
16-Sep-97
|
||||
- ssl_create_cipher_list() had some bugs, fixes from
|
||||
Patrick Eisenacher <eisenach@stud.uni-frankfurt.de>
|
||||
- Fixed a bug in the Base64 BIO, where it would return 1 instead
|
||||
of -1 when end of input was encountered but should retry.
|
||||
Basically a Base64/Memory BIO interaction problem.
|
||||
- Added a HMAC set of functions in preporarion for TLS work.
|
||||
|
||||
15-Sep-97
|
||||
- Top level makefile tweak - Cameron Simpson <cs@zip.com.au>
|
||||
- Prime generation spead up %25 (512 bit prime, pentium pro linux)
|
||||
by using montgomery multiplication in the prime number test.
|
||||
|
||||
11-Sep-97
|
||||
- Ugly bug in ssl3_write_bytes(). Basically if application land
|
||||
does a SSL_write(ssl,buf,len) where len > 16k, the SSLv3 write code
|
||||
did not check the size and tried to copy the entire buffer.
|
||||
This would tend to cause memory overwrites since SSLv3 has
|
||||
a maximum packet size of 16k. If your program uses
|
||||
buffers <= 16k, you would probably never see this problem.
|
||||
- Fixed a few errors that were cause by malloc() not returning
|
||||
0 initialised memory..
|
||||
- SSL_OP_NETSCAPE_CA_DN_BUG was being switched on when using
|
||||
SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); which was a bad thing
|
||||
since this flags stops SSLeay being able to handle client
|
||||
cert requests correctly.
|
||||
|
||||
08-Sep-97
|
||||
- SSL_SESS_CACHE_NO_INTERNAL_LOOKUP option added. When switched
|
||||
on, the SSL server routines will not use a SSL_SESSION that is
|
||||
held in it's cache. This in intended to be used with the session-id
|
||||
callbacks so that while the session-ids are still stored in the
|
||||
cache, the decision to use them and how to look them up can be
|
||||
done by the callbacks. The are the 'new', 'get' and 'remove'
|
||||
callbacks. This can be used to determine the session-id
|
||||
to use depending on information like which port/host the connection
|
||||
is coming from. Since the are also SSL_SESSION_set_app_data() and
|
||||
SSL_SESSION_get_app_data() functions, the application can hold
|
||||
information against the session-id as well.
|
||||
|
||||
03-Sep-97
|
||||
- Added lookup of CRLs to the by_dir method,
|
||||
X509_load_crl_file() also added. Basically it means you can
|
||||
lookup CRLs via the same system used to lookup certificates.
|
||||
- Changed things so that the X509_NAME structure can contain
|
||||
ASN.1 BIT_STRINGS which is required for the unique
|
||||
identifier OID.
|
||||
- Fixed some problems with the auto flushing of the session-id
|
||||
cache. It was not occuring on the server side.
|
||||
|
||||
02-Sep-97
|
||||
- Added SSL_CTX_sess_cache_size(SSL_CTX *ctx,unsigned long size)
|
||||
which is the maximum number of entries allowed in the
|
||||
session-id cache. This is enforced with a simple FIFO list.
|
||||
The default size is 20*1024 entries which is rather large :-).
|
||||
The Timeout code is still always operating.
|
||||
|
||||
01-Sep-97
|
||||
- Added an argument to all the 'generate private key/prime`
|
||||
callbacks. It is the last parameter so this should not
|
||||
break existing code but it is needed for C++.
|
||||
- Added the BIO_FLAGS_BASE64_NO_NL flag for the BIO_f_base64()
|
||||
BIO. This lets the BIO read and write base64 encoded data
|
||||
without inserting or looking for '\n' characters. The '-A'
|
||||
flag turns this on when using apps/enc.c.
|
||||
- RSA_NO_PADDING added to help BSAFE functionality. This is a
|
||||
very dangerous thing to use, since RSA private key
|
||||
operations without random padding bytes (as PKCS#1 adds) can
|
||||
be attacked such that the private key can be revealed.
|
||||
- ASN.1 bug and rc2-40-cbc and rc4-40 added by
|
||||
Dr Stephen Henson <shenson@bigfoot.com>
|
||||
|
||||
31-Aug-97 (stuff added while I was away)
|
||||
- Linux pthreads by Tim Hudson (tjh@cryptsoft.com).
|
||||
- RSA_flags() added allowing bypass of pub/priv match check
|
||||
in ssl/ssl_rsa.c - Tim Hudson.
|
||||
- A few minor bugs.
|
||||
|
||||
SSLeay 0.8.1 released.
|
||||
|
||||
19-Jul-97
|
||||
- Server side initated dynamic renegotiation is broken. I will fix
|
||||
it when I get back from holidays.
|
||||
|
||||
15-Jul-97
|
||||
- Quite a few small changes.
|
||||
- INVALID_SOCKET usage cleanups from Alex Kiernan <alex@hisoft.co.uk>
|
||||
|
||||
09-Jul-97
|
||||
- Added 2 new values to the SSL info callback.
|
||||
SSL_CB_START which is passed when the SSL protocol is started
|
||||
and SSL_CB_DONE when it has finished sucsessfully.
|
||||
|
||||
08-Jul-97
|
||||
- Fixed a few bugs problems in apps/req.c and crypto/asn1/x_pkey.c
|
||||
that related to DSA public/private keys.
|
||||
- Added all the relevent PEM and normal IO functions to support
|
||||
reading and writing RSAPublic keys.
|
||||
- Changed makefiles to use ${AR} instead of 'ar r'
|
||||
|
||||
07-Jul-97
|
||||
- Error in ERR_remove_state() that would leave a dangling reference
|
||||
to a free()ed location - thanks to Alex Kiernan <alex@hisoft.co.uk>
|
||||
- s_client now prints the X509_NAMEs passed from the server
|
||||
when requesting a client cert.
|
||||
- Added a ssl->type, which is one of SSL_ST_CONNECT or
|
||||
SSL_ST_ACCEPT. I had to add it so I could tell if I was
|
||||
a connect or an accept after the handshake had finished.
|
||||
- SSL_get_client_CA_list(SSL *s) now returns the CA names
|
||||
passed by the server if called by a client side SSL.
|
||||
|
||||
05-Jul-97
|
||||
- Bug in X509_NAME_get_text_by_OBJ(), looking starting at index
|
||||
0, not -1 :-( Fix from Tim Hudson (tjh@cryptsoft.com).
|
||||
|
||||
04-Jul-97
|
||||
- Fixed some things in X509_NAME_add_entry(), thanks to
|
||||
Matthew Donald <matthew@world.net>.
|
||||
- I had a look at the cipher section and though that it was a
|
||||
bit confused, so I've changed it.
|
||||
- I was not setting up the RC4-64-MD5 cipher correctly. It is
|
||||
a MS special that appears in exported MS Money.
|
||||
- Error in all my DH ciphers. Section 7.6.7.3 of the SSLv3
|
||||
spec. I was missing the two byte length header for the
|
||||
ClientDiffieHellmanPublic value. This is a packet sent from
|
||||
the client to the server. The SSL_OP_SSLEAY_080_CLIENT_DH_BUG
|
||||
option will enable SSLeay server side SSLv3 accept either
|
||||
the correct or my 080 packet format.
|
||||
- Fixed a few typos in crypto/pem.org.
|
||||
|
||||
02-Jul-97
|
||||
- Alias mapping for EVP_get_(digest|cipher)byname is now
|
||||
performed before a lookup for actual cipher. This means
|
||||
that an alias can be used to 're-direct' a cipher or a
|
||||
digest.
|
||||
- ASN1_read_bio() had a bug that only showed up when using a
|
||||
memory BIO. When EOF is reached in the memory BIO, it is
|
||||
reported as a -1 with BIO_should_retry() set to true.
|
||||
|
||||
01-Jul-97
|
||||
- Fixed an error in X509_verify_cert() caused by my
|
||||
miss-understanding how 'do { contine } while(0);' works.
|
||||
Thanks to Emil Sit <sit@mit.edu> for educating me :-)
|
||||
|
||||
30-Jun-97
|
||||
- Base64 decoding error. If the last data line did not end with
|
||||
a '=', sometimes extra data would be returned.
|
||||
- Another 'cut and paste' bug in x509.c related to setting up the
|
||||
STDout BIO.
|
||||
|
||||
27-Jun-97
|
||||
- apps/ciphers.c was not printing due to an editing error.
|
||||
- Alex Kiernan <alex@hisoft.co.uk> send in a nice fix for
|
||||
a library build error in util/mk1mf.pl
|
||||
|
||||
26-Jun-97
|
||||
- Still did not have the auto 'experimental' code removal
|
||||
script correct.
|
||||
- A few header tweaks for Watcom 11.0 under Win32 from
|
||||
Rolf Lindemann <Lindemann@maz-hh.de>
|
||||
- 0 length OCTET_STRING bug in asn1_parse
|
||||
- A minor fix with an non-existent function in the MS .def files.
|
||||
- A few changes to the PKCS7 stuff.
|
||||
|
||||
25-Jun-97
|
||||
SSLeay 0.8.0 finally it gets released.
|
||||
|
||||
24-Jun-97
|
||||
Added a SSL_OP_EPHEMERAL_RSA option which causes all SSLv3 RSA keys to
|
||||
use a temporary RSA key. This is experimental and needs some more work.
|
||||
Fixed a few Win16 build problems.
|
||||
|
||||
23-Jun-97
|
||||
SSLv3 bug. I was not doing the 'lookup' of the CERT structure
|
||||
correctly. I was taking the SSL->ctx->default_cert when I should
|
||||
have been using SSL->cert. The bug was in ssl/s3_srvr.c
|
||||
|
||||
20-Jun-97
|
||||
X509_ATTRIBUTES were being encoded wrongly by apps/reg.c and the
|
||||
rest of the library. Even though I had the code required to do
|
||||
it correctly, apps/req.c was doing the wrong thing. I have fixed
|
||||
and tested everything.
|
||||
|
||||
Missing a few #ifdef FIONBIO sections in crypto/bio/bss_acpt.c.
|
||||
|
||||
19-Jun-97
|
||||
Fixed a bug in the SSLv2 server side first packet handling. When
|
||||
using the non-blocking test BIO, the ssl->s2->first_packet flag
|
||||
was being reset when a would-block failure occurred when reading
|
||||
the first 5 bytes of the first packet. This caused the checking
|
||||
logic to run at the wrong time and cause an error.
|
||||
|
||||
Fixed a problem with specifying cipher. If RC4-MD5 were used,
|
||||
only the SSLv3 version would be picked up. Now this will pick
|
||||
up both SSLv2 and SSLv3 versions. This required changing the
|
||||
SSL_CIPHER->mask values so that they only mask the ciphers,
|
||||
digests, authentication, export type and key-exchange algorithms.
|
||||
|
||||
I found that when a SSLv23 session is established, a reused
|
||||
session, of type SSLv3 was attempting to write the SSLv2
|
||||
ciphers, which were invalid. The SSL_METHOD->put_cipher_by_char
|
||||
method has been modified so it will only write out cipher which
|
||||
that method knows about.
|
||||
|
||||
|
||||
Changes between 0.8.0 and 0.8.1
|
||||
|
||||
*) Mostly bug fixes.
|
||||
There is an Ephemeral DH cipher problem which is fixed.
|
||||
|
||||
SSLeay 0.8.0
|
||||
|
||||
This version of SSLeay has quite a lot of things different from the
|
||||
previous version.
|
||||
|
||||
Basically check all callback parameters, I will be producing documentation
|
||||
about how to use things in th future. Currently I'm just getting 080 out
|
||||
the door. Please not that there are several ways to do everything, and
|
||||
most of the applications in the apps directory are hybrids, some using old
|
||||
methods and some using new methods.
|
||||
|
||||
Have a look in demos/bio for some very simple programs and
|
||||
apps/s_client.c and apps/s_server.c for some more advanced versions.
|
||||
Notes are definitly needed but they are a week or so away.
|
||||
|
||||
Anyway, some quick nots from Tim Hudson (tjh@cryptsoft.com)
|
||||
---
|
||||
Quick porting notes for moving from SSLeay-0.6.x to SSLeay-0.8.x to
|
||||
get those people that want to move to using the new code base off to
|
||||
a quick start.
|
||||
|
||||
Note that Eric has tidied up a lot of the areas of the API that were
|
||||
less than desirable and renamed quite a few things (as he had to break
|
||||
the API in lots of places anyrate). There are a whole pile of additional
|
||||
functions for making dealing with (and creating) certificates a lot
|
||||
cleaner.
|
||||
|
||||
01-Jul-97
|
||||
Tim Hudson
|
||||
tjh@cryptsoft.com
|
||||
|
||||
---8<---
|
||||
|
||||
To maintain code that uses both SSLeay-0.6.x and SSLeay-0.8.x you could
|
||||
use something like the following (assuming you #include "crypto.h" which
|
||||
is something that you really should be doing).
|
||||
|
||||
#if SSLEAY_VERSION_NUMBER >= 0x0800
|
||||
#define SSLEAY8
|
||||
#endif
|
||||
|
||||
buffer.h -> splits into buffer.h and bio.h so you need to include bio.h
|
||||
too if you are working with BIO internal stuff (as distinct
|
||||
from simply using the interface in an opaque manner)
|
||||
|
||||
#include "bio.h" - required along with "buffer.h" if you write
|
||||
your own BIO routines as the buffer and bio
|
||||
stuff that was intermixed has been separated
|
||||
out
|
||||
|
||||
envelope.h -> evp.h (which should have been done ages ago)
|
||||
|
||||
Initialisation ... don't forget these or you end up with code that
|
||||
is missing the bits required to do useful things (like ciphers):
|
||||
|
||||
SSLeay_add_ssl_algorithms()
|
||||
(probably also want SSL_load_error_strings() too but you should have
|
||||
already had that call in place)
|
||||
|
||||
SSL_CTX_new() - requires an extra method parameter
|
||||
SSL_CTX_new(SSLv23_method())
|
||||
SSL_CTX_new(SSLv2_method())
|
||||
SSL_CTX_new(SSLv3_method())
|
||||
|
||||
OR to only have the server or the client code
|
||||
SSL_CTX_new(SSLv23_server_method())
|
||||
SSL_CTX_new(SSLv2_server_method())
|
||||
SSL_CTX_new(SSLv3_server_method())
|
||||
or
|
||||
SSL_CTX_new(SSLv23_client_method())
|
||||
SSL_CTX_new(SSLv2_client_method())
|
||||
SSL_CTX_new(SSLv3_client_method())
|
||||
|
||||
SSL_set_default_verify_paths() ... renamed to the more appropriate
|
||||
SSL_CTX_set_default_verify_paths()
|
||||
|
||||
If you want to use client certificates then you have to add in a bit
|
||||
of extra stuff in that a SSLv3 server sends a list of those CAs that
|
||||
it will accept certificates from ... so you have to provide a list to
|
||||
SSLeay otherwise certain browsers will not send client certs.
|
||||
|
||||
SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file));
|
||||
|
||||
|
||||
X509_NAME_oneline(X) -> X509_NAME_oneline(X,NULL,0)
|
||||
or provide a buffer and size to copy the
|
||||
result into
|
||||
|
||||
X509_add_cert -> X509_STORE_add_cert (and you might want to read the
|
||||
notes on X509_NAME structure changes too)
|
||||
|
||||
|
||||
VERIFICATION CODE
|
||||
=================
|
||||
|
||||
The codes have all be renamed from VERIFY_ERR_* to X509_V_ERR_* to
|
||||
more accurately reflect things.
|
||||
|
||||
The verification callback args are now packaged differently so that
|
||||
extra fields for verification can be added easily in future without
|
||||
having to break things by adding extra parameters each release :-)
|
||||
|
||||
X509_cert_verify_error_string -> X509_verify_cert_error_string
|
||||
|
||||
|
||||
BIO INTERNALS
|
||||
=============
|
||||
|
||||
Eric has fixed things so that extra flags can be introduced in
|
||||
the BIO layer in future without having to play with all the BIO
|
||||
modules by adding in some macros.
|
||||
|
||||
The ugly stuff using
|
||||
b->flags ~= (BIO_FLAGS_RW|BIO_FLAGS_SHOULD_RETRY)
|
||||
becomes
|
||||
BIO_clear_retry_flags(b)
|
||||
|
||||
b->flags |= (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)
|
||||
becomes
|
||||
BIO_set_retry_read(b)
|
||||
|
||||
Also ... BIO_get_retry_flags(b), BIO_set_flags(b)
|
||||
|
||||
|
||||
|
||||
OTHER THINGS
|
||||
============
|
||||
|
||||
X509_NAME has been altered so that it isn't just a STACK ... the STACK
|
||||
is now in the "entries" field ... and there are a pile of nice functions
|
||||
for getting at the details in a much cleaner manner.
|
||||
|
||||
SSL_CTX has been altered ... "cert" is no longer a direct member of this
|
||||
structure ... things are now down under "cert_store" (see x509_vfy.h) and
|
||||
things are no longer in a CERTIFICATE_CTX but instead in a X509_STORE.
|
||||
If your code "knows" about this level of detail then it will need some
|
||||
surgery.
|
||||
|
||||
If you depending on the incorrect spelling of a number of the error codes
|
||||
then you will have to change your code as these have been fixed.
|
||||
|
||||
ENV_CIPHER "type" got renamed to "nid" and as that is what it actually
|
||||
has been all along so this makes things clearer.
|
||||
ify_cert_error_string(ctx->error));
|
||||
|
||||
SSL_R_NO_CIPHER_WE_TRUST -> SSL_R_NO_CIPHER_LIST
|
||||
and SSL_R_REUSE_CIPHER_LIST_NOT_ZERO
|
||||
|
||||
|
||||
|
||||
Changes between 0.7.x and 0.8.0
|
||||
|
||||
*) There have been lots of changes, mostly the addition of SSLv3.
|
||||
There have been many additions from people and amongst
|
||||
others, C2Net has assisted greatly.
|
||||
|
||||
Changes between 0.7.x and 0.7.x
|
||||
|
||||
*) Internal development version only
|
||||
|
||||
SSLeay 0.6.6 13-Jan-1997
|
||||
|
||||
The main additions are
|
||||
|
||||
- assember for x86 DES improvments.
|
||||
From 191,000 per second on a pentium 100, I now get 281,000. The inner
|
||||
loop and the IP/FP modifications are from
|
||||
Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>. Many thanks for his
|
||||
contribution.
|
||||
- The 'DES macros' introduced in 0.6.5 now have 3 types.
|
||||
DES_PTR1, DES_PTR2 and 'normal'. As per before, des_opts reports which
|
||||
is best and there is a summery of mine in crypto/des/options.txt
|
||||
- A few bug fixes.
|
||||
- Added blowfish. It is not used by SSL but all the other stuff that
|
||||
deals with ciphers can use it in either ecb, cbc, cfb64 or ofb64 modes.
|
||||
There are 3 options for optimising Blowfish. BF_PTR, BF_PTR2 and 'normal'.
|
||||
BF_PTR2 is pentium/x86 specific. The correct option is setup in
|
||||
the 'Configure' script.
|
||||
- There is now a 'get client certificate' callback which can be
|
||||
'non-blocking'. If more details are required, let me know. It will
|
||||
documented more in SSLv3 when I finish it.
|
||||
- Bug fixes from 0.6.5 including the infamous 'ca' bug. The 'make test'
|
||||
now tests the ca program.
|
||||
- Lots of little things modified and tweaked.
|
||||
|
||||
SSLeay 0.6.5
|
||||
|
||||
After quite some time (3 months), the new release. I have been very busy
|
||||
for the last few months and so this is mostly bug fixes and improvments.
|
||||
|
||||
The main additions are
|
||||
|
||||
- assember for x86 DES. For all those gcc based systems, this is a big
|
||||
improvement. From 117,000 DES operation a second on a pentium 100,
|
||||
I now get 191,000. I have also reworked the C version so it
|
||||
now gives 148,000 DESs per second.
|
||||
- As mentioned above, the inner DES macros now have some more variant that
|
||||
sometimes help, sometimes hinder performance. There are now 3 options
|
||||
DES_PTR (ptr vs array lookup), DES_UNROLL (full vs partial loop unrolling)
|
||||
and DES_RISC (a more register intensive version of the inner macro).
|
||||
The crypto/des/des_opts.c program, when compiled and run, will give
|
||||
an indication of the correct options to use.
|
||||
- The BIO stuff has been improved. Read doc/bio.doc. There are now
|
||||
modules for encryption and base64 encoding and a BIO_printf() function.
|
||||
- The CA program will accept simple one line X509v3 extensions in the
|
||||
ssleay.cnf file. Have a look at the example. Currently this just
|
||||
puts the text into the certificate as an OCTET_STRING so currently
|
||||
the more advanced X509v3 data types are not handled but this is enough
|
||||
for the netscape extensions.
|
||||
- There is the start of a nicer higher level interface to the X509
|
||||
strucutre.
|
||||
- Quite a lot of bug fixes.
|
||||
- CRYPTO_malloc_init() (or CRYPTO_set_mem_functions()) can be used
|
||||
to define the malloc(), free() and realloc() routines to use
|
||||
(look in crypto/crypto.h). This is mostly needed for Windows NT/95 when
|
||||
using DLLs and mixing CRT libraries.
|
||||
|
||||
In general, read the 'VERSION' file for changes and be aware that some of
|
||||
the new stuff may not have been tested quite enough yet, so don't just plonk
|
||||
in SSLeay 0.6.5 when 0.6.4 used to work and expect nothing to break.
|
||||
|
||||
SSLeay 0.6.4 30/08/96 eay
|
||||
|
||||
I've just finished some test builds on Windows NT, Windows 3.1, Solaris 2.3,
|
||||
Solaris 2.5, Linux, IRIX, HPUX 10 and everthing seems to work :-).
|
||||
|
||||
The main changes in this release
|
||||
|
||||
- Thread safe. have a read of doc/threads.doc and play in the mt directory.
|
||||
For anyone using 0.6.3 with threads, I found 2 major errors so consider
|
||||
moving to 0.6.4. I have a test program that builds under NT and
|
||||
solaris.
|
||||
- The get session-id callback has changed. Have a read of doc/callback.doc.
|
||||
- The X509_cert_verify callback (the SSL_verify callback) now
|
||||
has another argument. Have a read of doc/callback.doc
|
||||
- 'ca -preserve', sign without re-ordering the DN. Not tested much.
|
||||
- VMS support.
|
||||
- Compile time memory leak detection can now be built into SSLeay.
|
||||
Read doc/memory.doc
|
||||
- CONF routines now understand '\', '\n', '\r' etc. What this means is that
|
||||
the SPKAC object mentioned in doc/ns-ca.doc can be on multiple lines.
|
||||
- 'ssleay ciphers' added, lists the default cipher list for SSLeay.
|
||||
- RC2 key setup is now compatable with Netscape.
|
||||
- Modifed server side of SSL implementation, big performance difference when
|
||||
using session-id reuse.
|
||||
|
||||
0.6.3
|
||||
|
||||
Bug fixes and the addition of some nice stuff to the 'ca' program.
|
||||
Have a read of doc/ns-ca.doc for how hit has been modified so
|
||||
it can be driven from a CGI script. The CGI script is not provided,
|
||||
but that is just being left as an excersize for the reader :-).
|
||||
|
||||
0.6.2
|
||||
|
||||
This is most bug fixes and functionality improvements.
|
||||
|
||||
Additions are
|
||||
- More thread debugging patches, the thread stuff is still being
|
||||
tested, but for those keep to play with stuff, have a look in
|
||||
crypto/cryptlib.c. The application needs to define 1 (or optionaly
|
||||
a second) callback that is used to implement locking. Compiling
|
||||
with LOCK_DEBUG spits out lots of locking crud :-).
|
||||
This is what I'm currently working on.
|
||||
- SSL_CTX_set_default_passwd_cb() can be used to define the callback
|
||||
function used in the SSL*_file() functions used to load keys. I was
|
||||
always of the opinion that people should call
|
||||
PEM_read_RSAPrivateKey() and pass the callback they want to use, but
|
||||
it appears they just want to use the SSL_*_file() function() :-(.
|
||||
- 'enc' now has a -kfile so a key can be read from a file. This is
|
||||
mostly used so that the passwd does not appear when using 'ps',
|
||||
which appears imposible to stop under solaris.
|
||||
- X509v3 certificates now work correctly. I even have more examples
|
||||
in my tests :-). There is now a X509_EXTENSION type that is used in
|
||||
X509v3 certificates and CRLv2.
|
||||
- Fixed that signature type error :-(
|
||||
- Fixed quite a few potential memory leaks and problems when reusing
|
||||
X509, CRL and REQ structures.
|
||||
- EVP_set_pw_prompt() now sets the library wide default password
|
||||
prompt.
|
||||
- The 'pkcs7' command will now, given the -print_certs flag, output in
|
||||
pem format, all certificates and CRL contained within. This is more
|
||||
of a pre-emtive thing for the new verisign distribution method. I
|
||||
should also note, that this also gives and example in code, of how
|
||||
to do this :-), or for that matter, what is involved in going the
|
||||
other way (list of certs and crl -> pkcs7).
|
||||
- Added RSA's DESX to the DES library. It is also available via the
|
||||
EVP_desx_cbc() method and via 'enc desx'.
|
||||
|
||||
SSLeay 0.6.1
|
||||
|
||||
The main functional changes since 0.6.0 are as follows
|
||||
- Bad news, the Microsoft 060 DLL's are not compatable, but the good news is
|
||||
that from now on, I'll keep the .def numbers the same so they will be.
|
||||
- RSA private key operations are about 2 times faster that 0.6.0
|
||||
- The SSL_CTX now has more fields so default values can be put against
|
||||
it. When an SSL structure is created, these default values are used
|
||||
but can be overwritten. There are defaults for cipher, certificate,
|
||||
private key, verify mode and callback. This means SSL session
|
||||
creation can now be
|
||||
ssl=SSL_new()
|
||||
SSL_set_fd(ssl,sock);
|
||||
SSL_accept(ssl)
|
||||
....
|
||||
All the other uglyness with having to keep a global copy of the
|
||||
private key and certificate/verify mode in the server is now gone.
|
||||
- ssl/ssltest.c - one process talking SSL to its self for testing.
|
||||
- Storage of Session-id's can be controled via a session_cache_mode
|
||||
flag. There is also now an automatic default flushing of
|
||||
old session-id's.
|
||||
- The X509_cert_verify() function now has another parameter, this
|
||||
should not effect most people but it now means that the reason for
|
||||
the failure to verify is now available via SSL_get_verify_result(ssl).
|
||||
You don't have to use a global variable.
|
||||
- SSL_get_app_data() and SSL_set_app_data() can be used to keep some
|
||||
application data against the SSL structure. It is upto the application
|
||||
to free the data. I don't use it, but it is available.
|
||||
- SSL_CTX_set_cert_verify_callback() can be used to specify a
|
||||
verify callback function that completly replaces my certificate
|
||||
verification code. Xcert should be able to use this :-).
|
||||
The callback is of the form int app_verify_callback(arg,ssl,cert).
|
||||
This needs to be documented more.
|
||||
- I have started playing with shared library builds, have a look in
|
||||
the shlib directory. It is very simple. If you need a numbered
|
||||
list of functions, have a look at misc/crypto.num and misc/ssl.num.
|
||||
- There is some stuff to do locking to make the library thread safe.
|
||||
I have only started this stuff and have not finished. If anyone is
|
||||
keen to do so, please send me the patches when finished.
|
||||
|
||||
So I have finally made most of the additions to the SSL interface that
|
||||
I thought were needed.
|
||||
|
||||
There will probably be a pause before I make any non-bug/documentation
|
||||
related changes to SSLeay since I'm feeling like a bit of a break.
|
||||
|
||||
eric - 12 Jul 1996
|
||||
I saw recently a comment by some-one that we now seem to be entering
|
||||
the age of perpetual Beta software.
|
||||
Pioneered by packages like linux but refined to an art form by
|
||||
netscape.
|
||||
|
||||
I too wish to join this trend with the anouncement of SSLeay 0.6.0 :-).
|
||||
|
||||
There are quite a large number of sections that are 'works in
|
||||
progress' in this package. I will also list the major changes and
|
||||
what files you should read.
|
||||
|
||||
BIO - this is the new IO structure being used everywhere in SSLeay. I
|
||||
started out developing this because of microsoft, I wanted a mechanism
|
||||
to callback to the application for all IO, so Windows 3.1 DLL
|
||||
perversion could be hidden from me and the 15 different ways to write
|
||||
to a file under NT would also not be dictated by me at library build
|
||||
time. What the 'package' is is an API for a data structure containing
|
||||
functions. IO interfaces can be written to conform to the
|
||||
specification. This in not intended to hide the underlying data type
|
||||
from the application, but to hide it from SSLeay :-).
|
||||
I have only really finished testing the FILE * and socket/fd modules.
|
||||
There are also 'filter' BIO's. Currently I have only implemented
|
||||
message digests, and it is in use in the dgst application. This
|
||||
functionality will allow base64/encrypto/buffering modules to be
|
||||
'push' into a BIO without it affecting the semantics. I'm also
|
||||
working on an SSL BIO which will hide the SSL_accept()/SLL_connet()
|
||||
from an event loop which uses the interface.
|
||||
It is also possible to 'attach' callbacks to a BIO so they get called
|
||||
before and after each operation, alowing extensive debug output
|
||||
to be generated (try running dgst with -d).
|
||||
|
||||
Unfortunaly in the conversion from 0.5.x to 0.6.0, quite a few
|
||||
functions that used to take FILE *, now take BIO *.
|
||||
The wrappers are easy to write
|
||||
|
||||
function_fp(fp,x)
|
||||
FILE *fp;
|
||||
{
|
||||
BIO *b;
|
||||
int ret;
|
||||
|
||||
if ((b=BIO_new(BIO_s_file())) == NULL) error.....
|
||||
BIO_set_fp(b,fp,BIO_NOCLOSE);
|
||||
ret=function_bio(b,x);
|
||||
BIO_free(b);
|
||||
return(ret);
|
||||
}
|
||||
Remember, there are no functions that take FILE * in SSLeay when
|
||||
compiled for Windows 3.1 DLL's.
|
||||
|
||||
--
|
||||
I have added a general EVP_PKEY type that can hold a public/private
|
||||
key. This is now what is used by the EVP_ functions and is passed
|
||||
around internally. I still have not done the PKCS#8 stuff, but
|
||||
X509_PKEY is defined and waiting :-)
|
||||
|
||||
--
|
||||
For a full function name listings, have a look at ms/crypt32.def and
|
||||
ms/ssl32.def. These are auto-generated but are complete.
|
||||
Things like ASN1_INTEGER_get() have been added and are in here if you
|
||||
look. I have renamed a few things, again, have a look through the
|
||||
function list and you will probably find what you are after. I intend
|
||||
to at least put a one line descrition for each one.....
|
||||
|
||||
--
|
||||
Microsoft - thats what this release is about, read the MICROSOFT file.
|
||||
|
||||
--
|
||||
Multi-threading support. I have started hunting through the code and
|
||||
flaging where things need to be done. In a state of work but high on
|
||||
the list.
|
||||
|
||||
--
|
||||
For random numbers, edit e_os.h and set DEVRANDOM (it's near the top)
|
||||
be be you random data device, otherwise 'RFILE' in e_os.h
|
||||
will be used, in your home directory. It will be updated
|
||||
periodically. The environment variable RANDFILE will override this
|
||||
choice and read/write to that file instead. DEVRANDOM is used in
|
||||
conjunction to the RFILE/RANDFILE. If you wish to 'seed' the random
|
||||
number generator, pick on one of these files.
|
||||
|
||||
--
|
||||
|
||||
The list of things to read and do
|
||||
|
||||
dgst -d
|
||||
s_client -state (this uses a callback placed in the SSL state loop and
|
||||
will be used else-where to help debug/monitor what
|
||||
is happening.)
|
||||
|
||||
doc/why.doc
|
||||
doc/bio.doc <- hmmm, needs lots of work.
|
||||
doc/bss_file.doc <- one that is working :-)
|
||||
doc/session.doc <- it has changed
|
||||
doc/speed.doc
|
||||
also play with ssleay version -a. I have now added a SSLeay()
|
||||
function that returns a version number, eg 0600 for this release
|
||||
which is primarily to be used to check DLL version against the
|
||||
application.
|
||||
util/* Quite a few will not interest people, but some may, like
|
||||
mk1mf.pl, mkdef.pl,
|
||||
util/do_ms.sh
|
||||
|
||||
try
|
||||
cc -Iinclude -Icrypto -c crypto/crypto.c
|
||||
cc -Iinclude -Issl -c ssl/ssl.c
|
||||
You have just built the SSLeay libraries as 2 object files :-)
|
||||
|
||||
Have a general rummage around in the bin stall directory and look at
|
||||
what is in there, like CA.sh and c_rehash
|
||||
|
||||
There are lots more things but it is 12:30am on a Friday night and I'm
|
||||
heading home :-).
|
||||
|
||||
eric 22-Jun-1996
|
||||
This version has quite a few major bug fixes and improvements. It DOES NOT
|
||||
do SSLv3 yet.
|
||||
|
||||
The main things changed
|
||||
- A Few days ago I added the s_mult application to ssleay which is
|
||||
a demo of an SSL server running in an event loop type thing.
|
||||
It supports non-blocking IO, I have finally gotten it right, SSL_accept()
|
||||
can operate in non-blocking IO mode, look at the code to see how :-).
|
||||
Have a read of doc/s_mult as well. This program leaks memory and
|
||||
file descriptors everywhere but I have not cleaned it up yet.
|
||||
This is a demo of how to do non-blocking IO.
|
||||
- The SSL session management has been 'worked over' and there is now
|
||||
quite an expansive set of functions to manipulate them. Have a read of
|
||||
doc/session.doc for some-things I quickly whipped up about how it now works.
|
||||
This assume you know the SSLv2 protocol :-)
|
||||
- I can now read/write the netscape certificate format, use the
|
||||
-inform/-outform 'net' options to the x509 command. I have not put support
|
||||
for this type in the other demo programs, but it would be easy to add.
|
||||
- asn1parse and 'enc' have been modified so that when reading base64
|
||||
encoded files (pem format), they do not require '-----BEGIN' header lines.
|
||||
The 'enc' program had a buffering bug fixed, it can be used as a general
|
||||
base64 -> binary -> base64 filter by doing 'enc -a -e' and 'enc -a -d'
|
||||
respecivly. Leaving out the '-a' flag in this case makes the 'enc' command
|
||||
into a form of 'cat'.
|
||||
- The 'x509' and 'req' programs have been fixed and modified a little so
|
||||
that they generate self-signed certificates correctly. The test
|
||||
script actually generates a 'CA' certificate and then 'signs' a
|
||||
'user' certificate. Have a look at this shell script (test/sstest)
|
||||
to see how things work, it tests most possible combinations of what can
|
||||
be done.
|
||||
- The 'SSL_set_pref_cipher()' function has been 'fixed' and the prefered name
|
||||
of SSL_set_cipher_list() is now the correct API (stops confusion :-).
|
||||
If this function is used in the client, only the specified ciphers can
|
||||
be used, with preference given to the order the ciphers were listed.
|
||||
For the server, if this is used, only the specified ciphers will be used
|
||||
to accept connections. If this 'option' is not used, a default set of
|
||||
ciphers will be used. The SSL_CTX_set_cipher_list(SSL_CTX *ctx) sets this
|
||||
list for all ciphers started against the SSL_CTX. So the order is
|
||||
SSL cipher_list, if not present, SSL_CTX cipher list, if not
|
||||
present, then the library default.
|
||||
What this means is that normally ciphers like
|
||||
NULL-MD5 will never be used. The only way this cipher can be used
|
||||
for both ends to specify to use it.
|
||||
To enable or disable ciphers in the library at build time, modify the
|
||||
first field for the cipher in the ssl_ciphers array in ssl/ssl_lib.c.
|
||||
This file also contains the 'pref_cipher' list which is the default
|
||||
cipher preference order.
|
||||
- I'm not currently sure if the 'rsa -inform net' and the 'rsa -outform net'
|
||||
options work. They should, and they enable loading and writing the
|
||||
netscape rsa private key format. I will be re-working this section of
|
||||
SSLeay for the next version. What is currently in place is a quick and
|
||||
dirty hack.
|
||||
- I've re-written parts of the bignum library. This gives speedups
|
||||
for all platforms. I now provide assembler for use under Windows NT.
|
||||
I have not tested the Windows 3.1 assembler but it is quite simple code.
|
||||
This gives RSAprivate_key operation encryption times of 0.047s (512bit key)
|
||||
and 0.230s (1024bit key) on a pentium 100 which I consider reasonable.
|
||||
Basically the times available under linux/solaris x86 can be achieve under
|
||||
Windows NT. I still don't know how these times compare to RSA's BSAFE
|
||||
library but I have been emailing with people and with their help, I should
|
||||
be able to get my library's quite a bit faster still (more algorithm changes).
|
||||
The object file crypto/bn/asm/x86-32.obj should be used when linking
|
||||
under NT.
|
||||
- 'make makefile.one' in the top directory will generate a single makefile
|
||||
called 'makefile.one' This makefile contains no perl references and
|
||||
will build the SSLeay library into the 'tmp' and 'out' directories.
|
||||
util/mk1mf.pl >makefile.one is how this makefile is
|
||||
generated. The mk1mf.pl command take several option to generate the
|
||||
makefile for use with cc, gcc, Visual C++ and Borland C++. This is
|
||||
still under development. I have only build .lib's for NT and MSDOS
|
||||
I will be working on this more. I still need to play with the
|
||||
correct compiler setups for these compilers and add some more stuff but
|
||||
basically if you just want to compile the library
|
||||
on a 'non-unix' platform, this is a very very good file to start with :-).
|
||||
Have a look in the 'microsoft' directory for my current makefiles.
|
||||
I have not yet modified things to link with sockets under Windows NT.
|
||||
You guys should be able to do this since this is actually outside of the
|
||||
SSLeay scope :-). I will be doing it for myself soon.
|
||||
util/mk1mf.pl takes quite a few options including no-rc, rsaref and no-sock
|
||||
to build without RC2/RC4, to require RSAref for linking, and to
|
||||
build with no socket code.
|
||||
|
||||
- Oh yes, the cipher that was reported to be compatible with RSA's RC2 cipher
|
||||
that was posted to sci.crypt has been added to the library and SSL.
|
||||
I take the view that if RC2 is going to be included in a standard,
|
||||
I'll include the cipher to make my package complete.
|
||||
There are NO_RC2, NO_RC4 and NO_IDEA macros to remove these ciphers
|
||||
at compile time. I have not tested this recently but it should all work
|
||||
and if you are in the USA and don't want RSA threatening to sue you,
|
||||
you could probably remove the RC4/RC2 code inside these sections.
|
||||
I may in the future include a perl script that does this code
|
||||
removal automatically for those in the USA :-).
|
||||
- I have removed all references to sed in the makefiles. So basically,
|
||||
the development environment requires perl and sh. The build environment
|
||||
does not (use the makefile.one makefile).
|
||||
The Configure script still requires perl, this will probably stay that way
|
||||
since I have perl for Windows NT :-).
|
||||
|
||||
eric (03-May-1996)
|
||||
|
||||
PS Have a look in the VERSION file for more details on the changes and
|
||||
bug fixes.
|
||||
I have fixed a few bugs, added alpha and x86 assembler and generally cleaned
|
||||
things up. This version will be quite stable, mostly because I'm on
|
||||
holidays until 10-March-1996. For any problems in the interum, send email
|
||||
to Tim Hudson <tjh@mincom.oz.au>.
|
||||
|
||||
SSLeay 0.5.0
|
||||
|
||||
12-12-95
|
||||
This is going out before it should really be released.
|
||||
|
||||
I leave for 11 weeks holidays on the 22-12-95 and so I either sit on
|
||||
this for 11 weeks or get things out. It is still going to change a
|
||||
lot in the next week so if you do grab this version, please test and
|
||||
give me feed back ASAP, inculuding questions on how to do things with
|
||||
the library. This will prompt me to write documentation so I don't
|
||||
have to answer the same question again :-).
|
||||
|
||||
This 'pre' release version is for people who are interested in the
|
||||
library. The applications will have to be changed to use
|
||||
the new version of the SSL interface. I intend to finish more
|
||||
documentation before I leave but until then, look at the programs in
|
||||
the apps directory. As far as code goes, it is much much nicer than
|
||||
the old version.
|
||||
|
||||
The current library works, has no memory leaks (as far as I can tell)
|
||||
and is far more bug free that 0.4.5d. There are no global variable of
|
||||
consequence (I believe) and I will produce some documentation that
|
||||
tell where to look for those people that do want to do multi-threaded
|
||||
stuff.
|
||||
|
||||
There should be more documentation. Have a look in the
|
||||
doc directory. I'll be adding more before I leave, it is a start
|
||||
by mostly documents the crypto library. Tim Hudson will update
|
||||
the web page ASAP. The spelling and grammar are crap but
|
||||
it is better than nothing :-)
|
||||
|
||||
Reasons to start playing with version 0.5.0
|
||||
- All the programs in the apps directory build into one ssleay binary.
|
||||
- There is a new version of the 'req' program that generates certificate
|
||||
requests, there is even documentation for this one :-)
|
||||
- There is a demo certification authorithy program. Currently it will
|
||||
look at the simple database and update it. It will generate CRL from
|
||||
the data base. You need to edit the database by hand to revoke a
|
||||
certificate, it is my aim to use perl5/Tk but I don't have time to do
|
||||
this right now. It will generate the certificates but the management
|
||||
scripts still need to be written. This is not a hard task.
|
||||
- Things have been cleaned up alot.
|
||||
- Have a look at the enc and dgst programs in the apps directory.
|
||||
- It supports v3 of x509 certiticates.
|
||||
|
||||
|
||||
Major things missing.
|
||||
- I have been working on (and thinging about) the distributed x509
|
||||
hierachy problem. I have not had time to put my solution in place.
|
||||
It will have to wait until I come back.
|
||||
- I have not put in CRL checking in the certificate verification but
|
||||
it would not be hard to do. I was waiting until I could generate my
|
||||
own CRL (which has only been in the last week) and I don't have time
|
||||
to put it in correctly.
|
||||
- Montgomery multiplication need to be implemented. I know the
|
||||
algorithm, just ran out of time.
|
||||
- PKCS#7. I can load and write the DER version. I need to re-work
|
||||
things to support BER (if that means nothing, read the ASN1 spec :-).
|
||||
- Testing of the higher level digital envelope routines. I have not
|
||||
played with the *_seal() and *_open() type functions. They are
|
||||
written but need testing. The *_sign() and *_verify() functions are
|
||||
rock solid.
|
||||
- PEM. Doing this and PKCS#7 have been dependant on the distributed
|
||||
x509 heirachy problem. I started implementing my ideas, got
|
||||
distracted writing a CA program and then ran out of time. I provide
|
||||
the functionality of RSAref at least.
|
||||
- Re work the asm. code for the x86. I've changed by low level bignum
|
||||
interface again, so I really need to tweak the x86 stuff. gcc is
|
||||
good enough for the other boxes.
|
||||
|
|
@ -0,0 +1,54 @@
|
|||
HOW TO CONTRIBUTE TO OpenSSL
|
||||
----------------------------
|
||||
|
||||
(Please visit https://www.openssl.org/community/getting-started.html for
|
||||
other ideas about how to contribute.)
|
||||
|
||||
Development is done on GitHub, https://github.com/openssl/openssl.
|
||||
|
||||
To request new features or report bugs, please open an issue on GitHub
|
||||
|
||||
To submit a patch, please open a pull request on GitHub. If you are thinking
|
||||
of making a large contribution, open an issue for it before starting work,
|
||||
to get comments from the community. Someone may be already working on
|
||||
the same thing or there may be reasons why that feature isn't implemented.
|
||||
|
||||
To make it easier to review and accept your pull request, please follow these
|
||||
guidelines:
|
||||
|
||||
1. Anything other than a trivial contribution requires a Contributor
|
||||
License Agreement (CLA), giving us permission to use your code. See
|
||||
https://www.openssl.org/policies/cla.html for details. If your
|
||||
contribution is too small to require a CLA, put "CLA: trivial" on a
|
||||
line by itself in your commit message body.
|
||||
|
||||
2. All source files should start with the following text (with
|
||||
appropriate comment characters at the start of each line and the
|
||||
year(s) updated):
|
||||
|
||||
Copyright 20xx-20yy The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the OpenSSL license (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
in the file LICENSE in the source distribution or at
|
||||
https://www.openssl.org/source/license.html
|
||||
|
||||
3. Patches should be as current as possible; expect to have to rebase
|
||||
often. We do not accept merge commits, you will have to remove them
|
||||
(usually by rebasing) before it will be acceptable.
|
||||
|
||||
4. Patches should follow our coding style (see
|
||||
https://www.openssl.org/policies/codingstyle.html) and compile
|
||||
without warnings. Where gcc or clang is available you should use the
|
||||
--strict-warnings Configure option. OpenSSL compiles on many varied
|
||||
platforms: try to ensure you only use portable features. Clean builds
|
||||
via Travis and AppVeyor are required, and they are started automatically
|
||||
whenever a PR is created or updated.
|
||||
|
||||
5. When at all possible, patches should include tests. These can
|
||||
either be added to an existing test, or completely new. Please see
|
||||
test/README for information on the test framework.
|
||||
|
||||
6. New features or changed functionality must include
|
||||
documentation. Please look at the "pod" files in doc for
|
||||
examples of our style.
|
Разница между файлами не показана из-за своего большого размера
Загрузить разницу
|
@ -0,0 +1,2 @@
|
|||
The FAQ is now maintained on the web:
|
||||
https://www.openssl.org/docs/faq.html
|
|
@ -0,0 +1,8 @@
|
|||
#!/bin/sh
|
||||
|
||||
BRANCH=`git rev-parse --abbrev-ref HEAD`
|
||||
|
||||
./Configure $@ no-symlinks
|
||||
make files
|
||||
util/mk1mf.pl OUT=out.$BRANCH TMP=tmp.$BRANCH INC=inc.$BRANCH copy > makefile.$BRANCH
|
||||
make -f makefile.$BRANCH init
|
|
@ -0,0 +1,5 @@
|
|||
#!/bin/sh
|
||||
|
||||
BRANCH=`git rev-parse --abbrev-ref HEAD`
|
||||
|
||||
make -f makefile.$BRANCH $@
|
|
@ -0,0 +1,365 @@
|
|||
|
||||
INSTALLATION ON THE UNIX PLATFORM
|
||||
---------------------------------
|
||||
|
||||
[Installation on DOS (with djgpp), Windows, OpenVMS, MacOS (before MacOS X)
|
||||
and NetWare is described in INSTALL.DJGPP, INSTALL.W32, INSTALL.VMS,
|
||||
INSTALL.MacOS and INSTALL.NW.
|
||||
|
||||
This document describes installation on operating systems in the Unix
|
||||
family.]
|
||||
|
||||
To install OpenSSL, you will need:
|
||||
|
||||
* make
|
||||
* Perl 5
|
||||
* an ANSI C compiler
|
||||
* a development environment in form of development libraries and C
|
||||
header files
|
||||
* a supported Unix operating system
|
||||
|
||||
Quick Start
|
||||
-----------
|
||||
|
||||
If you want to just get on with it, do:
|
||||
|
||||
$ ./config
|
||||
$ make
|
||||
$ make test
|
||||
$ make install
|
||||
|
||||
[If any of these steps fails, see section Installation in Detail below.]
|
||||
|
||||
This will build and install OpenSSL in the default location, which is (for
|
||||
historical reasons) /usr/local/ssl. If you want to install it anywhere else,
|
||||
run config like this:
|
||||
|
||||
$ ./config --prefix=/usr/local --openssldir=/usr/local/openssl
|
||||
|
||||
|
||||
Configuration Options
|
||||
---------------------
|
||||
|
||||
There are several options to ./config (or ./Configure) to customize
|
||||
the build:
|
||||
|
||||
--prefix=DIR Install in DIR/bin, DIR/lib, DIR/include/openssl.
|
||||
Configuration files used by OpenSSL will be in DIR/ssl
|
||||
or the directory specified by --openssldir.
|
||||
|
||||
--openssldir=DIR Directory for OpenSSL files. If no prefix is specified,
|
||||
the library files and binaries are also installed there.
|
||||
|
||||
no-threads Don't try to build with support for multi-threaded
|
||||
applications.
|
||||
|
||||
threads Build with support for multi-threaded applications.
|
||||
This will usually require additional system-dependent options!
|
||||
See "Note on multi-threading" below.
|
||||
|
||||
no-zlib Don't try to build with support for zlib compression and
|
||||
decompression.
|
||||
|
||||
zlib Build with support for zlib compression/decompression.
|
||||
|
||||
zlib-dynamic Like "zlib", but has OpenSSL load the zlib library dynamically
|
||||
when needed. This is only supported on systems where loading
|
||||
of shared libraries is supported. This is the default choice.
|
||||
|
||||
no-shared Don't try to create shared libraries.
|
||||
|
||||
shared In addition to the usual static libraries, create shared
|
||||
libraries on platforms where it's supported. See "Note on
|
||||
shared libraries" below.
|
||||
|
||||
no-asm Do not use assembler code.
|
||||
|
||||
386 In 32-bit x86 builds, when generating assembly modules,
|
||||
use the 80386 instruction set only (the default x86 code
|
||||
is more efficient, but requires at least a 486). Note:
|
||||
This doesn't affect code generated by compiler, you're
|
||||
likely to complement configuration command line with
|
||||
suitable compiler-specific option.
|
||||
|
||||
no-sse2 Exclude SSE2 code paths from 32-bit x86 assembly modules.
|
||||
Normally SSE2 extension is detected at run-time, but the
|
||||
decision whether or not the machine code will be executed
|
||||
is taken solely on CPU capability vector. This means that
|
||||
if you happen to run OS kernel which does not support SSE2
|
||||
extension on Intel P4 processor, then your application
|
||||
might be exposed to "illegal instruction" exception.
|
||||
There might be a way to enable support in kernel, e.g.
|
||||
FreeBSD kernel can be compiled with CPU_ENABLE_SSE, and
|
||||
there is a way to disengage SSE2 code paths upon application
|
||||
start-up, but if you aim for wider "audience" running
|
||||
such kernel, consider no-sse2. Both the 386 and
|
||||
no-asm options imply no-sse2.
|
||||
|
||||
no-<cipher> Build without the specified cipher (bf, cast, des, dh, dsa,
|
||||
hmac, md2, md5, mdc2, rc2, rc4, rc5, rsa, sha).
|
||||
The crypto/<cipher> directory can be removed after running
|
||||
"make depend".
|
||||
|
||||
-Dxxx, -lxxx, -Lxxx, -fxxx, -mXXX, -Kxxx These system specific options will
|
||||
be passed through to the compiler to allow you to
|
||||
define preprocessor symbols, specify additional libraries,
|
||||
library directories or other compiler options. It might be
|
||||
worth noting that some compilers generate code specifically
|
||||
for processor the compiler currently executes on. This is
|
||||
not necessarily what you might have in mind, since it might
|
||||
be unsuitable for execution on other, typically older,
|
||||
processor. Consult your compiler documentation.
|
||||
|
||||
-DHAVE_CRYPTODEV Enable the BSD cryptodev engine even if we are not using
|
||||
BSD. Useful if you are running ocf-linux or something
|
||||
similar. Once enabled you can also enable the use of
|
||||
cryptodev digests, which is usually slower unless you have
|
||||
large amounts data. Use -DUSE_CRYPTODEV_DIGESTS to force
|
||||
it.
|
||||
|
||||
Installation in Detail
|
||||
----------------------
|
||||
|
||||
1a. Configure OpenSSL for your operation system automatically:
|
||||
|
||||
$ ./config [options]
|
||||
|
||||
This guesses at your operating system (and compiler, if necessary) and
|
||||
configures OpenSSL based on this guess. Run ./config -t to see
|
||||
if it guessed correctly. If you want to use a different compiler, you
|
||||
are cross-compiling for another platform, or the ./config guess was
|
||||
wrong for other reasons, go to step 1b. Otherwise go to step 2.
|
||||
|
||||
On some systems, you can include debugging information as follows:
|
||||
|
||||
$ ./config -d [options]
|
||||
|
||||
1b. Configure OpenSSL for your operating system manually
|
||||
|
||||
OpenSSL knows about a range of different operating system, hardware and
|
||||
compiler combinations. To see the ones it knows about, run
|
||||
|
||||
$ ./Configure
|
||||
|
||||
Pick a suitable name from the list that matches your system. For most
|
||||
operating systems there is a choice between using "cc" or "gcc". When
|
||||
you have identified your system (and if necessary compiler) use this name
|
||||
as the argument to ./Configure. For example, a "linux-elf" user would
|
||||
run:
|
||||
|
||||
$ ./Configure linux-elf [options]
|
||||
|
||||
If your system is not available, you will have to edit the Configure
|
||||
program and add the correct configuration for your system. The
|
||||
generic configurations "cc" or "gcc" should usually work on 32 bit
|
||||
systems.
|
||||
|
||||
Configure creates the file Makefile.ssl from Makefile.org and
|
||||
defines various macros in crypto/opensslconf.h (generated from
|
||||
crypto/opensslconf.h.in).
|
||||
|
||||
2. Build OpenSSL by running:
|
||||
|
||||
$ make
|
||||
|
||||
This will build the OpenSSL libraries (libcrypto.a and libssl.a) and the
|
||||
OpenSSL binary ("openssl"). The libraries will be built in the top-level
|
||||
directory, and the binary will be in the "apps" directory.
|
||||
|
||||
If the build fails, look at the output. There may be reasons
|
||||
for the failure that aren't problems in OpenSSL itself (like
|
||||
missing standard headers). If you are having problems you can
|
||||
get help by sending an email to the openssl-users email list (see
|
||||
https://www.openssl.org/community/mailinglists.html for details). If
|
||||
it is a bug with OpenSSL itself, please open an issue on GitHub, at
|
||||
https://github.com/openssl/openssl/issues. Please review the existing
|
||||
ones first; maybe the bug was already reported or has already been
|
||||
fixed.
|
||||
|
||||
(If you encounter assembler error messages, try the "no-asm"
|
||||
configuration option as an immediate fix.)
|
||||
|
||||
Compiling parts of OpenSSL with gcc and others with the system
|
||||
compiler will result in unresolved symbols on some systems.
|
||||
|
||||
3. After a successful build, the libraries should be tested. Run:
|
||||
|
||||
$ make test
|
||||
|
||||
If a test fails, look at the output. There may be reasons for
|
||||
the failure that isn't a problem in OpenSSL itself (like a missing
|
||||
or malfunctioning bc). If it is a problem with OpenSSL itself,
|
||||
try removing any compiler optimization flags from the CFLAG line
|
||||
in Makefile.ssl and run "make clean; make". To report a bug please open an
|
||||
issue on GitHub, at https://github.com/openssl/openssl/issues.
|
||||
|
||||
4. If everything tests ok, install OpenSSL with
|
||||
|
||||
$ make install
|
||||
|
||||
This will create the installation directory (if it does not exist) and
|
||||
then the following subdirectories:
|
||||
|
||||
certs Initially empty, this is the default location
|
||||
for certificate files.
|
||||
man/man1 Manual pages for the 'openssl' command line tool
|
||||
man/man3 Manual pages for the libraries (very incomplete)
|
||||
misc Various scripts.
|
||||
private Initially empty, this is the default location
|
||||
for private key files.
|
||||
|
||||
If you didn't choose a different installation prefix, the
|
||||
following additional subdirectories will be created:
|
||||
|
||||
bin Contains the openssl binary and a few other
|
||||
utility programs.
|
||||
include/openssl Contains the header files needed if you want to
|
||||
compile programs with libcrypto or libssl.
|
||||
lib Contains the OpenSSL library files themselves.
|
||||
|
||||
Use "make install_sw" to install the software without documentation,
|
||||
and "install_docs_html" to install HTML renditions of the manual
|
||||
pages.
|
||||
|
||||
Package builders who want to configure the library for standard
|
||||
locations, but have the package installed somewhere else so that
|
||||
it can easily be packaged, can use
|
||||
|
||||
$ make INSTALL_PREFIX=/tmp/package-root install
|
||||
|
||||
(or specify "--install_prefix=/tmp/package-root" as a configure
|
||||
option). The specified prefix will be prepended to all
|
||||
installation target filenames.
|
||||
|
||||
|
||||
NOTE: The header files used to reside directly in the include
|
||||
directory, but have now been moved to include/openssl so that
|
||||
OpenSSL can co-exist with other libraries which use some of the
|
||||
same filenames. This means that applications that use OpenSSL
|
||||
should now use C preprocessor directives of the form
|
||||
|
||||
#include <openssl/ssl.h>
|
||||
|
||||
instead of "#include <ssl.h>", which was used with library versions
|
||||
up to OpenSSL 0.9.2b.
|
||||
|
||||
If you install a new version of OpenSSL over an old library version,
|
||||
you should delete the old header files in the include directory.
|
||||
|
||||
Compatibility issues:
|
||||
|
||||
* COMPILING existing applications
|
||||
|
||||
To compile an application that uses old filenames -- e.g.
|
||||
"#include <ssl.h>" --, it will usually be enough to find
|
||||
the CFLAGS definition in the application's Makefile and
|
||||
add a C option such as
|
||||
|
||||
-I/usr/local/ssl/include/openssl
|
||||
|
||||
to it.
|
||||
|
||||
But don't delete the existing -I option that points to
|
||||
the ..../include directory! Otherwise, OpenSSL header files
|
||||
could not #include each other.
|
||||
|
||||
* WRITING applications
|
||||
|
||||
To write an application that is able to handle both the new
|
||||
and the old directory layout, so that it can still be compiled
|
||||
with library versions up to OpenSSL 0.9.2b without bothering
|
||||
the user, you can proceed as follows:
|
||||
|
||||
- Always use the new filename of OpenSSL header files,
|
||||
e.g. #include <openssl/ssl.h>.
|
||||
|
||||
- Create a directory "incl" that contains only a symbolic
|
||||
link named "openssl", which points to the "include" directory
|
||||
of OpenSSL.
|
||||
For example, your application's Makefile might contain the
|
||||
following rule, if OPENSSLDIR is a pathname (absolute or
|
||||
relative) of the directory where OpenSSL resides:
|
||||
|
||||
incl/openssl:
|
||||
-mkdir incl
|
||||
cd $(OPENSSLDIR) # Check whether the directory really exists
|
||||
-ln -s `cd $(OPENSSLDIR); pwd`/include incl/openssl
|
||||
|
||||
You will have to add "incl/openssl" to the dependencies
|
||||
of those C files that include some OpenSSL header file.
|
||||
|
||||
- Add "-Iincl" to your CFLAGS.
|
||||
|
||||
With these additions, the OpenSSL header files will be available
|
||||
under both name variants if an old library version is used:
|
||||
Your application can reach them under names like <openssl/foo.h>,
|
||||
while the header files still are able to #include each other
|
||||
with names of the form <foo.h>.
|
||||
|
||||
|
||||
Note on multi-threading
|
||||
-----------------------
|
||||
|
||||
For some systems, the OpenSSL Configure script knows what compiler options
|
||||
are needed to generate a library that is suitable for multi-threaded
|
||||
applications. On these systems, support for multi-threading is enabled
|
||||
by default; use the "no-threads" option to disable (this should never be
|
||||
necessary).
|
||||
|
||||
On other systems, to enable support for multi-threading, you will have
|
||||
to specify at least two options: "threads", and a system-dependent option.
|
||||
(The latter is "-D_REENTRANT" on various systems.) The default in this
|
||||
case, obviously, is not to include support for multi-threading (but
|
||||
you can still use "no-threads" to suppress an annoying warning message
|
||||
from the Configure script.)
|
||||
|
||||
|
||||
Note on shared libraries
|
||||
------------------------
|
||||
|
||||
Shared libraries have certain caveats. Binary backward compatibility
|
||||
can't be guaranteed before OpenSSL version 1.0. The only reason to
|
||||
use them would be to conserve memory on systems where several programs
|
||||
are using OpenSSL.
|
||||
|
||||
For some systems, the OpenSSL Configure script knows what is needed to
|
||||
build shared libraries for libcrypto and libssl. On these systems,
|
||||
the shared libraries are currently not created by default, but giving
|
||||
the option "shared" will get them created. This method supports Makefile
|
||||
targets for shared library creation, like linux-shared. Those targets
|
||||
can currently be used on their own just as well, but this is expected
|
||||
to change in future versions of OpenSSL.
|
||||
|
||||
Note on random number generation
|
||||
--------------------------------
|
||||
|
||||
Availability of cryptographically secure random numbers is required for
|
||||
secret key generation. OpenSSL provides several options to seed the
|
||||
internal PRNG. If not properly seeded, the internal PRNG will refuse
|
||||
to deliver random bytes and a "PRNG not seeded error" will occur.
|
||||
On systems without /dev/urandom (or similar) device, it may be necessary
|
||||
to install additional support software to obtain random seed.
|
||||
Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(),
|
||||
and the FAQ for more information.
|
||||
|
||||
Note on support for multiple builds
|
||||
-----------------------------------
|
||||
|
||||
OpenSSL is usually built in its source tree. Unfortunately, this doesn't
|
||||
support building for multiple platforms from the same source tree very well.
|
||||
It is however possible to build in a separate tree through the use of lots
|
||||
of symbolic links, which should be prepared like this:
|
||||
|
||||
mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`"
|
||||
cd objtree/"`uname -s`-`uname -r`-`uname -m`"
|
||||
(cd $OPENSSL_SOURCE; find . -type f) | while read F; do
|
||||
mkdir -p `dirname $F`
|
||||
rm -f $F; ln -s $OPENSSL_SOURCE/$F $F
|
||||
echo $F '->' $OPENSSL_SOURCE/$F
|
||||
done
|
||||
make -f Makefile.org clean
|
||||
|
||||
OPENSSL_SOURCE is an environment variable that contains the absolute (this
|
||||
is important!) path to the OpenSSL source tree.
|
||||
|
||||
Also, operations like 'make update' should still be made in the source tree.
|
|
@ -0,0 +1,47 @@
|
|||
|
||||
|
||||
INSTALLATION ON THE DOS PLATFORM WITH DJGPP
|
||||
-------------------------------------------
|
||||
|
||||
OpenSSL has been ported to DJGPP, a Unix look-alike 32-bit run-time
|
||||
environment for 16-bit DOS, but only with long filename support.
|
||||
If you wish to compile on native DOS with 8+3 filenames, you will
|
||||
have to tweak the installation yourself, including renaming files
|
||||
with illegal or duplicate names.
|
||||
|
||||
You should have a full DJGPP environment installed, including the
|
||||
latest versions of DJGPP, GCC, BINUTILS, BASH, etc. This package
|
||||
requires that PERL and BC also be installed.
|
||||
|
||||
All of these can be obtained from the usual DJGPP mirror sites or
|
||||
directly at "http://www.delorie.com/pub/djgpp". For help on which
|
||||
files to download, see the DJGPP "ZIP PICKER" page at
|
||||
"http://www.delorie.com/djgpp/zip-picker.html". You also need to have
|
||||
the WATT-32 networking package installed before you try to compile
|
||||
OpenSSL. This can be obtained from "http://www.bgnett.no/~giva/".
|
||||
The Makefile assumes that the WATT-32 code is in the directory
|
||||
specified by the environment variable WATT_ROOT. If you have watt-32
|
||||
in directory "watt32" under your main DJGPP directory, specify
|
||||
WATT_ROOT="/dev/env/DJDIR/watt32".
|
||||
|
||||
To compile OpenSSL, start your BASH shell, then configure for DJGPP by
|
||||
running "./Configure" with appropriate arguments:
|
||||
|
||||
./Configure no-threads --prefix=/dev/env/DJDIR DJGPP
|
||||
|
||||
And finally fire up "make". You may run out of DPMI selectors when
|
||||
running in a DOS box under Windows. If so, just close the BASH
|
||||
shell, go back to Windows, and restart BASH. Then run "make" again.
|
||||
|
||||
RUN-TIME CAVEAT LECTOR
|
||||
--------------
|
||||
|
||||
Quoting FAQ:
|
||||
|
||||
"Cryptographic software needs a source of unpredictable data to work
|
||||
correctly. Many open source operating systems provide a "randomness
|
||||
device" (/dev/urandom or /dev/random) that serves this purpose."
|
||||
|
||||
As of version 0.9.7f DJGPP port checks upon /dev/urandom$ for a 3rd
|
||||
party "randomness" DOS driver. One such driver, NOISE.SYS, can be
|
||||
obtained from "http://www.rahul.net/dkaufman/index.html".
|
|
@ -0,0 +1,72 @@
|
|||
OpenSSL - Port To The Macintosh OS 9 or Earlier
|
||||
===============================================
|
||||
|
||||
Thanks to Roy Wood <roy@centricsystems.ca> initial support for Mac OS (pre
|
||||
X) is now provided. "Initial" means that unlike other platforms where you
|
||||
get an SDK and a "swiss army" openssl application, on Macintosh you only
|
||||
get one sample application which fetches a page over HTTPS(*) and dumps it
|
||||
in a window. We don't even build the test applications so that we can't
|
||||
guarantee that all algorithms are operational.
|
||||
|
||||
Required software:
|
||||
|
||||
- StuffIt Expander 5.5 or later, alternatively MacGzip and SUNtar;
|
||||
- Scriptable Finder;
|
||||
- CodeWarrior Pro 5;
|
||||
|
||||
Installation procedure:
|
||||
|
||||
- fetch the source at ftp://ftp.openssl.org/ (well, you probably already
|
||||
did, huh?)
|
||||
- unpack the .tar.gz file:
|
||||
- if you have StuffIt Expander then just drag it over it;
|
||||
- otherwise uncompress it with MacGzip and then unpack with SUNtar;
|
||||
- locate MacOS folder in OpenSSL source tree and open it;
|
||||
- unbinhex mklinks.as.hqx and OpenSSL.mcp.hqx if present (**), do it
|
||||
"in-place", i.e. unpacked files should end-up in the very same folder;
|
||||
- execute mklinks.as;
|
||||
- open OpenSSL.mcp(***) and build 'GetHTTPS PPC' target(****);
|
||||
- that's it for now;
|
||||
|
||||
(*) URL is hardcoded into ./MacOS/GetHTTPS.src/GetHTTPS.cpp, lines 40
|
||||
to 42, change appropriately.
|
||||
(**) If you use SUNtar, then it might have already unbinhexed the files
|
||||
in question.
|
||||
(***) The project file was saved with CW Pro 5.3. If you have an earlier
|
||||
version and it refuses to open it, then download
|
||||
http://www.openssl.org/~appro/OpenSSL.mcp.xml and import it
|
||||
overwriting the original OpenSSL.mcp.
|
||||
(****) Other targets are works in progress. If you feel like giving 'em a
|
||||
shot, then you should know that OpenSSL* and Lib* targets are
|
||||
supposed to be built with the GUSI, MacOS library which mimics
|
||||
BSD sockets and some other POSIX APIs. The GUSI distribution is
|
||||
expected to be found in the same directory as the openssl source tree,
|
||||
i.e., in the parent directory to the one where this very file,
|
||||
namely INSTALL.MacOS, resides. For more information about GUSI, see
|
||||
http://www.iis.ee.ethz.ch/~neeri/macintosh/gusi-qa.html
|
||||
|
||||
Finally some essential comments from our generous contributor:-)
|
||||
|
||||
"I've gotten OpenSSL working on the Macintosh. It's probably a bit of a
|
||||
hack, but it works for what I'm doing. If you don't like the way I've done
|
||||
it, then feel free to change what I've done. I freely admit that I've done
|
||||
some less-than-ideal things in my port, and if you don't like the way I've
|
||||
done something, then feel free to change it-- I won't be offended!
|
||||
|
||||
... I've tweaked "bss_sock.c" a little to call routines in a "MacSocket"
|
||||
library I wrote. My MacSocket library is a wrapper around OpenTransport,
|
||||
handling stuff like endpoint creation, reading, writing, etc. It is not
|
||||
designed as a high-performance package such as you'd use in a webserver,
|
||||
but is fine for lots of other applications. MacSocket also uses some other
|
||||
code libraries I've written to deal with string manipulations and error
|
||||
handling. Feel free to use these things in your own code, but give me
|
||||
credit and/or send me free stuff in appreciation! :-)
|
||||
|
||||
...
|
||||
|
||||
If you have any questions, feel free to email me as the following:
|
||||
|
||||
roy@centricsystems.ca
|
||||
|
||||
-Roy Wood"
|
||||
|
|
@ -0,0 +1,454 @@
|
|||
|
||||
INSTALLATION ON THE NETWARE PLATFORM
|
||||
------------------------------------
|
||||
|
||||
Notes about building OpenSSL for NetWare.
|
||||
|
||||
|
||||
BUILD PLATFORM:
|
||||
---------------
|
||||
The build scripts (batch files, perl scripts, etc) have been developed and
|
||||
tested on W2K. The scripts should run fine on other Windows platforms
|
||||
(NT, Win9x, WinXP) but they have not been tested. They may require some
|
||||
modifications.
|
||||
|
||||
|
||||
Supported NetWare Platforms - NetWare 5.x, NetWare 6.x:
|
||||
-------------------------------------------------------
|
||||
OpenSSL can either use the WinSock interfaces introduced in NetWare 5,
|
||||
or the BSD socket interface. Previous versions of NetWare, 4.x and 3.x,
|
||||
are only supported if OpenSSL is build for CLIB and BSD sockets;
|
||||
WinSock builds only support NetWare 5 and up.
|
||||
|
||||
On NetWare there are two c-runtime libraries. There is the legacy CLIB
|
||||
interfaces and the newer LIBC interfaces. Being ANSI-C libraries, the
|
||||
functionality in CLIB and LIBC is similar but the LIBC interfaces are built
|
||||
using Novell Kernal Services (NKS) which is designed to leverage
|
||||
multi-processor environments.
|
||||
|
||||
The NetWare port of OpenSSL can be configured to build using CLIB or LIBC.
|
||||
The CLIB build was developed and tested using NetWare 5.0 sp6.0a. The LIBC
|
||||
build was developed and tested using the NetWare 6.0 FCS.
|
||||
|
||||
The necessary LIBC functionality ships with NetWare 6. However, earlier
|
||||
NetWare 5.x versions will require updates in order to run the OpenSSL LIBC
|
||||
build (NetWare 5.1 SP8 is known to work).
|
||||
|
||||
As of June 2005, the LIBC build can be configured to use BSD sockets instead
|
||||
of WinSock sockets. Call Configure (usually through netware\build.bat) using
|
||||
a target of "netware-libc-bsdsock" instead of "netware-libc".
|
||||
|
||||
As of June 2007, support for CLIB and BSD sockets is also now available
|
||||
using a target of "netware-clib-bsdsock" instead of "netware-clib";
|
||||
also gcc builds are now supported on both Linux and Win32 (post 0.9.8e).
|
||||
|
||||
REQUIRED TOOLS:
|
||||
---------------
|
||||
Based upon the configuration and build options used, some or all of the
|
||||
following tools may be required:
|
||||
|
||||
* Perl for Win32 - required (http://www.activestate.com/ActivePerl)
|
||||
Used to run the various perl scripts on the build platform.
|
||||
|
||||
* Perl 5.8.0 for NetWare v3.20 (or later) - required
|
||||
(http://developer.novell.com) Used to run the test script on NetWare
|
||||
after building.
|
||||
|
||||
* Compiler / Linker - required:
|
||||
Metrowerks CodeWarrior PDK 2.1 (or later) for NetWare (commercial):
|
||||
Provides command line tools used for building.
|
||||
Tools:
|
||||
mwccnlm.exe - C/C++ Compiler for NetWare
|
||||
mwldnlm.exe - Linker for NetWare
|
||||
mwasmnlm.exe - x86 assembler for NetWare (if using assembly option)
|
||||
|
||||
gcc / nlmconv Cross-Compiler, available from Novell Forge (free):
|
||||
http://forge.novell.com/modules/xfmod/project/?aunixnw
|
||||
|
||||
* Assemblers - optional:
|
||||
If you intend to build using the assembly options you will need an
|
||||
assembler. Work has been completed to support two assemblers, Metrowerks
|
||||
and NASM. However, during development, a bug was found in the Metrowerks
|
||||
assembler which generates incorrect code. Until this problem is fixed,
|
||||
the Metrowerks assembler cannot be used.
|
||||
|
||||
mwasmnlm.exe - Metrowerks x86 assembler - part of CodeWarrior tools.
|
||||
(version 2.2 Built Aug 23, 1999 - not useable due to code
|
||||
generation bug)
|
||||
|
||||
nasmw.exe - Netwide Assembler NASM
|
||||
version 0.98 was used in development and testing
|
||||
|
||||
* Make Tool - required:
|
||||
In order to build you will need a make tool. Two make tools are
|
||||
supported, GNU make (gmake.exe) or Microsoft nmake.exe.
|
||||
|
||||
make.exe - GNU make for Windows (version 3.75 used for development)
|
||||
http://gnuwin32.sourceforge.net/packages/make.htm
|
||||
|
||||
nmake.exe - Microsoft make (Version 6.00.8168.0 used for development)
|
||||
http://support.microsoft.com/kb/132084/EN-US/
|
||||
|
||||
* Novell Developer Kit (NDK) - required: (http://developer.novell.com)
|
||||
|
||||
CLIB - BUILDS:
|
||||
|
||||
WinSock2 Developer Components for NetWare:
|
||||
For initial development, the October 27, 2000 version was used.
|
||||
However, future versions should also work.
|
||||
|
||||
NOTE: The WinSock2 components include headers & import files for
|
||||
NetWare, but you will also need the winsock2.h and supporting
|
||||
headers (pshpack4.h, poppack.h, qos.h) delivered in the
|
||||
Microsoft SDK. Note: The winsock2.h support headers may change
|
||||
with various versions of winsock2.h. Check the dependencies
|
||||
section on the NDK WinSock2 download page for the latest
|
||||
information on dependencies. These components are unsupported by
|
||||
Novell. They are provided as a courtesy, but it is strongly
|
||||
suggested that all development be done using LIBC, not CLIB.
|
||||
|
||||
As of June 2005, the WinSock2 components are available at:
|
||||
http://forgeftp.novell.com//ws2comp/
|
||||
|
||||
|
||||
NLM and NetWare libraries for C (including CLIB and XPlat):
|
||||
If you are going to build a CLIB version of OpenSSL, you will
|
||||
need the CLIB headers and imports. The March, 2001 NDK release or
|
||||
later is recommended.
|
||||
|
||||
Earlier versions should work but haven't been tested. In recent
|
||||
versions the import files have been consolidated and function
|
||||
names moved. This means you may run into link problems
|
||||
(undefined symbols) when using earlier versions. The functions
|
||||
are available in earlier versions, but you will have to modifiy
|
||||
the make files to include additional import files (see
|
||||
openssl\util\pl\netware.pl).
|
||||
|
||||
|
||||
LIBC - BUILDS:
|
||||
|
||||
Libraries for C (LIBC) - LIBC headers and import files
|
||||
If you are going to build a LIBC version of OpenSSL, you will
|
||||
need the LIBC headers and imports. The March 14, 2002 NDK release or
|
||||
later is required.
|
||||
|
||||
NOTE: The LIBC SDK includes the necessary WinSock2 support.
|
||||
It is not necessary to download the WinSock2 NDK when building for
|
||||
LIBC. The LIBC SDK also includes the appropriate BSD socket support
|
||||
if configuring to use BSD sockets.
|
||||
|
||||
|
||||
BUILDING:
|
||||
---------
|
||||
Before building, you will need to set a few environment variables. You can
|
||||
set them manually or you can modify the "netware\set_env.bat" file.
|
||||
|
||||
The set_env.bat file is a template you can use to set up the path
|
||||
and environment variables you will need to build. Modify the
|
||||
various lines to point to YOUR tools and run set_env.bat.
|
||||
|
||||
netware\set_env.bat <target> [compiler]
|
||||
|
||||
target - "netware-clib" - CLIB NetWare build
|
||||
- "netware-libc" - LIBC NetWare build
|
||||
|
||||
compiler - "gnuc" - GNU GCC Compiler
|
||||
- "codewarrior" - MetroWerks CodeWarrior (default)
|
||||
|
||||
If you don't use set_env.bat, you will need to set up the following
|
||||
environment variables:
|
||||
|
||||
PATH - Set PATH to point to the tools you will use.
|
||||
|
||||
INCLUDE - The location of the NDK include files.
|
||||
|
||||
CLIB ex: set INCLUDE=c:\ndk\nwsdk\include\nlm
|
||||
LIBC ex: set INCLUDE=c:\ndk\libc\include
|
||||
|
||||
PRELUDE - The absolute path of the prelude object to link with. For
|
||||
a CLIB build it is recommended you use the "clibpre.o" files shipped
|
||||
with the Metrowerks PDK for NetWare. For a LIBC build you should
|
||||
use the "libcpre.o" file delivered with the LIBC NDK components.
|
||||
|
||||
CLIB ex: set PRELUDE=c:\ndk\nwsdk\imports\clibpre.o
|
||||
LIBC ex: set PRELUDE=c:\ndk\libc\imports\libcpre.o
|
||||
|
||||
IMPORTS - The locaton of the NDK import files.
|
||||
|
||||
CLIB ex: set IMPORTS=c:\ndk\nwsdk\imports
|
||||
LIBC ex: set IMPORTS=c:\ndk\libc\imports
|
||||
|
||||
|
||||
In order to build, you need to run the Perl scripts to configure the build
|
||||
process and generate a make file. There is a batch file,
|
||||
"netware\build.bat", to automate the process.
|
||||
|
||||
Build.bat runs the build configuration scripts and generates a make file.
|
||||
If an assembly option is specified, it also runs the scripts to generate
|
||||
the assembly code. Always run build.bat from the "openssl" directory.
|
||||
|
||||
netware\build [target] [debug opts] [assembly opts] [configure opts]
|
||||
|
||||
target - "netware-clib" - CLIB NetWare build (WinSock Sockets)
|
||||
- "netware-clib-bsdsock" - CLIB NetWare build (BSD Sockets)
|
||||
- "netware-libc" - LIBC NetWare build (WinSock Sockets)
|
||||
- "netware-libc-bsdsock" - LIBC NetWare build (BSD Sockets)
|
||||
|
||||
debug opts - "debug" - build debug
|
||||
|
||||
assembly opts - "nw-mwasm" - use Metrowerks assembler
|
||||
"nw-nasm" - use NASM assembler
|
||||
"no-asm" - don't use assembly
|
||||
|
||||
configure opts- all unrecognized arguments are passed to the
|
||||
perl 'configure' script. See that script for
|
||||
internal documentation regarding options that
|
||||
are available.
|
||||
|
||||
examples:
|
||||
|
||||
CLIB build, debug, without assembly:
|
||||
netware\build.bat netware-clib debug no-asm
|
||||
|
||||
LIBC build, non-debug, using NASM assembly, add mdc2 support:
|
||||
netware\build.bat netware-libc nw-nasm enable-mdc2
|
||||
|
||||
LIBC build, BSD sockets, non-debug, without assembly:
|
||||
netware\build.bat netware-libc-bsdsock no-asm
|
||||
|
||||
Running build.bat generates a make file to be processed by your make
|
||||
tool (gmake or nmake):
|
||||
|
||||
CLIB ex: gmake -f netware\nlm_clib_dbg.mak
|
||||
LIBC ex: gmake -f netware\nlm_libc.mak
|
||||
LIBC ex: gmake -f netware\nlm_libc_bsdsock.mak
|
||||
|
||||
|
||||
You can also run the build scripts manually if you do not want to use the
|
||||
build.bat file. Run the following scripts in the "\openssl"
|
||||
subdirectory (in the order listed below):
|
||||
|
||||
perl configure no-asm [other config opts] [netware-clib|netware-libc|netware-libc-bsdsock]
|
||||
configures no assembly build for specified netware environment
|
||||
(CLIB or LIBC).
|
||||
|
||||
perl util\mkfiles.pl >MINFO
|
||||
generates a listing of source files (used by mk1mf)
|
||||
|
||||
perl util\mk1mf.pl no-asm [other config opts] [netware-clib|netware-libc|netware-libc-bsdsock >netware\nlm.mak
|
||||
generates the makefile for NetWare
|
||||
|
||||
gmake -f netware\nlm.mak
|
||||
build with the make tool (nmake.exe also works)
|
||||
|
||||
NOTE: If you are building using the assembly option, you must also run the
|
||||
various Perl scripts to generate the assembly files. See build.bat
|
||||
for an example of running the various assembly scripts. You must use the
|
||||
"no-asm" option to build without assembly. The configure and mk1mf scripts
|
||||
also have various other options. See the scripts for more information.
|
||||
|
||||
|
||||
The output from the build is placed in the following directories:
|
||||
|
||||
CLIB Debug build:
|
||||
out_nw_clib.dbg - static libs & test nlm(s)
|
||||
tmp_nw_clib.dbg - temporary build files
|
||||
outinc_nw_clib - necessary include files
|
||||
|
||||
CLIB Non-debug build:
|
||||
out_nw_clib - static libs & test nlm(s)
|
||||
tmp_nw_clib - temporary build files
|
||||
outinc_nw_clib - necesary include files
|
||||
|
||||
LIBC Debug build:
|
||||
out_nw_libc.dbg - static libs & test nlm(s)
|
||||
tmp_nw_libc.dbg - temporary build files
|
||||
outinc_nw_libc - necessary include files
|
||||
|
||||
LIBC Non-debug build:
|
||||
out_nw_libc - static libs & test nlm(s)
|
||||
tmp_nw_libc - temporary build files
|
||||
outinc_nw_libc - necesary include files
|
||||
|
||||
|
||||
TESTING:
|
||||
--------
|
||||
The build process creates the OpenSSL static libs ( crypto.lib, ssl.lib,
|
||||
rsaglue.lib ) and several test programs. You should copy the test programs
|
||||
to your NetWare server and run the tests.
|
||||
|
||||
The batch file "netware\cpy_tests.bat" will copy all the necessary files
|
||||
to your server for testing. In order to run the batch file, you need a
|
||||
drive mapped to your target server. It will create an "OpenSSL" directory
|
||||
on the drive and copy the test files to it. CAUTION: If a directory with the
|
||||
name of "OpenSSL" already exists, it will be deleted.
|
||||
|
||||
To run cpy_tests.bat:
|
||||
|
||||
netware\cpy_tests [output directory] [NetWare drive]
|
||||
|
||||
output directory - "out_nw_clib.dbg", "out_nw_libc", etc.
|
||||
NetWare drive - drive letter of mapped drive
|
||||
|
||||
CLIB ex: netware\cpy_tests out_nw_clib m:
|
||||
LIBC ex: netware\cpy_tests out_nw_libc m:
|
||||
|
||||
|
||||
The Perl script, "do_tests.pl", in the "OpenSSL" directory on the server
|
||||
should be used to execute the tests. Before running the script, make sure
|
||||
your SEARCH PATH includes the "OpenSSL" directory. For example, if you
|
||||
copied the files to the "sys:" volume you use the command:
|
||||
|
||||
SEARCH ADD SYS:\OPENSSL
|
||||
|
||||
|
||||
To run do_tests.pl type (at the console prompt):
|
||||
|
||||
perl \openssl\do_tests.pl [options]
|
||||
|
||||
options:
|
||||
-p - pause after executing each test
|
||||
|
||||
The do_tests.pl script generates a log file "\openssl\test_out\tests.log"
|
||||
which should be reviewed for errors. Any errors will be denoted by the word
|
||||
"ERROR" in the log.
|
||||
|
||||
DEVELOPING WITH THE OPENSSL SDK:
|
||||
--------------------------------
|
||||
Now that everything is built and tested, you are ready to use the OpenSSL
|
||||
libraries in your development.
|
||||
|
||||
There is no real installation procedure, just copy the static libs and
|
||||
headers to your build location. The libs (crypto.lib & ssl.lib) are
|
||||
located in the appropriate "out_nw_XXXX" directory
|
||||
(out_nw_clib, out_nw_libc, etc).
|
||||
|
||||
The headers are located in the appropriate "outinc_nw_XXX" directory
|
||||
(outinc_nw_clib, outinc_nw_libc).
|
||||
|
||||
One suggestion is to create the following directory
|
||||
structure for the OpenSSL SDK:
|
||||
|
||||
\openssl
|
||||
|- bin
|
||||
| |- openssl.nlm
|
||||
| |- (other tests you want)
|
||||
|
|
||||
|- lib
|
||||
| | - crypto.lib
|
||||
| | - ssl.lib
|
||||
|
|
||||
|- include
|
||||
| | - openssl
|
||||
| | | - (all the headers in "outinc_nw\openssl")
|
||||
|
||||
|
||||
The program "openssl.nlm" can be very useful. It has dozens of
|
||||
options and you may want to keep it handy for debugging, testing, etc.
|
||||
|
||||
When building your apps using OpenSSL, define "NETWARE". It is needed by
|
||||
some of the OpenSSL headers. One way to do this is with a compile option,
|
||||
for example "-DNETWARE".
|
||||
|
||||
|
||||
|
||||
NOTES:
|
||||
------
|
||||
|
||||
Resource leaks in Tests
|
||||
------------------------
|
||||
Some OpenSSL tests do not clean up resources and NetWare reports
|
||||
the resource leaks when the tests unload. If this really bugs you,
|
||||
you can stop the messages by setting the developer option off at the console
|
||||
prompt (set developer option = off). Or better yet, fix the tests to
|
||||
clean up the resources!
|
||||
|
||||
|
||||
Multi-threaded Development
|
||||
---------------------------
|
||||
The NetWare version of OpenSSL is thread-safe, however multi-threaded
|
||||
applications must provide the necessary locking function callbacks. This
|
||||
is described in doc\threads.doc. The file "openssl-x.x.x\crypto\threads\mttest.c"
|
||||
is a multi-threaded test program and demonstrates the locking functions.
|
||||
|
||||
|
||||
What is openssl2.nlm?
|
||||
---------------------
|
||||
The openssl program has numerous options and can be used for many different
|
||||
things. Many of the options operate in an interactive mode requiring the
|
||||
user to enter data. Because of this, a default screen is created for the
|
||||
program. However, when running the test script it is not desirable to
|
||||
have a seperate screen. Therefore, the build also creates openssl2.nlm.
|
||||
Openssl2.nlm is functionally identical but uses the console screen.
|
||||
Openssl2 can be used when a non-interactive mode is desired.
|
||||
|
||||
NOTE: There are may other possibilities (command line options, etc)
|
||||
which could have been used to address the screen issue. The openssl2.nlm
|
||||
option was chosen because it impacted only the build not the code.
|
||||
|
||||
|
||||
Why only static libraries?
|
||||
--------------------------
|
||||
Globals, globals, and more globals. The OpenSSL code uses many global
|
||||
variables that are allocated and initialized when used for the first time.
|
||||
|
||||
On NetWare, most applications (at least historically) run in the kernel.
|
||||
When running in the kernel, there is one instance of global variables.
|
||||
For regular application type NLM(s) this isn't a problem because they are
|
||||
the only ones using the globals. However, for a library NLM (an NLM which
|
||||
exposes functions and has no threads of execution), the globals cause
|
||||
problems. Applications could inadvertently step on each other if they
|
||||
change some globals. Even worse, the first application that triggers a
|
||||
global to be allocated and initialized has the allocated memory charged to
|
||||
itself. Now when that application unloads, NetWare will clean up all the
|
||||
applicaton's memory. The global pointer variables inside OpenSSL now
|
||||
point to freed memory. An abend waiting to happen!
|
||||
|
||||
To work correctly in the kernel, library NLM(s) that use globals need to
|
||||
provide a set of globals (instance data) for each application. Another
|
||||
option is to require the library only be loaded in a protected address
|
||||
space along with the application using it.
|
||||
|
||||
Modifying the OpenSSL code to provide a set of globals (instance data) for
|
||||
each application isn't technically difficult, but due to the large number
|
||||
globals it would require substantial code changes and it wasn't done. Hence,
|
||||
the build currently only builds static libraries which are then linked
|
||||
into each application.
|
||||
|
||||
NOTE: If you are building a library NLM that uses the OpenSSL static
|
||||
libraries, you will still have to deal with the global variable issue.
|
||||
This is because when you link in the OpenSSL code you bring in all the
|
||||
globals. One possible solution for the global pointer variables is to
|
||||
register memory functions with OpenSSL which allocate memory and charge it
|
||||
to your library NLM (see the function CRYPTO_set_mem_functions). However,
|
||||
be aware that now all memory allocated by OpenSSL is charged to your NLM.
|
||||
|
||||
|
||||
CodeWarrior Tools and W2K
|
||||
---------------------------
|
||||
There have been problems reported with the CodeWarrior Linker
|
||||
(mwldnlm.exe) in the PDK 2.1 for NetWare when running on Windows 2000. The
|
||||
problems cause the link step to fail. The only work around is to obtain an
|
||||
updated linker from Metrowerks. It is expected Metrowerks will release
|
||||
PDK 3.0 (in beta testing at this time - May, 2001) in the near future which
|
||||
will fix these problems.
|
||||
|
||||
|
||||
Makefile "vclean"
|
||||
------------------
|
||||
The generated makefile has a "vclean" target which cleans up the build
|
||||
directories. If you have been building successfully and suddenly
|
||||
experience problems, use "vclean" (gmake -f netware\nlm_xxxx.mak vclean) and retry.
|
||||
|
||||
|
||||
"Undefined Symbol" Linker errors
|
||||
--------------------------------
|
||||
There have been linker errors reported when doing a CLIB build. The problems
|
||||
occur because some versions of the CLIB SDK import files inadvertently
|
||||
left out some symbols. One symbol in particular is "_lrotl". The missing
|
||||
functions are actually delivered in the binaries, but they were left out of
|
||||
the import files. The issues should be fixed in the September 2001 release
|
||||
of the NDK. If you experience the problems you can temporarily
|
||||
work around it by manually adding the missing symbols to your version of
|
||||
"clib.imp".
|
||||
|
|
@ -0,0 +1,31 @@
|
|||
|
||||
Installation on OS/2
|
||||
--------------------
|
||||
|
||||
You need to have the following tools installed:
|
||||
|
||||
* EMX GCC
|
||||
* PERL
|
||||
* GNU make
|
||||
|
||||
|
||||
To build the makefile, run
|
||||
|
||||
> os2\os2-emx
|
||||
|
||||
This will configure OpenSSL and create OS2-EMX.mak which you then use to
|
||||
build the OpenSSL libraries & programs by running
|
||||
|
||||
> make -f os2-emx.mak
|
||||
|
||||
If that finishes successfully you will find the libraries and programs in the
|
||||
"out" directory.
|
||||
|
||||
Alternatively, you can make a dynamic build that puts the library code into
|
||||
crypto.dll and ssl.dll by running
|
||||
|
||||
> make -f os2-emx-dll.mak
|
||||
|
||||
This will build the above mentioned dlls and a matching pair of import
|
||||
libraries in the "out_dll" directory along with the set of test programs
|
||||
and the openssl application.
|
|
@ -0,0 +1,293 @@
|
|||
VMS Installation instructions
|
||||
written by Richard Levitte
|
||||
<richard@levitte.org>
|
||||
|
||||
|
||||
Intro:
|
||||
======
|
||||
|
||||
This file is divided in the following parts:
|
||||
|
||||
Requirements - Mandatory reading.
|
||||
Checking the distribution - Mandatory reading.
|
||||
Compilation - Mandatory reading.
|
||||
Logical names - Mandatory reading.
|
||||
Test - Mandatory reading.
|
||||
Installation - Mandatory reading.
|
||||
Backward portability - Read if it's an issue.
|
||||
Possible bugs or quirks - A few warnings on things that
|
||||
may go wrong or may surprise you.
|
||||
TODO - Things that are to come.
|
||||
|
||||
|
||||
Requirements:
|
||||
=============
|
||||
|
||||
To build and install OpenSSL, you will need:
|
||||
|
||||
* DEC C or some other ANSI C compiler. VAX C is *not* supported.
|
||||
[Note: OpenSSL has only been tested with DEC C. Compiling with
|
||||
a different ANSI C compiler may require some work]
|
||||
|
||||
Checking the distribution:
|
||||
==========================
|
||||
|
||||
There have been reports of places where the distribution didn't quite get
|
||||
through, for example if you've copied the tree from a NFS-mounted Unix
|
||||
mount point.
|
||||
|
||||
The easiest way to check if everything got through as it should is to check
|
||||
for one of the following files:
|
||||
|
||||
[.CRYPTO]OPENSSLCONF.H_IN
|
||||
[.CRYPTO]OPENSSLCONF_H.IN
|
||||
|
||||
They should never exist both at once, but one of them should (preferably
|
||||
the first variant). If you can't find any of those two, something went
|
||||
wrong.
|
||||
|
||||
The best way to get a correct distribution is to download the gzipped tar
|
||||
file from ftp://ftp.openssl.org/source/, use GUNZIP to uncompress it and
|
||||
use VMSTAR to unpack the resulting tar file.
|
||||
|
||||
GUNZIP is available in many places on the net. One of the distribution
|
||||
points is the WKU software archive, ftp://ftp.wku.edu/vms/fileserv/ .
|
||||
|
||||
VMSTAR is also available in many places on the net. The recommended place
|
||||
to find information about it is http://www.free.lp.se/vmstar/ .
|
||||
|
||||
|
||||
Compilation:
|
||||
============
|
||||
|
||||
I've used the very good command procedures written by Robert Byer
|
||||
<byer@mail.all-net.net>, and just slightly modified them, making
|
||||
them slightly more general and easier to maintain.
|
||||
|
||||
You can actually compile in almost any directory separately. Look
|
||||
for a command procedure name xxx-LIB.COM (in the library directories)
|
||||
or MAKExxx.COM (in the program directories) and read the comments at
|
||||
the top to understand how to use them. However, if you want to
|
||||
compile all you can get, the simplest is to use MAKEVMS.COM in the top
|
||||
directory. The syntax is the following:
|
||||
|
||||
@MAKEVMS <option> <bits> <debug-p> [<compiler>]
|
||||
|
||||
<option> must be one of the following:
|
||||
|
||||
ALL Just build "everything".
|
||||
CONFIG Just build the "[.CRYPTO]OPENSSLCONF.H" file.
|
||||
BUILDINF Just build the "[.INCLUDE]BUILDINF.H" file.
|
||||
SOFTLINKS Just copies some files, to simulate Unix soft links.
|
||||
BUILDALL Same as ALL, except CONFIG, BUILDINF and SOFTLINKS aren't done.
|
||||
RSAREF Just build the "[.xxx.EXE.RSAREF]LIBRSAGLUE.OLB" library.
|
||||
CRYPTO Just build the "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" library.
|
||||
SSL Just build the "[.xxx.EXE.SSL]LIBSSL.OLB" library.
|
||||
SSL_TASK Just build the "[.xxx.EXE.SSL]SSL_TASK.EXE" program.
|
||||
TEST Just build the "[.xxx.EXE.TEST]" test programs for OpenSSL.
|
||||
APPS Just build the "[.xxx.EXE.APPS]" application programs for OpenSSL.
|
||||
|
||||
<bits> must be one of the following:
|
||||
|
||||
"" compile using default pointer size
|
||||
32 compile using 32 bit pointer size
|
||||
64 compile using 64 bit pointer size
|
||||
|
||||
<debug-p> must be one of the following:
|
||||
|
||||
DEBUG compile with debugging info (will not optimize)
|
||||
NODEBUG compile without debugging info (will optimize)
|
||||
|
||||
<compiler> must be one of the following:
|
||||
|
||||
DECC For DEC C.
|
||||
GNUC For GNU C.
|
||||
|
||||
|
||||
You will find the crypto library in [.xxx.EXE.CRYPTO] (where xxx is VAX,
|
||||
ALPHA or IA64), called SSL_LIBCRYPTO32.OLB or SSL_LIBCRYPTO.OLB depending
|
||||
on how it was built. You will find the SSL library in [.xxx.EXE.SSL],
|
||||
named SSL_LIBSSL32.OLB or SSL_LIBSSL.OLB, and you will find a bunch of
|
||||
useful programs in [.xxx.EXE.APPS]. However, these shouldn't be used
|
||||
right off unless it's just to test them. For production use, make sure
|
||||
you install first, see Installation below.
|
||||
|
||||
Note 1: Some programs in this package require a TCP/IP library.
|
||||
|
||||
Note 2: if you want to compile the crypto library only, please make sure
|
||||
you have at least done a @MAKEVMS CONFIG, a @MAKEVMS BUILDINF and
|
||||
a @MAKEVMS SOFTLINKS. A lot of things will break if you don't.
|
||||
|
||||
|
||||
Logical names:
|
||||
==============
|
||||
|
||||
There are a few things that can't currently be given through the command
|
||||
line. Instead, logical names are used.
|
||||
|
||||
Currently, the logical names supported are:
|
||||
|
||||
OPENSSL_NO_ASM with value YES, the assembler parts of OpenSSL will
|
||||
not be used. Instead, plain C implementations are
|
||||
used. This is good to try if something doesn't work.
|
||||
OPENSSL_NO_'alg' with value YES, the corresponding crypto algorithm
|
||||
will not be implemented. Supported algorithms to
|
||||
do this with are: RSA, DSA, DH, MD2, MD4, MD5, RIPEMD,
|
||||
SHA, DES, MDC2, CR2, RC4, RC5, IDEA, BF, CAST, HMAC,
|
||||
SSL2. So, for example, having the logical name
|
||||
OPENSSL_NO_RSA with the value YES means that the
|
||||
LIBCRYPTO.OLB library will not contain an RSA
|
||||
implementation.
|
||||
|
||||
|
||||
Test:
|
||||
=====
|
||||
|
||||
Testing is very simple, just do the following:
|
||||
|
||||
@[.TEST]TESTS
|
||||
|
||||
If a test fails, try with defining the logical name OPENSSL_NO_ASM (yes,
|
||||
it's an ugly hack!) and rebuild. Please send a bug report to
|
||||
<openssl-bugs@openssl.org>, including the output of "openssl version -a"
|
||||
and of the failed test.
|
||||
|
||||
|
||||
Installation:
|
||||
=============
|
||||
|
||||
Installation is easy, just do the following:
|
||||
|
||||
@INSTALL <root> <bits>
|
||||
|
||||
<root> is the directory in which everything will be installed,
|
||||
subdirectories, libraries, header files, programs and startup command
|
||||
procedures.
|
||||
|
||||
<bits> works the same way as for MAKEVMS.COM
|
||||
|
||||
N.B.: INSTALL.COM builds a new directory structure, different from
|
||||
the directory tree where you have now build OpenSSL.
|
||||
|
||||
In the [.VMS] subdirectory of the installation, you will find the
|
||||
following command procedures:
|
||||
|
||||
OPENSSL_STARTUP.COM
|
||||
|
||||
defines all needed logical names. Takes one argument that
|
||||
tells it in what logical name table to insert the logical
|
||||
names. If you insert if it SYS$MANAGER:SYSTARTUP_VMS.COM, the
|
||||
call should look like this:
|
||||
|
||||
@openssldev:[openssldir.VMS]OPENSSL_STARTUP "/SYSTEM"
|
||||
|
||||
OPENSSL_UTILS.COM
|
||||
|
||||
sets up the symbols to the applications. Should be called
|
||||
from for example SYS$MANAGER:SYLOGIN.COM
|
||||
|
||||
OPENSSL_UNDO.COM
|
||||
|
||||
deassigns the logical names created with OPENSSL_STARTUP.COM.
|
||||
|
||||
The logical names that are set up are the following:
|
||||
|
||||
SSLROOT a dotted concealed logical name pointing at the
|
||||
root directory.
|
||||
|
||||
SSLCERTS Initially an empty directory, this is the default
|
||||
location for certificate files.
|
||||
SSLPRIVATE Initially an empty directory, this is the default
|
||||
location for private key files.
|
||||
|
||||
SSLEXE Contains the openssl binary and a few other utility
|
||||
programs.
|
||||
SSLINCLUDE Contains the header files needed if you want to
|
||||
compile programs with libcrypto or libssl.
|
||||
SSLLIB Contains the OpenSSL library files themselves:
|
||||
- SSL_LIBCRYPTO32.OLB and SSL_LIBSSL32.OLB or
|
||||
- SSL_LIBCRYPTO.OLB and SSL_LIBSSL.OLB
|
||||
|
||||
OPENSSL Same as SSLINCLUDE. This is because the standard
|
||||
way to include OpenSSL header files from version
|
||||
0.9.3 and on is:
|
||||
|
||||
#include <openssl/header.h>
|
||||
|
||||
For more info on this issue, see the INSTALL. file
|
||||
(the NOTE in section 4 of "Installation in Detail").
|
||||
You don't need to "deleting old header files"!!!
|
||||
|
||||
|
||||
Backward portability:
|
||||
=====================
|
||||
|
||||
One great problem when you build a library is making sure it will work
|
||||
on as many versions of VMS as possible. Especially, code compiled on
|
||||
OpenVMS version 7.x and above tend to be unusable in version 6.x or
|
||||
lower, because some C library routines have changed names internally
|
||||
(the C programmer won't usually see it, because the old name is
|
||||
maintained through C macros). One obvious solution is to make sure
|
||||
you have a development machine with an old enough version of OpenVMS.
|
||||
However, if you are stuck with a bunch of Alphas running OpenVMS version
|
||||
7.1, you seem to be out of luck. Fortunately, the DEC C header files
|
||||
are cluttered with conditionals that make some declarations and definitions
|
||||
dependent on the OpenVMS version or the C library version, *and* you
|
||||
can use those macros to simulate older OpenVMS or C library versions,
|
||||
by defining the macros _VMS_V6_SOURCE, __VMS_VER and __CTRL_VER with
|
||||
correct values. In the compilation scripts, I've provided the possibility
|
||||
for the user to influence the creation of such macros, through a bunch of
|
||||
symbols, all having names starting with USER_. Here's the list of them:
|
||||
|
||||
USER_CCFLAGS - Used to give additional qualifiers to the
|
||||
compiler. It can't be used to define macros
|
||||
since the scripts will do such things as well.
|
||||
To do such things, use USER_CCDEFS.
|
||||
USER_CCDEFS - Used to define macros on the command line. The
|
||||
value of this symbol will be inserted inside a
|
||||
/DEFINE=(...).
|
||||
USER_CCDISABLEWARNINGS - Used to disable some warnings. The value is
|
||||
inserted inside a /DISABLE=WARNING=(...).
|
||||
|
||||
So, to maintain backward compatibility with older VMS versions, do the
|
||||
following before you start compiling:
|
||||
|
||||
$ USER_CCDEFS := _VMS_V6_SOURCE=1,__VMS_VER=60000000,__CRTL_VER=60000000
|
||||
$ USER_CCDISABLEWARNINGS := PREOPTW
|
||||
|
||||
The USER_CCDISABLEWARNINGS is there because otherwise, DEC C will complain
|
||||
that those macros have been changed.
|
||||
|
||||
Note: Currently, this is only useful for library compilation. The
|
||||
programs will still be linked with the current version of the
|
||||
C library shareable image, and will thus complain if they are
|
||||
faced with an older version of the same C library shareable image.
|
||||
This will probably be fixed in a future revision of OpenSSL.
|
||||
|
||||
|
||||
Possible bugs or quirks:
|
||||
========================
|
||||
|
||||
I'm not perfectly sure all the programs will use the SSLCERTS:
|
||||
directory by default, it may very well be that you have to give them
|
||||
extra arguments. Please experiment.
|
||||
|
||||
|
||||
TODO:
|
||||
=====
|
||||
|
||||
There are a few things that need to be worked out in the VMS version of
|
||||
OpenSSL, still:
|
||||
|
||||
- Description files. ("Makefile's" :-))
|
||||
- Script code to link an already compiled build tree.
|
||||
- A VMSINSTALlable version (way in the future, unless someone else hacks).
|
||||
- shareable images (DLL for you Windows folks).
|
||||
|
||||
There may be other things that I have missed and that may be desirable.
|
||||
Please send mail to <openssl-users@openssl.org> or to me directly if you
|
||||
have any ideas.
|
||||
|
||||
--
|
||||
Richard Levitte <richard@levitte.org>
|
||||
2000-02-27, 2011-03-18
|
|
@ -0,0 +1,325 @@
|
|||
|
||||
INSTALLATION ON THE WIN32 PLATFORM
|
||||
----------------------------------
|
||||
|
||||
[Instructions for building for Windows CE can be found in INSTALL.WCE]
|
||||
[Instructions for building for Win64 can be found in INSTALL.W64]
|
||||
|
||||
Here are a few comments about building OpenSSL for Win32 environments,
|
||||
such as Windows NT and Windows 9x. It should be noted though that
|
||||
Windows 9x are not ordinarily tested. Its mention merely means that we
|
||||
attempt to maintain certain programming discipline and pay attention
|
||||
to backward compatibility issues, in other words it's kind of expected
|
||||
to work on Windows 9x, but no regression tests are actually performed.
|
||||
|
||||
On additional note newer OpenSSL versions are compiled and linked with
|
||||
Winsock 2. This means that minimum OS requirement was elevated to NT 4
|
||||
and Windows 98 [there is Winsock 2 update for Windows 95 though].
|
||||
|
||||
- you need Perl for Win32. Unless you will build on Cygwin, you will need
|
||||
ActiveState Perl, available from http://www.activestate.com/ActivePerl.
|
||||
|
||||
- one of the following C compilers:
|
||||
|
||||
* Visual C++
|
||||
* Borland C
|
||||
* GNU C (Cygwin or MinGW)
|
||||
|
||||
- Netwide Assembler, a.k.a. NASM, available from http://nasm.sourceforge.net/
|
||||
is required if you intend to utilize assembler modules. Note that NASM
|
||||
is now the only supported assembler.
|
||||
|
||||
If you are compiling from a tarball or a Git snapshot then the Win32 files
|
||||
may well be not up to date. This may mean that some "tweaking" is required to
|
||||
get it all to work. See the trouble shooting section later on for if (when?)
|
||||
it goes wrong.
|
||||
|
||||
Visual C++
|
||||
----------
|
||||
|
||||
If you want to compile in the assembly language routines with Visual
|
||||
C++, then you will need already mentioned Netwide Assembler binary,
|
||||
nasmw.exe or nasm.exe, to be available on your %PATH%.
|
||||
|
||||
Firstly you should run Configure with platform VC-WIN32:
|
||||
|
||||
> perl Configure VC-WIN32 --prefix=c:\some\openssl\dir
|
||||
|
||||
Where the prefix argument specifies where OpenSSL will be installed to.
|
||||
|
||||
Next you need to build the Makefiles and optionally the assembly
|
||||
language files:
|
||||
|
||||
- If you are using NASM then run:
|
||||
|
||||
> ms\do_nasm
|
||||
|
||||
- If you don't want to use the assembly language files at all then run:
|
||||
|
||||
> perl Configure VC-WIN32 no-asm --prefix=c:/some/openssl/dir
|
||||
> ms\do_ms
|
||||
|
||||
If you get errors about things not having numbers assigned then check the
|
||||
troubleshooting section: you probably won't be able to compile it as it
|
||||
stands.
|
||||
|
||||
Then from the VC++ environment at a prompt do:
|
||||
|
||||
> nmake -f ms\ntdll.mak
|
||||
|
||||
If all is well it should compile and you will have some DLLs and
|
||||
executables in out32dll. If you want to try the tests then do:
|
||||
|
||||
> nmake -f ms\ntdll.mak test
|
||||
|
||||
|
||||
To install OpenSSL to the specified location do:
|
||||
|
||||
> nmake -f ms\ntdll.mak install
|
||||
|
||||
Tweaks:
|
||||
|
||||
There are various changes you can make to the Win32 compile
|
||||
environment. By default the library is not compiled with debugging
|
||||
symbols. If you use the platform debug-VC-WIN32 instead of VC-WIN32
|
||||
then debugging symbols will be compiled in.
|
||||
|
||||
By default in 1.0.0 OpenSSL will compile builtin ENGINES into the
|
||||
separate shared librariesy. If you specify the "enable-static-engine"
|
||||
option on the command line to Configure the shared library build
|
||||
(ms\ntdll.mak) will compile the engines into libeay32.dll instead.
|
||||
|
||||
The default Win32 environment is to leave out any Windows NT specific
|
||||
features.
|
||||
|
||||
If you want to enable the NT specific features of OpenSSL (currently
|
||||
only the logging BIO) follow the instructions above but call the batch
|
||||
file do_nt.bat instead of do_ms.bat.
|
||||
|
||||
You can also build a static version of the library using the Makefile
|
||||
ms\nt.mak
|
||||
|
||||
|
||||
Borland C++ builder 5
|
||||
---------------------
|
||||
|
||||
* Configure for building with Borland Builder:
|
||||
> perl Configure BC-32
|
||||
|
||||
* Create the appropriate makefile
|
||||
> ms\do_nasm
|
||||
|
||||
* Build
|
||||
> make -f ms\bcb.mak
|
||||
|
||||
Borland C++ builder 3 and 4
|
||||
---------------------------
|
||||
|
||||
* Setup PATH. First must be GNU make then bcb4/bin
|
||||
|
||||
* Run ms\bcb4.bat
|
||||
|
||||
* Run make:
|
||||
> make -f bcb.mak
|
||||
|
||||
GNU C (Cygwin)
|
||||
--------------
|
||||
|
||||
Cygwin implements a Posix/Unix runtime system (cygwin1.dll) on top of
|
||||
Win32 subsystem and provides a bash shell and GNU tools environment.
|
||||
Consequently, a make of OpenSSL with Cygwin is virtually identical to
|
||||
Unix procedure. It is also possible to create Win32 binaries that only
|
||||
use the Microsoft C runtime system (msvcrt.dll or crtdll.dll) using
|
||||
MinGW. MinGW can be used in the Cygwin development environment or in a
|
||||
standalone setup as described in the following section.
|
||||
|
||||
To build OpenSSL using Cygwin:
|
||||
|
||||
* Install Cygwin (see http://cygwin.com/)
|
||||
|
||||
* Install Perl and ensure it is in the path. Both Cygwin perl
|
||||
(5.6.1-2 or newer) and ActivePerl work.
|
||||
|
||||
* Run the Cygwin bash shell
|
||||
|
||||
* $ tar zxvf openssl-x.x.x.tar.gz
|
||||
$ cd openssl-x.x.x
|
||||
|
||||
To build the Cygwin version of OpenSSL:
|
||||
|
||||
$ ./config
|
||||
[...]
|
||||
$ make
|
||||
[...]
|
||||
$ make test
|
||||
$ make install
|
||||
|
||||
This will create a default install in /usr/local/ssl.
|
||||
|
||||
To build the MinGW version (native Windows) in Cygwin:
|
||||
|
||||
$ ./Configure mingw
|
||||
[...]
|
||||
$ make
|
||||
[...]
|
||||
$ make test
|
||||
$ make install
|
||||
|
||||
Cygwin Notes:
|
||||
|
||||
"make test" and normal file operations may fail in directories
|
||||
mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin
|
||||
stripping of carriage returns. To avoid this ensure that a binary
|
||||
mount is used, e.g. mount -b c:\somewhere /home.
|
||||
|
||||
"bc" is not provided in older Cygwin distribution. This causes a
|
||||
non-fatal error in "make test" but is otherwise harmless. If
|
||||
desired and needed, GNU bc can be built with Cygwin without change.
|
||||
|
||||
GNU C (MinGW/MSYS)
|
||||
-------------
|
||||
|
||||
* Compiler and shell environment installation:
|
||||
|
||||
MinGW and MSYS are available from http://www.mingw.org/, both are
|
||||
required. Run the installers and do whatever magic they say it takes
|
||||
to start MSYS bash shell with GNU tools on its PATH.
|
||||
|
||||
N.B. Since source tar-ball can contain symbolic links, it's essential
|
||||
that you use accompanying MSYS tar to unpack the source. It will
|
||||
either handle them in one way or another or fail to extract them,
|
||||
which does the trick too. Latter means that you may safely ignore all
|
||||
"cannot create symlink" messages, as they will be "re-created" at
|
||||
configure stage by copying corresponding files. Alternative programs
|
||||
were observed to create empty files instead, which results in build
|
||||
failure.
|
||||
|
||||
* Compile OpenSSL:
|
||||
|
||||
$ ./config
|
||||
[...]
|
||||
$ make
|
||||
[...]
|
||||
$ make test
|
||||
|
||||
This will create the library and binaries in root source directory
|
||||
and openssl.exe application in apps directory.
|
||||
|
||||
It is also possible to cross-compile it on Linux by configuring
|
||||
with './Configure --cross-compile-prefix=i386-mingw32- mingw ...'.
|
||||
'make test' is naturally not applicable then.
|
||||
|
||||
libcrypto.a and libssl.a are the static libraries. To use the DLLs,
|
||||
link with libeay32.a and libssl32.a instead.
|
||||
|
||||
See troubleshooting if you get error messages about functions not
|
||||
having a number assigned.
|
||||
|
||||
Installation
|
||||
------------
|
||||
|
||||
If you used the Cygwin procedure above, you have already installed and
|
||||
can skip this section. For all other procedures, there's currently no real
|
||||
installation procedure for Win32. There are, however, some suggestions:
|
||||
|
||||
- do nothing. The include files are found in the inc32/ subdirectory,
|
||||
all binaries are found in out32dll/ or out32/ depending if you built
|
||||
dynamic or static libraries.
|
||||
|
||||
- do as is written in INSTALL.Win32 that comes with modssl:
|
||||
|
||||
$ md c:\openssl
|
||||
$ md c:\openssl\bin
|
||||
$ md c:\openssl\lib
|
||||
$ md c:\openssl\include
|
||||
$ md c:\openssl\include\openssl
|
||||
$ copy /b inc32\openssl\* c:\openssl\include\openssl
|
||||
$ copy /b out32dll\ssleay32.lib c:\openssl\lib
|
||||
$ copy /b out32dll\libeay32.lib c:\openssl\lib
|
||||
$ copy /b out32dll\ssleay32.dll c:\openssl\bin
|
||||
$ copy /b out32dll\libeay32.dll c:\openssl\bin
|
||||
$ copy /b out32dll\openssl.exe c:\openssl\bin
|
||||
|
||||
Of course, you can choose another device than c:. C: is used here
|
||||
because that's usually the first (and often only) harddisk device.
|
||||
Note: in the modssl INSTALL.Win32, p: is used rather than c:.
|
||||
|
||||
|
||||
Troubleshooting
|
||||
---------------
|
||||
|
||||
Since the Win32 build is only occasionally tested it may not always compile
|
||||
cleanly. If you get an error about functions not having numbers assigned
|
||||
when you run ms\do_ms then this means the Win32 ordinal files are not up to
|
||||
date. You can do:
|
||||
|
||||
> perl util\mkdef.pl crypto ssl update
|
||||
|
||||
then ms\do_XXX should not give a warning any more. However the numbers that
|
||||
get assigned by this technique may not match those that eventually get
|
||||
assigned in the Git tree: so anything linked against this version of the
|
||||
library may need to be recompiled.
|
||||
|
||||
If you get errors about unresolved symbols there are several possible
|
||||
causes.
|
||||
|
||||
If this happens when the DLL is being linked and you have disabled some
|
||||
ciphers then it is possible the DEF file generator hasn't removed all
|
||||
the disabled symbols: the easiest solution is to edit the DEF files manually
|
||||
to delete them. The DEF files are ms\libeay32.def ms\ssleay32.def.
|
||||
|
||||
Another cause is if you missed or ignored the errors about missing numbers
|
||||
mentioned above.
|
||||
|
||||
If you get warnings in the code then the compilation will halt.
|
||||
|
||||
The default Makefile for Win32 halts whenever any warnings occur. Since VC++
|
||||
has its own ideas about warnings which don't always match up to other
|
||||
environments this can happen. The best fix is to edit the file with the
|
||||
warning in and fix it. Alternatively you can turn off the halt on warnings by
|
||||
editing the CFLAG line in the Makefile and deleting the /WX option.
|
||||
|
||||
You might get compilation errors. Again you will have to fix these or report
|
||||
them.
|
||||
|
||||
One final comment about compiling applications linked to the OpenSSL library.
|
||||
If you don't use the multithreaded DLL runtime library (/MD option) your
|
||||
program will almost certainly crash because malloc gets confused -- the
|
||||
OpenSSL DLLs are statically linked to one version, the application must
|
||||
not use a different one. You might be able to work around such problems
|
||||
by adding CRYPTO_malloc_init() to your program before any calls to the
|
||||
OpenSSL libraries: This tells the OpenSSL libraries to use the same
|
||||
malloc(), free() and realloc() as the application. However there are many
|
||||
standard library functions used by OpenSSL that call malloc() internally
|
||||
(e.g. fopen()), and OpenSSL cannot change these; so in general you cannot
|
||||
rely on CRYPTO_malloc_init() solving your problem, and you should
|
||||
consistently use the multithreaded library.
|
||||
|
||||
Linking your application
|
||||
------------------------
|
||||
|
||||
If you link with static OpenSSL libraries [those built with ms/nt.mak],
|
||||
then you're expected to additionally link your application with
|
||||
WS2_32.LIB, GDI32.LIB, ADVAPI32.LIB, CRYPT32.LIB and USER32.LIB. Those
|
||||
developing non-interactive service applications might feel concerned about
|
||||
linking with GDI32.LIB and USER32.LIB, as they are justly associated with
|
||||
interactive desktop, which is not available to service processes. The toolkit
|
||||
is designed to detect in which context it's currently executed, GUI, console
|
||||
app or service, and act accordingly, namely whether or not to actually make
|
||||
GUI calls. Additionally those who wish to /DELAYLOAD:GDI32.DLL and
|
||||
/DELAYLOAD:USER32.DLL and actually keep them off service process should
|
||||
consider implementing and exporting from .exe image in question own
|
||||
_OPENSSL_isservice not relying on USER32.DLL. E.g., on Windows Vista and
|
||||
later you could:
|
||||
|
||||
__declspec(dllexport) __cdecl BOOL _OPENSSL_isservice(void)
|
||||
{ DWORD sess;
|
||||
if (ProcessIdToSessionId(GetCurrentProcessId(),&sess))
|
||||
return sess==0;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
If you link with OpenSSL .DLLs, then you're expected to include into
|
||||
your application code small "shim" snippet, which provides glue between
|
||||
OpenSSL BIO layer and your compiler run-time. Look up OPENSSL_Applink
|
||||
reference page for further details.
|
|
@ -0,0 +1,66 @@
|
|||
|
||||
INSTALLATION ON THE WIN64 PLATFORM
|
||||
----------------------------------
|
||||
|
||||
Caveat lector
|
||||
-------------
|
||||
|
||||
As of moment of this writing Win64 support is classified "initial"
|
||||
for the following reasons.
|
||||
|
||||
- No assembler modules are engaged upon initial 0.9.8 release.
|
||||
- API might change within 0.9.8 life-span, *but* in a manner which
|
||||
doesn't break backward binary compatibility. Or in other words,
|
||||
application programs compiled with initial 0.9.8 headers will
|
||||
be expected to work with future minor release .DLL without need
|
||||
to re-compile, even if future minor release features modified API.
|
||||
- Above mentioned API modifications have everything to do with
|
||||
elimination of a number of limitations, which are normally
|
||||
considered inherent to 32-bit platforms. Which in turn is why they
|
||||
are treated as limitations on 64-bit platform such as Win64:-)
|
||||
The current list comprises [but not necessarily limited to]:
|
||||
|
||||
- null-terminated strings may not be longer than 2G-1 bytes,
|
||||
longer strings are treated as zero-length;
|
||||
- dynamically and *internally* allocated chunks can't be larger
|
||||
than 2G-1 bytes;
|
||||
- inability to encrypt/decrypt chunks of data larger than 4GB
|
||||
[it's possibly to *hash* chunks of arbitrary size through];
|
||||
|
||||
Neither of these is actually big deal and hardly encountered
|
||||
in real-life applications.
|
||||
|
||||
Compiling procedure
|
||||
-------------------
|
||||
|
||||
You will need Perl. You can run under Cygwin or you can download
|
||||
ActiveState Perl from http://www.activestate.com/ActivePerl.
|
||||
|
||||
You will need Microsoft Platform SDK, available for download at
|
||||
http://www.microsoft.com/msdownload/platformsdk/sdkupdate/. As per
|
||||
April 2005 Platform SDK is equipped with Win64 compilers, as well
|
||||
as assemblers, but it might change in the future.
|
||||
|
||||
To build for Win64/x64:
|
||||
|
||||
> perl Configure VC-WIN64A
|
||||
> ms\do_win64a
|
||||
> nmake -f ms\ntdll.mak
|
||||
> cd out32dll
|
||||
> ..\ms\test
|
||||
|
||||
To build for Win64/IA64:
|
||||
|
||||
> perl Configure VC-WIN64I
|
||||
> ms\do_win64i
|
||||
> nmake -f ms\ntdll.mak
|
||||
> cd out32dll
|
||||
> ..\ms\test
|
||||
|
||||
Naturally test-suite itself has to be executed on the target platform.
|
||||
|
||||
Installation
|
||||
------------
|
||||
|
||||
TBD, for now see INSTALL.W32.
|
||||
|
|
@ -0,0 +1,95 @@
|
|||
|
||||
INSTALLATION FOR THE WINDOWS CE PLATFORM
|
||||
----------------------------------------
|
||||
|
||||
Building OpenSSL for Windows CE requires the following external tools:
|
||||
|
||||
* Microsoft eMbedded Visual C++ 3.0 or later
|
||||
* Appropriate SDK might be required
|
||||
* Perl for Win32 [commonly recommended ActiveState Perl is available
|
||||
from http://www.activestate.com/Products/ActivePerl/]
|
||||
|
||||
* wcecompat compatibility library available at
|
||||
http://www.essemer.com.au/windowsce/
|
||||
* Optionally ceutils for running automated tests (same location)
|
||||
|
||||
_or_
|
||||
|
||||
* PocketConsole driver and PortSDK available at
|
||||
http://www.symbolictools.de/public/pocketconsole/
|
||||
* CMD command interpreter (same location)
|
||||
|
||||
As Windows CE support in OpenSSL relies on 3rd party compatibility
|
||||
library, it's appropriate to check corresponding URL for updates. For
|
||||
example if you choose wcecompat, note that as for the moment of this
|
||||
writing version 1.2 is available and actually required for WCE 4.2
|
||||
and newer platforms. All wcecompat issues should be directed to
|
||||
www.essemer.com.au.
|
||||
|
||||
Why compatibility library at all? The C Runtime Library implementation
|
||||
for Windows CE that is included with Microsoft eMbedded Visual C++ is
|
||||
incomplete and in some places incorrect. Compatibility library plugs
|
||||
the holes and tries to bring the Windows CE CRT to [more] usable level.
|
||||
Most gaping hole in CRT is support for stdin/stdout/stderr IO, which
|
||||
proposed compatibility libraries solve in two different ways: wcecompat
|
||||
redirects IO to active sync link, while PortSDK - to NT-like console
|
||||
driver on the handheld itself.
|
||||
|
||||
Building
|
||||
--------
|
||||
|
||||
Setup the eMbedded Visual C++ environment. There are batch files for doing
|
||||
this installed with eVC++. For an ARM processor, for example, execute:
|
||||
|
||||
> "C:\Program Files\Microsoft eMbedded Tools\EVC\WCE300\BIN\WCEARM.BAT"
|
||||
|
||||
Next pick compatibility library according to your preferences.
|
||||
|
||||
1. To choose wcecompat set up WCECOMPAT environment variable pointing
|
||||
at the location of wcecompat tree "root":
|
||||
|
||||
> set WCECOMPAT=C:\wcecompat
|
||||
> set PORTSDK_LIBPATH=
|
||||
|
||||
2. To choose PortSDK set up PORTSDK_LIBPATH to point at hardware-
|
||||
specific location where your portlib.lib is installed:
|
||||
|
||||
> set PORTSDK_LIBPATH=C:\PortSDK\lib\ARM
|
||||
> set WCECOMPAT=
|
||||
|
||||
Note that you may not set both variables.
|
||||
|
||||
Next you should run Configure:
|
||||
|
||||
> perl Configure VC-CE
|
||||
|
||||
Next you need to build the Makefiles:
|
||||
|
||||
> ms\do_ms
|
||||
|
||||
If you get errors about things not having numbers assigned then check the
|
||||
troubleshooting section in INSTALL.W32: you probably won't be able to compile
|
||||
it as it stands.
|
||||
|
||||
Then from the VC++ environment at a prompt do:
|
||||
|
||||
> nmake -f ms\cedll.mak
|
||||
|
||||
[note that static builds are not supported under CE]
|
||||
|
||||
If all is well it should compile and you will have some DLLs and executables
|
||||
in out32dll*.
|
||||
|
||||
<<< everyting below needs revision in respect to wcecompat vs. PortSDK >>>
|
||||
|
||||
If you want
|
||||
to try the tests then make sure the ceutils are in the path and do:
|
||||
|
||||
> cd out32
|
||||
> ..\ms\testce
|
||||
|
||||
This will copy each of the test programs to the Windows CE device and execute
|
||||
them, displaying the output of the tests on this computer. The output should
|
||||
look similar to the output produced by running the tests for a regular Windows
|
||||
build.
|
||||
|
|
@ -0,0 +1,127 @@
|
|||
|
||||
LICENSE ISSUES
|
||||
==============
|
||||
|
||||
The OpenSSL toolkit stays under a double license, i.e. both the conditions of
|
||||
the OpenSSL License and the original SSLeay license apply to the toolkit.
|
||||
See below for the actual license texts. Actually both licenses are BSD-style
|
||||
Open Source licenses. In case of any license issues related to OpenSSL
|
||||
please contact openssl-core@openssl.org.
|
||||
|
||||
OpenSSL License
|
||||
---------------
|
||||
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
*/
|
||||
|
||||
Original SSLeay License
|
||||
-----------------------
|
||||
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
|
|
@ -0,0 +1,62 @@
|
|||
/**************** BEGIN GUSI CONFIGURATION ****************************
|
||||
*
|
||||
* GUSI Configuration section generated by GUSI Configurator
|
||||
* last modified: Wed Jan 5 20:33:51 2000
|
||||
*
|
||||
* This section will be overwritten by the next run of Configurator.
|
||||
*/
|
||||
|
||||
#define GUSI_SOURCE
|
||||
#include <GUSIConfig.h>
|
||||
#include <sys/cdefs.h>
|
||||
|
||||
/* Declarations of Socket Factories */
|
||||
|
||||
__BEGIN_DECLS
|
||||
void GUSIwithInetSockets();
|
||||
void GUSIwithLocalSockets();
|
||||
void GUSIwithMTInetSockets();
|
||||
void GUSIwithMTTcpSockets();
|
||||
void GUSIwithMTUdpSockets();
|
||||
void GUSIwithOTInetSockets();
|
||||
void GUSIwithOTTcpSockets();
|
||||
void GUSIwithOTUdpSockets();
|
||||
void GUSIwithPPCSockets();
|
||||
void GUSISetupFactories();
|
||||
__END_DECLS
|
||||
|
||||
/* Configure Socket Factories */
|
||||
|
||||
void GUSISetupFactories()
|
||||
{
|
||||
#ifdef GUSISetupFactories_BeginHook
|
||||
GUSISetupFactories_BeginHook
|
||||
#endif
|
||||
GUSIwithInetSockets();
|
||||
#ifdef GUSISetupFactories_EndHook
|
||||
GUSISetupFactories_EndHook
|
||||
#endif
|
||||
}
|
||||
|
||||
/* Declarations of File Devices */
|
||||
|
||||
__BEGIN_DECLS
|
||||
void GUSIwithDConSockets();
|
||||
void GUSIwithNullSockets();
|
||||
void GUSISetupDevices();
|
||||
__END_DECLS
|
||||
|
||||
/* Configure File Devices */
|
||||
|
||||
void GUSISetupDevices()
|
||||
{
|
||||
#ifdef GUSISetupDevices_BeginHook
|
||||
GUSISetupDevices_BeginHook
|
||||
#endif
|
||||
GUSIwithNullSockets();
|
||||
#ifdef GUSISetupDevices_EndHook
|
||||
GUSISetupDevices_EndHook
|
||||
#endif
|
||||
}
|
||||
|
||||
/**************** END GUSI CONFIGURATION *************************/
|
Разница между файлами не показана из-за своего большого размера
Загрузить разницу
|
@ -0,0 +1,104 @@
|
|||
#pragma once
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
void CopyPStrToCStr(const unsigned char *thePStr,char *theCStr,const int maxCStrLength);
|
||||
void CopyPStrToPStr(const unsigned char *theSrcPStr,unsigned char *theDstPStr,const int maxDstStrLength);
|
||||
void CopyCStrToCStr(const char *theSrcCStr,char *theDstCStr,const int maxDstStrLength);
|
||||
void CopyCStrToPStr(const char *theSrcCStr,unsigned char *theDstPStr,const int maxDstStrLength);
|
||||
void ConcatPStrToCStr(const unsigned char *thePStr,char *theCStr,const int maxCStrLength);
|
||||
void ConcatPStrToPStr(const unsigned char *theSrcPStr,unsigned char *theDstPStr,const int maxDstStrLength);
|
||||
void ConcatCStrToPStr(const char *theSrcCStr,unsigned char *theDstPStr,const int maxDstStrLength);
|
||||
void ConcatCStrToCStr(const char *theSrcCStr,char *theDstCStr,const int maxCStrLength);
|
||||
|
||||
void ConcatCharToCStr(const char theChar,char *theDstCStr,const int maxCStrLength);
|
||||
void ConcatCharToPStr(const char theChar,unsigned char *theDstPStr,const int maxPStrLength);
|
||||
|
||||
int ComparePStrs(const unsigned char *theFirstPStr,const unsigned char *theSecondPStr,const Boolean ignoreCase = true);
|
||||
int CompareCStrs(const char *theFirstCStr,const char *theSecondCStr,const Boolean ignoreCase = true);
|
||||
int CompareCStrToPStr(const char *theCStr,const unsigned char *thePStr,const Boolean ignoreCase = true);
|
||||
|
||||
Boolean CStrsAreEqual(const char *theFirstCStr,const char *theSecondCStr,const Boolean ignoreCase = true);
|
||||
Boolean PStrsAreEqual(const unsigned char *theFirstCStr,const unsigned char *theSecondCStr,const Boolean ignoreCase = true);
|
||||
|
||||
void CopyLongIntToCStr(const long theNum,char *theCStr,const int maxCStrLength,const int numDigits = -1);
|
||||
void CopyUnsignedLongIntToCStr(const unsigned long theNum,char *theCStr,const int maxCStrLength);
|
||||
void ConcatLongIntToCStr(const long theNum,char *theCStr,const int maxCStrLength,const int numDigits = -1);
|
||||
void CopyCStrAndConcatLongIntToCStr(const char *theSrcCStr,const long theNum,char *theDstCStr,const int maxDstStrLength);
|
||||
|
||||
void CopyLongIntToPStr(const long theNum,unsigned char *thePStr,const int maxPStrLength,const int numDigits = -1);
|
||||
void ConcatLongIntToPStr(const long theNum,unsigned char *thePStr,const int maxPStrLength,const int numDigits = -1);
|
||||
|
||||
long CStrLength(const char *theCString);
|
||||
long PStrLength(const unsigned char *thePString);
|
||||
|
||||
OSErr CopyCStrToExistingHandle(const char *theCString,Handle theHandle);
|
||||
OSErr CopyLongIntToExistingHandle(const long inTheLongInt,Handle theHandle);
|
||||
|
||||
OSErr CopyCStrToNewHandle(const char *theCString,Handle *theHandle);
|
||||
OSErr CopyPStrToNewHandle(const unsigned char *thePString,Handle *theHandle);
|
||||
OSErr CopyLongIntToNewHandle(const long inTheLongInt,Handle *theHandle);
|
||||
|
||||
OSErr AppendCStrToHandle(const char *theCString,Handle theHandle,long *currentLength = nil,long *maxLength = nil);
|
||||
OSErr AppendCharsToHandle(const char *theChars,const int numChars,Handle theHandle,long *currentLength = nil,long *maxLength = nil);
|
||||
OSErr AppendPStrToHandle(const unsigned char *thePString,Handle theHandle,long *currentLength = nil);
|
||||
OSErr AppendLongIntToHandle(const long inTheLongInt,Handle theHandle,long *currentLength = nil);
|
||||
|
||||
void ZeroMem(void *theMemPtr,const unsigned long numBytes);
|
||||
|
||||
char *FindCharInCStr(const char theChar,const char *theCString);
|
||||
long FindCharOffsetInCStr(const char theChar,const char *theCString,const Boolean inIgnoreCase = false);
|
||||
long FindCStrOffsetInCStr(const char *theCSubstring,const char *theCString,const Boolean inIgnoreCase = false);
|
||||
|
||||
void CopyCSubstrToCStr(const char *theSrcCStr,const int maxCharsToCopy,char *theDstCStr,const int maxDstStrLength);
|
||||
void CopyCSubstrToPStr(const char *theSrcCStr,const int maxCharsToCopy,unsigned char *theDstPStr,const int maxDstStrLength);
|
||||
|
||||
void InsertCStrIntoCStr(const char *theSrcCStr,const int theInsertionOffset,char *theDstCStr,const int maxDstStrLength);
|
||||
void InsertPStrIntoCStr(const unsigned char *theSrcPStr,const int theInsertionOffset,char *theDstCStr,const int maxDstStrLength);
|
||||
OSErr InsertCStrIntoHandle(const char *theCString,Handle theHandle,const long inInsertOffset);
|
||||
|
||||
void CopyCStrAndInsertCStrIntoCStr(const char *theSrcCStr,const char *theInsertCStr,char *theDstCStr,const int maxDstStrLength);
|
||||
|
||||
void CopyCStrAndInsertCStrsLongIntsIntoCStr(const char *theSrcCStr,const char **theInsertCStrs,const long *theLongInts,char *theDstCStr,const int maxDstStrLength);
|
||||
|
||||
void CopyCStrAndInsert1LongIntIntoCStr(const char *theSrcCStr,const long theNum,char *theDstCStr,const int maxDstStrLength);
|
||||
void CopyCStrAndInsert2LongIntsIntoCStr(const char *theSrcCStr,const long long1,const long long2,char *theDstCStr,const int maxDstStrLength);
|
||||
void CopyCStrAndInsert3LongIntsIntoCStr(const char *theSrcCStr,const long long1,const long long2,const long long3,char *theDstCStr,const int maxDstStrLength);
|
||||
|
||||
void CopyCStrAndInsertCStrLongIntIntoCStr(const char *theSrcCStr,const char *theInsertCStr,const long theNum,char *theDstCStr,const int maxDstStrLength);
|
||||
OSErr CopyCStrAndInsertCStrLongIntIntoHandle(const char *theSrcCStr,const char *theInsertCStr,const long theNum,Handle *theHandle);
|
||||
|
||||
|
||||
OSErr CopyIndexedWordToCStr(char *theSrcCStr,int whichWord,char *theDstCStr,int maxDstCStrLength);
|
||||
OSErr CopyIndexedWordToNewHandle(char *theSrcCStr,int whichWord,Handle *outTheHandle);
|
||||
|
||||
OSErr CopyIndexedLineToCStr(const char *theSrcCStr,int inWhichLine,int *lineEndIndex,Boolean *gotLastLine,char *theDstCStr,const int maxDstCStrLength);
|
||||
OSErr CopyIndexedLineToNewHandle(const char *theSrcCStr,int inWhichLine,Handle *outNewHandle);
|
||||
|
||||
OSErr ExtractIntFromCStr(const char *theSrcCStr,int *outInt,Boolean skipLeadingSpaces = true);
|
||||
OSErr ExtractIntFromPStr(const unsigned char *theSrcPStr,int *outInt,Boolean skipLeadingSpaces = true);
|
||||
|
||||
|
||||
void ConvertCStrToUpperCase(char *theSrcCStr);
|
||||
|
||||
|
||||
int CountOccurencesOfCharInCStr(const char inChar,const char *inSrcCStr);
|
||||
int CountWordsInCStr(const char *inSrcCStr);
|
||||
|
||||
OSErr CountDigits(const char *inCStr,int *outNumIntegerDigits,int *outNumFractDigits);
|
||||
|
||||
void ExtractCStrItemFromCStr(const char *inSrcCStr,const char inItemDelimiter,const int inItemNumber,Boolean *foundItem,char *outDstCharPtr,const int inDstCharPtrMaxLength,const Boolean inTreatMultipleDelimsAsSingleDelim = false);
|
||||
OSErr ExtractCStrItemFromCStrIntoNewHandle(const char *inSrcCStr,const char inItemDelimiter,const int inItemNumber,Boolean *foundItem,Handle *outNewHandle,const Boolean inTreatMultipleDelimsAsSingleDelim = false);
|
||||
|
||||
|
||||
OSErr ExtractFloatFromCStr(const char *inCString,extended80 *outFloat);
|
||||
OSErr CopyFloatToCStr(const extended80 *theFloat,char *theCStr,const int maxCStrLength,const int inMaxNumIntDigits = -1,const int inMaxNumFractDigits = -1);
|
||||
|
||||
void SkipWhiteSpace(char **ioSrcCharPtr,const Boolean inStopAtEOL = false);
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
|
@ -0,0 +1,170 @@
|
|||
/* ====================================================================
|
||||
* Copyright (c) 1998-1999 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
*/
|
||||
|
||||
|
||||
|
||||
#include "ErrorHandling.hpp"
|
||||
#include "CPStringUtils.hpp"
|
||||
|
||||
#ifdef __EXCEPTIONS_ENABLED__
|
||||
#include "CMyException.hpp"
|
||||
#endif
|
||||
|
||||
|
||||
static char gErrorMessageBuffer[512];
|
||||
|
||||
char *gErrorMessage = gErrorMessageBuffer;
|
||||
int gErrorMessageMaxLength = sizeof(gErrorMessageBuffer);
|
||||
|
||||
|
||||
|
||||
void SetErrorMessage(const char *theErrorMessage)
|
||||
{
|
||||
if (theErrorMessage != nil)
|
||||
{
|
||||
CopyCStrToCStr(theErrorMessage,gErrorMessage,gErrorMessageMaxLength);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
void SetErrorMessageAndAppendLongInt(const char *theErrorMessage,const long theLongInt)
|
||||
{
|
||||
if (theErrorMessage != nil)
|
||||
{
|
||||
CopyCStrAndConcatLongIntToCStr(theErrorMessage,theLongInt,gErrorMessage,gErrorMessageMaxLength);
|
||||
}
|
||||
}
|
||||
|
||||
void SetErrorMessageAndCStrAndLongInt(const char *theErrorMessage,const char * theCStr,const long theLongInt)
|
||||
{
|
||||
if (theErrorMessage != nil)
|
||||
{
|
||||
CopyCStrAndInsertCStrLongIntIntoCStr(theErrorMessage,theCStr,theLongInt,gErrorMessage,gErrorMessageMaxLength);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
void SetErrorMessageAndCStr(const char *theErrorMessage,const char * theCStr)
|
||||
{
|
||||
if (theErrorMessage != nil)
|
||||
{
|
||||
CopyCStrAndInsertCStrLongIntIntoCStr(theErrorMessage,theCStr,-1,gErrorMessage,gErrorMessageMaxLength);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
void AppendCStrToErrorMessage(const char *theErrorMessage)
|
||||
{
|
||||
if (theErrorMessage != nil)
|
||||
{
|
||||
ConcatCStrToCStr(theErrorMessage,gErrorMessage,gErrorMessageMaxLength);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
void AppendLongIntToErrorMessage(const long theLongInt)
|
||||
{
|
||||
ConcatLongIntToCStr(theLongInt,gErrorMessage,gErrorMessageMaxLength);
|
||||
}
|
||||
|
||||
|
||||
|
||||
char *GetErrorMessage(void)
|
||||
{
|
||||
return gErrorMessage;
|
||||
}
|
||||
|
||||
|
||||
OSErr GetErrorMessageInNewHandle(Handle *inoutHandle)
|
||||
{
|
||||
OSErr errCode;
|
||||
|
||||
|
||||
errCode = CopyCStrToNewHandle(gErrorMessage,inoutHandle);
|
||||
|
||||
return(errCode);
|
||||
}
|
||||
|
||||
|
||||
OSErr GetErrorMessageInExistingHandle(Handle inoutHandle)
|
||||
{
|
||||
OSErr errCode;
|
||||
|
||||
|
||||
errCode = CopyCStrToExistingHandle(gErrorMessage,inoutHandle);
|
||||
|
||||
return(errCode);
|
||||
}
|
||||
|
||||
|
||||
|
||||
OSErr AppendErrorMessageToHandle(Handle inoutHandle)
|
||||
{
|
||||
OSErr errCode;
|
||||
|
||||
|
||||
errCode = AppendCStrToHandle(gErrorMessage,inoutHandle,nil);
|
||||
|
||||
return(errCode);
|
||||
}
|
||||
|
||||
|
||||
#ifdef __EXCEPTIONS_ENABLED__
|
||||
|
||||
void ThrowErrorMessageException(void)
|
||||
{
|
||||
ThrowDescriptiveException(gErrorMessage);
|
||||
}
|
||||
|
||||
#endif
|
|
@ -0,0 +1,147 @@
|
|||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#ifndef kGenericError
|
||||
#define kGenericError -1
|
||||
#endif
|
||||
|
||||
extern char *gErrorMessage;
|
||||
|
||||
|
||||
void SetErrorMessage(const char *theErrorMessage);
|
||||
void SetErrorMessageAndAppendLongInt(const char *theErrorMessage,const long theLongInt);
|
||||
void SetErrorMessageAndCStrAndLongInt(const char *theErrorMessage,const char * theCStr,const long theLongInt);
|
||||
void SetErrorMessageAndCStr(const char *theErrorMessage,const char * theCStr);
|
||||
void AppendCStrToErrorMessage(const char *theErrorMessage);
|
||||
void AppendLongIntToErrorMessage(const long theLongInt);
|
||||
|
||||
|
||||
char *GetErrorMessage(void);
|
||||
OSErr GetErrorMessageInNewHandle(Handle *inoutHandle);
|
||||
OSErr GetErrorMessageInExistingHandle(Handle inoutHandle);
|
||||
OSErr AppendErrorMessageToHandle(Handle inoutHandle);
|
||||
|
||||
|
||||
#ifdef __EXCEPTIONS_ENABLED__
|
||||
void ThrowErrorMessageException(void);
|
||||
#endif
|
||||
|
||||
|
||||
|
||||
// A bunch of evil macros that would be unnecessary if I were always using C++ !
|
||||
|
||||
#define SetErrorMessageAndBailIfNil(theArg,theMessage) \
|
||||
{ \
|
||||
if (theArg == nil) \
|
||||
{ \
|
||||
SetErrorMessage(theMessage); \
|
||||
errCode = kGenericError; \
|
||||
goto EXITPOINT; \
|
||||
} \
|
||||
}
|
||||
|
||||
|
||||
#define SetErrorMessageAndBail(theMessage) \
|
||||
{ \
|
||||
SetErrorMessage(theMessage); \
|
||||
errCode = kGenericError; \
|
||||
goto EXITPOINT; \
|
||||
}
|
||||
|
||||
|
||||
#define SetErrorMessageAndLongIntAndBail(theMessage,theLongInt) \
|
||||
{ \
|
||||
SetErrorMessageAndAppendLongInt(theMessage,theLongInt); \
|
||||
errCode = kGenericError; \
|
||||
goto EXITPOINT; \
|
||||
}
|
||||
|
||||
|
||||
#define SetErrorMessageAndLongIntAndBailIfError(theErrCode,theMessage,theLongInt) \
|
||||
{ \
|
||||
if (theErrCode != noErr) \
|
||||
{ \
|
||||
SetErrorMessageAndAppendLongInt(theMessage,theLongInt); \
|
||||
errCode = theErrCode; \
|
||||
goto EXITPOINT; \
|
||||
} \
|
||||
}
|
||||
|
||||
|
||||
#define SetErrorMessageCStrLongIntAndBailIfError(theErrCode,theMessage,theCStr,theLongInt) \
|
||||
{ \
|
||||
if (theErrCode != noErr) \
|
||||
{ \
|
||||
SetErrorMessageAndCStrAndLongInt(theMessage,theCStr,theLongInt); \
|
||||
errCode = theErrCode; \
|
||||
goto EXITPOINT; \
|
||||
} \
|
||||
}
|
||||
|
||||
|
||||
#define SetErrorMessageAndCStrAndBail(theMessage,theCStr) \
|
||||
{ \
|
||||
SetErrorMessageAndCStr(theMessage,theCStr); \
|
||||
errCode = kGenericError; \
|
||||
goto EXITPOINT; \
|
||||
}
|
||||
|
||||
|
||||
#define SetErrorMessageAndBailIfError(theErrCode,theMessage) \
|
||||
{ \
|
||||
if (theErrCode != noErr) \
|
||||
{ \
|
||||
SetErrorMessage(theMessage); \
|
||||
errCode = theErrCode; \
|
||||
goto EXITPOINT; \
|
||||
} \
|
||||
}
|
||||
|
||||
|
||||
#define SetErrorMessageAndLongIntAndBailIfNil(theArg,theMessage,theLongInt) \
|
||||
{ \
|
||||
if (theArg == nil) \
|
||||
{ \
|
||||
SetErrorMessageAndAppendLongInt(theMessage,theLongInt); \
|
||||
errCode = kGenericError; \
|
||||
goto EXITPOINT; \
|
||||
} \
|
||||
}
|
||||
|
||||
|
||||
#define BailIfError(theErrCode) \
|
||||
{ \
|
||||
if ((theErrCode) != noErr) \
|
||||
{ \
|
||||
goto EXITPOINT; \
|
||||
} \
|
||||
}
|
||||
|
||||
|
||||
#define SetErrCodeAndBail(theErrCode) \
|
||||
{ \
|
||||
errCode = theErrCode; \
|
||||
\
|
||||
goto EXITPOINT; \
|
||||
}
|
||||
|
||||
|
||||
#define SetErrorCodeAndMessageAndBail(theErrCode,theMessage) \
|
||||
{ \
|
||||
SetErrorMessage(theMessage); \
|
||||
errCode = theErrCode; \
|
||||
goto EXITPOINT; \
|
||||
}
|
||||
|
||||
|
||||
#define BailNow() \
|
||||
{ \
|
||||
errCode = kGenericError; \
|
||||
goto EXITPOINT; \
|
||||
}
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
|
@ -0,0 +1,209 @@
|
|||
/*
|
||||
* An demo illustrating how to retrieve a URI from a secure HTTP server.
|
||||
*
|
||||
* Author: Roy Wood
|
||||
* Date: September 7, 1999
|
||||
* Comments: This relies heavily on my MacSockets library.
|
||||
* This project is also set up so that it expects the OpenSSL source folder (0.9.4 as I write this)
|
||||
* to live in a folder called "OpenSSL-0.9.4" in this project's parent folder. For example:
|
||||
*
|
||||
* Macintosh HD:
|
||||
* Development:
|
||||
* OpenSSL-0.9.4:
|
||||
* (OpenSSL sources here)
|
||||
* OpenSSL Example:
|
||||
* (OpenSSL example junk here)
|
||||
*
|
||||
*
|
||||
* Also-- before attempting to compile this, make sure the aliases in "OpenSSL-0.9.4:include:openssl"
|
||||
* are installed! Use the AppleScript applet in the "openssl-0.9.4" folder to do this!
|
||||
*/
|
||||
/* modified to seed the PRNG */
|
||||
/* modified to use CRandomizer for seeding */
|
||||
|
||||
|
||||
// Include some funky libs I've developed over time
|
||||
|
||||
#include "CPStringUtils.hpp"
|
||||
#include "ErrorHandling.hpp"
|
||||
#include "MacSocket.h"
|
||||
#include "Randomizer.h"
|
||||
|
||||
// We use the OpenSSL implementation of SSL....
|
||||
// This was a lot of work to finally get going, though you wouldn't know it by the results!
|
||||
|
||||
#include <openssl/ssl.h>
|
||||
#include <openssl/err.h>
|
||||
|
||||
#include <timer.h>
|
||||
|
||||
// Let's try grabbing some data from here:
|
||||
|
||||
#define kHTTPS_DNS "www.apache-ssl.org"
|
||||
#define kHTTPS_Port 443
|
||||
#define kHTTPS_URI "/"
|
||||
|
||||
|
||||
// Forward-declare this
|
||||
|
||||
OSErr MyMacSocket_IdleWaitCallback(void *inUserRefPtr);
|
||||
|
||||
// My idle-wait callback. Doesn't do much, does it? Silly cooperative multitasking.
|
||||
|
||||
OSErr MyMacSocket_IdleWaitCallback(void *inUserRefPtr)
|
||||
{
|
||||
#pragma unused(inUserRefPtr)
|
||||
|
||||
EventRecord theEvent;
|
||||
::EventAvail(everyEvent,&theEvent);
|
||||
|
||||
CRandomizer *randomizer = (CRandomizer*)inUserRefPtr;
|
||||
if (randomizer)
|
||||
randomizer->PeriodicAction();
|
||||
|
||||
return(noErr);
|
||||
}
|
||||
|
||||
|
||||
// Finally!
|
||||
|
||||
void main(void)
|
||||
{
|
||||
OSErr errCode;
|
||||
int theSocket = -1;
|
||||
int theTimeout = 30;
|
||||
|
||||
SSL_CTX *ssl_ctx = nil;
|
||||
SSL *ssl = nil;
|
||||
|
||||
char tempString[256];
|
||||
UnsignedWide microTickCount;
|
||||
|
||||
|
||||
CRandomizer randomizer;
|
||||
|
||||
printf("OpenSSL Demo by Roy Wood, roy@centricsystems.ca\n\n");
|
||||
|
||||
BailIfError(errCode = MacSocket_Startup());
|
||||
|
||||
|
||||
|
||||
// Create a socket-like object
|
||||
|
||||
BailIfError(errCode = MacSocket_socket(&theSocket,false,theTimeout * 60,MyMacSocket_IdleWaitCallback,&randomizer));
|
||||
|
||||
|
||||
// Set up the connect string and try to connect
|
||||
|
||||
CopyCStrAndInsertCStrLongIntIntoCStr("%s:%ld",kHTTPS_DNS,kHTTPS_Port,tempString,sizeof(tempString));
|
||||
|
||||
printf("Connecting to %s....\n",tempString);
|
||||
|
||||
BailIfError(errCode = MacSocket_connect(theSocket,tempString));
|
||||
|
||||
|
||||
// Init SSL stuff
|
||||
|
||||
SSL_load_error_strings();
|
||||
|
||||
SSLeay_add_ssl_algorithms();
|
||||
|
||||
|
||||
// Pick the SSL method
|
||||
|
||||
// ssl_ctx = SSL_CTX_new(SSLv2_client_method());
|
||||
ssl_ctx = SSL_CTX_new(SSLv23_client_method());
|
||||
// ssl_ctx = SSL_CTX_new(SSLv3_client_method());
|
||||
|
||||
|
||||
// Create an SSL thingey and try to negotiate the connection
|
||||
|
||||
ssl = SSL_new(ssl_ctx);
|
||||
|
||||
SSL_set_fd(ssl,theSocket);
|
||||
|
||||
errCode = SSL_connect(ssl);
|
||||
|
||||
if (errCode < 0)
|
||||
{
|
||||
SetErrorMessageAndLongIntAndBail("OpenSSL: Can't initiate SSL connection, SSL_connect() = ",errCode);
|
||||
}
|
||||
|
||||
// Request the URI from the host
|
||||
|
||||
CopyCStrToCStr("GET ",tempString,sizeof(tempString));
|
||||
ConcatCStrToCStr(kHTTPS_URI,tempString,sizeof(tempString));
|
||||
ConcatCStrToCStr(" HTTP/1.0\r\n\r\n",tempString,sizeof(tempString));
|
||||
|
||||
|
||||
errCode = SSL_write(ssl,tempString,CStrLength(tempString));
|
||||
|
||||
if (errCode < 0)
|
||||
{
|
||||
SetErrorMessageAndLongIntAndBail("OpenSSL: Error writing data via ssl, SSL_write() = ",errCode);
|
||||
}
|
||||
|
||||
|
||||
for (;;)
|
||||
{
|
||||
char tempString[256];
|
||||
int bytesRead;
|
||||
|
||||
|
||||
// Read some bytes and dump them to the console
|
||||
|
||||
bytesRead = SSL_read(ssl,tempString,sizeof(tempString) - 1);
|
||||
|
||||
if (bytesRead == 0 && MacSocket_RemoteEndIsClosing(theSocket))
|
||||
{
|
||||
break;
|
||||
}
|
||||
|
||||
else if (bytesRead < 0)
|
||||
{
|
||||
SetErrorMessageAndLongIntAndBail("OpenSSL: Error reading data via ssl, SSL_read() = ",bytesRead);
|
||||
}
|
||||
|
||||
|
||||
tempString[bytesRead] = '\0';
|
||||
|
||||
printf("%s", tempString);
|
||||
}
|
||||
|
||||
printf("\n\n\n");
|
||||
|
||||
// All done!
|
||||
|
||||
errCode = noErr;
|
||||
|
||||
|
||||
EXITPOINT:
|
||||
|
||||
// Clean up and go home
|
||||
|
||||
if (theSocket >= 0)
|
||||
{
|
||||
MacSocket_close(theSocket);
|
||||
}
|
||||
|
||||
if (ssl != nil)
|
||||
{
|
||||
SSL_free(ssl);
|
||||
}
|
||||
|
||||
if (ssl_ctx != nil)
|
||||
{
|
||||
SSL_CTX_free(ssl_ctx);
|
||||
}
|
||||
|
||||
|
||||
if (errCode != noErr)
|
||||
{
|
||||
printf("An error occurred:\n");
|
||||
|
||||
printf("%s",GetErrorMessage());
|
||||
}
|
||||
|
||||
|
||||
MacSocket_Shutdown();
|
||||
}
|
Разница между файлами не показана из-за своего большого размера
Загрузить разницу
|
@ -0,0 +1,104 @@
|
|||
#pragma once
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
enum {
|
||||
kMacSocket_TimeoutErr = -2
|
||||
};
|
||||
|
||||
// Since MacSocket does busy waiting, I do a callback while waiting
|
||||
|
||||
typedef OSErr(*MacSocket_IdleWaitCallback) (void *);
|
||||
|
||||
// Call this before anything else!
|
||||
|
||||
OSErr MacSocket_Startup(void);
|
||||
|
||||
// Call this to cleanup before quitting
|
||||
|
||||
OSErr MacSocket_Shutdown(void);
|
||||
|
||||
// Call this to allocate a "socket" (reference number is returned in
|
||||
// outSocketNum)
|
||||
// Note that inDoThreadSwitching is pretty much irrelevant right now, since I
|
||||
// ignore it
|
||||
// The inTimeoutTicks parameter is applied during reads/writes of data
|
||||
// The inIdleWaitCallback parameter specifies a callback which is called
|
||||
// during busy-waiting periods
|
||||
// The inUserRefPtr parameter is passed back to the idle-wait callback
|
||||
|
||||
OSErr MacSocket_socket(int *outSocketNum, const Boolean inDoThreadSwitching,
|
||||
const long inTimeoutTicks,
|
||||
MacSocket_IdleWaitCallback inIdleWaitCallback,
|
||||
void *inUserRefPtr);
|
||||
|
||||
// Call this to connect to an IP/DNS address
|
||||
// Note that inTargetAddressAndPort is in "IP:port" format-- e.g.
|
||||
// 10.1.1.1:123
|
||||
|
||||
OSErr MacSocket_connect(const int inSocketNum, char *inTargetAddressAndPort);
|
||||
|
||||
// Call this to listen on a port
|
||||
// Since this a low-performance implementation, I allow a maximum of 1 (one!)
|
||||
// incoming request when I listen
|
||||
|
||||
OSErr MacSocket_listen(const int inSocketNum, const int inPortNum);
|
||||
|
||||
// Call this to close a socket
|
||||
|
||||
OSErr MacSocket_close(const int inSocketNum);
|
||||
|
||||
// Call this to receive data on a socket
|
||||
// Most parameters' purpose are obvious-- except maybe "inBlock" which
|
||||
// controls whether I wait for data or return immediately
|
||||
|
||||
int MacSocket_recv(const int inSocketNum, void *outBuff, int outBuffLength,
|
||||
const Boolean inBlock);
|
||||
|
||||
// Call this to send data on a socket
|
||||
|
||||
int MacSocket_send(const int inSocketNum, const void *inBuff,
|
||||
int inBuffLength);
|
||||
|
||||
// If zero bytes were read in a call to MacSocket_recv(), it may be that the
|
||||
// remote end has done a half-close
|
||||
// This function will let you check whether that's true or not
|
||||
|
||||
Boolean MacSocket_RemoteEndIsClosing(const int inSocketNum);
|
||||
|
||||
// Call this to see if the listen has completed after a call to
|
||||
// MacSocket_listen()
|
||||
|
||||
Boolean MacSocket_ListenCompleted(const int inSocketNum);
|
||||
|
||||
// These really aren't very useful anymore
|
||||
|
||||
Boolean MacSocket_LocalEndIsOpen(const int inSocketNum);
|
||||
Boolean MacSocket_RemoteEndIsOpen(const int inSocketNum);
|
||||
|
||||
// You may wish to change the userRefPtr for a socket callback-- use this to
|
||||
// do it
|
||||
|
||||
void MacSocket_SetUserRefPtr(const int inSocketNum, void *inNewRefPtr);
|
||||
|
||||
// Call these to get the socket's IP:port descriptor
|
||||
|
||||
void MacSocket_GetLocalIPAndPort(const int inSocketNum, char *outIPAndPort,
|
||||
const int inIPAndPortLength);
|
||||
void MacSocket_GetRemoteIPAndPort(const int inSocketNum, char *outIPAndPort,
|
||||
const int inIPAndPortLength);
|
||||
|
||||
// Call this to get error info from a socket
|
||||
|
||||
void MacSocket_GetSocketErrorInfo(const int inSocketNum,
|
||||
int *outSocketErrCode,
|
||||
char *outSocketErrString,
|
||||
const int inSocketErrStringMaxLength);
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
Разница между файлами не показана из-за своего большого размера
Загрузить разницу
|
@ -0,0 +1,476 @@
|
|||
/*
|
||||
------- Strong random data generation on a Macintosh (pre - OS X) ------
|
||||
|
||||
-- GENERAL: We aim to generate unpredictable bits without explicit
|
||||
user interaction. A general review of the problem may be found
|
||||
in RFC 1750, "Randomness Recommendations for Security", and some
|
||||
more discussion, of general and Mac-specific issues has appeared
|
||||
in "Using and Creating Cryptographic- Quality Random Numbers" by
|
||||
Jon Callas (www.merrymeet.com/jon/usingrandom.html).
|
||||
|
||||
The data and entropy estimates provided below are based on my
|
||||
limited experimentation and estimates, rather than by any
|
||||
rigorous study, and the entropy estimates tend to be optimistic.
|
||||
They should not be considered absolute.
|
||||
|
||||
Some of the information being collected may be correlated in
|
||||
subtle ways. That includes mouse positions, timings, and disk
|
||||
size measurements. Some obvious correlations will be eliminated
|
||||
by the programmer, but other, weaker ones may remain. The
|
||||
reliability of the code depends on such correlations being
|
||||
poorly understood, both by us and by potential interceptors.
|
||||
|
||||
This package has been planned to be used with OpenSSL, v. 0.9.5.
|
||||
It requires the OpenSSL function RAND_add.
|
||||
|
||||
-- OTHER WORK: Some source code and other details have been
|
||||
published elsewhere, but I haven't found any to be satisfactory
|
||||
for the Mac per se:
|
||||
|
||||
* The Linux random number generator (by Theodore Ts'o, in
|
||||
drivers/char/random.c), is a carefully designed open-source
|
||||
crypto random number package. It collects data from a variety
|
||||
of sources, including mouse, keyboard and other interrupts.
|
||||
One nice feature is that it explicitly estimates the entropy
|
||||
of the data it collects. Some of its features (e.g. interrupt
|
||||
timing) cannot be reliably exported to the Mac without using
|
||||
undocumented APIs.
|
||||
|
||||
* Truerand by Don P. Mitchell and Matt Blaze uses variations
|
||||
between different timing mechanisms on the same system. This
|
||||
has not been tested on the Mac, but requires preemptive
|
||||
multitasking, and is hardware-dependent, and can't be relied
|
||||
on to work well if only one oscillator is present.
|
||||
|
||||
* Cryptlib's RNG for the Mac (RNDMAC.C by Peter Gutmann),
|
||||
gathers a lot of information about the machine and system
|
||||
environment. Unfortunately, much of it is constant from one
|
||||
startup to the next. In other words, the random seed could be
|
||||
the same from one day to the next. Some of the APIs are
|
||||
hardware-dependent, and not all are compatible with Carbon (OS
|
||||
X). Incidentally, the EGD library is based on the UNIX entropy
|
||||
gathering methods in cryptlib, and isn't suitable for MacOS
|
||||
either.
|
||||
|
||||
* Mozilla (and perhaps earlier versions of Netscape) uses the
|
||||
time of day (in seconds) and an uninitialized local variable
|
||||
to seed the random number generator. The time of day is known
|
||||
to an outside interceptor (to within the accuracy of the
|
||||
system clock). The uninitialized variable could easily be
|
||||
identical between subsequent launches of an application, if it
|
||||
is reached through the same path.
|
||||
|
||||
* OpenSSL provides the function RAND_screen(), by G. van
|
||||
Oosten, which hashes the contents of the screen to generate a
|
||||
seed. This is not useful for an extension or for an
|
||||
application which launches at startup time, since the screen
|
||||
is likely to look identical from one launch to the next. This
|
||||
method is also rather slow.
|
||||
|
||||
* Using variations in disk drive seek times has been proposed
|
||||
(Davis, Ihaka and Fenstermacher, world.std.com/~dtd/;
|
||||
Jakobsson, Shriver, Hillyer and Juels,
|
||||
www.bell-labs.com/user/shriver/random.html). These variations
|
||||
appear to be due to air turbulence inside the disk drive
|
||||
mechanism, and are very strongly unpredictable. Unfortunately
|
||||
this technique is slow, and some implementations of it may be
|
||||
patented (see Shriver's page above.) It of course cannot be
|
||||
used with a RAM disk.
|
||||
|
||||
-- TIMING: On the 601 PowerPC the time base register is guaranteed
|
||||
to change at least once every 10 addi instructions, i.e. 10
|
||||
cycles. On a 60 MHz machine (slowest PowerPC) this translates to
|
||||
a resolution of 1/6 usec. Newer machines seem to be using a 10
|
||||
cycle resolution as well.
|
||||
|
||||
For 68K Macs, the Microseconds() call may be used. See Develop
|
||||
issue 29 on the Apple developer site
|
||||
(developer.apple.com/dev/techsupport/develop/issue29/minow.html)
|
||||
for information on its accuracy and resolution. The code below
|
||||
has been tested only on PowerPC based machines.
|
||||
|
||||
The time from machine startup to the launch of an application in
|
||||
the startup folder has a variance of about 1.6 msec on a new G4
|
||||
machine with a defragmented and optimized disk, most extensions
|
||||
off and no icons on the desktop. This can be reasonably taken as
|
||||
a lower bound on the variance. Most of this variation is likely
|
||||
due to disk seek time variability. The distribution of startup
|
||||
times is probably not entirely even or uncorrelated. This needs
|
||||
to be investigated, but I am guessing that it not a majpor
|
||||
problem. Entropy = log2 (1600/0.166) ~= 13 bits on a 60 MHz
|
||||
machine, ~16 bits for a 450 MHz machine.
|
||||
|
||||
User-launched application startup times will have a variance of
|
||||
a second or more relative to machine startup time. Entropy >~22
|
||||
bits.
|
||||
|
||||
Machine startup time is available with a 1-second resolution. It
|
||||
is predictable to no better a minute or two, in the case of
|
||||
people who show up punctually to work at the same time and
|
||||
immediately start their computer. Using the scheduled startup
|
||||
feature (when available) will cause the machine to start up at
|
||||
the same time every day, making the value predictable. Entropy
|
||||
>~7 bits, or 0 bits with scheduled startup.
|
||||
|
||||
The time of day is of course known to an outsider and thus has 0
|
||||
entropy if the system clock is regularly calibrated.
|
||||
|
||||
-- KEY TIMING: A very fast typist (120 wpm) will have a typical
|
||||
inter-key timing interval of 100 msec. We can assume a variance
|
||||
of no less than 2 msec -- maybe. Do good typists have a constant
|
||||
rhythm, like drummers? Since what we measure is not the
|
||||
key-generated interrupt but the time at which the key event was
|
||||
taken off the event queue, our resolution is roughly the time
|
||||
between process switches, at best 1 tick (17 msec). I therefore
|
||||
consider this technique questionable and not very useful for
|
||||
obtaining high entropy data on the Mac.
|
||||
|
||||
-- MOUSE POSITION AND TIMING: The high bits of the mouse position
|
||||
are far from arbitrary, since the mouse tends to stay in a few
|
||||
limited areas of the screen. I am guessing that the position of
|
||||
the mouse is arbitrary within a 6 pixel square. Since the mouse
|
||||
stays still for long periods of time, it should be sampled only
|
||||
after it was moved, to avoid correlated data. This gives an
|
||||
entropy of log2(6*6) ~= 5 bits per measurement.
|
||||
|
||||
The time during which the mouse stays still can vary from zero
|
||||
to, say, 5 seconds (occasionally longer). If the still time is
|
||||
measured by sampling the mouse during null events, and null
|
||||
events are received once per tick, its resolution is 1/60th of a
|
||||
second, giving an entropy of log2 (60*5) ~= 8 bits per
|
||||
measurement. Since the distribution of still times is uneven,
|
||||
this estimate is on the high side.
|
||||
|
||||
For simplicity and compatibility across system versions, the
|
||||
mouse is to be sampled explicitly (e.g. in the event loop),
|
||||
rather than in a time manager task.
|
||||
|
||||
-- STARTUP DISK TOTAL FILE SIZE: Varies typically by at least 20k
|
||||
from one startup to the next, with 'minimal' computer use. Won't
|
||||
vary at all if machine is started again immediately after
|
||||
startup (unless virtual memory is on), but any application which
|
||||
uses the web and caches information to disk is likely to cause
|
||||
this much variation or more. The variation is probably not
|
||||
random, but I don't know in what way. File sizes tend to be
|
||||
divisible by 4 bytes since file format fields are often
|
||||
long-aligned. Entropy > log2 (20000/4) ~= 12 bits.
|
||||
|
||||
-- STARTUP DISK FIRST AVAILABLE ALLOCATION BLOCK: As the volume
|
||||
gets fragmented this could be anywhere in principle. In a
|
||||
perfectly unfragmented volume this will be strongly correlated
|
||||
with the total file size on the disk. With more fragmentation
|
||||
comes less certainty. I took the variation in this value to be
|
||||
1/8 of the total file size on the volume.
|
||||
|
||||
-- SYSTEM REQUIREMENTS: The code here requires System 7.0 and above
|
||||
(for Gestalt and Microseconds calls). All the calls used are
|
||||
Carbon-compatible.
|
||||
*/
|
||||
|
||||
/*------------------------------ Includes ----------------------------*/
|
||||
|
||||
#include "Randomizer.h"
|
||||
|
||||
// Mac OS API
|
||||
#include <Files.h>
|
||||
#include <Folders.h>
|
||||
#include <Events.h>
|
||||
#include <Processes.h>
|
||||
#include <Gestalt.h>
|
||||
#include <Resources.h>
|
||||
#include <LowMem.h>
|
||||
|
||||
// Standard C library
|
||||
#include <stdlib.h>
|
||||
#include <math.h>
|
||||
|
||||
/*---------------------- Function declarations -----------------------*/
|
||||
|
||||
// declared in OpenSSL/crypto/rand/rand.h
|
||||
extern "C" void RAND_add (const void *buf, int num, double entropy);
|
||||
|
||||
unsigned long GetPPCTimer (bool is601); // Make it global if needed
|
||||
// elsewhere
|
||||
|
||||
/*---------------------------- Constants -----------------------------*/
|
||||
|
||||
#define kMouseResolution 6 // Mouse position has to differ
|
||||
// from the last one by this
|
||||
// much to be entered
|
||||
#define kMousePositionEntropy 5.16 // log2 (kMouseResolution**2)
|
||||
#define kTypicalMouseIdleTicks 300.0 // I am guessing that a typical
|
||||
// amount of time between mouse
|
||||
// moves is 5 seconds
|
||||
#define kVolumeBytesEntropy 12.0 // about log2 (20000/4),
|
||||
// assuming a variation of 20K
|
||||
// in total file size and
|
||||
// long-aligned file formats.
|
||||
#define kApplicationUpTimeEntropy 6.0 // Variance > 1 second, uptime
|
||||
// in ticks
|
||||
#define kSysStartupEntropy 7.0 // Entropy for machine startup
|
||||
// time
|
||||
|
||||
|
||||
/*------------------------ Function definitions ----------------------*/
|
||||
|
||||
CRandomizer::CRandomizer (void)
|
||||
{
|
||||
long result;
|
||||
|
||||
mSupportsLargeVolumes =
|
||||
(Gestalt(gestaltFSAttr, &result) == noErr) &&
|
||||
((result & (1L << gestaltFSSupports2TBVols)) != 0);
|
||||
|
||||
if (Gestalt (gestaltNativeCPUtype, &result) != noErr)
|
||||
{
|
||||
mIsPowerPC = false;
|
||||
mIs601 = false;
|
||||
}
|
||||
else
|
||||
{
|
||||
mIs601 = (result == gestaltCPU601);
|
||||
mIsPowerPC = (result >= gestaltCPU601);
|
||||
}
|
||||
mLastMouse.h = mLastMouse.v = -10; // First mouse will
|
||||
// always be recorded
|
||||
mLastPeriodicTicks = TickCount();
|
||||
GetTimeBaseResolution ();
|
||||
|
||||
// Add initial entropy
|
||||
AddTimeSinceMachineStartup ();
|
||||
AddAbsoluteSystemStartupTime ();
|
||||
AddStartupVolumeInfo ();
|
||||
AddFiller ();
|
||||
}
|
||||
|
||||
void CRandomizer::PeriodicAction (void)
|
||||
{
|
||||
AddCurrentMouse ();
|
||||
AddNow (0.0); // Should have a better entropy estimate here
|
||||
mLastPeriodicTicks = TickCount();
|
||||
}
|
||||
|
||||
/*------------------------- Private Methods --------------------------*/
|
||||
|
||||
void CRandomizer::AddCurrentMouse (void)
|
||||
{
|
||||
Point mouseLoc;
|
||||
unsigned long lastCheck; // Ticks since mouse was last
|
||||
// sampled
|
||||
|
||||
#if TARGET_API_MAC_CARBON
|
||||
GetGlobalMouse (&mouseLoc);
|
||||
#else
|
||||
mouseLoc = LMGetMouseLocation();
|
||||
#endif
|
||||
|
||||
if (labs (mLastMouse.h - mouseLoc.h) > kMouseResolution/2 &&
|
||||
labs (mLastMouse.v - mouseLoc.v) > kMouseResolution/2)
|
||||
AddBytes (&mouseLoc, sizeof(mouseLoc),
|
||||
kMousePositionEntropy);
|
||||
|
||||
if (mLastMouse.h == mouseLoc.h && mLastMouse.v == mouseLoc.v)
|
||||
mMouseStill ++;
|
||||
else
|
||||
{
|
||||
double entropy;
|
||||
|
||||
// Mouse has moved. Add the number of measurements for
|
||||
// which it's been still. If the resolution is too
|
||||
// coarse, assume the entropy is 0.
|
||||
|
||||
lastCheck = TickCount() - mLastPeriodicTicks;
|
||||
if (lastCheck <= 0)
|
||||
lastCheck = 1;
|
||||
entropy = log2l
|
||||
(kTypicalMouseIdleTicks/(double)lastCheck);
|
||||
if (entropy < 0.0)
|
||||
entropy = 0.0;
|
||||
AddBytes (&mMouseStill, sizeof(mMouseStill), entropy);
|
||||
mMouseStill = 0;
|
||||
}
|
||||
mLastMouse = mouseLoc;
|
||||
}
|
||||
|
||||
void CRandomizer::AddAbsoluteSystemStartupTime (void)
|
||||
{
|
||||
unsigned long now; // Time in seconds since
|
||||
// 1/1/1904
|
||||
GetDateTime (&now);
|
||||
now -= TickCount() / 60; // Time in ticks since machine
|
||||
// startup
|
||||
AddBytes (&now, sizeof(now), kSysStartupEntropy);
|
||||
}
|
||||
|
||||
void CRandomizer::AddTimeSinceMachineStartup (void)
|
||||
{
|
||||
AddNow (1.5); // Uncertainty in app startup
|
||||
// time is > 1.5 msec (for
|
||||
// automated app startup).
|
||||
}
|
||||
|
||||
void CRandomizer::AddAppRunningTime (void)
|
||||
{
|
||||
ProcessSerialNumber PSN;
|
||||
ProcessInfoRec ProcessInfo;
|
||||
|
||||
ProcessInfo.processInfoLength = sizeof(ProcessInfoRec);
|
||||
ProcessInfo.processName = nil;
|
||||
ProcessInfo.processAppSpec = nil;
|
||||
|
||||
GetCurrentProcess (&PSN);
|
||||
GetProcessInformation (&PSN, &ProcessInfo);
|
||||
|
||||
// Now add the amount of time in ticks that the current process
|
||||
// has been active
|
||||
|
||||
AddBytes (&ProcessInfo, sizeof(ProcessInfoRec),
|
||||
kApplicationUpTimeEntropy);
|
||||
}
|
||||
|
||||
void CRandomizer::AddStartupVolumeInfo (void)
|
||||
{
|
||||
short vRefNum;
|
||||
long dirID;
|
||||
XVolumeParam pb;
|
||||
OSErr err;
|
||||
|
||||
if (!mSupportsLargeVolumes)
|
||||
return;
|
||||
|
||||
FindFolder (kOnSystemDisk, kSystemFolderType, kDontCreateFolder,
|
||||
&vRefNum, &dirID);
|
||||
pb.ioVRefNum = vRefNum;
|
||||
pb.ioCompletion = 0;
|
||||
pb.ioNamePtr = 0;
|
||||
pb.ioVolIndex = 0;
|
||||
err = PBXGetVolInfoSync (&pb);
|
||||
if (err != noErr)
|
||||
return;
|
||||
|
||||
// Base the entropy on the amount of space used on the disk and
|
||||
// on the next available allocation block. A lot else might be
|
||||
// unpredictable, so might as well toss the whole block in. See
|
||||
// comments for entropy estimate justifications.
|
||||
|
||||
AddBytes (&pb, sizeof(pb),
|
||||
kVolumeBytesEntropy +
|
||||
log2l (((pb.ioVTotalBytes.hi - pb.ioVFreeBytes.hi)
|
||||
* 4294967296.0D +
|
||||
(pb.ioVTotalBytes.lo - pb.ioVFreeBytes.lo))
|
||||
/ pb.ioVAlBlkSiz - 3.0));
|
||||
}
|
||||
|
||||
/*
|
||||
On a typical startup CRandomizer will come up with about 60
|
||||
bits of good, unpredictable data. Assuming no more input will
|
||||
be available, we'll need some more lower-quality data to give
|
||||
OpenSSL the 128 bits of entropy it desires. AddFiller adds some
|
||||
relatively predictable data into the soup.
|
||||
*/
|
||||
|
||||
void CRandomizer::AddFiller (void)
|
||||
{
|
||||
struct
|
||||
{
|
||||
ProcessSerialNumber psn; // Front process serial
|
||||
// number
|
||||
RGBColor hiliteRGBValue; // User-selected
|
||||
// highlight color
|
||||
long processCount; // Number of active
|
||||
// processes
|
||||
long cpuSpeed; // Processor speed
|
||||
long totalMemory; // Total logical memory
|
||||
// (incl. virtual one)
|
||||
long systemVersion; // OS version
|
||||
short resFile; // Current resource file
|
||||
} data;
|
||||
|
||||
GetNextProcess ((ProcessSerialNumber*) kNoProcess);
|
||||
while (GetNextProcess (&data.psn) == noErr)
|
||||
data.processCount++;
|
||||
GetFrontProcess (&data.psn);
|
||||
LMGetHiliteRGB (&data.hiliteRGBValue);
|
||||
Gestalt (gestaltProcClkSpeed, &data.cpuSpeed);
|
||||
Gestalt (gestaltLogicalRAMSize, &data.totalMemory);
|
||||
Gestalt (gestaltSystemVersion, &data.systemVersion);
|
||||
data.resFile = CurResFile ();
|
||||
|
||||
// Here we pretend to feed the PRNG completely random data. This
|
||||
// is of course false, as much of the above data is predictable
|
||||
// by an outsider. At this point we don't have any more
|
||||
// randomness to add, but with OpenSSL we must have a 128 bit
|
||||
// seed before we can start. We just add what we can, without a
|
||||
// real entropy estimate, and hope for the best.
|
||||
|
||||
AddBytes (&data, sizeof(data), 8.0 * sizeof(data));
|
||||
AddCurrentMouse ();
|
||||
AddNow (1.0);
|
||||
}
|
||||
|
||||
//------------------- LOW LEVEL ---------------------
|
||||
|
||||
void CRandomizer::AddBytes (void *data, long size, double entropy)
|
||||
{
|
||||
RAND_add (data, size, entropy * 0.125); // Convert entropy bits
|
||||
// to bytes
|
||||
}
|
||||
|
||||
void CRandomizer::AddNow (double millisecondUncertainty)
|
||||
{
|
||||
long time = SysTimer();
|
||||
AddBytes (&time, sizeof(time), log2l (millisecondUncertainty *
|
||||
mTimebaseTicksPerMillisec));
|
||||
}
|
||||
|
||||
//----------------- TIMING SUPPORT ------------------
|
||||
|
||||
void CRandomizer::GetTimeBaseResolution (void)
|
||||
{
|
||||
#ifdef __powerc
|
||||
long speed;
|
||||
|
||||
// gestaltProcClkSpeed available on System 7.5.2 and above
|
||||
if (Gestalt (gestaltProcClkSpeed, &speed) != noErr)
|
||||
// Only PowerPCs running pre-7.5.2 are 60-80 MHz
|
||||
// machines.
|
||||
mTimebaseTicksPerMillisec = 6000.0D;
|
||||
// Assume 10 cycles per clock update, as in 601 spec. Seems true
|
||||
// for later chips as well.
|
||||
mTimebaseTicksPerMillisec = speed / 1.0e4D;
|
||||
#else
|
||||
// 68K VIA-based machines (see Develop Magazine no. 29)
|
||||
mTimebaseTicksPerMillisec = 783.360D;
|
||||
#endif
|
||||
}
|
||||
|
||||
unsigned long CRandomizer::SysTimer (void) // returns the lower 32
|
||||
// bit of the chip timer
|
||||
{
|
||||
#ifdef __powerc
|
||||
return GetPPCTimer (mIs601);
|
||||
#else
|
||||
UnsignedWide usec;
|
||||
Microseconds (&usec);
|
||||
return usec.lo;
|
||||
#endif
|
||||
}
|
||||
|
||||
#ifdef __powerc
|
||||
// The timebase is available through mfspr on 601, mftb on later chips.
|
||||
// Motorola recommends that an 601 implementation map mftb to mfspr
|
||||
// through an exception, but I haven't tested to see if MacOS actually
|
||||
// does this. We only sample the lower 32 bits of the timer (i.e. a
|
||||
// few minutes of resolution)
|
||||
|
||||
asm unsigned long GetPPCTimer (register bool is601)
|
||||
{
|
||||
cmplwi is601, 0 // Check if 601
|
||||
bne _601 // if non-zero goto _601
|
||||
mftb r3 // Available on 603 and later.
|
||||
blr // return with result in r3
|
||||
_601:
|
||||
mfspr r3, spr5 // Available on 601 only.
|
||||
// blr inserted automatically
|
||||
}
|
||||
#endif
|
|
@ -0,0 +1,42 @@
|
|||
|
||||
// Gathers unpredictable system data to be used for generating
|
||||
// random bits
|
||||
|
||||
#include <MacTypes.h>
|
||||
|
||||
class CRandomizer {
|
||||
public:
|
||||
CRandomizer(void);
|
||||
void PeriodicAction(void);
|
||||
|
||||
private:
|
||||
|
||||
// Private calls
|
||||
|
||||
void AddTimeSinceMachineStartup(void);
|
||||
void AddAbsoluteSystemStartupTime(void);
|
||||
void AddAppRunningTime(void);
|
||||
void AddStartupVolumeInfo(void);
|
||||
void AddFiller(void);
|
||||
|
||||
void AddCurrentMouse(void);
|
||||
void AddNow(double millisecondUncertainty);
|
||||
void AddBytes(void *data, long size, double entropy);
|
||||
|
||||
void GetTimeBaseResolution(void);
|
||||
unsigned long SysTimer(void);
|
||||
|
||||
// System Info
|
||||
bool mSupportsLargeVolumes;
|
||||
bool mIsPowerPC;
|
||||
bool mIs601;
|
||||
|
||||
// Time info
|
||||
double mTimebaseTicksPerMillisec;
|
||||
unsigned long mLastPeriodicTicks;
|
||||
|
||||
// Mouse info
|
||||
long mSamplePeriod;
|
||||
Point mLastMouse;
|
||||
long mMouseStill;
|
||||
};
|
|
@ -0,0 +1,18 @@
|
|||
-------------------------------------------------------------------
|
||||
Verify server certificate
|
||||
-------------------------------------------------------------------
|
||||
Currently omitted from the project:
|
||||
|
||||
crypto/tmdiff.c
|
||||
crypto/bio/bss_conn.c
|
||||
crypto/bio/b_sock.c
|
||||
crypto/bio/bss_acpt.c
|
||||
crypto/bio/bss_log.h
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Build libraries to link with...
|
||||
-------------------------------------------------------------------
|
||||
Port openssl application.
|
||||
-------------------------------------------------------------------
|
||||
BN optimizations (currently PPC version is compiled with BN_LLONG)
|
||||
-------------------------------------------------------------------
|
|
@ -0,0 +1,9 @@
|
|||
#include <MacHeaders.h>
|
||||
#define B_ENDIAN
|
||||
#ifdef __POWERPC__
|
||||
# pragma longlong on
|
||||
#endif
|
||||
#if 1
|
||||
# define MAC_OS_GUSI_SOURCE
|
||||
#endif
|
||||
#define MONOLITH
|
|
@ -0,0 +1,9 @@
|
|||
#include <MacHeaders.h>
|
||||
#define B_ENDIAN
|
||||
#ifdef __POWERPC__
|
||||
# pragma longlong on
|
||||
#endif
|
||||
#if 0
|
||||
# define MAC_OS_GUSI_SOURCE
|
||||
#endif
|
||||
#define MONOLITH
|
|
@ -0,0 +1,5 @@
|
|||
#ifndef MK1MF_BUILD
|
||||
# define CFLAGS "-DB_ENDIAN"
|
||||
# define PLATFORM "macos"
|
||||
# define DATE "Sun Feb 27 19:44:16 MET 2000"
|
||||
#endif
|
|
@ -0,0 +1,820 @@
|
|||
(This file must be converted with BinHex 4.0)
|
||||
|
||||
:#QeVE'PZDh-ZBA-!39"36'&`E(3J!!!!!!!!!*LiI6m!!!!!!3!!!*G#!!#@3J!
|
||||
!!AChFQPd!!!!K3)"!3m(Fh9`F'pbG!!!!)B#!3%$"(0eFQ8!!!#(!J-%"!3("3C
|
||||
cGfPdBfJ!!!#)!J%"#39cH@jMD!!!!)N#"J%$!`-&"3-'FhPcG'9Y!!!!LJ)&"3)
|
||||
%!J8("!-#!`4dB@*X!!!!L`))!3-$!`-$!`-$"(4PE'`!!!#-!J)"#38$G'KP!!!
|
||||
!M3))(J)@!Ki#!J))!K)#!`)B!Kd%G'KPE3!!!)i#!J%&#`4dD'9j!!!!M`)#!J)
|
||||
#$3TdD(*[G@GSEh9d!!!!N!!#!3%&"(4TCQB!!!#4!J%"!`4dD@eP!!!!NJ)"!JS
|
||||
#!h4T!!!!'N!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!H!!!!!!!#!!!!!!
|
||||
!!!!!!!!!!!!!rrrrr`!!!$3!!!!N!!!!!#"[!!5JAb"[!!5K++!M6R9$9'mJFR9
|
||||
Z)(4SDA-JFf0bDA"d)'&`F'aTBf&dD@pZ,#"jEh8JEA9cG#"QDA*cG#"TER0dB@a
|
||||
X)%&`F'aP8f0bDA"d,J!!!)C8D'Pc)(0MFQP`G#"MFQ9KG'9c)#iZ,fPZBfaeC'8
|
||||
[Eh"PER0cE#"KEQ3JCQPXE(-JDA3JGfPdD#"ZC@0PFh0KFRNJB@aTBA0PFbi0$8P
|
||||
d)'eTCfKd)(4KDf8JB5"hD'PXC5"dEb"MEfe`E'9dC5"cEb"`E'9KFf8JBQ8JF'&
|
||||
dD@9ZG$SY+3!!!#S!!J!!!!!!$3!+!"!!!!!-!!!!!!!!!!!!63!0!!S!%!%!!!`
|
||||
!!!!!!!!!!!!B!!!!+!!!!!!!!!!)!!!!)!#N2c`!!DR`!!!!l!!!!!&19[ri,`0
|
||||
f!#m$-$bKVDG'*KmY52ri,`-`2+LITdBQ(b!ZrrLa`'FJ,`-J2'0`ER4"l[rm)NL
|
||||
KV5+)*Kp+3'B)5Ulrr'F#GJ%3!bBZrr41ANje6PB!!#m-@Bm[2%j29%Nr2!#!U"m
|
||||
SAb!-CJK`!cm!UFKJ+#m-UC)J9#!)d+J!'#&!!"JJ9#!)d+J!(#&!!"a9Mbm8)&q
|
||||
JAMk!9%mSE[rm6Pj1G8j@!!![$%kkre4+!'FU@Bm[2'&`E(3[2(0MF(4`)DJU+&m
|
||||
J$'F5@Bm[$#mm!!!!!A!!U#UTp&K26VVrG#KZrra1ANje!!!!('&`E(3!!!!"4P*
|
||||
&4J!!!!!!J%P$6L-!!!!!!*B!!!!"!!!!!!G"8&"-!!!!!!!"!!!"!!!!!S!!!!4
|
||||
!!!"i)!!!K"!!!3))!!)#"!!%"!)!#!J"!"!8!)!J)J"!3%%!)2#!J"#*!%!)KJ!
|
||||
J")3!)!*!!"!")!!3!K!!%!3)!"!)"!!J%!)!3#!"!)"!!S%!J!5#!3!)4!)!#%J
|
||||
%!!KB#!!%C"!!!m)J!!!"3!!!!)!!!!%!!!!$J!!!"m!!!(rJ!!$rm!!"rrJ!!rr
|
||||
m!!IrrJ!2rrm!(rrrJ$rrrm"rrrrJrrrrm2rrrrMrrrrmrrrrrRrrrrmrrrrq(rr
|
||||
rr!rrrrJ(rrr`!rrri!(rrm!$rrq!"rrr!!rrrJ!2rr`!$rri!!IRm!!$`q!!!!(
|
||||
!!!!!J!!!!!)!!!!!!!!!!!m!!!!!!!!!!!!!!!!!!!$`m!!!!!!!!!!!!!!!!!!
|
||||
2!!m!!!!!!!!!!!!!!!rrm!!!m!!!!!!!!!!!!!$`c0m!!!m!!!!!!!!!!!!2!!c
|
||||
-m!!!m!!!!!!!!!!!m!$-cI!!!!m!!!!!!!!!$`!-c0m!!!!!m!!!!!!!!2!!c-h
|
||||
`!!!!!!m!!!!!!!m!$-cIh`!!!!!!m!!!!!$`!-c0rGh`!!!!!!m!!!!2!!c-hph
|
||||
-h`!!!!!!m!!!rrr-cIhF`-h`!!!!!!m!!2lFr0rGc!`-h`!!!!!!m!$pc-rph-$
|
||||
!`-h`!!!!!!m!r-`2cF`-$!!-r3!!!!!!m!m!`-c!`-!!$0m!!!!!$-m!m!`-$!`
|
||||
!!-cI!!!!!-c`!!m!`-$!!!`-h`!!!!c2!!!!m!`-!!$!c0m!!!$-m!!!!!m!`!!
|
||||
-$-hm!!!-c`!!!!!!m!!!`-cIc!!!c2!!!!!!!!m!$!c0r-`!$-m!!!!!!!$pm-$
|
||||
-hmc!!-c`!!!!!!!2hI`-cIc-!!c2!!!!!!!!rGc2c0r-`!$-m!!!!!!!!2h-cmh
|
||||
mc!!-c`!!!!!!!!$mc!rIr-!!c2!!!!!!!!!!$m$2m!r-$-m!!!!!!!!!!!$rr`!
|
||||
!r-c`!!!!!!!!!!!!!!!!!!r2!!!!!!!!!!!!!!!!!!!!m!!!!!!!!!!!!!"!!B!
|
||||
13"%J)4"##18%Q)+3!%&!)5!L%%3BL#83*L!G3!#!!B!2`"rJ2r"rq2rmrrlrrhr
|
||||
r2riIr"ri2r!ri"h!!)!!!!#!!!!!$r!!!!!!!2r`$`!!!!!2$!m!m!!!!2$!c`!
|
||||
2!!!2$!c`!!$`!2r`cpm!!!m!rGrpc2!!!2$p$p`-c`!!$`m!`-$0m!$2!2!-$-h
|
||||
`$2!!$`$-hm$2!!!2m-hm$2!!!2h2hm$2!!!!r-rm$2!!!!!2r`r2!!!!!!!!!2!
|
||||
!!!!!!!#D8f0bDA"d)%&`F'aTBf&dD@pZ$3e8D'Pc)(0MFQP`G#"MFQ9KG'9c)#i
|
||||
Z,fPZBfaeC'8[Eh"PER0cE#"KEQ3JCQPXE(-JDA3JGfPdD#"ZC@0PFh0KFRNJB@a
|
||||
TBA0PFbi0$8Pd)'eTCfKd)(4KDf8JB5"hD'PXC5"dEb"MEfe`E'9dC5"cEb"`E'9
|
||||
KFf8JBQ8JF'&dD@9ZG$SY+3!!!")!!J!!!!!!!!!!!!%!"J!'%iN!!!!+@1!!!b!
|
||||
!!!-J!!!!!"3!+`!(!Cm#@!!V!!F"f!*B!!!!!3!!M`C'BA0N98&6)$%Z-6!a,M%
|
||||
`$J!!!!32rrm!!3!#!!-"rrm!!!d!!3!"D`!!!!!!!!!%!J!%!!)!"3!'$3!&!!*
|
||||
X!!)!!!U`!!IrrJd!"`!#6`!!!!!+X!!)!!N0!!J!!@X!!!!%#Um!#J)!#J!#!!X
|
||||
!$!d!#`!#E!!#!!3!"2rprr`"rrd!!!(rr!!!!J!-!!)!$3!1$3!0!!*X!!%!"!!
|
||||
%rrX!$`(rq`!!$!!2!&N!8b"(CA3JF'&dD#"dEb"dD'Pc)%&`F'aP8f0bDA"d)'&
|
||||
`F'aPG$XJGA0P)'Pd)(4[)'C[FQdJG'KP)("KG'JJG'mJG'KP)'PZBfaeC'8JCQp
|
||||
XC'9b!!)!!!)!$J!#!"!!%3d!%!!#E!!"!!3!"2rk!")"rrS!!!`!%J!Q!#!JB@j
|
||||
N)(4SC5"[G'KPFL"bC@aPGQ&ZG#"QEfaNCA*c,J!#!!!#!"%!!J!6!"30!"-!!R-
|
||||
!!!!%!"%!&3!@$3!9!!*M!!!!"!!1!"F!'!d!&`!#E!!&!!3!$!!CrrN0!"N!!Qi
|
||||
!!!!%!!`!'J!E$3!D!!)d!!!!"3!-rrJ!(!Vrq!!%#Q0[BQS0!"`!!Q`!"3!'!!X
|
||||
!(Irh$3!G!!0*!!)!"J!,rrB!([re#[rf!"JZC@&bFfCQC(*KE'Pc!!!!!!!!)!"
|
||||
KCQ4b$3!H!!"Q!!!!"J!(![re!!!"rrF!!!d!'`!"E3!!!!3!"3!I$`!I!6J)ER9
|
||||
XE!!!!!!!!Gq!rrm!!!!A"NCTEQ4PFJ!!(`*[Me!!ASfm!Qq,i!"HA[!!I&M!!!!
|
||||
!!!!!'mi!!JN#!Qq-1!!!Kb%#Ei`J!!!!!%C14&*038e"3e-!!"%!B@aTF`!!!!!
|
||||
!fJ!#!!!-6@&MD@jdEh0S)%K%!!!!!!!!!!!!!!!!!!!!XSA5h%*%!!!!!!!A"NC
|
||||
TEQ4PFJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
|
||||
!!!!!!!!!!!!!!!!!!!!!3rLc#@a!4Nj%8Ne"3e2rrrrr!!!!!!!!!!!!!!!!!!!
|
||||
!!!!!!!e6HA0dC@dJ4QpXC'9b!!!"!!3!!!!A!!)!)8eKBfPZG'pcD#")4$T6HA0
|
||||
dC@dJ4QpXC'9b1NCTEQ4PFJ$rr`!!!Irj!!!0!"J!!@d!!!!-!!hrp!Vrp!!%#Q0
|
||||
dH(30!"B!!@m!!!!!!!$rm`[rm`!5-!!(G'KPF'&dD!!(G'KP8'&dD!)!&!!#!#!
|
||||
!)3d!)!!#E!!#!")!%[rbrr%"rr)!!!(rm3!!!J!K!!)!)J!M$3!L!!*b!!!!%J!
|
||||
A!#3!*3d!*!!#EJ!$!")!&3!Q!#F0!#B!!6%!!!!6!"Arm!Vrm!!%#R4iC'`0!#F
|
||||
!!6%!!!!5!"2rl`Vrl`!%#Q&cBh)0!#8!!@m!!!!!!!$rlJ[rlJ!F-!!-G'KPEfa
|
||||
NC'9XD@ec!!adD'92E'4%C@aTEA-#!#-!!J!S!#N0!#J!!R)!!!!B!"d!+J!V$3!
|
||||
U!!&Y!!!!'!!C!#`-!#`!"`!"1J!#!!!0!#X!!Qi!!`!!!!!!,3!Z$3!Y!!%a!!!
|
||||
!'J!Frqd+rqd!"!TdH'4X$3!Z!!%a!!!!'3!Drq`+rq`!"!TKFf0b!J!T!!)!,`!
|
||||
`$3![!!*X!!)!(J!Hrq[rkJ(rk`!!!IrU!!!#!$!!!J!a!$)0!$%!!R)!!!!H!#X
|
||||
!-`!d$3!c!!*X!!8!(J!T!$Ark3d!03!#EJ!!!"i!+3!f!$F0!$B!!cF"!!!I!#R
|
||||
rk!!i!$N+rqJ!"!TMDA4Y$3!i!!&Y!!!!)`!PrqF$rqF!!3d!13!"E3!!!#B!+2r
|
||||
Q!rrQrrd0!$F!!@m!!!!H!"rrj3[rj3!5-!!(G'KPF'&dD!!(G'KP8'&dD!(rk3!
|
||||
!$3!d!!&[!!!!!!!!rq3,rq3!)$!!$R4SCA"bEfTPBh4`BA4S!!jdD'93FQpUC@0
|
||||
d8'&dD!)!-J!#!$S!1`d!1J!#FJ!!!#`!1`!m!$d0!$`!!Q-!!!!X!$N!2J!r$3!
|
||||
q!!*X!!8!,!!h!%$ri`d!3!!#EJ!!!#`!0`""!%)0!%%!!cF"!!!Y!$IriJ"$!%3
|
||||
+rq)!"!TMDA4Y$3"$!!&Y!!!!-3!crq%$rq%!!3d!4!!"E3!!!$3!0[rJ!rrJrri
|
||||
0!%)!!@m!!!!X!#hrh`[rh`!5-!!(G'KPF'&dD!!(G'KP8'&dD!(ri`!!$3!r!!&
|
||||
Y!!!!0`!irpi+rpi!"!T849K8$3!p!!&[!!!!!!!!rpd,rpd!&M!!#A4SC@ePF'&
|
||||
dD!!*G'KP6@93BA4S!J!l!!)!43"'$3"&!!*X!!)!2!!mrpcrf`(rh!!!!IrE!!!
|
||||
#!%B!!J"(!%J0!%F!!R)!!!!m!%8!53"+$3"*!!*M!!!!2!""!%X!6!d!5`!#BJ!
|
||||
!!$`!2`"0!%i0!%d!!@m!!!!m!$hrfJ[rfJ!J-!!1G'KPF(*[DQ9MG("KG'J!$R4
|
||||
SC9"bEfTPBh43BA4S$3"1!!&Y!!!!23!q!%m-!%m!$3!(D@jME(9NC3!#!!!0!%`
|
||||
!!@d!!!!r!%$rf3Vrf3!%#P4&@&30!%S!!@m!!!!!!!$rf![rf!!Q-!!4D@jME(9
|
||||
NC@C[E'4PFR"KG'J!%@PZBfaeC'9'EfaNCA*3BA4S!J")!!)!8!"4$3"3!!*b!!!
|
||||
!4J"9!&)!8`d!8J!#B`!!!%B!83"8!&80!&3!!Q)!!!"'!%m!9J"A$3"@!!*L!!!
|
||||
!4J",!&J!@3d!@!!"E`!!!%B!4rrA#rrA!#!`!!jdD'9`FQpUC@0dF'&dD!!1G'K
|
||||
P8(*[DQ9MG&"KG'J0!&N!!@d!!!"(!%S!@J`!@J!0!!GTEQ0XG@4P!!)!!!d!9`!
|
||||
"E3!!!%X!6J"E$!"E!!d!"fp`C@jcFf`!!J!!$3"9!!&Y!!!!6`"3rpB+rpB!"!T
|
||||
849K8$3"6!!&[!!!!!!!!rp8,rp8!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&
|
||||
dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S!J"4!!)!A!"G$3"F!!*b!!!!9J"
|
||||
K!&i!A`d!AJ!#B`!!!&B!A3"J!'%0!'!!!Q)!!!"@!&X!BJ"M$3"L!!&[!!!!9J"
|
||||
Arp3,rp3!)$!!$R4SCA"bEfTPBh4`BA4S!!jdD'93FQpUC@0d8'&dD!d!B`!"E3!
|
||||
!!&F!@J"N$!"N!!`!"Q0bHA"dE`!#!!!0!'%!!@d!!!"E!&crd`Vrd`!%#P4&@&3
|
||||
0!&m!!@m!!!!!!!$rdJ[rdJ!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4Qp
|
||||
XC'9b8'&dD!)!A3!#!'8!CJd!C3!#FJ!!!')!E3"R!'J0!'F!!Q-!!!"L!'N!D3"
|
||||
U$3"T!!*L!!!!BJ"R!'X!E!d!D`!"E`!!!')!Brr4#rr4!#!`!!jdD'9`FQpUC@0
|
||||
dF'&dD!!1G'KP8(*[DQ9MG&"KG'J0!'`!!@d!!!"M!'B!E3`!E3!*!!0cFf`!!J!
|
||||
!$3"U!!&Y!!!!C`"Srp!+rp!!"!T849K8$3"S!!&[!!!!!!!!rmm,rmm!(M!!$A0
|
||||
cE'C[E'4PFR"KG'J!$A0cE%C[E'4PFP"KG'J#!'B!!J"Z!'m0!'i!!R)!!!"Z!(8
|
||||
!F!"a$3"`!!*M!!!!EJ"a!()!F`d!FJ!"E`!!!'i!Err1#rr1!#!`!!jdD'9`FQp
|
||||
UC@0dF'&dD!!1G'KP8(*[DQ9MG&"KG'J0!(-!!@d!!!"[!($rc3Vrc3!%#P4&@&3
|
||||
0!(%!!@m!!!!!!!$rc![rc!!Q-!!4Eh"PER0cE'C[E'4PFR"KG'J!%@p`C@jcFfa
|
||||
'EfaNCA*3BA4S!J"[!!)!G!"e$3"d!!*X!!)!GJ"frm[rbJ(rb`!!!Ir+!!!#!(8
|
||||
!!J"f!(F0!(B!!R)!!!"f!(X!H!"j$3"i!!&[!!!!GJ"hrmN,rmN!($!!$(4SC@p
|
||||
XC'4PE'PYF`!-G'KP6faN4'9XD@ec$3"j!!*Z!!-!!!!!!(S!H`d!HJ!"-3!!!(J
|
||||
!H[r)#[r)!!3+G(KNE!d!H`!"-3!!!(F!H2r(#[r(!!3+BA0MFJ)!G`!#!(`!I3d
|
||||
!I!!#E!!#!(`!I2r'rm8"rmB!!!(ra3!!!J"p!!)!IJ"r$3"q!!*X!!%!I!"mrm3
|
||||
!J!(ra!!!$!#!!%!!1L"NC@aPG'8JEfaN)'PZBfaeC'8kEh"PER0cE#"QEfaNCA)
|
||||
JB@jN)(*PBh*PBA4P)'Pd)'0XC@&ZE(N!!J!!!J"r!!)!J3##$3#"!!*X!!)!I!"
|
||||
mrm2r`J(r``!!!Ir#!!!#!))!!J#$!)30!)-!!e%!!!"m!+8!K3#'!)F0!)8!!@X
|
||||
!!!"r!*`!L!)!L!!#!)N!LJd!L3!$53!#!(m!N[r"!)[r`!Vr`3!B,QeTFf0cE'0
|
||||
d+LSU+J!!!!!!!*!!!#SU+LS0!)X!!Qi!!!"r!)i!M!#0$3#-!!)d!!!!K`#1rlm
|
||||
!MJVr[`!%#Q0QEf`0!)i!!@d!!!#+!)d!M``!M`!0!!G[F'9ZFh0X!!)!!!d!M3!
|
||||
#0!!!!(m!Krqq!*!!#[qq!!3+BfC[E!d!N!!!!@m!!!#$!)Er[3[r[3!Q-!!4D@j
|
||||
ME(9NC@C[E'4PFR"KG'J!%@PZBfaeC'9'EfaNCA*3BA4S![r!!!!#!)S!!J#4rl`
|
||||
0!*%!!dN!!J#6!*crZ`#5rlS+rlX!'#jMEh*PC'9XEbSU+LS!!!!!!!#3!!!U+LS
|
||||
U$3#5!!%a!!!!N`#BrlN+rlN!"!TcC@aP![qk!!!#rl`!!!d!KJ!$8J!!!!!!!2q
|
||||
irlIrYJVrZ!!B,Q&cBh*PFR)J+LSU+J!!!!!!!*!!!#SU+LS"rlF!!!,rYJ!!$3#
|
||||
(!!*X!!%!T!#Nrl8!N`(rY3!!$!#6!"-!$5"TCfj[FQ8JCA*bEh)!!J!!!J#%!!)
|
||||
!P!#9$3#8!!*X!!)!TJ#Qrl6rX`(rY!!!!Iqc!!!#!*8!!J#@!*F0!*B!!dN!!J#
|
||||
Q!,lrX[qa!*J+rl)!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Iqa!!!'!*J
|
||||
!!rq`!*N!QJVrX!!%#QY[Bf`0!*N!!@d!!!#U!+hrV`VrV`!%#Q0QEf`'!*S!!rq
|
||||
Z!*[rV3VrVJ!%#QPZFfJ0!*X!!M3!!!#`!,MrV!#F#[qX!!3+BfC[E!d!R!!"E`!
|
||||
!!,3!YrqV#rqV!#B`!"&TEQ0XG@4PCQpXC'9bF'&dD!!4D@jME(9NC8C[E'4PFP"
|
||||
KG'J'rkd!!!)!P`!#!*d!RJd!R3!#FJ!!!,m!aJ#I!+!0!*m!!Q`"!!#r!-)!SIq
|
||||
U$3#K!!%a!!!![`$#rkN+rkN!"!TbFfad!IqU!!!0!+!!!@m!!!!!!!$rU![rU!!
|
||||
Z-!!9G'KPEQ9hCQpXC'9bFQ9QCA*PEQ0P!"9dD'91CAG'EfaNCA*5C@CPFQ9ZBf8
|
||||
#!*i!!J#L!+-0!+)!!dN!!J$(!-lrT`#NrkB+rkF!'#jYDA0MFfaMG#SU+LS!!!!
|
||||
!!!#3!!!U+LSU$3#N!!&[!!!!a`$+rk8,rk8!,M!!&A4SC@jPGfC[E'4PFR*PCQ9
|
||||
bC@jMC3!9G'KP6Q9h4QpXC'9b8Q9QCA*PEQ0P![qQ!!!#!+-!!J#P!+B0!+8!!R)
|
||||
!!!$2!0`!T`#S$3#R!!&Y!!!!c`$5!+N-!+N!$3!(Eh"PER0cE!!#!!!0!+J!!Qi
|
||||
!!!!!!!!!UJ#V$3#U!!%a!!!!e`$Erk3+rk3!"!T`EQ&Y$3#V!!%a!!!!dJ$Ark-
|
||||
+rk-!"!TcC@aP!J#Q!!)!V!#Y$3#X!!*X!!)!h3$Grk,rS3(rSJ!!!IqK!!!#!+d
|
||||
!!J#Z!+m0!+i!!Q`!!3$G!0hrS!#`!IqJ!!!-!,!!(`!C)&0dBA*d)'eKDfPZCb"
|
||||
dD'8JB@aTBA0PF`!#!!!#!+m!!J#a!,)0!,%!!dN!!J$G!3ArRrqH!,-+rjm!'#j
|
||||
MEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!IqH!!!'!,-!!rqG!,3!Y3VrR3!%#QY
|
||||
[Bf`0!,3!!@d!!!$K!16rR!VrR!!%#Q&XD@%'!,8!!rqE!,B!Y`VrQ`!%#QPZFfJ
|
||||
0!,B!!M3!!!$R!1rrQJ#i#[qD!!3+BfC[E!d!Z!!"E`!!!1X!l[qC#rqC!$3`!"K
|
||||
[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&
|
||||
dD!B!Y`!$rjJ!ZIqA#[qB!!3+G'mJ)!d!Z3!#EJ!!!2)!r`#k!,X0!,S!!M3!!!$
|
||||
i!2rrPJ#m#[q@!!3+CQPXC3d![!!"E3!!!2X!rJ#p$!#p!"-!$@p`C@jcFfaMEfj
|
||||
Q,QJ!!J!!$3#l!!)d!!!!mJ$irj8![JVrP3!%#Q0QEf`0!,i!!@m!!!$f!2IrP![
|
||||
rP!!@-!!*G'KPE@9`BA4S!!PdD'90C9"KG'J'rjF!!!)!XJ!#!,m!`!d![`!#E!!
|
||||
#!3B""[q6rj)"rj-!!!(rNJ!!!J$!!!)!`3$#$3$"!!*b!!!""J%4!--!a!d!``!
|
||||
#BJ!!!3B"$3$&!-B0!-8!!@m!!!%'!3RrN3[rN3!N-!!3Bh*jF(4[CQpXC'9bF'&
|
||||
dD!!3Bh*jF(4[4QpXC'9b8'&dD!d!aJ!"E3!!!3N"$!$($!$(!!X!"6TKFfia!!)
|
||||
!!!d!a!!"E`!!!!!!!2q3!![rN!!!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)!`J!
|
||||
#!-J!b3d!b!!$53!#!4)"22q2rii!bJVrM`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!
|
||||
!!'jeE'`"rii!!!B!bJ!$rid!b`$-#[q0!!3+DfpME!d!b`!"E3!!!4B"'Iq-#[q
|
||||
-!!3+B@aTB3B!c!!$riX!c3$1#[q,!!3+D@jcD!d!c3!#0!!!!4`"*2q+!-m+riS
|
||||
!"!TMCQpX$3$2!!&[!!!")!%MriN,riN!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9
|
||||
bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J$1!!2rL!$3riF+riJ!"!T
|
||||
dEb!J$3$3!!*Z!!!"*`%f!0%!dJd!d3!#0!!!!5m"0[q'!0-+riB!"!TQD@aP$3$
|
||||
6!!&Y!!!"-J%e!03-!03!$!!'BA0Z-5jS!!)!!!d!dJ!#0!!!!5F",rq&!08+ri8
|
||||
!"!TMCQpX$3$9!!&[!!!"+`%Zri3,ri3!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!E
|
||||
rK`!!!J$*!!)!eJ$A$3$@!!0*!!)"23&Rri2rJJ$B#[q$!"JZBfpbC@0bC@`U+LS
|
||||
U!!!!!!!!N!!!ER9XE!(rJJ!!"J$B!!2rJ3$C!0S+ri%!"!TVEf0X$3$C!!&Y!!!
|
||||
"33&%ri!+ri!!"!TKE'PK"J$D!!2rI`$E!0`+rhm!"!TTER0S$3$E!!)d!!!"4`&
|
||||
2rhi!h3VrIJ!%#Q0QEf`0!0d!!@m!!!&,!8lrI3[rI3!d-!!BEh"PER0cE'PZBfa
|
||||
eC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!0`!!rpm!0l
|
||||
rH`VrI!!%#R4[)#!0!0i!!Qi!!!&5!@%!h`$J$3$I!!)d!!!"@J&KrhS!i3VrHJ!
|
||||
%#QCTE'80!1%!!@d!!!&G!@!!iJ`!iJ!3!!TKFfiaAfeKBbjS!!)!!!d!i!!#0!!
|
||||
!!9)"@[pj!1-+rhN!"!TMCQpX$3$M!!&[!!!"9J&CrhJ,rhJ!&$!!#(4PEA"`BA4
|
||||
S!!KdC@e`8'&dD!ErH`!!!J$A!!)!j!$P$3$N!!*X!!)"D!&SrhIrGJ(rG`!!!Ip
|
||||
f!!!#!18!!J$Q!1F0!1B!!R)!!!&S!A-!k!$T$3$S!!*L!!!"D!&[!1S!k`d!kJ!
|
||||
"E`!!!@J"Drpe#rpe!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*
|
||||
3BA4S$3$V!!&Y!!!"D`&Z!1`-!1`!#J!%1Q*TE`!#!!!0!1N!!@m!!!!!!!$rG![
|
||||
rG!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J$R!!)!l3$Z$3$Y!!0*!!)"G!'Hrh2
|
||||
rFJ$[#[pc!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(rFJ!!"J$[!!2rF3$
|
||||
`!2%+rh%!"!TVEf0X$3$`!!&Y!!!"H!&lrh!+rh!!"!TKE'PK"J$a!!2rE`$b!2-
|
||||
+rfm!"!TTER0S$3$b!!)d!!!"IJ''rfi!p!VrEJ!%#Q0QEf`0!23!!@m!!!'#!BA
|
||||
rE3[rE3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9
|
||||
NC8C[E'4PFP"KG'J'!2-!!rpX!2ArD`VrE!!%#R4[)#!0!28!!Qi!!!'*!CJ!pJ$
|
||||
h$3$f!!)d!!!"N3'BrfS!q!VrDJ!%#QCTE'80!2J!!@d!!!'8!CF!q3`!q3!,!!9
|
||||
LD@mZD!!#!!!0!2F!!M3!!!'*!C(rD3$k#[pT!!3+BfC[E!d!qJ!"E`!!!Bd"N!$
|
||||
rD![rD!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[pV!!!#!1i!!J$l!2`0!2X!!Q`
|
||||
!!J'I!CrrCrpQ!IpR!!!"rfB!!!)!r!!#!2d!rJd!r3!#FJ!!!Cm"UJ$r!3!0!2m
|
||||
!!Q)!!!'I!DB"!3%#$3%"!!&[!!!"R`'Lrf8,rf8!*$!!%'0bHA"dEfC[E'4PFR"
|
||||
KG'J!%'0bHA"dEdC[E'4PFP"KG'J0!3)!!@d!!!'L!D8"!``"!`!*!!-kBQB!!J!
|
||||
!$3%!!!&[!!!!!!!!rf3,rf3!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)!rJ!#!33
|
||||
""3d""!!$53!#!DX"eIpMrf)""JVrB`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'j
|
||||
eE'`"rf)!!!B""J!$rf%""`%)#[pK!!3+DfpME!d""`!"E3!!!Dm"X[pJ#[pJ!!3
|
||||
+B@aTB3B"#!!$rem"#3%+#[pI!!3+D@jcD!d"#3!#0!!!!E8"[IpH!3X+rei!"!T
|
||||
MCQpX$3%,!!&[!!!"Z3'mred,red!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&
|
||||
dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J%+!!2rA!%-reX+re`!"!TdEb!
|
||||
J$3%-!!*Z!!!"`!(2!3d"$Jd"$3!#0!!!!FJ"crpD!3m+reS!"!TQD@aP$3%2!!&
|
||||
Y!!!"b`(1!4!-!4!!%!!+BQa[GfCTFfJZD!!#!!!0!3i!!M3!!!(!!FMr@3%4#[p
|
||||
C!!3+BfC[E!d"%3!"E`!!!F3"arpB#rpB!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J
|
||||
'reX!!!)""3!#!4)"%`d"%J!#E!!#!GB"e[pAreB"reF!!!(r9J!!!J%6!!)"&!%
|
||||
9$3%8!!*b!!!"eJ(K!4B"&`d"&J!#BJ!!!GB"h3%B!4N0!4J!!@m!!!(@!GRr93[
|
||||
r93!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d"'3!"E3!
|
||||
!!GN"h!%D$!%D!!N!!cTLEJ!#!!!0!4F!!@m!!!!!!!$r9![r9!!8-!!)G'9YF("
|
||||
KG'J!#(4PEA"3BA4S!J%9!!)"'`%F$3%E!!0*!!)"iJ)-re2r8J%G#[p6!"JZBfp
|
||||
bC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(r8J!!"J%G!!2r83%H!4m+re%!"!TVEf0
|
||||
X$3%H!!&Y!!!"jJ(Tre!+re!!"!TKE'PK"J%I!!2r6`%J!5%+rdm!"!TTER0S$3%
|
||||
J!!)d!!!"l!(drdi")JVr6J!%#Q0QEf`0!5)!!@m!!!(`!I2r63[r63!d-!!BEh"
|
||||
PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J
|
||||
'!5%!!rp-!52r5`Vr6!!%#R4[)#!0!5-!!Qi!!!(h!JB"*!%P$3%N!!)d!!!"r`)
|
||||
'rdS"*JVr5J!%#QCTE'80!5B!!@d!!!)#!J8"*``"*`!+!!4LELjS!!)!!!d"*3!
|
||||
#0!!!!IF"rrp*!5J+rdN!"!TMCQpX$3%S!!&[!!!"q`(qrdJ,rdJ!&$!!#(4PEA"
|
||||
`BA4S!!KdC@e`8'&dD!Er5`!!!J%F!!)"+3%U$3%T!!*X!!)#$3)0rdIr4J(r4`!
|
||||
!!Ip'!!!#!5S!!J%V!5`0!5X!!R)!!!)0!KJ",3%Z$3%Y!!*L!!!#$3)8!5m"-!d
|
||||
",`!"E`!!!Jd#%2p&#rp&!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'Efa
|
||||
NCA*3BA4S$3%`!!&Y!!!#%!)6!6%-!6%!$3!(1Q*eCQCPFJ!#!!!0!5i!!@m!!!!
|
||||
!!!$r4![r4!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J%X!!)"-J%c$3%b!!0*!!)
|
||||
#'3*$rd2r3J%d#[p$!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(r3J!!"J%
|
||||
d!!2r33%e!6B+rd%!"!TVEf0X$3%e!!&Y!!!#(3)Jrd!+rd!!"!TKE'PK"J%f!!2
|
||||
r2`%h!6J+rcm!"!TTER0S$3%h!!)d!!!#)`)Vrci"13Vr2J!%#Q0QEf`0!6N!!@m
|
||||
!!!)R!LVr23[r23!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0
|
||||
-5@jME(9NC8C[E'4PFP"KG'J'!6J!!rmm!6Vr1`Vr2!!%#R4[)#!0!6S!!Qi!!!)
|
||||
Z!Md"1`%m$3%l!!)d!!!#0J)prcS"23Vr1J!%#QCTE'80!6d!!@d!!!)j!M`"2J`
|
||||
"2J!1!!KLG@CQCA)ZD!!#!!!0!6`!!M3!!!)Z!MEr13%r#[mj!!3+BfC[E!d"2`!
|
||||
"E`!!!M)#0Imi#rmi!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'rcX!!!)"-`!#!8!
|
||||
"33d"3!!#E!!#!N3#42mhrcB"rcF!!!(r0J!!!J&"!!)"3J&$$3&#!!*b!!!#4!*
|
||||
2!83"43d"4!!#BJ!!!N3#5`&'!8F0!8B!!@m!!!*%!NIr03[r03!N-!!3Bh*jF(4
|
||||
[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d"4`!"E3!!!NF#5J&)$!&)!!X
|
||||
!"6TMBA0d!!)!!!d"43!"E`!!!!!!!2md#rmd!"3`!!KdC@e`F'&dD!!)G'9YF&"
|
||||
KG'J#!8-!!J&*!8S0!8N!!dN!!J*3!RVr-rmb!8X+rc-!'#jMEh*PBh*PE#SU+LS
|
||||
!!!!!!!#3!!"ZG@aX!Imb!!!'!8X!!rma!8`"63Vr-3!%#QY[Bf`0!8`!!@d!!!*
|
||||
8!PIr-!Vr-!!%#Q&XD@%'!8d!!rm[!8i"6`Vr,`!%#QPZFfJ0!8i!!M3!!!*D!Q,
|
||||
r,J&3#[mZ!!3+BfC[E!d"8!!"E`!!!Pi#BImY#rmY!$3`!"K[F'9ZFh0XD@jME(9
|
||||
NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B"6`!$rb`"8Im
|
||||
V#[mX!!3+G'mJ)!d"83!#EJ!!!Q8#G!&5!9-0!9)!!M3!!!*Y!R6r+J&8#[mU!!3
|
||||
+CQPXC3d"9!!"E3!!!R!#F`&9$!&9!!`!"Q0KFh3ZD!!#!!!0!9-!!M3!!!*P!Qh
|
||||
r+3&@#[mT!!3+BfC[E!d"9J!"E`!!!QN#E2mS#rmS!"3`!!KdC@e`F'&dD!!)G'9
|
||||
YF&"KG'J'rbX!!!)"5J!#!9F"@!d"9`!#E!!#!RX#HrmRrbB"rbF!!!(r*J!!!J&
|
||||
B!!)"@3&D$3&C!!*b!!!#H`+'!9X"A!d"@`!#BJ!!!RX#JJ&G!9i0!9d!!@m!!!*
|
||||
l!Rlr*3[r*3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d
|
||||
"AJ!"E3!!!Ri#J3&I$!&I!!X!"6TMEfe`!!)!!!d"A!!"E`!!!!!!!2mN#rmN!"3
|
||||
`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!9S!!J&J!@%0!@!!!dN!!J+(!V(r)rmL!@)
|
||||
+rb-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!ImL!!!'!@)!!rmK!@-"C!V
|
||||
r)3!%#QY[Bf`0!@-!!@d!!!+,!Slr)!Vr)!!%#Q&XD@%'!@3!!rmI!@8"CJVr(`!
|
||||
%#QPZFfJ0!@8!!M3!!!+4!TRr(J&R#[mH!!3+BfC[E!d"C`!"E`!!!T8#Q2mG#rm
|
||||
G!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4Qp
|
||||
XC'9b8'&dD!B"CJ!$ra`"D2mE#[mF!!3+G'mJ)!d"D!!#EJ!!!T`#U`&T!@S0!@N
|
||||
!!M3!!!+N!U[r'J&V#[mD!!3+CQPXC3d"D`!"E3!!!UF#UJ&X$!&X!!`!"Q0[EA!
|
||||
ZD!!#!!!0!@S!!M3!!!+F!U6r'3&Y#[mC!!3+BfC[E!d"E3!"E`!!!U!#SrmB#rm
|
||||
B!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'raX!!!)"B3!#!@i"E`d"EJ!#E!!#!V)
|
||||
#X[mAraB"raF!!!(r&J!!!J&[!!)"F!&a$3&`!!*b!!!#XJ+p!A)"F`d"FJ!#BJ!
|
||||
!!V)#Z3&d!A80!A3!!@m!!!+b!VAr&3[r&3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!
|
||||
3Bh*jF(4[4QpXC'9b8'&dD!d"G3!"E3!!!V8#Z!&f$!&f!!X!"6TMEfjQ!!)!!!d
|
||||
"F`!"E`!!!!!!!2m8#rm8!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!A%!!J&h!AJ
|
||||
0!AF!!dN!!J+q!ZMr%rm5!AN+ra-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@a
|
||||
X!Im5!!!'!AN!!rm4!AS"H`Vr%3!%#QY[Bf`0!AS!!@d!!!,#!XAr%!Vr%!!%#Q&
|
||||
XD@%'!AX!!rm2!A`"I3Vr$`!%#QPZFfJ0!A`!!M3!!!,)!Y$r$J&q#[m1!!3+BfC
|
||||
[E!d"IJ!"E`!!!X`#crm0#rm0!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J
|
||||
!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B"I3!$r``"Irm,#[m-!!3+G'mJ)!d
|
||||
"I`!#EJ!!!Y-#iJ'!!B%0!B!!!M3!!!,E!Z,r#J'##[m+!!3+CQPXC3d"JJ!"E3!
|
||||
!!Yi#i3'$$!'$!!`!"Q0[EQBZD!!#!!!0!B%!!M3!!!,6!Y[r#3'%#[m*!!3+BfC
|
||||
[E!d"K!!"E`!!!YF#f[m)#rm)!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'r`X!!!)
|
||||
"H!!#!B8"KJd"K3!#E!!#!ZN#kIm(r`B"r`F!!!(r"J!!!J''!!)"K`')$3'(!!*
|
||||
b!!!#k3,d!BN"LJd"L3!#BJ!!!ZN#m!',!B`0!BX!!@m!!!,T!Zcr"3[r"3!N-!!
|
||||
3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d"M!!"E3!!!Z`#l`'
|
||||
0$!'0!!S!"$TNCA-!!J!!$3'+!!&[!!!!!!!!r`3,r`3!&$!!#(4PEA"`BA4S!!K
|
||||
dC@e`8'&dD!)"L!!#!Bi"M`d"MJ!$53!#![8$(rm$r`)"N!!+r`-!'#jMEh*PBh*
|
||||
PE#SU+LS!!!!!!!#3!!"ZG@aX!Im#!!!'!C!!!!2r!3'4!C)+r`%!"!TVEf0X$3'
|
||||
4!!&Y!!!#q3,mr`!+r`!!"!TKE'PK"J'5!!2qr`'6!C3+r[m!"!TTER0S$3'6!!)
|
||||
d!!!#r`-(r[i"P3VqrJ!%#Q0QEf`0!C8!!@m!!!-$!`Eqr3[qr3!d-!!BEh"PER0
|
||||
cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!C3
|
||||
!!rlm!CEqq`Vqr!!%#R4[)#!0!CB!!Qi!!!-+!aN"P`'B$3'A!!)d!!!$%J-Cr[S
|
||||
"Q3VqqJ!%#QCTE'80!CN!!@d!!!-9!aJ"QJ`"QJ!,!!9NCA-ZD!!#!!!0!CJ!!M3
|
||||
!!!-+!a,qq3'E#[lj!!3+BfC[E!d"Q`!"E`!!!`i$%Ili#rli!"3`!!KdC@e`F'&
|
||||
dD!!)G'9YF&"KG'J'r[X!!!)"M`!#!C`"R3d"R!!#E!!#!b!$)2lhr[B"r[F!!!(
|
||||
qpJ!!!J'G!!)"RJ'I$3'H!!*b!!!$)!-V!D!"S3d"S!!#BJ!!!b!$*`'L!D-0!D)
|
||||
!!@m!!!-J!b2qp3[qp3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9
|
||||
b8'&dD!d"S`!"E3!!!b-$*J'N$!'N!!N!!cTND!!#!!!0!D%!!@m!!!!!!!$qp![
|
||||
qp!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J'I!!)"T3'Q$3'P!!0*!!)$,!0@r[2
|
||||
qmJ'R#[lc!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(qmJ!!"J'R!!2qm3'
|
||||
S!DN+r[%!"!TVEf0X$3'S!!&Y!!!$-!-cr[!+r[!!"!TKE'PK"J'T!!2ql`'U!DX
|
||||
+rZm!"!TTER0S$3'U!!)d!!!$0J-qrZi"V!VqlJ!%#Q0QEf`0!D`!!@m!!!-k!ch
|
||||
ql3[ql3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9
|
||||
NC8C[E'4PFP"KG'J'!DX!!rlX!Dhqk`Vql!!%#R4[)#!0!Dd!!Qi!!!0"!e!"VJ'
|
||||
[$3'Z!!)d!!!$5303rZS"X!VqkJ!%#QCTE'80!E!!!@d!!!0-!dm"X3`"X3!+!!4
|
||||
ND#jS!!)!!!d"V`!#0!!!!d%$5IlT!E)+rZN!"!TMCQpX$3'b!!&[!!!$430)rZJ
|
||||
,rZJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eqk`!!!J'Q!!)"X`'d$3'c!!*X!!)
|
||||
$9`0ArZIqjJ(qj`!!!IlQ!!!#!E3!!J'e!EB0!E8!!R)!!!0A!f)"Y`'i$3'h!!*
|
||||
L!!!$9`0H!EN"ZJd"Z3!"E`!!!eF$@[lP#rlP!#3`!""MFRP`G'pQEfaNCA*`BA4
|
||||
S!""MFRP`G'p'EfaNCA*3BA4S$3'k!!&Y!!!$@J0G!EX-!EX!#J!%1Q4cB3!#!!!
|
||||
0!EJ!!@m!!!!!!!$qj![qj!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J'f!!)"[!'
|
||||
p$3'm!!0*!!)$B`10rZ2qiJ'q#[lM!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9
|
||||
XE!(qiJ!!"J'q!!2qi3'r!F!+rZ%!"!TVEf0X$3'r!!&Y!!!$C`0UrZ!+rZ!!"!T
|
||||
KE'PK"J(!!!2qh`("!F)+rYm!"!TTER0S$3("!!)d!!!$E30erYi"``VqhJ!%#Q0
|
||||
QEf`0!F-!!@m!!!0a!h6qh3[qh3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4
|
||||
S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!F)!!rlF!F6qf`Vqh!!%#R4[)#!
|
||||
0!F3!!Qi!!!0i!iF"a3('$3(&!!)d!!!$J!1(rYS"a`VqfJ!%#QCTE'80!FF!!@d
|
||||
!!!1$!iB"b!`"b!!,!!9NFf%ZD!!#!!!0!FB!!M3!!!0i!i$qf3(*#[lC!!3+BfC
|
||||
[E!d"b3!"E`!!!h`$IrlB#rlB!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'rYX!!!)
|
||||
"[3!#!FS"b`d"bJ!#E!!#!ii$M[lArYB"rYF!!!(qeJ!!!J(,!!)"c!(0$3(-!!*
|
||||
b!!!$MJ1C!Fi"c`d"cJ!#BJ!!!ii$P3(3!G%0!G!!!@m!!!11!j(qe3[qe3!N-!!
|
||||
3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d"d3!"E3!!!j%$P!(
|
||||
5$!(5!!S!"$TPFR)!!J!!$3(2!!&[!!!!!!!!rY3,rY3!&$!!#(4PEA"`BA4S!!K
|
||||
dC@e`8'&dD!)"c3!#!G-"e!d"d`!$53!#!jS$a2l6rY)"e3Vqd`!B,Q0[FQ9MFQ9
|
||||
X+LSU+J!!!!!!!*!!!'jeE'`"rY)!!!B"e3!$rY%"eJ(A#[l4!!3+DfpME!d"eJ!
|
||||
"E3!!!ji$SIl3#[l3!!3+B@aTB3B"e`!$rXm"f!(C#[l2!!3+D@jcD!d"f!!#0!!
|
||||
!!k3$V2l1!GS+rXi!"!TMCQpX$3(D!!&[!!!$U!1VrXd,rXd!0$!!''p`C@jcFfa
|
||||
TEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J(C!!2
|
||||
qc!(ErXX+rX`!"!TdEb!J$3(E!!*Z!!!$V`1q!G`"h3d"h!!#0!!!!lF$[[l+!Gi
|
||||
+rXS!"!TQD@aP$3(H!!&Y!!!$ZJ1p!Gm-!Gm!#`!&CA*b,QJ!!J!!$3(G!!)d!!!
|
||||
$V`1hrXN"i!Vqb3!%#Q0QEf`0!H!!!@m!!!1c!lEqb![qb!!8-!!)G'9YF("KG'J
|
||||
!#(4PEA"3BA4S"[l,!!!#!G3!!J(K!H)0!H%!!Q`!!J2&!mAqarl'!Il(!!!"rXB
|
||||
!!!)"iJ!#!H-"j!d"i`!#FJ!!!m8$d!(P!HB0!H8!!Q)!!!2&!m`"j`(S$3(R!!&
|
||||
[!!!$a32)rX8,rX8!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0bHA"dEdC[E'4PFP"
|
||||
KG'J0!HJ!!@d!!!2)!mX"k3`"k3!+!!3kCAC`!!)!!!d"jJ!"E`!!!!!!!2l%#rl
|
||||
%!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!H3!!J(U!HX0!HS!!dN!!J24!r[q`rl
|
||||
#!H`+rX-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Il#!!!'!H`!!rl"!Hd
|
||||
"lJVq`3!%#QY[Bf`0!Hd!!@d!!!29!pMq`!Vq`!!%#Q&XD@%'!Hi!!rkr!Hm"m!V
|
||||
q[`!%#QPZFfJ0!Hm!!M3!!!2E!q2q[J(a#[kq!!3+BfC[E!d"m3!"E`!!!pm$i[k
|
||||
p#rkp!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4
|
||||
P4QpXC'9b8'&dD!B"m!!$rV`"m[kl#[km!!3+G'mJ)!d"mJ!#EJ!!!qB$p3(c!I3
|
||||
0!I-!!M3!!!2Z!rAqZJ(e#[kk!!3+CQPXC3d"p3!"E3!!!r%$p!(f$!(f!!X!"@9
|
||||
fF#jS!!)!!!d"p!!#0!!!!qB$l[kj!IF+rVN!"!TMCQpX$3(h!!&[!!!$kJ2YrVJ
|
||||
,rVJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!EqZ`!!!J(V!!)"q!(j$3(i!!*X!!)
|
||||
$r!2mrVIqYJ(qY`!!!Ikf!!!#!IN!!J(k!IX0!IS!!R)!!!2m"!F"r!(p$3(m!!*
|
||||
L!!!$r!3$!Ii"r`d"rJ!"E`!!!r`$rrke#rke!#3`!""MFRP`G'pQEfaNCA*`BA4
|
||||
S!""MFRP`G'p'EfaNCA*3BA4S$3(r!!&Y!!!$r`3#!J!-!J!!#`!&1QKYB@-!!J!
|
||||
!$3(p!!&[!!!!!!!!rV3,rV3!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)"q`!#!J%
|
||||
#!Jd#!3!$53!#"!J%-[kcrV)#!`VqX`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'j
|
||||
eE'`"rV)!!!B#!`!$rV%#"!)&#[ka!!3+DfpME!d#"!!"E3!!"!`%$rk`#[k`!!3
|
||||
+B@aTB3B#"3!$rUm#"J)(#[k[!!3+D@jcD!d#"J!#0!!!"")%'[kZ!JJ+rUi!"!T
|
||||
MCQpX$3))!!&[!!!%&J3CrUd,rUd!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&
|
||||
dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J)(!!2qV!)*rUX+rU`!"!TdEb!
|
||||
J$3)*!!*Z!!!%(33X!JS##`d##J!#0!!!"#8%,2kU!J`+rUS!"!TQD@aP$3)-!!&
|
||||
Y!!!%+!3V!Jd-!Jd!$!!'D'eKBbjS!!)!!!d##`!#0!!!""d%*IkT!Ji+rUN!"!T
|
||||
MCQpX$3)1!!&[!!!%)33NrUJ,rUJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!EqU`!
|
||||
!!J)#!!)#$`)3$3)2!!*X!!)%-`3crUIqTJ(qT`!!!IkQ!!!#!K!!!J)4!K)0!K%
|
||||
!!R)!!!3c"$i#%`)8$3)6!!*L!!!%-`3k!K8#&Jd#&3!"E`!!"$-%0[kP#rkP!#3
|
||||
`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3)@!!&Y!!!%0J3
|
||||
j!KF-!KF!#`!&1QPNC@%!!J!!$3)8!!&[!!!!!!!!rU3,rU3!&$!!#(4PEA"`BA4
|
||||
S!!KdC@e`8'&dD!)#%J!#!KJ#'3d#'!!$53!#"$m%DIkMrU)#'JVqS`!B,Q0[FQ9
|
||||
MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rU)!!!B#'J!$rU%#'`)F#[kK!!3+DfpME!d
|
||||
#'`!"E3!!"%-%4[kJ#[kJ!!3+B@aTB3B#(!!$rTm#(3)H#[kI!!3+D@jcD!d#(3!
|
||||
#0!!!"%N%8IkH!Km+rTi!"!TMCQpX$3)I!!&[!!!%6343rTd,rTd!0$!!''p`C@j
|
||||
cFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J)
|
||||
H!!2qR!)JrTX+rT`!"!TdEb!J$3)J!!*Z!!!%9!4M!L%#)Jd#)3!#0!!!"&`%Brk
|
||||
D!L-+rTS!"!TQD@aP$3)M!!&Y!!!%A`4L!L3-!L3!$!!'D@4PB5jS!!)!!!d#)J!
|
||||
#0!!!"&3%A2kC!L8+rTN!"!TMCQpX$3)P!!&[!!!%@!4ErTJ,rTJ!&$!!#(4PEA"
|
||||
`BA4S!!KdC@e`8'&dD!EqQ`!!!J)C!!)#*J)R$3)Q!!*X!!)%DJ4UrTIqPJ(qP`!
|
||||
!!Ik@!!!#!LF!!J)S!LN0!LJ!!R)!!!4U"(8#+J)V$3)U!!*L!!!%DJ4a!L`#,3d
|
||||
#,!!"E`!!"'S%EIk9#rk9!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'Efa
|
||||
NCA*3BA4S$3)Y!!&Y!!!%E34`!Li-!Li!$!!'1QaSBA0S!!)!!!d#+`!"E`!!!!!
|
||||
!!2k8#rk8!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!LN!!J)[!M!0!Lm!!dN!!J4
|
||||
f"+$qNrk5!M%+rT-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Ik5!!!'!M%
|
||||
!!rk4!M)#-`VqN3!%#QY[Bf`0!M)!!@d!!!4k"(hqN!!+rT!!!!3+B@aTB3B#-`!
|
||||
$rSm#0!)e#[k2!!3+D@jcD!d#0!!#0!!!")!%L2k1!MB+rSi!"!TMCQpX$3)f!!&
|
||||
[!!!%K!5(rSd,rSd!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP0
|
||||
66%PZBfaeC'9'EfaNCA*3BA4S"J)e!!2qM!)hrSX+rS`!"!TdEb!J$3)h!!*Z!!!
|
||||
%L`5D!MJ#13d#1!!#0!!!"*-%Q[k+!MS+rSS!"!TQD@aP$3)k!!&Y!!!%PJ5C!MX
|
||||
-!MX!$3!(E'KKFfJZD!!#!!!0!MN!!M3!!!5,"*2qL3)m#[k*!!3+BfC[E!d#2!!
|
||||
"E`!!")m%N[k)#rk)!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'rSX!!!)#-!!#!Md
|
||||
#2Jd#23!#E!!#"+%%SIk(rSB"rSF!!!(qKJ!!!J)q!!)#2`*!$3)r!!*b!!!%S35
|
||||
X!N%#3Jd#33!#BJ!!"+%%U!*$!N30!N-!!@m!!!5K"+6qK3[qK3!N-!!3Bh*jF(4
|
||||
[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d#4!!"E3!!"+3%T`*&$!*&!!S
|
||||
!"$TYC$)!!J!!$3*#!!&[!!!!!!!!rS3,rS3!&$!!#(4PEA"`BA4S!!KdC@e`8'&
|
||||
dD!)#3!!#!NB#4`d#4J!$53!#"+d%erk$rS)#5!VqJ`!B,Q0[FQ9MFQ9X+LSU+J!
|
||||
!!!!!!*!!!'jeE'`"rS)!!!B#5!!$rS%#53*+#[k"!!3+DfpME!d#53!"E3!!",%
|
||||
%Y2k!#[k!!!3+B@aTB3B#5J!$rRm#5`*-#[jr!!3+D@jcD!d#5`!#0!!!",F%[rj
|
||||
q!Nd+rRi!"!TMCQpX$3*0!!&[!!!%Z`5qrRd,rRd!0$!!''p`C@jcFfaTEQ0XG@4
|
||||
PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J*-!!2qI!*1rRX
|
||||
+rR`!"!TdEb!J$3*1!!*Z!!!%`J64!Nm#8!d#6`!#0!!!"-S%dIjk!P%+rRS!"!T
|
||||
QD@aP$3*4!!&Y!!!%c363!P)-!P)!#`!&E@3b,QJ!!J!!$3*3!!)d!!!%`J6+rRN
|
||||
#8`VqH3!%#Q0QEf`0!P-!!@m!!!6'"-RqH![qH!!8-!!)G'9YF("KG'J!#(4PEA"
|
||||
3BA4S"[jl!!!#!NF!!J*8!P80!P3!!Q`!!J6B"0MqGrjf!Ijh!!!"rRB!!!)#93!
|
||||
#!PB#9`d#9J!#FJ!!"0J%i`*B!PN0!PJ!!Q)!!!6B"0m#@J*E$3*D!!&[!!!%f!6
|
||||
ErR8,rR8!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0bHA"dEdC[E'4PFP"KG'J0!PX
|
||||
!!@d!!!6E"0i#A!`#A!!+!!3kE@3e!!)!!!d#@3!"E`!!!!!!!2jd#rjd!"3`!!K
|
||||
dC@e`F'&dD!!)G'9YF&"KG'J#!PF!!J*G!Pi0!Pd!!dN!!J6N"3lqFrjb!Pm+rR-
|
||||
!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Ijb!!!'!Pm!!rja!Q!#B3VqF3!
|
||||
%#QY[Bf`0!Q!!!@d!!!6S"1[qF!VqF!!%#Q&XD@%'!Q%!!rj[!Q)#B`VqE`!%#QP
|
||||
ZFfJ0!Q)!!M3!!!6Z"2EqEJ*N#[jZ!!3+BfC[E!d#C!!"E`!!"2)%pIjY#rjY!$3
|
||||
`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9
|
||||
b8'&dD!B#B`!$rQ`#CIjV#[jX!!3+G'mJ)!d#C3!#EJ!!"2N&#!*Q!QF0!QB!!M3
|
||||
!!!8""3MqDJ*S#[jU!!3+CQPXC3d#D!!"E3!!"33&"`*T$!*T!!X!"@eN05jS!!)
|
||||
!!!d#C`!#0!!!"2N&!IjT!QS+rQN!"!TMCQpX$3*U!!&[!!!%r38!rQJ,rQJ!&$!
|
||||
!#(4PEA"`BA4S!!KdC@e`8'&dD!EqD`!!!J*H!!)#D`*X$3*V!!*X!!)&$`82rQI
|
||||
qCJ(qC`!!!IjQ!!!#!Q`!!J*Y!Qi0!Qd!!R)!!!82"4S#E`*`$3*[!!*L!!!&$`8
|
||||
@!R%#FJd#F3!"E`!!"3m&%[jP#rjP!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP
|
||||
`G'p'EfaNCA*3BA4S$3*b!!&Y!!!&%J89!R--!R-!#`!&1QeNBc)!!J!!$3*`!!&
|
||||
[!!!!!!!!rQ3,rQ3!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)#EJ!#!R3#G3d#G!!
|
||||
$53!#"4X&4IjMrQ)#GJVqB`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rQ)
|
||||
!!!B#GJ!$rQ%#G`*i#[jK!!3+DfpME!d#G`!"E3!!"4m&)[jJ#[jJ!!3+B@aTB3B
|
||||
#H!!$rPm#H3*k#[jI!!3+D@jcD!d#H3!#0!!!"58&,IjH!RX+rPi!"!TMCQpX$3*
|
||||
l!!&[!!!&+38XrPd,rPd!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"
|
||||
PEP066%PZBfaeC'9'EfaNCA*3BA4S"J*k!!2qA!*mrPX+rP`!"!TdEb!J$3*m!!*
|
||||
Z!!!&-!8r!Rd#IJd#I3!#0!!!"6J&2rjD!Rm+rPS!"!TQD@aP$3*r!!&Y!!!&1`8
|
||||
q!S!-!S!!$!!'E@4M-LjS!!)!!!d#IJ!#0!!!"6!&12jC!S%+rPN!"!TMCQpX$3+
|
||||
"!!&[!!!&0!8hrPJ,rPJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eq@`!!!J*e!!)
|
||||
#JJ+$$3+#!!*X!!)&4J9'rPIq9J(q9`!!!Ij@!!!#!S-!!J+%!S80!S3!!R)!!!9
|
||||
'"9%#KJ+($3+'!!*L!!!&4J90!SJ#L3d#L!!"E`!!"8B&5Ij9#rj9!#3`!""MFRP
|
||||
`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3+*!!&Y!!!&539-!SS-!SS
|
||||
!$J!)1QpLDQ9MG(-!!J!!$3+(!!&[!!!!!!!!rP3,rP3!&$!!#(4PEA"`BA4S!!K
|
||||
dC@e`8'&dD!)#K3!#!SX#M!d#L`!$53!#"9)&I2j6rP)#M3Vq8`!B,Q0[FQ9MFQ9
|
||||
X+LSU+J!!!!!!!*!!!'jeE'`"rP)!!!B#M3!$rP%#MJ+2#[j4!!3+DfpME!d#MJ!
|
||||
"E3!!"9B&@Ij3#[j3!!3+B@aTB3B#M`!$rNm#N!!#N3Vq6`!%#QPZFfJ0!T!!!!)
|
||||
d!!!&A!9NrNi#NJVq6J!%#Q0QEf`0!T)!!@m!!!9J"@2q63[q63!d-!!BEh"PER0
|
||||
cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!T%
|
||||
!!rj-!T2q5`Vq6!!%#R4[)#!0!T-!!Qi!!!9R"AB#P!+9$3+8!!)d!!!&E`9frNS
|
||||
#PJVq5J!%#QCTE'80!TB!!@d!!!9b"A8#P``#P`!2!!P[BQTPBh4c,QJ!!J!!$3+
|
||||
9!!)d!!!&C`9[rNN#Q!Vq53!%#Q0QEf`0!TJ!!@m!!!9V"@lq5![q5!!8-!!)G'9
|
||||
YF("KG'J!#(4PEA"3BA4S"[j,!!!#!S`!!J+C!TS0!TN!!Q`!!J9p"Ahq4rj'!Ij
|
||||
(!!!"rNB!!!)#QJ!#!TX#R!d#Q`!#FJ!!"Ad&L!+G!Ti0!Td!!Q)!!!9p"B3#R`+
|
||||
J$3+I!!&[!!!&I3@!rN8,rN8!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0bHA"dEdC
|
||||
[E'4PFP"KG'J0!U!!!@d!!!@!"B-#S3`#S3!+!!3kF'9Y!!)!!!d#RJ!"E`!!!!!
|
||||
!!2j%#rj%!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!T`!!J+L!U-0!U)!!dN!!J@
|
||||
*"E2q3rj#!U3+rN-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Ij#!!!'!U3
|
||||
!!rj"!U8#TJVq33!%#QY[Bf`0!U8!!@d!!!@0"C!!rN!+rN!!"!TKE'PK"J+Q!!2
|
||||
q2`+R!UJ+rMm!"!TTER0S$3+R!!)d!!!&N`@ErMi#U3Vq2J!%#Q0QEf`0!UN!!@m
|
||||
!!!@A"CVq23[q23!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0
|
||||
-5@jME(9NC8C[E'4PFP"KG'J'!UJ!!rim!UVq1`Vq2!!%#R4[)#!0!US!!Qi!!!@
|
||||
H"Dd#U`+X$3+V!!)d!!!&TJ@YrMS#V3Vq1J!%#QCTE'80!Ud!!@d!!!@T"D`#VJ`
|
||||
#VJ!,!!9`C@dZD!!#!!!0!U`!!M3!!!@H"DEq13+[#[ij!!3+BfC[E!d#V`!"E`!
|
||||
!"D)&TIii#rii!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'rMX!!!)#S`!#!V!#X3d
|
||||
#X!!$53!#"E3&h[ihrMB#XJVq0`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`
|
||||
"rMB!!!B#XJ!$rM8#X`+d#[ie!!3+DfpME!d#X`!"E3!!"EJ&Zrid#[id!!3+B@a
|
||||
TB3B#Y!!$rM-#Y3+f#[ic!!3+D@jcD!d#Y3!#0!!!"Ei&a[ib!VF+rM)!"!TMCQp
|
||||
X$3+h!!&[!!!&`JA&rM%,rM%!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!
|
||||
BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J+f!!2q-!+irLm+rM!!"!TdEb!J$3+
|
||||
i!!*Z!!!&b3AB!VN#ZJd#Z3!#0!!!"G%&f2iZ!VX+rLi!"!TQD@aP$3+l!!&Y!!!
|
||||
&e!AA!V`-!V`!$!!'F'9Y-LjS!!)!!!d#ZJ!#0!!!"FN&dIiY!Vd+rLd!"!TMCQp
|
||||
X$3+p!!&[!!!&c3A3rL`,rL`!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eq,`!!!J+
|
||||
a!!)#[J+r$3+q!!*X!!)&h`AIrL[q+J(q+`!!!IiU!!!#!Vm!!J,!!X%0!X!!!R)
|
||||
!!!AI"HS#`J,$$3,#!!*L!!!&h`AQ!X3#a3d#a!!"E`!!"Gm&i[iT#riT!#3`!""
|
||||
MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3,&!!&Y!!!&iJAP!XB
|
||||
-!XB!$3!(1R"VBh-a-J!#!!!0!X-!!@m!!!!!!!$q+![q+!!8-!!)G'9YF("KG'J
|
||||
!#(4PEA"3BA4S!J,"!!)#a`,)$3,(!!0*!!)&k`B9rLIq*J,*#[iR!"JZBfpbC@0
|
||||
bC@`U+LSU!!!!!!!!N!!!ER9XE!(q*J!!"J,*!!2q*3,+!XX+rL8!"!TVEf0X$3,
|
||||
+!!&Y!!!&l`AbrL3+rL3!"!TKE'PK"J,,!!2q)`,-!Xd+rL-!"!TTER0S$3,-!!)
|
||||
d!!!&p3AprL)#cJVq)J!%#Q0QEf`0!Xi!!@m!!!Aj"Icq)3[q)3!d-!!BEh"PER0
|
||||
cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!Xd
|
||||
!!riJ!Xrq(`Vq)!!%#R4[)#!0!Xm!!Qi!!!B!"Jm#d!,4$3,3!!)d!!!'#!B2rKi
|
||||
#dJVq(J!%#QCTE'80!Y)!!@d!!!B,"Ji#d``#d`!1!!K`Df0c-6)ZD!!#!!!0!Y%
|
||||
!!M3!!!B!"JMq(3,8#[iG!!3+BfC[E!d#e!!"E`!!"J3'"riF#riF!"3`!!KdC@e
|
||||
`F'&dD!!)G'9YF&"KG'J'rKm!!!)#b!!#!Y8#eJd#e3!#E!!#"KB'&[iErKS"rKX
|
||||
!!!(q'J!!!J,@!!)#e`,B$3,A!!*b!!!'&JBK!YN#fJd#f3!#BJ!!"KB'(3,E!Y`
|
||||
0!YX!!@m!!!B@"KRq'3[q'3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4Qp
|
||||
XC'9b8'&dD!d#h!!"E3!!"KN'(!,G$!,G!!`!"MT`Df0c0`!#!!!0!YS!!@m!!!!
|
||||
!!!$q'![q'!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J,B!!)#hJ,I$3,H!!0*!!)
|
||||
')JC-rKIq&J,J#[iA!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(q&J!!"J,
|
||||
J!!2q&3,K!Z)+rK8!"!TVEf0X$3,K!!&Y!!!'*JBTrK3+rK3!"!TKE'PK"J,L!!2
|
||||
q%`,M!Z3+rK-!"!TTER0S$3,M!!)d!!!',!BdrK)#j3Vq%J!%#Q0QEf`0!Z8!!@m
|
||||
!!!B`"M2q%3[q%3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0
|
||||
-5@jME(9NC8C[E'4PFP"KG'J'!Z3!!ri3!ZEq$`Vq%!!%#R4[)#!0!ZB!!Qi!!!B
|
||||
h"NB#j`,S$3,R!!)d!!!'2`C'rJi#k3Vq$J!%#QCTE'80!ZN!!@d!!!C#"N8#kJ`
|
||||
#kJ!0!!G`Df0c0bjS!!)!!!d#k!!#0!!!"MF'2ri0!ZX+rJd!"!TMCQpX$3,V!!&
|
||||
[!!!'1`BqrJ`,rJ`!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eq$`!!!J,I!!)#l!,
|
||||
Y$3,X!!*X!!)'63C0rJ[q#J(q#`!!!Ii+!!!#!Zd!!J,Z!Zm0!Zi!!R)!!!C0"PJ
|
||||
#m!,a$3,`!!*L!!!'63C8![)#m`d#mJ!"E`!!"Nd'82i*#ri*!#3`!""MFRP`G'p
|
||||
QEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3,c!!&Y!!!'8!C6![3-![3!#`!
|
||||
&1R*KEQ3!!J!!$3,a!!&[!!!!!!!!rJJ,rJJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&
|
||||
dD!)#l`!#![8#pJd#p3!$53!#"PN'Jri(rJB#p`Vq"`!B,Q0[FQ9MFQ9X+LSU+J!
|
||||
!!!!!!*!!!'jeE'`"rJB!!!B#p`!$rJ8#q!,j#[i&!!3+DfpME!d#q!!"E3!!"Pd
|
||||
'B2i%#[i%!!3+B@aTB3B#q3!$rJ-#qJ,l#[i$!!3+D@jcD!d#qJ!#0!!!"Q-'Dri
|
||||
#![`+rJ)!"!TMCQpX$3,m!!&[!!!'C`CUrJ%,rJ%!0$!!''p`C@jcFfaTEQ0XG@4
|
||||
PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J,l!!2q!!,prIm
|
||||
+rJ!!"!TdEb!J$3,p!!*Z!!!'EJCp![i#r`d#rJ!#0!!!"RB'IIhq!`!+rIi!"!T
|
||||
QD@aP$3-!!!&Y!!!'H3Cm!`%-!`%!$!!'FQ&ZC#jS!!)!!!d#r`!#0!!!"Qi'G[h
|
||||
p!`)+rId!"!TMCQpX$3-#!!&[!!!'FJCerI`,rI`!&$!!#(4PEA"`BA4S!!KdC@e
|
||||
`8'&dD!Epr`!!!J,f!!)$!`-%$3-$!!*X!!)'K!D%rI[pqJ(pq`!!!Ihk!!!#!`3
|
||||
!!J-&!`B0!`8!!R)!!!D%"Sm$"`-)$3-(!!*L!!!'K!D,!`N$#Jd$#3!"E`!!"S3
|
||||
'Krhj#rhj!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3-
|
||||
+!!&Y!!!'K`D+!`X-!`X!#J!%1R*M-J!#!!!0!`J!!@m!!!!!!!$pq![pq!!8-!!
|
||||
)G'9YF("KG'J!#(4PEA"3BA4S!J-'!!)$$!-0$3--!!0*!!)'N!!'Z[hhrIB$$JV
|
||||
pp`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rIB!!!B$$J!$rI8$$`-3#[h
|
||||
e!!3+DfpME!d$$`!"E3!!"T3'Prhd#[hd!!3+B@aTB3B$%!!$rI-$%3-5#[hc!!3
|
||||
+D@jcD!d$%3!#0!!!"TS'S[hb!a-+rI)!"!TMCQpX$3-6!!&[!!!'RJDKrI%,rI%
|
||||
!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'Efa
|
||||
NCA*3BA4S"J-5!!2pm!-8rHm+rI!!"!TdEb!J$3-8!!*Z!!!'T3Dd!a8$&Jd$&3!
|
||||
#0!!!"Ud'Y2hZ!aF+rHi!"!TQD@aP$3-A!!&Y!!!'X!Dc!aJ-!aJ!#`!&FQ-b,QJ
|
||||
!!J!!$3-@!!)d!!!'T3DYrHd$'3Vpl3!%#Q0QEf`0!aN!!@m!!!DT"Ucpl![pl!!
|
||||
8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[h[!!!#!`d!!J-D!aX0!aS!!Q`!!JDl"V[
|
||||
pkrhU!IhV!!!"rHS!!!)$'`!#!a`$(3d$(!!#FJ!!"VX'aJ-H!am0!ai!!Q)!!!D
|
||||
l"X)$)!-K$3-J!!&[!!!'Z`DqrHN,rHN!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0
|
||||
bHA"dEdC[E'4PFP"KG'J0!b%!!@d!!!Dq"X%$)J`$)J!+!!3kFQ-d!!)!!!d$(`!
|
||||
"E`!!!!!!!2hS#rhS!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!ad!!J-M!b30!b-
|
||||
!!dN!!JE("[(pjrhQ!b8+rHF!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Ih
|
||||
Q!!!'!b8!!rhP!bB$*`Vpj3!%#QY[Bf`0!bB!!@d!!!E,"Xlpj!Vpj!!%#Q&XD@%
|
||||
'!bF!!rhM!bJ$+3Vpi`!%#QPZFfJ0!bJ!!M3!!!E4"YRpiJ-U#[hL!!3+BfC[E!d
|
||||
$+J!"E`!!"Y8'f2hK#rhK!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p
|
||||
`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B$+3!$rH!$+rhI#[hJ!!3+G'mJ)!d$+`!
|
||||
#EJ!!"Y`'k`-X!bd0!b`!!M3!!!EN"Z[phJ-Z#[hH!!3+CQPXC3d$,J!"E3!!"ZF
|
||||
'kJ-[$!-[!!X!"A*M0#jS!!)!!!d$,3!#0!!!"Y`'j2hG!c!+rGd!"!TMCQpX$3-
|
||||
`!!&[!!!'i!EMrG`,rG`!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eph`!!!J-N!!)
|
||||
$-3-b$3-a!!*X!!)'mJEbrG[pfJ(pf`!!!IhD!!!#!c)!!J-c!c30!c-!!R)!!!E
|
||||
b"[d$03-f$3-e!!*L!!!'mJEj!cF$1!d$0`!"E`!!"[)'pIhC#rhC!#3`!""MFRP
|
||||
`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3-i!!&Y!!!'p3Ei!cN-!cN
|
||||
!#J!%1R*M03!#!!!0!cB!!@m!!!!!!!$pf![pf!!8-!!)G'9YF("KG'J!#(4PEA"
|
||||
3BA4S!J-d!!)$1J-l$3-k!!0*!!)'rJFSrGIpeJ-m#[hA!"JZBfpbC@0bC@`U+LS
|
||||
U!!!!!!!!N!!!ER9XE!(peJ!!"J-m!!2pe3-p!ci+rG8!"!TVEf0X$3-p!!&Y!!!
|
||||
(!JF&rG3+rG3!"!TKE'PK"J-q!!2pd`-r!d!+rG-!"!TTER0S$3-r!!)d!!!(#!F
|
||||
3rG)$33VpdJ!%#Q0QEf`0!d%!!@m!!!F-"`rpd3[pd3!d-!!BEh"PER0cE'PZBfa
|
||||
eC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!d!!!rh3!d,
|
||||
pc`Vpd!!%#R4[)#!0!d)!!Qi!!!F6"b)$3`0%$30$!!)d!!!('`FLrFi$43VpcJ!
|
||||
%#QCTE'80!d8!!@d!!!FH"b%$4J`$4J!,!!9bBc8ZD!!#!!!0!d3!!M3!!!F6"a[
|
||||
pc30(#[h0!!3+BfC[E!d$4`!"E`!!"aF('[h-#rh-!"3`!!KdC@e`F'&dD!!)G'9
|
||||
YF&"KG'J'rFm!!!)$1`!#!dJ$53d$5!!#E!!#"bN(+Ih,rFS"rFX!!!(pbJ!!!J0
|
||||
*!!)$5J0,$30+!!*b!!!(+3Fd!d`$63d$6!!#BJ!!"bN(-!01!dm0!di!!@m!!!F
|
||||
T"bcpb3[pb3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d
|
||||
$6`!"E3!!"b`(,`03$!03!!d!"cTbDA"PE@3!!J!!$300!!&[!!!!!!!!rFJ,rFJ
|
||||
!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)$5`!#!e%$8Jd$83!$53!#"c8(Arh(rFB
|
||||
$8`Vpa`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rFB!!!B$8`!$rF8$9!0
|
||||
9#[h&!!3+DfpME!d$9!!"E3!!"cN(22h%#[h%!!3+B@aTB3B$93!$rF-$9J0A#[h
|
||||
$!!3+D@jcD!d$9J!#0!!!"cm(4rh#!eJ+rF)!"!TMCQpX$30B!!&[!!!(3`G'rF%
|
||||
,rF%!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9
|
||||
'EfaNCA*3BA4S"J0A!!2p`!0CrEm+rF!!"!TdEb!J$30C!!*Z!!!(5JGC!eS$@`d
|
||||
$@J!#0!!!"e)(@Ifq!e`+rEi!"!TQD@aP$30F!!&Y!!!(93GB!ed-!ed!$J!)FQP
|
||||
`C@eN,QJ!!J!!$30E!!)d!!!(5JG5rEd$AJVp[3!%#Q0QEf`0!ei!!@m!!!G1"e(
|
||||
p[![p[!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[fr!!!#!e)!!J0I!f!0!em!!Q`
|
||||
!!JGJ"f$pZrfk!Ifl!!!"rES!!!)$B!!#!f%$BJd$B3!#FJ!!"f!(D`0M!f30!f-
|
||||
!!Q)!!!GJ"fF$C30Q$30P!!&[!!!(B!GMrEN,rEN!*$!!%'0bHA"dEfC[E'4PFR"
|
||||
KG'J!%'0bHA"dEdC[E'4PFP"KG'J0!fB!!@d!!!GM"fB$C``$C`!+!!3kFR0K!!)
|
||||
!!!d$C!!"E`!!!!!!!2fi#rfi!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!f)!!J0
|
||||
S!fN0!fJ!!dN!!JGX"jEpYrff!fS+rEF!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"
|
||||
ZG@aX!Iff!!!'!fS!!rfe!fX$E!VpY3!%#QY[Bf`0!fX!!@d!!!G`"h2pY!VpY!!
|
||||
%#Q&XD@%'!f`!!rfc!fd$EJVpX`!%#QPZFfJ0!fd!!M3!!!Gf"hlpXJ0[#[fb!!3
|
||||
+BfC[E!d$E`!"E`!!"hS(IIfa#rfa!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"
|
||||
KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B$EJ!$rE!$F2f[#[f`!!3+G'm
|
||||
J)!d$F!!#EJ!!"i%(N!!$F30b$30a!!)d!!!(L3H3!2fZ!h-+rDi!"!TQD@aP$30
|
||||
c!!&Y!!!(M!H2!h3-!h3!#`!&FR0K,QJ!!J!!$30b!!)d!!!(J3H*rDd$G3VpV3!
|
||||
%#Q0QEf`0!h8!!@m!!!H&"iMpV![pV!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[f
|
||||
[!!!#!fN!!J0f!hF0!hB!!Q`!!JHA"jIpUrfU!IfV!!!"rDS!!!)$G`!#!hJ$H3d
|
||||
$H!!#FJ!!"jF(SJ0k!hX0!hS!!Q)!!!HA"ji$I!0p$30m!!&[!!!(P`HDrDN,rDN
|
||||
!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0bHA"dEdC[E'4PFP"KG'J0!hd!!@d!!!H
|
||||
D"jd$IJ`$IJ!-!!BkFh4KBfX!!J!!$30l!!&[!!!!!!!!rDJ,rDJ!&$!!#(4PEA"
|
||||
`BA4S!!KdC@e`8'&dD!)$H3!#!hm$J!d$I`!$53!#"k-(cIfRrDB$J3VpT`!B,Q0
|
||||
[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rDB!!!B$J3!$rD8$JJ1$#[fP!!3+Dfp
|
||||
ME!d$JJ!"E3!!"kF(U[fN#[fN!!3+B@aTB3B$J`!$rD-$K!1&#[fM!!3+D@jcD!d
|
||||
$K!!#0!!!"kd(YIfL!iB+rD)!"!TMCQpX$31'!!&[!!!(X3HdrD%,rD%!0$!!''p
|
||||
`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4
|
||||
S"J1&!!2pS!1(rCm+rD!!"!TdEb!J$31(!!*Z!!!(Z!I(!iJ$L3d$L!!#0!!!"m!
|
||||
(arfH!iS+rCi!"!TQD@aP$31+!!&Y!!!(``I'!iX-!iX!$3!(Fh4KBfXZD!!#!!!
|
||||
0!iN!!M3!!!Hi"m$pR31-#[fG!!3+BfC[E!d$M!!"E`!!"l`([rfF#rfF!"3`!!K
|
||||
dC@e`F'&dD!!)G'9YF&"KG'J'rCm!!!)$J!!#!id$MJd$M3!$53!#"mi(q2fErCS
|
||||
$M`VpQ`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rCS!!!B$M`!$rCN$N!!
|
||||
$N3VpQ3!%#QY[Bf`0!j!!!!&Y!!!(dJI9rCJ+rCJ!"!TKE'PK"J14!!2pP`15!j-
|
||||
+rCF!"!TTER0S$315!!)d!!!(f!IJrCB$P!VpPJ!%#Q0QEf`0!j3!!@m!!!IF"pr
|
||||
pP3[pP3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9
|
||||
NC8C[E'4PFP"KG'J'!j-!!rf8!jApN`VpP!!%#R4[)#!0!j8!!Qi!!!IM"r)$PJ1
|
||||
A$31@!!)d!!!(k`IbrC)$Q!VpNJ!%#QCTE'80!jJ!!@d!!!IZ"r%$Q3`$Q3!4!!Y
|
||||
cB@CPFh4KBfXZD!!#!!!0!jF!!M3!!!IM"q[pN31D#[f4!!3+BfC[E!d$QJ!"E`!
|
||||
!"qF(k[f3!![pN!!!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!EpN`!!!J11!!)$Q`1
|
||||
F$31E!!*X!!)(q3IjrBrpMJ(pM`!!!If1!!!#!j`!!J1G!ji0!jd!!R)!!!Ij#!3
|
||||
$R`1J$31I!!*L!!!(q3J!!k%$SJd$S3!"E`!!"rN(r2f0#rf0!#3`!""MFRP`G'p
|
||||
QEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$31L!!&Y!!!(r!Ir!k--!k-!#J!
|
||||
%1R0SB3!#!!!0!k!!!@m!!!!!!!$pM![pM!!8-!!)G'9YF("KG'J!#(4PEA"3BA4
|
||||
S!J1H!!)$T!1P$31N!!0*!!))"3J[rB[pLJ1Q#[f,!"JZBfpbC@0bC@`U+LSU!!!
|
||||
!!!!!N!!!ER9XE!(pLJ!!"J1Q!!2pL31R!kJ+rBN!"!TVEf0X$31R!!&Y!!!)#3J
|
||||
-rBJ+rBJ!"!TKE'PK"J1S!!2pK`1T!kS+rBF!"!TTER0S$31T!!)d!!!)$`JArBB
|
||||
$U`VpKJ!%#Q0QEf`0!kX!!@m!!!J6#"EpK3[pK3!d-!!BEh"PER0cE'PZBfaeC'9
|
||||
QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!kS!!rf%!kcpJ`V
|
||||
pK!!%#R4[)#!0!k`!!Qi!!!JD##N$V31Z$31Y!!)d!!!))JJTrB)$V`VpJJ!%#QC
|
||||
TE'80!km!!@d!!!JP##J$X!`$X!!,!!9cD'%ZD!!#!!!0!ki!!M3!!!JD##,pJ31
|
||||
a#[f"!!3+BfC[E!d$X3!"E`!!#"i))If!#rf!!"3`!!KdC@e`F'&dD!!)G'9YF&"
|
||||
KG'J'rB-!!!)$T3!#!l)$X`d$XJ!#E!!##$!)-2errAi"rAm!!!(pIJ!!!J1c!!)
|
||||
$Y!1e$31d!!*b!!!)-!Jl!lB$Y`d$YJ!#BJ!!#$!)0`1i!lN0!lJ!!@m!!!J`#$2
|
||||
pI3[pI3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d$Z3!
|
||||
"E3!!#$-)0J1k$!1k!!d!"cTdH(4IC')!!J!!$31h!!&[!!!!!!!!rA`,rA`!&$!
|
||||
!#(4PEA"`BA4S!!KdC@e`8'&dD!)$Y3!#!lX$[!d$Z`!$53!##$`)C[elrAS$[3V
|
||||
pH`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rAS!!!B$[3!$rAN$[J1r#[e
|
||||
j!!3+DfpME!d$[J!"E3!!#%!)3rei#[ei!!3+B@aTB3B$[`!$rAF$`!2"#[eh!!3
|
||||
+D@jcD!d$`!!#0!!!#%B)6[ef!m)+rAB!"!TMCQpX$32#!!&[!!!)5JK0rA8,rA8
|
||||
!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'Efa
|
||||
NCA*3BA4S"J2"!!2pG!2$rA-+rA3!"!TdEb!J$32$!!*Z!!!)83KJ!m3$a3d$a!!
|
||||
#0!!!#&N)B2eb!mB+rA)!"!TQD@aP$32'!!&Y!!!)A!KI!mF-!mF!$J!)G(KdAf4
|
||||
L,QJ!!J!!$32&!!)d!!!)83KCrA%$b!VpF3!%#Q0QEf`0!mJ!!@m!!!K9#&MpF![
|
||||
pF!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[ec!!!#!l`!!J2*!mS0!mN!!Q`!!JK
|
||||
R#'IpEreZ!Ie[!!!"r@i!!!)$bJ!#!mX$c!d$b`!#FJ!!#'F)FJ20!mi0!md!!Q)
|
||||
!!!KR#'i$c`23$322!!&[!!!)C`KUr@d,r@d!*$!!%'0bHA"dEfC[E'4PFR"KG'J
|
||||
!%'0bHA"dEdC[E'4PFP"KG'J0!p!!!@d!!!KU#'d$d3`$d3!,!!8kH$8`13!#!!!
|
||||
0!mi!!@m!!!!!!!$pE![pE!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J2-!!)$dJ2
|
||||
6$325!!0*!!))F`LGr@[pDJ28#[eV!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9
|
||||
XE!(pDJ!!"J28!!2pD329!pB+r@N!"!TVEf0X$329!!&Y!!!)G`Kkr@J+r@J!"!T
|
||||
KE'PK"J2@!!2pC`2A!pJ+r@F!"!TTER0S$32A!!)d!!!)I3L&r@B$f3VpCJ!%#Q0
|
||||
QEf`0!pN!!@m!!!L"#)6pC3[pC3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4
|
||||
S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!pJ!!reN!pVpB`VpC!!%#R4[)#!
|
||||
0!pS!!Qi!!!L)#*F$f`2F$32E!!)d!!!)N!!)PreL!pd+r@)!"!TQD@aP$32G!!&
|
||||
Y!!!)N`L@!pi-!pi!$!!'H$8`15jS!!)!!!d$h!!#0!!!#)J)N!$pB32I#[eK!!3
|
||||
+BfC[E!d$h`!"E`!!#)`)MreJ#reJ!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'r@-
|
||||
!!!)$d`!#!q!$i3d$i!!$53!##*i)b2eIr9i$iJVpA`!B,Q0[FQ9MFQ9X+LSU+J!
|
||||
!!!!!!*!!!'jeE'`"r9i!!!B$iJ!$r9d$i`2N#[eG!!3+DfpME!d$i`!"E3!!#+)
|
||||
)TIeF#[eF!!3+B@aTB3B$j!!$r9X$j32Q#[eE!!3+D@jcD!d$j3!#0!!!#+J)X2e
|
||||
D!qF+r9S!"!TMCQpX$32R!!&[!!!)V!L[r9N,r9N!0$!!''p`C@jcFfaTEQ0XG@4
|
||||
PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J2Q!!2p@!2Sr9F
|
||||
+r9J!"!TdEb!J$32S!!*Z!!!)X`M#!qN$kJd$k3!#0!!!#,X)`[e@!qX+r9B!"!T
|
||||
QD@aP$32V!!&Y!!!)[JM"!q`-!q`!%!!+H$8`19pfCRNZD!!#!!!0!qS!!M3!!!L
|
||||
c#,[p932Y#[e9!!3+BfC[E!d$l3!"E`!!#,F)Z[e8#re8!"3`!!KdC@e`F'&dD!!
|
||||
)G'9YF&"KG'J'r9F!!!)$i3!#!qi$l`d$lJ!#E!!##-N)bIe6r9)"r9-!!!(p8J!
|
||||
!!J2[!!)$m!2a$32`!!*b!!!)b3M8!r)$m`d$mJ!#BJ!!#-N)d!2d!r80!r3!!@m
|
||||
!!!M*#-cp83[p83!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&
|
||||
dD!d$p3!"E3!!#-`)c`2f$!2f!!d!"cTi06!jGM-!!J!!$32c!!&[!!!!!!!!r9!
|
||||
,r9!!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)$m3!#!rF$q!d$p`!$53!##08)rre
|
||||
2r8i$q3Vp6`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r8i!!!B$q3!$r8d
|
||||
$qJ2l#[e0!!3+DfpME!d$qJ!"E3!!#0N)h2e-#[e-!!3+B@aTB3B$q`!$r8X$r!2
|
||||
p#[e,!!3+D@jcD!d$r!!#0!!!#0m)jre+!ri+r8S!"!TMCQpX$32q!!&[!!!)i`M
|
||||
Qr8N,r8N!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfa
|
||||
eC'9'EfaNCA*3BA4S"J2p!!2p5!2rr8F+r8J!"!TdEb!J$32r!!*Z!!!)kJMj"!!
|
||||
%!3d%!!!#0!!!#2))qIe'"!)+r8B!"!TQD@aP$33#!!&Y!!!)p3Mi"!--"!-!$J!
|
||||
)H$8`1ABc,QJ!!J!!$33"!!)d!!!)kJMbr88%"!Vp43!%#Q0QEf`0"!3!!@m!!!M
|
||||
Z#2(p4![p4!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[e(!!!#!rJ!!J3&"!B0"!8
|
||||
!!Q`!!JN!#3$p3re#!Ie$!!!"r8)!!!)%"J!#"!F%#!d%"`!$53!##3!*+[e"r8!
|
||||
%#3Vp33!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r8!!!!B%#3!$r6m%#J3
|
||||
,#[dr!!3+DfpME!d%#J!"E3!!#33*"rdq#[dq!!3+B@aTB3B%#`!$r6d%$!30#[d
|
||||
p!!3+D@jcD!d%$!!#0!!!#3S*%[dm"!i+r6`!"!TMCQpX$331!!&[!!!*$JN4r6X
|
||||
,r6X!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9
|
||||
'EfaNCA*3BA4S"J30!!2p1J32r6N+r6S!"!TdEb!J$332!!*Z!!!*&3NN""!%%3d
|
||||
%%!!#0!!!#4d**2di"")+r6J!"!TQD@aP$335!!&Y!!!*)!NM""--""-!#`!&Fh0
|
||||
X,QJ!!J!!$334!!)d!!!*&3NGr6F%&!Vp0`!%#Q0QEf`0""3!!@m!!!NC#4cp0J[
|
||||
p0J!H-!!0Fh0XCQpXC'9bF'&dD!!0Fh0X4QpXC'9b8'&dD!Ep13!!!J3)!!)%&33
|
||||
@$339!!0*!!)*+`P9r6Ap0!3A#[de!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9
|
||||
XE!(p0!!!"J3A!!2p-`3B""N+r6-!"!TVEf0X$33B!!&Y!!!*,`Nbr6)+r6)!"!T
|
||||
KE'PK"J3C!!2p-33D""X+r6%!"!TTER0S$33D!!)d!!!*03Npr6!%(!Vp-!!%#Q0
|
||||
QEf`0""`!!@m!!!Nj#6cp,`[p,`!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4
|
||||
S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'""X!!rdZ""hp,3Vp,J!%#R4[)#!
|
||||
0""d!!Qi!!!P!#8m%(J3I$33H!!)d!!!*5!P2r5`%)!Vp,!!%#QCTE'80"#!!!@d
|
||||
!!!P,#8i%)3`%)3!-!!CcFf`b,QJ!!J!!$33I!!)d!!!*3!P)r5X%)JVp+`!%#Q0
|
||||
QEf`0"#)!!@m!!!P%#8Ip+J[p+J!H-!!0Fh0XCQpXC'9bF'&dD!!0Fh0X4QpXC'9
|
||||
b8'&dD!Ep,3!!!J3@!!)%)`3N$33M!!0*!!)*9JQ!r5Rp+!3P#[dT!"JZBfpbC@0
|
||||
bC@`U+LSU!!!!!!!!N!!!ER9XE!(p+!!!"J3P!!2p*`3Q"#F+r5F!"!TVEf0X$33
|
||||
Q!!&Y!!!*@JPGr5B+r5B!"!TKE'PK"J3R!!2p*33S"#N+r58!"!TTER0S$33S!!)
|
||||
d!!!*B!PSr53%+JVp*!!%#Q0QEf`0"#S!!@m!!!PN#@Ip)`[p)`!d-!!BEh"PER0
|
||||
cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'"#N
|
||||
!!rdL"#[p)3Vp)J!%#R4[)#!0"#X!!Qi!!!PV#AS%,!3Y$33X!!)d!!!*F`Pkr5!
|
||||
%,JVp)!!%#QCTE'80"#i!!@d!!!Pf#AN%,``%,`!0!!GcFf`b-bjS!!)!!!d%,3!
|
||||
#0!!!#@X*FrdI"$!+r4m!"!TMCQpX$33`!!&[!!!*E`Pbr4i,r4i!(M!!$A0cE'C
|
||||
[E'4PFR"KG'J!$A0cE%C[E'4PFP"KG'J'r5%!!!)%*!!#"$%%-Jd%-3!$53!##B%
|
||||
*UrdGr4`%-`Vp(3!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r4`!!!B%-`!
|
||||
$r4X%0!3e#[dE!!3+DfpME!d%0!!"E3!!#B8*L2dD#[dD!!3+B@aTB3B%03!$r4N
|
||||
%0J3h#[dC!!3+D@jcD!d%0J!#0!!!#BX*NrdB"$J+r4J!"!TMCQpX$33i!!&[!!!
|
||||
*M`Q5r4F,r4F!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%P
|
||||
ZBfaeC'9'EfaNCA*3BA4S"J3h!!2p&J3jr48+r4B!"!TdEb!J$33j!!*Z!!!*PJQ
|
||||
P"$S%1`d%1J!#0!!!#Ci*TId8"$`+r43!"!TQD@aP$33m!!&Y!!!*S3QN"$d-"$d
|
||||
!$!!'Fh0X-bjS!!)!!!d%1`!#0!!!#CB*R[d6"$i+r4-!"!TMCQpX$33q!!&[!!!
|
||||
*QJQGr4),r4)!(M!!$A0cE'C[E'4PFR"KG'J!$A0cE%C[E'4PFP"KG'J'r48!!!)
|
||||
%-J!#"$m%3!d%2`!$53!##D`*e[d4r4!%33Vp%3!B,Q0[FQ9MFQ9X+LSU+J!!!!!
|
||||
!!*!!!'jeE'`"r4!!!!B%33!$r3m%3J4$#[d2!!3+DfpME!d%3J!"E3!!#E!*Xrd
|
||||
1#[d1!!3+B@aTB3B%3`!$r3d%4!4&#[d0!!3+D@jcD!d%4!!#0!!!#EB*[[d-"%B
|
||||
+r3`!"!TMCQpX$34'!!&[!!!*ZJQpr3X,r3X!0$!!''p`C@jcFfaTEQ0XG@4PCQp
|
||||
XC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J4&!!2p#J4(r3N+r3S
|
||||
!"!TdEb!J$34(!!*Z!!!*`3R3"%J%53d%5!!#0!!!#FN*d2d)"%S+r3J!"!TQD@a
|
||||
P$34+!!&Y!!!*c!R2"%X-"%X!$!!'G'ac-5jS!!)!!!d%53!#0!!!#F%*bId("%`
|
||||
+r3F!"!TMCQpX$34-!!&[!!!*a3R)r3B,r3B!(M!!$A0cE'C[E'4PFR"KG'J!$A0
|
||||
cE%C[E'4PFP"KG'J'r3N!!!)%3!!#"%d%6Jd%63!#E!!##GF*erd&r33"r38!!!(
|
||||
p"!!!!J41!!)%6`43$342!!0*!!)*e`S"r32p!J44#[d$!"JZBfpbC@0bC@`U+LS
|
||||
U!!!!!!!!N!!!ER9XE!(p!J!!"J44!!2p!345"&-+r3%!"!TVEf0X$345!!&Y!!!
|
||||
*f`RHr3!+r3!!"!TKE'PK"J46!!2mr`48"&8+r2m!"!TTER0S$348!!)d!!!*i3R
|
||||
Tr2i%9JVmrJ!%#Q0QEf`0"&B!!@m!!!RP#HMmr3[mr3!d-!!BEh"PER0cE'PZBfa
|
||||
eC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'"&8!!rcm"&I
|
||||
mq`Vmr!!%#R4[)#!0"&F!!Qi!!!RX#IX%@!4C$34B!!)d!!!*p!Rlr2S%@JVmqJ!
|
||||
%#QCTE'80"&S!!@d!!!Rh#IS%@``%@`!1!!KMFRP`G'mZD!!#!!!0"&N!!M3!!!R
|
||||
X#I6mq34F#[cj!!3+BfC[E!d%A!!"E`!!#I!*mrci#rci!#3`!""MFRP`G'pQEfa
|
||||
NCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S"[cl!!!#"&!!!J4G"&i0"&d!!Q`!!JS
|
||||
##J,mprcf!Ich!!!"r2B!!!)%AJ!#"&m%B!d%A`!$53!##J)+,2cer23%B3Vmp3!
|
||||
B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r23!!!B%B3!$r2-%BJ4M#[cc!!3
|
||||
+DfpME!d%BJ!"E3!!#JB+#Icb#[cb!!3+B@aTB3B%B`!$r2%%C!4P#[ca!!3+D@j
|
||||
cD!d%C!!#0!!!#J`+&2c`"'B+r2!!"!TMCQpX$34Q!!&[!!!+%!S6r1m,r1m!0$!
|
||||
!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*
|
||||
3BA4S"J4P!!2mlJ4Rr1d+r1i!"!TdEb!J$34R!!*Z!!!+&`SQ"'J%D3d%D!!#0!!
|
||||
!#Km+*[cX"'S+r1`!"!TQD@aP$34U!!&Y!!!+)JSP"'X-"'X!%!!+Eh"PER0cE(B
|
||||
ZD!!#!!!0"'N!!M3!!!SA#Krmk`4X#[cV!!3+BfC[E!d%E!!"E`!!#KX+([cU#rc
|
||||
U!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S"[cY!!!#"'!
|
||||
!!J4Y"'i0"'d!!dN!!JSY#PImkIcS"'m+r1N!'#jMEh*PBh*PE#SU+LS!!!!!!!#
|
||||
3!!"ZG@aX!IcS!!!'"'m!!rcR"(!%F3Vmj`!%#QY[Bf`0"(!!!@d!!!Sa#M6mjJV
|
||||
mjJ!%#Q&XD@%'"(%!!rcP"()%F`Vmj3!%#QPZFfJ0"()!!M3!!!Sh#Mrmj!4d#[c
|
||||
N!!3+BfC[E!d%G!!"E`!!#MX+2[cM#rcM!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4
|
||||
PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B%F`!$r1)%GIcK#[cL!!3
|
||||
+G'mJ)!d%G3!#EJ!!#N)+834f"(F0"(B!!M3!!!T+#P(mi!4i#[cJ!!3+CQPXC3d
|
||||
%H!!"E3!!#Nd+8!4j$!4j!!i!#(4YC'PQCLjS!!)!!!d%G`!#0!!!#N)+5[cI"(S
|
||||
+r0m!"!TMCQpX$34k!!&[!!!+4JT*r0i,r0i!*$!!%'0bHA"dEfC[E'4PFR"KG'J
|
||||
!%'0bHA"dEdC[E'4PFP"KG'J'r1%!!!)%EJ!#"(X%I!d%H`!#E!!##PJ+@2cGr0`
|
||||
"r0d!!!(mh!!!!J4m!!)%I34q$34p!!*X!!)+@!TBr0[mfJ(mf`!!!IcD!!!#"(i
|
||||
!!J4r")!0"(m!!dN!!JTB#S,mfIcB")%+r0N!'#jMEh*PBh*PE#SU+LS!!!!!!!#
|
||||
3!!"ZG@aX!IcB!!!'")%!!rcA"))%J`Vme`!%#QY[Bf`0"))!!@d!!!TF#PrmeJV
|
||||
meJ!%#Q&XD@%'")-!!rc9")3%K3Vme3!%#QPZFfJ0")3!!M3!!!TL#QVme!5'#[c
|
||||
8!!3+BfC[E!d%KJ!"E`!!#QB+DIc6#rc6!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4
|
||||
PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B%K3!$r0)%Krc4#[c5!!3
|
||||
+G'mJ)!d%K`!#EJ!!#Qd+I!5)")N0")J!!M3!!!Te#Rcmd!5+#[c3!!3+CQPXC3d
|
||||
%LJ!"E3!!#RJ+H`5,$!5,!!`!"Q9IEh-ZD!!#!!!0")N!!M3!!!TY#RAmc`5-#[c
|
||||
2!!3+BfC[E!d%M!!"E`!!#R%+G2c1#rc1!#B`!"&[F'9ZFh0XCQpXC'9bF'&dD!!
|
||||
4Eh"PER0cE%C[E'4PFP"KG'J'r0%!!!)%J!!#")d%MJd%M3!$53!##S-+VIc0r-`
|
||||
%M`Vmc3!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r-`!!!B%M`!$r-X%N!!
|
||||
%N3Vmb`!%#QY[Bf`0"*!!!!&Y!!!+K`U+r-S+r-S!"!TKE'PK"J54!!2mb355"*-
|
||||
+r-N!"!TTER0S$355!!)d!!!+M3U9r-J%P!Vmb!!%#Q0QEf`0"*3!!@m!!!U4#T6
|
||||
ma`[ma`!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9
|
||||
NC8C[E'4PFP"KG'J'"*-!!rc'"*Ama3VmaJ!%#R4[)#!0"*8!!Qi!!!UB#UF%PJ5
|
||||
A$35@!!)d!!!+S!URr-3%Q!Vma!!%#QCTE'80"*J!!@d!!!UM#UB%Q3`%Q3!0!!G
|
||||
PAfpc-LjS!!)!!!d%P`!#0!!!#TJ+S2c$"*S+r--!"!TMCQpX$35D!!&[!!!+R!U
|
||||
Ir-),r-)!*M!!%@p`C@jcFfaQEfaNCA*`BA4S!"&[F'9ZFh0X4QpXC'9b8'&dD!E
|
||||
ma3!!!J51!!)%Qrc"$35E!!*X!!)+VJUZr-$m[`(m`!!!!Ibr!!!#r-%!!!d!#3!
|
||||
"E3!!!!!!!3!I!Irq!!!#!!B!!J5F"*d0"*`!!Q`!!J!!!!$m[[bp!Ibq!!!"r,d
|
||||
!!!)%R3!#"*i%R`d%RJ!#E!!##V%+b!5Jr,`0"+!!!dN!!JUa#XMmZ`5K"+)+r,X
|
||||
!'#jcHA0[C'a[Cf&cDh)!!!!!!!!!!&4&@&30"+%!!@d!!!Ua#V3%S``%S`!'!!!
|
||||
!!J!!"J5L!!2mZJ5N"+8+r,S!"!TLG'jc$35N!!&+!!!+Y`Um"+B#"+B!!J5Rr,N
|
||||
0"+F!!@d!!!Uh#VS%U!`%U!!+!!4%EfjP!!)!!!,mZ3!!"J5P!!2mZ!5Tr,F+r,J
|
||||
!"!TRDACe$35T!!&Y!!!+[`V#r,B$r,B!"3EmY`!!!Ibm!!!#"*m!!J5Ur,80"+S
|
||||
!!Q`!!J!!!!$mY2bc!Ibd!!!"r,-!!!,mY3!!$J!#!!!2%!!$!",mXJ5V"+`%V35
|
||||
Z"+m%X!5a",)%X`5d",8%YJ5hr,(mX2b[r+i"r,)!!"!%U`!3r+hmV2bVr+VmUIb
|
||||
Sr+ImT[bPr+6mSrbLr+(mS2bIr*i+r+d!'#jKCACdEf&`F'jeE'`!!)!!!!#3!!!
|
||||
U+LSU#rbX!")`!!GdD'9`BA4S!!GdD'93BA4S#rbV!"``!!adD'9[E'4NC@aTEA-
|
||||
!$(4SC8pXC%4PE'PYF`[mUJ!J-!!1G'KPF(*[DQ9MG("KG'J!$R4SC9"bEfTPBh4
|
||||
3BA4S#rbT!"B`!!PdD'9YCA"KG'J!#A4SC8eP8'&dD![mU!!Q-!!4D@jME(9NC@C
|
||||
[E'4PFR"KG'J!%@PZBfaeC'9'EfaNCA*3BA4S#rbR!$3`!"K[F'9ZFh0XD@jME(9
|
||||
NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD![mTJ!N-!!3Bh*
|
||||
jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD![mT3!H-!!0Fh0XCQpXC'9
|
||||
bF'&dD!!0Fh0X4QpXC'9b8'&dD![mT!!Q-!!4Eh"PER0cE'C[E'4PFR"KG'J!%@p
|
||||
`C@jcFfa'EfaNCA*3BA4S#rbM!#i`!"9dD'9ZCAGQEfaNCA*bC@CPFQ9ZBf8!&A4
|
||||
SC8jPGdC[E'4PFP*PCQ9bC@jMC3[mSJ!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!Ib
|
||||
K!!!"r+!!!!(mR`!!!IbH!!!1"+`!"a$mR35ir*cmQ`5j",VmQJVmR3!B,Q&PGR4
|
||||
[BA"`ER9XE!!!J!!!!*!!!#SU+LS0",J!!@X!!!!!#XJ%Z`)%Z`!#!!8%[!)%[!!
|
||||
#"*lmQ3,mQ3!!!IbF!!!#r*X!!"!%Z3!!%!5k!)B!(rbBr*ImP[b9r*6mNrb5!#c
|
||||
mNIb3!2b2r)lmMIb-!%rmL`"D!&[mLJ"Nr)N!EIb)r)ImKJ#2r)AmK2b$r),mJIb
|
||||
!r(rmI[apr(cmH`#Tr(VmHIair(F![Iaf!-ImG3$8!1)!l!$j!3-"%!%D!5F"-3%
|
||||
q!8J"93&I!@`"GJ'$!Bd"QJ'N!E%"Z`()!G)"h`(T!IB#!!)0!KF#*!)Z!MX#43*
|
||||
5!P`#D3*c!S!#LJ+A!U%#VJ+m!XB#d`,G!ZS#p!-"!`X$'!-L!bm$130'!e!$A30
|
||||
R!h3$IJ1,!jN$S`1`!lS$a`24!pi$l!2f"!-%%`3K"#m%234,"&X%D`4j")X%Q35
|
||||
Mr(3%U2acr(,mF3VmQ!!%#Q0[BQS+r*F!'#jPBA*cCQCNFQ&XDA-!!!!!!!!J!'&
|
||||
QC()+r*B!"!TMG(Kd#rb9!")`!!GdD'9`BA4S!!GdD'93BA4S#[b8!!3+BA0MFJV
|
||||
mN`!%#R4iC'`,r*)!($!!$(4SC@pXC'4PE'PYF`!-G'KP6faN4'9XD@ec#[b4!!3
|
||||
+BfPdE32mN!$rr3[mM`!J-!!1G'KPF(*[DQ9MG("KG'J!$R4SC9"bEfTPBh43BA4
|
||||
S!rb1rri+r)d!"!T849K8#rb-!"B`!!PdD'9YCA"KG'J!#A4SC8eP8'&dD![mL`!
|
||||
Q-!!4D@jME(9NC@C[E'4PFR"KG'J!%@PZBfaeC'9'EfaNCA*3BA4S#rb+!$3`!"K
|
||||
[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&
|
||||
dD![mL3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD![mL!!
|
||||
H-!!0Fh0XCQpXC'9bF'&dD!!0Fh0X4QpXC'9b8'&dD![mK`!Q-!!4Eh"PER0cE'C
|
||||
[E'4PFR"KG'J!%@p`C@jcFfa'EfaNCA*3BA4S#[b'!!3+BfC[E!VmK3!B,QeTFf0
|
||||
cE'0d+LSU+J!!!!!!!*!!!#SU+LS+r)3!"!TcC@aP#[b$!"JZBfpbC@4PE'mU+LS
|
||||
U!!!!!!!!N!!!+LSU+J(mJJ!!![b"!!!+r)!!"!TVEf0X#[ar!!3+D@jcD!2mIJ!
|
||||
%#[ap!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!VmI!!%#R*cE(3,r(X!,M!
|
||||
!&A4SC@jPGfC[E'4PFR*PCQ9bC@jMC3!9G'KP6Q9h4QpXC'9b8Q9QCA*PEQ0P#[a
|
||||
k!!3+F'jKE3VmH3!%#Q&XD@%+r(J!"!TdEb!J#[ah!!3+CQPXC32mGJ!'#rae!"3
|
||||
`!!KdC@e`F'&dD!!)G'9YF&"KG'J+r(3!"!TLG'jc#[ac!!3+CfPfG32mFJ!&#[a
|
||||
a!"JZFhPcEf4XEfGKFfYb!!!!!!!!!!"849K8%IbD#XRJ%JUYi1%TDJ`!!LrM*N9
|
||||
4e%r&jLa&edrSaHBX4Nr%@qPF@eTVA&VU-NAE6m4Ek9aE@QYF@Z`bl5C&hNr,lbA
|
||||
Y*N9J!""2bf%!%59K!")Pl5C&B!!66mYK!"3Pl5C&B!!96mYK!"BPl5C&B!!A6m[
|
||||
Y*N9J!"K2amAQ,%C2&!!L+Q%!'9m!%#pK!"PK!"S[DJ`!'dmUB3!F,'S-!"eA!!K
|
||||
B!"i!(fK2+Q%!)'%!'@%!)5TK!"PI!"![B3!L$!!M6em!*%9J!#92A`!PDJ`!'dp
|
||||
K!#BUB3!F,'%!*ba'6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"R1,f%!+Q%!+bp
|
||||
K!#`-!#02A`!9B3!Y*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,Lp
|
||||
K!#TK!#m[B3!X$!!M6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3!
|
||||
`,f%!,!`!)dpI!"9K!$%P4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!
|
||||
Z,f%!+Q%!-LpK!#`-!#02A`!9B3!c*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!
|
||||
T+Q%!'9m!,LpK!#TK!$3[B3!X$!!M6em!&@%!059&B!!Z6bTK!#"K!#KK!#%UB3!
|
||||
CA`!6,f%!+5TK!"PI!#i[B3!UB3!f,f%!,!`!)dpI!"9K!$FP4@!!,NmUB3!JB3!
|
||||
SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!1#pK!#`-!#02A`!9B3!j*89J!#j
|
||||
2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!$S[B3!X$!!M6em!&@%
|
||||
!1b9&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3!m,f%!,!`
|
||||
!)dpI!"9K!$dP4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%
|
||||
!2LpK!#`-!#02A`!9B3!r*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m
|
||||
!,LpK!#TK!%![B3!X$!!M6em!&@%!359&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%
|
||||
!+5TK!"PI!#i[B3!UB3"#,f%!,!`!)dpI!"9K!%-P4@!!,NmUB3!JB3!SB3!K+Q%
|
||||
!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!4#pK!#`-!#02A`!9B3"&*89J!#j2+Q%!)'%
|
||||
!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!%B[B3!X$!!M6em!&@%!4b9&B!!
|
||||
Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"),f%!,!`!)dpI!"9
|
||||
K!%NP4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!5LpK!#`
|
||||
-!#02A`!9B3",*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#T
|
||||
K!%`[B3!X$!!M6em!&@%!659&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"P
|
||||
I!#i[B3!UB3"1,f%!,!`!)dpI!"9K!%mP4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bp
|
||||
K!#NUB3!CA`!Z,f%!+Q%!8#pK!#`-!#02A`!9B3"4*89J!#j2+Q%!)'%!+'%!)5T
|
||||
K!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!&)[B3!X$!!M6em!&@%!8b9&B!!Z6bTK!#"
|
||||
K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"8,f%!,!`!)dpI!"9K!&8P4@!
|
||||
!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!9LpK!#`-!#02A`!
|
||||
9B3"A*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!&J[B3!
|
||||
X$!!M6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"C,f%!,!`!)dp
|
||||
I!"9K!&SP4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!@bp
|
||||
K!#`-!#02A`!9B3"F*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,Lp
|
||||
K!#TK!&d[B3!X$!!M6em!&@%!AL9&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5T
|
||||
K!"PI!#i[B3!UB3"I,f%!,!`!)dpI!"9K!'!P4@!!,NmUB3!JB3!SB3!K+Q%!'9m
|
||||
!%bpK!#NUB3!CA`!Z,f%!+Q%!B5pK!#`-!#02A`!9B3"L*89J!#j2+Q%!)'%!+'%
|
||||
!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!'-[B3!X$!!M6em!&@%!C#9&B!!Z6bT
|
||||
K!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"P,f%!,!`!)dpI!"9K!'B
|
||||
P4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!CbpK!#`-!#0
|
||||
2A`!9B3"S*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!'N
|
||||
[B3!X$!!M6em!&@%!DL9&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i
|
||||
[B3!UB3"V,f%!,!`!)dmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%
|
||||
!E#pK!#`-!#02A`!9B3"Y*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m
|
||||
!,LpK!#TK!'i[B3!X$!!M6em!&@%!Eb9&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%
|
||||
!+5TK!"PI!#i[B3!UB3"`,f%!,!`!)dpI!"9K!(%P4@!!,NmUB3!JB3!SB3!K+Q%
|
||||
!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!FLpK!#`-!#02+Q%!)'%!+'%!)5TK!"PI!"-
|
||||
[B3!T+Q%!'9m!,LpK!#TK!(-[B3!X$!!M6em!&@%!G#9&B!!Z6bTK!#"K!#KK!#%
|
||||
UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"e,f%!,!`!)dmUB3!JB3!SB3!K+Q%!'9m
|
||||
!%bpK!#NUB3!CA`!A,f%!+Q%!GLpK!#`-!#02+Q%!)'%!+'%!)5TK!"PI!"-[B3!
|
||||
T+Q%!'9m!&bpK!#TK!(F[B3!X$!!M6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"P
|
||||
I!"F[B3!UB3"i,f%!,!`!)dmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!A,f%
|
||||
!+Q%!H5pK!#`-!#02+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!&bpK!#TK!(S
|
||||
[B3!X$!!M6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!"8[B3!UB3"l,f%!,!`
|
||||
!)dmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!9,f%!+Q%!I#pK!#`-!#02+Q%
|
||||
!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!&5pK!#TK!(d[B3!X$!!M6bTK!#"K!#K
|
||||
K!#%UB3!CA`!6,f%!+5TK!"PI!"J[B3!UB3"q,f%!,!`!)dmUB3!JB3!SB3!K+Q%
|
||||
!'9m!%bpK!#NUB3!CA`!B,f%!+Q%!IbpK!#`-!#028&92B3#!B3#"B3##DhCK!)0
|
||||
K!)4K!#)-!)82$!5Y!&%!5deKBfPZG'pcD#")4$T%CA0VG'p`)%C[E'4PFMT*EQ0
|
||||
[E@PZCcT[F'9ZFh0X,90139!Y-6Nj16%b-6%k6@&M6e-kE@YXD@jVFbjKF`!#!!!
|
||||
1"+i!!J6mF!5p!ra`!!%1",d!!3!%[J`%[J!'!!!!!J!!$J5[!!)%r'm%[`2mE`!
|
||||
%$J5r!!3!"-!%`36#"---"-!!%J!-6@&MD@jdEh0S)%K%!!)!!!`%`3!8!!j%CA0
|
||||
VG'p`)%C[E'4PFJ!#!!!-"-)!$J!)5@jMEfeTEQF!!J!!$!6$!"X!&@p`C@jcFf`
|
||||
Y8dj"8#da16Nj-6)a-3!#!!!-",!!4J"!6@&MD@jdEh0S)%K%1N4PFfYdEh!J4Qp
|
||||
XC'9b1NPZBfpYD@jR1Qp`C@jcFf`Y8dj"8#da16Nj-6)a-6T0B@028`!#!!!-",%
|
||||
!5!"#6@&MD@jdEh0S)%K%1N4PFfYdEh!J4QpXC'9b1NPZBfpYD@jR1Qp`C@jcFf`
|
||||
Y8dj"8#da16Nj-6)a-6TTEQ0XG@4P!!)!!!`%XJ"3!%T0B@0TER4[FfJJ5%3k4'9
|
||||
cDh4[F#"'EfaNCA)k5@jMEfeTEQFkEh"PER0cE#e66N&3,6%j16Na-M%a1QPZBfa
|
||||
eC'8kEh"PER0cE!!#!!!-",-!4`""6@&MD@jdEh0S)%K%1N4PFfYdEh!J4QpXC'9
|
||||
b1NPZBfpYD@jR1Qp`C@jcFf`Y8dj"8#da16Nj-6)a-6TMFRP`G'm!!J!!$!5d!%3
|
||||
!2NeKBfPZG'pcD#")4$T%CA0VG'p`)%C[E'4PFMT*EQ0[E@PZCcT[F'9ZFh0X,90
|
||||
139!Y-6Nj16%b-6%kFh0X!!)!!!`%Y3"!!$T0B@0TER4[FfJJ5%3k4'9cDh4[F#"
|
||||
'EfaNCA)k5@jMEfeTEQFkEh"PER0cE#e66N&3,6%j16Na-M%a!!)!!!i%YJ!"&!6
|
||||
%$J6%!!-B"-AmEJ6'$J6&!!-B"-ImE36)$J6(!!-B"-RmE!6+$J6*!!-B!"rmD`6
|
||||
,#[aV!!3+BfC[E!`%b`!1!!K*EQ0[E@PZC`!#!!!+r'`!"!TMCQpX$!6+!"X!&@p
|
||||
`C@jcFf`Y8dj"8#da16Nj-6)a-3!#!!!+r'd!"!TMCQpX$!6)!!d!"fPZBfaeC'8
|
||||
!!J!!#[aZ!!3+BfC[E!`%aJ!9!!peER4TG'aPC#"QEfaNCA)!!J!!$!5h!%i!5%e
|
||||
KBfPZG'pcD#")4$T%CA0VG'p`)%C[E'4PFMT*EQ0[E@PZCcT[F'9ZFh0X,90139!
|
||||
Y-6Nj16%b-6%kBh*jF(4[1RJe-$Pf-`!#!!!"r,%!!!(mX!!!!Ib[!!!"r+i!!'&
|
||||
cBh)!!3!-qYlHV3!!!3!!!*G#!!#@3J!!!AB!!$-8-0J!!!!F!AB!$h0MFhS!!!#
|
||||
#6Np853!!!)jcBh"d!!!!QP4&@&3!!3#QFh4jE!!!!,j$6d4&!!%!bN*14%`!!!$
|
||||
LBA"XG!!!!1j'8N9'!!!!qNP$6L-!!!%'D@0X0!!!!4*TBh-M!!!"(QPMFc3!!!%
|
||||
UD'CNFJ!!!6C659T&!!!"3PG3Eh-!!!&1!!$rr`!!!!!!!!!!!)$rre!!!"i!!!!
|
||||
!!)$rr`!!"cJ#DH#m"'Mrr`!!!*S!!!!!%iRrr`!!"Pi!!!!!"'Mrr`!!!53!!!!
|
||||
!!!$rrb!!!9)!!!!!!!(rra3!!@i#DG`%!)$rr`!!!Pi#DH"X!!$rr`!!!Ri!!!!
|
||||
!!)$rr`!!!S-#DH"d!*Err`!!!Si!!!!!!*Err`!!!j)!!!!!!*Err`!!"CB#DH%
|
||||
i!*Err`!!"GS#DH%dkF$rr`!!"[`!!!!!rrrrr`!!"a)!!!!!!)$rr`!!"b!!!!!
|
||||
!*4S:
|
|
@ -0,0 +1,126 @@
|
|||
/* MacOS/opensslconf.h */
|
||||
|
||||
#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
|
||||
# if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
|
||||
# define OPENSSLDIR "/usr/local/ssl"
|
||||
# endif
|
||||
#endif
|
||||
|
||||
#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
|
||||
# define IDEA_INT unsigned int
|
||||
#endif
|
||||
|
||||
#if defined(HEADER_MD2_H) && !defined(MD2_INT)
|
||||
# define MD2_INT unsigned int
|
||||
#endif
|
||||
|
||||
#if defined(HEADER_RC2_H) && !defined(RC2_INT)
|
||||
/* I need to put in a mod for the alpha - eay */
|
||||
# define RC2_INT unsigned int
|
||||
#endif
|
||||
|
||||
#if defined(HEADER_RC4_H)
|
||||
# if !defined(RC4_INT)
|
||||
/*
|
||||
* using int types make the structure larger but make the code faster on most
|
||||
* boxes I have tested - up to %20 faster.
|
||||
*/
|
||||
/*-
|
||||
* I don't know what does "most" mean, but declaring "int" is a must on:
|
||||
* - Intel P6 because partial register stalls are very expensive;
|
||||
* - elder Alpha because it lacks byte load/store instructions;
|
||||
*/
|
||||
# define RC4_INT unsigned char
|
||||
# endif
|
||||
# if !defined(RC4_CHUNK)
|
||||
/*
|
||||
* This enables code handling data aligned at natural CPU word
|
||||
* boundary. See crypto/rc4/rc4_enc.c for further details.
|
||||
*/
|
||||
# define RC4_CHUNK unsigned long
|
||||
# endif
|
||||
#endif
|
||||
|
||||
#if defined(HEADER_DES_H) && !defined(DES_LONG)
|
||||
/*
|
||||
* If this is set to 'unsigned int' on a DEC Alpha, this gives about a %20
|
||||
* speed up (longs are 8 bytes, int's are 4).
|
||||
*/
|
||||
# ifndef DES_LONG
|
||||
# define DES_LONG unsigned long
|
||||
# endif
|
||||
#endif
|
||||
|
||||
#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
|
||||
# define CONFIG_HEADER_BN_H
|
||||
# if __option(longlong)
|
||||
# define BN_LLONG
|
||||
# else
|
||||
# undef BN_LLONG
|
||||
# endif
|
||||
|
||||
/* Should we define BN_DIV2W here? */
|
||||
|
||||
/* Only one for the following should be defined */
|
||||
/*
|
||||
* The prime number generation stuff may not work when EIGHT_BIT but I don't
|
||||
* care since I've only used this mode for debuging the bignum libraries
|
||||
*/
|
||||
# undef SIXTY_FOUR_BIT_LONG
|
||||
# undef SIXTY_FOUR_BIT
|
||||
# define THIRTY_TWO_BIT
|
||||
# undef SIXTEEN_BIT
|
||||
# undef EIGHT_BIT
|
||||
#endif
|
||||
|
||||
#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
|
||||
# define CONFIG_HEADER_RC4_LOCL_H
|
||||
/*
|
||||
* if this is defined data[i] is used instead of *data, this is a %20 speedup
|
||||
* on x86
|
||||
*/
|
||||
# undef RC4_INDEX
|
||||
#endif
|
||||
|
||||
#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
|
||||
# define CONFIG_HEADER_BF_LOCL_H
|
||||
# define BF_PTR
|
||||
#endif /* HEADER_BF_LOCL_H */
|
||||
|
||||
#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
|
||||
# define CONFIG_HEADER_DES_LOCL_H
|
||||
/*
|
||||
* the following is tweaked from a config script, that is why it is a
|
||||
* protected undef/define
|
||||
*/
|
||||
# ifndef DES_PTR
|
||||
# define DES_PTR
|
||||
# endif
|
||||
|
||||
/*
|
||||
* This helps C compiler generate the correct code for multiple functional
|
||||
* units. It reduces register dependancies at the expense of 2 more
|
||||
* registers
|
||||
*/
|
||||
# ifndef DES_RISC1
|
||||
# define DES_RISC1
|
||||
# endif
|
||||
|
||||
# ifndef DES_RISC2
|
||||
# undef DES_RISC2
|
||||
# endif
|
||||
|
||||
# if defined(DES_RISC1) && defined(DES_RISC2)
|
||||
YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED ! !!!!
|
||||
# endif
|
||||
/*
|
||||
* Unroll the inner loop, this sometimes helps, sometimes hinders. Very mucy
|
||||
* CPU dependant
|
||||
*/
|
||||
# ifndef DES_UNROLL
|
||||
# define DES_UNROLL
|
||||
# endif
|
||||
#endif /* HEADER_DES_LOCL_H */
|
||||
#ifndef __POWERPC__
|
||||
# define MD32_XARRAY
|
||||
#endif
|
|
@ -0,0 +1,690 @@
|
|||
##
|
||||
## Makefile for OpenSSL
|
||||
##
|
||||
|
||||
VERSION=
|
||||
MAJOR=
|
||||
MINOR=
|
||||
SHLIB_VERSION_NUMBER=
|
||||
SHLIB_VERSION_HISTORY=
|
||||
SHLIB_MAJOR=
|
||||
SHLIB_MINOR=
|
||||
SHLIB_EXT=
|
||||
PLATFORM=dist
|
||||
OPTIONS=
|
||||
CONFIGURE_ARGS=
|
||||
SHLIB_TARGET=
|
||||
|
||||
# HERE indicates where this Makefile lives. This can be used to indicate
|
||||
# where sub-Makefiles are expected to be. Currently has very limited usage,
|
||||
# and should probably not be bothered with at all.
|
||||
HERE=.
|
||||
|
||||
# INSTALL_PREFIX is for package builders so that they can configure
|
||||
# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
|
||||
# Normally it is left empty.
|
||||
INSTALL_PREFIX=
|
||||
INSTALLTOP=/usr/local/ssl
|
||||
|
||||
# Do not edit this manually. Use Configure --openssldir=DIR do change this!
|
||||
OPENSSLDIR=/usr/local/ssl
|
||||
|
||||
# NO_IDEA - Define to build without the IDEA algorithm
|
||||
# NO_RC4 - Define to build without the RC4 algorithm
|
||||
# NO_RC2 - Define to build without the RC2 algorithm
|
||||
# THREADS - Define when building with threads, you will probably also need any
|
||||
# system defines as well, i.e. _REENTERANT for Solaris 2.[34]
|
||||
# TERMIO - Define the termio terminal subsystem, needed if sgtty is missing.
|
||||
# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
|
||||
# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
|
||||
# DEVRANDOM - Give this the value of the 'random device' if your OS supports
|
||||
# one. 32 bytes will be read from this when the random
|
||||
# number generator is initalised.
|
||||
# SSL_FORBID_ENULL - define if you want the server to be not able to use the
|
||||
# NULL encryption ciphers.
|
||||
#
|
||||
# LOCK_DEBUG - turns on lots of lock debug output :-)
|
||||
# REF_CHECK - turn on some xyz_free() assertions.
|
||||
# REF_PRINT - prints some stuff on structure free.
|
||||
# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff
|
||||
# MFUNC - Make all Malloc/Free/Realloc calls call
|
||||
# CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
|
||||
# call application defined callbacks via CRYPTO_set_mem_functions()
|
||||
# MD5_ASM needs to be defined to use the x86 assembler for MD5
|
||||
# SHA1_ASM needs to be defined to use the x86 assembler for SHA1
|
||||
# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160
|
||||
# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8. It must
|
||||
# equal 4.
|
||||
# PKCS1_CHECK - pkcs1 tests.
|
||||
|
||||
CC= cc
|
||||
CFLAG= -O
|
||||
DEPFLAG=
|
||||
PEX_LIBS=
|
||||
EX_LIBS=
|
||||
EXE_EXT=
|
||||
ARFLAGS=
|
||||
AR=ar $(ARFLAGS) r
|
||||
RANLIB= ranlib
|
||||
RC= windres
|
||||
NM= nm
|
||||
PERL= perl
|
||||
TAR= tar
|
||||
TARFLAGS= --no-recursion
|
||||
MAKEDEPPROG=makedepend
|
||||
LIBDIR=lib
|
||||
|
||||
# We let the C compiler driver to take care of .s files. This is done in
|
||||
# order to be excused from maintaining a separate set of architecture
|
||||
# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
|
||||
# gcc, then the driver will automatically translate it to -xarch=v8plus
|
||||
# and pass it down to assembler.
|
||||
AS=$(CC) -c
|
||||
ASFLAG=$(CFLAG)
|
||||
|
||||
# For x86 assembler: Set PROCESSOR to 386 if you want to support
|
||||
# the 80386.
|
||||
PROCESSOR=
|
||||
|
||||
# CPUID module collects small commonly used assembler snippets
|
||||
CPUID_OBJ=
|
||||
BN_ASM= bn_asm.o
|
||||
EC_ASM=
|
||||
DES_ENC= des_enc.o fcrypt_b.o
|
||||
AES_ENC= aes_core.o aes_cbc.o
|
||||
BF_ENC= bf_enc.o
|
||||
CAST_ENC= c_enc.o
|
||||
RC4_ENC= rc4_enc.o
|
||||
RC5_ENC= rc5_enc.o
|
||||
MD5_ASM_OBJ=
|
||||
SHA1_ASM_OBJ=
|
||||
RMD160_ASM_OBJ=
|
||||
WP_ASM_OBJ=
|
||||
CMLL_ENC=
|
||||
MODES_ASM_OBJ=
|
||||
ENGINES_ASM_OBJ=
|
||||
PERLASM_SCHEME=
|
||||
|
||||
# KRB5 stuff
|
||||
KRB5_INCLUDES=
|
||||
LIBKRB5=
|
||||
|
||||
# Zlib stuff
|
||||
ZLIB_INCLUDE=
|
||||
LIBZLIB=
|
||||
|
||||
# TOP level FIPS install directory.
|
||||
FIPSDIR=
|
||||
|
||||
# This is the location of fipscanister.o and friends.
|
||||
# The FIPS module build will place it $(INSTALLTOP)/lib
|
||||
# but since $(INSTALLTOP) can only take the default value
|
||||
# when the module is built it will be in /usr/local/ssl/lib
|
||||
# $(INSTALLTOP) for this build may be different so hard
|
||||
# code the path.
|
||||
|
||||
FIPSLIBDIR=
|
||||
|
||||
# The location of the library which contains fipscanister.o
|
||||
# normally it will be libcrypto unless fipsdso is set in which
|
||||
# case it will be libfips. If not compiling in FIPS mode at all
|
||||
# this is empty making it a useful test for a FIPS compile.
|
||||
|
||||
FIPSCANLIB=
|
||||
|
||||
# Shared library base address. Currently only used on Windows.
|
||||
#
|
||||
|
||||
BASEADDR=
|
||||
|
||||
DIRS= crypto ssl engines apps test tools
|
||||
ENGDIRS= ccgost
|
||||
SHLIBDIRS= crypto ssl
|
||||
|
||||
# dirs in crypto to build
|
||||
SDIRS= \
|
||||
objects \
|
||||
md2 md4 md5 sha mdc2 hmac ripemd whrlpool \
|
||||
des aes rc2 rc4 rc5 idea bf cast camellia seed modes \
|
||||
bn ec rsa dsa ecdsa dh ecdh dso engine \
|
||||
buffer bio stack lhash rand err \
|
||||
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
|
||||
cms pqueue ts jpake srp store cmac
|
||||
# keep in mind that the above list is adjusted by ./Configure
|
||||
# according to no-xxx arguments...
|
||||
|
||||
# tests to perform. "alltests" is a special word indicating that all tests
|
||||
# should be performed.
|
||||
TESTS = alltests
|
||||
|
||||
MAKEFILE= Makefile
|
||||
|
||||
MANDIR=$(OPENSSLDIR)/man
|
||||
MAN1=1
|
||||
MAN3=3
|
||||
MANSUFFIX=
|
||||
HTMLSUFFIX=html
|
||||
HTMLDIR=$(OPENSSLDIR)/html
|
||||
SHELL=/bin/sh
|
||||
|
||||
TOP= .
|
||||
ONEDIRS=out tmp
|
||||
EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS
|
||||
WDIRS= windows
|
||||
LIBS= libcrypto.a libssl.a
|
||||
SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
|
||||
SHARED_SSL=libssl$(SHLIB_EXT)
|
||||
SHARED_LIBS=
|
||||
SHARED_LIBS_LINK_EXTS=
|
||||
SHARED_LDFLAGS=
|
||||
|
||||
GENERAL= Makefile
|
||||
BASENAME= openssl
|
||||
NAME= $(BASENAME)-$(VERSION)
|
||||
TARFILE= ../$(NAME).tar
|
||||
EXHEADER= e_os2.h
|
||||
HEADER= e_os.h
|
||||
|
||||
all: Makefile build_all
|
||||
|
||||
# as we stick to -e, CLEARENV ensures that local variables in lower
|
||||
# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
|
||||
# shell, which [annoyingly enough] terminates unset with error if VAR
|
||||
# is not present:-( TOP= && unset TOP is tribute to HP-UX /bin/sh,
|
||||
# which terminates unset with error if no variable was present:-(
|
||||
CLEARENV= TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS} \
|
||||
$${INCLUDE+INCLUDE} $${INCLUDES+INCLUDES} \
|
||||
$${DIR+DIR} $${DIRS+DIRS} $${SRC+SRC} \
|
||||
$${LIBSRC+LIBSRC} $${LIBOBJ+LIBOBJ} $${ALL+ALL} \
|
||||
$${EXHEADER+EXHEADER} $${HEADER+HEADER} \
|
||||
$${GENERAL+GENERAL} $${CFLAGS+CFLAGS} \
|
||||
$${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS} \
|
||||
$${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} $${SCRIPTS+SCRIPTS} \
|
||||
$${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \
|
||||
$${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS} \
|
||||
$${APPS+APPS}
|
||||
|
||||
# LC_ALL=C ensures that error [and other] messages are delivered in
|
||||
# same language for uniform treatment.
|
||||
BUILDENV= LC_ALL=C PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)'\
|
||||
CC='$(CC)' CFLAG='$(CFLAG)' \
|
||||
AS='$(CC)' ASFLAG='$(CFLAG) -c' \
|
||||
AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)' \
|
||||
RC='$(RC)' \
|
||||
CROSS_COMPILE='$(CROSS_COMPILE)' \
|
||||
PERL='$(PERL)' ENGDIRS='$(ENGDIRS)' \
|
||||
SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/$(LIBDIR)' \
|
||||
INSTALL_PREFIX='$(INSTALL_PREFIX)' \
|
||||
INSTALLTOP='$(INSTALLTOP)' OPENSSLDIR='$(OPENSSLDIR)' \
|
||||
LIBDIR='$(LIBDIR)' \
|
||||
MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD $(MAKEDEPPROG)' \
|
||||
DEPFLAG='-DOPENSSL_NO_DEPRECATED $(DEPFLAG)' \
|
||||
MAKEDEPPROG='$(MAKEDEPPROG)' \
|
||||
SHARED_LDFLAGS='$(SHARED_LDFLAGS)' \
|
||||
KRB5_INCLUDES='$(KRB5_INCLUDES)' LIBKRB5='$(LIBKRB5)' \
|
||||
ZLIB_INCLUDE='$(ZLIB_INCLUDE)' LIBZLIB='$(LIBZLIB)' \
|
||||
EXE_EXT='$(EXE_EXT)' SHARED_LIBS='$(SHARED_LIBS)' \
|
||||
SHLIB_EXT='$(SHLIB_EXT)' SHLIB_TARGET='$(SHLIB_TARGET)' \
|
||||
PEX_LIBS='$(PEX_LIBS)' EX_LIBS='$(EX_LIBS)' \
|
||||
CPUID_OBJ='$(CPUID_OBJ)' BN_ASM='$(BN_ASM)' \
|
||||
EC_ASM='$(EC_ASM)' DES_ENC='$(DES_ENC)' \
|
||||
AES_ENC='$(AES_ENC)' CMLL_ENC='$(CMLL_ENC)' \
|
||||
BF_ENC='$(BF_ENC)' CAST_ENC='$(CAST_ENC)' \
|
||||
RC4_ENC='$(RC4_ENC)' RC5_ENC='$(RC5_ENC)' \
|
||||
SHA1_ASM_OBJ='$(SHA1_ASM_OBJ)' \
|
||||
MD5_ASM_OBJ='$(MD5_ASM_OBJ)' \
|
||||
RMD160_ASM_OBJ='$(RMD160_ASM_OBJ)' \
|
||||
WP_ASM_OBJ='$(WP_ASM_OBJ)' \
|
||||
MODES_ASM_OBJ='$(MODES_ASM_OBJ)' \
|
||||
ENGINES_ASM_OBJ='$(ENGINES_ASM_OBJ)' \
|
||||
PERLASM_SCHEME='$(PERLASM_SCHEME)' \
|
||||
FIPSLIBDIR='${FIPSLIBDIR}' \
|
||||
FIPSDIR='${FIPSDIR}' \
|
||||
FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \
|
||||
THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
|
||||
# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
|
||||
# which in turn eliminates ambiguities in variable treatment with -e.
|
||||
|
||||
# BUILD_CMD is a generic macro to build a given target in a given
|
||||
# subdirectory. The target must be given through the shell variable
|
||||
# `target' and the subdirectory to build in must be given through `dir'.
|
||||
# This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or
|
||||
# BUILD_ONE_CMD instead.
|
||||
#
|
||||
# BUILD_ONE_CMD is a macro to build a given target in a given
|
||||
# subdirectory if that subdirectory is part of $(DIRS). It requires
|
||||
# exactly the same shell variables as BUILD_CMD.
|
||||
#
|
||||
# RECURSIVE_BUILD_CMD is a macro to build a given target in all
|
||||
# subdirectories defined in $(DIRS). It requires that the target
|
||||
# is given through the shell variable `target'.
|
||||
BUILD_CMD= if [ -d "$$dir" ]; then \
|
||||
( cd $$dir && echo "making $$target in $$dir..." && \
|
||||
$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \
|
||||
) || exit 1; \
|
||||
fi
|
||||
RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done
|
||||
BUILD_ONE_CMD=\
|
||||
if expr " $(DIRS) " : ".* $$dir " >/dev/null 2>&1; then \
|
||||
$(BUILD_CMD); \
|
||||
fi
|
||||
|
||||
reflect:
|
||||
@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
|
||||
|
||||
sub_all: build_all
|
||||
|
||||
build_all: build_libs build_apps build_tests build_tools
|
||||
|
||||
build_libs: build_libcrypto build_libssl openssl.pc
|
||||
|
||||
build_libcrypto: build_crypto build_engines libcrypto.pc
|
||||
build_libssl: build_ssl libssl.pc
|
||||
|
||||
build_crypto:
|
||||
@dir=crypto; target=all; $(BUILD_ONE_CMD)
|
||||
build_ssl: build_crypto
|
||||
@dir=ssl; target=all; $(BUILD_ONE_CMD)
|
||||
build_engines: build_crypto
|
||||
@dir=engines; target=all; $(BUILD_ONE_CMD)
|
||||
build_apps: build_libs
|
||||
@dir=apps; target=all; $(BUILD_ONE_CMD)
|
||||
build_tests: build_libs
|
||||
@dir=test; target=all; $(BUILD_ONE_CMD)
|
||||
build_tools: build_libs
|
||||
@dir=tools; target=all; $(BUILD_ONE_CMD)
|
||||
|
||||
all_testapps: build_libs build_testapps
|
||||
build_testapps:
|
||||
@dir=crypto; target=testapps; $(BUILD_ONE_CMD)
|
||||
|
||||
fips_premain_dso$(EXE_EXT): libcrypto.a
|
||||
[ -z "$(FIPSCANLIB)" ] || $(CC) $(CFLAG) -Iinclude \
|
||||
-DFINGERPRINT_PREMAIN_DSO_LOAD -o $@ \
|
||||
$(FIPSLIBDIR)fips_premain.c $(FIPSLIBDIR)fipscanister.o \
|
||||
libcrypto.a $(EX_LIBS)
|
||||
|
||||
libcrypto$(SHLIB_EXT): libcrypto.a fips_premain_dso$(EXE_EXT)
|
||||
@if [ "$(SHLIB_TARGET)" != "" ]; then \
|
||||
if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \
|
||||
FIPSLD_LIBCRYPTO=libcrypto.a ; \
|
||||
FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \
|
||||
export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \
|
||||
fi; \
|
||||
$(MAKE) -e SHLIBDIRS=crypto CC="$${CC:-$(CC)}" build-shared && \
|
||||
(touch -c fips_premain_dso$(EXE_EXT) || :); \
|
||||
else \
|
||||
echo "There's no support for shared libraries on this platform" >&2; \
|
||||
exit 1; \
|
||||
fi
|
||||
|
||||
libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
|
||||
@if [ "$(SHLIB_TARGET)" != "" ]; then \
|
||||
$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
|
||||
else \
|
||||
echo "There's no support for shared libraries on this platform" >&2; \
|
||||
exit 1; \
|
||||
fi
|
||||
|
||||
clean-shared:
|
||||
@set -e; for i in $(SHLIBDIRS); do \
|
||||
if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
|
||||
tmp="$(SHARED_LIBS_LINK_EXTS)"; \
|
||||
for j in $${tmp:-x}; do \
|
||||
( set -x; rm -f lib$$i$$j ); \
|
||||
done; \
|
||||
fi; \
|
||||
( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
|
||||
if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
|
||||
( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
|
||||
fi; \
|
||||
done
|
||||
|
||||
link-shared:
|
||||
@ set -e; for i in $(SHLIBDIRS); do \
|
||||
$(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
|
||||
LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
|
||||
LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
|
||||
symlink.$(SHLIB_TARGET); \
|
||||
libs="$$libs -l$$i"; \
|
||||
done
|
||||
|
||||
build-shared: do_$(SHLIB_TARGET) link-shared
|
||||
|
||||
do_$(SHLIB_TARGET):
|
||||
@ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \
|
||||
if [ "$$i" = "ssl" -a -n "$(LIBKRB5)" ]; then \
|
||||
libs="$(LIBKRB5) $$libs"; \
|
||||
fi; \
|
||||
$(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
|
||||
LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
|
||||
LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
|
||||
LIBDEPS="$$libs $(EX_LIBS)" \
|
||||
link_a.$(SHLIB_TARGET); \
|
||||
libs="-l$$i $$libs"; \
|
||||
done
|
||||
|
||||
libcrypto.pc: Makefile
|
||||
@ ( echo 'prefix=$(INSTALLTOP)'; \
|
||||
echo 'exec_prefix=$${prefix}'; \
|
||||
echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
|
||||
echo 'includedir=$${prefix}/include'; \
|
||||
echo 'enginesdir=$${libdir}/engines'; \
|
||||
echo ''; \
|
||||
echo 'Name: OpenSSL-libcrypto'; \
|
||||
echo 'Description: OpenSSL cryptography library'; \
|
||||
echo 'Version: '$(VERSION); \
|
||||
echo 'Requires: '; \
|
||||
echo 'Libs: -L$${libdir} -lcrypto'; \
|
||||
echo 'Libs.private: $(EX_LIBS)'; \
|
||||
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc
|
||||
|
||||
libssl.pc: Makefile
|
||||
@ ( echo 'prefix=$(INSTALLTOP)'; \
|
||||
echo 'exec_prefix=$${prefix}'; \
|
||||
echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
|
||||
echo 'includedir=$${prefix}/include'; \
|
||||
echo ''; \
|
||||
echo 'Name: OpenSSL-libssl'; \
|
||||
echo 'Description: Secure Sockets Layer and cryptography libraries'; \
|
||||
echo 'Version: '$(VERSION); \
|
||||
echo 'Requires.private: libcrypto'; \
|
||||
echo 'Libs: -L$${libdir} -lssl'; \
|
||||
echo 'Libs.private: $(EX_LIBS)'; \
|
||||
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
|
||||
|
||||
openssl.pc: Makefile
|
||||
@ ( echo 'prefix=$(INSTALLTOP)'; \
|
||||
echo 'exec_prefix=$${prefix}'; \
|
||||
echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
|
||||
echo 'includedir=$${prefix}/include'; \
|
||||
echo ''; \
|
||||
echo 'Name: OpenSSL'; \
|
||||
echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
|
||||
echo 'Version: '$(VERSION); \
|
||||
echo 'Requires: libssl libcrypto' ) > openssl.pc
|
||||
|
||||
Makefile: Makefile.org Configure config
|
||||
@echo "Makefile is older than Makefile.org, Configure or config."
|
||||
@echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
|
||||
@false
|
||||
|
||||
libclean:
|
||||
rm -f *.map *.so *.so.* *.dylib *.dll engines/*.so engines/*.dll engines/*.dylib *.a engines/*.a */lib */*/lib
|
||||
|
||||
clean: libclean
|
||||
rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c
|
||||
@set -e; target=clean; $(RECURSIVE_BUILD_CMD)
|
||||
rm -f $(LIBS)
|
||||
rm -f openssl.pc libssl.pc libcrypto.pc
|
||||
rm -f speed.* .pure
|
||||
rm -f $(TARFILE)
|
||||
@set -e; for i in $(ONEDIRS) ;\
|
||||
do \
|
||||
rm -fr $$i/*; \
|
||||
done
|
||||
|
||||
distclean: clean
|
||||
-$(RM) `find . -name .git -prune -o -type l -print`
|
||||
$(RM) apps/CA.pl
|
||||
$(RM) test/evptests.txt test/newkey.pem test/testkey.pem test/testreq.pem
|
||||
$(RM) tools/c_rehash
|
||||
$(RM) crypto/opensslconf.h
|
||||
$(RM) Makefile Makefile.bak
|
||||
|
||||
makefile.one: files
|
||||
$(PERL) util/mk1mf.pl >makefile.one; \
|
||||
sh util/do_ms.sh
|
||||
|
||||
files:
|
||||
$(PERL) $(TOP)/util/files.pl Makefile > $(TOP)/MINFO
|
||||
@set -e; target=files; $(RECURSIVE_BUILD_CMD)
|
||||
|
||||
links:
|
||||
@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
|
||||
@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
|
||||
@set -e; target=links; $(RECURSIVE_BUILD_CMD)
|
||||
|
||||
gentests:
|
||||
@(cd test && echo "generating dummy tests (if needed)..." && \
|
||||
$(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on generate );
|
||||
|
||||
dclean:
|
||||
rm -rf *.bak include/openssl certs/.0
|
||||
@set -e; target=dclean; $(RECURSIVE_BUILD_CMD)
|
||||
|
||||
rehash: rehash.time
|
||||
rehash.time: certs apps
|
||||
@if [ -z "$(CROSS_COMPILE)" ]; then \
|
||||
(OPENSSL="`pwd`/util/opensslwrap.sh"; \
|
||||
[ -x "apps/openssl.exe" ] && OPENSSL="apps/openssl.exe" || :; \
|
||||
OPENSSL_DEBUG_MEMORY=on; \
|
||||
export OPENSSL OPENSSL_DEBUG_MEMORY; \
|
||||
$(PERL) tools/c_rehash certs/demo) && \
|
||||
touch rehash.time; \
|
||||
else :; fi
|
||||
|
||||
test: tests
|
||||
|
||||
tests: rehash
|
||||
@(cd test && echo "testing..." && \
|
||||
$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf tests );
|
||||
OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a
|
||||
|
||||
report:
|
||||
@$(PERL) util/selftest.pl
|
||||
|
||||
update: errors stacks util/libeay.num util/ssleay.num TABLE
|
||||
@set -e; target=update; $(RECURSIVE_BUILD_CMD)
|
||||
|
||||
depend:
|
||||
@set -e; target=depend; $(RECURSIVE_BUILD_CMD)
|
||||
|
||||
lint:
|
||||
@set -e; target=lint; $(RECURSIVE_BUILD_CMD)
|
||||
|
||||
tags:
|
||||
rm -f TAGS
|
||||
find . -name '[^.]*.[ch]' | xargs etags -a
|
||||
|
||||
errors:
|
||||
$(PERL) util/ck_errf.pl -strict */*.c */*/*.c
|
||||
$(PERL) util/mkerr.pl -recurse -write
|
||||
(cd engines; $(MAKE) PERL=$(PERL) errors)
|
||||
|
||||
stacks:
|
||||
$(PERL) util/mkstack.pl -write
|
||||
|
||||
util/libeay.num::
|
||||
$(PERL) util/mkdef.pl crypto update
|
||||
|
||||
util/ssleay.num::
|
||||
$(PERL) util/mkdef.pl ssl update
|
||||
|
||||
TABLE: Configure
|
||||
(echo 'Output of `Configure TABLE'"':"; \
|
||||
$(PERL) Configure TABLE) > TABLE
|
||||
|
||||
# Build distribution tar-file. As the list of files returned by "find" is
|
||||
# pretty long, on several platforms a "too many arguments" error or similar
|
||||
# would occur. Therefore the list of files is temporarily stored into a file
|
||||
# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
|
||||
# tar does not support the --files-from option.
|
||||
TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \
|
||||
--owner 0 --group 0 \
|
||||
--transform 's|^|$(NAME)/|' \
|
||||
-cvf -
|
||||
|
||||
$(TARFILE).list:
|
||||
find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \
|
||||
\! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \
|
||||
\( \! -name '*test' -o -name bctest -o -name pod2mantest \) \
|
||||
\! -name '.#*' \! -name '*~' \! -type l \
|
||||
| sort > $(TARFILE).list
|
||||
|
||||
tar: $(TARFILE).list
|
||||
find . -type d -print | xargs chmod 755
|
||||
find . -type f -print | xargs chmod a+r
|
||||
find . -type f -perm -0100 -print | xargs chmod a+x
|
||||
$(TAR_COMMAND) | gzip --best > $(TARFILE).gz
|
||||
rm -f $(TARFILE).list
|
||||
ls -l $(TARFILE).gz
|
||||
|
||||
tar-snap: $(TARFILE).list
|
||||
$(TAR_COMMAND) > $(TARFILE)
|
||||
rm -f $(TARFILE).list
|
||||
ls -l $(TARFILE)
|
||||
|
||||
dist:
|
||||
$(PERL) Configure dist
|
||||
@$(MAKE) SDIRS='$(SDIRS)' clean
|
||||
@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
|
||||
|
||||
install: all install_docs install_sw
|
||||
|
||||
install_sw:
|
||||
@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
|
||||
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
|
||||
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
|
||||
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \
|
||||
$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
|
||||
$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
|
||||
$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
|
||||
$(INSTALL_PREFIX)$(OPENSSLDIR)/private
|
||||
@set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
|
||||
do \
|
||||
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
|
||||
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
|
||||
done;
|
||||
@set -e; target=install; $(RECURSIVE_BUILD_CMD)
|
||||
@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
|
||||
do \
|
||||
if [ -f "$$i" ]; then \
|
||||
( echo installing $$i; \
|
||||
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
|
||||
$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
|
||||
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
|
||||
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \
|
||||
fi; \
|
||||
done;
|
||||
@set -e; if [ -n "$(SHARED_LIBS)" ]; then \
|
||||
tmp="$(SHARED_LIBS)"; \
|
||||
for i in $${tmp:-x}; \
|
||||
do \
|
||||
if [ -f "$$i" -o -f "$$i.a" ]; then \
|
||||
( echo installing $$i; \
|
||||
if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
|
||||
c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
|
||||
cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
|
||||
chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
|
||||
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
|
||||
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
|
||||
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
|
||||
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
|
||||
else \
|
||||
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
|
||||
chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
|
||||
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
|
||||
fi ); \
|
||||
if expr $(PLATFORM) : 'mingw' > /dev/null; then \
|
||||
( case $$i in \
|
||||
*crypto*) i=libeay32.dll;; \
|
||||
*ssl*) i=ssleay32.dll;; \
|
||||
esac; \
|
||||
echo installing $$i; \
|
||||
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
|
||||
chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
|
||||
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
|
||||
fi; \
|
||||
fi; \
|
||||
done; \
|
||||
( here="`pwd`"; \
|
||||
cd $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR); \
|
||||
$(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \
|
||||
if [ "$(INSTALLTOP)" != "/usr" ]; then \
|
||||
echo 'OpenSSL shared libraries have been installed in:'; \
|
||||
echo ' $(INSTALLTOP)'; \
|
||||
echo ''; \
|
||||
sed -e '1,/^$$/d' doc/openssl-shared.txt; \
|
||||
fi; \
|
||||
fi
|
||||
cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
|
||||
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc
|
||||
cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
|
||||
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc
|
||||
cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
|
||||
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc
|
||||
|
||||
install_html_docs:
|
||||
here="`pwd`"; \
|
||||
filecase=; \
|
||||
case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*|darwin*-*-cc) \
|
||||
filecase=-i; \
|
||||
esac; \
|
||||
for subdir in apps crypto ssl; do \
|
||||
mkdir -p $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \
|
||||
for i in doc/$$subdir/*.pod; do \
|
||||
fn=`basename $$i .pod`; \
|
||||
echo "installing html/$$fn.$(HTMLSUFFIX)"; \
|
||||
cat $$i \
|
||||
| sed -r 's/L<([^)]*)(\([0-9]\))?\|([^)]*)(\([0-9]\))?>/L<\1|\3>/g' \
|
||||
| pod2html --podroot=doc --htmlroot=.. --podpath=apps:crypto:ssl \
|
||||
| sed -r 's/<!DOCTYPE.*//g' \
|
||||
> $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir/$$fn.$(HTMLSUFFIX); \
|
||||
$(PERL) util/extract-names.pl < $$i | \
|
||||
grep -v $$filecase "^$$fn\$$" | \
|
||||
(cd $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \
|
||||
while read n; do \
|
||||
PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$(HTMLSUFFIX) "$$n".$(HTMLSUFFIX); \
|
||||
done); \
|
||||
done; \
|
||||
done
|
||||
|
||||
install_docs:
|
||||
@$(PERL) $(TOP)/util/mkdir-p.pl \
|
||||
$(INSTALL_PREFIX)$(MANDIR)/man1 \
|
||||
$(INSTALL_PREFIX)$(MANDIR)/man3 \
|
||||
$(INSTALL_PREFIX)$(MANDIR)/man5 \
|
||||
$(INSTALL_PREFIX)$(MANDIR)/man7
|
||||
@pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
|
||||
here="`pwd`"; \
|
||||
filecase=; \
|
||||
case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*|darwin*-*-cc) \
|
||||
filecase=-i; \
|
||||
esac; \
|
||||
set -e; for i in doc/apps/*.pod; do \
|
||||
fn=`basename $$i .pod`; \
|
||||
sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
|
||||
echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
|
||||
(cd `$(PERL) util/dirname.pl $$i`; \
|
||||
sh -c "$$pod2man \
|
||||
--section=$$sec --center=OpenSSL \
|
||||
--release=$(VERSION) `basename $$i`") \
|
||||
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
|
||||
$(PERL) util/extract-names.pl < $$i | \
|
||||
(grep -v $$filecase "^$$fn\$$"; true) | \
|
||||
(grep -v "[ ]"; true) | \
|
||||
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
|
||||
while read n; do \
|
||||
PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
|
||||
done); \
|
||||
done; \
|
||||
set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \
|
||||
fn=`basename $$i .pod`; \
|
||||
sec=`$(PERL) util/extract-section.pl 3 < $$i`; \
|
||||
echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
|
||||
(cd `$(PERL) util/dirname.pl $$i`; \
|
||||
sh -c "$$pod2man \
|
||||
--section=$$sec --center=OpenSSL \
|
||||
--release=$(VERSION) `basename $$i`") \
|
||||
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
|
||||
$(PERL) util/extract-names.pl < $$i | \
|
||||
(grep -v $$filecase "^$$fn\$$"; true) | \
|
||||
(grep -v "[ ]"; true) | \
|
||||
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
|
||||
while read n; do \
|
||||
PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
|
||||
done); \
|
||||
done
|
||||
|
||||
# DO NOT DELETE THIS LINE -- make depend depends on it.
|
|
@ -0,0 +1,655 @@
|
|||
#
|
||||
# Helper makefile to link shared libraries in a portable way.
|
||||
# This is much simpler than libtool, and hopefully not too error-prone.
|
||||
#
|
||||
# The following variables need to be set on the command line to build
|
||||
# properly
|
||||
|
||||
# CC contains the current compiler. This one MUST be defined
|
||||
CC=cc
|
||||
CFLAGS=$(CFLAG)
|
||||
# LDFLAGS contains flags to be used when temporary object files (when building
|
||||
# shared libraries) are created, or when an application is linked.
|
||||
# SHARED_LDFLAGS contains flags to be used when the shared library is created.
|
||||
LDFLAGS=
|
||||
SHARED_LDFLAGS=
|
||||
|
||||
NM=nm
|
||||
|
||||
# LIBNAME contains just the name of the library, without prefix ("lib"
|
||||
# on Unix, "cyg" for certain forms under Cygwin...) or suffix (.a, .so,
|
||||
# .dll, ...). This one MUST have a value when using this makefile to
|
||||
# build shared libraries.
|
||||
# For example, to build libfoo.so, you need to do the following:
|
||||
#LIBNAME=foo
|
||||
LIBNAME=
|
||||
|
||||
# APPNAME contains just the name of the application, without suffix (""
|
||||
# on Unix, ".exe" on Windows, ...). This one MUST have a value when using
|
||||
# this makefile to build applications.
|
||||
# For example, to build foo, you need to do the following:
|
||||
#APPNAME=foo
|
||||
APPNAME=
|
||||
|
||||
# OBJECTS contains all the object files to link together into the application.
|
||||
# This must contain at least one object file.
|
||||
#OBJECTS=foo.o
|
||||
OBJECTS=
|
||||
|
||||
# LIBEXTRAS contains extra modules to link together with the library.
|
||||
# For example, if a second library, say libbar.a needs to be linked into
|
||||
# libfoo.so, you need to do the following:
|
||||
#LIBEXTRAS=libbar.a
|
||||
# Note that this MUST be used when using the link_o targets, to hold the
|
||||
# names of all object files that go into the target library.
|
||||
LIBEXTRAS=
|
||||
|
||||
# LIBVERSION contains the current version of the library.
|
||||
# For example, to build libfoo.so.1.2, you need to do the following:
|
||||
#LIBVERSION=1.2
|
||||
LIBVERSION=
|
||||
|
||||
# LIBCOMPATVERSIONS contains the compatibility versions (a list) of
|
||||
# the library. They MUST be in decreasing order.
|
||||
# For example, if libfoo.so.1.2.1 is backward compatible with libfoo.so.1.2
|
||||
# and libfoo.so.1, you need to do the following:
|
||||
#LIBCOMPATVERSIONS=1.2 1
|
||||
# Note that on systems that use sonames, the last number will appear as
|
||||
# part of it.
|
||||
# It's also possible, for systems that support it (Tru64, for example),
|
||||
# to add extra compatibility info with more precision, by adding a second
|
||||
# list of versions, separated from the first with a semicolon, like this:
|
||||
#LIBCOMPATVERSIONS=1.2 1;1.2.0 1.1.2 1.1.1 1.1.0 1.0.0
|
||||
LIBCOMPATVERSIONS=
|
||||
|
||||
# LIBDEPS contains all the flags necessary to cover all necessary
|
||||
# dependencies to other libraries.
|
||||
LIBDEPS=
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# The rest is private to this makefile.
|
||||
|
||||
SET_X=:
|
||||
#SET_X=set -x
|
||||
|
||||
top:
|
||||
echo "Trying to use this makefile interactively? Don't."
|
||||
|
||||
CALC_VERSIONS= \
|
||||
SHLIB_COMPAT=; SHLIB_SOVER=; \
|
||||
if [ -n "$(LIBVERSION)$(LIBCOMPATVERSIONS)" ]; then \
|
||||
prev=""; \
|
||||
for v in `echo "$(LIBVERSION) $(LIBCOMPATVERSIONS)" | cut -d';' -f1`; do \
|
||||
SHLIB_SOVER_NODOT=$$v; \
|
||||
SHLIB_SOVER=.$$v; \
|
||||
if [ -n "$$prev" ]; then \
|
||||
SHLIB_COMPAT="$$SHLIB_COMPAT .$$prev"; \
|
||||
fi; \
|
||||
prev=$$v; \
|
||||
done; \
|
||||
fi
|
||||
|
||||
LINK_APP= \
|
||||
( $(SET_X); \
|
||||
LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
|
||||
LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$${LDFLAGS:-$(CFLAGS)}"; \
|
||||
LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
|
||||
LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
|
||||
LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
|
||||
$${LDCMD} $${LDFLAGS} -o $${APPNAME:=$(APPNAME)} $(OBJECTS) $${LIBDEPS} )
|
||||
|
||||
LINK_SO= \
|
||||
( $(SET_X); \
|
||||
LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
|
||||
SHAREDCMD="$${SHAREDCMD:-$(CC)}"; \
|
||||
SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
|
||||
LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
|
||||
LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
|
||||
LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
|
||||
$${SHAREDCMD} $${SHAREDFLAGS} \
|
||||
-o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
|
||||
$$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS \
|
||||
) && $(SYMLINK_SO)
|
||||
|
||||
SYMLINK_SO= \
|
||||
if [ -n "$$INHIBIT_SYMLINKS" ]; then :; else \
|
||||
prev=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
|
||||
if [ -n "$$SHLIB_COMPAT" ]; then \
|
||||
for x in $$SHLIB_COMPAT; do \
|
||||
( $(SET_X); rm -f $$SHLIB$$x$$SHLIB_SUFFIX; \
|
||||
ln -s $$prev $$SHLIB$$x$$SHLIB_SUFFIX ); \
|
||||
prev=$$SHLIB$$x$$SHLIB_SUFFIX; \
|
||||
done; \
|
||||
fi; \
|
||||
if [ -n "$$SHLIB_SOVER" ]; then \
|
||||
( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
|
||||
ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
|
||||
fi; \
|
||||
fi
|
||||
|
||||
LINK_SO_A= SHOBJECTS="lib$(LIBNAME).a $(LIBEXTRAS)"; $(LINK_SO)
|
||||
LINK_SO_O= SHOBJECTS="$(LIBEXTRAS)"; $(LINK_SO)
|
||||
|
||||
LINK_SO_A_VIA_O= \
|
||||
SHOBJECTS=lib$(LIBNAME).o; \
|
||||
ALL=$$ALLSYMSFLAGS; ALLSYMSFLAGS=; NOALLSYMSFLAGS=; \
|
||||
( $(SET_X); \
|
||||
ld $(LDFLAGS) -r -o lib$(LIBNAME).o $$ALL lib$(LIBNAME).a $(LIBEXTRAS) ); \
|
||||
$(LINK_SO) && rm -f lib$(LIBNAME).o
|
||||
|
||||
LINK_SO_A_UNPACKED= \
|
||||
UNPACKDIR=link_tmp.$$$$; rm -rf $$UNPACKDIR; mkdir $$UNPACKDIR; \
|
||||
(cd $$UNPACKDIR; ar x ../lib$(LIBNAME).a) && \
|
||||
([ -z "$(LIBEXTRAS)" ] || cp $(LIBEXTRAS) $$UNPACKDIR) && \
|
||||
SHOBJECTS=$$UNPACKDIR/*.o; \
|
||||
$(LINK_SO) && rm -rf $$UNPACKDIR
|
||||
|
||||
DETECT_GNU_LD=($(CC) -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null
|
||||
|
||||
DO_GNU_SO=$(CALC_VERSIONS); \
|
||||
SHLIB=lib$(LIBNAME).so; \
|
||||
SHLIB_SUFFIX=; \
|
||||
ALLSYMSFLAGS='-Wl,--whole-archive'; \
|
||||
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
|
||||
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
|
||||
|
||||
DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
|
||||
|
||||
#This is rather special. It's a special target with which one can link
|
||||
#applications without bothering with any features that have anything to
|
||||
#do with shared libraries, for example when linking against static
|
||||
#libraries. It's mostly here to avoid a lot of conditionals everywhere
|
||||
#else...
|
||||
link_app.:
|
||||
$(LINK_APP)
|
||||
|
||||
link_o.gnu:
|
||||
@ $(DO_GNU_SO); $(LINK_SO_O)
|
||||
link_a.gnu:
|
||||
@ $(DO_GNU_SO); $(LINK_SO_A)
|
||||
link_app.gnu:
|
||||
@ $(DO_GNU_APP); $(LINK_APP)
|
||||
|
||||
DO_BEOS_SO= SHLIB=lib$(LIBNAME).so; \
|
||||
SHLIB_SUFFIX=; \
|
||||
ALLSYMSFLAGS='-Wl,--whole-archive'; \
|
||||
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
|
||||
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SUFFIX"
|
||||
|
||||
link_o.beos:
|
||||
@ $(DO_BEOS_SO); $(LINK_SO_O)
|
||||
link_a.beos:
|
||||
@ $(DO_BEOS_SO); $(LINK_SO_A)
|
||||
|
||||
link_o.bsd:
|
||||
@if $(DETECT_GNU_LD); then $(DO_GNU_SO); else \
|
||||
$(CALC_VERSIONS); \
|
||||
SHLIB=lib$(LIBNAME).so; \
|
||||
SHLIB_SUFFIX=; \
|
||||
LIBDEPS=" "; \
|
||||
ALLSYMSFLAGS="-Wl,-Bforcearchive"; \
|
||||
NOALLSYMSFLAGS=; \
|
||||
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -nostdlib"; \
|
||||
fi; $(LINK_SO_O)
|
||||
link_a.bsd:
|
||||
@if $(DETECT_GNU_LD); then $(DO_GNU_SO); else \
|
||||
$(CALC_VERSIONS); \
|
||||
SHLIB=lib$(LIBNAME).so; \
|
||||
SHLIB_SUFFIX=; \
|
||||
LIBDEPS=" "; \
|
||||
ALLSYMSFLAGS="-Wl,-Bforcearchive"; \
|
||||
NOALLSYMSFLAGS=; \
|
||||
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -nostdlib"; \
|
||||
fi; $(LINK_SO_A)
|
||||
link_app.bsd:
|
||||
@if $(DETECT_GNU_LD); then $(DO_GNU_APP); else \
|
||||
LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBPATH)"; \
|
||||
fi; $(LINK_APP)
|
||||
|
||||
# For Darwin AKA Mac OS/X (dyld)
|
||||
# Originally link_o.darwin produced .so, because it was hard-coded
|
||||
# in dso_dlfcn module. At later point dso_dlfcn switched to .dylib
|
||||
# extension in order to allow for run-time linking with vendor-
|
||||
# supplied shared libraries such as libz, so that link_o.darwin had
|
||||
# to be harmonized with it. This caused minor controversy, because
|
||||
# it was believed that dlopen can't be used to dynamically load
|
||||
# .dylib-s, only so called bundle modules (ones linked with -bundle
|
||||
# flag). The belief seems to be originating from pre-10.4 release,
|
||||
# where dlfcn functionality was emulated by dlcompat add-on. In
|
||||
# 10.4 dlopen was rewritten as native part of dyld and is documented
|
||||
# to be capable of loading both dynamic libraries and bundles. In
|
||||
# order to provide compatibility with pre-10.4 dlopen, modules are
|
||||
# linked with -bundle flag, which makes .dylib extension misleading.
|
||||
# It works, because dlopen is [and always was] extension-agnostic.
|
||||
# Alternative to this heuristic approach is to develop specific
|
||||
# MacOS X dso module relying on whichever "native" dyld interface.
|
||||
link_o.darwin:
|
||||
@ $(CALC_VERSIONS); \
|
||||
SHLIB=lib$(LIBNAME); \
|
||||
SHLIB_SUFFIX=.dylib; \
|
||||
ALLSYMSFLAGS='-all_load'; \
|
||||
NOALLSYMSFLAGS=''; \
|
||||
SHAREDFLAGS="$(CFLAGS) `echo $(SHARED_LDFLAGS) | sed s/dynamiclib/bundle/`"; \
|
||||
if [ -n "$(LIBVERSION)" ]; then \
|
||||
SHAREDFLAGS="$$SHAREDFLAGS -current_version $(LIBVERSION)"; \
|
||||
fi; \
|
||||
if [ -n "$$SHLIB_SOVER_NODOT" ]; then \
|
||||
SHAREDFLAGS="$$SHAREDFLAGS -compatibility_version $$SHLIB_SOVER_NODOT"; \
|
||||
fi; \
|
||||
$(LINK_SO_O)
|
||||
link_a.darwin:
|
||||
@ $(CALC_VERSIONS); \
|
||||
SHLIB=lib$(LIBNAME); \
|
||||
SHLIB_SUFFIX=.dylib; \
|
||||
ALLSYMSFLAGS='-all_load'; \
|
||||
NOALLSYMSFLAGS=''; \
|
||||
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS)"; \
|
||||
if [ -n "$(LIBVERSION)" ]; then \
|
||||
SHAREDFLAGS="$$SHAREDFLAGS -current_version $(LIBVERSION)"; \
|
||||
fi; \
|
||||
if [ -n "$$SHLIB_SOVER_NODOT" ]; then \
|
||||
SHAREDFLAGS="$$SHAREDFLAGS -compatibility_version $$SHLIB_SOVER_NODOT"; \
|
||||
fi; \
|
||||
SHAREDFLAGS="$$SHAREDFLAGS -install_name $(INSTALLTOP)/$(LIBDIR)/$$SHLIB$(SHLIB_EXT)"; \
|
||||
$(LINK_SO_A)
|
||||
link_app.darwin: # is there run-path on darwin?
|
||||
$(LINK_APP)
|
||||
|
||||
link_o.cygwin:
|
||||
@ $(CALC_VERSIONS); \
|
||||
INHIBIT_SYMLINKS=yes; \
|
||||
SHLIB=cyg$(LIBNAME); \
|
||||
base=-Wl,--enable-auto-image-base; \
|
||||
deffile=; \
|
||||
if expr $(PLATFORM) : 'mingw' > /dev/null; then \
|
||||
SHLIB=$(LIBNAME)eay32; base=; \
|
||||
if test -f $(LIBNAME)eay32.def; then \
|
||||
deffile=$(LIBNAME)eay32.def; \
|
||||
fi; \
|
||||
fi; \
|
||||
SHLIB_SUFFIX=.dll; \
|
||||
LIBVERSION="$(LIBVERSION)"; \
|
||||
SHLIB_SOVER=${LIBVERSION:+"-$(LIBVERSION)"}; \
|
||||
ALLSYMSFLAGS='-Wl,--whole-archive'; \
|
||||
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
|
||||
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base $$deffile -Wl,-Bsymbolic"; \
|
||||
$(LINK_SO_O)
|
||||
#for mingw target if def-file is in use dll-name should match library-name
|
||||
link_a.cygwin:
|
||||
@ $(CALC_VERSIONS); \
|
||||
INHIBIT_SYMLINKS=yes; \
|
||||
SHLIB=cyg$(LIBNAME); SHLIB_SOVER=-$(LIBVERSION); SHLIB_SUFFIX=.dll; \
|
||||
dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; extras=; \
|
||||
base=-Wl,--enable-auto-image-base; \
|
||||
if expr $(PLATFORM) : 'mingw' > /dev/null; then \
|
||||
case $(LIBNAME) in \
|
||||
crypto) SHLIB=libeay;; \
|
||||
ssl) SHLIB=ssleay;; \
|
||||
esac; \
|
||||
SHLIB_SOVER=32; \
|
||||
extras="$(LIBNAME).def"; \
|
||||
$(PERL) util/mkdef.pl 32 $$SHLIB > $$extras; \
|
||||
base=; [ $(LIBNAME) = "crypto" -a -n "$(FIPSCANLIB)" ] && base=-Wl,--image-base,0x63000000; \
|
||||
fi; \
|
||||
dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
|
||||
$(PERL) util/mkrc.pl $$dll_name | \
|
||||
$(RC) -o rc.o; \
|
||||
extras="$$extras rc.o"; \
|
||||
ALLSYMSFLAGS='-Wl,--whole-archive'; \
|
||||
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
|
||||
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a $$extras"; \
|
||||
[ -f apps/$$dll_name ] && rm apps/$$dll_name; \
|
||||
[ -f test/$$dll_name ] && rm test/$$dll_name; \
|
||||
$(LINK_SO_A) || exit 1; \
|
||||
rm $$extras; \
|
||||
cp -p $$dll_name apps/; \
|
||||
cp -p $$dll_name test/
|
||||
link_app.cygwin:
|
||||
@if expr "$(CFLAGS)" : '.*OPENSSL_USE_APPLINK' > /dev/null; then \
|
||||
LIBDEPS="$(TOP)/crypto/applink.o $${LIBDEPS:-$(LIBDEPS)}"; \
|
||||
export LIBDEPS; \
|
||||
fi; \
|
||||
$(LINK_APP)
|
||||
|
||||
link_o.alpha-osf1:
|
||||
@ if $(DETECT_GNU_LD); then \
|
||||
$(DO_GNU_SO); \
|
||||
else \
|
||||
SHLIB=lib$(LIBNAME).so; \
|
||||
SHLIB_SUFFIX=; \
|
||||
SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
|
||||
if [ -n "$$SHLIB_HIST" ]; then \
|
||||
SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
|
||||
else \
|
||||
SHLIB_HIST="$(LIBVERSION)"; \
|
||||
fi; \
|
||||
SHLIB_SOVER=; \
|
||||
ALLSYMSFLAGS='-all'; \
|
||||
NOALLSYMSFLAGS='-none'; \
|
||||
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic"; \
|
||||
if [ -n "$$SHLIB_HIST" ]; then \
|
||||
SHAREDFLAGS="$$SHAREDFLAGS -set_version $$SHLIB_HIST"; \
|
||||
fi; \
|
||||
fi; \
|
||||
$(LINK_SO_O)
|
||||
link_a.alpha-osf1:
|
||||
@ if $(DETECT_GNU_LD); then \
|
||||
$(DO_GNU_SO); \
|
||||
else \
|
||||
SHLIB=lib$(LIBNAME).so; \
|
||||
SHLIB_SUFFIX=; \
|
||||
SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
|
||||
if [ -n "$$SHLIB_HIST" ]; then \
|
||||
SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
|
||||
else \
|
||||
SHLIB_HIST="$(LIBVERSION)"; \
|
||||
fi; \
|
||||
SHLIB_SOVER=; \
|
||||
ALLSYMSFLAGS='-all'; \
|
||||
NOALLSYMSFLAGS='-none'; \
|
||||
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic"; \
|
||||
if [ -n "$$SHLIB_HIST" ]; then \
|
||||
SHAREDFLAGS="$$SHAREDFLAGS -set_version $$SHLIB_HIST"; \
|
||||
fi; \
|
||||
fi; \
|
||||
$(LINK_SO_A)
|
||||
link_app.alpha-osf1:
|
||||
@if $(DETECT_GNU_LD); then \
|
||||
$(DO_GNU_APP); \
|
||||
else \
|
||||
LDFLAGS="$(CFLAGS) -rpath $(LIBRPATH)"; \
|
||||
fi; \
|
||||
$(LINK_APP)
|
||||
|
||||
link_o.solaris:
|
||||
@ if $(DETECT_GNU_LD); then \
|
||||
$(DO_GNU_SO); \
|
||||
else \
|
||||
$(CALC_VERSIONS); \
|
||||
MINUSZ='-z '; \
|
||||
($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
|
||||
SHLIB=lib$(LIBNAME).so; \
|
||||
SHLIB_SUFFIX=; \
|
||||
ALLSYMSFLAGS="$${MINUSZ}allextract"; \
|
||||
NOALLSYMSFLAGS="$${MINUSZ}defaultextract"; \
|
||||
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-Bsymbolic"; \
|
||||
fi; \
|
||||
$(LINK_SO_O)
|
||||
link_a.solaris:
|
||||
@ if $(DETECT_GNU_LD); then \
|
||||
$(DO_GNU_SO); \
|
||||
else \
|
||||
$(CALC_VERSIONS); \
|
||||
MINUSZ='-z '; \
|
||||
($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
|
||||
SHLIB=lib$(LIBNAME).so; \
|
||||
SHLIB_SUFFIX=;\
|
||||
ALLSYMSFLAGS="$${MINUSZ}allextract"; \
|
||||
NOALLSYMSFLAGS="$${MINUSZ}defaultextract"; \
|
||||
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-Bsymbolic"; \
|
||||
fi; \
|
||||
$(LINK_SO_A)
|
||||
link_app.solaris:
|
||||
@ if $(DETECT_GNU_LD); then \
|
||||
$(DO_GNU_APP); \
|
||||
else \
|
||||
LDFLAGS="$(CFLAGS) -R $(LIBRPATH)"; \
|
||||
fi; \
|
||||
$(LINK_APP)
|
||||
|
||||
# OpenServer 5 native compilers used
|
||||
link_o.svr3:
|
||||
@ if $(DETECT_GNU_LD); then \
|
||||
$(DO_GNU_SO); \
|
||||
else \
|
||||
$(CALC_VERSIONS); \
|
||||
SHLIB=lib$(LIBNAME).so; \
|
||||
SHLIB_SUFFIX=; \
|
||||
ALLSYMSFLAGS=''; \
|
||||
NOALLSYMSFLAGS=''; \
|
||||
SHAREDFLAGS="$(CFLAGS) -G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
|
||||
fi; \
|
||||
$(LINK_SO_O)
|
||||
link_a.svr3:
|
||||
@ if $(DETECT_GNU_LD); then \
|
||||
$(DO_GNU_SO); \
|
||||
else \
|
||||
$(CALC_VERSIONS); \
|
||||
SHLIB=lib$(LIBNAME).so; \
|
||||
SHLIB_SUFFIX=; \
|
||||
ALLSYMSFLAGS=''; \
|
||||
NOALLSYMSFLAGS=''; \
|
||||
SHAREDFLAGS="$(CFLAGS) -G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
|
||||
fi; \
|
||||
$(LINK_SO_A_UNPACKED)
|
||||
link_app.svr3:
|
||||
@$(DETECT_GNU_LD) && $(DO_GNU_APP); \
|
||||
$(LINK_APP)
|
||||
|
||||
# UnixWare 7 and OpenUNIX 8 native compilers used
|
||||
link_o.svr5:
|
||||
@ if $(DETECT_GNU_LD); then \
|
||||
$(DO_GNU_SO); \
|
||||
else \
|
||||
$(CALC_VERSIONS); \
|
||||
SHARE_FLAG='-G'; \
|
||||
($(CC) -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
|
||||
SHLIB=lib$(LIBNAME).so; \
|
||||
SHLIB_SUFFIX=; \
|
||||
ALLSYMSFLAGS=''; \
|
||||
NOALLSYMSFLAGS=''; \
|
||||
SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
|
||||
fi; \
|
||||
$(LINK_SO_O)
|
||||
link_a.svr5:
|
||||
@ if $(DETECT_GNU_LD); then \
|
||||
$(DO_GNU_SO); \
|
||||
else \
|
||||
$(CALC_VERSIONS); \
|
||||
SHARE_FLAG='-G'; \
|
||||
($(CC) -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
|
||||
SHLIB=lib$(LIBNAME).so; \
|
||||
SHLIB_SUFFIX=; \
|
||||
ALLSYMSFLAGS=''; \
|
||||
NOALLSYMSFLAGS=''; \
|
||||
SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
|
||||
fi; \
|
||||
$(LINK_SO_A_UNPACKED)
|
||||
link_app.svr5:
|
||||
@$(DETECT_GNU_LD) && $(DO_GNU_APP); \
|
||||
$(LINK_APP)
|
||||
|
||||
link_o.irix:
|
||||
@ if $(DETECT_GNU_LD); then \
|
||||
$(DO_GNU_SO); \
|
||||
else \
|
||||
$(CALC_VERSIONS); \
|
||||
SHLIB=lib$(LIBNAME).so; \
|
||||
SHLIB_SUFFIX=; \
|
||||
MINUSWL=""; \
|
||||
($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSWL="-Wl,"; \
|
||||
ALLSYMSFLAGS="$${MINUSWL}-all"; \
|
||||
NOALLSYMSFLAGS="$${MINUSWL}-none"; \
|
||||
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,-B,symbolic"; \
|
||||
fi; \
|
||||
$(LINK_SO_O)
|
||||
link_a.irix:
|
||||
@ if $(DETECT_GNU_LD); then \
|
||||
$(DO_GNU_SO); \
|
||||
else \
|
||||
$(CALC_VERSIONS); \
|
||||
SHLIB=lib$(LIBNAME).so; \
|
||||
SHLIB_SUFFIX=; \
|
||||
MINUSWL=""; \
|
||||
($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSWL="-Wl,"; \
|
||||
ALLSYMSFLAGS="$${MINUSWL}-all"; \
|
||||
NOALLSYMSFLAGS="$${MINUSWL}-none"; \
|
||||
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,-B,symbolic"; \
|
||||
fi; \
|
||||
$(LINK_SO_A)
|
||||
link_app.irix:
|
||||
@LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"; \
|
||||
$(LINK_APP)
|
||||
|
||||
# 32-bit PA-RISC HP-UX embeds the -L pathname of libs we link with, so
|
||||
# we compensate for it with +cdp ../: and +cdp ./:. Yes, these rewrite
|
||||
# rules imply that we can only link one level down in catalog structure,
|
||||
# but that's what takes place for the moment of this writing. +cdp option
|
||||
# was introduced in HP-UX 11.x and applies in 32-bit PA-RISC link
|
||||
# editor context only [it's simply ignored in other cases, which are all
|
||||
# ELFs by the way].
|
||||
#
|
||||
link_o.hpux:
|
||||
@if $(DETECT_GNU_LD); then $(DO_GNU_SO); else \
|
||||
$(CALC_VERSIONS); \
|
||||
SHLIB=lib$(LIBNAME).sl; \
|
||||
expr "$(CFLAGS)" : '.*DSO_DLFCN' > /dev/null && SHLIB=lib$(LIBNAME).so; \
|
||||
SHLIB_SUFFIX=; \
|
||||
ALLSYMSFLAGS='-Wl,-Fl'; \
|
||||
NOALLSYMSFLAGS=''; \
|
||||
expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
|
||||
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,+cdp,../:,+cdp,./:"; \
|
||||
fi; \
|
||||
rm -f $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX || :; \
|
||||
$(LINK_SO_O) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
|
||||
link_a.hpux:
|
||||
@if $(DETECT_GNU_LD); then $(DO_GNU_SO); else \
|
||||
$(CALC_VERSIONS); \
|
||||
SHLIB=lib$(LIBNAME).sl; \
|
||||
expr $(PLATFORM) : '.*ia64' > /dev/null && SHLIB=lib$(LIBNAME).so; \
|
||||
SHLIB_SUFFIX=; \
|
||||
ALLSYMSFLAGS='-Wl,-Fl'; \
|
||||
NOALLSYMSFLAGS=''; \
|
||||
expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
|
||||
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,+cdp,../:,+cdp,./:"; \
|
||||
fi; \
|
||||
rm -f $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX || :; \
|
||||
$(LINK_SO_A) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
|
||||
link_app.hpux:
|
||||
@if $(DETECT_GNU_LD); then $(DO_GNU_APP); else \
|
||||
LDFLAGS="$(CFLAGS) -Wl,+s,+cdp,../:,+cdp,./:,+b,$(LIBRPATH)"; \
|
||||
fi; \
|
||||
$(LINK_APP)
|
||||
|
||||
link_o.aix:
|
||||
@ $(CALC_VERSIONS); \
|
||||
OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || :; \
|
||||
OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
|
||||
SHLIB=lib$(LIBNAME).so; \
|
||||
SHLIB_SUFFIX=; \
|
||||
ALLSYMSFLAGS=''; \
|
||||
NOALLSYMSFLAGS=''; \
|
||||
SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \
|
||||
$(LINK_SO_O);
|
||||
link_a.aix:
|
||||
@ $(CALC_VERSIONS); \
|
||||
OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || : ; \
|
||||
OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
|
||||
SHLIB=lib$(LIBNAME).so; \
|
||||
SHLIB_SUFFIX=; \
|
||||
ALLSYMSFLAGS='-bnogc'; \
|
||||
NOALLSYMSFLAGS=''; \
|
||||
SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \
|
||||
$(LINK_SO_A_VIA_O)
|
||||
link_app.aix:
|
||||
LDFLAGS="$(CFLAGS) -Wl,-brtl,-blibpath:$(LIBRPATH):$${LIBPATH:-/usr/lib:/lib}"; \
|
||||
$(LINK_APP)
|
||||
|
||||
link_o.reliantunix:
|
||||
@ $(CALC_VERSIONS); \
|
||||
SHLIB=lib$(LIBNAME).so; \
|
||||
SHLIB_SUFFIX=; \
|
||||
ALLSYMSFLAGS=; \
|
||||
NOALLSYMSFLAGS=''; \
|
||||
SHAREDFLAGS='$(CFLAGS) -G'; \
|
||||
$(LINK_SO_O)
|
||||
link_a.reliantunix:
|
||||
@ $(CALC_VERSIONS); \
|
||||
SHLIB=lib$(LIBNAME).so; \
|
||||
SHLIB_SUFFIX=; \
|
||||
ALLSYMSFLAGS=; \
|
||||
NOALLSYMSFLAGS=''; \
|
||||
SHAREDFLAGS='$(CFLAGS) -G'; \
|
||||
$(LINK_SO_A_UNPACKED)
|
||||
link_app.reliantunix:
|
||||
$(LINK_APP)
|
||||
|
||||
# Targets to build symbolic links when needed
|
||||
symlink.gnu symlink.solaris symlink.svr3 symlink.svr5 symlink.irix \
|
||||
symlink.aix symlink.reliantunix:
|
||||
@ $(CALC_VERSIONS); \
|
||||
SHLIB=lib$(LIBNAME).so; \
|
||||
$(SYMLINK_SO)
|
||||
symlink.darwin:
|
||||
@ $(CALC_VERSIONS); \
|
||||
SHLIB=lib$(LIBNAME); \
|
||||
SHLIB_SUFFIX=.dylib; \
|
||||
$(SYMLINK_SO)
|
||||
symlink.hpux:
|
||||
@ $(CALC_VERSIONS); \
|
||||
SHLIB=lib$(LIBNAME).sl; \
|
||||
expr $(PLATFORM) : '.*ia64' > /dev/null && SHLIB=lib$(LIBNAME).so; \
|
||||
$(SYMLINK_SO)
|
||||
# The following lines means those specific architectures do no symlinks
|
||||
symlink.cygwin symlink.alpha-osf1 symlink.tru64 symlink.tru64-rpath symlink.beos:
|
||||
|
||||
# Compatibility targets
|
||||
link_o.bsd-gcc-shared link_o.linux-shared link_o.gnu-shared: link_o.gnu
|
||||
link_a.bsd-gcc-shared link_a.linux-shared link_a.gnu-shared: link_a.gnu
|
||||
link_app.bsd-gcc-shared link_app.linux-shared link_app.gnu-shared: link_app.gnu
|
||||
symlink.bsd-gcc-shared symlink.bsd-shared symlink.linux-shared symlink.gnu-shared: symlink.gnu
|
||||
link_o.bsd-shared: link_o.bsd
|
||||
link_a.bsd-shared: link_a.bsd
|
||||
link_app.bsd-shared: link_app.bsd
|
||||
link_o.darwin-shared: link_o.darwin
|
||||
link_a.darwin-shared: link_a.darwin
|
||||
link_app.darwin-shared: link_app.darwin
|
||||
symlink.darwin-shared: symlink.darwin
|
||||
link_o.cygwin-shared: link_o.cygwin
|
||||
link_a.cygwin-shared: link_a.cygwin
|
||||
link_app.cygwin-shared: link_app.cygwin
|
||||
symlink.cygwin-shared: symlink.cygwin
|
||||
link_o.alpha-osf1-shared: link_o.alpha-osf1
|
||||
link_a.alpha-osf1-shared: link_a.alpha-osf1
|
||||
link_app.alpha-osf1-shared: link_app.alpha-osf1
|
||||
symlink.alpha-osf1-shared: symlink.alpha-osf1
|
||||
link_o.tru64-shared: link_o.tru64
|
||||
link_a.tru64-shared: link_a.tru64
|
||||
link_app.tru64-shared: link_app.tru64
|
||||
symlink.tru64-shared: symlink.tru64
|
||||
link_o.tru64-shared-rpath: link_o.tru64-rpath
|
||||
link_a.tru64-shared-rpath: link_a.tru64-rpath
|
||||
link_app.tru64-shared-rpath: link_app.tru64-rpath
|
||||
symlink.tru64-shared-rpath: symlink.tru64-rpath
|
||||
link_o.solaris-shared: link_o.solaris
|
||||
link_a.solaris-shared: link_a.solaris
|
||||
link_app.solaris-shared: link_app.solaris
|
||||
symlink.solaris-shared: symlink.solaris
|
||||
link_o.svr3-shared: link_o.svr3
|
||||
link_a.svr3-shared: link_a.svr3
|
||||
link_app.svr3-shared: link_app.svr3
|
||||
symlink.svr3-shared: symlink.svr3
|
||||
link_o.svr5-shared: link_o.svr5
|
||||
link_a.svr5-shared: link_a.svr5
|
||||
link_app.svr5-shared: link_app.svr5
|
||||
symlink.svr5-shared: symlink.svr5
|
||||
link_o.irix-shared: link_o.irix
|
||||
link_a.irix-shared: link_a.irix
|
||||
link_app.irix-shared: link_app.irix
|
||||
symlink.irix-shared: symlink.irix
|
||||
link_o.hpux-shared: link_o.hpux
|
||||
link_a.hpux-shared: link_a.hpux
|
||||
link_app.hpux-shared: link_app.hpux
|
||||
symlink.hpux-shared: symlink.hpux
|
||||
link_o.aix-shared: link_o.aix
|
||||
link_a.aix-shared: link_a.aix
|
||||
link_app.aix-shared: link_app.aix
|
||||
symlink.aix-shared: symlink.aix
|
||||
link_o.reliantunix-shared: link_o.reliantunix
|
||||
link_a.reliantunix-shared: link_a.reliantunix
|
||||
link_app.reliantunix-shared: link_app.reliantunix
|
||||
symlink.reliantunix-shared: symlink.reliantunix
|
||||
link_o.beos-shared: link_o.beos
|
||||
link_a.beos-shared: link_a.beos
|
||||
link_app.beos-shared: link_app.gnu
|
||||
symlink.beos-shared: symlink.beos
|
|
@ -0,0 +1,828 @@
|
|||
|
||||
NEWS
|
||||
====
|
||||
|
||||
This file gives a brief overview of the major changes between each OpenSSL
|
||||
release. For more details please read the CHANGES file.
|
||||
|
||||
Major changes between OpenSSL 1.0.2p and OpenSSL 1.0.2q [20 Nov 2018]
|
||||
|
||||
o Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407)
|
||||
o Timing vulnerability in DSA signature generation (CVE-2018-0734)
|
||||
|
||||
Major changes between OpenSSL 1.0.2o and OpenSSL 1.0.2p [14 Aug 2018]
|
||||
|
||||
o Client DoS due to large DH parameter (CVE-2018-0732)
|
||||
o Cache timing vulnerability in RSA Key Generation (CVE-2018-0737)
|
||||
|
||||
Major changes between OpenSSL 1.0.2n and OpenSSL 1.0.2o [27 Mar 2018]
|
||||
|
||||
o Constructed ASN.1 types with a recursive definition could exceed the
|
||||
stack (CVE-2018-0739)
|
||||
|
||||
Major changes between OpenSSL 1.0.2m and OpenSSL 1.0.2n [7 Dec 2017]
|
||||
|
||||
o Read/write after SSL object in error state (CVE-2017-3737)
|
||||
o rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)
|
||||
|
||||
Major changes between OpenSSL 1.0.2l and OpenSSL 1.0.2m [2 Nov 2017]
|
||||
|
||||
o bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
|
||||
o Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)
|
||||
|
||||
Major changes between OpenSSL 1.0.2k and OpenSSL 1.0.2l [25 May 2017]
|
||||
|
||||
o config now recognises 64-bit mingw and chooses mingw64 instead of mingw
|
||||
|
||||
Major changes between OpenSSL 1.0.2j and OpenSSL 1.0.2k [26 Jan 2017]
|
||||
|
||||
o Truncated packet could crash via OOB read (CVE-2017-3731)
|
||||
o BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)
|
||||
o Montgomery multiplication may produce incorrect results (CVE-2016-7055)
|
||||
|
||||
Major changes between OpenSSL 1.0.2i and OpenSSL 1.0.2j [26 Sep 2016]
|
||||
|
||||
o Missing CRL sanity check (CVE-2016-7052)
|
||||
|
||||
Major changes between OpenSSL 1.0.2h and OpenSSL 1.0.2i [22 Sep 2016]
|
||||
|
||||
o OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
|
||||
o SWEET32 Mitigation (CVE-2016-2183)
|
||||
o OOB write in MDC2_Update() (CVE-2016-6303)
|
||||
o Malformed SHA512 ticket DoS (CVE-2016-6302)
|
||||
o OOB write in BN_bn2dec() (CVE-2016-2182)
|
||||
o OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
|
||||
o Pointer arithmetic undefined behaviour (CVE-2016-2177)
|
||||
o Constant time flag not preserved in DSA signing (CVE-2016-2178)
|
||||
o DTLS buffered message DoS (CVE-2016-2179)
|
||||
o DTLS replay protection DoS (CVE-2016-2181)
|
||||
o Certificate message OOB reads (CVE-2016-6306)
|
||||
|
||||
Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [3 May 2016]
|
||||
|
||||
o Prevent padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
|
||||
o Fix EVP_EncodeUpdate overflow (CVE-2016-2105)
|
||||
o Fix EVP_EncryptUpdate overflow (CVE-2016-2106)
|
||||
o Prevent ASN.1 BIO excessive memory allocation (CVE-2016-2109)
|
||||
o EBCDIC overread (CVE-2016-2176)
|
||||
o Modify behavior of ALPN to invoke callback after SNI/servername
|
||||
callback, such that updates to the SSL_CTX affect ALPN.
|
||||
o Remove LOW from the DEFAULT cipher list. This removes singles DES from
|
||||
the default.
|
||||
o Only remove the SSLv2 methods with the no-ssl2-method option.
|
||||
|
||||
Major changes between OpenSSL 1.0.2f and OpenSSL 1.0.2g [1 Mar 2016]
|
||||
|
||||
o Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
|
||||
o Disable SSLv2 default build, default negotiation and weak ciphers
|
||||
(CVE-2016-0800)
|
||||
o Fix a double-free in DSA code (CVE-2016-0705)
|
||||
o Disable SRP fake user seed to address a server memory leak
|
||||
(CVE-2016-0798)
|
||||
o Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
|
||||
(CVE-2016-0797)
|
||||
o Fix memory issues in BIO_*printf functions (CVE-2016-0799)
|
||||
o Fix side channel attack on modular exponentiation (CVE-2016-0702)
|
||||
|
||||
Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [28 Jan 2016]
|
||||
|
||||
o DH small subgroups (CVE-2016-0701)
|
||||
o SSLv2 doesn't block disabled ciphers (CVE-2015-3197)
|
||||
|
||||
Major changes between OpenSSL 1.0.2d and OpenSSL 1.0.2e [3 Dec 2015]
|
||||
|
||||
o BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)
|
||||
o Certificate verify crash with missing PSS parameter (CVE-2015-3194)
|
||||
o X509_ATTRIBUTE memory leak (CVE-2015-3195)
|
||||
o Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs
|
||||
o In DSA_generate_parameters_ex, if the provided seed is too short,
|
||||
return an error
|
||||
|
||||
Major changes between OpenSSL 1.0.2c and OpenSSL 1.0.2d [9 Jul 2015]
|
||||
|
||||
o Alternate chains certificate forgery (CVE-2015-1793)
|
||||
o Race condition handling PSK identify hint (CVE-2015-3196)
|
||||
|
||||
Major changes between OpenSSL 1.0.2b and OpenSSL 1.0.2c [12 Jun 2015]
|
||||
|
||||
o Fix HMAC ABI incompatibility
|
||||
|
||||
Major changes between OpenSSL 1.0.2a and OpenSSL 1.0.2b [11 Jun 2015]
|
||||
|
||||
o Malformed ECParameters causes infinite loop (CVE-2015-1788)
|
||||
o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
|
||||
o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
|
||||
o CMS verify infinite loop with unknown hash function (CVE-2015-1792)
|
||||
o Race condition handling NewSessionTicket (CVE-2015-1791)
|
||||
|
||||
Major changes between OpenSSL 1.0.2 and OpenSSL 1.0.2a [19 Mar 2015]
|
||||
|
||||
o OpenSSL 1.0.2 ClientHello sigalgs DoS fix (CVE-2015-0291)
|
||||
o Multiblock corrupted pointer fix (CVE-2015-0290)
|
||||
o Segmentation fault in DTLSv1_listen fix (CVE-2015-0207)
|
||||
o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286)
|
||||
o Segmentation fault for invalid PSS parameters fix (CVE-2015-0208)
|
||||
o ASN.1 structure reuse memory corruption fix (CVE-2015-0287)
|
||||
o PKCS7 NULL pointer dereferences fix (CVE-2015-0289)
|
||||
o DoS via reachable assert in SSLv2 servers fix (CVE-2015-0293)
|
||||
o Empty CKE with client auth and DHE fix (CVE-2015-1787)
|
||||
o Handshake with unseeded PRNG fix (CVE-2015-0285)
|
||||
o Use After Free following d2i_ECPrivatekey error fix (CVE-2015-0209)
|
||||
o X509_to_X509_REQ NULL pointer deref fix (CVE-2015-0288)
|
||||
o Removed the export ciphers from the DEFAULT ciphers
|
||||
|
||||
Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015]:
|
||||
|
||||
o Suite B support for TLS 1.2 and DTLS 1.2
|
||||
o Support for DTLS 1.2
|
||||
o TLS automatic EC curve selection.
|
||||
o API to set TLS supported signature algorithms and curves
|
||||
o SSL_CONF configuration API.
|
||||
o TLS Brainpool support.
|
||||
o ALPN support.
|
||||
o CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH.
|
||||
|
||||
Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [15 Jan 2015]
|
||||
|
||||
o Build fixes for the Windows and OpenVMS platforms
|
||||
|
||||
Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.1k [8 Jan 2015]
|
||||
|
||||
o Fix for CVE-2014-3571
|
||||
o Fix for CVE-2015-0206
|
||||
o Fix for CVE-2014-3569
|
||||
o Fix for CVE-2014-3572
|
||||
o Fix for CVE-2015-0204
|
||||
o Fix for CVE-2015-0205
|
||||
o Fix for CVE-2014-8275
|
||||
o Fix for CVE-2014-3570
|
||||
|
||||
Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014]
|
||||
|
||||
o Fix for CVE-2014-3513
|
||||
o Fix for CVE-2014-3567
|
||||
o Mitigation for CVE-2014-3566 (SSL protocol vulnerability)
|
||||
o Fix for CVE-2014-3568
|
||||
|
||||
Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [6 Aug 2014]
|
||||
|
||||
o Fix for CVE-2014-3512
|
||||
o Fix for CVE-2014-3511
|
||||
o Fix for CVE-2014-3510
|
||||
o Fix for CVE-2014-3507
|
||||
o Fix for CVE-2014-3506
|
||||
o Fix for CVE-2014-3505
|
||||
o Fix for CVE-2014-3509
|
||||
o Fix for CVE-2014-5139
|
||||
o Fix for CVE-2014-3508
|
||||
|
||||
Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014]
|
||||
|
||||
o Fix for CVE-2014-0224
|
||||
o Fix for CVE-2014-0221
|
||||
o Fix for CVE-2014-0198
|
||||
o Fix for CVE-2014-0195
|
||||
o Fix for CVE-2014-3470
|
||||
o Fix for CVE-2010-5298
|
||||
|
||||
Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014]
|
||||
|
||||
o Fix for CVE-2014-0160
|
||||
o Add TLS padding extension workaround for broken servers.
|
||||
o Fix for CVE-2014-0076
|
||||
|
||||
Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014]
|
||||
|
||||
o Don't include gmt_unix_time in TLS server and client random values
|
||||
o Fix for TLS record tampering bug CVE-2013-4353
|
||||
o Fix for TLS version checking bug CVE-2013-6449
|
||||
o Fix for DTLS retransmission bug CVE-2013-6450
|
||||
|
||||
Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e [11 Feb 2013]:
|
||||
|
||||
o Corrected fix for CVE-2013-0169
|
||||
|
||||
Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d [4 Feb 2013]:
|
||||
|
||||
o Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version.
|
||||
o Include the fips configuration module.
|
||||
o Fix OCSP bad key DoS attack CVE-2013-0166
|
||||
o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
|
||||
o Fix for TLS AESNI record handling flaw CVE-2012-2686
|
||||
|
||||
Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c [10 May 2012]:
|
||||
|
||||
o Fix TLS/DTLS record length checking bug CVE-2012-2333
|
||||
o Don't attempt to use non-FIPS composite ciphers in FIPS mode.
|
||||
|
||||
Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b [26 Apr 2012]:
|
||||
|
||||
o Fix compilation error on non-x86 platforms.
|
||||
o Make FIPS capable OpenSSL ciphers work in non-FIPS mode.
|
||||
o Fix SSL_OP_NO_TLSv1_1 clash with SSL_OP_ALL in OpenSSL 1.0.0
|
||||
|
||||
Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a [19 Apr 2012]:
|
||||
|
||||
o Fix for ASN1 overflow bug CVE-2012-2110
|
||||
o Workarounds for some servers that hang on long client hellos.
|
||||
o Fix SEGV in AES code.
|
||||
|
||||
Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1 [14 Mar 2012]:
|
||||
|
||||
o TLS/DTLS heartbeat support.
|
||||
o SCTP support.
|
||||
o RFC 5705 TLS key material exporter.
|
||||
o RFC 5764 DTLS-SRTP negotiation.
|
||||
o Next Protocol Negotiation.
|
||||
o PSS signatures in certificates, requests and CRLs.
|
||||
o Support for password based recipient info for CMS.
|
||||
o Support TLS v1.2 and TLS v1.1.
|
||||
o Preliminary FIPS capability for unvalidated 2.0 FIPS module.
|
||||
o SRP support.
|
||||
|
||||
Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012]:
|
||||
|
||||
o Fix for CMS/PKCS#7 MMA CVE-2012-0884
|
||||
o Corrected fix for CVE-2011-4619
|
||||
o Various DTLS fixes.
|
||||
|
||||
Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g [18 Jan 2012]:
|
||||
|
||||
o Fix for DTLS DoS issue CVE-2012-0050
|
||||
|
||||
Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f [4 Jan 2012]:
|
||||
|
||||
o Fix for DTLS plaintext recovery attack CVE-2011-4108
|
||||
o Clear block padding bytes of SSL 3.0 records CVE-2011-4576
|
||||
o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619
|
||||
o Check parameters are not NULL in GOST ENGINE CVE-2012-0027
|
||||
o Check for malformed RFC3779 data CVE-2011-4577
|
||||
|
||||
Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e [6 Sep 2011]:
|
||||
|
||||
o Fix for CRL vulnerability issue CVE-2011-3207
|
||||
o Fix for ECDH crashes CVE-2011-3210
|
||||
o Protection against EC timing attacks.
|
||||
o Support ECDH ciphersuites for certificates using SHA2 algorithms.
|
||||
o Various DTLS fixes.
|
||||
|
||||
Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d [8 Feb 2011]:
|
||||
|
||||
o Fix for security issue CVE-2011-0014
|
||||
|
||||
Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c [2 Dec 2010]:
|
||||
|
||||
o Fix for security issue CVE-2010-4180
|
||||
o Fix for CVE-2010-4252
|
||||
o Fix mishandling of absent EC point format extension.
|
||||
o Fix various platform compilation issues.
|
||||
o Corrected fix for security issue CVE-2010-3864.
|
||||
|
||||
Major changes between OpenSSL 1.0.0a and OpenSSL 1.0.0b [16 Nov 2010]:
|
||||
|
||||
o Fix for security issue CVE-2010-3864.
|
||||
o Fix for CVE-2010-2939
|
||||
o Fix WIN32 build system for GOST ENGINE.
|
||||
|
||||
Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a [1 Jun 2010]:
|
||||
|
||||
o Fix for security issue CVE-2010-1633.
|
||||
o GOST MAC and CFB fixes.
|
||||
|
||||
Major changes between OpenSSL 0.9.8n and OpenSSL 1.0.0 [29 Mar 2010]:
|
||||
|
||||
o RFC3280 path validation: sufficient to process PKITS tests.
|
||||
o Integrated support for PVK files and keyblobs.
|
||||
o Change default private key format to PKCS#8.
|
||||
o CMS support: able to process all examples in RFC4134
|
||||
o Streaming ASN1 encode support for PKCS#7 and CMS.
|
||||
o Multiple signer and signer add support for PKCS#7 and CMS.
|
||||
o ASN1 printing support.
|
||||
o Whirlpool hash algorithm added.
|
||||
o RFC3161 time stamp support.
|
||||
o New generalised public key API supporting ENGINE based algorithms.
|
||||
o New generalised public key API utilities.
|
||||
o New ENGINE supporting GOST algorithms.
|
||||
o SSL/TLS GOST ciphersuite support.
|
||||
o PKCS#7 and CMS GOST support.
|
||||
o RFC4279 PSK ciphersuite support.
|
||||
o Supported points format extension for ECC ciphersuites.
|
||||
o ecdsa-with-SHA224/256/384/512 signature types.
|
||||
o dsa-with-SHA224 and dsa-with-SHA256 signature types.
|
||||
o Opaque PRF Input TLS extension support.
|
||||
o Updated time routines to avoid OS limitations.
|
||||
|
||||
Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n [24 Mar 2010]:
|
||||
|
||||
o CFB cipher definition fixes.
|
||||
o Fix security issues CVE-2010-0740 and CVE-2010-0433.
|
||||
|
||||
Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m [25 Feb 2010]:
|
||||
|
||||
o Cipher definition fixes.
|
||||
o Workaround for slow RAND_poll() on some WIN32 versions.
|
||||
o Remove MD2 from algorithm tables.
|
||||
o SPKAC handling fixes.
|
||||
o Support for RFC5746 TLS renegotiation extension.
|
||||
o Compression memory leak fixed.
|
||||
o Compression session resumption fixed.
|
||||
o Ticket and SNI coexistence fixes.
|
||||
o Many fixes to DTLS handling.
|
||||
|
||||
Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l [5 Nov 2009]:
|
||||
|
||||
o Temporary work around for CVE-2009-3555: disable renegotiation.
|
||||
|
||||
Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k [25 Mar 2009]:
|
||||
|
||||
o Fix various build issues.
|
||||
o Fix security issues (CVE-2009-0590, CVE-2009-0591, CVE-2009-0789)
|
||||
|
||||
Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j [7 Jan 2009]:
|
||||
|
||||
o Fix security issue (CVE-2008-5077)
|
||||
o Merge FIPS 140-2 branch code.
|
||||
|
||||
Major changes between OpenSSL 0.9.8g and OpenSSL 0.9.8h [28 May 2008]:
|
||||
|
||||
o CryptoAPI ENGINE support.
|
||||
o Various precautionary measures.
|
||||
o Fix for bugs affecting certificate request creation.
|
||||
o Support for local machine keyset attribute in PKCS#12 files.
|
||||
|
||||
Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g [19 Oct 2007]:
|
||||
|
||||
o Backport of CMS functionality to 0.9.8.
|
||||
o Fixes for bugs introduced with 0.9.8f.
|
||||
|
||||
Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f [11 Oct 2007]:
|
||||
|
||||
o Add gcc 4.2 support.
|
||||
o Add support for AES and SSE2 assembly lanugauge optimization
|
||||
for VC++ build.
|
||||
o Support for RFC4507bis and server name extensions if explicitly
|
||||
selected at compile time.
|
||||
o DTLS improvements.
|
||||
o RFC4507bis support.
|
||||
o TLS Extensions support.
|
||||
|
||||
Major changes between OpenSSL 0.9.8d and OpenSSL 0.9.8e [23 Feb 2007]:
|
||||
|
||||
o Various ciphersuite selection fixes.
|
||||
o RFC3779 support.
|
||||
|
||||
Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d [28 Sep 2006]:
|
||||
|
||||
o Introduce limits to prevent malicious key DoS (CVE-2006-2940)
|
||||
o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
|
||||
o Changes to ciphersuite selection algorithm
|
||||
|
||||
Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c [5 Sep 2006]:
|
||||
|
||||
o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
|
||||
o New cipher Camellia
|
||||
|
||||
Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b [4 May 2006]:
|
||||
|
||||
o Cipher string fixes.
|
||||
o Fixes for VC++ 2005.
|
||||
o Updated ECC cipher suite support.
|
||||
o New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free().
|
||||
o Zlib compression usage fixes.
|
||||
o Built in dynamic engine compilation support on Win32.
|
||||
o Fixes auto dynamic engine loading in Win32.
|
||||
|
||||
Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a [11 Oct 2005]:
|
||||
|
||||
o Fix potential SSL 2.0 rollback, CVE-2005-2969
|
||||
o Extended Windows CE support
|
||||
|
||||
Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8 [5 Jul 2005]:
|
||||
|
||||
o Major work on the BIGNUM library for higher efficiency and to
|
||||
make operations more streamlined and less contradictory. This
|
||||
is the result of a major audit of the BIGNUM library.
|
||||
o Addition of BIGNUM functions for fields GF(2^m) and NIST
|
||||
curves, to support the Elliptic Crypto functions.
|
||||
o Major work on Elliptic Crypto; ECDH and ECDSA added, including
|
||||
the use through EVP, X509 and ENGINE.
|
||||
o New ASN.1 mini-compiler that's usable through the OpenSSL
|
||||
configuration file.
|
||||
o Added support for ASN.1 indefinite length constructed encoding.
|
||||
o New PKCS#12 'medium level' API to manipulate PKCS#12 files.
|
||||
o Complete rework of shared library construction and linking
|
||||
programs with shared or static libraries, through a separate
|
||||
Makefile.shared.
|
||||
o Rework of the passing of parameters from one Makefile to another.
|
||||
o Changed ENGINE framework to load dynamic engine modules
|
||||
automatically from specifically given directories.
|
||||
o New structure and ASN.1 functions for CertificatePair.
|
||||
o Changed the ZLIB compression method to be stateful.
|
||||
o Changed the key-generation and primality testing "progress"
|
||||
mechanism to take a structure that contains the ticker
|
||||
function and an argument.
|
||||
o New engine module: GMP (performs private key exponentiation).
|
||||
o New engine module: VIA PadLOck ACE extension in VIA C3
|
||||
Nehemiah processors.
|
||||
o Added support for IPv6 addresses in certificate extensions.
|
||||
See RFC 1884, section 2.2.
|
||||
o Added support for certificate policy mappings, policy
|
||||
constraints and name constraints.
|
||||
o Added support for multi-valued AVAs in the OpenSSL
|
||||
configuration file.
|
||||
o Added support for multiple certificates with the same subject
|
||||
in the 'openssl ca' index file.
|
||||
o Make it possible to create self-signed certificates using
|
||||
'openssl ca -selfsign'.
|
||||
o Make it possible to generate a serial number file with
|
||||
'openssl ca -create_serial'.
|
||||
o New binary search functions with extended functionality.
|
||||
o New BUF functions.
|
||||
o New STORE structure and library to provide an interface to all
|
||||
sorts of data repositories. Supports storage of public and
|
||||
private keys, certificates, CRLs, numbers and arbitrary blobs.
|
||||
This library is unfortunately unfinished and unused withing
|
||||
OpenSSL.
|
||||
o New control functions for the error stack.
|
||||
o Changed the PKCS#7 library to support one-pass S/MIME
|
||||
processing.
|
||||
o Added the possibility to compile without old deprecated
|
||||
functionality with the OPENSSL_NO_DEPRECATED macro or the
|
||||
'no-deprecated' argument to the config and Configure scripts.
|
||||
o Constification of all ASN.1 conversion functions, and other
|
||||
affected functions.
|
||||
o Improved platform support for PowerPC.
|
||||
o New FIPS 180-2 algorithms (SHA-224, -256, -384 and -512).
|
||||
o New X509_VERIFY_PARAM structure to support parametrisation
|
||||
of X.509 path validation.
|
||||
o Major overhaul of RC4 performance on Intel P4, IA-64 and
|
||||
AMD64.
|
||||
o Changed the Configure script to have some algorithms disabled
|
||||
by default. Those can be explicitely enabled with the new
|
||||
argument form 'enable-xxx'.
|
||||
o Change the default digest in 'openssl' commands from MD5 to
|
||||
SHA-1.
|
||||
o Added support for DTLS.
|
||||
o New BIGNUM blinding.
|
||||
o Added support for the RSA-PSS encryption scheme
|
||||
o Added support for the RSA X.931 padding.
|
||||
o Added support for BSD sockets on NetWare.
|
||||
o Added support for files larger than 2GB.
|
||||
o Added initial support for Win64.
|
||||
o Added alternate pkg-config files.
|
||||
|
||||
Major changes between OpenSSL 0.9.7l and OpenSSL 0.9.7m [23 Feb 2007]:
|
||||
|
||||
o FIPS 1.1.1 module linking.
|
||||
o Various ciphersuite selection fixes.
|
||||
|
||||
Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l [28 Sep 2006]:
|
||||
|
||||
o Introduce limits to prevent malicious key DoS (CVE-2006-2940)
|
||||
o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
|
||||
|
||||
Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k [5 Sep 2006]:
|
||||
|
||||
o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
|
||||
|
||||
Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j [4 May 2006]:
|
||||
|
||||
o Visual C++ 2005 fixes.
|
||||
o Update Windows build system for FIPS.
|
||||
|
||||
Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i [14 Oct 2005]:
|
||||
|
||||
o Give EVP_MAX_MD_SIZE it's old value, except for a FIPS build.
|
||||
|
||||
Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h [11 Oct 2005]:
|
||||
|
||||
o Fix SSL 2.0 Rollback, CVE-2005-2969
|
||||
o Allow use of fixed-length exponent on DSA signing
|
||||
o Default fixed-window RSA, DSA, DH private-key operations
|
||||
|
||||
Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g [11 Apr 2005]:
|
||||
|
||||
o More compilation issues fixed.
|
||||
o Adaptation to more modern Kerberos API.
|
||||
o Enhanced or corrected configuration for Solaris64, Mingw and Cygwin.
|
||||
o Enhanced x86_64 assembler BIGNUM module.
|
||||
o More constification.
|
||||
o Added processing of proxy certificates (RFC 3820).
|
||||
|
||||
Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f [22 Mar 2005]:
|
||||
|
||||
o Several compilation issues fixed.
|
||||
o Many memory allocation failure checks added.
|
||||
o Improved comparison of X509 Name type.
|
||||
o Mandatory basic checks on certificates.
|
||||
o Performance improvements.
|
||||
|
||||
Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e [25 Oct 2004]:
|
||||
|
||||
o Fix race condition in CRL checking code.
|
||||
o Fixes to PKCS#7 (S/MIME) code.
|
||||
|
||||
Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d [17 Mar 2004]:
|
||||
|
||||
o Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug
|
||||
o Security: Fix null-pointer assignment in do_change_cipher_spec()
|
||||
o Allow multiple active certificates with same subject in CA index
|
||||
o Multiple X509 verification fixes
|
||||
o Speed up HMAC and other operations
|
||||
|
||||
Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c [30 Sep 2003]:
|
||||
|
||||
o Security: fix various ASN1 parsing bugs.
|
||||
o New -ignore_err option to OCSP utility.
|
||||
o Various interop and bug fixes in S/MIME code.
|
||||
o SSL/TLS protocol fix for unrequested client certificates.
|
||||
|
||||
Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b [10 Apr 2003]:
|
||||
|
||||
o Security: counter the Klima-Pokorny-Rosa extension of
|
||||
Bleichbacher's attack
|
||||
o Security: make RSA blinding default.
|
||||
o Configuration: Irix fixes, AIX fixes, better mingw support.
|
||||
o Support for new platforms: linux-ia64-ecc.
|
||||
o Build: shared library support fixes.
|
||||
o ASN.1: treat domainComponent correctly.
|
||||
o Documentation: fixes and additions.
|
||||
|
||||
Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a [19 Feb 2003]:
|
||||
|
||||
o Security: Important security related bugfixes.
|
||||
o Enhanced compatibility with MIT Kerberos.
|
||||
o Can be built without the ENGINE framework.
|
||||
o IA32 assembler enhancements.
|
||||
o Support for new platforms: FreeBSD/IA64 and FreeBSD/Sparc64.
|
||||
o Configuration: the no-err option now works properly.
|
||||
o SSL/TLS: now handles manual certificate chain building.
|
||||
o SSL/TLS: certain session ID malfunctions corrected.
|
||||
|
||||
Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7 [30 Dec 2002]:
|
||||
|
||||
o New library section OCSP.
|
||||
o Complete rewrite of ASN1 code.
|
||||
o CRL checking in verify code and openssl utility.
|
||||
o Extension copying in 'ca' utility.
|
||||
o Flexible display options in 'ca' utility.
|
||||
o Provisional support for international characters with UTF8.
|
||||
o Support for external crypto devices ('engine') is no longer
|
||||
a separate distribution.
|
||||
o New elliptic curve library section.
|
||||
o New AES (Rijndael) library section.
|
||||
o Support for new platforms: Windows CE, Tandem OSS, A/UX, AIX 64-bit,
|
||||
Linux x86_64, Linux 64-bit on Sparc v9
|
||||
o Extended support for some platforms: VxWorks
|
||||
o Enhanced support for shared libraries.
|
||||
o Now only builds PIC code when shared library support is requested.
|
||||
o Support for pkg-config.
|
||||
o Lots of new manuals.
|
||||
o Makes symbolic links to or copies of manuals to cover all described
|
||||
functions.
|
||||
o Change DES API to clean up the namespace (some applications link also
|
||||
against libdes providing similar functions having the same name).
|
||||
Provide macros for backward compatibility (will be removed in the
|
||||
future).
|
||||
o Unify handling of cryptographic algorithms (software and engine)
|
||||
to be available via EVP routines for asymmetric and symmetric ciphers.
|
||||
o NCONF: new configuration handling routines.
|
||||
o Change API to use more 'const' modifiers to improve error checking
|
||||
and help optimizers.
|
||||
o Finally remove references to RSAref.
|
||||
o Reworked parts of the BIGNUM code.
|
||||
o Support for new engines: Broadcom ubsec, Accelerated Encryption
|
||||
Processing, IBM 4758.
|
||||
o A few new engines added in the demos area.
|
||||
o Extended and corrected OID (object identifier) table.
|
||||
o PRNG: query at more locations for a random device, automatic query for
|
||||
EGD style random sources at several locations.
|
||||
o SSL/TLS: allow optional cipher choice according to server's preference.
|
||||
o SSL/TLS: allow server to explicitly set new session ids.
|
||||
o SSL/TLS: support Kerberos cipher suites (RFC2712).
|
||||
Only supports MIT Kerberos for now.
|
||||
o SSL/TLS: allow more precise control of renegotiations and sessions.
|
||||
o SSL/TLS: add callback to retrieve SSL/TLS messages.
|
||||
o SSL/TLS: support AES cipher suites (RFC3268).
|
||||
|
||||
Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k [30 Sep 2003]:
|
||||
|
||||
o Security: fix various ASN1 parsing bugs.
|
||||
o SSL/TLS protocol fix for unrequested client certificates.
|
||||
|
||||
Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j [10 Apr 2003]:
|
||||
|
||||
o Security: counter the Klima-Pokorny-Rosa extension of
|
||||
Bleichbacher's attack
|
||||
o Security: make RSA blinding default.
|
||||
o Build: shared library support fixes.
|
||||
|
||||
Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i [19 Feb 2003]:
|
||||
|
||||
o Important security related bugfixes.
|
||||
|
||||
Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h [5 Dec 2002]:
|
||||
|
||||
o New configuration targets for Tandem OSS and A/UX.
|
||||
o New OIDs for Microsoft attributes.
|
||||
o Better handling of SSL session caching.
|
||||
o Better comparison of distinguished names.
|
||||
o Better handling of shared libraries in a mixed GNU/non-GNU environment.
|
||||
o Support assembler code with Borland C.
|
||||
o Fixes for length problems.
|
||||
o Fixes for uninitialised variables.
|
||||
o Fixes for memory leaks, some unusual crashes and some race conditions.
|
||||
o Fixes for smaller building problems.
|
||||
o Updates of manuals, FAQ and other instructive documents.
|
||||
|
||||
Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g [9 Aug 2002]:
|
||||
|
||||
o Important building fixes on Unix.
|
||||
|
||||
Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f [8 Aug 2002]:
|
||||
|
||||
o Various important bugfixes.
|
||||
|
||||
Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e [30 Jul 2002]:
|
||||
|
||||
o Important security related bugfixes.
|
||||
o Various SSL/TLS library bugfixes.
|
||||
|
||||
Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d [9 May 2002]:
|
||||
|
||||
o Various SSL/TLS library bugfixes.
|
||||
o Fix DH parameter generation for 'non-standard' generators.
|
||||
|
||||
Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c [21 Dec 2001]:
|
||||
|
||||
o Various SSL/TLS library bugfixes.
|
||||
o BIGNUM library fixes.
|
||||
o RSA OAEP and random number generation fixes.
|
||||
o Object identifiers corrected and added.
|
||||
o Add assembler BN routines for IA64.
|
||||
o Add support for OS/390 Unix, UnixWare with gcc, OpenUNIX 8,
|
||||
MIPS Linux; shared library support for Irix, HP-UX.
|
||||
o Add crypto accelerator support for AEP, Baltimore SureWare,
|
||||
Broadcom and Cryptographic Appliance's keyserver
|
||||
[in 0.9.6c-engine release].
|
||||
|
||||
Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b [9 Jul 2001]:
|
||||
|
||||
o Security fix: PRNG improvements.
|
||||
o Security fix: RSA OAEP check.
|
||||
o Security fix: Reinsert and fix countermeasure to Bleichbacher's
|
||||
attack.
|
||||
o MIPS bug fix in BIGNUM.
|
||||
o Bug fix in "openssl enc".
|
||||
o Bug fix in X.509 printing routine.
|
||||
o Bug fix in DSA verification routine and DSA S/MIME verification.
|
||||
o Bug fix to make PRNG thread-safe.
|
||||
o Bug fix in RAND_file_name().
|
||||
o Bug fix in compatibility mode trust settings.
|
||||
o Bug fix in blowfish EVP.
|
||||
o Increase default size for BIO buffering filter.
|
||||
o Compatibility fixes in some scripts.
|
||||
|
||||
Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a [5 Apr 2001]:
|
||||
|
||||
o Security fix: change behavior of OpenSSL to avoid using
|
||||
environment variables when running as root.
|
||||
o Security fix: check the result of RSA-CRT to reduce the
|
||||
possibility of deducing the private key from an incorrectly
|
||||
calculated signature.
|
||||
o Security fix: prevent Bleichenbacher's DSA attack.
|
||||
o Security fix: Zero the premaster secret after deriving the
|
||||
master secret in DH ciphersuites.
|
||||
o Reimplement SSL_peek(), which had various problems.
|
||||
o Compatibility fix: the function des_encrypt() renamed to
|
||||
des_encrypt1() to avoid clashes with some Unixen libc.
|
||||
o Bug fixes for Win32, HP/UX and Irix.
|
||||
o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and
|
||||
memory checking routines.
|
||||
o Bug fixes for RSA operations in threaded environments.
|
||||
o Bug fixes in misc. openssl applications.
|
||||
o Remove a few potential memory leaks.
|
||||
o Add tighter checks of BIGNUM routines.
|
||||
o Shared library support has been reworked for generality.
|
||||
o More documentation.
|
||||
o New function BN_rand_range().
|
||||
o Add "-rand" option to openssl s_client and s_server.
|
||||
|
||||
Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6 [10 Oct 2000]:
|
||||
|
||||
o Some documentation for BIO and SSL libraries.
|
||||
o Enhanced chain verification using key identifiers.
|
||||
o New sign and verify options to 'dgst' application.
|
||||
o Support for DER and PEM encoded messages in 'smime' application.
|
||||
o New 'rsautl' application, low level RSA utility.
|
||||
o MD4 now included.
|
||||
o Bugfix for SSL rollback padding check.
|
||||
o Support for external crypto devices [1].
|
||||
o Enhanced EVP interface.
|
||||
|
||||
[1] The support for external crypto devices is currently a separate
|
||||
distribution. See the file README.ENGINE.
|
||||
|
||||
Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a [1 Apr 2000]:
|
||||
|
||||
o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8
|
||||
o Shared library support for HPUX and Solaris-gcc
|
||||
o Support of Linux/IA64
|
||||
o Assembler support for Mingw32
|
||||
o New 'rand' application
|
||||
o New way to check for existence of algorithms from scripts
|
||||
|
||||
Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5 [25 May 2000]:
|
||||
|
||||
o S/MIME support in new 'smime' command
|
||||
o Documentation for the OpenSSL command line application
|
||||
o Automation of 'req' application
|
||||
o Fixes to make s_client, s_server work under Windows
|
||||
o Support for multiple fieldnames in SPKACs
|
||||
o New SPKAC command line utilty and associated library functions
|
||||
o Options to allow passwords to be obtained from various sources
|
||||
o New public key PEM format and options to handle it
|
||||
o Many other fixes and enhancements to command line utilities
|
||||
o Usable certificate chain verification
|
||||
o Certificate purpose checking
|
||||
o Certificate trust settings
|
||||
o Support of authority information access extension
|
||||
o Extensions in certificate requests
|
||||
o Simplified X509 name and attribute routines
|
||||
o Initial (incomplete) support for international character sets
|
||||
o New DH_METHOD, DSA_METHOD and enhanced RSA_METHOD
|
||||
o Read only memory BIOs and simplified creation function
|
||||
o TLS/SSL protocol bugfixes: Accept TLS 'client hello' in SSL 3.0
|
||||
record; allow fragmentation and interleaving of handshake and other
|
||||
data
|
||||
o TLS/SSL code now "tolerates" MS SGC
|
||||
o Work around for Netscape client certificate hang bug
|
||||
o RSA_NULL option that removes RSA patent code but keeps other
|
||||
RSA functionality
|
||||
o Memory leak detection now allows applications to add extra information
|
||||
via a per-thread stack
|
||||
o PRNG robustness improved
|
||||
o EGD support
|
||||
o BIGNUM library bug fixes
|
||||
o Faster DSA parameter generation
|
||||
o Enhanced support for Alpha Linux
|
||||
o Experimental MacOS support
|
||||
|
||||
Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4 [9 Aug 1999]:
|
||||
|
||||
o Transparent support for PKCS#8 format private keys: these are used
|
||||
by several software packages and are more secure than the standard
|
||||
form
|
||||
o PKCS#5 v2.0 implementation
|
||||
o Password callbacks have a new void * argument for application data
|
||||
o Avoid various memory leaks
|
||||
o New pipe-like BIO that allows using the SSL library when actual I/O
|
||||
must be handled by the application (BIO pair)
|
||||
|
||||
Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3 [24 May 1999]:
|
||||
o Lots of enhancements and cleanups to the Configuration mechanism
|
||||
o RSA OEAP related fixes
|
||||
o Added `openssl ca -revoke' option for revoking a certificate
|
||||
o Source cleanups: const correctness, type-safe stacks and ASN.1 SETs
|
||||
o Source tree cleanups: removed lots of obsolete files
|
||||
o Thawte SXNet, certificate policies and CRL distribution points
|
||||
extension support
|
||||
o Preliminary (experimental) S/MIME support
|
||||
o Support for ASN.1 UTF8String and VisibleString
|
||||
o Full integration of PKCS#12 code
|
||||
o Sparc assembler bignum implementation, optimized hash functions
|
||||
o Option to disable selected ciphers
|
||||
|
||||
Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b [22 Mar 1999]:
|
||||
o Fixed a security hole related to session resumption
|
||||
o Fixed RSA encryption routines for the p < q case
|
||||
o "ALL" in cipher lists now means "everything except NULL ciphers"
|
||||
o Support for Triple-DES CBCM cipher
|
||||
o Support of Optimal Asymmetric Encryption Padding (OAEP) for RSA
|
||||
o First support for new TLSv1 ciphers
|
||||
o Added a few new BIOs (syslog BIO, reliable BIO)
|
||||
o Extended support for DSA certificate/keys.
|
||||
o Extended support for Certificate Signing Requests (CSR)
|
||||
o Initial support for X.509v3 extensions
|
||||
o Extended support for compression inside the SSL record layer
|
||||
o Overhauled Win32 builds
|
||||
o Cleanups and fixes to the Big Number (BN) library
|
||||
o Support for ASN.1 GeneralizedTime
|
||||
o Splitted ASN.1 SETs from SEQUENCEs
|
||||
o ASN1 and PEM support for Netscape Certificate Sequences
|
||||
o Overhauled Perl interface
|
||||
o Lots of source tree cleanups.
|
||||
o Lots of memory leak fixes.
|
||||
o Lots of bug fixes.
|
||||
|
||||
Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c [23 Dec 1998]:
|
||||
o Integration of the popular NO_RSA/NO_DSA patches
|
||||
o Initial support for compression inside the SSL record layer
|
||||
o Added BIO proxy and filtering functionality
|
||||
o Extended Big Number (BN) library
|
||||
o Added RIPE MD160 message digest
|
||||
o Addeed support for RC2/64bit cipher
|
||||
o Extended ASN.1 parser routines
|
||||
o Adjustations of the source tree for CVS
|
||||
o Support for various new platforms
|
||||
|
|
@ -0,0 +1,235 @@
|
|||
@echo off
|
||||
|
||||
rem ========================================================================
|
||||
rem Batch file to automate building OpenSSL for NetWare.
|
||||
rem
|
||||
rem usage:
|
||||
rem build [target] [debug opts] [assembly opts] [configure opts]
|
||||
rem
|
||||
rem target - "netware-clib" - CLib NetWare build (WinSock Sockets)
|
||||
rem - "netware-clib-bsdsock" - CLib NetWare build (BSD Sockets)
|
||||
rem - "netware-libc" - LibC NetWare build (WinSock Sockets)
|
||||
rem - "netware-libc-bsdsock" - LibC NetWare build (BSD Sockets)
|
||||
rem
|
||||
rem debug opts - "debug" - build debug
|
||||
rem
|
||||
rem assembly opts - "nw-mwasm" - use Metrowerks assembler
|
||||
rem - "nw-nasm" - use NASM assembler
|
||||
rem - "no-asm" - don't use assembly
|
||||
rem
|
||||
rem configure opts- all unrecognized arguments are passed to the
|
||||
rem perl configure script
|
||||
rem
|
||||
rem If no arguments are specified the default is to build non-debug with
|
||||
rem no assembly. NOTE: there is no default BLD_TARGET.
|
||||
rem
|
||||
|
||||
|
||||
|
||||
rem No assembly is the default - Uncomment section below to change
|
||||
rem the assembler default
|
||||
set ASM_MODE=
|
||||
set ASSEMBLER=
|
||||
set NO_ASM=no-asm
|
||||
|
||||
rem Uncomment to default to the Metrowerks assembler
|
||||
rem set ASM_MODE=nw-mwasm
|
||||
rem set ASSEMBLER=Metrowerks
|
||||
rem set NO_ASM=
|
||||
|
||||
rem Uncomment to default to the NASM assembler
|
||||
rem set ASM_MODE=nw-nasm
|
||||
rem set ASSEMBLER=NASM
|
||||
rem set NO_ASM=
|
||||
|
||||
rem No default Bld target
|
||||
set BLD_TARGET=no_target
|
||||
rem set BLD_TARGET=netware-clib
|
||||
rem set BLD_TARGET=netware-libc
|
||||
|
||||
|
||||
rem Default to build non-debug
|
||||
set DEBUG=
|
||||
|
||||
rem Uncomment to default to debug build
|
||||
rem set DEBUG=debug
|
||||
|
||||
|
||||
set CONFIG_OPTS=
|
||||
set ARG_PROCESSED=NO
|
||||
|
||||
|
||||
rem Process command line args
|
||||
:opts
|
||||
if "a%1" == "a" goto endopt
|
||||
if "%1" == "no-asm" set NO_ASM=no-asm
|
||||
if "%1" == "no-asm" set ARG_PROCESSED=YES
|
||||
if "%1" == "debug" set DEBUG=debug
|
||||
if "%1" == "debug" set ARG_PROCESSED=YES
|
||||
if "%1" == "nw-nasm" set ASM_MODE=nw-nasm
|
||||
if "%1" == "nw-nasm" set ASSEMBLER=NASM
|
||||
if "%1" == "nw-nasm" set NO_ASM=
|
||||
if "%1" == "nw-nasm" set ARG_PROCESSED=YES
|
||||
if "%1" == "nw-mwasm" set ASM_MODE=nw-mwasm
|
||||
if "%1" == "nw-mwasm" set ASSEMBLER=Metrowerks
|
||||
if "%1" == "nw-mwasm" set NO_ASM=
|
||||
if "%1" == "nw-mwasm" set ARG_PROCESSED=YES
|
||||
if "%1" == "netware-clib" set BLD_TARGET=netware-clib
|
||||
if "%1" == "netware-clib" set ARG_PROCESSED=YES
|
||||
if "%1" == "netware-clib-bsdsock" set BLD_TARGET=netware-clib-bsdsock
|
||||
if "%1" == "netware-clib-bsdsock" set ARG_PROCESSED=YES
|
||||
if "%1" == "netware-libc" set BLD_TARGET=netware-libc
|
||||
if "%1" == "netware-libc" set ARG_PROCESSED=YES
|
||||
if "%1" == "netware-libc-bsdsock" set BLD_TARGET=netware-libc-bsdsock
|
||||
if "%1" == "netware-libc-bsdsock" set ARG_PROCESSED=YES
|
||||
|
||||
rem If we didn't recognize the argument, consider it an option for config
|
||||
if "%ARG_PROCESSED%" == "NO" set CONFIG_OPTS=%CONFIG_OPTS% %1
|
||||
if "%ARG_PROCESSED%" == "YES" set ARG_PROCESSED=NO
|
||||
|
||||
shift
|
||||
goto opts
|
||||
:endopt
|
||||
|
||||
rem make sure a valid BLD_TARGET was specified
|
||||
if "%BLD_TARGET%" == "no_target" goto no_target
|
||||
|
||||
rem build the nlm make file name which includes target and debug info
|
||||
set NLM_MAKE=
|
||||
if "%BLD_TARGET%" == "netware-clib" set NLM_MAKE=netware\nlm_clib
|
||||
if "%BLD_TARGET%" == "netware-clib-bsdsock" set NLM_MAKE=netware\nlm_clib_bsdsock
|
||||
if "%BLD_TARGET%" == "netware-libc" set NLM_MAKE=netware\nlm_libc
|
||||
if "%BLD_TARGET%" == "netware-libc-bsdsock" set NLM_MAKE=netware\nlm_libc_bsdsock
|
||||
if "%DEBUG%" == "" set NLM_MAKE=%NLM_MAKE%.mak
|
||||
if "%DEBUG%" == "debug" set NLM_MAKE=%NLM_MAKE%_dbg.mak
|
||||
|
||||
if "%NO_ASM%" == "no-asm" set ASM_MODE=
|
||||
if "%NO_ASM%" == "no-asm" set ASSEMBLER=
|
||||
if "%NO_ASM%" == "no-asm" set CONFIG_OPTS=%CONFIG_OPTS% no-asm
|
||||
if "%NO_ASM%" == "no-asm" goto do_config
|
||||
|
||||
|
||||
rem ==================================================
|
||||
echo Generating x86 for %ASSEMBLER% assembler
|
||||
|
||||
echo Bignum
|
||||
cd crypto\bn\asm
|
||||
rem perl x86.pl %ASM_MODE% > bn-nw.asm
|
||||
perl bn-586.pl %ASM_MODE% > bn-nw.asm
|
||||
perl co-586.pl %ASM_MODE% > co-nw.asm
|
||||
cd ..\..\..
|
||||
|
||||
echo AES
|
||||
cd crypto\aes\asm
|
||||
perl aes-586.pl %ASM_MODE% > a-nw.asm
|
||||
cd ..\..\..
|
||||
|
||||
echo DES
|
||||
cd crypto\des\asm
|
||||
perl des-586.pl %ASM_MODE% > d-nw.asm
|
||||
cd ..\..\..
|
||||
|
||||
echo "crypt(3)"
|
||||
|
||||
cd crypto\des\asm
|
||||
perl crypt586.pl %ASM_MODE% > y-nw.asm
|
||||
cd ..\..\..
|
||||
|
||||
echo Blowfish
|
||||
|
||||
cd crypto\bf\asm
|
||||
perl bf-586.pl %ASM_MODE% > b-nw.asm
|
||||
cd ..\..\..
|
||||
|
||||
echo CAST5
|
||||
cd crypto\cast\asm
|
||||
perl cast-586.pl %ASM_MODE% > c-nw.asm
|
||||
cd ..\..\..
|
||||
|
||||
echo RC4
|
||||
cd crypto\rc4\asm
|
||||
perl rc4-586.pl %ASM_MODE% > r4-nw.asm
|
||||
cd ..\..\..
|
||||
|
||||
echo MD5
|
||||
cd crypto\md5\asm
|
||||
perl md5-586.pl %ASM_MODE% > m5-nw.asm
|
||||
cd ..\..\..
|
||||
|
||||
echo SHA1
|
||||
cd crypto\sha\asm
|
||||
perl sha1-586.pl %ASM_MODE% > s1-nw.asm
|
||||
perl sha256-586.pl %ASM_MODE% > sha256-nw.asm
|
||||
perl sha512-586.pl %ASM_MODE% > sha512-nw.asm
|
||||
cd ..\..\..
|
||||
|
||||
echo RIPEMD160
|
||||
cd crypto\ripemd\asm
|
||||
perl rmd-586.pl %ASM_MODE% > rm-nw.asm
|
||||
cd ..\..\..
|
||||
|
||||
echo RC5\32
|
||||
cd crypto\rc5\asm
|
||||
perl rc5-586.pl %ASM_MODE% > r5-nw.asm
|
||||
cd ..\..\..
|
||||
|
||||
echo WHIRLPOOL
|
||||
cd crypto\whrlpool\asm
|
||||
perl wp-mmx.pl %ASM_MODE% > wp-nw.asm
|
||||
cd ..\..\..
|
||||
|
||||
echo CPUID
|
||||
cd crypto
|
||||
perl x86cpuid.pl %ASM_MODE% > x86cpuid-nw.asm
|
||||
cd ..\
|
||||
|
||||
rem ===============================================================
|
||||
rem
|
||||
:do_config
|
||||
|
||||
echo .
|
||||
echo configure options: %CONFIG_OPTS% %BLD_TARGET%
|
||||
echo .
|
||||
perl configure %CONFIG_OPTS% %BLD_TARGET%
|
||||
|
||||
perl util\mkfiles.pl >MINFO
|
||||
|
||||
echo .
|
||||
echo mk1mf.pl options: %DEBUG% %ASM_MODE% %CONFIG_OPTS% %BLD_TARGET%
|
||||
echo .
|
||||
perl util\mk1mf.pl %DEBUG% %ASM_MODE% %CONFIG_OPTS% %BLD_TARGET% >%NLM_MAKE%
|
||||
|
||||
make -f %NLM_MAKE% vclean
|
||||
echo .
|
||||
echo The makefile "%NLM_MAKE%" has been created use your maketool to
|
||||
echo build (ex: make -f %NLM_MAKE%)
|
||||
goto end
|
||||
|
||||
rem ===============================================================
|
||||
rem
|
||||
:no_target
|
||||
echo .
|
||||
echo . No build target specified!!!
|
||||
echo .
|
||||
echo . usage: build [target] [debug opts] [assembly opts] [configure opts]
|
||||
echo .
|
||||
echo . target - "netware-clib" - CLib NetWare build (WinSock Sockets)
|
||||
echo . - "netware-clib-bsdsock" - CLib NetWare build (BSD Sockets)
|
||||
echo . - "netware-libc" - LibC NetWare build (WinSock Sockets)
|
||||
echo . - "netware-libc-bsdsock" - LibC NetWare build (BSD Sockets)
|
||||
echo .
|
||||
echo . debug opts - "debug" - build debug
|
||||
echo .
|
||||
echo . assembly opts - "nw-mwasm" - use Metrowerks assembler
|
||||
echo . "nw-nasm" - use NASM assembler
|
||||
echo . "no-asm" - don't use assembly
|
||||
echo .
|
||||
echo . configure opts- all unrecognized arguments are passed to the
|
||||
echo . perl configure script
|
||||
echo .
|
||||
echo . If no debug or assembly opts are specified the default is to build
|
||||
echo . non-debug without assembly
|
||||
echo .
|
||||
|
||||
|
||||
:end
|
|
@ -0,0 +1,113 @@
|
|||
@echo off
|
||||
|
||||
rem Batch file to copy OpenSSL stuff to a NetWare server for testing
|
||||
|
||||
rem This batch file will create an "opensssl" directory at the root of the
|
||||
rem specified NetWare drive and copy the required files to run the tests.
|
||||
rem It should be run from inside the "openssl\netware" subdirectory.
|
||||
|
||||
rem Usage:
|
||||
rem cpy_tests.bat <test subdirectory> <NetWare drive>
|
||||
rem <test subdirectory> - out_nw.dbg | out_nw
|
||||
rem <NetWare drive> - any mapped drive letter
|
||||
rem
|
||||
rem example ( copy from debug build to m: dirve ):
|
||||
rem cpy_tests.bat out_nw.dbg m:
|
||||
rem
|
||||
rem CAUTION: If a directory named OpenSSL exists on the target drive
|
||||
rem it will be deleted first.
|
||||
|
||||
|
||||
if "%1" == "" goto usage
|
||||
if "%2" == "" goto usage
|
||||
|
||||
rem Assume running in \openssl directory unless cpy_tests.bat exists then
|
||||
rem it must be the \openssl\netware directory
|
||||
set loc=.
|
||||
if exist cpy_tests.bat set loc=..
|
||||
|
||||
rem make sure the local build subdirectory specified is valid
|
||||
if not exist %loc%\%1\NUL goto invalid_dir
|
||||
|
||||
rem make sure target drive is valid
|
||||
if not exist %2\NUL goto invalid_drive
|
||||
|
||||
rem If an OpenSSL directory exists on the target drive, remove it
|
||||
if exist %2\openssl\NUL goto remove_openssl
|
||||
goto do_copy
|
||||
|
||||
:remove_openssl
|
||||
echo .
|
||||
echo OpenSSL directory exists on %2 - it will be removed!
|
||||
pause
|
||||
rmdir %2\openssl /s /q
|
||||
|
||||
:do_copy
|
||||
rem make an "openssl" directory and others at the root of the NetWare drive
|
||||
mkdir %2\openssl
|
||||
mkdir %2\openssl\test_out
|
||||
mkdir %2\openssl\apps
|
||||
mkdir %2\openssl\certs
|
||||
mkdir %2\openssl\test
|
||||
|
||||
|
||||
rem copy the test nlms
|
||||
copy %loc%\%1\*.nlm %2\openssl\
|
||||
|
||||
rem copy the test perl script
|
||||
copy %loc%\netware\do_tests.pl %2\openssl\
|
||||
|
||||
rem copy the certs directory stuff
|
||||
xcopy %loc%\certs\*.* %2\openssl\certs\ /s
|
||||
|
||||
rem copy the test directory stuff
|
||||
copy %loc%\test\CAss.cnf %2\openssl\test\
|
||||
copy %loc%\test\Uss.cnf %2\openssl\test\
|
||||
copy %loc%\test\pkcs7.pem %2\openssl\test\
|
||||
copy %loc%\test\pkcs7-1.pem %2\openssl\test\
|
||||
copy %loc%\test\testcrl.pem %2\openssl\test\
|
||||
copy %loc%\test\testp7.pem %2\openssl\test\
|
||||
copy %loc%\test\testreq2.pem %2\openssl\test\
|
||||
copy %loc%\test\testrsa.pem %2\openssl\test\
|
||||
copy %loc%\test\testsid.pem %2\openssl\test\
|
||||
copy %loc%\test\testx509.pem %2\openssl\test\
|
||||
copy %loc%\test\v3-cert1.pem %2\openssl\test\
|
||||
copy %loc%\test\v3-cert2.pem %2\openssl\test\
|
||||
copy %loc%\crypto\evp\evptests.txt %2\openssl\test\
|
||||
|
||||
rem copy the apps directory stuff
|
||||
copy %loc%\apps\client.pem %2\openssl\apps\
|
||||
copy %loc%\apps\server.pem %2\openssl\apps\
|
||||
copy %loc%\apps\openssl.cnf %2\openssl\apps\
|
||||
|
||||
echo .
|
||||
echo Tests copied
|
||||
echo Run the test script at the console by typing:
|
||||
echo "Perl \openssl\do_tests.pl"
|
||||
echo .
|
||||
echo Make sure the Search path includes the OpenSSL subdirectory
|
||||
|
||||
goto end
|
||||
|
||||
:invalid_dir
|
||||
echo.
|
||||
echo Invalid build directory specified: %1
|
||||
echo.
|
||||
goto usage
|
||||
|
||||
:invalid_drive
|
||||
echo.
|
||||
echo Invalid drive: %2
|
||||
echo.
|
||||
goto usage
|
||||
|
||||
:usage
|
||||
echo.
|
||||
echo usage: cpy_tests.bat [test subdirectory] [NetWare drive]
|
||||
echo [test subdirectory] - out_nw_clib.dbg, out_nw_libc.dbg, etc.
|
||||
echo [NetWare drive] - any mapped drive letter
|
||||
echo.
|
||||
echo example: cpy_test out_nw_clib.dbg M:
|
||||
echo (copy from clib debug build area to M: drive)
|
||||
|
||||
:end
|
|
@ -0,0 +1,624 @@
|
|||
# perl script to run OpenSSL tests
|
||||
|
||||
|
||||
my $base_path = "\\openssl";
|
||||
|
||||
my $output_path = "$base_path\\test_out";
|
||||
my $cert_path = "$base_path\\certs";
|
||||
my $test_path = "$base_path\\test";
|
||||
my $app_path = "$base_path\\apps";
|
||||
|
||||
my $tmp_cert = "$output_path\\cert.tmp";
|
||||
my $OpenSSL_config = "$app_path\\openssl.cnf";
|
||||
my $log_file = "$output_path\\tests.log";
|
||||
|
||||
my $pause = 0;
|
||||
|
||||
|
||||
# process the command line args to see if they wanted us to pause
|
||||
# between executing each command
|
||||
foreach $i (@ARGV)
|
||||
{
|
||||
if ($i =~ /^-p$/)
|
||||
{ $pause=1; }
|
||||
}
|
||||
|
||||
|
||||
|
||||
main();
|
||||
|
||||
|
||||
############################################################################
|
||||
sub main()
|
||||
{
|
||||
# delete all the output files in the output directory
|
||||
unlink <$output_path\\*.*>;
|
||||
|
||||
# open the main log file
|
||||
open(OUT, ">$log_file") || die "unable to open $log_file\n";
|
||||
|
||||
print( OUT "========================================================\n");
|
||||
my $outFile = "$output_path\\version.out";
|
||||
system("openssl2 version (CLIB_OPT)/>$outFile");
|
||||
log_output("CHECKING FOR OPENSSL VERSION:", $outFile);
|
||||
|
||||
algorithm_tests();
|
||||
encryption_tests();
|
||||
evp_tests();
|
||||
pem_tests();
|
||||
verify_tests();
|
||||
ca_tests();
|
||||
ssl_tests();
|
||||
|
||||
close(OUT);
|
||||
|
||||
print("\nCompleted running tests.\n\n");
|
||||
print("Check log file for errors: $log_file\n");
|
||||
}
|
||||
|
||||
############################################################################
|
||||
sub algorithm_tests
|
||||
{
|
||||
my $i;
|
||||
my $outFile;
|
||||
my @tests = ( rsa_test, destest, ideatest, bftest, bntest, shatest, sha1test,
|
||||
sha256t, sha512t, dsatest, md2test, md4test, md5test, mdc2test,
|
||||
rc2test, rc4test, rc5test, randtest, rmdtest, dhtest, ecdhtest,
|
||||
ecdsatest, ectest, exptest, casttest, hmactest );
|
||||
|
||||
print( "\nRUNNING CRYPTO ALGORITHM TESTS:\n\n");
|
||||
|
||||
print( OUT "\n========================================================\n");
|
||||
print( OUT "CRYPTO ALGORITHM TESTS:\n\n");
|
||||
|
||||
foreach $i (@tests)
|
||||
{
|
||||
if (-e "$base_path\\$i.nlm")
|
||||
{
|
||||
$outFile = "$output_path\\$i.out";
|
||||
system("$i (CLIB_OPT)/>$outFile");
|
||||
log_desc("Test: $i\.nlm:");
|
||||
log_output("", $outFile );
|
||||
}
|
||||
else
|
||||
{
|
||||
log_desc("Test: $i\.nlm: file not found");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
############################################################################
|
||||
sub encryption_tests
|
||||
{
|
||||
my $i;
|
||||
my $outFile;
|
||||
my @enc_tests = ( "enc", "rc4", "des-cfb", "des-ede-cfb", "des-ede3-cfb",
|
||||
"des-ofb", "des-ede-ofb", "des-ede3-ofb",
|
||||
"des-ecb", "des-ede", "des-ede3", "des-cbc",
|
||||
"des-ede-cbc", "des-ede3-cbc", "idea-ecb", "idea-cfb",
|
||||
"idea-ofb", "idea-cbc", "rc2-ecb", "rc2-cfb",
|
||||
"rc2-ofb", "rc2-cbc", "bf-ecb", "bf-cfb",
|
||||
"bf-ofb", "bf-cbc" );
|
||||
|
||||
my $input = "$base_path\\do_tests.pl";
|
||||
my $cipher = "$output_path\\cipher.out";
|
||||
my $clear = "$output_path\\clear.out";
|
||||
|
||||
print( "\nRUNNING ENCRYPTION & DECRYPTION TESTS:\n\n");
|
||||
|
||||
print( OUT "\n========================================================\n");
|
||||
print( OUT "FILE ENCRYPTION & DECRYPTION TESTS:\n\n");
|
||||
|
||||
foreach $i (@enc_tests)
|
||||
{
|
||||
log_desc("Testing: $i");
|
||||
|
||||
# do encryption
|
||||
$outFile = "$output_path\\enc.out";
|
||||
system("openssl2 $i -e -bufsize 113 -k test -in $input -out $cipher (CLIB_OPT)/>$outFile" );
|
||||
log_output("Encrypting: $input --> $cipher", $outFile);
|
||||
|
||||
# do decryption
|
||||
$outFile = "$output_path\\dec.out";
|
||||
system("openssl2 $i -d -bufsize 157 -k test -in $cipher -out $clear (CLIB_OPT)/>$outFile");
|
||||
log_output("Decrypting: $cipher --> $clear", $outFile);
|
||||
|
||||
# compare files
|
||||
$x = compare_files( $input, $clear, 1);
|
||||
if ( $x == 0 )
|
||||
{
|
||||
print( "\rSUCCESS - files match: $input, $clear\n");
|
||||
print( OUT "SUCCESS - files match: $input, $clear\n");
|
||||
}
|
||||
else
|
||||
{
|
||||
print( "\rERROR: files don't match\n");
|
||||
print( OUT "ERROR: files don't match\n");
|
||||
}
|
||||
|
||||
do_wait();
|
||||
|
||||
# Now do the same encryption but use Base64
|
||||
|
||||
# do encryption B64
|
||||
$outFile = "$output_path\\B64enc.out";
|
||||
system("openssl2 $i -a -e -bufsize 113 -k test -in $input -out $cipher (CLIB_OPT)/>$outFile");
|
||||
log_output("Encrypting(B64): $cipher --> $clear", $outFile);
|
||||
|
||||
# do decryption B64
|
||||
$outFile = "$output_path\\B64dec.out";
|
||||
system("openssl2 $i -a -d -bufsize 157 -k test -in $cipher -out $clear (CLIB_OPT)/>$outFile");
|
||||
log_output("Decrypting(B64): $cipher --> $clear", $outFile);
|
||||
|
||||
# compare files
|
||||
$x = compare_files( $input, $clear, 1);
|
||||
if ( $x == 0 )
|
||||
{
|
||||
print( "\rSUCCESS - files match: $input, $clear\n");
|
||||
print( OUT "SUCCESS - files match: $input, $clear\n");
|
||||
}
|
||||
else
|
||||
{
|
||||
print( "\rERROR: files don't match\n");
|
||||
print( OUT "ERROR: files don't match\n");
|
||||
}
|
||||
|
||||
do_wait();
|
||||
|
||||
} # end foreach
|
||||
|
||||
# delete the temporary files
|
||||
unlink($cipher);
|
||||
unlink($clear);
|
||||
}
|
||||
|
||||
|
||||
############################################################################
|
||||
sub pem_tests
|
||||
{
|
||||
my $i;
|
||||
my $tmp_out;
|
||||
my $outFile = "$output_path\\pem.out";
|
||||
|
||||
my %pem_tests = (
|
||||
"crl" => "testcrl.pem",
|
||||
"pkcs7" => "testp7.pem",
|
||||
"req" => "testreq2.pem",
|
||||
"rsa" => "testrsa.pem",
|
||||
"x509" => "testx509.pem",
|
||||
"x509" => "v3-cert1.pem",
|
||||
"sess_id" => "testsid.pem" );
|
||||
|
||||
|
||||
print( "\nRUNNING PEM TESTS:\n\n");
|
||||
|
||||
print( OUT "\n========================================================\n");
|
||||
print( OUT "PEM TESTS:\n\n");
|
||||
|
||||
foreach $i (keys(%pem_tests))
|
||||
{
|
||||
log_desc( "Testing: $i");
|
||||
|
||||
my $input = "$test_path\\$pem_tests{$i}";
|
||||
|
||||
$tmp_out = "$output_path\\$pem_tests{$i}";
|
||||
|
||||
if ($i ne "req" )
|
||||
{
|
||||
system("openssl2 $i -in $input -out $tmp_out (CLIB_OPT)/>$outFile");
|
||||
log_output( "openssl2 $i -in $input -out $tmp_out", $outFile);
|
||||
}
|
||||
else
|
||||
{
|
||||
system("openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config (CLIB_OPT)/>$outFile");
|
||||
log_output( "openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config", $outFile );
|
||||
}
|
||||
|
||||
$x = compare_files( $input, $tmp_out);
|
||||
if ( $x == 0 )
|
||||
{
|
||||
print( "\rSUCCESS - files match: $input, $tmp_out\n");
|
||||
print( OUT "SUCCESS - files match: $input, $tmp_out\n");
|
||||
}
|
||||
else
|
||||
{
|
||||
print( "\rERROR: files don't match\n");
|
||||
print( OUT "ERROR: files don't match\n");
|
||||
}
|
||||
do_wait();
|
||||
|
||||
} # end foreach
|
||||
}
|
||||
|
||||
|
||||
############################################################################
|
||||
sub verify_tests
|
||||
{
|
||||
my $i;
|
||||
my $outFile = "$output_path\\verify.out";
|
||||
|
||||
$cert_path =~ s/\\/\//g;
|
||||
my @cert_files = <$cert_path/*.pem>;
|
||||
|
||||
print( "\nRUNNING VERIFY TESTS:\n\n");
|
||||
|
||||
print( OUT "\n========================================================\n");
|
||||
print( OUT "VERIFY TESTS:\n\n");
|
||||
|
||||
make_tmp_cert_file();
|
||||
|
||||
foreach $i (@cert_files)
|
||||
{
|
||||
system("openssl2 verify -CAfile $tmp_cert $i (CLIB_OPT)/>$outFile");
|
||||
log_desc("Verifying cert: $i");
|
||||
log_output("openssl2 verify -CAfile $tmp_cert $i", $outFile);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
############################################################################
|
||||
sub ssl_tests
|
||||
{
|
||||
my $outFile = "$output_path\\ssl_tst.out";
|
||||
my($CAcert) = "$output_path\\certCA.ss";
|
||||
my($Ukey) = "$output_path\\keyU.ss";
|
||||
my($Ucert) = "$output_path\\certU.ss";
|
||||
my($ssltest)= "ssltest -key $Ukey -cert $Ucert -c_key $Ukey -c_cert $Ucert -CAfile $CAcert";
|
||||
|
||||
print( "\nRUNNING SSL TESTS:\n\n");
|
||||
|
||||
print( OUT "\n========================================================\n");
|
||||
print( OUT "SSL TESTS:\n\n");
|
||||
|
||||
system("ssltest -ssl2 (CLIB_OPT)/>$outFile");
|
||||
log_desc("Testing sslv2:");
|
||||
log_output("ssltest -ssl2", $outFile);
|
||||
|
||||
system("$ssltest -ssl2 -server_auth (CLIB_OPT)/>$outFile");
|
||||
log_desc("Testing sslv2 with server authentication:");
|
||||
log_output("$ssltest -ssl2 -server_auth", $outFile);
|
||||
|
||||
system("$ssltest -ssl2 -client_auth (CLIB_OPT)/>$outFile");
|
||||
log_desc("Testing sslv2 with client authentication:");
|
||||
log_output("$ssltest -ssl2 -client_auth", $outFile);
|
||||
|
||||
system("$ssltest -ssl2 -server_auth -client_auth (CLIB_OPT)/>$outFile");
|
||||
log_desc("Testing sslv2 with both client and server authentication:");
|
||||
log_output("$ssltest -ssl2 -server_auth -client_auth", $outFile);
|
||||
|
||||
system("ssltest -ssl3 (CLIB_OPT)/>$outFile");
|
||||
log_desc("Testing sslv3:");
|
||||
log_output("ssltest -ssl3", $outFile);
|
||||
|
||||
system("$ssltest -ssl3 -server_auth (CLIB_OPT)/>$outFile");
|
||||
log_desc("Testing sslv3 with server authentication:");
|
||||
log_output("$ssltest -ssl3 -server_auth", $outFile);
|
||||
|
||||
system("$ssltest -ssl3 -client_auth (CLIB_OPT)/>$outFile");
|
||||
log_desc("Testing sslv3 with client authentication:");
|
||||
log_output("$ssltest -ssl3 -client_auth", $outFile);
|
||||
|
||||
system("$ssltest -ssl3 -server_auth -client_auth (CLIB_OPT)/>$outFile");
|
||||
log_desc("Testing sslv3 with both client and server authentication:");
|
||||
log_output("$ssltest -ssl3 -server_auth -client_auth", $outFile);
|
||||
|
||||
system("ssltest (CLIB_OPT)/>$outFile");
|
||||
log_desc("Testing sslv2/sslv3:");
|
||||
log_output("ssltest", $outFile);
|
||||
|
||||
system("$ssltest -server_auth (CLIB_OPT)/>$outFile");
|
||||
log_desc("Testing sslv2/sslv3 with server authentication:");
|
||||
log_output("$ssltest -server_auth", $outFile);
|
||||
|
||||
system("$ssltest -client_auth (CLIB_OPT)/>$outFile");
|
||||
log_desc("Testing sslv2/sslv3 with client authentication:");
|
||||
log_output("$ssltest -client_auth ", $outFile);
|
||||
|
||||
system("$ssltest -server_auth -client_auth (CLIB_OPT)/>$outFile");
|
||||
log_desc("Testing sslv2/sslv3 with both client and server authentication:");
|
||||
log_output("$ssltest -server_auth -client_auth", $outFile);
|
||||
|
||||
system("ssltest -bio_pair -ssl2 (CLIB_OPT)/>$outFile");
|
||||
log_desc("Testing sslv2 via BIO pair:");
|
||||
log_output("ssltest -bio_pair -ssl2", $outFile);
|
||||
|
||||
system("ssltest -bio_pair -dhe1024dsa -v (CLIB_OPT)/>$outFile");
|
||||
log_desc("Testing sslv2/sslv3 with 1024 bit DHE via BIO pair:");
|
||||
log_output("ssltest -bio_pair -dhe1024dsa -v", $outFile);
|
||||
|
||||
system("$ssltest -bio_pair -ssl2 -server_auth (CLIB_OPT)/>$outFile");
|
||||
log_desc("Testing sslv2 with server authentication via BIO pair:");
|
||||
log_output("$ssltest -bio_pair -ssl2 -server_auth", $outFile);
|
||||
|
||||
system("$ssltest -bio_pair -ssl2 -client_auth (CLIB_OPT)/>$outFile");
|
||||
log_desc("Testing sslv2 with client authentication via BIO pair:");
|
||||
log_output("$ssltest -bio_pair -ssl2 -client_auth", $outFile);
|
||||
|
||||
system("$ssltest -bio_pair -ssl2 -server_auth -client_auth (CLIB_OPT)/>$outFile");
|
||||
log_desc("Testing sslv2 with both client and server authentication via BIO pair:");
|
||||
log_output("$ssltest -bio_pair -ssl2 -server_auth -client_auth", $outFile);
|
||||
|
||||
system("ssltest -bio_pair -ssl3 (CLIB_OPT)/>$outFile");
|
||||
log_desc("Testing sslv3 via BIO pair:");
|
||||
log_output("ssltest -bio_pair -ssl3", $outFile);
|
||||
|
||||
system("$ssltest -bio_pair -ssl3 -server_auth (CLIB_OPT)/>$outFile");
|
||||
log_desc("Testing sslv3 with server authentication via BIO pair:");
|
||||
log_output("$ssltest -bio_pair -ssl3 -server_auth", $outFile);
|
||||
|
||||
system("$ssltest -bio_pair -ssl3 -client_auth (CLIB_OPT)/>$outFile");
|
||||
log_desc("Testing sslv3 with client authentication via BIO pair:");
|
||||
log_output("$ssltest -bio_pair -ssl3 -client_auth", $outFile);
|
||||
|
||||
system("$ssltest -bio_pair -ssl3 -server_auth -client_auth (CLIB_OPT)/>$outFile");
|
||||
log_desc("Testing sslv3 with both client and server authentication via BIO pair:");
|
||||
log_output("$ssltest -bio_pair -ssl3 -server_auth -client_auth", $outFile);
|
||||
|
||||
system("ssltest -bio_pair (CLIB_OPT)/>$outFile");
|
||||
log_desc("Testing sslv2/sslv3 via BIO pair:");
|
||||
log_output("ssltest -bio_pair", $outFile);
|
||||
|
||||
system("$ssltest -bio_pair -server_auth (CLIB_OPT)/>$outFile");
|
||||
log_desc("Testing sslv2/sslv3 with server authentication via BIO pair:");
|
||||
log_output("$ssltest -bio_pair -server_auth", $outFile);
|
||||
|
||||
system("$ssltest -bio_pair -client_auth (CLIB_OPT)/>$outFile");
|
||||
log_desc("Testing sslv2/sslv3 with client authentication via BIO pair:");
|
||||
log_output("$ssltest -bio_pair -client_auth", $outFile);
|
||||
|
||||
system("$ssltest -bio_pair -server_auth -client_auth (CLIB_OPT)/>$outFile");
|
||||
log_desc("Testing sslv2/sslv3 with both client and server authentication via BIO pair:");
|
||||
log_output("$ssltest -bio_pair -server_auth -client_auth", $outFile);
|
||||
}
|
||||
|
||||
|
||||
############################################################################
|
||||
sub ca_tests
|
||||
{
|
||||
my $outFile = "$output_path\\ca_tst.out";
|
||||
|
||||
my($CAkey) = "$output_path\\keyCA.ss";
|
||||
my($CAcert) = "$output_path\\certCA.ss";
|
||||
my($CAserial) = "$output_path\\certCA.srl";
|
||||
my($CAreq) = "$output_path\\reqCA.ss";
|
||||
my($CAreq2) = "$output_path\\req2CA.ss";
|
||||
|
||||
my($CAconf) = "$test_path\\CAss.cnf";
|
||||
|
||||
my($Uconf) = "$test_path\\Uss.cnf";
|
||||
|
||||
my($Ukey) = "$output_path\\keyU.ss";
|
||||
my($Ureq) = "$output_path\\reqU.ss";
|
||||
my($Ucert) = "$output_path\\certU.ss";
|
||||
|
||||
print( "\nRUNNING CA TESTS:\n\n");
|
||||
|
||||
print( OUT "\n========================================================\n");
|
||||
print( OUT "CA TESTS:\n");
|
||||
|
||||
system("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new (CLIB_OPT)/>$outFile");
|
||||
log_desc("Make a certificate request using req:");
|
||||
log_output("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new", $outFile);
|
||||
|
||||
system("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey (CLIB_OPT)/>$outFile");
|
||||
log_desc("Convert the certificate request into a self signed certificate using x509:");
|
||||
log_output("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey", $outFile);
|
||||
|
||||
system("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 (CLIB_OPT)/>$outFile");
|
||||
log_desc("Convert a certificate into a certificate request using 'x509':");
|
||||
log_output("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2", $outFile);
|
||||
|
||||
system("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout (CLIB_OPT)/>$outFile");
|
||||
log_output("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout", $outFile);
|
||||
|
||||
system("openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout (CLIB_OPT)/>$outFile");
|
||||
log_output( "openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout", $outFile);
|
||||
|
||||
system("openssl2 verify -CAfile $CAcert $CAcert (CLIB_OPT)/>$outFile");
|
||||
log_output("openssl2 verify -CAfile $CAcert $CAcert", $outFile);
|
||||
|
||||
system("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new (CLIB_OPT)/>$outFile");
|
||||
log_desc("Make another certificate request using req:");
|
||||
log_output("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new", $outFile);
|
||||
|
||||
system("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial (CLIB_OPT)/>$outFile");
|
||||
log_desc("Sign certificate request with the just created CA via x509:");
|
||||
log_output("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial", $outFile);
|
||||
|
||||
system("openssl2 verify -CAfile $CAcert $Ucert (CLIB_OPT)/>$outFile");
|
||||
log_output("openssl2 verify -CAfile $CAcert $Ucert", $outFile);
|
||||
|
||||
system("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert (CLIB_OPT)/>$outFile");
|
||||
log_desc("Certificate details");
|
||||
log_output("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert", $outFile);
|
||||
|
||||
print(OUT "--\n");
|
||||
print(OUT "The generated CA certificate is $CAcert\n");
|
||||
print(OUT "The generated CA private key is $CAkey\n");
|
||||
print(OUT "The current CA signing serial number is in $CAserial\n");
|
||||
|
||||
print(OUT "The generated user certificate is $Ucert\n");
|
||||
print(OUT "The generated user private key is $Ukey\n");
|
||||
print(OUT "--\n");
|
||||
}
|
||||
|
||||
############################################################################
|
||||
sub evp_tests
|
||||
{
|
||||
my $i = 'evp_test';
|
||||
|
||||
print( "\nRUNNING EVP TESTS:\n\n");
|
||||
|
||||
print( OUT "\n========================================================\n");
|
||||
print( OUT "EVP TESTS:\n\n");
|
||||
|
||||
if (-e "$base_path\\$i.nlm")
|
||||
{
|
||||
my $outFile = "$output_path\\$i.out";
|
||||
system("$i $test_path\\evptests.txt (CLIB_OPT)/>$outFile");
|
||||
log_desc("Test: $i\.nlm:");
|
||||
log_output("", $outFile );
|
||||
}
|
||||
else
|
||||
{
|
||||
log_desc("Test: $i\.nlm: file not found");
|
||||
}
|
||||
}
|
||||
|
||||
############################################################################
|
||||
sub log_output( $ $ )
|
||||
{
|
||||
my( $desc, $file ) = @_;
|
||||
my($error) = 0;
|
||||
my($key);
|
||||
my($msg);
|
||||
|
||||
if ($desc)
|
||||
{
|
||||
print("\r$desc\n");
|
||||
print(OUT "$desc\n");
|
||||
}
|
||||
|
||||
# loop waiting for test program to complete
|
||||
while ( stat($file) == 0)
|
||||
{ print(". "); sleep(1); }
|
||||
|
||||
|
||||
# copy test output to log file
|
||||
open(IN, "<$file");
|
||||
while (<IN>)
|
||||
{
|
||||
print(OUT $_);
|
||||
if ( $_ =~ /ERROR/ )
|
||||
{
|
||||
$error = 1;
|
||||
}
|
||||
}
|
||||
# close and delete the temporary test output file
|
||||
close(IN);
|
||||
unlink($file);
|
||||
|
||||
if ( $error == 0 )
|
||||
{
|
||||
$msg = "Test Succeeded";
|
||||
}
|
||||
else
|
||||
{
|
||||
$msg = "Test Failed";
|
||||
}
|
||||
|
||||
print(OUT "$msg\n");
|
||||
|
||||
if ($pause)
|
||||
{
|
||||
print("$msg - press ENTER to continue...");
|
||||
$key = getc;
|
||||
print("\n");
|
||||
}
|
||||
|
||||
# Several of the testing scripts run a loop loading the
|
||||
# same NLM with different options.
|
||||
# On slow NetWare machines there appears to be some delay in the
|
||||
# OS actually unloading the test nlms and the OS complains about.
|
||||
# the NLM already being loaded. This additional pause is to
|
||||
# to help provide a little more time for unloading before trying to
|
||||
# load again.
|
||||
sleep(1);
|
||||
}
|
||||
|
||||
|
||||
############################################################################
|
||||
sub log_desc( $ )
|
||||
{
|
||||
my( $desc ) = @_;
|
||||
|
||||
print("\n");
|
||||
print("$desc\n");
|
||||
|
||||
print(OUT "\n");
|
||||
print(OUT "$desc\n");
|
||||
print(OUT "======================================\n");
|
||||
}
|
||||
|
||||
############################################################################
|
||||
sub compare_files( $ $ $ )
|
||||
{
|
||||
my( $file1, $file2, $binary ) = @_;
|
||||
my( $n1, $n2, $b1, $b2 );
|
||||
my($ret) = 1;
|
||||
|
||||
open(IN0, $file1) || die "\nunable to open $file1\n";
|
||||
open(IN1, $file2) || die "\nunable to open $file2\n";
|
||||
|
||||
if ($binary)
|
||||
{
|
||||
binmode IN0;
|
||||
binmode IN1;
|
||||
}
|
||||
|
||||
for (;;)
|
||||
{
|
||||
$n1 = read(IN0, $b1, 512);
|
||||
$n2 = read(IN1, $b2, 512);
|
||||
|
||||
if ($n1 != $n2) {last;}
|
||||
if ($b1 != $b2) {last;}
|
||||
|
||||
if ($n1 == 0)
|
||||
{
|
||||
$ret = 0;
|
||||
last;
|
||||
}
|
||||
}
|
||||
close(IN0);
|
||||
close(IN1);
|
||||
return($ret);
|
||||
}
|
||||
|
||||
############################################################################
|
||||
sub do_wait()
|
||||
{
|
||||
my($key);
|
||||
|
||||
if ($pause)
|
||||
{
|
||||
print("Press ENTER to continue...");
|
||||
$key = getc;
|
||||
print("\n");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
############################################################################
|
||||
sub make_tmp_cert_file()
|
||||
{
|
||||
my @cert_files = <$cert_path/*.pem>;
|
||||
|
||||
# delete the file if it already exists
|
||||
unlink($tmp_cert);
|
||||
|
||||
open( TMP_CERT, ">$tmp_cert") || die "\nunable to open $tmp_cert\n";
|
||||
|
||||
print("building temporary cert file\n");
|
||||
|
||||
# create a temporary cert file that contains all the certs
|
||||
foreach $i (@cert_files)
|
||||
{
|
||||
open( IN_CERT, $i ) || die "\nunable to open $i\n";
|
||||
|
||||
for(;;)
|
||||
{
|
||||
$n = sysread(IN_CERT, $data, 1024);
|
||||
|
||||
if ($n == 0)
|
||||
{
|
||||
close(IN_CERT);
|
||||
last;
|
||||
};
|
||||
|
||||
syswrite(TMP_CERT, $data, $n);
|
||||
}
|
||||
}
|
||||
|
||||
close( TMP_CERT );
|
||||
}
|
|
@ -0,0 +1,254 @@
|
|||
An initial review of the OpenSSL code was done to determine how many
|
||||
global variables where present. The idea was to determine the amount of
|
||||
work required to pull the globals into an instance data structure in
|
||||
order to build a Library NLM for NetWare. This file contains the results
|
||||
of the review. Each file is listed along with the globals in the file.
|
||||
The initial review was done very quickly so this list is probably
|
||||
not a comprehensive list.
|
||||
|
||||
|
||||
cryptlib.c
|
||||
===========================================
|
||||
|
||||
static STACK *app_locks=NULL;
|
||||
|
||||
static STACK_OF(CRYPTO_dynlock) *dyn_locks=NULL;
|
||||
|
||||
static void (MS_FAR *locking_callback)(int mode,int type,
|
||||
const char *file,int line)=NULL;
|
||||
static int (MS_FAR *add_lock_callback)(int *pointer,int amount,
|
||||
int type,const char *file,int line)=NULL;
|
||||
static unsigned long (MS_FAR *id_callback)(void)=NULL;
|
||||
static struct CRYPTO_dynlock_value *(MS_FAR *dynlock_create_callback)
|
||||
(const char *file,int line)=NULL;
|
||||
static void (MS_FAR *dynlock_lock_callback)(int mode,
|
||||
struct CRYPTO_dynlock_value *l, const char *file,int line)=NULL;
|
||||
static void (MS_FAR *dynlock_destroy_callback)(struct CRYPTO_dynlock_value *l,
|
||||
const char *file,int line)=NULL;
|
||||
|
||||
|
||||
mem.c
|
||||
===========================================
|
||||
static int allow_customize = 1; /* we provide flexible functions for */
|
||||
static int allow_customize_debug = 1;/* exchanging memory-related functions at
|
||||
|
||||
/* may be changed as long as `allow_customize' is set */
|
||||
static void *(*malloc_locked_func)(size_t) = malloc;
|
||||
static void (*free_locked_func)(void *) = free;
|
||||
static void *(*malloc_func)(size_t) = malloc;
|
||||
static void *(*realloc_func)(void *, size_t)= realloc;
|
||||
static void (*free_func)(void *) = free;
|
||||
|
||||
/* use default functions from mem_dbg.c */
|
||||
static void (*malloc_debug_func)(void *,int,const char *,int,int)
|
||||
= CRYPTO_dbg_malloc;
|
||||
static void (*realloc_debug_func)(void *,void *,int,const char *,int,int)
|
||||
= CRYPTO_dbg_realloc;
|
||||
static void (*free_debug_func)(void *,int) = CRYPTO_dbg_free;
|
||||
static void (*set_debug_options_func)(long) = CRYPTO_dbg_set_options;
|
||||
static long (*get_debug_options_func)(void) = CRYPTO_dbg_get_options;
|
||||
|
||||
|
||||
mem_dbg.c
|
||||
===========================================
|
||||
static int mh_mode=CRYPTO_MEM_CHECK_OFF;
|
||||
static unsigned long order = 0; /* number of memory requests */
|
||||
static LHASH *mh=NULL; /* hash-table of memory requests (address as key) */
|
||||
|
||||
static LHASH *amih=NULL; /* hash-table with those app_mem_info_st's */
|
||||
static long options = /* extra information to be recorded */
|
||||
static unsigned long disabling_thread = 0;
|
||||
|
||||
|
||||
err.c
|
||||
===========================================
|
||||
static LHASH *error_hash=NULL;
|
||||
static LHASH *thread_hash=NULL;
|
||||
|
||||
several files have routines with static "init" to track if error strings
|
||||
have been loaded ( may not want seperate error strings for each process )
|
||||
The "init" variable can't be left "global" because the error has is a ptr
|
||||
that is malloc'ed. The malloc'ed error has is dependant on the "init"
|
||||
vars.
|
||||
|
||||
files:
|
||||
pem_err.c
|
||||
cpt_err.c
|
||||
pk12err.c
|
||||
asn1_err.c
|
||||
bio_err.c
|
||||
bn_err.c
|
||||
buf_err.c
|
||||
comp_err.c
|
||||
conf_err.c
|
||||
cpt_err.c
|
||||
dh_err.c
|
||||
dsa_err.c
|
||||
dso_err.c
|
||||
evp_err.c
|
||||
obj_err.c
|
||||
pkcs7err.c
|
||||
rand_err.c
|
||||
rsa_err.c
|
||||
rsar_err.c
|
||||
ssl_err.c
|
||||
x509_err.c
|
||||
v3err.c
|
||||
err.c
|
||||
|
||||
These file have similar "init" globals but they are for other stuff not
|
||||
error strings:
|
||||
|
||||
bn_lib.c
|
||||
ecc_enc.c
|
||||
s23_clnt.c
|
||||
s23_meth.c
|
||||
s23_srvr.c
|
||||
s2_clnt.c
|
||||
s2_lib.c
|
||||
s2_meth.c
|
||||
s2_srvr.c
|
||||
s3_clnt.c
|
||||
s3_lib.c
|
||||
s3_srvr.c
|
||||
t1_clnt.c
|
||||
t1_meth.c
|
||||
t1_srvr.c
|
||||
|
||||
rand_lib.c
|
||||
===========================================
|
||||
static RAND_METHOD *rand_meth= &rand_ssleay_meth;
|
||||
|
||||
md_rand.c
|
||||
===========================================
|
||||
static int state_num=0,state_index=0;
|
||||
static unsigned char state[STATE_SIZE+MD_DIGEST_LENGTH];
|
||||
static unsigned char md[MD_DIGEST_LENGTH];
|
||||
static long md_count[2]={0,0};
|
||||
static double entropy=0;
|
||||
static int initialized=0;
|
||||
|
||||
/* This should be set to 1 only when ssleay_rand_add() is called inside
|
||||
an already locked state, so it doesn't try to lock and thereby cause
|
||||
a hang. And it should always be reset back to 0 before unlocking. */
|
||||
static int add_do_not_lock=0;
|
||||
|
||||
obj_dat.c
|
||||
============================================
|
||||
static int new_nid=NUM_NID;
|
||||
static LHASH *added=NULL;
|
||||
|
||||
b_sock.c
|
||||
===========================================
|
||||
static unsigned long BIO_ghbn_hits=0L;
|
||||
static unsigned long BIO_ghbn_miss=0L;
|
||||
static struct ghbn_cache_st
|
||||
{
|
||||
char name[129];
|
||||
struct hostent *ent;
|
||||
unsigned long order;
|
||||
} ghbn_cache[GHBN_NUM];
|
||||
|
||||
static int wsa_init_done=0;
|
||||
|
||||
|
||||
bio_lib.c
|
||||
===========================================
|
||||
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *bio_meth=NULL;
|
||||
static int bio_meth_num=0;
|
||||
|
||||
|
||||
bn_lib.c
|
||||
========================================
|
||||
static int bn_limit_bits=0;
|
||||
static int bn_limit_num=8; /* (1<<bn_limit_bits) */
|
||||
static int bn_limit_bits_low=0;
|
||||
static int bn_limit_num_low=8; /* (1<<bn_limit_bits_low) */
|
||||
static int bn_limit_bits_high=0;
|
||||
static int bn_limit_num_high=8; /* (1<<bn_limit_bits_high) */
|
||||
static int bn_limit_bits_mont=0;
|
||||
static int bn_limit_num_mont=8; /* (1<<bn_limit_bits_mont) */
|
||||
|
||||
conf_lib.c
|
||||
========================================
|
||||
static CONF_METHOD *default_CONF_method=NULL;
|
||||
|
||||
dh_lib.c
|
||||
========================================
|
||||
static DH_METHOD *default_DH_method;
|
||||
static int dh_meth_num = 0;
|
||||
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dh_meth = NULL;
|
||||
|
||||
dsa_lib.c
|
||||
========================================
|
||||
static DSA_METHOD *default_DSA_method;
|
||||
static int dsa_meth_num = 0;
|
||||
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dsa_meth = NULL;
|
||||
|
||||
dso_lib.c
|
||||
========================================
|
||||
static DSO_METHOD *default_DSO_meth = NULL;
|
||||
|
||||
rsa_lib.c
|
||||
========================================
|
||||
static RSA_METHOD *default_RSA_meth=NULL;
|
||||
static int rsa_meth_num=0;
|
||||
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *rsa_meth=NULL;
|
||||
|
||||
x509_trs.c
|
||||
=======================================
|
||||
static int (*default_trust)(int id, X509 *x, int flags) = obj_trust;
|
||||
static STACK_OF(X509_TRUST) *trtable = NULL;
|
||||
|
||||
x509_req.c
|
||||
=======================================
|
||||
static int *ext_nids = ext_nid_list;
|
||||
|
||||
o_names.c
|
||||
======================================
|
||||
static LHASH *names_lh=NULL;
|
||||
static STACK_OF(NAME_FUNCS) *name_funcs_stack;
|
||||
static int free_type;
|
||||
static int names_type_num=OBJ_NAME_TYPE_NUM;
|
||||
|
||||
|
||||
th-lock.c - NEED to add support for locking for NetWare
|
||||
==============================================
|
||||
static long *lock_count;
|
||||
(other platform specific globals)
|
||||
|
||||
x_x509.c
|
||||
==============================================
|
||||
static int x509_meth_num = 0;
|
||||
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_meth = NULL;
|
||||
|
||||
|
||||
evp_pbe.c
|
||||
============================================
|
||||
static STACK *pbe_algs;
|
||||
|
||||
evp_key.c
|
||||
============================================
|
||||
static char prompt_string[80];
|
||||
|
||||
ssl_ciph.c
|
||||
============================================
|
||||
static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
|
||||
|
||||
ssl_lib.c
|
||||
=============================================
|
||||
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_meth=NULL;
|
||||
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_ctx_meth=NULL;
|
||||
static int ssl_meth_num=0;
|
||||
static int ssl_ctx_meth_num=0;
|
||||
|
||||
ssl_sess.c
|
||||
=============================================
|
||||
static int ssl_session_num=0;
|
||||
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_session_meth=NULL;
|
||||
|
||||
x509_vfy.c
|
||||
============================================
|
||||
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_store_ctx_method=NULL;
|
||||
static int x509_store_ctx_num=0;
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
|
||||
Contents of the openssl\netware directory
|
||||
==========================================
|
||||
|
||||
Regular files:
|
||||
|
||||
readme.txt - this file
|
||||
do_tests.pl - perl script used to run the OpenSSL tests on NetWare
|
||||
cpy_tests.bat - batch to to copy test stuff to NetWare server
|
||||
build.bat - batch file to help with builds
|
||||
set_env.bat - batch file to help setup build environments
|
||||
globals.txt - results of initial code review to identify OpenSSL global variables
|
||||
|
||||
|
||||
The following files are generated by the various scripts. They are
|
||||
recreated each time and it is okay to delete them.
|
||||
|
||||
*.def - command files used by Metrowerks linker
|
||||
*.mak - make files generated by mk1mf.pl
|
|
@ -0,0 +1,112 @@
|
|||
@echo off
|
||||
|
||||
rem ========================================================================
|
||||
rem Batch file to assist in setting up the necessary enviroment for
|
||||
rem building OpenSSL for NetWare.
|
||||
rem
|
||||
rem usage:
|
||||
rem set_env [target]
|
||||
rem
|
||||
rem target - "netware-clib" - Clib build
|
||||
rem - "netware-libc" - LibC build
|
||||
rem
|
||||
rem
|
||||
|
||||
if "a%1" == "a" goto usage
|
||||
|
||||
set LIBC_BUILD=
|
||||
set CLIB_BUILD=
|
||||
set GNUC=
|
||||
|
||||
if "%1" == "netware-clib" set CLIB_BUILD=Y
|
||||
if "%1" == "netware-clib" set LIBC_BUILD=
|
||||
|
||||
if "%1" == "netware-libc" set LIBC_BUILD=Y
|
||||
if "%1" == "netware-libc" set CLIB_BUILD=
|
||||
|
||||
if "%2" == "gnuc" set GNUC=Y
|
||||
if "%2" == "codewarrior" set GNUC=
|
||||
|
||||
rem Location of tools (compiler, linker, etc)
|
||||
if "%NDKBASE%" == "" set NDKBASE=c:\Novell
|
||||
|
||||
rem If Perl for Win32 is not already in your path, add it here
|
||||
set PERL_PATH=
|
||||
|
||||
rem Define path to the Metrowerks command line tools
|
||||
rem or GNU Crosscompiler gcc / nlmconv
|
||||
rem ( compiler, assembler, linker)
|
||||
if "%GNUC%" == "Y" set COMPILER_PATH=c:\usr\i586-netware\bin;c:\usr\bin
|
||||
if "%GNUC%" == "" set COMPILER_PATH=c:\prg\cwcmdl40
|
||||
|
||||
rem If using gnu make define path to utility
|
||||
rem set GNU_MAKE_PATH=%NDKBASE%\gnu
|
||||
set GNU_MAKE_PATH=c:\prg\tools
|
||||
|
||||
rem If using ms nmake define path to nmake
|
||||
rem set MS_NMAKE_PATH=%NDKBASE%\msvc\600\bin
|
||||
|
||||
rem If using NASM assembler define path
|
||||
rem set NASM_PATH=%NDKBASE%\nasm
|
||||
set NASM_PATH=c:\prg\tools
|
||||
|
||||
rem Update path to include tool paths
|
||||
set path=%path%;%COMPILER_PATH%
|
||||
if not "%GNU_MAKE_PATH%" == "" set path=%path%;%GNU_MAKE_PATH%
|
||||
if not "%MS_NMAKE_PATH%" == "" set path=%path%;%MS_NMAKE_PATH%
|
||||
if not "%NASM_PATH%" == "" set path=%path%;%NASM_PATH%
|
||||
if not "%PERL_PATH%" == "" set path=%path%;%PERL_PATH%
|
||||
|
||||
rem Set INCLUDES to location of Novell NDK includes
|
||||
if "%LIBC_BUILD%" == "Y" set INCLUDE=%NDKBASE%\ndk\libc\include;%NDKBASE%\ndk\libc\include\winsock
|
||||
if "%CLIB_BUILD%" == "Y" set INCLUDE=%NDKBASE%\ndk\nwsdk\include\nlm;%NDKBASE%\ws295sdk\include
|
||||
|
||||
rem Set Imports to location of Novell NDK import files
|
||||
if "%LIBC_BUILD%" == "Y" set IMPORTS=%NDKBASE%\ndk\libc\imports
|
||||
if "%CLIB_BUILD%" == "Y" set IMPORTS=%NDKBASE%\ndk\nwsdk\imports
|
||||
|
||||
rem Set PRELUDE to the absolute path of the prelude object to link with in
|
||||
rem the Metrowerks NetWare PDK - NOTE: for Clib builds "clibpre.o" is
|
||||
rem recommended, for LibC NKS builds libcpre.o must be used
|
||||
if "%GNUC%" == "Y" goto gnuc
|
||||
if "%LIBC_BUILD%" == "Y" set PRELUDE=%IMPORTS%\libcpre.o
|
||||
rem if "%CLIB_BUILD%" == "Y" set PRELUDE=%IMPORTS%\clibpre.o
|
||||
if "%CLIB_BUILD%" == "Y" set PRELUDE=%IMPORTS%\prelude.o
|
||||
echo using MetroWerks CodeWarrior
|
||||
goto info
|
||||
|
||||
:gnuc
|
||||
if "%LIBC_BUILD%" == "Y" set PRELUDE=%IMPORTS%\libcpre.gcc.o
|
||||
rem if "%CLIB_BUILD%" == "Y" set PRELUDE=%IMPORTS%\clibpre.gcc.o
|
||||
if "%CLIB_BUILD%" == "Y" set PRELUDE=%IMPORTS%\prelude.gcc.o
|
||||
echo using GNU GCC Compiler
|
||||
|
||||
:info
|
||||
echo.
|
||||
|
||||
if "%LIBC_BUILD%" == "Y" echo Enviroment configured for LibC build
|
||||
if "%LIBC_BUILD%" == "Y" echo use "netware\build.bat netware-libc ..."
|
||||
|
||||
if "%CLIB_BUILD%" == "Y" echo Enviroment configured for CLib build
|
||||
if "%CLIB_BUILD%" == "Y" echo use "netware\build.bat netware-clib ..."
|
||||
|
||||
goto end
|
||||
|
||||
:usage
|
||||
rem ===============================================================
|
||||
echo.
|
||||
echo No target build specified!
|
||||
echo.
|
||||
echo usage: set_env [target] [compiler]
|
||||
echo.
|
||||
echo target - "netware-clib" - Clib build
|
||||
echo - "netware-libc" - LibC build
|
||||
echo.
|
||||
echo compiler - "gnuc" - GNU GCC Compiler
|
||||
echo - "codewarrior" - MetroWerks CodeWarrior (default)
|
||||
echo.
|
||||
|
||||
:end
|
||||
echo.
|
||||
|
||||
|
|
@ -0,0 +1,213 @@
|
|||
* System libcrypto.dylib and libssl.dylib are used by system ld on MacOS X.
|
||||
|
||||
|
||||
NOTE: The problem described here only applies when OpenSSL isn't built
|
||||
with shared library support (i.e. without the "shared" configuration
|
||||
option). If you build with shared library support, you will have no
|
||||
problems as long as you set up DYLD_LIBRARY_PATH properly at all times.
|
||||
|
||||
|
||||
This is really a misfeature in ld, which seems to look for .dylib libraries
|
||||
along the whole library path before it bothers looking for .a libraries. This
|
||||
means that -L switches won't matter unless OpenSSL is built with shared
|
||||
library support.
|
||||
|
||||
The workaround may be to change the following lines in apps/Makefile and
|
||||
test/Makefile:
|
||||
|
||||
LIBCRYPTO=-L.. -lcrypto
|
||||
LIBSSL=-L.. -lssl
|
||||
|
||||
to:
|
||||
|
||||
LIBCRYPTO=../libcrypto.a
|
||||
LIBSSL=../libssl.a
|
||||
|
||||
It's possible that something similar is needed for shared library support
|
||||
as well. That hasn't been well tested yet.
|
||||
|
||||
|
||||
Another solution that many seem to recommend is to move the libraries
|
||||
/usr/lib/libcrypto.0.9.dylib, /usr/lib/libssl.0.9.dylib to a different
|
||||
directory, build and install OpenSSL and anything that depends on your
|
||||
build, then move libcrypto.0.9.dylib and libssl.0.9.dylib back to their
|
||||
original places. Note that the version numbers on those two libraries
|
||||
may differ on your machine.
|
||||
|
||||
|
||||
As long as Apple doesn't fix the problem with ld, this problem building
|
||||
OpenSSL will remain as is. Well, the problem was addressed in 0.9.8f by
|
||||
passing -Wl,-search_paths_first, but it's unknown if the flag was
|
||||
supported from the initial MacOS X release.
|
||||
|
||||
|
||||
* Parallell make leads to errors
|
||||
|
||||
While running tests, running a parallell make is a bad idea. Many test
|
||||
scripts use the same name for output and input files, which means different
|
||||
will interfere with each other and lead to test failure.
|
||||
|
||||
The solution is simple for now: don't run parallell make when testing.
|
||||
|
||||
|
||||
* Bugs in gcc triggered
|
||||
|
||||
- According to a problem report, there are bugs in gcc 3.0 that are
|
||||
triggered by some of the code in OpenSSL, more specifically in
|
||||
PEM_get_EVP_CIPHER_INFO(). The triggering code is the following:
|
||||
|
||||
header+=11;
|
||||
if (*header != '4') return(0); header++;
|
||||
if (*header != ',') return(0); header++;
|
||||
|
||||
What happens is that gcc might optimize a little too agressively, and
|
||||
you end up with an extra incrementation when *header != '4'.
|
||||
|
||||
We recommend that you upgrade gcc to as high a 3.x version as you can.
|
||||
|
||||
- According to multiple problem reports, some of our message digest
|
||||
implementations trigger bug[s] in code optimizer in gcc 3.3 for sparc64
|
||||
and gcc 2.96 for ppc. Former fails to complete RIPEMD160 test, while
|
||||
latter - SHA one.
|
||||
|
||||
The recomendation is to upgrade your compiler. This naturally applies to
|
||||
other similar cases.
|
||||
|
||||
- There is a subtle Solaris x86-specific gcc run-time environment bug, which
|
||||
"falls between" OpenSSL [0.9.8 and later], Solaris ld and GCC. The bug
|
||||
manifests itself as Segmentation Fault upon early application start-up.
|
||||
The problem can be worked around by patching the environment according to
|
||||
http://www.openssl.org/~appro/values.c.
|
||||
|
||||
* solaris64-sparcv9-cc SHA-1 performance with WorkShop 6 compiler.
|
||||
|
||||
As subject suggests SHA-1 might perform poorly (4 times slower)
|
||||
if compiled with WorkShop 6 compiler and -xarch=v9. The cause for
|
||||
this seems to be the fact that compiler emits multiplication to
|
||||
perform shift operations:-( To work the problem around configure
|
||||
with './Configure solaris64-sparcv9-cc -DMD32_REG_T=int'.
|
||||
|
||||
* Problems with hp-parisc2-cc target when used with "no-asm" flag
|
||||
|
||||
When using the hp-parisc2-cc target, wrong bignum code is generated.
|
||||
This is due to the SIXTY_FOUR_BIT build being compiled with the +O3
|
||||
aggressive optimization.
|
||||
The problem manifests itself by the BN_kronecker test hanging in an
|
||||
endless loop. Reason: the BN_kronecker test calls BN_generate_prime()
|
||||
which itself hangs. The reason could be tracked down to the bn_mul_comba8()
|
||||
function in bn_asm.c. At some occasions the higher 32bit value of r[7]
|
||||
is off by 1 (meaning: calculated=shouldbe+1). Further analysis failed,
|
||||
as no debugger support possible at +O3 and additional fprintf()'s
|
||||
introduced fixed the bug, therefore it is most likely a bug in the
|
||||
optimizer.
|
||||
The bug was found in the BN_kronecker test but may also lead to
|
||||
failures in other parts of the code.
|
||||
(See Ticket #426.)
|
||||
|
||||
Workaround: modify the target to +O2 when building with no-asm.
|
||||
|
||||
* Problems building shared libraries on SCO OpenServer Release 5.0.6
|
||||
with gcc 2.95.3
|
||||
|
||||
The symptoms appear when running the test suite, more specifically
|
||||
test/ectest, with the following result:
|
||||
|
||||
OSSL_LIBPATH="`cd ..; pwd`"; LD_LIBRARY_PATH="$OSSL_LIBPATH:$LD_LIBRARY_PATH"; DYLD_LIBRARY_PATH="$OSSL_LIBPATH:$DYLD_LIBRARY_PATH"; SHLIB_PATH="$OSSL_LIBPATH:$SHLIB_PATH"; LIBPATH="$OSSL_LIBPATH:$LIBPATH"; if [ "debug-sco5-gcc" = "Cygwin" ]; then PATH="${LIBPATH}:$PATH"; fi; export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; ./ectest
|
||||
ectest.c:186: ABORT
|
||||
|
||||
The cause of the problem seems to be that isxdigit(), called from
|
||||
BN_hex2bn(), returns 0 on a perfectly legitimate hex digit. Further
|
||||
investigation shows that any of the isxxx() macros return 0 on any
|
||||
input. A direct look in the information array that the isxxx() use,
|
||||
called __ctype, shows that it contains all zeroes...
|
||||
|
||||
Taking a look at the newly created libcrypto.so with nm, one can see
|
||||
that the variable __ctype is defined in libcrypto's .bss (which
|
||||
explains why it is filled with zeroes):
|
||||
|
||||
$ nm -Pg libcrypto.so | grep __ctype
|
||||
__ctype B 0011659c
|
||||
__ctype2 U
|
||||
|
||||
Curiously, __ctype2 is undefined, in spite of being declared in
|
||||
/usr/include/ctype.h in exactly the same way as __ctype.
|
||||
|
||||
Any information helping to solve this issue would be deeply
|
||||
appreciated.
|
||||
|
||||
NOTE: building non-shared doesn't come with this problem.
|
||||
|
||||
* ULTRIX build fails with shell errors, such as "bad substitution"
|
||||
and "test: argument expected"
|
||||
|
||||
The problem is caused by ULTRIX /bin/sh supporting only original
|
||||
Bourne shell syntax/semantics, and the trouble is that the vast
|
||||
majority is so accustomed to more modern syntax, that very few
|
||||
people [if any] would recognize the ancient syntax even as valid.
|
||||
This inevitably results in non-trivial scripts breaking on ULTRIX,
|
||||
and OpenSSL isn't an exclusion. Fortunately there is workaround,
|
||||
hire /bin/ksh to do the job /bin/sh fails to do.
|
||||
|
||||
1. Trick make(1) to use /bin/ksh by setting up following environ-
|
||||
ment variables *prior* you execute ./Configure and make:
|
||||
|
||||
PROG_ENV=POSIX
|
||||
MAKESHELL=/bin/ksh
|
||||
export PROG_ENV MAKESHELL
|
||||
|
||||
or if your shell is csh-compatible:
|
||||
|
||||
setenv PROG_ENV POSIX
|
||||
setenv MAKESHELL /bin/ksh
|
||||
|
||||
2. Trick /bin/sh to use alternative expression evaluator. Create
|
||||
following 'test' script for example in /tmp:
|
||||
|
||||
#!/bin/ksh
|
||||
${0##*/} "$@"
|
||||
|
||||
Then 'chmod a+x /tmp/test; ln /tmp/test /tmp/[' and *prepend*
|
||||
your $PATH with chosen location, e.g. PATH=/tmp:$PATH. Alter-
|
||||
natively just replace system /bin/test and /bin/[ with the
|
||||
above script.
|
||||
|
||||
* hpux64-ia64-cc fails blowfish test.
|
||||
|
||||
Compiler bug, presumably at particular patch level. It should be noted
|
||||
that same compiler generates correct 32-bit code, a.k.a. hpux-ia64-cc
|
||||
target. Drop optimization level to +O2 when compiling 64-bit bf_skey.o.
|
||||
|
||||
* no-engines generates errors.
|
||||
|
||||
Unfortunately, the 'no-engines' configuration option currently doesn't
|
||||
work properly. Use 'no-hw' and you'll will at least get no hardware
|
||||
support. We'll see how we fix that on OpenSSL versions past 0.9.8.
|
||||
|
||||
* 'make test' fails in BN_sqr [commonly with "error 139" denoting SIGSEGV]
|
||||
if elder GNU binutils were deployed to link shared libcrypto.so.
|
||||
|
||||
As subject suggests the failure is caused by a bug in elder binutils,
|
||||
either as or ld, and was observed on FreeBSD and Linux. There are two
|
||||
options. First is naturally to upgrade binutils, the second one - to
|
||||
reconfigure with additional no-sse2 [or 386] option passed to ./config.
|
||||
|
||||
* If configured with ./config no-dso, toolkit still gets linked with -ldl,
|
||||
which most notably poses a problem when linking with dietlibc.
|
||||
|
||||
We don't have framework to associate -ldl with no-dso, therefore the only
|
||||
way is to edit Makefile right after ./config no-dso and remove -ldl from
|
||||
EX_LIBS line.
|
||||
|
||||
* hpux-parisc2-cc no-asm build fails with SEGV in ECDSA/DH.
|
||||
|
||||
Compiler bug, presumably at particular patch level. Remaining
|
||||
hpux*-parisc*-cc configurations can be affected too. Drop optimization
|
||||
level to +O2 when compiling bn_nist.o.
|
||||
|
||||
* solaris64-sparcv9-cc link failure
|
||||
|
||||
Solaris 8 ar can fail to maintain symbol table in .a, which results in
|
||||
link failures. Apply 109147-09 or later or modify Makefile generated
|
||||
by ./Configure solaris64-sparcv9-cc and replace RANLIB assignment with
|
||||
|
||||
RANLIB= /usr/ccs/bin/ar rs
|
|
@ -0,0 +1,101 @@
|
|||
|
||||
OpenSSL 1.0.2q 20 Nov 2018
|
||||
|
||||
Copyright (c) 1998-2018 The OpenSSL Project
|
||||
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
|
||||
All rights reserved.
|
||||
|
||||
DESCRIPTION
|
||||
-----------
|
||||
|
||||
The OpenSSL Project is a collaborative effort to develop a robust,
|
||||
commercial-grade, fully featured, and Open Source toolkit implementing the
|
||||
Secure Sockets Layer (SSLv3) and Transport Layer Security (TLS) protocols as
|
||||
well as a full-strength general purpose cryptograpic library. The project is
|
||||
managed by a worldwide community of volunteers that use the Internet to
|
||||
communicate, plan, and develop the OpenSSL toolkit and its related
|
||||
documentation.
|
||||
|
||||
OpenSSL is descended from the SSLeay library developed by Eric A. Young
|
||||
and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the
|
||||
OpenSSL license plus the SSLeay license), which means that you are free to
|
||||
get and use it for commercial and non-commercial purposes as long as you
|
||||
fulfill the conditions of both licenses.
|
||||
|
||||
OVERVIEW
|
||||
--------
|
||||
|
||||
The OpenSSL toolkit includes:
|
||||
|
||||
libssl.a:
|
||||
Provides the client and server-side implementations for SSLv3 and TLS.
|
||||
|
||||
libcrypto.a:
|
||||
Provides general cryptographic and X.509 support needed by SSL/TLS but
|
||||
not logically part of it.
|
||||
|
||||
openssl:
|
||||
A command line tool that can be used for:
|
||||
Creation of key parameters
|
||||
Creation of X.509 certificates, CSRs and CRLs
|
||||
Calculation of message digests
|
||||
Encryption and decryption
|
||||
SSL/TLS client and server tests
|
||||
Handling of S/MIME signed or encrypted mail
|
||||
And more...
|
||||
|
||||
INSTALLATION
|
||||
------------
|
||||
|
||||
See the appropriate file:
|
||||
INSTALL Linux, Unix, etc.
|
||||
INSTALL.DJGPP DOS platform with DJGPP
|
||||
INSTALL.NW Netware
|
||||
INSTALL.OS2 OS/2
|
||||
INSTALL.VMS VMS
|
||||
INSTALL.W32 Windows (32bit)
|
||||
INSTALL.W64 Windows (64bit)
|
||||
INSTALL.WCE Windows CE
|
||||
|
||||
SUPPORT
|
||||
-------
|
||||
|
||||
See the OpenSSL website www.openssl.org for details on how to obtain
|
||||
commercial technical support.
|
||||
|
||||
If you have any problems with OpenSSL then please take the following steps
|
||||
first:
|
||||
|
||||
- Download the latest version from the repository
|
||||
to see if the problem has already been addressed
|
||||
- Configure with no-asm
|
||||
- Remove compiler optimisation flags
|
||||
|
||||
If you wish to report a bug then please include the following information
|
||||
and create an issue on GitHub:
|
||||
|
||||
- On Unix systems:
|
||||
Self-test report generated by 'make report'
|
||||
- On other systems:
|
||||
OpenSSL version: output of 'openssl version -a'
|
||||
OS Name, Version, Hardware platform
|
||||
Compiler Details (name, version)
|
||||
- Application Details (name, version)
|
||||
- Problem Description (steps that will reproduce the problem, if known)
|
||||
- Stack Traceback (if the application dumps core)
|
||||
|
||||
Just because something doesn't work the way you expect does not mean it
|
||||
is necessarily a bug in OpenSSL.
|
||||
|
||||
HOW TO CONTRIBUTE TO OpenSSL
|
||||
----------------------------
|
||||
|
||||
See CONTRIBUTING
|
||||
|
||||
LEGALITIES
|
||||
----------
|
||||
|
||||
A number of nations restrict the use or export of cryptography. If you
|
||||
are potentially subject to such restrictions you should seek competent
|
||||
professional legal advice before attempting to develop or distribute
|
||||
cryptographic code.
|
|
@ -0,0 +1,187 @@
|
|||
|
||||
OpenSSL ASN1 Revision
|
||||
=====================
|
||||
|
||||
This document describes some of the issues relating to the new ASN1 code.
|
||||
|
||||
Previous OpenSSL ASN1 problems
|
||||
=============================
|
||||
|
||||
OK why did the OpenSSL ASN1 code need revising in the first place? Well
|
||||
there are lots of reasons some of which are included below...
|
||||
|
||||
1. The code is difficult to read and write. For every single ASN1 structure
|
||||
(e.g. SEQUENCE) four functions need to be written for new, free, encode and
|
||||
decode operations. This is a very painful and error prone operation. Very few
|
||||
people have ever written any OpenSSL ASN1 and those that have usually wish
|
||||
they hadn't.
|
||||
|
||||
2. Partly because of 1. the code is bloated and takes up a disproportionate
|
||||
amount of space. The SEQUENCE encoder is particularly bad: it essentially
|
||||
contains two copies of the same operation, one to compute the SEQUENCE length
|
||||
and the other to encode it.
|
||||
|
||||
3. The code is memory based: that is it expects to be able to read the whole
|
||||
structure from memory. This is fine for small structures but if you have a
|
||||
(say) 1Gb PKCS#7 signedData structure it isn't such a good idea...
|
||||
|
||||
4. The code for the ASN1 IMPLICIT tag is evil. It is handled by temporarily
|
||||
changing the tag to the expected one, attempting to read it, then changing it
|
||||
back again. This means that decode buffers have to be writable even though they
|
||||
are ultimately unchanged. This gets in the way of constification.
|
||||
|
||||
5. The handling of EXPLICIT isn't much better. It adds a chunk of code into
|
||||
the decoder and encoder for every EXPLICIT tag.
|
||||
|
||||
6. APPLICATION and PRIVATE tags aren't even supported at all.
|
||||
|
||||
7. Even IMPLICIT isn't complete: there is no support for implicitly tagged
|
||||
types that are not OPTIONAL.
|
||||
|
||||
8. Much of the code assumes that a tag will fit in a single octet. This is
|
||||
only true if the tag is 30 or less (mercifully tags over 30 are rare).
|
||||
|
||||
9. The ASN1 CHOICE type has to be largely handled manually, there aren't any
|
||||
macros that properly support it.
|
||||
|
||||
10. Encoders have no concept of OPTIONAL and have no error checking. If the
|
||||
passed structure contains a NULL in a mandatory field it will not be encoded,
|
||||
resulting in an invalid structure.
|
||||
|
||||
11. It is tricky to add ASN1 encoders and decoders to external applications.
|
||||
|
||||
Template model
|
||||
==============
|
||||
|
||||
One of the major problems with revision is the sheer volume of the ASN1 code.
|
||||
Attempts to change (for example) the IMPLICIT behaviour would result in a
|
||||
modification of *every* single decode function.
|
||||
|
||||
I decided to adopt a template based approach. I'm using the term 'template'
|
||||
in a manner similar to SNACC templates: it has nothing to do with C++
|
||||
templates.
|
||||
|
||||
A template is a description of an ASN1 module as several constant C structures.
|
||||
It describes in a machine readable way exactly how the ASN1 structure should
|
||||
behave. If this template contains enough detail then it is possible to write
|
||||
versions of new, free, encode, decode (and possibly others operations) that
|
||||
operate on templates.
|
||||
|
||||
Instead of having to write code to handle each operation only a single
|
||||
template needs to be written. If new operations are needed (such as a 'print'
|
||||
operation) only a single new template based function needs to be written
|
||||
which will then automatically handle all existing templates.
|
||||
|
||||
Plans for revision
|
||||
==================
|
||||
|
||||
The revision will consist of the following steps. Other than the first two
|
||||
these can be handled in any order.
|
||||
|
||||
o Design and write template new, free, encode and decode operations, initially
|
||||
memory based. *DONE*
|
||||
|
||||
o Convert existing ASN1 code to template form. *IN PROGRESS*
|
||||
|
||||
o Convert an existing ASN1 compiler (probably SNACC) to output templates
|
||||
in OpenSSL form.
|
||||
|
||||
o Add support for BIO based ASN1 encoders and decoders to handle large
|
||||
structures, initially blocking I/O.
|
||||
|
||||
o Add support for non blocking I/O: this is quite a bit harder than blocking
|
||||
I/O.
|
||||
|
||||
o Add new ASN1 structures, such as OCSP, CRMF, S/MIME v3 (CMS), attribute
|
||||
certificates etc etc.
|
||||
|
||||
Description of major changes
|
||||
============================
|
||||
|
||||
The BOOLEAN type now takes three values. 0xff is TRUE, 0 is FALSE and -1 is
|
||||
absent. The meaning of absent depends on the context. If for example the
|
||||
boolean type is DEFAULT FALSE (as in the case of the critical flag for
|
||||
certificate extensions) then -1 is FALSE, if DEFAULT TRUE then -1 is TRUE.
|
||||
Usually the value will only ever be read via an API which will hide this from
|
||||
an application.
|
||||
|
||||
There is an evil bug in the old ASN1 code that mishandles OPTIONAL with
|
||||
SEQUENCE OF or SET OF. These are both implemented as a STACK structure. The
|
||||
old code would omit the structure if the STACK was NULL (which is fine) or if
|
||||
it had zero elements (which is NOT OK). This causes problems because an empty
|
||||
SEQUENCE OF or SET OF will result in an empty STACK when it is decoded but when
|
||||
it is encoded it will be omitted resulting in different encodings. The new code
|
||||
only omits the encoding if the STACK is NULL, if it contains zero elements it
|
||||
is encoded and empty. There is an additional problem though: because an empty
|
||||
STACK was omitted, sometimes the corresponding *_new() function would
|
||||
initialize the STACK to empty so an application could immediately use it, if
|
||||
this is done with the new code (i.e. a NULL) it wont work. Therefore a new
|
||||
STACK should be allocated first. One instance of this is the X509_CRL list of
|
||||
revoked certificates: a helper function X509_CRL_add0_revoked() has been added
|
||||
for this purpose.
|
||||
|
||||
The X509_ATTRIBUTE structure used to have an element called 'set' which took
|
||||
the value 1 if the attribute value was a SET OF or 0 if it was a single. Due
|
||||
to the behaviour of CHOICE in the new code this has been changed to a field
|
||||
called 'single' which is 0 for a SET OF and 1 for single. The old field has
|
||||
been deleted to deliberately break source compatibility. Since this structure
|
||||
is normally accessed via higher level functions this shouldn't break too much.
|
||||
|
||||
The X509_REQ_INFO certificate request info structure no longer has a field
|
||||
called 'req_kludge'. This used to be set to 1 if the attributes field was
|
||||
(incorrectly) omitted. You can check to see if the field is omitted now by
|
||||
checking if the attributes field is NULL. Similarly if you need to omit
|
||||
the field then free attributes and set it to NULL.
|
||||
|
||||
The top level 'detached' field in the PKCS7 structure is no longer set when
|
||||
a PKCS#7 structure is read in. PKCS7_is_detached() should be called instead.
|
||||
The behaviour of PKCS7_get_detached() is unaffected.
|
||||
|
||||
The values of 'type' in the GENERAL_NAME structure have changed. This is
|
||||
because the old code use the ASN1 initial octet as the selector. The new
|
||||
code uses the index in the ASN1_CHOICE template.
|
||||
|
||||
The DIST_POINT_NAME structure has changed to be a true CHOICE type.
|
||||
|
||||
typedef struct DIST_POINT_NAME_st {
|
||||
int type;
|
||||
union {
|
||||
STACK_OF(GENERAL_NAME) *fullname;
|
||||
STACK_OF(X509_NAME_ENTRY) *relativename;
|
||||
} name;
|
||||
} DIST_POINT_NAME;
|
||||
|
||||
This means that name.fullname or name.relativename should be set
|
||||
and type reflects the option. That is if name.fullname is set then
|
||||
type is 0 and if name.relativename is set type is 1.
|
||||
|
||||
With the old code using the i2d functions would typically involve:
|
||||
|
||||
unsigned char *buf, *p;
|
||||
int len;
|
||||
/* Find length of encoding */
|
||||
len = i2d_SOMETHING(x, NULL);
|
||||
/* Allocate buffer */
|
||||
buf = OPENSSL_malloc(len);
|
||||
if(buf == NULL) {
|
||||
/* Malloc error */
|
||||
}
|
||||
/* Use temp variable because &p gets updated to point to end of
|
||||
* encoding.
|
||||
*/
|
||||
p = buf;
|
||||
i2d_SOMETHING(x, &p);
|
||||
|
||||
|
||||
Using the new i2d you can also do:
|
||||
|
||||
unsigned char *buf = NULL;
|
||||
int len;
|
||||
len = i2d_SOMETHING(x, &buf);
|
||||
if(len < 0) {
|
||||
/* Malloc error */
|
||||
}
|
||||
|
||||
and it will automatically allocate and populate a buffer with the
|
||||
encoding. After this call 'buf' will point to the start of the
|
||||
encoding which is len bytes long.
|
|
@ -0,0 +1,289 @@
|
|||
ENGINE
|
||||
======
|
||||
|
||||
With OpenSSL 0.9.6, a new component was added to support alternative
|
||||
cryptography implementations, most commonly for interfacing with external
|
||||
crypto devices (eg. accelerator cards). This component is called ENGINE,
|
||||
and its presence in OpenSSL 0.9.6 (and subsequent bug-fix releases)
|
||||
caused a little confusion as 0.9.6** releases were rolled in two
|
||||
versions, a "standard" and an "engine" version. In development for 0.9.7,
|
||||
the ENGINE code has been merged into the main branch and will be present
|
||||
in the standard releases from 0.9.7 forwards.
|
||||
|
||||
There are currently built-in ENGINE implementations for the following
|
||||
crypto devices:
|
||||
|
||||
o CryptoSwift
|
||||
o Compaq Atalla
|
||||
o nCipher CHIL
|
||||
o Nuron
|
||||
o Broadcom uBSec
|
||||
|
||||
In addition, dynamic binding to external ENGINE implementations is now
|
||||
provided by a special ENGINE called "dynamic". See the "DYNAMIC ENGINE"
|
||||
section below for details.
|
||||
|
||||
At this stage, a number of things are still needed and are being worked on:
|
||||
|
||||
1 Integration of EVP support.
|
||||
2 Configuration support.
|
||||
3 Documentation!
|
||||
|
||||
1 With respect to EVP, this relates to support for ciphers and digests in
|
||||
the ENGINE model so that alternative implementations of existing
|
||||
algorithms/modes (or previously unimplemented ones) can be provided by
|
||||
ENGINE implementations.
|
||||
|
||||
2 Configuration support currently exists in the ENGINE API itself, in the
|
||||
form of "control commands". These allow an application to expose to the
|
||||
user/admin the set of commands and parameter types a given ENGINE
|
||||
implementation supports, and for an application to directly feed string
|
||||
based input to those ENGINEs, in the form of name-value pairs. This is an
|
||||
extensible way for ENGINEs to define their own "configuration" mechanisms
|
||||
that are specific to a given ENGINE (eg. for a particular hardware
|
||||
device) but that should be consistent across *all* OpenSSL-based
|
||||
applications when they use that ENGINE. Work is in progress (or at least
|
||||
in planning) for supporting these control commands from the CONF (or
|
||||
NCONF) code so that applications using OpenSSL's existing configuration
|
||||
file format can have ENGINE settings specified in much the same way.
|
||||
Presently however, applications must use the ENGINE API itself to provide
|
||||
such functionality. To see first hand the types of commands available
|
||||
with the various compiled-in ENGINEs (see further down for dynamic
|
||||
ENGINEs), use the "engine" openssl utility with full verbosity, ie;
|
||||
openssl engine -vvvv
|
||||
|
||||
3 Documentation? Volunteers welcome! The source code is reasonably well
|
||||
self-documenting, but some summaries and usage instructions are needed -
|
||||
moreover, they are needed in the same POD format the existing OpenSSL
|
||||
documentation is provided in. Any complete or incomplete contributions
|
||||
would help make this happen.
|
||||
|
||||
STABILITY & BUG-REPORTS
|
||||
=======================
|
||||
|
||||
What already exists is fairly stable as far as it has been tested, but
|
||||
the test base has been a bit small most of the time. For the most part,
|
||||
the vendors of the devices these ENGINEs support have contributed to the
|
||||
development and/or testing of the implementations, and *usually* (with no
|
||||
guarantees) have experience in using the ENGINE support to drive their
|
||||
devices from common OpenSSL-based applications. Bugs and/or inexplicable
|
||||
behaviour in using a specific ENGINE implementation should be sent to the
|
||||
author of that implementation (if it is mentioned in the corresponding C
|
||||
file), and in the case of implementations for commercial hardware
|
||||
devices, also through whatever vendor support channels are available. If
|
||||
none of this is possible, or the problem seems to be something about the
|
||||
ENGINE API itself (ie. not necessarily specific to a particular ENGINE
|
||||
implementation) then you should mail complete details to the relevant
|
||||
OpenSSL mailing list. For a definition of "complete details", refer to
|
||||
the OpenSSL "README" file. As for which list to send it to;
|
||||
|
||||
openssl-users: if you are *using* the ENGINE abstraction, either in an
|
||||
pre-compiled application or in your own application code.
|
||||
|
||||
openssl-dev: if you are discussing problems with OpenSSL source code.
|
||||
|
||||
USAGE
|
||||
=====
|
||||
|
||||
The default "openssl" ENGINE is always chosen when performing crypto
|
||||
operations unless you specify otherwise. You must actively tell the
|
||||
openssl utility commands to use anything else through a new command line
|
||||
switch called "-engine". Also, if you want to use the ENGINE support in
|
||||
your own code to do something similar, you must likewise explicitly
|
||||
select the ENGINE implementation you want.
|
||||
|
||||
Depending on the type of hardware, system, and configuration, "settings"
|
||||
may need to be applied to an ENGINE for it to function as expected/hoped.
|
||||
The recommended way of doing this is for the application to support
|
||||
ENGINE "control commands" so that each ENGINE implementation can provide
|
||||
whatever configuration primitives it might require and the application
|
||||
can allow the user/admin (and thus the hardware vendor's support desk
|
||||
also) to provide any such input directly to the ENGINE implementation.
|
||||
This way, applications do not need to know anything specific to any
|
||||
device, they only need to provide the means to carry such user/admin
|
||||
input through to the ENGINE in question. Ie. this connects *you* (and
|
||||
your helpdesk) to the specific ENGINE implementation (and device), and
|
||||
allows application authors to not get buried in hassle supporting
|
||||
arbitrary devices they know (and care) nothing about.
|
||||
|
||||
A new "openssl" utility, "openssl engine", has been added in that allows
|
||||
for testing and examination of ENGINE implementations. Basic usage
|
||||
instructions are available by specifying the "-?" command line switch.
|
||||
|
||||
DYNAMIC ENGINES
|
||||
===============
|
||||
|
||||
The new "dynamic" ENGINE provides a low-overhead way to support ENGINE
|
||||
implementations that aren't pre-compiled and linked into OpenSSL-based
|
||||
applications. This could be because existing compiled-in implementations
|
||||
have known problems and you wish to use a newer version with an existing
|
||||
application. It could equally be because the application (or OpenSSL
|
||||
library) you are using simply doesn't have support for the ENGINE you
|
||||
wish to use, and the ENGINE provider (eg. hardware vendor) is providing
|
||||
you with a self-contained implementation in the form of a shared-library.
|
||||
The other use-case for "dynamic" is with applications that wish to
|
||||
maintain the smallest foot-print possible and so do not link in various
|
||||
ENGINE implementations from OpenSSL, but instead leaves you to provide
|
||||
them, if you want them, in the form of "dynamic"-loadable
|
||||
shared-libraries. It should be possible for hardware vendors to provide
|
||||
their own shared-libraries to support arbitrary hardware to work with
|
||||
applications based on OpenSSL 0.9.7 or later. If you're using an
|
||||
application based on 0.9.7 (or later) and the support you desire is only
|
||||
announced for versions later than the one you need, ask the vendor to
|
||||
backport their ENGINE to the version you need.
|
||||
|
||||
How does "dynamic" work?
|
||||
------------------------
|
||||
The dynamic ENGINE has a special flag in its implementation such that
|
||||
every time application code asks for the 'dynamic' ENGINE, it in fact
|
||||
gets its own copy of it. As such, multi-threaded code (or code that
|
||||
multiplexes multiple uses of 'dynamic' in a single application in any
|
||||
way at all) does not get confused by 'dynamic' being used to do many
|
||||
independent things. Other ENGINEs typically don't do this so there is
|
||||
only ever 1 ENGINE structure of its type (and reference counts are used
|
||||
to keep order). The dynamic ENGINE itself provides absolutely no
|
||||
cryptographic functionality, and any attempt to "initialise" the ENGINE
|
||||
automatically fails. All it does provide are a few "control commands"
|
||||
that can be used to control how it will load an external ENGINE
|
||||
implementation from a shared-library. To see these control commands,
|
||||
use the command-line;
|
||||
|
||||
openssl engine -vvvv dynamic
|
||||
|
||||
The "SO_PATH" control command should be used to identify the
|
||||
shared-library that contains the ENGINE implementation, and "NO_VCHECK"
|
||||
might possibly be useful if there is a minor version conflict and you
|
||||
(or a vendor helpdesk) is convinced you can safely ignore it.
|
||||
"ID" is probably only needed if a shared-library implements
|
||||
multiple ENGINEs, but if you know the engine id you expect to be using,
|
||||
it doesn't hurt to specify it (and this provides a sanity check if
|
||||
nothing else). "LIST_ADD" is only required if you actually wish the
|
||||
loaded ENGINE to be discoverable by application code later on using the
|
||||
ENGINE's "id". For most applications, this isn't necessary - but some
|
||||
application authors may have nifty reasons for using it. The "LOAD"
|
||||
command is the only one that takes no parameters and is the command
|
||||
that uses the settings from any previous commands to actually *load*
|
||||
the shared-library ENGINE implementation. If this command succeeds, the
|
||||
(copy of the) 'dynamic' ENGINE will magically morph into the ENGINE
|
||||
that has been loaded from the shared-library. As such, any control
|
||||
commands supported by the loaded ENGINE could then be executed as per
|
||||
normal. Eg. if ENGINE "foo" is implemented in the shared-library
|
||||
"libfoo.so" and it supports some special control command "CMD_FOO", the
|
||||
following code would load and use it (NB: obviously this code has no
|
||||
error checking);
|
||||
|
||||
ENGINE *e = ENGINE_by_id("dynamic");
|
||||
ENGINE_ctrl_cmd_string(e, "SO_PATH", "/lib/libfoo.so", 0);
|
||||
ENGINE_ctrl_cmd_string(e, "ID", "foo", 0);
|
||||
ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0);
|
||||
ENGINE_ctrl_cmd_string(e, "CMD_FOO", "some input data", 0);
|
||||
|
||||
For testing, the "openssl engine" utility can be useful for this sort
|
||||
of thing. For example the above code excerpt would achieve much the
|
||||
same result as;
|
||||
|
||||
openssl engine dynamic \
|
||||
-pre SO_PATH:/lib/libfoo.so \
|
||||
-pre ID:foo \
|
||||
-pre LOAD \
|
||||
-pre "CMD_FOO:some input data"
|
||||
|
||||
Or to simply see the list of commands supported by the "foo" ENGINE;
|
||||
|
||||
openssl engine -vvvv dynamic \
|
||||
-pre SO_PATH:/lib/libfoo.so \
|
||||
-pre ID:foo \
|
||||
-pre LOAD
|
||||
|
||||
Applications that support the ENGINE API and more specifically, the
|
||||
"control commands" mechanism, will provide some way for you to pass
|
||||
such commands through to ENGINEs. As such, you would select "dynamic"
|
||||
as the ENGINE to use, and the parameters/commands you pass would
|
||||
control the *actual* ENGINE used. Each command is actually a name-value
|
||||
pair and the value can sometimes be omitted (eg. the "LOAD" command).
|
||||
Whilst the syntax demonstrated in "openssl engine" uses a colon to
|
||||
separate the command name from the value, applications may provide
|
||||
their own syntax for making that separation (eg. a win32 registry
|
||||
key-value pair may be used by some applications). The reason for the
|
||||
"-pre" syntax in the "openssl engine" utility is that some commands
|
||||
might be issued to an ENGINE *after* it has been initialised for use.
|
||||
Eg. if an ENGINE implementation requires a smart-card to be inserted
|
||||
during initialisation (or a PIN to be typed, or whatever), there may be
|
||||
a control command you can issue afterwards to "forget" the smart-card
|
||||
so that additional initialisation is no longer possible. In
|
||||
applications such as web-servers, where potentially volatile code may
|
||||
run on the same host system, this may provide some arguable security
|
||||
value. In such a case, the command would be passed to the ENGINE after
|
||||
it has been initialised for use, and so the "-post" switch would be
|
||||
used instead. Applications may provide a different syntax for
|
||||
supporting this distinction, and some may simply not provide it at all
|
||||
("-pre" is almost always what you're after, in reality).
|
||||
|
||||
How do I build a "dynamic" ENGINE?
|
||||
----------------------------------
|
||||
This question is trickier - currently OpenSSL bundles various ENGINE
|
||||
implementations that are statically built in, and any application that
|
||||
calls the "ENGINE_load_builtin_engines()" function will automatically
|
||||
have all such ENGINEs available (and occupying memory). Applications
|
||||
that don't call that function have no ENGINEs available like that and
|
||||
would have to use "dynamic" to load any such ENGINE - but on the other
|
||||
hand such applications would only have the memory footprint of any
|
||||
ENGINEs explicitly loaded using user/admin provided control commands.
|
||||
The main advantage of not statically linking ENGINEs and only using
|
||||
"dynamic" for hardware support is that any installation using no
|
||||
"external" ENGINE suffers no unnecessary memory footprint from unused
|
||||
ENGINEs. Likewise, installations that do require an ENGINE incur the
|
||||
overheads from only *that* ENGINE once it has been loaded.
|
||||
|
||||
Sounds good? Maybe, but currently building an ENGINE implementation as
|
||||
a shared-library that can be loaded by "dynamic" isn't automated in
|
||||
OpenSSL's build process. It can be done manually quite easily however.
|
||||
Such a shared-library can either be built with any OpenSSL code it
|
||||
needs statically linked in, or it can link dynamically against OpenSSL
|
||||
if OpenSSL itself is built as a shared library. The instructions are
|
||||
the same in each case, but in the former (statically linked any
|
||||
dependencies on OpenSSL) you must ensure OpenSSL is built with
|
||||
position-independent code ("PIC"). The default OpenSSL compilation may
|
||||
already specify the relevant flags to do this, but you should consult
|
||||
with your compiler documentation if you are in any doubt.
|
||||
|
||||
This example will show building the "atalla" ENGINE in the
|
||||
crypto/engine/ directory as a shared-library for use via the "dynamic"
|
||||
ENGINE.
|
||||
1) "cd" to the crypto/engine/ directory of a pre-compiled OpenSSL
|
||||
source tree.
|
||||
2) Recompile at least one source file so you can see all the compiler
|
||||
flags (and syntax) being used to build normally. Eg;
|
||||
touch hw_atalla.c ; make
|
||||
will rebuild "hw_atalla.o" using all such flags.
|
||||
3) Manually enter the same compilation line to compile the
|
||||
"hw_atalla.c" file but with the following two changes;
|
||||
(a) add "-DENGINE_DYNAMIC_SUPPORT" to the command line switches,
|
||||
(b) change the output file from "hw_atalla.o" to something new,
|
||||
eg. "tmp_atalla.o"
|
||||
4) Link "tmp_atalla.o" into a shared-library using the top-level
|
||||
OpenSSL libraries to resolve any dependencies. The syntax for doing
|
||||
this depends heavily on your system/compiler and is a nightmare
|
||||
known well to anyone who has worked with shared-library portability
|
||||
before. 'gcc' on Linux, for example, would use the following syntax;
|
||||
gcc -shared -o dyn_atalla.so tmp_atalla.o -L../.. -lcrypto
|
||||
5) Test your shared library using "openssl engine" as explained in the
|
||||
previous section. Eg. from the top-level directory, you might try;
|
||||
apps/openssl engine -vvvv dynamic \
|
||||
-pre SO_PATH:./crypto/engine/dyn_atalla.so -pre LOAD
|
||||
If the shared-library loads successfully, you will see both "-pre"
|
||||
commands marked as "SUCCESS" and the list of control commands
|
||||
displayed (because of "-vvvv") will be the control commands for the
|
||||
*atalla* ENGINE (ie. *not* the 'dynamic' ENGINE). You can also add
|
||||
the "-t" switch to the utility if you want it to try and initialise
|
||||
the atalla ENGINE for use to test any possible hardware/driver
|
||||
issues.
|
||||
|
||||
PROBLEMS
|
||||
========
|
||||
|
||||
It seems like the ENGINE part doesn't work too well with CryptoSwift on Win32.
|
||||
A quick test done right before the release showed that trying "openssl speed
|
||||
-engine cswift" generated errors. If the DSO gets enabled, an attempt is made
|
||||
to write at memory address 0x00000002.
|
||||
|
Разница между файлами не показана из-за своего большого размера
Загрузить разницу
|
@ -0,0 +1,18 @@
|
|||
TODO:
|
||||
=====
|
||||
|
||||
There are a few things that need to be worked out in the VMS version of
|
||||
OpenSSL, still:
|
||||
|
||||
- Description files. ("Makefile's" :-))
|
||||
- Script code to link an already compiled build tree.
|
||||
- A VMSINSTALlable version (way in the future, unless someone else hacks).
|
||||
- shareable images (DLL for you Windows folks).
|
||||
|
||||
There may be other things that I have missed and that may be desirable.
|
||||
Please send mail to <openssl-users@openssl.org> or to me directly if you
|
||||
have any ideas.
|
||||
|
||||
--
|
||||
Richard Levitte <richard@levitte.org>
|
||||
1999-05-24
|
|
@ -0,0 +1,34 @@
|
|||
#! /usr/bin/perl
|
||||
|
||||
use strict;
|
||||
use warnings;
|
||||
|
||||
my @directory_vars = ( "dir", "certs", "crl_dir", "new_certs_dir" );
|
||||
my @file_vars = ( "database", "certificate", "serial", "crlnumber",
|
||||
"crl", "private_key", "RANDFILE" );
|
||||
while(<STDIN>) {
|
||||
chomp;
|
||||
foreach my $d (@directory_vars) {
|
||||
if (/^(\s*\#?\s*${d}\s*=\s*)\.\/([^\s\#]*)([\s\#].*)$/) {
|
||||
$_ = "$1sys\\\$disk:\[.$2$3";
|
||||
} elsif (/^(\s*\#?\s*${d}\s*=\s*)(\w[^\s\#]*)([\s\#].*)$/) {
|
||||
$_ = "$1sys\\\$disk:\[.$2$3";
|
||||
}
|
||||
s/^(\s*\#?\s*${d}\s*=\s*\$\w+)\/([^\s\#]*)([\s\#].*)$/$1.$2\]$3/;
|
||||
while(/^(\s*\#?\s*${d}\s*=\s*(\$\w+\.|sys\\\$disk:\[\.)[\w\.]+)\/([^\]]*)\](.*)$/) {
|
||||
$_ = "$1.$3]$4";
|
||||
}
|
||||
}
|
||||
foreach my $f (@file_vars) {
|
||||
s/^(\s*\#?\s*${f}\s*=\s*)\.\/(.*)$/$1sys\\\$disk:\[\/$2/;
|
||||
while(/^(\s*\#?\s*${f}\s*=\s*(\$\w+|sys\\\$disk:\[)[^\/]*)\/(\w+\/[^\s\#]*)([\s\#].*)$/) {
|
||||
$_ = "$1.$3$4";
|
||||
}
|
||||
if (/^(\s*\#?\s*${f}\s*=\s*(\$\w+|sys\\\$disk:\[)[^\/]*)\/(\w+)([\s\#].*)$/) {
|
||||
$_ = "$1]$3.$4";
|
||||
} elsif (/^(\s*\#?\s*${f}\s*=\s*(\$\w+|sys\\\$disk:\[)[^\/]*)\/([^\s\#]*)([\s\#].*)$/) {
|
||||
$_ = "$1]$3$4";
|
||||
}
|
||||
}
|
||||
print $_,"\n";
|
||||
}
|
|
@ -0,0 +1,4 @@
|
|||
* Have the building procedure contain a LINK-only possibility.
|
||||
Wished by Mark Daniel <mark.daniel@dsto.defence.gov.au>
|
||||
|
||||
One way to enable that is also to go over to DESCRIP.MMS files.
|
|
@ -0,0 +1,67 @@
|
|||
$! install-vms.com -- Installs the files in a given directory tree
|
||||
$!
|
||||
$! Author: Richard Levitte <richard@levitte.org>
|
||||
$! Time of creation: 23-MAY-1998 19:22
|
||||
$!
|
||||
$! P1 root of the directory tree
|
||||
$!
|
||||
$!
|
||||
$! Announce/identify.
|
||||
$!
|
||||
$ proc = f$environment( "procedure")
|
||||
$ write sys$output "@@@ "+ -
|
||||
f$parse( proc, , , "name")+ f$parse( proc, , , "type")
|
||||
$!
|
||||
$ on error then goto tidy
|
||||
$ on control_c then goto tidy
|
||||
$!
|
||||
$ if p1 .eqs. ""
|
||||
$ then
|
||||
$ write sys$output "First argument missing."
|
||||
$ write sys$output -
|
||||
"Should be the directory where you want things installed."
|
||||
$ exit
|
||||
$ endif
|
||||
$
|
||||
$ if (f$getsyi( "cpu") .lt. 128)
|
||||
$ then
|
||||
$ arch = "VAX"
|
||||
$ else
|
||||
$ arch = f$edit( f$getsyi( "arch_name"), "upcase")
|
||||
$ if (arch .eqs. "") then arch = "UNK"
|
||||
$ endif
|
||||
$
|
||||
$ root = f$parse( P1, "[]A.;0", , , "SYNTAX_ONLY, NO_CONCEAL")- "A.;0"
|
||||
$ root_dev = f$parse( root, , , "device", "syntax_only")
|
||||
$ root_dir = f$parse( root, , , "directory", "syntax_only") - -
|
||||
"[000000." - "][" - "[" - "]"
|
||||
$ root = root_dev + "[" + root_dir
|
||||
$
|
||||
$ define /nolog wrk_sslroot 'root'.] /translation_attributes = concealed
|
||||
$ define /nolog wrk_sslinclude wrk_sslroot:[include]
|
||||
$
|
||||
$ if f$parse( "wrk_sslroot:[000000]") .eqs. "" then -
|
||||
create /directory /log wrk_sslroot:[000000]
|
||||
$ if f$parse( "wrk_sslinclude:") .eqs. "" then -
|
||||
create /directory /log wrk_sslinclude:
|
||||
$ if f$parse( "wrk_sslroot:[vms]") .eqs. "" then -
|
||||
create /directory /log wrk_sslroot:[vms]
|
||||
$!
|
||||
$ copy /log /protection = world:re openssl_startup.com wrk_sslroot:[vms]
|
||||
$ copy /log /protection = world:re openssl_undo.com wrk_sslroot:[vms]
|
||||
$ copy /log /protection = world:re openssl_utils.com wrk_sslroot:[vms]
|
||||
$!
|
||||
$ tidy:
|
||||
$!
|
||||
$ call deass wrk_sslroot
|
||||
$ call deass wrk_sslinclude
|
||||
$!
|
||||
$ exit
|
||||
$!
|
||||
$ deass: subroutine
|
||||
$ if (f$trnlnm( p1, "LNM$PROCESS") .nes. "")
|
||||
$ then
|
||||
$ deassign /process 'p1'
|
||||
$ endif
|
||||
$ endsubroutine
|
||||
$!
|
|
@ -0,0 +1,476 @@
|
|||
$! MKSHARED.COM -- Create shareable images.
|
||||
$!
|
||||
$! P1: "64" for 64-bit pointers.
|
||||
$!
|
||||
$! P2: Zlib object library path (optional).
|
||||
$!
|
||||
$! Input: [.UTIL]LIBEAY.NUM,[.xxx.EXE.CRYPTO]SSL_LIBCRYPTO[32].OLB
|
||||
$! [.UTIL]SSLEAY.NUM,[.xxx.EXE.SSL]SSL_LIBSSL[32].OLB
|
||||
$! [.CRYPTO.xxx]OPENSSLCONF.H
|
||||
$! Output: [.xxx.EXE.CRYPTO]SSL_LIBCRYPTO_SHR[32].OPT,.MAP,.EXE
|
||||
$! [.xxx.EXE.SSL]SSL_LIBSSL_SRH[32].OPT,.MAP,.EXE
|
||||
$!
|
||||
$! So far, tests have only been made on VMS for Alpha. VAX will come in time.
|
||||
$! ===========================================================================
|
||||
$!
|
||||
$! Announce/identify.
|
||||
$!
|
||||
$ proc = f$environment( "procedure")
|
||||
$ write sys$output "@@@ "+ -
|
||||
f$parse( proc, , , "name")+ f$parse( proc, , , "type")
|
||||
$!
|
||||
$! Save the original default device:[directory].
|
||||
$!
|
||||
$ def_orig = f$environment( "default")
|
||||
$ on error then goto tidy
|
||||
$ on control_c then goto tidy
|
||||
$!
|
||||
$! SET DEFAULT to the main kit directory.
|
||||
$!
|
||||
$ proc = f$environment("procedure")
|
||||
$ proc = f$parse( "A.;", proc)- "A.;"
|
||||
$ set default 'proc'
|
||||
$ set default [-]
|
||||
$!
|
||||
$! ----- Prepare info for processing: version number and file info
|
||||
$ gosub read_version_info
|
||||
$ if libver .eqs. ""
|
||||
$ then
|
||||
$ write sys$error "ERROR: Couldn't find any library version info..."
|
||||
$ go to tidy:
|
||||
$ endif
|
||||
$
|
||||
$ if (f$getsyi("cpu") .lt. 128)
|
||||
$ then
|
||||
$ arch_vax = 1
|
||||
$ arch = "VAX"
|
||||
$ else
|
||||
$ arch_vax = 0
|
||||
$ arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
|
||||
$ if (arch .eqs. "") then arch = "UNK"
|
||||
$ endif
|
||||
$!
|
||||
$ archd = arch
|
||||
$ lib32 = "32"
|
||||
$ shr = "SHR32"
|
||||
$!
|
||||
$ if (p1 .nes. "")
|
||||
$ then
|
||||
$ if (p1 .eqs. "64")
|
||||
$ then
|
||||
$ archd = arch+ "_64"
|
||||
$ lib32 = ""
|
||||
$ shr = "SHR"
|
||||
$ else
|
||||
$ if (p1 .nes. "32")
|
||||
$ then
|
||||
$ write sys$output "Second argument invalid."
|
||||
$ write sys$output "It should be "32", "64", or nothing."
|
||||
$ exit
|
||||
$ endif
|
||||
$ endif
|
||||
$ endif
|
||||
$!
|
||||
$! ----- Prepare info for processing: disabled algorithms info
|
||||
$ gosub read_disabled_algorithms_info
|
||||
$!
|
||||
$ ZLIB = p2
|
||||
$ zlib_lib = ""
|
||||
$ if (ZLIB .nes. "")
|
||||
$ then
|
||||
$ file2 = f$parse( ZLIB, "libz.olb", , , "syntax_only")
|
||||
$ if (f$search( file2) .eqs. "")
|
||||
$ then
|
||||
$ write sys$output ""
|
||||
$ write sys$output "The Option ", ZLIB, " Is Invalid."
|
||||
$ write sys$output " Can't find library: ''file2'"
|
||||
$ write sys$output ""
|
||||
$ goto tidy
|
||||
$ endif
|
||||
$ zlib_lib = ", ''file2' /library"
|
||||
$ endif
|
||||
$!
|
||||
$ if (arch_vax)
|
||||
$ then
|
||||
$ libtit = "CRYPTO_TRANSFER_VECTOR"
|
||||
$ libid = "Crypto"
|
||||
$ libnum = "[.UTIL]LIBEAY.NUM"
|
||||
$ libdir = "[.''ARCHD'.EXE.CRYPTO]"
|
||||
$ libmar = "''libdir'SSL_LIBCRYPTO_''shr'.MAR"
|
||||
$ libolb = "''libdir'SSL_LIBCRYPTO''lib32'.OLB"
|
||||
$ libopt = "''libdir'SSL_LIBCRYPTO_''shr'.OPT"
|
||||
$ libobj = "''libdir'SSL_LIBCRYPTO_''shr'.OBJ"
|
||||
$ libmap = "''libdir'SSL_LIBCRYPTO_''shr'.MAP"
|
||||
$ libgoal= "''libdir'SSL_LIBCRYPTO_''shr'.EXE"
|
||||
$ libref = ""
|
||||
$ libvec = "LIBCRYPTO"
|
||||
$ if f$search( libolb) .nes. "" then gosub create_vax_shr
|
||||
$ libtit = "SSL_TRANSFER_VECTOR"
|
||||
$ libid = "SSL"
|
||||
$ libnum = "[.UTIL]SSLEAY.NUM"
|
||||
$ libdir = "[.''ARCHD'.EXE.SSL]"
|
||||
$ libmar = "''libdir'SSL_LIBSSL_''shr'.MAR"
|
||||
$ libolb = "''libdir'SSL_LIBSSL''lib32'.OLB"
|
||||
$ libopt = "''libdir'SSL_LIBSSL_''shr'.OPT"
|
||||
$ libobj = "''libdir'SSL_LIBSSL_''shr'.OBJ"
|
||||
$ libmap = "''libdir'SSL_LIBSSL_''shr'.MAP"
|
||||
$ libgoal= "''libdir'SSL_LIBSSL_''shr'.EXE"
|
||||
$ libref = "[.''ARCHD'.EXE.CRYPTO]SSL_LIBCRYPTO_''shr'.EXE"
|
||||
$ libvec = "LIBSSL"
|
||||
$ if f$search( libolb) .nes. "" then gosub create_vax_shr
|
||||
$ else
|
||||
$ libid = "Crypto"
|
||||
$ libnum = "[.UTIL]LIBEAY.NUM"
|
||||
$ libdir = "[.''ARCHD'.EXE.CRYPTO]"
|
||||
$ libolb = "''libdir'SSL_LIBCRYPTO''lib32'.OLB"
|
||||
$ libopt = "''libdir'SSL_LIBCRYPTO_''shr'.OPT"
|
||||
$ libmap = "''libdir'SSL_LIBCRYPTO_''shr'.MAP"
|
||||
$ libgoal= "''libdir'SSL_LIBCRYPTO_''shr'.EXE"
|
||||
$ libref = ""
|
||||
$ if f$search( libolb) .nes. "" then gosub create_nonvax_shr
|
||||
$ libid = "SSL"
|
||||
$ libnum = "[.UTIL]SSLEAY.NUM"
|
||||
$ libdir = "[.''ARCHD'.EXE.SSL]"
|
||||
$ libolb = "''libdir'SSL_LIBSSL''lib32'.OLB"
|
||||
$ libopt = "''libdir'SSL_LIBSSL_''shr'.OPT"
|
||||
$ libmap = "''libdir'SSL_LIBSSL_''shr'.MAP"
|
||||
$ libgoal= "''libdir'SSL_LIBSSL_''shr'.EXE"
|
||||
$ libref = "[.''ARCHD'.EXE.CRYPTO]SSL_LIBCRYPTO_''shr'.EXE"
|
||||
$ if f$search( libolb) .nes. "" then gosub create_nonvax_shr
|
||||
$ endif
|
||||
$!
|
||||
$ tidy:
|
||||
$!
|
||||
$! Close any open files.
|
||||
$!
|
||||
$ if (f$trnlnm( "libnum", "LNM$PROCESS", 0, "SUPERVISOR") .nes. "") then -
|
||||
close libnum
|
||||
$!
|
||||
$ if (f$trnlnm( "mar", "LNM$PROCESS", 0, "SUPERVISOR") .nes. "") then -
|
||||
close mar
|
||||
$!
|
||||
$ if (f$trnlnm( "opt", "LNM$PROCESS", 0, "SUPERVISOR") .nes. "") then -
|
||||
close opt
|
||||
$!
|
||||
$ if (f$trnlnm( "vf", "LNM$PROCESS", 0, "SUPERVISOR") .nes. "") then -
|
||||
close vf
|
||||
$!
|
||||
$! Restore the original default device:[directory].
|
||||
$!
|
||||
$ set default 'def_orig'
|
||||
$ exit
|
||||
$
|
||||
$! ----- Subroutines to build the shareable libraries
|
||||
$! For each supported architecture, there's a main shareable library
|
||||
$! creator, which is called from the main code above.
|
||||
$! The creator will define a number of variables to tell the next levels of
|
||||
$! subroutines what routines to use to write to the option files, call the
|
||||
$! main processor, read_func_num, and when that is done, it will write version
|
||||
$! data at the end of the .opt file, close it, and link the library.
|
||||
$!
|
||||
$! read_func_num reads through a .num file and calls the writer routine for
|
||||
$! each line. It's also responsible for checking that order is properly kept
|
||||
$! in the .num file, check that each line applies to VMS and the architecture,
|
||||
$! and to fill in "holes" with dummy entries.
|
||||
$!
|
||||
$! The creator routines depend on the following variables:
|
||||
$! libnum The name of the .num file to use as input
|
||||
$! libolb The name of the object library to build from
|
||||
$! libid The identification string of the shareable library
|
||||
$! libopt The name of the .opt file to write
|
||||
$! libtit The title of the assembler transfer vector file (VAX only)
|
||||
$! libmar The name of the assembler transfer vector file (VAX only)
|
||||
$! libmap The name of the map file to write
|
||||
$! libgoal The name of the shareable library to write
|
||||
$! libref The name of a shareable library to link in
|
||||
$!
|
||||
$! read_func_num depends on the following variables from the creator:
|
||||
$! libwriter The name of the writer routine to call for each .num file line
|
||||
$! -----
|
||||
$
|
||||
$! ----- Subroutines for non-VAX
|
||||
$! -----
|
||||
$! The creator routine
|
||||
$ create_nonvax_shr:
|
||||
$ open /write opt 'libopt'
|
||||
$ write opt "identification=""",libid," ",libverstr,""""
|
||||
$ write opt libolb, " /library"
|
||||
$ if libref .nes. "" then write opt libref,"/SHARE"
|
||||
$ write opt "SYMBOL_VECTOR=(-"
|
||||
$ libfirstentry := true
|
||||
$ libwrch := opt
|
||||
$ libwriter := write_nonvax_transfer_entry
|
||||
$ textcount = 0
|
||||
$ gosub read_func_num
|
||||
$ write opt ")"
|
||||
$ write opt "GSMATCH=",libvmatch,",",libver
|
||||
$ close opt
|
||||
$ link /map = 'libmap' /full /share = 'libgoal' 'libopt' /options -
|
||||
'zlib_lib'
|
||||
$ return
|
||||
$
|
||||
$! The record writer routine
|
||||
$ write_nonvax_transfer_entry:
|
||||
$ if libentry .eqs. ".dummy" then return
|
||||
$ if info_kind .eqs. "VARIABLE"
|
||||
$ then
|
||||
$ pr:=DATA
|
||||
$ else
|
||||
$ pr:=PROCEDURE
|
||||
$ endif
|
||||
$ textcount_this = f$length(pr) + f$length(libentry) + 5
|
||||
$ if textcount + textcount_this .gt. 1024
|
||||
$ then
|
||||
$ write opt ")"
|
||||
$ write opt "SYMBOL_VECTOR=(-"
|
||||
$ textcount = 16
|
||||
$ libfirstentry := true
|
||||
$ endif
|
||||
$ if libfirstentry
|
||||
$ then
|
||||
$ write 'libwrch' " ",libentry,"=",pr," -"
|
||||
$ else
|
||||
$ write 'libwrch' " ,",libentry,"=",pr," -"
|
||||
$ endif
|
||||
$ libfirstentry := false
|
||||
$ textcount = textcount + textcount_this
|
||||
$ return
|
||||
$
|
||||
$! ----- Subroutines for VAX
|
||||
$! -----
|
||||
$! The creator routine
|
||||
$ create_vax_shr:
|
||||
$ open /write mar 'libmar'
|
||||
$ type sys$input:/out=mar:
|
||||
;
|
||||
; Transfer vector for VAX shareable image
|
||||
;
|
||||
$ write mar " .TITLE ",libtit
|
||||
$ write mar " .IDENT /",libid,"/"
|
||||
$ type sys$input:/out=mar:
|
||||
;
|
||||
; Define macro to assist in building transfer vector entries. Each entry
|
||||
; should take no more than 8 bytes.
|
||||
;
|
||||
.MACRO FTRANSFER_ENTRY routine
|
||||
.ALIGN QUAD
|
||||
.TRANSFER routine
|
||||
.MASK routine
|
||||
JMP routine+2
|
||||
.ENDM FTRANSFER_ENTRY
|
||||
;
|
||||
; Place entries in own program section.
|
||||
;
|
||||
$ write mar " .PSECT $$",libvec,",QUAD,PIC,USR,CON,REL,LCL,SHR,EXE,RD,NOWRT"
|
||||
$ write mar libvec,"_xfer:"
|
||||
$ libwrch := mar
|
||||
$ libwriter := write_vax_ftransfer_entry
|
||||
$ gosub read_func_num
|
||||
$ type sys$input:/out=mar:
|
||||
;
|
||||
; Allocate extra storage at end of vector to allow for expansion.
|
||||
;
|
||||
$ write mar " .BLKB 32768-<.-",libvec,"_xfer> ; 64 pages total."
|
||||
$! libwriter := write_vax_vtransfer_entry
|
||||
$! gosub read_func_num
|
||||
$ write mar " .END"
|
||||
$ close mar
|
||||
$ open /write opt 'libopt'
|
||||
$ write opt "identification=""",libid," ",libverstr,""""
|
||||
$ write opt libobj
|
||||
$ write opt libolb, " /library"
|
||||
$ if libref .nes. "" then write opt libref,"/SHARE"
|
||||
$ type sys$input:/out=opt:
|
||||
!
|
||||
! Ensure transfer vector is at beginning of image
|
||||
!
|
||||
CLUSTER=FIRST
|
||||
$ write opt "COLLECT=FIRST,$$",libvec
|
||||
$ write opt "GSMATCH=",libvmatch,",",libver
|
||||
$ type sys$input:/out=opt:
|
||||
!
|
||||
! make psects nonshareable so image can be installed.
|
||||
!
|
||||
PSECT_ATTR=$CHAR_STRING_CONSTANTS,NOWRT
|
||||
$ libwrch := opt
|
||||
$ libwriter := write_vax_psect_attr
|
||||
$ gosub read_func_num
|
||||
$ close opt
|
||||
$ macro/obj='libobj' 'libmar'
|
||||
$ link /map = 'libmap' /full /share = 'libgoal' 'libopt' /options -
|
||||
'zlib_lib'
|
||||
$ return
|
||||
$
|
||||
$! The record writer routine for VAX functions
|
||||
$ write_vax_ftransfer_entry:
|
||||
$ if info_kind .nes. "FUNCTION" then return
|
||||
$ if libentry .eqs ".dummy"
|
||||
$ then
|
||||
$ write 'libwrch' " .BLKB 8" ! Dummy is zeroes...
|
||||
$ else
|
||||
$ write 'libwrch' " FTRANSFER_ENTRY ",libentry
|
||||
$ endif
|
||||
$ return
|
||||
$! The record writer routine for VAX variables (should never happen!)
|
||||
$ write_vax_psect_attr:
|
||||
$ if info_kind .nes. "VARIABLE" then return
|
||||
$ if libentry .eqs ".dummy" then return
|
||||
$ write 'libwrch' "PSECT_ATTR=",libentry,",NOSHR"
|
||||
$ return
|
||||
$
|
||||
$! ----- Common subroutines
|
||||
$! -----
|
||||
$! The .num file reader. This one has great responsibility.
|
||||
$ read_func_num:
|
||||
$ open /read libnum 'libnum'
|
||||
$ goto read_nums
|
||||
$
|
||||
$ read_nums:
|
||||
$ libentrynum=0
|
||||
$ liblastentry:=false
|
||||
$ entrycount=0
|
||||
$ loop:
|
||||
$ read /end=loop_end /err=loop_end libnum line
|
||||
$ lin = f$edit( line, "COMPRESS,TRIM")
|
||||
$! Skip a "#" comment line.
|
||||
$ if (f$extract( 0, 1, lin) .eqs. "#") then goto loop
|
||||
$ entrynum = f$int(f$element( 1, " ", lin))
|
||||
$ entryinfo = f$element( 2, " ", lin)
|
||||
$ curentry = f$element( 0, " ", lin)
|
||||
$ info_exist = f$element( 0, ":", entryinfo)
|
||||
$ info_platforms = ","+ f$element(1, ":", entryinfo)+ ","
|
||||
$ info_kind = f$element( 2, ":", entryinfo)
|
||||
$ info_algorithms = ","+ f$element( 3, ":", entryinfo)+ ","
|
||||
$ if info_exist .eqs. "NOEXIST" then goto loop
|
||||
$ truesum = 0
|
||||
$ falsesum = 0
|
||||
$ negatives = 1
|
||||
$ plat_i = 0
|
||||
$ loop1:
|
||||
$ plat_entry = f$element( plat_i, ",", info_platforms)
|
||||
$ plat_i = plat_i + 1
|
||||
$ if plat_entry .eqs. "" then goto loop1
|
||||
$ if plat_entry .nes. ","
|
||||
$ then
|
||||
$ if f$extract(0,1,plat_entry) .nes. "!" then negatives = 0
|
||||
$ if (arch_vax)
|
||||
$ then
|
||||
$ if plat_entry .eqs. "EXPORT_VAR_AS_FUNCTION" then -
|
||||
$ truesum = truesum + 1
|
||||
$ if plat_entry .eqs. "!EXPORT_VAR_AS_FUNCTION" then -
|
||||
$ falsesum = falsesum + 1
|
||||
$ endif
|
||||
$!
|
||||
$ if ((plat_entry .eqs. "VMS") .or. -
|
||||
((plat_entry .eqs. "ZLIB") .and. (ZLIB .nes. "")) .or. -
|
||||
(arch_vax .and. (plat_entry .eqs. "VMSVAX"))) then -
|
||||
truesum = truesum + 1
|
||||
$!
|
||||
$ if ((plat_entry .eqs. "!VMS") .or. -
|
||||
(arch_vax .and. (plat_entry .eqs. "!VMSVAX"))) then -
|
||||
falsesum = falsesum + 1
|
||||
$!
|
||||
$ goto loop1
|
||||
$ endif
|
||||
$ endloop1:
|
||||
$!DEBUG!$ if info_platforms - "EXPORT_VAR_AS_FUNCTION" .nes. info_platforms
|
||||
$!DEBUG!$ then
|
||||
$!DEBUG!$ write sys$output line
|
||||
$!DEBUG!$ write sys$output " truesum = ",truesum,-
|
||||
$!DEBUG! ", negatives = ",negatives,", falsesum = ",falsesum
|
||||
$!DEBUG!$ endif
|
||||
$ if falsesum .ne. 0 then goto loop
|
||||
$ if truesum+negatives .eq. 0 then goto loop
|
||||
$ alg_i = 0
|
||||
$ loop2:
|
||||
$ alg_entry = f$element(alg_i,",",info_algorithms)
|
||||
$ alg_i = alg_i + 1
|
||||
$ if alg_entry .eqs. "" then goto loop2
|
||||
$ if alg_entry .nes. ","
|
||||
$ then
|
||||
$ if disabled_algorithms - ("," + alg_entry + ",") .nes disabled_algorithms then goto loop
|
||||
$ if f$trnlnm("OPENSSL_NO_"+alg_entry) .nes. "" then goto loop
|
||||
$ goto loop2
|
||||
$ endif
|
||||
$ endloop2:
|
||||
$ if info_platforms - "EXPORT_VAR_AS_FUNCTION" .nes. info_platforms
|
||||
$ then
|
||||
$!DEBUG!$ write sys$output curentry," ; ",entrynum," ; ",entryinfo
|
||||
$ endif
|
||||
$ redo:
|
||||
$ next:=loop
|
||||
$ tolibentry=curentry
|
||||
$ if libentrynum .ne. entrynum
|
||||
$ then
|
||||
$ entrycount=entrycount+1
|
||||
$ if entrycount .lt. entrynum
|
||||
$ then
|
||||
$!DEBUG!$ write sys$output "Info: entrycount: ''entrycount', entrynum: ''entrynum' => 0"
|
||||
$ tolibentry=".dummy"
|
||||
$ next:=redo
|
||||
$ endif
|
||||
$ if entrycount .gt. entrynum
|
||||
$ then
|
||||
$ write sys$error "Decreasing library entry numbers! Can't continue"
|
||||
$ write sys$error """",line,""""
|
||||
$ close libnum
|
||||
$ return
|
||||
$ endif
|
||||
$ libentry=tolibentry
|
||||
$!DEBUG!$ write sys$output entrycount," ",libentry," ",entryinfo
|
||||
$ if libentry .nes. "" .and. libwriter .nes. "" then gosub 'libwriter'
|
||||
$ else
|
||||
$ write sys$error "Info: ""''curentry'"" is an alias for ""''libentry'"". Overriding..."
|
||||
$ endif
|
||||
$ libentrynum=entrycount
|
||||
$ goto 'next'
|
||||
$ loop_end:
|
||||
$ close libnum
|
||||
$ return
|
||||
$
|
||||
$! The version number reader
|
||||
$ read_version_info:
|
||||
$ libver = ""
|
||||
$ open /read vf [.CRYPTO]OPENSSLV.H
|
||||
$ loop_rvi:
|
||||
$ read/err=endloop_rvi/end=endloop_rvi vf rvi_line
|
||||
$ if rvi_line - "SHLIB_VERSION_NUMBER """ .eqs. rvi_line then -
|
||||
goto loop_rvi
|
||||
$ libverstr = f$element(1,"""",rvi_line)
|
||||
$ libvmajor = f$element(0,".",libverstr)
|
||||
$ libvminor = f$element(1,".",libverstr)
|
||||
$ libvedit = f$element(2,".",libverstr)
|
||||
$ libvpatch = f$cvui(0,8,f$extract(1,1,libvedit)+"@")-f$cvui(0,8,"@")
|
||||
$ libvedit = f$extract(0,1,libvedit)
|
||||
$ libver = f$string(f$int(libvmajor)*100)+","+-
|
||||
f$string(f$int(libvminor)*100+f$int(libvedit)*10+f$int(libvpatch))
|
||||
$ if libvmajor .eqs. "0"
|
||||
$ then
|
||||
$ libvmatch = "EQUAL"
|
||||
$ else
|
||||
$ ! Starting with the 1.0 release, backward compatibility should be
|
||||
$ ! kept, so switch over to the following
|
||||
$ libvmatch = "LEQUAL"
|
||||
$ endif
|
||||
$ endloop_rvi:
|
||||
$ close vf
|
||||
$ return
|
||||
$
|
||||
$! The disabled algorithms reader
|
||||
$ read_disabled_algorithms_info:
|
||||
$ disabled_algorithms = ","
|
||||
$ open /read cf [.CRYPTO.'ARCH']OPENSSLCONF.H
|
||||
$ loop_rci:
|
||||
$ read/err=endloop_rci/end=endloop_rci cf rci_line
|
||||
$ rci_line = f$edit(rci_line,"TRIM,COMPRESS")
|
||||
$ rci_ei = 0
|
||||
$ if f$extract(0,9,rci_line) .eqs. "# define " then rci_ei = 2
|
||||
$ if f$extract(0,8,rci_line) .eqs. "#define " then rci_ei = 1
|
||||
$ if rci_ei .eq. 0 then goto loop_rci
|
||||
$ rci_e = f$element(rci_ei," ",rci_line)
|
||||
$ if f$extract(0,11,rci_e) .nes. "OPENSSL_NO_" then goto loop_rci
|
||||
$ disabled_algorithms = disabled_algorithms + f$extract(11,999,rci_e) + ","
|
||||
$ goto loop_rci
|
||||
$ endloop_rci:
|
||||
$ close cf
|
||||
$ return
|
|
@ -0,0 +1 @@
|
|||
multinet:multinet_socket_library.exe/share
|
|
@ -0,0 +1,108 @@
|
|||
$!
|
||||
$! Startup file for OpenSSL 1.x.
|
||||
$!
|
||||
$! 2011-03-05 SMS.
|
||||
$!
|
||||
$! This procedure must reside in the OpenSSL installation directory.
|
||||
$! It will fail if it is copied to a different location.
|
||||
$!
|
||||
$! P1 qualifier(s) for DEFINE. For example, "/SYSTEM" to get the
|
||||
$! logical names defined in the system logical name table.
|
||||
$!
|
||||
$! P2 "64", to use executables which were built with 64-bit pointers.
|
||||
$!
|
||||
$! Good (default) and bad status values.
|
||||
$!
|
||||
$ status = %x00010001 ! RMS$_NORMAL, normal successful completion.
|
||||
$ rms_e_fnf = %x00018292 ! RMS$_FNF, file not found.
|
||||
$!
|
||||
$! Prepare for problems.
|
||||
$!
|
||||
$ orig_dev_dir = f$environment( "DEFAULT")
|
||||
$ on control_y then goto clean_up
|
||||
$ on error then goto clean_up
|
||||
$!
|
||||
$! Determine hardware architecture.
|
||||
$!
|
||||
$ if (f$getsyi( "cpu") .lt. 128)
|
||||
$ then
|
||||
$ arch_name = "VAX"
|
||||
$ else
|
||||
$ arch_name = f$edit( f$getsyi( "arch_name"), "upcase")
|
||||
$ if (arch_name .eqs. "") then arch_name = "UNK"
|
||||
$ endif
|
||||
$!
|
||||
$ if (p2 .eqs. "64")
|
||||
$ then
|
||||
$ arch_name_exe = arch_name+ "_64"
|
||||
$ else
|
||||
$ arch_name_exe = arch_name
|
||||
$ endif
|
||||
$!
|
||||
$! Derive the OpenSSL installation device:[directory] from the location
|
||||
$! of this command procedure.
|
||||
$!
|
||||
$ proc = f$environment( "procedure")
|
||||
$ proc_dev_dir = f$parse( "A.;", proc, , , "no_conceal") - "A.;"
|
||||
$ proc_dev = f$parse( proc_dev_dir, , , "device", "syntax_only")
|
||||
$ proc_dir = f$parse( proc_dev_dir, , , "directory", "syntax_only") - -
|
||||
".][000000"- "[000000."- "]["- "["- "]"
|
||||
$ proc_dev_dir = proc_dev+ "["+ proc_dir+ "]"
|
||||
$ set default 'proc_dev_dir'
|
||||
$ set default [-]
|
||||
$ ossl_dev_dir = f$environment( "default")
|
||||
$!
|
||||
$! Check existence of expected directories (to see if this procedure has
|
||||
$! been moved away from its proper place).
|
||||
$!
|
||||
$ if ((f$search( "certs.dir;1") .eqs. "") .or. -
|
||||
(f$search( "include.dir;1") .eqs. "") .or. -
|
||||
(f$search( "private.dir;1") .eqs. "") .or. -
|
||||
(f$search( "vms.dir;1") .eqs. ""))
|
||||
$ then
|
||||
$ write sys$output -
|
||||
" Can't find expected common OpenSSL directories in:"
|
||||
$ write sys$output " ''ossl_dev_dir'"
|
||||
$ status = rms_e_fnf
|
||||
$ goto clean_up
|
||||
$ endif
|
||||
$!
|
||||
$ if ((f$search( "''arch_name_exe'_exe.dir;1") .eqs. "") .or. -
|
||||
(f$search( "''arch_name'_lib.dir;1") .eqs. ""))
|
||||
$ then
|
||||
$ write sys$output -
|
||||
" Can't find expected architecture-specific OpenSSL directories in:"
|
||||
$ write sys$output " ''ossl_dev_dir'"
|
||||
$ status = rms_e_fnf
|
||||
$ goto clean_up
|
||||
$ endif
|
||||
$!
|
||||
$! All seems well (enough). Define the OpenSSL logical names.
|
||||
$!
|
||||
$ ossl_root = ossl_dev_dir- "]"+ ".]"
|
||||
$ define /translation_attributes = concealed /nolog'p1 SSLROOT 'ossl_root'
|
||||
$ define /nolog 'p1' SSLCERTS sslroot:[certs]
|
||||
$ define /nolog 'p1' SSLINCLUDE sslroot:[include]
|
||||
$ define /nolog 'p1' SSLPRIVATE sslroot:[private]
|
||||
$ define /nolog 'p1' SSLEXE sslroot:['arch_name_exe'_exe]
|
||||
$ define /nolog 'p1' SSLLIB sslroot:['arch_name'_lib]
|
||||
$!
|
||||
$! Defining OPENSSL lets a C program use "#include <openssl/{foo}.h>":
|
||||
$ define /nolog 'p1' OPENSSL SSLINCLUDE:
|
||||
$!
|
||||
$! Run a site-specific procedure, if it exists.
|
||||
$!
|
||||
$ if f$search( "sslroot:[vms]openssl_systartup.com") .nes."" then -
|
||||
@ sslroot:[vms]openssl_systartup.com
|
||||
$!
|
||||
$! Restore the original default dev:[dir] (if known).
|
||||
$!
|
||||
$ clean_up:
|
||||
$!
|
||||
$ if (f$type( orig_dev_dir) .nes. "")
|
||||
$ then
|
||||
$ set default 'orig_dev_dir'
|
||||
$ endif
|
||||
$!
|
||||
$ EXIT 'status'
|
||||
$!
|
|
@ -0,0 +1,20 @@
|
|||
$!
|
||||
$! Deassign OpenSSL logical names.
|
||||
$!
|
||||
$ call deass "OPENSSL" "''p1'"
|
||||
$ call deass "SSLCERTS" "''p1'"
|
||||
$ call deass "SSLEXE" "''p1'"
|
||||
$ call deass "SSLINCLUDE" "''p1'"
|
||||
$ call deass "SSLLIB" "''p1'"
|
||||
$ call deass "SSLPRIVATE" "''p1'"
|
||||
$ call deass "SSLROOT" "''p1'"
|
||||
$!
|
||||
$ exit
|
||||
$!
|
||||
$deass: subroutine
|
||||
$ if (f$trnlnm( p1) .nes. "")
|
||||
$ then
|
||||
$ deassign 'p2' 'p1'
|
||||
$ endif
|
||||
$ endsubroutine
|
||||
$!
|
|
@ -0,0 +1,46 @@
|
|||
$!
|
||||
$! APPS.COM
|
||||
$! Written By: Robert Byer
|
||||
$! Vice-President
|
||||
$! A-Com Computing, Inc.
|
||||
$! byer@mail.all-net.net
|
||||
$!
|
||||
$!
|
||||
$! Slightly modified by Richard Levitte <richard@levitte.org>
|
||||
$!
|
||||
$!
|
||||
$! Always define OPENSSL. Others are optional (non-null P1).
|
||||
$!
|
||||
$ OPENSSL :== $SSLEXE:OPENSSL
|
||||
$
|
||||
$ IF (P1 .NES. "")
|
||||
$ THEN
|
||||
$ VERIFY :== $SSLEXE:OPENSSL VERIFY
|
||||
$ ASN1PARSE:== $SSLEXE:OPENSSL ASN1PARS
|
||||
$! REQ could conflict with REQUEST.
|
||||
$ OREQ :== $SSLEXE:OPENSSL REQ
|
||||
$ DGST :== $SSLEXE:OPENSSL DGST
|
||||
$ DH :== $SSLEXE:OPENSSL DH
|
||||
$ ENC :== $SSLEXE:OPENSSL ENC
|
||||
$ GENDH :== $SSLEXE:OPENSSL GENDH
|
||||
$ ERRSTR :== $SSLEXE:OPENSSL ERRSTR
|
||||
$ CA :== $SSLEXE:OPENSSL CA
|
||||
$ CRL :== $SSLEXE:OPENSSL CRL
|
||||
$ RSA :== $SSLEXE:OPENSSL RSA
|
||||
$ DSA :== $SSLEXE:OPENSSL DSA
|
||||
$ DSAPARAM :== $SSLEXE:OPENSSL DSAPARAM
|
||||
$ X509 :== $SSLEXE:OPENSSL X509
|
||||
$ GENRSA :== $SSLEXE:OPENSSL GENRSA
|
||||
$ GENDSA :== $SSLEXE:OPENSSL GENDSA
|
||||
$ S_SERVER :== $SSLEXE:OPENSSL S_SERVER
|
||||
$ S_CLIENT :== $SSLEXE:OPENSSL S_CLIENT
|
||||
$ SPEED :== $SSLEXE:OPENSSL SPEED
|
||||
$ S_TIME :== $SSLEXE:OPENSSL S_TIME
|
||||
$ VERSION :== $SSLEXE:OPENSSL VERSION
|
||||
$ PKCS7 :== $SSLEXE:OPENSSL PKCS7
|
||||
$ CRL2PKCS7:== $SSLEXE:OPENSSL CRL2P7
|
||||
$ SESS_ID :== $SSLEXE:OPENSSL SESS_ID
|
||||
$ CIPHERS :== $SSLEXE:OPENSSL CIPHERS
|
||||
$ NSEQ :== $SSLEXE:OPENSSL NSEQ
|
||||
$ PKCS12 :== $SSLEXE:OPENSSL PKCS12
|
||||
$ ENDIF
|
|
@ -0,0 +1 @@
|
|||
socketshr/share
|
|
@ -0,0 +1 @@
|
|||
sys$share:tcpip$ipc_shr.exe/share
|
|
@ -0,0 +1,28 @@
|
|||
$! Quick script to check how well including individual header files works
|
||||
$! on VMS, even when the VMS macro isn't defined.
|
||||
$
|
||||
$ sav_def = f$env("DEFAULT")
|
||||
$ here = f$parse("A.;0",f$ENV("PROCEDURE")) - "A.;0"
|
||||
$ set default 'here'
|
||||
$ set default [-.include.openssl]
|
||||
$ define openssl 'f$env("DEFAULT")'
|
||||
$ set default [--]
|
||||
$
|
||||
$ loop:
|
||||
$ f = f$search("openssl:*.h")
|
||||
$ if f .eqs. "" then goto loop_end
|
||||
$ write sys$output "Checking ",f
|
||||
$ open/write foo foo.c
|
||||
$ write foo "#undef VMS"
|
||||
$ write foo "#include <stdio.h>"
|
||||
$ write foo "#include <openssl/",f$parse(f,,,"NAME"),".h>"
|
||||
$ write foo "main()"
|
||||
$ write foo "{printf(""foo\n"");}"
|
||||
$ close foo
|
||||
$ cc/STANDARD=ANSI89/NOLIST/PREFIX=ALL foo.c
|
||||
$ delete foo.c;
|
||||
$ goto loop
|
||||
$ loop_end:
|
||||
$ set default 'save_def'
|
||||
$ exit
|
||||
|
|
@ -0,0 +1 @@
|
|||
sys$share:ucx$ipc_shr.exe/share
|
|
@ -0,0 +1 @@
|
|||
ucx$ipc_shr/share
|
|
@ -0,0 +1 @@
|
|||
sys$library:ucx$ipc.olb/library
|
|
@ -0,0 +1,236 @@
|
|||
$! CA - wrapper around ca to make it easier to use ... basically ca requires
|
||||
$! some setup stuff to be done before you can use it and this makes
|
||||
$! things easier between now and when Eric is convinced to fix it :-)
|
||||
$!
|
||||
$! CA -newca ... will setup the right stuff
|
||||
$! CA -newreq ... will generate a certificate request
|
||||
$! CA -sign ... will sign the generated request and output
|
||||
$!
|
||||
$! At the end of that grab newreq.pem and newcert.pem (one has the key
|
||||
$! and the other the certificate) and cat them together and that is what
|
||||
$! you want/need ... I'll make even this a little cleaner later.
|
||||
$!
|
||||
$!
|
||||
$! 12-Jan-96 tjh Added more things ... including CA -signcert which
|
||||
$! converts a certificate to a request and then signs it.
|
||||
$! 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG
|
||||
$! environment variable so this can be driven from
|
||||
$! a script.
|
||||
$! 25-Jul-96 eay Cleaned up filenames some more.
|
||||
$! 11-Jun-96 eay Fixed a few filename missmatches.
|
||||
$! 03-May-96 eay Modified to use 'openssl cmd' instead of 'cmd'.
|
||||
$! 18-Apr-96 tjh Original hacking
|
||||
$!
|
||||
$! Tim Hudson
|
||||
$! tjh@cryptsoft.com
|
||||
$!
|
||||
$!
|
||||
$! default ssleay.cnf file has setup as per the following
|
||||
$! demoCA ... where everything is stored
|
||||
$
|
||||
$ IF F$TYPE(SSLEAY_CONFIG) .EQS. "" THEN SSLEAY_CONFIG := SSLLIB:SSLEAY.CNF
|
||||
$
|
||||
$ DAYS = "-days 365"
|
||||
$ REQ = openssl + " req " + SSLEAY_CONFIG
|
||||
$ CA = openssl + " ca " + SSLEAY_CONFIG
|
||||
$ VERIFY = openssl + " verify"
|
||||
$ X509 = openssl + " x509"
|
||||
$ PKCS12 = openssl + " pkcs12"
|
||||
$ echo = "write sys$Output"
|
||||
$ RET = 1
|
||||
$!
|
||||
$! 2010-12-20 SMS.
|
||||
$! Use a concealed logical name to reduce command line lengths, to
|
||||
$! avoid DCL errors on VAX:
|
||||
$! %DCL-W-TKNOVF, command element is too long - shorten
|
||||
$! (Path segments like "openssl-1_0_1-stable-SNAP-20101217" accumulate
|
||||
$! quickly.)
|
||||
$!
|
||||
$ CATOP = F$PARSE( F$ENVIRONMENT( "DEFAULT"), "[]")- "].;"+ ".demoCA.]"
|
||||
$ define /translation_attributes = concealed CATOP 'CATOP'
|
||||
$!
|
||||
$ on error then goto clean_up
|
||||
$ on control_y then goto clean_up
|
||||
$!
|
||||
$ CAKEY = "CATOP:[private]cakey.pem"
|
||||
$ CACERT = "CATOP:[000000]cacert.pem"
|
||||
$
|
||||
$ __INPUT := SYS$COMMAND
|
||||
$!
|
||||
$ i = 1
|
||||
$opt_loop:
|
||||
$ if i .gt. 8 then goto opt_loop_end
|
||||
$
|
||||
$ prog_opt = F$EDIT(P'i',"lowercase")
|
||||
$
|
||||
$ IF (prog_opt .EQS. "?" .OR. prog_opt .EQS. "-h" .OR. prog_opt .EQS. "-help")
|
||||
$ THEN
|
||||
$ echo "usage: CA -newcert|-newreq|-newca|-sign|-verify"
|
||||
$ goto clean_up
|
||||
$ ENDIF
|
||||
$!
|
||||
$ IF (prog_opt .EQS. "-input")
|
||||
$ THEN
|
||||
$ ! Get input from somewhere other than SYS$COMMAND
|
||||
$ i = i + 1
|
||||
$ __INPUT = P'i'
|
||||
$ GOTO opt_loop_continue
|
||||
$ ENDIF
|
||||
$!
|
||||
$ IF (prog_opt .EQS. "-newcert")
|
||||
$ THEN
|
||||
$ ! Create a certificate.
|
||||
$ DEFINE /USER_MODE SYS$INPUT '__INPUT'
|
||||
$ REQ -new -x509 -keyout newreq.pem -out newreq.pem 'DAYS'
|
||||
$ RET=$STATUS
|
||||
$ echo "Certificate (and private key) is in newreq.pem"
|
||||
$ GOTO opt_loop_continue
|
||||
$ ENDIF
|
||||
$!
|
||||
$ IF (prog_opt .EQS. "-newreq")
|
||||
$ THEN
|
||||
$ ! Create a certificate request
|
||||
$ DEFINE /USER_MODE SYS$INPUT '__INPUT'
|
||||
$ REQ -new -keyout newreq.pem -out newreq.pem 'DAYS'
|
||||
$ RET=$STATUS
|
||||
$ echo "Request (and private key) is in newreq.pem"
|
||||
$ GOTO opt_loop_continue
|
||||
$ ENDIF
|
||||
$!
|
||||
$ IF (prog_opt .EQS. "-newca")
|
||||
$ THEN
|
||||
$ ! If explicitly asked for or it doesn't exist then setup the directory
|
||||
$ ! structure that Eric likes to manage things.
|
||||
$ IF F$SEARCH( "CATOP:[000000]serial.") .EQS. ""
|
||||
$ THEN
|
||||
$ CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[000000]
|
||||
$ CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[certs]
|
||||
$ CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[crl]
|
||||
$ CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[newcerts]
|
||||
$ CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[private]
|
||||
$
|
||||
$ OPEN /WRITE ser_file CATOP:[000000]serial.
|
||||
$ WRITE ser_file "01"
|
||||
$ CLOSE ser_file
|
||||
$ APPEND /NEW_VERSION NL: CATOP:[000000]index.txt
|
||||
$
|
||||
$ ! The following is to make sure access() doesn't get confused. It
|
||||
$ ! really needs one file in the directory to give correct answers...
|
||||
$ COPY NLA0: CATOP:[certs].;
|
||||
$ COPY NLA0: CATOP:[crl].;
|
||||
$ COPY NLA0: CATOP:[newcerts].;
|
||||
$ COPY NLA0: CATOP:[private].;
|
||||
$ ENDIF
|
||||
$!
|
||||
$ IF F$SEARCH( CAKEY) .EQS. ""
|
||||
$ THEN
|
||||
$ READ '__INPUT' FILE -
|
||||
/PROMPT="CA certificate filename (or enter to create): "
|
||||
$ IF (FILE .NES. "") .AND. (F$SEARCH(FILE) .NES. "")
|
||||
$ THEN
|
||||
$ COPY 'FILE' 'CAKEY'
|
||||
$ RET=$STATUS
|
||||
$ ELSE
|
||||
$ echo "Making CA certificate ..."
|
||||
$ DEFINE /USER_MODE SYS$INPUT '__INPUT'
|
||||
$ REQ -new -x509 -keyout 'CAKEY' -out 'CACERT' 'DAYS'
|
||||
$ RET=$STATUS
|
||||
$ ENDIF
|
||||
$ ENDIF
|
||||
$ GOTO opt_loop_continue
|
||||
$ ENDIF
|
||||
$!
|
||||
$ IF (prog_opt .EQS. "-pkcs12")
|
||||
$ THEN
|
||||
$ i = i + 1
|
||||
$ cname = P'i'
|
||||
$ IF cname .EQS. "" THEN cname = "My certificate"
|
||||
$ PKCS12 -in newcert.pem -inkey newreq.pem -certfile 'CACERT' -
|
||||
-out newcert.p12 -export -name "''cname'"
|
||||
$ RET=$STATUS
|
||||
$ goto clean_up
|
||||
$ ENDIF
|
||||
$!
|
||||
$ IF (prog_opt .EQS. "-xsign")
|
||||
$ THEN
|
||||
$!
|
||||
$ DEFINE /USER_MODE SYS$INPUT '__INPUT'
|
||||
$ CA -policy policy_anything -infiles newreq.pem
|
||||
$ RET=$STATUS
|
||||
$ GOTO opt_loop_continue
|
||||
$ ENDIF
|
||||
$!
|
||||
$ IF ((prog_opt .EQS. "-sign") .OR. (prog_opt .EQS. "-signreq"))
|
||||
$ THEN
|
||||
$!
|
||||
$ DEFINE /USER_MODE SYS$INPUT '__INPUT'
|
||||
$ CA -policy policy_anything -out newcert.pem -infiles newreq.pem
|
||||
$ RET=$STATUS
|
||||
$ type newcert.pem
|
||||
$ echo "Signed certificate is in newcert.pem"
|
||||
$ GOTO opt_loop_continue
|
||||
$ ENDIF
|
||||
$!
|
||||
$ IF (prog_opt .EQS. "-signcert")
|
||||
$ THEN
|
||||
$!
|
||||
$ echo "Cert passphrase will be requested twice - bug?"
|
||||
$ DEFINE /USER_MODE SYS$INPUT '__INPUT'
|
||||
$ X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem
|
||||
$ DEFINE /USER_MODE SYS$INPUT '__INPUT'
|
||||
$ CA -policy policy_anything -out newcert.pem -infiles tmp.pem
|
||||
y
|
||||
y
|
||||
$ type newcert.pem
|
||||
$ echo "Signed certificate is in newcert.pem"
|
||||
$ GOTO opt_loop_continue
|
||||
$ ENDIF
|
||||
$!
|
||||
$ IF (prog_opt .EQS. "-verify")
|
||||
$ THEN
|
||||
$!
|
||||
$ i = i + 1
|
||||
$ IF (p'i' .EQS. "")
|
||||
$ THEN
|
||||
$ DEFINE /USER_MODE SYS$INPUT '__INPUT'
|
||||
$ VERIFY "-CAfile" 'CACERT' newcert.pem
|
||||
$ ELSE
|
||||
$ j = i
|
||||
$ verify_opt_loop:
|
||||
$ IF j .GT. 8 THEN GOTO verify_opt_loop_end
|
||||
$ IF p'j' .NES. ""
|
||||
$ THEN
|
||||
$ DEFINE /USER_MODE SYS$INPUT '__INPUT'
|
||||
$ __tmp = p'j'
|
||||
$ VERIFY "-CAfile" 'CACERT' '__tmp'
|
||||
$ tmp=$STATUS
|
||||
$ IF tmp .NE. 0 THEN RET=tmp
|
||||
$ ENDIF
|
||||
$ j = j + 1
|
||||
$ GOTO verify_opt_loop
|
||||
$ verify_opt_loop_end:
|
||||
$ ENDIF
|
||||
$
|
||||
$ GOTO opt_loop_end
|
||||
$ ENDIF
|
||||
$!
|
||||
$ IF (prog_opt .NES. "")
|
||||
$ THEN
|
||||
$!
|
||||
$ echo "Unknown argument ''prog_opt'"
|
||||
$ RET = 3
|
||||
$ goto clean_up
|
||||
$ ENDIF
|
||||
$
|
||||
$opt_loop_continue:
|
||||
$ i = i + 1
|
||||
$ GOTO opt_loop
|
||||
$
|
||||
$opt_loop_end:
|
||||
$!
|
||||
$clean_up:
|
||||
$!
|
||||
$ if f$trnlnm( "CATOP", "LNM$PROCESS") .nes. "" then -
|
||||
deassign /process CATOP
|
||||
$!
|
||||
$ EXIT 'RET'
|
|
@ -0,0 +1,188 @@
|
|||
#!/usr/local/bin/perl
|
||||
#
|
||||
# CA - wrapper around ca to make it easier to use ... basically ca requires
|
||||
# some setup stuff to be done before you can use it and this makes
|
||||
# things easier between now and when Eric is convinced to fix it :-)
|
||||
#
|
||||
# CA -newca ... will setup the right stuff
|
||||
# CA -newreq[-nodes] ... will generate a certificate request
|
||||
# CA -sign ... will sign the generated request and output
|
||||
#
|
||||
# At the end of that grab newreq.pem and newcert.pem (one has the key
|
||||
# and the other the certificate) and cat them together and that is what
|
||||
# you want/need ... I'll make even this a little cleaner later.
|
||||
#
|
||||
#
|
||||
# 12-Jan-96 tjh Added more things ... including CA -signcert which
|
||||
# converts a certificate to a request and then signs it.
|
||||
# 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG
|
||||
# environment variable so this can be driven from
|
||||
# a script.
|
||||
# 25-Jul-96 eay Cleaned up filenames some more.
|
||||
# 11-Jun-96 eay Fixed a few filename missmatches.
|
||||
# 03-May-96 eay Modified to use 'ssleay cmd' instead of 'cmd'.
|
||||
# 18-Apr-96 tjh Original hacking
|
||||
#
|
||||
# Tim Hudson
|
||||
# tjh@cryptsoft.com
|
||||
#
|
||||
|
||||
# 27-Apr-98 snh Translation into perl, fix existing CA bug.
|
||||
#
|
||||
#
|
||||
# Steve Henson
|
||||
# shenson@bigfoot.com
|
||||
|
||||
# default openssl.cnf file has setup as per the following
|
||||
# demoCA ... where everything is stored
|
||||
|
||||
my $openssl;
|
||||
if(defined $ENV{OPENSSL}) {
|
||||
$openssl = $ENV{OPENSSL};
|
||||
} else {
|
||||
$openssl = "openssl";
|
||||
$ENV{OPENSSL} = $openssl;
|
||||
}
|
||||
|
||||
$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
|
||||
$DAYS="-days 365"; # 1 year
|
||||
$CADAYS="-days 1095"; # 3 years
|
||||
$REQ="$openssl req $SSLEAY_CONFIG";
|
||||
$CA="$openssl ca $SSLEAY_CONFIG";
|
||||
$VERIFY="$openssl verify";
|
||||
$X509="$openssl x509";
|
||||
$PKCS12="$openssl pkcs12";
|
||||
|
||||
$CATOP="./demoCA";
|
||||
$CAKEY="cakey.pem";
|
||||
$CAREQ="careq.pem";
|
||||
$CACERT="cacert.pem";
|
||||
|
||||
$DIRMODE = 0777;
|
||||
|
||||
$RET = 0;
|
||||
|
||||
foreach (@ARGV) {
|
||||
if ( /^(-\?|-h|-help)$/ ) {
|
||||
print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-signcert|-verify\n";
|
||||
exit 0;
|
||||
} elsif (/^-newcert$/) {
|
||||
# create a certificate
|
||||
system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS");
|
||||
$RET=$?;
|
||||
print "Certificate is in newcert.pem, private key is in newkey.pem\n"
|
||||
} elsif (/^-newreq$/) {
|
||||
# create a certificate request
|
||||
system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS");
|
||||
$RET=$?;
|
||||
print "Request is in newreq.pem, private key is in newkey.pem\n";
|
||||
} elsif (/^-newreq-nodes$/) {
|
||||
# create a certificate request
|
||||
system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS");
|
||||
$RET=$?;
|
||||
print "Request is in newreq.pem, private key is in newkey.pem\n";
|
||||
} elsif (/^-newca$/) {
|
||||
# if explicitly asked for or it doesn't exist then setup the
|
||||
# directory structure that Eric likes to manage things
|
||||
$NEW="1";
|
||||
if ( "$NEW" || ! -f "${CATOP}/serial" ) {
|
||||
# create the directory hierarchy
|
||||
mkdir $CATOP, $DIRMODE;
|
||||
mkdir "${CATOP}/certs", $DIRMODE;
|
||||
mkdir "${CATOP}/crl", $DIRMODE ;
|
||||
mkdir "${CATOP}/newcerts", $DIRMODE;
|
||||
mkdir "${CATOP}/private", $DIRMODE;
|
||||
open OUT, ">${CATOP}/index.txt";
|
||||
close OUT;
|
||||
open OUT, ">${CATOP}/crlnumber";
|
||||
print OUT "01\n";
|
||||
close OUT;
|
||||
}
|
||||
if ( ! -f "${CATOP}/private/$CAKEY" ) {
|
||||
print "CA certificate filename (or enter to create)\n";
|
||||
$FILE = <STDIN>;
|
||||
|
||||
chop $FILE;
|
||||
|
||||
# ask user for existing CA certificate
|
||||
if ($FILE) {
|
||||
cp_pem($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
|
||||
cp_pem($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
|
||||
$RET=$?;
|
||||
} else {
|
||||
print "Making CA certificate ...\n";
|
||||
system ("$REQ -new -keyout " .
|
||||
"${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ");
|
||||
system ("$CA -create_serial " .
|
||||
"-out ${CATOP}/$CACERT $CADAYS -batch " .
|
||||
"-keyfile ${CATOP}/private/$CAKEY -selfsign " .
|
||||
"-extensions v3_ca " .
|
||||
"-infiles ${CATOP}/$CAREQ ");
|
||||
$RET=$?;
|
||||
}
|
||||
}
|
||||
} elsif (/^-pkcs12$/) {
|
||||
my $cname = $ARGV[1];
|
||||
$cname = "My Certificate" unless defined $cname;
|
||||
system ("$PKCS12 -in newcert.pem -inkey newkey.pem " .
|
||||
"-certfile ${CATOP}/$CACERT -out newcert.p12 " .
|
||||
"-export -name \"$cname\"");
|
||||
$RET=$?;
|
||||
print "PKCS #12 file is in newcert.p12\n";
|
||||
exit $RET;
|
||||
} elsif (/^-xsign$/) {
|
||||
system ("$CA -policy policy_anything -infiles newreq.pem");
|
||||
$RET=$?;
|
||||
} elsif (/^(-sign|-signreq)$/) {
|
||||
system ("$CA -policy policy_anything -out newcert.pem " .
|
||||
"-infiles newreq.pem");
|
||||
$RET=$?;
|
||||
print "Signed certificate is in newcert.pem\n";
|
||||
} elsif (/^(-signCA)$/) {
|
||||
system ("$CA -policy policy_anything -out newcert.pem " .
|
||||
"-extensions v3_ca -infiles newreq.pem");
|
||||
$RET=$?;
|
||||
print "Signed CA certificate is in newcert.pem\n";
|
||||
} elsif (/^-signcert$/) {
|
||||
system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " .
|
||||
"-out tmp.pem");
|
||||
system ("$CA -policy policy_anything -out newcert.pem " .
|
||||
"-infiles tmp.pem");
|
||||
$RET = $?;
|
||||
print "Signed certificate is in newcert.pem\n";
|
||||
} elsif (/^-verify$/) {
|
||||
if (shift) {
|
||||
foreach $j (@ARGV) {
|
||||
system ("$VERIFY -CAfile $CATOP/$CACERT $j");
|
||||
$RET=$? if ($? != 0);
|
||||
}
|
||||
exit $RET;
|
||||
} else {
|
||||
system ("$VERIFY -CAfile $CATOP/$CACERT newcert.pem");
|
||||
$RET=$?;
|
||||
exit 0;
|
||||
}
|
||||
} else {
|
||||
print STDERR "Unknown arg $_\n";
|
||||
print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
|
||||
exit 1;
|
||||
}
|
||||
}
|
||||
|
||||
exit $RET;
|
||||
|
||||
sub cp_pem {
|
||||
my ($infile, $outfile, $bound) = @_;
|
||||
open IN, $infile;
|
||||
open OUT, ">$outfile";
|
||||
my $flag = 0;
|
||||
while (<IN>) {
|
||||
$flag = 1 if (/^-----BEGIN.*$bound/) ;
|
||||
print OUT $_ if ($flag);
|
||||
if (/^-----END.*$bound/) {
|
||||
close IN;
|
||||
close OUT;
|
||||
return;
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,198 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# CA - wrapper around ca to make it easier to use ... basically ca requires
|
||||
# some setup stuff to be done before you can use it and this makes
|
||||
# things easier between now and when Eric is convinced to fix it :-)
|
||||
#
|
||||
# CA -newca ... will setup the right stuff
|
||||
# CA -newreq ... will generate a certificate request
|
||||
# CA -sign ... will sign the generated request and output
|
||||
#
|
||||
# At the end of that grab newreq.pem and newcert.pem (one has the key
|
||||
# and the other the certificate) and cat them together and that is what
|
||||
# you want/need ... I'll make even this a little cleaner later.
|
||||
#
|
||||
#
|
||||
# 12-Jan-96 tjh Added more things ... including CA -signcert which
|
||||
# converts a certificate to a request and then signs it.
|
||||
# 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG
|
||||
# environment variable so this can be driven from
|
||||
# a script.
|
||||
# 25-Jul-96 eay Cleaned up filenames some more.
|
||||
# 11-Jun-96 eay Fixed a few filename missmatches.
|
||||
# 03-May-96 eay Modified to use 'ssleay cmd' instead of 'cmd'.
|
||||
# 18-Apr-96 tjh Original hacking
|
||||
#
|
||||
# Tim Hudson
|
||||
# tjh@cryptsoft.com
|
||||
#
|
||||
|
||||
# default openssl.cnf file has setup as per the following
|
||||
# demoCA ... where everything is stored
|
||||
cp_pem() {
|
||||
infile=$1
|
||||
outfile=$2
|
||||
bound=$3
|
||||
flag=0
|
||||
exec <$infile;
|
||||
while read line; do
|
||||
if [ $flag -eq 1 ]; then
|
||||
echo $line|grep "^-----END.*$bound" 2>/dev/null 1>/dev/null
|
||||
if [ $? -eq 0 ] ; then
|
||||
echo $line >>$outfile
|
||||
break
|
||||
else
|
||||
echo $line >>$outfile
|
||||
fi
|
||||
fi
|
||||
|
||||
echo $line|grep "^-----BEGIN.*$bound" 2>/dev/null 1>/dev/null
|
||||
if [ $? -eq 0 ]; then
|
||||
echo $line >$outfile
|
||||
flag=1
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
usage() {
|
||||
echo "usage: $0 -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify" >&2
|
||||
}
|
||||
|
||||
if [ -z "$OPENSSL" ]; then OPENSSL=openssl; fi
|
||||
|
||||
if [ -z "$DAYS" ] ; then DAYS="-days 365" ; fi # 1 year
|
||||
CADAYS="-days 1095" # 3 years
|
||||
REQ="$OPENSSL req $SSLEAY_CONFIG"
|
||||
CA="$OPENSSL ca $SSLEAY_CONFIG"
|
||||
VERIFY="$OPENSSL verify"
|
||||
X509="$OPENSSL x509"
|
||||
PKCS12="openssl pkcs12"
|
||||
|
||||
if [ -z "$CATOP" ] ; then CATOP=./demoCA ; fi
|
||||
CAKEY=./cakey.pem
|
||||
CAREQ=./careq.pem
|
||||
CACERT=./cacert.pem
|
||||
|
||||
RET=0
|
||||
|
||||
while [ "$1" != "" ] ; do
|
||||
case $1 in
|
||||
-\?|-h|-help)
|
||||
usage
|
||||
exit 0
|
||||
;;
|
||||
-newcert)
|
||||
# create a certificate
|
||||
$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS
|
||||
RET=$?
|
||||
echo "Certificate is in newcert.pem, private key is in newkey.pem"
|
||||
;;
|
||||
-newreq)
|
||||
# create a certificate request
|
||||
$REQ -new -keyout newkey.pem -out newreq.pem $DAYS
|
||||
RET=$?
|
||||
echo "Request is in newreq.pem, private key is in newkey.pem"
|
||||
;;
|
||||
-newreq-nodes)
|
||||
# create a certificate request
|
||||
$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS
|
||||
RET=$?
|
||||
echo "Request (and private key) is in newreq.pem"
|
||||
;;
|
||||
-newca)
|
||||
# if explicitly asked for or it doesn't exist then setup the directory
|
||||
# structure that Eric likes to manage things
|
||||
NEW="1"
|
||||
if [ "$NEW" -o ! -f ${CATOP}/serial ]; then
|
||||
# create the directory hierarchy
|
||||
mkdir -p ${CATOP}
|
||||
mkdir -p ${CATOP}/certs
|
||||
mkdir -p ${CATOP}/crl
|
||||
mkdir -p ${CATOP}/newcerts
|
||||
mkdir -p ${CATOP}/private
|
||||
touch ${CATOP}/index.txt
|
||||
fi
|
||||
if [ ! -f ${CATOP}/private/$CAKEY ]; then
|
||||
echo "CA certificate filename (or enter to create)"
|
||||
read FILE
|
||||
|
||||
# ask user for existing CA certificate
|
||||
if [ "$FILE" ]; then
|
||||
cp_pem $FILE ${CATOP}/private/$CAKEY PRIVATE
|
||||
cp_pem $FILE ${CATOP}/$CACERT CERTIFICATE
|
||||
RET=$?
|
||||
if [ ! -f "${CATOP}/serial" ]; then
|
||||
$X509 -in ${CATOP}/$CACERT -noout -next_serial \
|
||||
-out ${CATOP}/serial
|
||||
fi
|
||||
else
|
||||
echo "Making CA certificate ..."
|
||||
$REQ -new -keyout ${CATOP}/private/$CAKEY \
|
||||
-out ${CATOP}/$CAREQ
|
||||
$CA -create_serial -out ${CATOP}/$CACERT $CADAYS -batch \
|
||||
-keyfile ${CATOP}/private/$CAKEY -selfsign \
|
||||
-extensions v3_ca \
|
||||
-infiles ${CATOP}/$CAREQ
|
||||
RET=$?
|
||||
fi
|
||||
fi
|
||||
;;
|
||||
-xsign)
|
||||
$CA -policy policy_anything -infiles newreq.pem
|
||||
RET=$?
|
||||
;;
|
||||
-pkcs12)
|
||||
if [ -z "$2" ] ; then
|
||||
CNAME="My Certificate"
|
||||
else
|
||||
CNAME="$2"
|
||||
fi
|
||||
$PKCS12 -in newcert.pem -inkey newreq.pem -certfile ${CATOP}/$CACERT \
|
||||
-out newcert.p12 -export -name "$CNAME"
|
||||
RET=$?
|
||||
exit $RET
|
||||
;;
|
||||
-sign|-signreq)
|
||||
$CA -policy policy_anything -out newcert.pem -infiles newreq.pem
|
||||
RET=$?
|
||||
cat newcert.pem
|
||||
echo "Signed certificate is in newcert.pem"
|
||||
;;
|
||||
-signCA)
|
||||
$CA -policy policy_anything -out newcert.pem -extensions v3_ca -infiles newreq.pem
|
||||
RET=$?
|
||||
echo "Signed CA certificate is in newcert.pem"
|
||||
;;
|
||||
-signcert)
|
||||
echo "Cert passphrase will be requested twice - bug?"
|
||||
$X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem
|
||||
$CA -policy policy_anything -out newcert.pem -infiles tmp.pem
|
||||
RET=$?
|
||||
cat newcert.pem
|
||||
echo "Signed certificate is in newcert.pem"
|
||||
;;
|
||||
-verify)
|
||||
shift
|
||||
if [ -z "$1" ]; then
|
||||
$VERIFY -CAfile $CATOP/$CACERT newcert.pem
|
||||
RET=$?
|
||||
else
|
||||
for j
|
||||
do
|
||||
$VERIFY -CAfile $CATOP/$CACERT $j
|
||||
if [ $? != 0 ]; then
|
||||
RET=$?
|
||||
fi
|
||||
done
|
||||
fi
|
||||
exit $RET
|
||||
;;
|
||||
*)
|
||||
echo "Unknown arg $i" >&2
|
||||
usage
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
shift
|
||||
done
|
||||
exit $RET
|
Разница между файлами не показана из-за своего большого размера
Загрузить разницу
|
@ -0,0 +1,217 @@
|
|||
/* apps/app_rand.c */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
*/
|
||||
|
||||
#define NON_MAIN
|
||||
#include "apps.h"
|
||||
#undef NON_MAIN
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/rand.h>
|
||||
|
||||
static int seeded = 0;
|
||||
static int egdsocket = 0;
|
||||
|
||||
int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
|
||||
{
|
||||
int consider_randfile = (file == NULL);
|
||||
char buffer[200];
|
||||
|
||||
#ifdef OPENSSL_SYS_WINDOWS
|
||||
RAND_screen();
|
||||
#endif
|
||||
|
||||
if (file == NULL)
|
||||
file = RAND_file_name(buffer, sizeof(buffer));
|
||||
else if (RAND_egd(file) > 0) {
|
||||
/*
|
||||
* we try if the given filename is an EGD socket. if it is, we don't
|
||||
* write anything back to the file.
|
||||
*/
|
||||
egdsocket = 1;
|
||||
return 1;
|
||||
}
|
||||
if (file == NULL || !RAND_load_file(file, -1)) {
|
||||
if (RAND_status() == 0) {
|
||||
if (!dont_warn) {
|
||||
BIO_printf(bio_e, "unable to load 'random state'\n");
|
||||
BIO_printf(bio_e,
|
||||
"This means that the random number generator has not been seeded\n");
|
||||
BIO_printf(bio_e, "with much random data.\n");
|
||||
if (consider_randfile) { /* explanation does not apply when a
|
||||
* file is explicitly named */
|
||||
BIO_printf(bio_e,
|
||||
"Consider setting the RANDFILE environment variable to point at a file that\n");
|
||||
BIO_printf(bio_e,
|
||||
"'random' data can be kept in (the file will be overwritten).\n");
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
seeded = 1;
|
||||
return 1;
|
||||
}
|
||||
|
||||
long app_RAND_load_files(char *name)
|
||||
{
|
||||
char *p, *n;
|
||||
int last;
|
||||
long tot = 0;
|
||||
int egd;
|
||||
|
||||
for (;;) {
|
||||
last = 0;
|
||||
for (p = name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++) ;
|
||||
if (*p == '\0')
|
||||
last = 1;
|
||||
*p = '\0';
|
||||
n = name;
|
||||
name = p + 1;
|
||||
if (*n == '\0')
|
||||
break;
|
||||
|
||||
egd = RAND_egd(n);
|
||||
if (egd > 0)
|
||||
tot += egd;
|
||||
else
|
||||
tot += RAND_load_file(n, -1);
|
||||
if (last)
|
||||
break;
|
||||
}
|
||||
if (tot > 512)
|
||||
app_RAND_allow_write_file();
|
||||
return (tot);
|
||||
}
|
||||
|
||||
int app_RAND_write_file(const char *file, BIO *bio_e)
|
||||
{
|
||||
char buffer[200];
|
||||
|
||||
if (egdsocket || !seeded)
|
||||
/*
|
||||
* If we did not manage to read the seed file, we should not write a
|
||||
* low-entropy seed file back -- it would suppress a crucial warning
|
||||
* the next time we want to use it.
|
||||
*/
|
||||
return 0;
|
||||
|
||||
if (file == NULL)
|
||||
file = RAND_file_name(buffer, sizeof(buffer));
|
||||
if (file == NULL || !RAND_write_file(file)) {
|
||||
BIO_printf(bio_e, "unable to write 'random state'\n");
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
void app_RAND_allow_write_file(void)
|
||||
{
|
||||
seeded = 1;
|
||||
}
|
Разница между файлами не показана из-за своего большого размера
Загрузить разницу
|
@ -0,0 +1,389 @@
|
|||
/* apps/apps.h */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
*/
|
||||
|
||||
#ifndef HEADER_APPS_H
|
||||
# define HEADER_APPS_H
|
||||
|
||||
# include "e_os.h"
|
||||
|
||||
# include <openssl/bio.h>
|
||||
# include <openssl/x509.h>
|
||||
# include <openssl/lhash.h>
|
||||
# include <openssl/conf.h>
|
||||
# include <openssl/txt_db.h>
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
# include <openssl/engine.h>
|
||||
# endif
|
||||
# ifndef OPENSSL_NO_OCSP
|
||||
# include <openssl/ocsp.h>
|
||||
# endif
|
||||
# include <openssl/ossl_typ.h>
|
||||
|
||||
int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
|
||||
int app_RAND_write_file(const char *file, BIO *bio_e);
|
||||
/*
|
||||
* When `file' is NULL, use defaults. `bio_e' is for error messages.
|
||||
*/
|
||||
void app_RAND_allow_write_file(void);
|
||||
long app_RAND_load_files(char *file); /* `file' is a list of files to read,
|
||||
* separated by LIST_SEPARATOR_CHAR
|
||||
* (see e_os.h). The string is
|
||||
* destroyed! */
|
||||
|
||||
# ifndef MONOLITH
|
||||
|
||||
# define MAIN(a,v) main(a,v)
|
||||
|
||||
# ifndef NON_MAIN
|
||||
CONF *config = NULL;
|
||||
BIO *bio_err = NULL;
|
||||
# else
|
||||
extern CONF *config;
|
||||
extern BIO *bio_err;
|
||||
# endif
|
||||
|
||||
# else
|
||||
|
||||
# define MAIN(a,v) PROG(a,v)
|
||||
extern CONF *config;
|
||||
extern char *default_config_file;
|
||||
extern BIO *bio_err;
|
||||
|
||||
# endif
|
||||
|
||||
# ifndef OPENSSL_SYS_NETWARE
|
||||
# include <signal.h>
|
||||
# endif
|
||||
|
||||
# ifdef SIGPIPE
|
||||
# define do_pipe_sig() signal(SIGPIPE,SIG_IGN)
|
||||
# else
|
||||
# define do_pipe_sig()
|
||||
# endif
|
||||
|
||||
# ifdef OPENSSL_NO_COMP
|
||||
# define zlib_cleanup()
|
||||
# else
|
||||
# define zlib_cleanup() COMP_zlib_cleanup()
|
||||
# endif
|
||||
|
||||
# if defined(MONOLITH) && !defined(OPENSSL_C)
|
||||
# define apps_startup() \
|
||||
do_pipe_sig()
|
||||
# define apps_shutdown()
|
||||
# else
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
# define apps_startup() \
|
||||
do { do_pipe_sig(); CRYPTO_malloc_init(); \
|
||||
ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
|
||||
ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
|
||||
# define apps_shutdown() \
|
||||
do { CONF_modules_unload(1); destroy_ui_method(); \
|
||||
OBJ_cleanup(); EVP_cleanup(); ENGINE_cleanup(); \
|
||||
CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); \
|
||||
RAND_cleanup(); \
|
||||
ERR_free_strings(); zlib_cleanup();} while(0)
|
||||
# else
|
||||
# define apps_startup() \
|
||||
do { do_pipe_sig(); CRYPTO_malloc_init(); \
|
||||
ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
|
||||
setup_ui_method(); } while(0)
|
||||
# define apps_shutdown() \
|
||||
do { CONF_modules_unload(1); destroy_ui_method(); \
|
||||
OBJ_cleanup(); EVP_cleanup(); \
|
||||
CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); \
|
||||
RAND_cleanup(); \
|
||||
ERR_free_strings(); zlib_cleanup(); } while(0)
|
||||
# endif
|
||||
# endif
|
||||
|
||||
# if defined(OPENSSL_SYSNAME_WIN32) || defined(OPENSSL_SYSNAME_WINCE)
|
||||
# define openssl_fdset(a,b) FD_SET((unsigned int)a, b)
|
||||
# else
|
||||
# define openssl_fdset(a,b) FD_SET(a, b)
|
||||
# endif
|
||||
|
||||
typedef struct args_st {
|
||||
char **data;
|
||||
int count;
|
||||
} ARGS;
|
||||
|
||||
# define PW_MIN_LENGTH 4
|
||||
typedef struct pw_cb_data {
|
||||
const void *password;
|
||||
const char *prompt_info;
|
||||
} PW_CB_DATA;
|
||||
|
||||
int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_data);
|
||||
|
||||
int setup_ui_method(void);
|
||||
void destroy_ui_method(void);
|
||||
|
||||
int should_retry(int i);
|
||||
int args_from_file(char *file, int *argc, char **argv[]);
|
||||
int str2fmt(char *s);
|
||||
void program_name(char *in, char *out, int size);
|
||||
int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[]);
|
||||
# ifdef HEADER_X509_H
|
||||
int dump_cert_text(BIO *out, X509 *x);
|
||||
void print_name(BIO *out, const char *title, X509_NAME *nm,
|
||||
unsigned long lflags);
|
||||
# endif
|
||||
int set_cert_ex(unsigned long *flags, const char *arg);
|
||||
int set_name_ex(unsigned long *flags, const char *arg);
|
||||
int set_ext_copy(int *copy_type, const char *arg);
|
||||
int copy_extensions(X509 *x, X509_REQ *req, int copy_type);
|
||||
int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
|
||||
int add_oid_section(BIO *err, CONF *conf);
|
||||
X509 *load_cert(BIO *err, const char *file, int format,
|
||||
const char *pass, ENGINE *e, const char *cert_descrip);
|
||||
X509_CRL *load_crl(const char *infile, int format);
|
||||
int load_cert_crl_http(const char *url, BIO *err,
|
||||
X509 **pcert, X509_CRL **pcrl);
|
||||
EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
|
||||
const char *pass, ENGINE *e, const char *key_descrip);
|
||||
EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
|
||||
const char *pass, ENGINE *e, const char *key_descrip);
|
||||
STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
|
||||
const char *pass, ENGINE *e,
|
||||
const char *cert_descrip);
|
||||
STACK_OF(X509_CRL) *load_crls(BIO *err, const char *file, int format,
|
||||
const char *pass, ENGINE *e,
|
||||
const char *cert_descrip);
|
||||
X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
|
||||
|
||||
ENGINE *setup_engine(BIO *err, const char *engine, int debug);
|
||||
void release_engine(ENGINE *e);
|
||||
|
||||
# ifndef OPENSSL_NO_OCSP
|
||||
OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
|
||||
const char *host, const char *path,
|
||||
const char *port, int use_ssl,
|
||||
const STACK_OF(CONF_VALUE) *headers,
|
||||
int req_timeout);
|
||||
# endif
|
||||
|
||||
int load_config(BIO *err, CONF *cnf);
|
||||
char *make_config_name(void);
|
||||
|
||||
/* Functions defined in ca.c and also used in ocsp.c */
|
||||
int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
|
||||
ASN1_GENERALIZEDTIME **pinvtm, const char *str);
|
||||
|
||||
# define DB_type 0
|
||||
# define DB_exp_date 1
|
||||
# define DB_rev_date 2
|
||||
# define DB_serial 3 /* index - unique */
|
||||
# define DB_file 4
|
||||
# define DB_name 5 /* index - unique when active and not
|
||||
* disabled */
|
||||
# define DB_NUMBER 6
|
||||
|
||||
# define DB_TYPE_REV 'R'
|
||||
# define DB_TYPE_EXP 'E'
|
||||
# define DB_TYPE_VAL 'V'
|
||||
|
||||
typedef struct db_attr_st {
|
||||
int unique_subject;
|
||||
} DB_ATTR;
|
||||
typedef struct ca_db_st {
|
||||
DB_ATTR attributes;
|
||||
TXT_DB *db;
|
||||
} CA_DB;
|
||||
|
||||
BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai);
|
||||
int save_serial(char *serialfile, char *suffix, BIGNUM *serial,
|
||||
ASN1_INTEGER **retai);
|
||||
int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix);
|
||||
int rand_serial(BIGNUM *b, ASN1_INTEGER *ai);
|
||||
CA_DB *load_index(char *dbfile, DB_ATTR *dbattr);
|
||||
int index_index(CA_DB *db);
|
||||
int save_index(const char *dbfile, const char *suffix, CA_DB *db);
|
||||
int rotate_index(const char *dbfile, const char *new_suffix,
|
||||
const char *old_suffix);
|
||||
void free_index(CA_DB *db);
|
||||
# define index_name_cmp_noconst(a, b) \
|
||||
index_name_cmp((const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, a), \
|
||||
(const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, b))
|
||||
int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b);
|
||||
int parse_yesno(const char *str, int def);
|
||||
|
||||
X509_NAME *parse_name(char *str, long chtype, int multirdn);
|
||||
int args_verify(char ***pargs, int *pargc,
|
||||
int *badarg, BIO *err, X509_VERIFY_PARAM **pm);
|
||||
void policies_print(BIO *out, X509_STORE_CTX *ctx);
|
||||
int bio_to_mem(unsigned char **out, int maxlen, BIO *in);
|
||||
int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value);
|
||||
int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx,
|
||||
const char *algname, ENGINE *e, int do_param);
|
||||
int do_X509_sign(BIO *err, X509 *x, EVP_PKEY *pkey, const EVP_MD *md,
|
||||
STACK_OF(OPENSSL_STRING) *sigopts);
|
||||
int do_X509_REQ_sign(BIO *err, X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md,
|
||||
STACK_OF(OPENSSL_STRING) *sigopts);
|
||||
int do_X509_CRL_sign(BIO *err, X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md,
|
||||
STACK_OF(OPENSSL_STRING) *sigopts);
|
||||
# ifndef OPENSSL_NO_PSK
|
||||
extern char *psk_key;
|
||||
# endif
|
||||
# ifndef OPENSSL_NO_JPAKE
|
||||
void jpake_client_auth(BIO *out, BIO *conn, const char *secret);
|
||||
void jpake_server_auth(BIO *out, BIO *conn, const char *secret);
|
||||
# endif
|
||||
|
||||
# ifndef OPENSSL_NO_TLSEXT
|
||||
unsigned char *next_protos_parse(unsigned short *outlen, const char *in);
|
||||
# endif /* ndef OPENSSL_NO_TLSEXT */
|
||||
|
||||
void print_cert_checks(BIO *bio, X509 *x,
|
||||
const char *checkhost,
|
||||
const char *checkemail, const char *checkip);
|
||||
|
||||
void store_setup_crl_download(X509_STORE *st);
|
||||
|
||||
# define FORMAT_UNDEF 0
|
||||
# define FORMAT_ASN1 1
|
||||
# define FORMAT_TEXT 2
|
||||
# define FORMAT_PEM 3
|
||||
# define FORMAT_NETSCAPE 4
|
||||
# define FORMAT_PKCS12 5
|
||||
# define FORMAT_SMIME 6
|
||||
# define FORMAT_ENGINE 7
|
||||
# define FORMAT_IISSGC 8 /* XXX this stupid macro helps us to avoid
|
||||
* adding yet another param to load_*key() */
|
||||
# define FORMAT_PEMRSA 9 /* PEM RSAPubicKey format */
|
||||
# define FORMAT_ASN1RSA 10 /* DER RSAPubicKey format */
|
||||
# define FORMAT_MSBLOB 11 /* MS Key blob format */
|
||||
# define FORMAT_PVK 12 /* MS PVK file format */
|
||||
# define FORMAT_HTTP 13 /* Download using HTTP */
|
||||
|
||||
# define EXT_COPY_NONE 0
|
||||
# define EXT_COPY_ADD 1
|
||||
# define EXT_COPY_ALL 2
|
||||
|
||||
# define NETSCAPE_CERT_HDR "certificate"
|
||||
|
||||
# define APP_PASS_LEN 1024
|
||||
|
||||
# define SERIAL_RAND_BITS 64
|
||||
|
||||
int app_isdir(const char *);
|
||||
int fileno_stdin(void);
|
||||
int fileno_stdout(void);
|
||||
int raw_read_stdin(void *, int);
|
||||
int raw_write_stdout(const void *, int);
|
||||
|
||||
# define TM_START 0
|
||||
# define TM_STOP 1
|
||||
double app_tminterval(int stop, int usertime);
|
||||
|
||||
# define OPENSSL_NO_SSL_INTERN
|
||||
|
||||
#endif
|
|
@ -0,0 +1,430 @@
|
|||
/* apps/asn1pars.c */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
|
||||
/*
|
||||
* A nice addition from Dr Stephen Henson <steve@openssl.org> to add the
|
||||
* -strparse option which parses nested binary structures
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include "apps.h"
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/pem.h>
|
||||
|
||||
/*-
|
||||
* -inform arg - input format - default PEM (DER or PEM)
|
||||
* -in arg - input file - default stdin
|
||||
* -i - indent the details by depth
|
||||
* -offset - where in the file to start
|
||||
* -length - how many bytes to use
|
||||
* -oid file - extra oid description file
|
||||
*/
|
||||
|
||||
#undef PROG
|
||||
#define PROG asn1parse_main
|
||||
|
||||
int MAIN(int, char **);
|
||||
|
||||
static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
int i, badops = 0, offset = 0, ret = 1, j;
|
||||
unsigned int length = 0;
|
||||
long num, tmplen;
|
||||
BIO *in = NULL, *out = NULL, *b64 = NULL, *derout = NULL;
|
||||
int informat, indent = 0, noout = 0, dump = 0;
|
||||
char *infile = NULL, *str = NULL, *prog, *oidfile = NULL, *derfile = NULL;
|
||||
char *genstr = NULL, *genconf = NULL;
|
||||
unsigned char *tmpbuf;
|
||||
const unsigned char *ctmpbuf;
|
||||
BUF_MEM *buf = NULL;
|
||||
STACK_OF(OPENSSL_STRING) *osk = NULL;
|
||||
ASN1_TYPE *at = NULL;
|
||||
|
||||
informat = FORMAT_PEM;
|
||||
|
||||
apps_startup();
|
||||
|
||||
if (bio_err == NULL)
|
||||
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
|
||||
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
prog = argv[0];
|
||||
argc--;
|
||||
argv++;
|
||||
if ((osk = sk_OPENSSL_STRING_new_null()) == NULL) {
|
||||
BIO_printf(bio_err, "Memory allocation failure\n");
|
||||
goto end;
|
||||
}
|
||||
while (argc >= 1) {
|
||||
if (strcmp(*argv, "-inform") == 0) {
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
informat = str2fmt(*(++argv));
|
||||
} else if (strcmp(*argv, "-in") == 0) {
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
infile = *(++argv);
|
||||
} else if (strcmp(*argv, "-out") == 0) {
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
derfile = *(++argv);
|
||||
} else if (strcmp(*argv, "-i") == 0) {
|
||||
indent = 1;
|
||||
} else if (strcmp(*argv, "-noout") == 0)
|
||||
noout = 1;
|
||||
else if (strcmp(*argv, "-oid") == 0) {
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
oidfile = *(++argv);
|
||||
} else if (strcmp(*argv, "-offset") == 0) {
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
offset = atoi(*(++argv));
|
||||
} else if (strcmp(*argv, "-length") == 0) {
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
length = atoi(*(++argv));
|
||||
if (length == 0)
|
||||
goto bad;
|
||||
} else if (strcmp(*argv, "-dump") == 0) {
|
||||
dump = -1;
|
||||
} else if (strcmp(*argv, "-dlimit") == 0) {
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
dump = atoi(*(++argv));
|
||||
if (dump <= 0)
|
||||
goto bad;
|
||||
} else if (strcmp(*argv, "-strparse") == 0) {
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
sk_OPENSSL_STRING_push(osk, *(++argv));
|
||||
} else if (strcmp(*argv, "-genstr") == 0) {
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
genstr = *(++argv);
|
||||
} else if (strcmp(*argv, "-genconf") == 0) {
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
genconf = *(++argv);
|
||||
} else {
|
||||
BIO_printf(bio_err, "unknown option %s\n", *argv);
|
||||
badops = 1;
|
||||
break;
|
||||
}
|
||||
argc--;
|
||||
argv++;
|
||||
}
|
||||
|
||||
if (badops) {
|
||||
bad:
|
||||
BIO_printf(bio_err, "%s [options] <infile\n", prog);
|
||||
BIO_printf(bio_err, "where options are\n");
|
||||
BIO_printf(bio_err, " -inform arg input format - one of DER PEM\n");
|
||||
BIO_printf(bio_err, " -in arg input file\n");
|
||||
BIO_printf(bio_err,
|
||||
" -out arg output file (output format is always DER\n");
|
||||
BIO_printf(bio_err, " -noout arg don't produce any output\n");
|
||||
BIO_printf(bio_err, " -offset arg offset into file\n");
|
||||
BIO_printf(bio_err, " -length arg length of section in file\n");
|
||||
BIO_printf(bio_err, " -i indent entries\n");
|
||||
BIO_printf(bio_err, " -dump dump unknown data in hex form\n");
|
||||
BIO_printf(bio_err,
|
||||
" -dlimit arg dump the first arg bytes of unknown data in hex form\n");
|
||||
BIO_printf(bio_err, " -oid file file of extra oid definitions\n");
|
||||
BIO_printf(bio_err, " -strparse offset\n");
|
||||
BIO_printf(bio_err,
|
||||
" a series of these can be used to 'dig' into multiple\n");
|
||||
BIO_printf(bio_err, " ASN1 blob wrappings\n");
|
||||
BIO_printf(bio_err,
|
||||
" -genstr str string to generate ASN1 structure from\n");
|
||||
BIO_printf(bio_err,
|
||||
" -genconf file file to generate ASN1 structure from\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
ERR_load_crypto_strings();
|
||||
|
||||
in = BIO_new(BIO_s_file());
|
||||
out = BIO_new(BIO_s_file());
|
||||
if ((in == NULL) || (out == NULL)) {
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
}
|
||||
#endif
|
||||
|
||||
if (oidfile != NULL) {
|
||||
if (BIO_read_filename(in, oidfile) <= 0) {
|
||||
BIO_printf(bio_err, "problems opening %s\n", oidfile);
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
OBJ_create_objects(in);
|
||||
}
|
||||
|
||||
if (infile == NULL)
|
||||
BIO_set_fp(in, stdin, BIO_NOCLOSE);
|
||||
else {
|
||||
if (BIO_read_filename(in, infile) <= 0) {
|
||||
perror(infile);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
if (derfile) {
|
||||
if (!(derout = BIO_new_file(derfile, "wb"))) {
|
||||
BIO_printf(bio_err, "problems opening %s\n", derfile);
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
if ((buf = BUF_MEM_new()) == NULL)
|
||||
goto end;
|
||||
if (!BUF_MEM_grow(buf, BUFSIZ * 8))
|
||||
goto end; /* Pre-allocate :-) */
|
||||
|
||||
if (genstr || genconf) {
|
||||
num = do_generate(bio_err, genstr, genconf, buf);
|
||||
if (num < 0) {
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
else {
|
||||
|
||||
if (informat == FORMAT_PEM) {
|
||||
BIO *tmp;
|
||||
|
||||
if ((b64 = BIO_new(BIO_f_base64())) == NULL)
|
||||
goto end;
|
||||
BIO_push(b64, in);
|
||||
tmp = in;
|
||||
in = b64;
|
||||
b64 = tmp;
|
||||
}
|
||||
|
||||
num = 0;
|
||||
for (;;) {
|
||||
if (!BUF_MEM_grow(buf, (int)num + BUFSIZ))
|
||||
goto end;
|
||||
i = BIO_read(in, &(buf->data[num]), BUFSIZ);
|
||||
if (i <= 0)
|
||||
break;
|
||||
num += i;
|
||||
}
|
||||
}
|
||||
str = buf->data;
|
||||
|
||||
/* If any structs to parse go through in sequence */
|
||||
|
||||
if (sk_OPENSSL_STRING_num(osk)) {
|
||||
tmpbuf = (unsigned char *)str;
|
||||
tmplen = num;
|
||||
for (i = 0; i < sk_OPENSSL_STRING_num(osk); i++) {
|
||||
ASN1_TYPE *atmp;
|
||||
int typ;
|
||||
j = atoi(sk_OPENSSL_STRING_value(osk, i));
|
||||
if (j <= 0 || j >= tmplen) {
|
||||
BIO_printf(bio_err, "'%s' is an invalid number\n",
|
||||
sk_OPENSSL_STRING_value(osk, i));
|
||||
continue;
|
||||
}
|
||||
tmpbuf += j;
|
||||
tmplen -= j;
|
||||
atmp = at;
|
||||
ctmpbuf = tmpbuf;
|
||||
at = d2i_ASN1_TYPE(NULL, &ctmpbuf, tmplen);
|
||||
ASN1_TYPE_free(atmp);
|
||||
if (!at) {
|
||||
BIO_printf(bio_err, "Error parsing structure\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
typ = ASN1_TYPE_get(at);
|
||||
if ((typ == V_ASN1_OBJECT)
|
||||
|| (typ == V_ASN1_BOOLEAN)
|
||||
|| (typ == V_ASN1_NULL)) {
|
||||
BIO_printf(bio_err, "Can't parse %s type\n", ASN1_tag2str(typ));
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
/* hmm... this is a little evil but it works */
|
||||
tmpbuf = at->value.asn1_string->data;
|
||||
tmplen = at->value.asn1_string->length;
|
||||
}
|
||||
str = (char *)tmpbuf;
|
||||
num = tmplen;
|
||||
}
|
||||
|
||||
if (offset < 0 || offset >= num) {
|
||||
BIO_printf(bio_err, "Error: offset out of range\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
num -= offset;
|
||||
|
||||
if (length == 0 || length > (unsigned int)num)
|
||||
length = (unsigned int)num;
|
||||
if (derout) {
|
||||
if (BIO_write(derout, str + offset, length) != (int)length) {
|
||||
BIO_printf(bio_err, "Error writing output\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
if (!noout &&
|
||||
!ASN1_parse_dump(out, (unsigned char *)&(str[offset]), length,
|
||||
indent, dump)) {
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
ret = 0;
|
||||
end:
|
||||
BIO_free(derout);
|
||||
if (in != NULL)
|
||||
BIO_free(in);
|
||||
if (out != NULL)
|
||||
BIO_free_all(out);
|
||||
if (b64 != NULL)
|
||||
BIO_free(b64);
|
||||
if (ret != 0)
|
||||
ERR_print_errors(bio_err);
|
||||
if (buf != NULL)
|
||||
BUF_MEM_free(buf);
|
||||
if (at != NULL)
|
||||
ASN1_TYPE_free(at);
|
||||
if (osk != NULL)
|
||||
sk_OPENSSL_STRING_free(osk);
|
||||
OBJ_cleanup();
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
||||
static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf)
|
||||
{
|
||||
CONF *cnf = NULL;
|
||||
int len;
|
||||
long errline = 0;
|
||||
unsigned char *p;
|
||||
ASN1_TYPE *atyp = NULL;
|
||||
|
||||
if (genconf) {
|
||||
cnf = NCONF_new(NULL);
|
||||
if (!NCONF_load(cnf, genconf, &errline))
|
||||
goto conferr;
|
||||
if (!genstr)
|
||||
genstr = NCONF_get_string(cnf, "default", "asn1");
|
||||
if (!genstr) {
|
||||
BIO_printf(bio, "Can't find 'asn1' in '%s'\n", genconf);
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
|
||||
atyp = ASN1_generate_nconf(genstr, cnf);
|
||||
NCONF_free(cnf);
|
||||
cnf = NULL;
|
||||
|
||||
if (!atyp)
|
||||
return -1;
|
||||
|
||||
len = i2d_ASN1_TYPE(atyp, NULL);
|
||||
|
||||
if (len <= 0)
|
||||
goto err;
|
||||
|
||||
if (!BUF_MEM_grow(buf, len))
|
||||
goto err;
|
||||
|
||||
p = (unsigned char *)buf->data;
|
||||
|
||||
i2d_ASN1_TYPE(atyp, &p);
|
||||
|
||||
ASN1_TYPE_free(atyp);
|
||||
return len;
|
||||
|
||||
conferr:
|
||||
|
||||
if (errline > 0)
|
||||
BIO_printf(bio, "Error on line %ld of config file '%s'\n",
|
||||
errline, genconf);
|
||||
else
|
||||
BIO_printf(bio, "Error loading config file '%s'\n", genconf);
|
||||
|
||||
err:
|
||||
NCONF_free(cnf);
|
||||
ASN1_TYPE_free(atyp);
|
||||
|
||||
return -1;
|
||||
|
||||
}
|
|
@ -0,0 +1 @@
|
|||
07
|
|
@ -0,0 +1,15 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425
|
||||
gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd
|
||||
2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB
|
||||
AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6
|
||||
hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2
|
||||
J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs
|
||||
HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL
|
||||
21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s
|
||||
nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz
|
||||
MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa
|
||||
pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb
|
||||
KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2
|
||||
XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ
|
||||
-----END RSA PRIVATE KEY-----
|
|
@ -0,0 +1,11 @@
|
|||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIIBmTCCAQICAQAwWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx
|
||||
GjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgx
|
||||
MDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgy
|
||||
bTsZDCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/d
|
||||
FXSv1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUe
|
||||
cQU2mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAKlk7
|
||||
cxu9gCJN3/iQFyJXQ6YphaiQAT5VBXTx9ftRrQIjA3vxlDzPWGDy+V5Tqa7h8PtR
|
||||
5Bn00JShII2zf0hjyjKils6x/UkWmjEiwSiFp4hR70iE8XwSNEHY2P6j6nQEIpgW
|
||||
kbfgmmUqk7dl2V+ossTJ80B8SBpEhrn81V/cHxA=
|
||||
-----END CERTIFICATE REQUEST-----
|
Разница между файлами не показана из-за своего большого размера
Загрузить разницу
|
@ -0,0 +1,11 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIBoDCCAUoCAQAwDQYJKoZIhvcNAQEEBQAwYzELMAkGA1UEBhMCQVUxEzARBgNV
|
||||
BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYD
|
||||
VQQDExpTZXJ2ZXIgdGVzdCBjZXJ0ICg1MTIgYml0KTAeFw05NzA5MDkwMzQxMjZa
|
||||
Fw05NzEwMDkwMzQxMjZaMF4xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0
|
||||
YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxFzAVBgNVBAMT
|
||||
DkVyaWMgdGhlIFlvdW5nMFEwCQYFKw4DAgwFAANEAAJBALVEqPODnpI4rShlY8S7
|
||||
tB713JNvabvn6Gned7zylwLLiXQAo/PAT6mfdWPTyCX9RlId/Aroh1ou893BA32Q
|
||||
sggwDQYJKoZIhvcNAQEEBQADQQCU5SSgapJSdRXJoX+CpCvFy+JVh9HpSjCpSNKO
|
||||
19raHv98hKAUJuP9HyM+SUsffO6mAIgitUaqW8/wDMePhEC3
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,239 @@
|
|||
/* apps/ciphers.c */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#ifdef OPENSSL_NO_STDIO
|
||||
# define APPS_WIN16
|
||||
#endif
|
||||
#include "apps.h"
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/ssl.h>
|
||||
|
||||
#undef PROG
|
||||
#define PROG ciphers_main
|
||||
|
||||
static const char *ciphers_usage[] = {
|
||||
"usage: ciphers args\n",
|
||||
" -v - verbose mode, a textual listing of the SSL/TLS ciphers in OpenSSL\n",
|
||||
" -V - even more verbose\n",
|
||||
" -ssl2 - SSL2 mode\n",
|
||||
" -ssl3 - SSL3 mode\n",
|
||||
" -tls1 - TLS1 mode\n",
|
||||
NULL
|
||||
};
|
||||
|
||||
int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
int ret = 1, i;
|
||||
int verbose = 0, Verbose = 0;
|
||||
#ifndef OPENSSL_NO_SSL_TRACE
|
||||
int stdname = 0;
|
||||
#endif
|
||||
const char **pp;
|
||||
const char *p;
|
||||
int badops = 0;
|
||||
SSL_CTX *ctx = NULL;
|
||||
SSL *ssl = NULL;
|
||||
char *ciphers = NULL;
|
||||
const SSL_METHOD *meth = NULL;
|
||||
STACK_OF(SSL_CIPHER) *sk;
|
||||
char buf[512];
|
||||
BIO *STDout = NULL;
|
||||
|
||||
meth = SSLv23_server_method();
|
||||
|
||||
apps_startup();
|
||||
|
||||
if (bio_err == NULL)
|
||||
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
|
||||
STDout = BIO_new_fp(stdout, BIO_NOCLOSE);
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
STDout = BIO_push(tmpbio, STDout);
|
||||
}
|
||||
#endif
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
argc--;
|
||||
argv++;
|
||||
while (argc >= 1) {
|
||||
if (strcmp(*argv, "-v") == 0)
|
||||
verbose = 1;
|
||||
else if (strcmp(*argv, "-V") == 0)
|
||||
verbose = Verbose = 1;
|
||||
#ifndef OPENSSL_NO_SSL_TRACE
|
||||
else if (strcmp(*argv, "-stdname") == 0)
|
||||
stdname = verbose = 1;
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_SSL2
|
||||
else if (strcmp(*argv, "-ssl2") == 0)
|
||||
meth = SSLv2_client_method();
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_SSL3
|
||||
else if (strcmp(*argv, "-ssl3") == 0)
|
||||
meth = SSLv3_client_method();
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_TLS1
|
||||
else if (strcmp(*argv, "-tls1") == 0)
|
||||
meth = TLSv1_client_method();
|
||||
#endif
|
||||
else if ((strncmp(*argv, "-h", 2) == 0) || (strcmp(*argv, "-?") == 0)) {
|
||||
badops = 1;
|
||||
break;
|
||||
} else {
|
||||
ciphers = *argv;
|
||||
}
|
||||
argc--;
|
||||
argv++;
|
||||
}
|
||||
|
||||
if (badops) {
|
||||
for (pp = ciphers_usage; (*pp != NULL); pp++)
|
||||
BIO_printf(bio_err, "%s", *pp);
|
||||
goto end;
|
||||
}
|
||||
|
||||
OpenSSL_add_ssl_algorithms();
|
||||
|
||||
ctx = SSL_CTX_new(meth);
|
||||
if (ctx == NULL)
|
||||
goto err;
|
||||
if (ciphers != NULL) {
|
||||
if (!SSL_CTX_set_cipher_list(ctx, ciphers)) {
|
||||
BIO_printf(bio_err, "Error in cipher list\n");
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
ssl = SSL_new(ctx);
|
||||
if (ssl == NULL)
|
||||
goto err;
|
||||
|
||||
if (!verbose) {
|
||||
for (i = 0;; i++) {
|
||||
p = SSL_get_cipher_list(ssl, i);
|
||||
if (p == NULL)
|
||||
break;
|
||||
if (i != 0)
|
||||
BIO_printf(STDout, ":");
|
||||
BIO_printf(STDout, "%s", p);
|
||||
}
|
||||
BIO_printf(STDout, "\n");
|
||||
} else { /* verbose */
|
||||
|
||||
sk = SSL_get_ciphers(ssl);
|
||||
|
||||
for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
|
||||
SSL_CIPHER *c;
|
||||
|
||||
c = sk_SSL_CIPHER_value(sk, i);
|
||||
|
||||
if (Verbose) {
|
||||
unsigned long id = SSL_CIPHER_get_id(c);
|
||||
int id0 = (int)(id >> 24);
|
||||
int id1 = (int)((id >> 16) & 0xffL);
|
||||
int id2 = (int)((id >> 8) & 0xffL);
|
||||
int id3 = (int)(id & 0xffL);
|
||||
|
||||
if ((id & 0xff000000L) == 0x02000000L) {
|
||||
/* SSL2 cipher */
|
||||
BIO_printf(STDout, " 0x%02X,0x%02X,0x%02X - ", id1,
|
||||
id2, id3);
|
||||
} else if ((id & 0xff000000L) == 0x03000000L) {
|
||||
/* SSL3 cipher */
|
||||
BIO_printf(STDout, " 0x%02X,0x%02X - ", id2,
|
||||
id3);
|
||||
} else {
|
||||
/* whatever */
|
||||
BIO_printf(STDout, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0,
|
||||
id1, id2, id3);
|
||||
}
|
||||
}
|
||||
#ifndef OPENSSL_NO_SSL_TRACE
|
||||
if (stdname) {
|
||||
const char *nm = SSL_CIPHER_standard_name(c);
|
||||
if (nm == NULL)
|
||||
nm = "UNKNOWN";
|
||||
BIO_printf(STDout, "%s - ", nm);
|
||||
}
|
||||
#endif
|
||||
BIO_puts(STDout, SSL_CIPHER_description(c, buf, sizeof(buf)));
|
||||
}
|
||||
}
|
||||
|
||||
ret = 0;
|
||||
if (0) {
|
||||
err:
|
||||
SSL_load_error_strings();
|
||||
ERR_print_errors(bio_err);
|
||||
}
|
||||
end:
|
||||
if (ctx != NULL)
|
||||
SSL_CTX_free(ctx);
|
||||
if (ssl != NULL)
|
||||
SSL_free(ssl);
|
||||
if (STDout != NULL)
|
||||
BIO_free_all(STDout);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
|
@ -0,0 +1,52 @@
|
|||
subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Client Cert
|
||||
issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIID5zCCAs+gAwIBAgIJALnu1NlVpZ6yMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
|
||||
BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
|
||||
VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt
|
||||
ZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoXDTIxMTAxNjE0MDE0OFowZDELMAkG
|
||||
A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU
|
||||
RVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgQ2xpZW50IENlcnQw
|
||||
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0ranbHRLcLVqN+0BzcZpY
|
||||
+yOLqxzDWT1LD9eW1stC4NzXX9/DCtSIVyN7YIHdGLrIPr64IDdXXaMRzgZ2rOKs
|
||||
lmHCAiFpO/ja99gGCJRxH0xwQatqAULfJVHeUhs7OEGOZc2nWifjqKvGfNTilP7D
|
||||
nwi69ipQFq9oS19FmhwVHk2wg7KZGHI1qDyG04UrfCZMRitvS9+UVhPpIPjuiBi2
|
||||
x3/FZIpL5gXJvvFK6xHY63oq2asyzBATntBgnP4qJFWWcvRx24wF1PnZabxuVoL2
|
||||
bPnQ/KvONDrw3IdqkKhYNTul7jEcu3OlcZIMw+7DiaKJLAzKb/bBF5gm/pwW6As9
|
||||
AgMBAAGjgY8wgYwwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwLAYJYIZI
|
||||
AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
|
||||
BBSZHKyLoTh7Mb409Zn/mK1ceSDAjDAfBgNVHSMEGDAWgBQ2w2yI55X+sL3szj49
|
||||
hqshgYfa2jANBgkqhkiG9w0BAQUFAAOCAQEAD0mL7PtPYgCEuDyOQSbLpeND5hVS
|
||||
curxQdGnrJ6Acrhodb7E9ccATokeb0PLx6HBLQUicxhTZIQ9FbO43YkQcOU6C3BB
|
||||
IlwskqmtN6+VmrQzNolHCDzvxNZs9lYL2VbGPGqVRyjZeHpoAlf9cQr8PgDb4d4b
|
||||
vUx2KAhHQvV2nkmYvKyXcgnRuHggumF87mkxidriGAEFwH4qfOqetUg64WyxP7P2
|
||||
QLipm04SyQa7ONtIApfVXgHcE42Py4/f4arzCzMjKe3VyhGkS7nsT55X/fWgTaRm
|
||||
CQPkO+H94P958WTvQDt77bQ+D3IvYaVvfil8n6HJMOJfFT0LJuSUbpSXJg==
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpQIBAAKCAQEAtK2p2x0S3C1ajftAc3GaWPsji6scw1k9Sw/XltbLQuDc11/f
|
||||
wwrUiFcje2CB3Ri6yD6+uCA3V12jEc4GdqzirJZhwgIhaTv42vfYBgiUcR9McEGr
|
||||
agFC3yVR3lIbOzhBjmXNp1on46irxnzU4pT+w58IuvYqUBavaEtfRZocFR5NsIOy
|
||||
mRhyNag8htOFK3wmTEYrb0vflFYT6SD47ogYtsd/xWSKS+YFyb7xSusR2Ot6Ktmr
|
||||
MswQE57QYJz+KiRVlnL0cduMBdT52Wm8blaC9mz50PyrzjQ68NyHapCoWDU7pe4x
|
||||
HLtzpXGSDMPuw4miiSwMym/2wReYJv6cFugLPQIDAQABAoIBAAZOyc9MhIwLSU4L
|
||||
p4RgQvM4UVVe8/Id+3XTZ8NsXExJbWxXfIhiqGjaIfL8u4vsgRjcl+v1s/jo2/iT
|
||||
KMab4o4D8gXD7UavQVDjtjb/ta79WL3SjRl2Uc9YjjMkyq6WmDNQeo2NKDdafCTB
|
||||
1uzSJtLNipB8Z53ELPuHJhxX9QMHrMnuha49riQgXZ7buP9iQrHJFhImBjSzbxJx
|
||||
L+TI6rkyLSf9Wi0Pd3L27Ob3QWNfNRYNSeTE+08eSRChkur5W0RuXAcuAICdQlCl
|
||||
LBvWO/LmmvbzCqiDcgy/TliSb6CGGwgiNG7LJZmlkYNj8laGwalNlYZs3UrVv6NO
|
||||
Br2loAECgYEA2kvCvPGj0Dg/6g7WhXDvAkEbcaL1tSeCxBbNH+6HS2UWMWvyTtCn
|
||||
/bbD519QIdkvayy1QjEf32GV/UjUVmlULMLBcDy0DGjtL3+XpIhLKWDNxN1v1/ai
|
||||
1oz23ZJCOgnk6K4qtFtlRS1XtynjA+rBetvYvLP9SKeFrnpzCgaA2r0CgYEA0+KX
|
||||
1ACXDTNH5ySX3kMjSS9xdINf+OOw4CvPHFwbtc9aqk2HePlEsBTz5I/W3rKwXva3
|
||||
NqZ/bRqVVeZB/hHKFywgdUQk2Uc5z/S7Lw70/w1HubNTXGU06Ngb6zOFAo/o/TwZ
|
||||
zTP1BMIKSOB6PAZPS3l+aLO4FRIRotfFhgRHOoECgYEAmiZbqt8cJaJDB/5YYDzC
|
||||
mp3tSk6gIb936Q6M5VqkMYp9pIKsxhk0N8aDCnTU+kIK6SzWBpr3/d9Ecmqmfyq7
|
||||
5SvWO3KyVf0WWK9KH0abhOm2BKm2HBQvI0DB5u8sUx2/hsvOnjPYDISbZ11t0MtK
|
||||
u35Zy89yMYcSsIYJjG/ROCUCgYEAgI2P9G5PNxEP5OtMwOsW84Y3Xat/hPAQFlI+
|
||||
HES+AzbFGWJkeT8zL2nm95tVkFP1sggZ7Kxjz3w7cpx7GX0NkbWSE9O+T51pNASV
|
||||
tN1sQ3p5M+/a+cnlqgfEGJVvc7iAcXQPa3LEi5h2yPR49QYXAgG6cifn3dDSpmwn
|
||||
SUI7PQECgYEApGCIIpSRPLAEHTGmP87RBL1smurhwmy2s/pghkvUkWehtxg0sGHh
|
||||
kuaqDWcskogv+QC0sVdytiLSz8G0DwcEcsHK1Fkyb8A+ayiw6jWJDo2m9+IF4Fww
|
||||
1Te6jFPYDESnbhq7+TLGgHGhtwcu5cnb4vSuYXGXKupZGzoLOBbv1Zw=
|
||||
-----END RSA PRIVATE KEY-----
|
Разница между файлами не показана из-за своего большого размера
Загрузить разницу
|
@ -0,0 +1,442 @@
|
|||
/* apps/crl.c */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include "apps.h"
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/x509v3.h>
|
||||
#include <openssl/pem.h>
|
||||
|
||||
#undef PROG
|
||||
#define PROG crl_main
|
||||
|
||||
#undef POSTFIX
|
||||
#define POSTFIX ".rvk"
|
||||
|
||||
static const char *crl_usage[] = {
|
||||
"usage: crl args\n",
|
||||
"\n",
|
||||
" -inform arg - input format - default PEM (DER or PEM)\n",
|
||||
" -outform arg - output format - default PEM\n",
|
||||
" -text - print out a text format version\n",
|
||||
" -in arg - input file - default stdin\n",
|
||||
" -out arg - output file - default stdout\n",
|
||||
" -hash - print hash value\n",
|
||||
#ifndef OPENSSL_NO_MD5
|
||||
" -hash_old - print old-style (MD5) hash value\n",
|
||||
#endif
|
||||
" -fingerprint - print the crl fingerprint\n",
|
||||
" -issuer - print issuer DN\n",
|
||||
" -lastupdate - lastUpdate field\n",
|
||||
" -nextupdate - nextUpdate field\n",
|
||||
" -crlnumber - print CRL number\n",
|
||||
" -noout - no CRL output\n",
|
||||
" -CAfile name - verify CRL using certificates in file \"name\"\n",
|
||||
" -CApath dir - verify CRL using certificates in \"dir\"\n",
|
||||
" -nameopt arg - various certificate name options\n",
|
||||
NULL
|
||||
};
|
||||
|
||||
static BIO *bio_out = NULL;
|
||||
|
||||
int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
unsigned long nmflag = 0;
|
||||
X509_CRL *x = NULL;
|
||||
char *CAfile = NULL, *CApath = NULL;
|
||||
int ret = 1, i, num, badops = 0, badsig = 0;
|
||||
BIO *out = NULL;
|
||||
int informat, outformat, keyformat;
|
||||
char *infile = NULL, *outfile = NULL, *crldiff = NULL, *keyfile = NULL;
|
||||
int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout =
|
||||
0, text = 0;
|
||||
#ifndef OPENSSL_NO_MD5
|
||||
int hash_old = 0;
|
||||
#endif
|
||||
int fingerprint = 0, crlnumber = 0;
|
||||
const char **pp;
|
||||
X509_STORE *store = NULL;
|
||||
X509_STORE_CTX ctx;
|
||||
X509_LOOKUP *lookup = NULL;
|
||||
X509_OBJECT xobj;
|
||||
EVP_PKEY *pkey;
|
||||
int do_ver = 0;
|
||||
const EVP_MD *md_alg, *digest = EVP_sha1();
|
||||
|
||||
apps_startup();
|
||||
|
||||
if (bio_err == NULL)
|
||||
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
|
||||
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
if (bio_out == NULL)
|
||||
if ((bio_out = BIO_new(BIO_s_file())) != NULL) {
|
||||
BIO_set_fp(bio_out, stdout, BIO_NOCLOSE);
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
bio_out = BIO_push(tmpbio, bio_out);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
informat = FORMAT_PEM;
|
||||
outformat = FORMAT_PEM;
|
||||
keyformat = FORMAT_PEM;
|
||||
|
||||
argc--;
|
||||
argv++;
|
||||
num = 0;
|
||||
while (argc >= 1) {
|
||||
#ifdef undef
|
||||
if (strcmp(*argv, "-p") == 0) {
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
if (!args_from_file(++argv, Nargc, Nargv)) {
|
||||
goto end;
|
||||
}
|
||||
*/}
|
||||
#endif
|
||||
if (strcmp(*argv, "-inform") == 0) {
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
informat = str2fmt(*(++argv));
|
||||
} else if (strcmp(*argv, "-outform") == 0) {
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
outformat = str2fmt(*(++argv));
|
||||
} else if (strcmp(*argv, "-in") == 0) {
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
infile = *(++argv);
|
||||
} else if (strcmp(*argv, "-gendelta") == 0) {
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
crldiff = *(++argv);
|
||||
} else if (strcmp(*argv, "-key") == 0) {
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
keyfile = *(++argv);
|
||||
} else if (strcmp(*argv, "-keyform") == 0) {
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
keyformat = str2fmt(*(++argv));
|
||||
} else if (strcmp(*argv, "-out") == 0) {
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
outfile = *(++argv);
|
||||
} else if (strcmp(*argv, "-CApath") == 0) {
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
CApath = *(++argv);
|
||||
do_ver = 1;
|
||||
} else if (strcmp(*argv, "-CAfile") == 0) {
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
CAfile = *(++argv);
|
||||
do_ver = 1;
|
||||
} else if (strcmp(*argv, "-verify") == 0)
|
||||
do_ver = 1;
|
||||
else if (strcmp(*argv, "-text") == 0)
|
||||
text = 1;
|
||||
else if (strcmp(*argv, "-hash") == 0)
|
||||
hash = ++num;
|
||||
#ifndef OPENSSL_NO_MD5
|
||||
else if (strcmp(*argv, "-hash_old") == 0)
|
||||
hash_old = ++num;
|
||||
#endif
|
||||
else if (strcmp(*argv, "-nameopt") == 0) {
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
if (!set_name_ex(&nmflag, *(++argv)))
|
||||
goto bad;
|
||||
} else if (strcmp(*argv, "-issuer") == 0)
|
||||
issuer = ++num;
|
||||
else if (strcmp(*argv, "-lastupdate") == 0)
|
||||
lastupdate = ++num;
|
||||
else if (strcmp(*argv, "-nextupdate") == 0)
|
||||
nextupdate = ++num;
|
||||
else if (strcmp(*argv, "-noout") == 0)
|
||||
noout = ++num;
|
||||
else if (strcmp(*argv, "-fingerprint") == 0)
|
||||
fingerprint = ++num;
|
||||
else if (strcmp(*argv, "-crlnumber") == 0)
|
||||
crlnumber = ++num;
|
||||
else if (strcmp(*argv, "-badsig") == 0)
|
||||
badsig = 1;
|
||||
else if ((md_alg = EVP_get_digestbyname(*argv + 1))) {
|
||||
/* ok */
|
||||
digest = md_alg;
|
||||
} else {
|
||||
BIO_printf(bio_err, "unknown option %s\n", *argv);
|
||||
badops = 1;
|
||||
break;
|
||||
}
|
||||
argc--;
|
||||
argv++;
|
||||
}
|
||||
|
||||
if (badops) {
|
||||
bad:
|
||||
for (pp = crl_usage; (*pp != NULL); pp++)
|
||||
BIO_printf(bio_err, "%s", *pp);
|
||||
goto end;
|
||||
}
|
||||
|
||||
ERR_load_crypto_strings();
|
||||
x = load_crl(infile, informat);
|
||||
if (x == NULL) {
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (do_ver) {
|
||||
store = X509_STORE_new();
|
||||
lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
|
||||
if (lookup == NULL)
|
||||
goto end;
|
||||
if (!X509_LOOKUP_load_file(lookup, CAfile, X509_FILETYPE_PEM))
|
||||
X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
|
||||
|
||||
lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
|
||||
if (lookup == NULL)
|
||||
goto end;
|
||||
if (!X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM))
|
||||
X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
|
||||
ERR_clear_error();
|
||||
|
||||
if (!X509_STORE_CTX_init(&ctx, store, NULL, NULL)) {
|
||||
BIO_printf(bio_err, "Error initialising X509 store\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
i = X509_STORE_get_by_subject(&ctx, X509_LU_X509,
|
||||
X509_CRL_get_issuer(x), &xobj);
|
||||
if (i <= 0) {
|
||||
BIO_printf(bio_err, "Error getting CRL issuer certificate\n");
|
||||
goto end;
|
||||
}
|
||||
pkey = X509_get_pubkey(xobj.data.x509);
|
||||
X509_OBJECT_free_contents(&xobj);
|
||||
if (!pkey) {
|
||||
BIO_printf(bio_err, "Error getting CRL issuer public key\n");
|
||||
goto end;
|
||||
}
|
||||
i = X509_CRL_verify(x, pkey);
|
||||
EVP_PKEY_free(pkey);
|
||||
if (i < 0)
|
||||
goto end;
|
||||
if (i == 0)
|
||||
BIO_printf(bio_err, "verify failure\n");
|
||||
else
|
||||
BIO_printf(bio_err, "verify OK\n");
|
||||
}
|
||||
|
||||
if (crldiff) {
|
||||
X509_CRL *newcrl, *delta;
|
||||
if (!keyfile) {
|
||||
BIO_puts(bio_err, "Missing CRL signing key\n");
|
||||
goto end;
|
||||
}
|
||||
newcrl = load_crl(crldiff, informat);
|
||||
if (!newcrl)
|
||||
goto end;
|
||||
pkey = load_key(bio_err, keyfile, keyformat, 0, NULL, NULL,
|
||||
"CRL signing key");
|
||||
if (!pkey) {
|
||||
X509_CRL_free(newcrl);
|
||||
goto end;
|
||||
}
|
||||
delta = X509_CRL_diff(x, newcrl, pkey, digest, 0);
|
||||
X509_CRL_free(newcrl);
|
||||
EVP_PKEY_free(pkey);
|
||||
if (delta) {
|
||||
X509_CRL_free(x);
|
||||
x = delta;
|
||||
} else {
|
||||
BIO_puts(bio_err, "Error creating delta CRL\n");
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
if (num) {
|
||||
for (i = 1; i <= num; i++) {
|
||||
if (issuer == i) {
|
||||
print_name(bio_out, "issuer=", X509_CRL_get_issuer(x),
|
||||
nmflag);
|
||||
}
|
||||
if (crlnumber == i) {
|
||||
ASN1_INTEGER *crlnum;
|
||||
crlnum = X509_CRL_get_ext_d2i(x, NID_crl_number, NULL, NULL);
|
||||
BIO_printf(bio_out, "crlNumber=");
|
||||
if (crlnum) {
|
||||
i2a_ASN1_INTEGER(bio_out, crlnum);
|
||||
ASN1_INTEGER_free(crlnum);
|
||||
} else
|
||||
BIO_puts(bio_out, "<NONE>");
|
||||
BIO_printf(bio_out, "\n");
|
||||
}
|
||||
if (hash == i) {
|
||||
BIO_printf(bio_out, "%08lx\n",
|
||||
X509_NAME_hash(X509_CRL_get_issuer(x)));
|
||||
}
|
||||
#ifndef OPENSSL_NO_MD5
|
||||
if (hash_old == i) {
|
||||
BIO_printf(bio_out, "%08lx\n",
|
||||
X509_NAME_hash_old(X509_CRL_get_issuer(x)));
|
||||
}
|
||||
#endif
|
||||
if (lastupdate == i) {
|
||||
BIO_printf(bio_out, "lastUpdate=");
|
||||
ASN1_TIME_print(bio_out, X509_CRL_get_lastUpdate(x));
|
||||
BIO_printf(bio_out, "\n");
|
||||
}
|
||||
if (nextupdate == i) {
|
||||
BIO_printf(bio_out, "nextUpdate=");
|
||||
if (X509_CRL_get_nextUpdate(x))
|
||||
ASN1_TIME_print(bio_out, X509_CRL_get_nextUpdate(x));
|
||||
else
|
||||
BIO_printf(bio_out, "NONE");
|
||||
BIO_printf(bio_out, "\n");
|
||||
}
|
||||
if (fingerprint == i) {
|
||||
int j;
|
||||
unsigned int n;
|
||||
unsigned char md[EVP_MAX_MD_SIZE];
|
||||
|
||||
if (!X509_CRL_digest(x, digest, md, &n)) {
|
||||
BIO_printf(bio_err, "out of memory\n");
|
||||
goto end;
|
||||
}
|
||||
BIO_printf(bio_out, "%s Fingerprint=",
|
||||
OBJ_nid2sn(EVP_MD_type(digest)));
|
||||
for (j = 0; j < (int)n; j++) {
|
||||
BIO_printf(bio_out, "%02X%c", md[j], (j + 1 == (int)n)
|
||||
? '\n' : ':');
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
out = BIO_new(BIO_s_file());
|
||||
if (out == NULL) {
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (outfile == NULL) {
|
||||
BIO_set_fp(out, stdout, BIO_NOCLOSE);
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
}
|
||||
#endif
|
||||
} else {
|
||||
if (BIO_write_filename(out, outfile) <= 0) {
|
||||
perror(outfile);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
if (text)
|
||||
X509_CRL_print(out, x);
|
||||
|
||||
if (noout) {
|
||||
ret = 0;
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (badsig)
|
||||
x->signature->data[x->signature->length - 1] ^= 0x1;
|
||||
|
||||
if (outformat == FORMAT_ASN1)
|
||||
i = (int)i2d_X509_CRL_bio(out, x);
|
||||
else if (outformat == FORMAT_PEM)
|
||||
i = PEM_write_bio_X509_CRL(out, x);
|
||||
else {
|
||||
BIO_printf(bio_err, "bad output format specified for outfile\n");
|
||||
goto end;
|
||||
}
|
||||
if (!i) {
|
||||
BIO_printf(bio_err, "unable to write CRL\n");
|
||||
goto end;
|
||||
}
|
||||
ret = 0;
|
||||
end:
|
||||
if (ret != 0)
|
||||
ERR_print_errors(bio_err);
|
||||
BIO_free_all(out);
|
||||
BIO_free_all(bio_out);
|
||||
bio_out = NULL;
|
||||
X509_CRL_free(x);
|
||||
if (store) {
|
||||
X509_STORE_CTX_cleanup(&ctx);
|
||||
X509_STORE_free(store);
|
||||
}
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
|
@ -0,0 +1,334 @@
|
|||
/* apps/crl2p7.c */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
|
||||
/*
|
||||
* This was written by Gordon Chaffee <chaffee@plateau.cs.berkeley.edu> and
|
||||
* donated 'to the cause' along with lots and lots of other fixes to the
|
||||
* library.
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <sys/types.h>
|
||||
#include "apps.h"
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/pkcs7.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/objects.h>
|
||||
|
||||
static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile);
|
||||
#undef PROG
|
||||
#define PROG crl2pkcs7_main
|
||||
|
||||
/*-
|
||||
* -inform arg - input format - default PEM (DER or PEM)
|
||||
* -outform arg - output format - default PEM
|
||||
* -in arg - input file - default stdin
|
||||
* -out arg - output file - default stdout
|
||||
*/
|
||||
|
||||
int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
int i, badops = 0;
|
||||
BIO *in = NULL, *out = NULL;
|
||||
int informat, outformat;
|
||||
char *infile, *outfile, *prog, *certfile;
|
||||
PKCS7 *p7 = NULL;
|
||||
PKCS7_SIGNED *p7s = NULL;
|
||||
X509_CRL *crl = NULL;
|
||||
STACK_OF(OPENSSL_STRING) *certflst = NULL;
|
||||
STACK_OF(X509_CRL) *crl_stack = NULL;
|
||||
STACK_OF(X509) *cert_stack = NULL;
|
||||
int ret = 1, nocrl = 0;
|
||||
|
||||
apps_startup();
|
||||
|
||||
if (bio_err == NULL)
|
||||
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
|
||||
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
|
||||
|
||||
infile = NULL;
|
||||
outfile = NULL;
|
||||
informat = FORMAT_PEM;
|
||||
outformat = FORMAT_PEM;
|
||||
|
||||
prog = argv[0];
|
||||
argc--;
|
||||
argv++;
|
||||
while (argc >= 1) {
|
||||
if (strcmp(*argv, "-inform") == 0) {
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
informat = str2fmt(*(++argv));
|
||||
} else if (strcmp(*argv, "-outform") == 0) {
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
outformat = str2fmt(*(++argv));
|
||||
} else if (strcmp(*argv, "-in") == 0) {
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
infile = *(++argv);
|
||||
} else if (strcmp(*argv, "-nocrl") == 0) {
|
||||
nocrl = 1;
|
||||
} else if (strcmp(*argv, "-out") == 0) {
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
outfile = *(++argv);
|
||||
} else if (strcmp(*argv, "-certfile") == 0) {
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
if (!certflst)
|
||||
certflst = sk_OPENSSL_STRING_new_null();
|
||||
if (!certflst)
|
||||
goto end;
|
||||
if (!sk_OPENSSL_STRING_push(certflst, *(++argv))) {
|
||||
sk_OPENSSL_STRING_free(certflst);
|
||||
goto end;
|
||||
}
|
||||
} else {
|
||||
BIO_printf(bio_err, "unknown option %s\n", *argv);
|
||||
badops = 1;
|
||||
break;
|
||||
}
|
||||
argc--;
|
||||
argv++;
|
||||
}
|
||||
|
||||
if (badops) {
|
||||
bad:
|
||||
BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
|
||||
BIO_printf(bio_err, "where options are\n");
|
||||
BIO_printf(bio_err, " -inform arg input format - DER or PEM\n");
|
||||
BIO_printf(bio_err, " -outform arg output format - DER or PEM\n");
|
||||
BIO_printf(bio_err, " -in arg input file\n");
|
||||
BIO_printf(bio_err, " -out arg output file\n");
|
||||
BIO_printf(bio_err,
|
||||
" -certfile arg certificates file of chain to a trusted CA\n");
|
||||
BIO_printf(bio_err, " (can be used more than once)\n");
|
||||
BIO_printf(bio_err,
|
||||
" -nocrl no crl to load, just certs from '-certfile'\n");
|
||||
ret = 1;
|
||||
goto end;
|
||||
}
|
||||
|
||||
ERR_load_crypto_strings();
|
||||
|
||||
in = BIO_new(BIO_s_file());
|
||||
out = BIO_new(BIO_s_file());
|
||||
if ((in == NULL) || (out == NULL)) {
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!nocrl) {
|
||||
if (infile == NULL)
|
||||
BIO_set_fp(in, stdin, BIO_NOCLOSE);
|
||||
else {
|
||||
if (BIO_read_filename(in, infile) <= 0) {
|
||||
perror(infile);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
if (informat == FORMAT_ASN1)
|
||||
crl = d2i_X509_CRL_bio(in, NULL);
|
||||
else if (informat == FORMAT_PEM)
|
||||
crl = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
|
||||
else {
|
||||
BIO_printf(bio_err, "bad input format specified for input crl\n");
|
||||
goto end;
|
||||
}
|
||||
if (crl == NULL) {
|
||||
BIO_printf(bio_err, "unable to load CRL\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
if ((p7 = PKCS7_new()) == NULL)
|
||||
goto end;
|
||||
if ((p7s = PKCS7_SIGNED_new()) == NULL)
|
||||
goto end;
|
||||
p7->type = OBJ_nid2obj(NID_pkcs7_signed);
|
||||
p7->d.sign = p7s;
|
||||
p7s->contents->type = OBJ_nid2obj(NID_pkcs7_data);
|
||||
|
||||
if (!ASN1_INTEGER_set(p7s->version, 1))
|
||||
goto end;
|
||||
if ((crl_stack = sk_X509_CRL_new_null()) == NULL)
|
||||
goto end;
|
||||
p7s->crl = crl_stack;
|
||||
if (crl != NULL) {
|
||||
sk_X509_CRL_push(crl_stack, crl);
|
||||
crl = NULL; /* now part of p7 for OPENSSL_freeing */
|
||||
}
|
||||
|
||||
if ((cert_stack = sk_X509_new_null()) == NULL)
|
||||
goto end;
|
||||
p7s->cert = cert_stack;
|
||||
|
||||
if (certflst)
|
||||
for (i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) {
|
||||
certfile = sk_OPENSSL_STRING_value(certflst, i);
|
||||
if (add_certs_from_file(cert_stack, certfile) < 0) {
|
||||
BIO_printf(bio_err, "error loading certificates\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
sk_OPENSSL_STRING_free(certflst);
|
||||
|
||||
if (outfile == NULL) {
|
||||
BIO_set_fp(out, stdout, BIO_NOCLOSE);
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
}
|
||||
#endif
|
||||
} else {
|
||||
if (BIO_write_filename(out, outfile) <= 0) {
|
||||
perror(outfile);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
if (outformat == FORMAT_ASN1)
|
||||
i = i2d_PKCS7_bio(out, p7);
|
||||
else if (outformat == FORMAT_PEM)
|
||||
i = PEM_write_bio_PKCS7(out, p7);
|
||||
else {
|
||||
BIO_printf(bio_err, "bad output format specified for outfile\n");
|
||||
goto end;
|
||||
}
|
||||
if (!i) {
|
||||
BIO_printf(bio_err, "unable to write pkcs7 object\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
ret = 0;
|
||||
end:
|
||||
if (in != NULL)
|
||||
BIO_free(in);
|
||||
if (out != NULL)
|
||||
BIO_free_all(out);
|
||||
if (p7 != NULL)
|
||||
PKCS7_free(p7);
|
||||
if (crl != NULL)
|
||||
X509_CRL_free(crl);
|
||||
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
||||
/*-
|
||||
*----------------------------------------------------------------------
|
||||
* int add_certs_from_file
|
||||
*
|
||||
* Read a list of certificates to be checked from a file.
|
||||
*
|
||||
* Results:
|
||||
* number of certs added if successful, -1 if not.
|
||||
*----------------------------------------------------------------------
|
||||
*/
|
||||
static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
|
||||
{
|
||||
BIO *in = NULL;
|
||||
int count = 0;
|
||||
int ret = -1;
|
||||
STACK_OF(X509_INFO) *sk = NULL;
|
||||
X509_INFO *xi;
|
||||
|
||||
in = BIO_new(BIO_s_file());
|
||||
if ((in == NULL) || (BIO_read_filename(in, certfile) <= 0)) {
|
||||
BIO_printf(bio_err, "error opening the file, %s\n", certfile);
|
||||
goto end;
|
||||
}
|
||||
|
||||
/* This loads from a file, a stack of x509/crl/pkey sets */
|
||||
sk = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
|
||||
if (sk == NULL) {
|
||||
BIO_printf(bio_err, "error reading the file, %s\n", certfile);
|
||||
goto end;
|
||||
}
|
||||
|
||||
/* scan over it and pull out the CRL's */
|
||||
while (sk_X509_INFO_num(sk)) {
|
||||
xi = sk_X509_INFO_shift(sk);
|
||||
if (xi->x509 != NULL) {
|
||||
sk_X509_push(stack, xi->x509);
|
||||
xi->x509 = NULL;
|
||||
count++;
|
||||
}
|
||||
X509_INFO_free(xi);
|
||||
}
|
||||
|
||||
ret = count;
|
||||
end:
|
||||
/* never need to OPENSSL_free x */
|
||||
if (in != NULL)
|
||||
BIO_free(in);
|
||||
if (sk != NULL)
|
||||
sk_X509_INFO_free(sk);
|
||||
return (ret);
|
||||
}
|
|
@ -0,0 +1,14 @@
|
|||
subject=/C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
|
||||
issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
|
||||
-----BEGIN X509 CERTIFICATE-----
|
||||
|
||||
MIIBgjCCASwCAQQwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV
|
||||
BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MTAwOTIz
|
||||
MzIwNVoXDTk4MDcwNTIzMzIwNVowYDELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM
|
||||
RDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRkLjELMAkGA1UECxMCQ1MxGzAZBgNV
|
||||
BAMTElNTTGVheSBkZW1vIHNlcnZlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC3
|
||||
LCXcScWua0PFLkHBLm2VejqpA1F4RQ8q0VjRiPafjx/Z/aWH3ipdMVvuJGa/wFXb
|
||||
/nDFLDlfWp+oCPwhBtVPAgMBAAEwDQYJKoZIhvcNAQEEBQADQQArNFsihWIjBzb0
|
||||
DCsU0BvL2bvSwJrPEqFlkDq3F4M6EGutL9axEcANWgbbEdAvNJD1dmEmoWny27Pn
|
||||
IMs6ZOZB
|
||||
-----END X509 CERTIFICATE-----
|
|
@ -0,0 +1,39 @@
|
|||
R 980705233205Z 951009233205Z 01 certs/00000001 /CN=Eric Young
|
||||
E 951009233205Z 02 certs/00000002 /CN=Duncan Young
|
||||
R 980705233205Z 951201010000Z 03 certs/00000003 /CN=Tim Hudson
|
||||
V 980705233205Z 04 certs/00000004 /CN=Eric Young4
|
||||
V 980705233205Z 05 certs/00000004 /CN=Eric Young5
|
||||
V 980705233205Z 06 certs/00000004 /CN=Eric Young6
|
||||
V 980705233205Z 07 certs/00000004 /CN=Eric Young7
|
||||
V 980705233205Z 08 certs/00000004 /CN=Eric Young8
|
||||
V 980705233205Z 09 certs/00000004 /CN=Eric Young9
|
||||
V 980705233205Z 0A certs/00000004 /CN=Eric YoungA
|
||||
V 980705233205Z 0B certs/00000004 /CN=Eric YoungB
|
||||
V 980705233205Z 0C certs/00000004 /CN=Eric YoungC
|
||||
V 980705233205Z 0D certs/00000004 /CN=Eric YoungD
|
||||
V 980705233205Z 0E certs/00000004 /CN=Eric YoungE
|
||||
V 980705233205Z 0F certs/00000004 /CN=Eric YoungF
|
||||
V 980705233205Z 10 certs/00000004 /CN=Eric Young10
|
||||
V 980705233205Z 11 certs/00000004 /CN=Eric Young11
|
||||
V 980705233205Z 12 certs/00000004 /CN=Eric Young12
|
||||
V 980705233205Z 13 certs/00000004 /CN=Eric Young13
|
||||
V 980705233205Z 14 certs/00000004 /CN=Eric Young14
|
||||
V 980705233205Z 15 certs/00000004 /CN=Eric Young15
|
||||
V 980705233205Z 16 certs/00000004 /CN=Eric Young16
|
||||
V 980705233205Z 17 certs/00000004 /CN=Eric Young17
|
||||
V 961206150305Z 010C unknown /C=AU/SP=QLD/O=Mincom Pty. Ltd./OU=MTR/CN=Eric Young/Email=eay@mincom.oz.au
|
||||
V 961206153245Z 010D unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=Eric Young/Email=eay@mincom.oz.au
|
||||
V 970322074816Z 010E unknown /CN=Eric Young/Email=eay@mincom.oz.au
|
||||
V 970322075152Z 010F unknown /CN=Eric Young
|
||||
V 970322075906Z 0110 unknown /CN=Eric Youngg
|
||||
V 970324092238Z 0111 unknown /C=AU/SP=Queensland/CN=Eric Young
|
||||
V 970324221931Z 0112 unknown /CN=Fred
|
||||
V 970324224934Z 0113 unknown /C=AU/CN=eay
|
||||
V 971001005237Z 0114 unknown /C=AU/SP=QLD/O=Mincom Pty Ltd/OU=MTR/CN=x509v3 test
|
||||
V 971001010331Z 0115 unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test again - x509v3
|
||||
V 971001013945Z 0117 unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=x509v3 test
|
||||
V 971014225415Z 0118 unknown /C=AU/SP=Queensland/CN=test
|
||||
V 971015004448Z 0119 unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test2
|
||||
V 971016035001Z 011A unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test64
|
||||
V 971016080129Z 011B unknown /C=FR/O=ALCATEL/OU=Alcatel Mobile Phones/CN=bourque/Email=bourque@art.alcatel.fr
|
||||
V 971016224000Z 011D unknown /L=Bedford/O=Cranfield University/OU=Computer Centre/CN=Peter R Lister/Email=P.Lister@cranfield.ac.uk
|
|
@ -0,0 +1,24 @@
|
|||
issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
|
||||
subject=/C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
|
||||
-----BEGIN X509 CERTIFICATE-----
|
||||
|
||||
MIIBgjCCASwCAQQwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV
|
||||
BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MTAwOTIz
|
||||
MzIwNVoXDTk4MDcwNTIzMzIwNVowYDELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM
|
||||
RDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRkLjELMAkGA1UECxMCQ1MxGzAZBgNV
|
||||
BAMTElNTTGVheSBkZW1vIHNlcnZlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC3
|
||||
LCXcScWua0PFLkHBLm2VejqpA1F4RQ8q0VjRiPafjx/Z/aWH3ipdMVvuJGa/wFXb
|
||||
/nDFLDlfWp+oCPwhBtVPAgMBAAEwDQYJKoZIhvcNAQEEBQADQQArNFsihWIjBzb0
|
||||
DCsU0BvL2bvSwJrPEqFlkDq3F4M6EGutL9axEcANWgbbEdAvNJD1dmEmoWny27Pn
|
||||
IMs6ZOZB
|
||||
-----END X509 CERTIFICATE-----
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
|
||||
MIIBPAIBAAJBALcsJdxJxa5rQ8UuQcEubZV6OqkDUXhFDyrRWNGI9p+PH9n9pYfe
|
||||
Kl0xW+4kZr/AVdv+cMUsOV9an6gI/CEG1U8CAwEAAQJAXJMBZ34ZXHd1vtgL/3hZ
|
||||
hexKbVTx/djZO4imXO/dxPGRzG2ylYZpHmG32/T1kaHpZlCHoEPgHoSzmxYXfxjG
|
||||
sQIhAPmZ/bQOjmRUHM/VM2X5zrjjM6z18R1P6l3ObFwt9FGdAiEAu943Yh9SqMRw
|
||||
tL0xHGxKmM/YJueUw1gB6sLkETN71NsCIQCeT3RhoqXfrpXDoEcEU+gwzjI1bpxq
|
||||
agiNTOLfqGoA5QIhAIQFYjgzONxex7FLrsKBm16N2SFl5pXsN9SpRqqL2n63AiEA
|
||||
g9VNIQ3xwpw7og3IbONifeku+J9qGMGQJMKwSTwrFtI=
|
||||
-----END RSA PRIVATE KEY-----
|
|
@ -0,0 +1 @@
|
|||
011E
|
|
@ -0,0 +1,6 @@
|
|||
# This is a file that will be filled by the openssl srp routine.
|
||||
# You can initialize the file with additional groups, these are
|
||||
# records starting with a I followed by the g and N values and the id.
|
||||
# The exact values ... you have to dig this out from the source of srp.c
|
||||
# or srp_vfy.c
|
||||
# The last value of an I is used as the default group for new users.
|
|
@ -0,0 +1 @@
|
|||
unique_subject = yes
|
|
@ -0,0 +1,620 @@
|
|||
/* apps/dgst.c */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <stdlib.h>
|
||||
#include "apps.h"
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/objects.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/hmac.h>
|
||||
|
||||
#undef BUFSIZE
|
||||
#define BUFSIZE 1024*8
|
||||
|
||||
#undef PROG
|
||||
#define PROG dgst_main
|
||||
|
||||
int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
|
||||
EVP_PKEY *key, unsigned char *sigin, int siglen,
|
||||
const char *sig_name, const char *md_name,
|
||||
const char *file, BIO *bmd);
|
||||
|
||||
static void list_md_fn(const EVP_MD *m,
|
||||
const char *from, const char *to, void *arg)
|
||||
{
|
||||
const char *mname;
|
||||
/* Skip aliases */
|
||||
if (!m)
|
||||
return;
|
||||
mname = OBJ_nid2ln(EVP_MD_type(m));
|
||||
/* Skip shortnames */
|
||||
if (strcmp(from, mname))
|
||||
return;
|
||||
/* Skip clones */
|
||||
if (EVP_MD_flags(m) & EVP_MD_FLAG_PKEY_DIGEST)
|
||||
return;
|
||||
if (strchr(mname, ' '))
|
||||
mname = EVP_MD_name(m);
|
||||
BIO_printf(arg, "-%-14s to use the %s message digest algorithm\n",
|
||||
mname, mname);
|
||||
}
|
||||
|
||||
int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
ENGINE *e = NULL, *impl = NULL;
|
||||
unsigned char *buf = NULL;
|
||||
int i, err = 1;
|
||||
const EVP_MD *md = NULL, *m;
|
||||
BIO *in = NULL, *inp;
|
||||
BIO *bmd = NULL;
|
||||
BIO *out = NULL;
|
||||
#define PROG_NAME_SIZE 39
|
||||
char pname[PROG_NAME_SIZE + 1];
|
||||
int separator = 0;
|
||||
int debug = 0;
|
||||
int keyform = FORMAT_PEM;
|
||||
const char *outfile = NULL, *keyfile = NULL;
|
||||
const char *sigfile = NULL, *randfile = NULL;
|
||||
int out_bin = -1, want_pub = 0, do_verify = 0;
|
||||
EVP_PKEY *sigkey = NULL;
|
||||
unsigned char *sigbuf = NULL;
|
||||
int siglen = 0;
|
||||
char *passargin = NULL, *passin = NULL;
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
char *engine = NULL;
|
||||
int engine_impl = 0;
|
||||
#endif
|
||||
char *hmac_key = NULL;
|
||||
char *mac_name = NULL;
|
||||
int non_fips_allow = 0;
|
||||
STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL;
|
||||
|
||||
apps_startup();
|
||||
|
||||
if ((buf = (unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL) {
|
||||
BIO_printf(bio_err, "out of memory\n");
|
||||
goto end;
|
||||
}
|
||||
if (bio_err == NULL)
|
||||
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
|
||||
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
/* first check the program name */
|
||||
program_name(argv[0], pname, sizeof(pname));
|
||||
|
||||
md = EVP_get_digestbyname(pname);
|
||||
|
||||
argc--;
|
||||
argv++;
|
||||
while (argc > 0) {
|
||||
if ((*argv)[0] != '-')
|
||||
break;
|
||||
if (strcmp(*argv, "-c") == 0)
|
||||
separator = 1;
|
||||
else if (strcmp(*argv, "-r") == 0)
|
||||
separator = 2;
|
||||
else if (strcmp(*argv, "-rand") == 0) {
|
||||
if (--argc < 1)
|
||||
break;
|
||||
randfile = *(++argv);
|
||||
} else if (strcmp(*argv, "-out") == 0) {
|
||||
if (--argc < 1)
|
||||
break;
|
||||
outfile = *(++argv);
|
||||
} else if (strcmp(*argv, "-sign") == 0) {
|
||||
if (--argc < 1)
|
||||
break;
|
||||
keyfile = *(++argv);
|
||||
} else if (!strcmp(*argv, "-passin")) {
|
||||
if (--argc < 1)
|
||||
break;
|
||||
passargin = *++argv;
|
||||
} else if (strcmp(*argv, "-verify") == 0) {
|
||||
if (--argc < 1)
|
||||
break;
|
||||
keyfile = *(++argv);
|
||||
want_pub = 1;
|
||||
do_verify = 1;
|
||||
} else if (strcmp(*argv, "-prverify") == 0) {
|
||||
if (--argc < 1)
|
||||
break;
|
||||
keyfile = *(++argv);
|
||||
do_verify = 1;
|
||||
} else if (strcmp(*argv, "-signature") == 0) {
|
||||
if (--argc < 1)
|
||||
break;
|
||||
sigfile = *(++argv);
|
||||
} else if (strcmp(*argv, "-keyform") == 0) {
|
||||
if (--argc < 1)
|
||||
break;
|
||||
keyform = str2fmt(*(++argv));
|
||||
}
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
else if (strcmp(*argv, "-engine") == 0) {
|
||||
if (--argc < 1)
|
||||
break;
|
||||
engine = *(++argv);
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
} else if (strcmp(*argv, "-engine_impl") == 0)
|
||||
engine_impl = 1;
|
||||
#endif
|
||||
else if (strcmp(*argv, "-hex") == 0)
|
||||
out_bin = 0;
|
||||
else if (strcmp(*argv, "-binary") == 0)
|
||||
out_bin = 1;
|
||||
else if (strcmp(*argv, "-d") == 0)
|
||||
debug = 1;
|
||||
else if (!strcmp(*argv, "-fips-fingerprint"))
|
||||
hmac_key = "etaonrishdlcupfm";
|
||||
else if (strcmp(*argv, "-non-fips-allow") == 0)
|
||||
non_fips_allow = 1;
|
||||
else if (!strcmp(*argv, "-hmac")) {
|
||||
if (--argc < 1)
|
||||
break;
|
||||
hmac_key = *++argv;
|
||||
} else if (!strcmp(*argv, "-mac")) {
|
||||
if (--argc < 1)
|
||||
break;
|
||||
mac_name = *++argv;
|
||||
} else if (strcmp(*argv, "-sigopt") == 0) {
|
||||
if (--argc < 1)
|
||||
break;
|
||||
if (!sigopts)
|
||||
sigopts = sk_OPENSSL_STRING_new_null();
|
||||
if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv)))
|
||||
break;
|
||||
} else if (strcmp(*argv, "-macopt") == 0) {
|
||||
if (--argc < 1)
|
||||
break;
|
||||
if (!macopts)
|
||||
macopts = sk_OPENSSL_STRING_new_null();
|
||||
if (!macopts || !sk_OPENSSL_STRING_push(macopts, *(++argv)))
|
||||
break;
|
||||
} else if ((m = EVP_get_digestbyname(&((*argv)[1]))) != NULL)
|
||||
md = m;
|
||||
else
|
||||
break;
|
||||
argc--;
|
||||
argv++;
|
||||
}
|
||||
|
||||
if (keyfile != NULL && argc > 1) {
|
||||
BIO_printf(bio_err, "Can only sign or verify one file\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (do_verify && !sigfile) {
|
||||
BIO_printf(bio_err,
|
||||
"No signature to verify: use the -signature option\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
if ((argc > 0) && (argv[0][0] == '-')) { /* bad option */
|
||||
BIO_printf(bio_err, "unknown option '%s'\n", *argv);
|
||||
BIO_printf(bio_err, "options are\n");
|
||||
BIO_printf(bio_err,
|
||||
"-c to output the digest with separating colons\n");
|
||||
BIO_printf(bio_err,
|
||||
"-r to output the digest in coreutils format\n");
|
||||
BIO_printf(bio_err, "-d to output debug info\n");
|
||||
BIO_printf(bio_err, "-hex output as hex dump\n");
|
||||
BIO_printf(bio_err, "-binary output in binary form\n");
|
||||
BIO_printf(bio_err, "-hmac arg set the HMAC key to arg\n");
|
||||
BIO_printf(bio_err, "-non-fips-allow allow use of non FIPS digest\n");
|
||||
BIO_printf(bio_err,
|
||||
"-sign file sign digest using private key in file\n");
|
||||
BIO_printf(bio_err,
|
||||
"-verify file verify a signature using public key in file\n");
|
||||
BIO_printf(bio_err,
|
||||
"-prverify file verify a signature using private key in file\n");
|
||||
BIO_printf(bio_err,
|
||||
"-keyform arg key file format (PEM or ENGINE)\n");
|
||||
BIO_printf(bio_err,
|
||||
"-out filename output to filename rather than stdout\n");
|
||||
BIO_printf(bio_err, "-signature file signature to verify\n");
|
||||
BIO_printf(bio_err, "-sigopt nm:v signature parameter\n");
|
||||
BIO_printf(bio_err, "-hmac key create hashed MAC with key\n");
|
||||
BIO_printf(bio_err,
|
||||
"-mac algorithm create MAC (not neccessarily HMAC)\n");
|
||||
BIO_printf(bio_err,
|
||||
"-macopt nm:v MAC algorithm parameters or key\n");
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
BIO_printf(bio_err,
|
||||
"-engine e use engine e, possibly a hardware device.\n");
|
||||
#endif
|
||||
|
||||
EVP_MD_do_all_sorted(list_md_fn, bio_err);
|
||||
goto end;
|
||||
}
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
if (engine_impl)
|
||||
impl = e;
|
||||
#endif
|
||||
|
||||
in = BIO_new(BIO_s_file());
|
||||
bmd = BIO_new(BIO_f_md());
|
||||
if ((in == NULL) || (bmd == NULL)) {
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (debug) {
|
||||
BIO_set_callback(in, BIO_debug_callback);
|
||||
/* needed for windows 3.1 */
|
||||
BIO_set_callback_arg(in, (char *)bio_err);
|
||||
}
|
||||
|
||||
if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
|
||||
BIO_printf(bio_err, "Error getting password\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (out_bin == -1) {
|
||||
if (keyfile)
|
||||
out_bin = 1;
|
||||
else
|
||||
out_bin = 0;
|
||||
}
|
||||
|
||||
if (randfile)
|
||||
app_RAND_load_file(randfile, bio_err, 0);
|
||||
|
||||
if (outfile) {
|
||||
if (out_bin)
|
||||
out = BIO_new_file(outfile, "wb");
|
||||
else
|
||||
out = BIO_new_file(outfile, "w");
|
||||
} else {
|
||||
out = BIO_new_fp(stdout, BIO_NOCLOSE);
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
if (!out) {
|
||||
BIO_printf(bio_err, "Error opening output file %s\n",
|
||||
outfile ? outfile : "(stdout)");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
if ((! !mac_name + ! !keyfile + ! !hmac_key) > 1) {
|
||||
BIO_printf(bio_err, "MAC and Signing key cannot both be specified\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (keyfile) {
|
||||
if (want_pub)
|
||||
sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL,
|
||||
e, "key file");
|
||||
else
|
||||
sigkey = load_key(bio_err, keyfile, keyform, 0, passin,
|
||||
e, "key file");
|
||||
if (!sigkey) {
|
||||
/*
|
||||
* load_[pub]key() has already printed an appropriate message
|
||||
*/
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
if (mac_name) {
|
||||
EVP_PKEY_CTX *mac_ctx = NULL;
|
||||
int r = 0;
|
||||
if (!init_gen_str(bio_err, &mac_ctx, mac_name, impl, 0))
|
||||
goto mac_end;
|
||||
if (macopts) {
|
||||
char *macopt;
|
||||
for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++) {
|
||||
macopt = sk_OPENSSL_STRING_value(macopts, i);
|
||||
if (pkey_ctrl_string(mac_ctx, macopt) <= 0) {
|
||||
BIO_printf(bio_err,
|
||||
"MAC parameter error \"%s\"\n", macopt);
|
||||
ERR_print_errors(bio_err);
|
||||
goto mac_end;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (EVP_PKEY_keygen(mac_ctx, &sigkey) <= 0) {
|
||||
BIO_puts(bio_err, "Error generating key\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto mac_end;
|
||||
}
|
||||
r = 1;
|
||||
mac_end:
|
||||
if (mac_ctx)
|
||||
EVP_PKEY_CTX_free(mac_ctx);
|
||||
if (r == 0)
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (non_fips_allow) {
|
||||
EVP_MD_CTX *md_ctx;
|
||||
BIO_get_md_ctx(bmd, &md_ctx);
|
||||
EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
|
||||
}
|
||||
|
||||
if (hmac_key) {
|
||||
sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, impl,
|
||||
(unsigned char *)hmac_key, -1);
|
||||
if (!sigkey)
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (sigkey) {
|
||||
EVP_MD_CTX *mctx = NULL;
|
||||
EVP_PKEY_CTX *pctx = NULL;
|
||||
int r;
|
||||
if (!BIO_get_md_ctx(bmd, &mctx)) {
|
||||
BIO_printf(bio_err, "Error getting context\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
if (do_verify)
|
||||
r = EVP_DigestVerifyInit(mctx, &pctx, md, impl, sigkey);
|
||||
else
|
||||
r = EVP_DigestSignInit(mctx, &pctx, md, impl, sigkey);
|
||||
if (!r) {
|
||||
BIO_printf(bio_err, "Error setting context\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
if (sigopts) {
|
||||
char *sigopt;
|
||||
for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) {
|
||||
sigopt = sk_OPENSSL_STRING_value(sigopts, i);
|
||||
if (pkey_ctrl_string(pctx, sigopt) <= 0) {
|
||||
BIO_printf(bio_err, "parameter error \"%s\"\n", sigopt);
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
/* we use md as a filter, reading from 'in' */
|
||||
else {
|
||||
EVP_MD_CTX *mctx = NULL;
|
||||
if (!BIO_get_md_ctx(bmd, &mctx)) {
|
||||
BIO_printf(bio_err, "Error getting context\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
if (md == NULL)
|
||||
md = EVP_md5();
|
||||
if (!EVP_DigestInit_ex(mctx, md, impl)) {
|
||||
BIO_printf(bio_err, "Error setting digest %s\n", pname);
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
if (sigfile && sigkey) {
|
||||
BIO *sigbio;
|
||||
sigbio = BIO_new_file(sigfile, "rb");
|
||||
siglen = EVP_PKEY_size(sigkey);
|
||||
sigbuf = OPENSSL_malloc(siglen);
|
||||
if (!sigbio) {
|
||||
BIO_printf(bio_err, "Error opening signature file %s\n", sigfile);
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
if (!sigbuf) {
|
||||
BIO_printf(bio_err, "Out of memory\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
siglen = BIO_read(sigbio, sigbuf, siglen);
|
||||
BIO_free(sigbio);
|
||||
if (siglen <= 0) {
|
||||
BIO_printf(bio_err, "Error reading signature file %s\n", sigfile);
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
inp = BIO_push(bmd, in);
|
||||
|
||||
if (md == NULL) {
|
||||
EVP_MD_CTX *tctx;
|
||||
BIO_get_md_ctx(bmd, &tctx);
|
||||
md = EVP_MD_CTX_md(tctx);
|
||||
}
|
||||
|
||||
if (argc == 0) {
|
||||
BIO_set_fp(in, stdin, BIO_NOCLOSE);
|
||||
err = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf,
|
||||
siglen, NULL, NULL, "stdin", bmd);
|
||||
} else {
|
||||
const char *md_name = NULL, *sig_name = NULL;
|
||||
if (!out_bin) {
|
||||
if (sigkey) {
|
||||
const EVP_PKEY_ASN1_METHOD *ameth;
|
||||
ameth = EVP_PKEY_get0_asn1(sigkey);
|
||||
if (ameth)
|
||||
EVP_PKEY_asn1_get0_info(NULL, NULL,
|
||||
NULL, NULL, &sig_name, ameth);
|
||||
}
|
||||
if (md)
|
||||
md_name = EVP_MD_name(md);
|
||||
}
|
||||
err = 0;
|
||||
for (i = 0; i < argc; i++) {
|
||||
int r;
|
||||
if (BIO_read_filename(in, argv[i]) <= 0) {
|
||||
perror(argv[i]);
|
||||
err++;
|
||||
continue;
|
||||
} else
|
||||
r = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf,
|
||||
siglen, sig_name, md_name, argv[i], bmd);
|
||||
if (r)
|
||||
err = r;
|
||||
(void)BIO_reset(bmd);
|
||||
}
|
||||
}
|
||||
end:
|
||||
if (buf != NULL) {
|
||||
OPENSSL_cleanse(buf, BUFSIZE);
|
||||
OPENSSL_free(buf);
|
||||
}
|
||||
if (in != NULL)
|
||||
BIO_free(in);
|
||||
if (passin)
|
||||
OPENSSL_free(passin);
|
||||
BIO_free_all(out);
|
||||
EVP_PKEY_free(sigkey);
|
||||
if (sigopts)
|
||||
sk_OPENSSL_STRING_free(sigopts);
|
||||
if (macopts)
|
||||
sk_OPENSSL_STRING_free(macopts);
|
||||
if (sigbuf)
|
||||
OPENSSL_free(sigbuf);
|
||||
if (bmd != NULL)
|
||||
BIO_free(bmd);
|
||||
release_engine(e);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(err);
|
||||
}
|
||||
|
||||
int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
|
||||
EVP_PKEY *key, unsigned char *sigin, int siglen,
|
||||
const char *sig_name, const char *md_name,
|
||||
const char *file, BIO *bmd)
|
||||
{
|
||||
size_t len;
|
||||
int i;
|
||||
|
||||
for (;;) {
|
||||
i = BIO_read(bp, (char *)buf, BUFSIZE);
|
||||
if (i < 0) {
|
||||
BIO_printf(bio_err, "Read Error in %s\n", file);
|
||||
ERR_print_errors(bio_err);
|
||||
return 1;
|
||||
}
|
||||
if (i == 0)
|
||||
break;
|
||||
}
|
||||
if (sigin) {
|
||||
EVP_MD_CTX *ctx;
|
||||
BIO_get_md_ctx(bp, &ctx);
|
||||
i = EVP_DigestVerifyFinal(ctx, sigin, (unsigned int)siglen);
|
||||
if (i > 0)
|
||||
BIO_printf(out, "Verified OK\n");
|
||||
else if (i == 0) {
|
||||
BIO_printf(out, "Verification Failure\n");
|
||||
return 1;
|
||||
} else {
|
||||
BIO_printf(bio_err, "Error Verifying Data\n");
|
||||
ERR_print_errors(bio_err);
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
if (key) {
|
||||
EVP_MD_CTX *ctx;
|
||||
BIO_get_md_ctx(bp, &ctx);
|
||||
len = BUFSIZE;
|
||||
if (!EVP_DigestSignFinal(ctx, buf, &len)) {
|
||||
BIO_printf(bio_err, "Error Signing Data\n");
|
||||
ERR_print_errors(bio_err);
|
||||
return 1;
|
||||
}
|
||||
} else {
|
||||
len = BIO_gets(bp, (char *)buf, BUFSIZE);
|
||||
if ((int)len < 0) {
|
||||
ERR_print_errors(bio_err);
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
|
||||
if (binout)
|
||||
BIO_write(out, buf, len);
|
||||
else if (sep == 2) {
|
||||
for (i = 0; i < (int)len; i++)
|
||||
BIO_printf(out, "%02x", buf[i]);
|
||||
BIO_printf(out, " *%s\n", file);
|
||||
} else {
|
||||
if (sig_name) {
|
||||
BIO_puts(out, sig_name);
|
||||
if (md_name)
|
||||
BIO_printf(out, "-%s", md_name);
|
||||
BIO_printf(out, "(%s)= ", file);
|
||||
} else if (md_name)
|
||||
BIO_printf(out, "%s(%s)= ", md_name, file);
|
||||
else
|
||||
BIO_printf(out, "(%s)= ", file);
|
||||
for (i = 0; i < (int)len; i++) {
|
||||
if (sep && (i != 0))
|
||||
BIO_printf(out, ":");
|
||||
BIO_printf(out, "%02x", buf[i]);
|
||||
}
|
||||
BIO_printf(out, "\n");
|
||||
}
|
||||
return 0;
|
||||
}
|
|
@ -0,0 +1,331 @@
|
|||
/* apps/dh.c */
|
||||
/* obsoleted by dhparam.c */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
|
||||
#include <openssl/opensslconf.h> /* for OPENSSL_NO_DH */
|
||||
#ifndef OPENSSL_NO_DH
|
||||
# include <stdio.h>
|
||||
# include <stdlib.h>
|
||||
# include <time.h>
|
||||
# include <string.h>
|
||||
# include "apps.h"
|
||||
# include <openssl/bio.h>
|
||||
# include <openssl/err.h>
|
||||
# include <openssl/bn.h>
|
||||
# include <openssl/dh.h>
|
||||
# include <openssl/x509.h>
|
||||
# include <openssl/pem.h>
|
||||
|
||||
# undef PROG
|
||||
# define PROG dh_main
|
||||
|
||||
/*-
|
||||
* -inform arg - input format - default PEM (DER or PEM)
|
||||
* -outform arg - output format - default PEM
|
||||
* -in arg - input file - default stdin
|
||||
* -out arg - output file - default stdout
|
||||
* -check - check the parameters are ok
|
||||
* -noout
|
||||
* -text
|
||||
* -C
|
||||
*/
|
||||
|
||||
int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
DH *dh = NULL;
|
||||
int i, badops = 0, text = 0;
|
||||
BIO *in = NULL, *out = NULL;
|
||||
int informat, outformat, check = 0, noout = 0, C = 0, ret = 1;
|
||||
char *infile, *outfile, *prog;
|
||||
char *engine;
|
||||
|
||||
apps_startup();
|
||||
|
||||
if (bio_err == NULL)
|
||||
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
|
||||
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
engine = NULL;
|
||||
infile = NULL;
|
||||
outfile = NULL;
|
||||
informat = FORMAT_PEM;
|
||||
outformat = FORMAT_PEM;
|
||||
|
||||
prog = argv[0];
|
||||
argc--;
|
||||
argv++;
|
||||
while (argc >= 1) {
|
||||
if (strcmp(*argv, "-inform") == 0) {
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
informat = str2fmt(*(++argv));
|
||||
} else if (strcmp(*argv, "-outform") == 0) {
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
outformat = str2fmt(*(++argv));
|
||||
} else if (strcmp(*argv, "-in") == 0) {
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
infile = *(++argv);
|
||||
} else if (strcmp(*argv, "-out") == 0) {
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
outfile = *(++argv);
|
||||
}
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
else if (strcmp(*argv, "-engine") == 0) {
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
engine = *(++argv);
|
||||
}
|
||||
# endif
|
||||
else if (strcmp(*argv, "-check") == 0)
|
||||
check = 1;
|
||||
else if (strcmp(*argv, "-text") == 0)
|
||||
text = 1;
|
||||
else if (strcmp(*argv, "-C") == 0)
|
||||
C = 1;
|
||||
else if (strcmp(*argv, "-noout") == 0)
|
||||
noout = 1;
|
||||
else {
|
||||
BIO_printf(bio_err, "unknown option %s\n", *argv);
|
||||
badops = 1;
|
||||
break;
|
||||
}
|
||||
argc--;
|
||||
argv++;
|
||||
}
|
||||
|
||||
if (badops) {
|
||||
bad:
|
||||
BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
|
||||
BIO_printf(bio_err, "where options are\n");
|
||||
BIO_printf(bio_err, " -inform arg input format - one of DER PEM\n");
|
||||
BIO_printf(bio_err,
|
||||
" -outform arg output format - one of DER PEM\n");
|
||||
BIO_printf(bio_err, " -in arg input file\n");
|
||||
BIO_printf(bio_err, " -out arg output file\n");
|
||||
BIO_printf(bio_err, " -check check the DH parameters\n");
|
||||
BIO_printf(bio_err,
|
||||
" -text print a text form of the DH parameters\n");
|
||||
BIO_printf(bio_err, " -C Output C code\n");
|
||||
BIO_printf(bio_err, " -noout no output\n");
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
BIO_printf(bio_err,
|
||||
" -engine e use engine e, possibly a hardware device.\n");
|
||||
# endif
|
||||
goto end;
|
||||
}
|
||||
|
||||
ERR_load_crypto_strings();
|
||||
|
||||
setup_engine(bio_err, engine, 0);
|
||||
|
||||
in = BIO_new(BIO_s_file());
|
||||
out = BIO_new(BIO_s_file());
|
||||
if ((in == NULL) || (out == NULL)) {
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (infile == NULL)
|
||||
BIO_set_fp(in, stdin, BIO_NOCLOSE);
|
||||
else {
|
||||
if (BIO_read_filename(in, infile) <= 0) {
|
||||
perror(infile);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
if (outfile == NULL) {
|
||||
BIO_set_fp(out, stdout, BIO_NOCLOSE);
|
||||
# ifdef OPENSSL_SYS_VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
}
|
||||
# endif
|
||||
} else {
|
||||
if (BIO_write_filename(out, outfile) <= 0) {
|
||||
perror(outfile);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
if (informat == FORMAT_ASN1)
|
||||
dh = d2i_DHparams_bio(in, NULL);
|
||||
else if (informat == FORMAT_PEM)
|
||||
dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
|
||||
else {
|
||||
BIO_printf(bio_err, "bad input format specified\n");
|
||||
goto end;
|
||||
}
|
||||
if (dh == NULL) {
|
||||
BIO_printf(bio_err, "unable to load DH parameters\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (text) {
|
||||
DHparams_print(out, dh);
|
||||
# ifdef undef
|
||||
printf("p=");
|
||||
BN_print(stdout, dh->p);
|
||||
printf("\ng=");
|
||||
BN_print(stdout, dh->g);
|
||||
printf("\n");
|
||||
if (dh->length != 0)
|
||||
printf("recommended private length=%ld\n", dh->length);
|
||||
# endif
|
||||
}
|
||||
|
||||
if (check) {
|
||||
if (!DH_check(dh, &i)) {
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
if (i & DH_CHECK_P_NOT_PRIME)
|
||||
printf("p value is not prime\n");
|
||||
if (i & DH_CHECK_P_NOT_SAFE_PRIME)
|
||||
printf("p value is not a safe prime\n");
|
||||
if (i & DH_UNABLE_TO_CHECK_GENERATOR)
|
||||
printf("unable to check the generator value\n");
|
||||
if (i & DH_NOT_SUITABLE_GENERATOR)
|
||||
printf("the g value is not a generator\n");
|
||||
if (i == 0)
|
||||
printf("DH parameters appear to be ok.\n");
|
||||
}
|
||||
if (C) {
|
||||
unsigned char *data;
|
||||
int len, l, bits;
|
||||
|
||||
len = BN_num_bytes(dh->p);
|
||||
bits = BN_num_bits(dh->p);
|
||||
data = (unsigned char *)OPENSSL_malloc(len);
|
||||
if (data == NULL) {
|
||||
perror("OPENSSL_malloc");
|
||||
goto end;
|
||||
}
|
||||
l = BN_bn2bin(dh->p, data);
|
||||
printf("static unsigned char dh%d_p[]={", bits);
|
||||
for (i = 0; i < l; i++) {
|
||||
if ((i % 12) == 0)
|
||||
printf("\n\t");
|
||||
printf("0x%02X,", data[i]);
|
||||
}
|
||||
printf("\n\t};\n");
|
||||
|
||||
l = BN_bn2bin(dh->g, data);
|
||||
printf("static unsigned char dh%d_g[]={", bits);
|
||||
for (i = 0; i < l; i++) {
|
||||
if ((i % 12) == 0)
|
||||
printf("\n\t");
|
||||
printf("0x%02X,", data[i]);
|
||||
}
|
||||
printf("\n\t};\n\n");
|
||||
|
||||
printf("DH *get_dh%d()\n\t{\n", bits);
|
||||
printf("\tDH *dh;\n\n");
|
||||
printf("\tif ((dh=DH_new()) == NULL) return(NULL);\n");
|
||||
printf("\tdh->p=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);\n",
|
||||
bits, bits);
|
||||
printf("\tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);\n",
|
||||
bits, bits);
|
||||
printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n");
|
||||
printf("\t\treturn(NULL);\n");
|
||||
printf("\treturn(dh);\n\t}\n");
|
||||
OPENSSL_free(data);
|
||||
}
|
||||
|
||||
if (!noout) {
|
||||
if (outformat == FORMAT_ASN1)
|
||||
i = i2d_DHparams_bio(out, dh);
|
||||
else if (outformat == FORMAT_PEM)
|
||||
i = PEM_write_bio_DHparams(out, dh);
|
||||
else {
|
||||
BIO_printf(bio_err, "bad output format specified for outfile\n");
|
||||
goto end;
|
||||
}
|
||||
if (!i) {
|
||||
BIO_printf(bio_err, "unable to write DH parameters\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
ret = 0;
|
||||
end:
|
||||
if (in != NULL)
|
||||
BIO_free(in);
|
||||
if (out != NULL)
|
||||
BIO_free_all(out);
|
||||
if (dh != NULL)
|
||||
DH_free(dh);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
#else /* !OPENSSL_NO_DH */
|
||||
|
||||
# if PEDANTIC
|
||||
static void *dummy = &dummy;
|
||||
# endif
|
||||
|
||||
#endif
|
|
@ -0,0 +1,10 @@
|
|||
-----BEGIN DH PARAMETERS-----
|
||||
MIGHAoGBAPSI/VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsY
|
||||
jY67VYy4XTjTNP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6
|
||||
ypUM2Zafq9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1XpL3jHAgEC
|
||||
-----END DH PARAMETERS-----
|
||||
|
||||
These are the 1024 bit DH parameters from "Assigned Number for SKIP Protocols"
|
||||
(http://www.skip-vpn.org/spec/numbers.html).
|
||||
See there for how they were generated.
|
||||
Note that g is not a generator, but this is not a problem since p is a safe prime.
|
|
@ -0,0 +1,12 @@
|
|||
-----BEGIN DH PARAMETERS-----
|
||||
MIIBCAKCAQEA9kJXtwh/CBdyorrWqULzBej5UxE5T7bxbrlLOCDaAadWoxTpj0BV
|
||||
89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJPPT2N286Z4VeSWc39uK50
|
||||
T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrUGvC/RgBYK+X0iP1YTknb
|
||||
zSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVbGI2Ou1WMuF040zT9fBdX
|
||||
Q6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcpesqVDNmWn6vQClCbAkbT
|
||||
CD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwIBAg==
|
||||
-----END DH PARAMETERS-----
|
||||
|
||||
These are the 2048 bit DH parameters from "Assigned Number for SKIP Protocols"
|
||||
(http://www.skip-vpn.org/spec/numbers.html).
|
||||
See there for how they were generated.
|
|
@ -0,0 +1,18 @@
|
|||
-----BEGIN DH PARAMETERS-----
|
||||
MIICCAKCAgEA+hRyUsFN4VpJ1O8JLcCo/VWr19k3BCgJ4uk+d+KhehjdRqNDNyOQ
|
||||
l/MOyQNQfWXPeGKmOmIig6Ev/nm6Nf9Z2B1h3R4hExf+zTiHnvVPeRBhjdQi81rt
|
||||
Xeoh6TNrSBIKIHfUJWBh3va0TxxjQIs6IZOLeVNRLMqzeylWqMf49HsIXqbcokUS
|
||||
Vt1BkvLdW48j8PPv5DsKRN3tloTxqDJGo9tKvj1Fuk74A+Xda1kNhB7KFlqMyN98
|
||||
VETEJ6c7KpfOo30mnK30wqw3S8OtaIR/maYX72tGOno2ehFDkq3pnPtEbD2CScxc
|
||||
alJC+EL7RPk5c/tgeTvCngvc1KZn92Y//EI7G9tPZtylj2b56sHtMftIoYJ9+ODM
|
||||
sccD5Piz/rejE3Ome8EOOceUSCYAhXn8b3qvxVI1ddd1pED6FHRhFvLrZxFvBEM9
|
||||
ERRMp5QqOaHJkM+Dxv8Cj6MqrCbfC4u+ZErxodzuusgDgvZiLF22uxMZbobFWyte
|
||||
OvOzKGtwcTqO/1wV5gKkzu1ZVswVUQd5Gg8lJicwqRWyyNRczDDoG9jVDxmogKTH
|
||||
AaqLulO7R8Ifa1SwF2DteSGVtgWEN8gDpN3RBmmPTDngyF2DHb5qmpnznwtFKdTL
|
||||
KWbuHn491xNO25CQWMtem80uKw+pTnisBRF/454n1Jnhub144YRBoN8CAQI=
|
||||
-----END DH PARAMETERS-----
|
||||
|
||||
These are the 4096 bit DH parameters from "Assigned Number for SKIP Protocols"
|
||||
(http://www.skip-vpn.org/spec/numbers.html).
|
||||
See there for how they were generated.
|
||||
Note that g is not a generator, but this is not a problem since p is a safe prime.
|
|
@ -0,0 +1,9 @@
|
|||
-----BEGIN DH PARAMETERS-----
|
||||
MEYCQQD1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zafq9AKUJsCRtMIPWak
|
||||
XUGfnHy9iUsiGSa6q6Jew1XpKgVfAgEC
|
||||
-----END DH PARAMETERS-----
|
||||
|
||||
These are the 512 bit DH parameters from "Assigned Number for SKIP Protocols"
|
||||
(http://www.skip-vpn.org/spec/numbers.html).
|
||||
See there for how they were generated.
|
||||
Note that g is not a generator, but this is not a problem since p is a safe prime.
|
|
@ -0,0 +1,556 @@
|
|||
/* apps/dhparam.c */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* "This product includes cryptographic software written by
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@openssl.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
*/
|
||||
|
||||
#include <openssl/opensslconf.h> /* for OPENSSL_NO_DH */
|
||||
#ifndef OPENSSL_NO_DH
|
||||
# include <stdio.h>
|
||||
# include <stdlib.h>
|
||||
# include <time.h>
|
||||
# include <string.h>
|
||||
# include "apps.h"
|
||||
# include <openssl/bio.h>
|
||||
# include <openssl/err.h>
|
||||
# include <openssl/bn.h>
|
||||
# include <openssl/dh.h>
|
||||
# include <openssl/x509.h>
|
||||
# include <openssl/pem.h>
|
||||
|
||||
# ifndef OPENSSL_NO_DSA
|
||||
# include <openssl/dsa.h>
|
||||
# endif
|
||||
|
||||
# undef PROG
|
||||
# define PROG dhparam_main
|
||||
|
||||
# define DEFBITS 2048
|
||||
|
||||
/*-
|
||||
* -inform arg - input format - default PEM (DER or PEM)
|
||||
* -outform arg - output format - default PEM
|
||||
* -in arg - input file - default stdin
|
||||
* -out arg - output file - default stdout
|
||||
* -dsaparam - read or generate DSA parameters, convert to DH
|
||||
* -check - check the parameters are ok
|
||||
* -noout
|
||||
* -text
|
||||
* -C
|
||||
*/
|
||||
|
||||
static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb);
|
||||
|
||||
int MAIN(int, char **);
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
DH *dh = NULL;
|
||||
int i, badops = 0, text = 0;
|
||||
# ifndef OPENSSL_NO_DSA
|
||||
int dsaparam = 0;
|
||||
# endif
|
||||
BIO *in = NULL, *out = NULL;
|
||||
int informat, outformat, check = 0, noout = 0, C = 0, ret = 1;
|
||||
char *infile, *outfile, *prog;
|
||||
char *inrand = NULL;
|
||||
char *engine = NULL;
|
||||
ENGINE *e = NULL;
|
||||
int num = 0, g = 0;
|
||||
|
||||
apps_startup();
|
||||
|
||||
if (bio_err == NULL)
|
||||
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
|
||||
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
|
||||
|
||||
if (!load_config(bio_err, NULL))
|
||||
goto end;
|
||||
|
||||
infile = NULL;
|
||||
outfile = NULL;
|
||||
informat = FORMAT_PEM;
|
||||
outformat = FORMAT_PEM;
|
||||
|
||||
prog = argv[0];
|
||||
argc--;
|
||||
argv++;
|
||||
while (argc >= 1) {
|
||||
if (strcmp(*argv, "-inform") == 0) {
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
informat = str2fmt(*(++argv));
|
||||
} else if (strcmp(*argv, "-outform") == 0) {
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
outformat = str2fmt(*(++argv));
|
||||
} else if (strcmp(*argv, "-in") == 0) {
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
infile = *(++argv);
|
||||
} else if (strcmp(*argv, "-out") == 0) {
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
outfile = *(++argv);
|
||||
}
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
else if (strcmp(*argv, "-engine") == 0) {
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
engine = *(++argv);
|
||||
}
|
||||
# endif
|
||||
else if (strcmp(*argv, "-check") == 0)
|
||||
check = 1;
|
||||
else if (strcmp(*argv, "-text") == 0)
|
||||
text = 1;
|
||||
# ifndef OPENSSL_NO_DSA
|
||||
else if (strcmp(*argv, "-dsaparam") == 0)
|
||||
dsaparam = 1;
|
||||
# endif
|
||||
else if (strcmp(*argv, "-C") == 0)
|
||||
C = 1;
|
||||
else if (strcmp(*argv, "-noout") == 0)
|
||||
noout = 1;
|
||||
else if (strcmp(*argv, "-2") == 0)
|
||||
g = 2;
|
||||
else if (strcmp(*argv, "-5") == 0)
|
||||
g = 5;
|
||||
else if (strcmp(*argv, "-rand") == 0) {
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
inrand = *(++argv);
|
||||
} else if (((sscanf(*argv, "%d", &num) == 0) || (num <= 0)))
|
||||
goto bad;
|
||||
argv++;
|
||||
argc--;
|
||||
}
|
||||
|
||||
if (badops) {
|
||||
bad:
|
||||
BIO_printf(bio_err, "%s [options] [numbits]\n", prog);
|
||||
BIO_printf(bio_err, "where options are\n");
|
||||
BIO_printf(bio_err, " -inform arg input format - one of DER PEM\n");
|
||||
BIO_printf(bio_err,
|
||||
" -outform arg output format - one of DER PEM\n");
|
||||
BIO_printf(bio_err, " -in arg input file\n");
|
||||
BIO_printf(bio_err, " -out arg output file\n");
|
||||
# ifndef OPENSSL_NO_DSA
|
||||
BIO_printf(bio_err,
|
||||
" -dsaparam read or generate DSA parameters, convert to DH\n");
|
||||
# endif
|
||||
BIO_printf(bio_err, " -check check the DH parameters\n");
|
||||
BIO_printf(bio_err,
|
||||
" -text print a text form of the DH parameters\n");
|
||||
BIO_printf(bio_err, " -C Output C code\n");
|
||||
BIO_printf(bio_err,
|
||||
" -2 generate parameters using 2 as the generator value\n");
|
||||
BIO_printf(bio_err,
|
||||
" -5 generate parameters using 5 as the generator value\n");
|
||||
BIO_printf(bio_err,
|
||||
" numbits number of bits in to generate (default 2048)\n");
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
BIO_printf(bio_err,
|
||||
" -engine e use engine e, possibly a hardware device.\n");
|
||||
# endif
|
||||
BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
|
||||
LIST_SEPARATOR_CHAR);
|
||||
BIO_printf(bio_err,
|
||||
" - load the file (or the files in the directory) into\n");
|
||||
BIO_printf(bio_err, " the random number generator\n");
|
||||
BIO_printf(bio_err, " -noout no output\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
ERR_load_crypto_strings();
|
||||
|
||||
e = setup_engine(bio_err, engine, 0);
|
||||
|
||||
if (g && !num)
|
||||
num = DEFBITS;
|
||||
|
||||
# ifndef OPENSSL_NO_DSA
|
||||
if (dsaparam) {
|
||||
if (g) {
|
||||
BIO_printf(bio_err,
|
||||
"generator may not be chosen for DSA parameters\n");
|
||||
goto end;
|
||||
}
|
||||
} else
|
||||
# endif
|
||||
{
|
||||
/* DH parameters */
|
||||
if (num && !g)
|
||||
g = 2;
|
||||
}
|
||||
|
||||
if (num) {
|
||||
|
||||
BN_GENCB cb;
|
||||
BN_GENCB_set(&cb, dh_cb, bio_err);
|
||||
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) {
|
||||
BIO_printf(bio_err,
|
||||
"warning, not much extra random data, consider using the -rand option\n");
|
||||
}
|
||||
if (inrand != NULL)
|
||||
BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
|
||||
app_RAND_load_files(inrand));
|
||||
|
||||
# ifndef OPENSSL_NO_DSA
|
||||
if (dsaparam) {
|
||||
DSA *dsa = DSA_new();
|
||||
|
||||
BIO_printf(bio_err,
|
||||
"Generating DSA parameters, %d bit long prime\n", num);
|
||||
if (!dsa
|
||||
|| !DSA_generate_parameters_ex(dsa, num, NULL, 0, NULL, NULL,
|
||||
&cb)) {
|
||||
if (dsa)
|
||||
DSA_free(dsa);
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
|
||||
dh = DSA_dup_DH(dsa);
|
||||
DSA_free(dsa);
|
||||
if (dh == NULL) {
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
} else
|
||||
# endif
|
||||
{
|
||||
dh = DH_new();
|
||||
BIO_printf(bio_err,
|
||||
"Generating DH parameters, %d bit long safe prime, generator %d\n",
|
||||
num, g);
|
||||
BIO_printf(bio_err, "This is going to take a long time\n");
|
||||
if (!dh || !DH_generate_parameters_ex(dh, num, g, &cb)) {
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
app_RAND_write_file(NULL, bio_err);
|
||||
} else {
|
||||
|
||||
in = BIO_new(BIO_s_file());
|
||||
if (in == NULL) {
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
if (infile == NULL)
|
||||
BIO_set_fp(in, stdin, BIO_NOCLOSE);
|
||||
else {
|
||||
if (BIO_read_filename(in, infile) <= 0) {
|
||||
perror(infile);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
if (informat != FORMAT_ASN1 && informat != FORMAT_PEM) {
|
||||
BIO_printf(bio_err, "bad input format specified\n");
|
||||
goto end;
|
||||
}
|
||||
# ifndef OPENSSL_NO_DSA
|
||||
if (dsaparam) {
|
||||
DSA *dsa;
|
||||
|
||||
if (informat == FORMAT_ASN1)
|
||||
dsa = d2i_DSAparams_bio(in, NULL);
|
||||
else /* informat == FORMAT_PEM */
|
||||
dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL);
|
||||
|
||||
if (dsa == NULL) {
|
||||
BIO_printf(bio_err, "unable to load DSA parameters\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
|
||||
dh = DSA_dup_DH(dsa);
|
||||
DSA_free(dsa);
|
||||
if (dh == NULL) {
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
} else
|
||||
# endif
|
||||
{
|
||||
if (informat == FORMAT_ASN1) {
|
||||
/*
|
||||
* We have no PEM header to determine what type of DH params it
|
||||
* is. We'll just try both.
|
||||
*/
|
||||
dh = d2i_DHparams_bio(in, NULL);
|
||||
/* BIO_reset() returns 0 for success for file BIOs only!!! */
|
||||
if (dh == NULL && BIO_reset(in) == 0)
|
||||
dh = d2i_DHxparams_bio(in, NULL);
|
||||
} else {
|
||||
/* informat == FORMAT_PEM */
|
||||
dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
|
||||
}
|
||||
|
||||
if (dh == NULL) {
|
||||
BIO_printf(bio_err, "unable to load DH parameters\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
/* dh != NULL */
|
||||
}
|
||||
|
||||
out = BIO_new(BIO_s_file());
|
||||
if (out == NULL) {
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
if (outfile == NULL) {
|
||||
BIO_set_fp(out, stdout, BIO_NOCLOSE);
|
||||
# ifdef OPENSSL_SYS_VMS
|
||||
{
|
||||
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
|
||||
out = BIO_push(tmpbio, out);
|
||||
}
|
||||
# endif
|
||||
} else {
|
||||
if (BIO_write_filename(out, outfile) <= 0) {
|
||||
perror(outfile);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
if (text) {
|
||||
DHparams_print(out, dh);
|
||||
}
|
||||
|
||||
if (check) {
|
||||
if (!DH_check(dh, &i)) {
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
if (i & DH_CHECK_P_NOT_PRIME)
|
||||
printf("p value is not prime\n");
|
||||
if (i & DH_CHECK_P_NOT_SAFE_PRIME)
|
||||
printf("p value is not a safe prime\n");
|
||||
if (i & DH_UNABLE_TO_CHECK_GENERATOR)
|
||||
printf("unable to check the generator value\n");
|
||||
if (i & DH_NOT_SUITABLE_GENERATOR)
|
||||
printf("the g value is not a generator\n");
|
||||
if (i == 0)
|
||||
printf("DH parameters appear to be ok.\n");
|
||||
}
|
||||
if (C) {
|
||||
unsigned char *data;
|
||||
int len, l, bits;
|
||||
|
||||
len = BN_num_bytes(dh->p);
|
||||
bits = BN_num_bits(dh->p);
|
||||
data = (unsigned char *)OPENSSL_malloc(len);
|
||||
if (data == NULL) {
|
||||
perror("OPENSSL_malloc");
|
||||
goto end;
|
||||
}
|
||||
printf("#ifndef HEADER_DH_H\n"
|
||||
"#include <openssl/dh.h>\n" "#endif\n");
|
||||
printf("DH *get_dh%d()\n\t{\n", bits);
|
||||
|
||||
l = BN_bn2bin(dh->p, data);
|
||||
printf("\tstatic unsigned char dh%d_p[]={", bits);
|
||||
for (i = 0; i < l; i++) {
|
||||
if ((i % 12) == 0)
|
||||
printf("\n\t\t");
|
||||
printf("0x%02X,", data[i]);
|
||||
}
|
||||
printf("\n\t\t};\n");
|
||||
|
||||
l = BN_bn2bin(dh->g, data);
|
||||
printf("\tstatic unsigned char dh%d_g[]={", bits);
|
||||
for (i = 0; i < l; i++) {
|
||||
if ((i % 12) == 0)
|
||||
printf("\n\t\t");
|
||||
printf("0x%02X,", data[i]);
|
||||
}
|
||||
printf("\n\t\t};\n");
|
||||
|
||||
printf("\tDH *dh;\n\n");
|
||||
printf("\tif ((dh=DH_new()) == NULL) return(NULL);\n");
|
||||
printf("\tdh->p=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);\n",
|
||||
bits, bits);
|
||||
printf("\tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);\n",
|
||||
bits, bits);
|
||||
printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n");
|
||||
printf("\t\t{ DH_free(dh); return(NULL); }\n");
|
||||
if (dh->length)
|
||||
printf("\tdh->length = %ld;\n", dh->length);
|
||||
printf("\treturn(dh);\n\t}\n");
|
||||
OPENSSL_free(data);
|
||||
}
|
||||
|
||||
if (!noout) {
|
||||
if (outformat == FORMAT_ASN1) {
|
||||
if (dh->q != NULL)
|
||||
i = i2d_DHxparams_bio(out, dh);
|
||||
else
|
||||
i = i2d_DHparams_bio(out, dh);
|
||||
} else if (outformat == FORMAT_PEM) {
|
||||
if (dh->q != NULL)
|
||||
i = PEM_write_bio_DHxparams(out, dh);
|
||||
else
|
||||
i = PEM_write_bio_DHparams(out, dh);
|
||||
} else {
|
||||
BIO_printf(bio_err, "bad output format specified for outfile\n");
|
||||
goto end;
|
||||
}
|
||||
if (!i) {
|
||||
BIO_printf(bio_err, "unable to write DH parameters\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
ret = 0;
|
||||
end:
|
||||
if (in != NULL)
|
||||
BIO_free(in);
|
||||
if (out != NULL)
|
||||
BIO_free_all(out);
|
||||
if (dh != NULL)
|
||||
DH_free(dh);
|
||||
release_engine(e);
|
||||
apps_shutdown();
|
||||
OPENSSL_EXIT(ret);
|
||||
}
|
||||
|
||||
/* dh_cb is identical to dsa_cb in apps/dsaparam.c */
|
||||
static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb)
|
||||
{
|
||||
char c = '*';
|
||||
|
||||
if (p == 0)
|
||||
c = '.';
|
||||
if (p == 1)
|
||||
c = '+';
|
||||
if (p == 2)
|
||||
c = '*';
|
||||
if (p == 3)
|
||||
c = '\n';
|
||||
BIO_write(cb->arg, &c, 1);
|
||||
(void)BIO_flush(cb->arg);
|
||||
# ifdef LINT
|
||||
p = n;
|
||||
# endif
|
||||
return 1;
|
||||
}
|
||||
|
||||
#else /* !OPENSSL_NO_DH */
|
||||
|
||||
# if PEDANTIC
|
||||
static void *dummy = &dummy;
|
||||
# endif
|
||||
|
||||
#endif
|
|
@ -0,0 +1,40 @@
|
|||
-----BEGIN DSA PRIVATE KEY-----
|
||||
MIIBugIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ
|
||||
PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel
|
||||
u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH
|
||||
Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso
|
||||
hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu
|
||||
SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y
|
||||
Mu0OArgCgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuHvSLw9YUrJahcBHmbpvt4
|
||||
94lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUqAylOVFJJJXuirVJ+o+0T
|
||||
tOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u3enxhqnDGQIUB78dhW77
|
||||
J6zsFbSEHaQGUmfSeoM=
|
||||
-----END DSA PRIVATE KEY-----
|
||||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIICUjCCAhECAQAwUjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
|
||||
ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDELMAkGA1UEAxMCQ0Ew
|
||||
ggG0MIIBKQYFKw4DAgwwggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaW
|
||||
sxXgUy6P4FmCc5A+dTGZR3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5m
|
||||
rmuINvvsKNzC16W75Sw5JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHk
|
||||
cJVbUM1JAhUA9wcx7fpsBgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVo
|
||||
bzDjaeHls12YuyiGSPzemQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqR
|
||||
CZ228U2cVA9YBu5JdAfOVX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxB
|
||||
F5WS6wG1c6Vqftgy7Q4CuAOBhAACgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuH
|
||||
vSLw9YUrJahcBHmbpvt494lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUq
|
||||
AylOVFJJJXuirVJ+o+0TtOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u
|
||||
3enxhqnDGaAAMAkGBSsOAwIbBQADMAAwLQIVAJGVuFsG/0DBuSZ0jF7ypdU0/G0v
|
||||
AhQfeF5BoMMDbX/kidUVpQ6gadPlZA==
|
||||
-----END CERTIFICATE REQUEST-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIBrjCCAWwCAQswCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
|
||||
U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww
|
||||
CgYDVQQDEwNQQ0EwHhcNOTcwNjE1MDIxNDI5WhcNOTcwNzE1MDIxNDI5WjBSMQsw
|
||||
CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu
|
||||
ZXQgV2lkZ2l0cyBQdHkgTHRkMQswCQYDVQQDEwJDQTCBkjAJBgUrDgMCDAUAA4GE
|
||||
AAKBgBqmWXqKrP1etkWWTYYJVwH4qKHFacfsi4e9IvD1hSslqFwEeZum+3j3iUXi
|
||||
ALnDdY8z69cmh9u6yTgahAQSxA0wNpqHibj25SoDKU5UUkkle6KtUn6j7RO04UMh
|
||||
MQCX5hllquJc4Pu105I6X1Esw8Lr51ocpL17ry7d6fGGqcMZMAkGBSsOAwIbBQAD
|
||||
MQAwLgIVAJ4wtQsANPxHo7Q4IQZYsL12SKdbAhUAjJ9n38zxT+iai2164xS+LIfa
|
||||
C1Q=
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -0,0 +1,46 @@
|
|||
-----BEGIN DSA PRIVATE KEY-----
|
||||
MIIBvAIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ
|
||||
PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel
|
||||
u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH
|
||||
Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso
|
||||
hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu
|
||||
SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y
|
||||
Mu0OArgCgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk
|
||||
umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A
|
||||
29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUCFQDNvrBz
|
||||
6TicfImU7UFRn9h00j0lJQ==
|
||||
-----END DSA PRIVATE KEY-----
|
||||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIICVTCCAhMCAQAwUzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
|
||||
ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAxMDUENB
|
||||
MIIBtTCCASkGBSsOAwIMMIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2G
|
||||
lrMV4FMuj+BZgnOQPnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7O
|
||||
Zq5riDb77Cjcwtelu+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR
|
||||
5HCVW1DNSQIVAPcHMe36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnl
|
||||
aG8w42nh5bNdmLsohkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6
|
||||
kQmdtvFNnFQPWAbuSXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15Als
|
||||
QReVkusBtXOlan7YMu0OArgDgYUAAoGBAKbtuR5AdW+ICjCFe2ixjUiJJzM2IKwe
|
||||
6NZEMXg39+HQ1UTPTmfLZLps+rZfolHDXuRKMXbGFdSF0nXYzotPCzi7GauwEJTZ
|
||||
yr27ZZjA1C6apGSQ9GzuwNvZ4rCXystVEagAS8OQ4H3D4dWS17Zg31ICb5o4E5r0
|
||||
z09o/Uz46u0VoAAwCQYFKw4DAhsFAAMxADAuAhUArRubTxsbIXy3AhtjQ943AbNB
|
||||
nSICFQCu+g1iW3jwF+gOcbroD4S/ZcvB3w==
|
||||
-----END CERTIFICATE REQUEST-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIC0zCCApECAQAwCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
|
||||
U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww
|
||||
CgYDVQQDEwNQQ0EwHhcNOTcwNjE0MjI1NDQ1WhcNOTcwNzE0MjI1NDQ1WjBTMQsw
|
||||
CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu
|
||||
ZXQgV2lkZ2l0cyBQdHkgTHRkMQwwCgYDVQQDEwNQQ0EwggG1MIIBKQYFKw4DAgww
|
||||
ggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaWsxXgUy6P4FmCc5A+dTGZ
|
||||
R3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5mrmuINvvsKNzC16W75Sw5
|
||||
JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHkcJVbUM1JAhUA9wcx7fps
|
||||
BgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVobzDjaeHls12YuyiGSPze
|
||||
mQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqRCZ228U2cVA9YBu5JdAfO
|
||||
VX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxBF5WS6wG1c6Vqftgy7Q4C
|
||||
uAOBhQACgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk
|
||||
umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A
|
||||
29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUwCQYFKw4D
|
||||
AhsFAAMxADAuAhUAvtv6AkMolix1Jvy3UnVEIUqdCUICFQC+jq8P49mwrY9oJ24n
|
||||
5rKUjNBhSg==
|
||||
-----END CERTIFICATE-----
|
||||
|
Некоторые файлы не были показаны из-за слишком большого количества измененных файлов Показать больше
Загрузка…
Ссылка в новой задаче