aboutsummaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authorKris Kennaway <kris@FreeBSD.org>2000-04-13 06:33:22 +0000
committerKris Kennaway <kris@FreeBSD.org>2000-04-13 06:33:22 +0000
commitf579bf8ec7713035a231884db9958cdc4ff5d7cf (patch)
tree85b9c007d5ac1d91a3895eef3fd18d6114b62cc4 /crypto
parent97b2ed56f81c44973772e4cf3869f4f70e2b5d78 (diff)
downloadsrc-f579bf8ec7713035a231884db9958cdc4ff5d7cf.tar.gz
src-f579bf8ec7713035a231884db9958cdc4ff5d7cf.zip
Initial import of OpenSSL 0.9.5a
Notes
Notes: svn path=/vendor-crypto/openssl/dist/; revision=59191
Diffstat (limited to 'crypto')
-rw-r--r--crypto/openssl/CHANGES1239
-rwxr-xr-xcrypto/openssl/Configure338
-rw-r--r--crypto/openssl/FAQ287
-rw-r--r--crypto/openssl/INSTALL166
-rw-r--r--crypto/openssl/LICENSE2
-rw-r--r--crypto/openssl/Makefile.org58
-rw-r--r--crypto/openssl/Makefile.ssl66
-rw-r--r--crypto/openssl/NEWS45
-rw-r--r--crypto/openssl/README92
-rwxr-xr-xcrypto/openssl/apps/CA.pl11
-rw-r--r--crypto/openssl/apps/CA.pl.in162
-rw-r--r--crypto/openssl/apps/CA.sh2
-rw-r--r--crypto/openssl/apps/Makefile.save818
-rw-r--r--crypto/openssl/apps/Makefile.ssl261
-rw-r--r--crypto/openssl/apps/app_rand.c213
-rw-r--r--crypto/openssl/apps/apps.c90
-rw-r--r--crypto/openssl/apps/apps.h20
-rw-r--r--crypto/openssl/apps/asn1pars.c14
-rw-r--r--crypto/openssl/apps/ca.c221
-rw-r--r--crypto/openssl/apps/ciphers.c16
-rw-r--r--crypto/openssl/apps/crl.c83
-rw-r--r--crypto/openssl/apps/crl2p7.c8
-rw-r--r--crypto/openssl/apps/der_chop2
-rw-r--r--crypto/openssl/apps/dgst.c3
-rw-r--r--crypto/openssl/apps/dh.c18
-rw-r--r--crypto/openssl/apps/dhparam.c520
-rw-r--r--crypto/openssl/apps/dsa.c86
-rw-r--r--crypto/openssl/apps/dsaparam.c48
-rw-r--r--crypto/openssl/apps/enc.c157
-rw-r--r--crypto/openssl/apps/errstr.c2
-rw-r--r--crypto/openssl/apps/gendh.c53
-rw-r--r--crypto/openssl/apps/gendsa.c67
-rw-r--r--crypto/openssl/apps/genrsa.c106
-rw-r--r--crypto/openssl/apps/nseq.c16
-rw-r--r--crypto/openssl/apps/openssl.c59
-rw-r--r--crypto/openssl/apps/openssl.cnf38
-rw-r--r--crypto/openssl/apps/passwd.c475
-rw-r--r--crypto/openssl/apps/pkcs12.c211
-rw-r--r--crypto/openssl/apps/pkcs7.c96
-rw-r--r--crypto/openssl/apps/pkcs8.c131
-rw-r--r--crypto/openssl/apps/progs.h34
-rw-r--r--crypto/openssl/apps/progs.pl18
-rw-r--r--crypto/openssl/apps/rand.c140
-rw-r--r--crypto/openssl/apps/req.c411
-rw-r--r--crypto/openssl/apps/rsa.c118
-rw-r--r--crypto/openssl/apps/s_apps.h9
-rw-r--r--crypto/openssl/apps/s_cb.c2
-rw-r--r--crypto/openssl/apps/s_client.c105
-rw-r--r--crypto/openssl/apps/s_server.c140
-rw-r--r--crypto/openssl/apps/s_socket.c172
-rw-r--r--crypto/openssl/apps/s_time.c31
-rw-r--r--crypto/openssl/apps/sess_id.c5
-rw-r--r--crypto/openssl/apps/smime.c535
-rw-r--r--crypto/openssl/apps/speed.c64
-rw-r--r--crypto/openssl/apps/spkac.c276
-rw-r--r--crypto/openssl/apps/testdsa.h3
-rw-r--r--crypto/openssl/apps/testrsa.h1
-rw-r--r--crypto/openssl/apps/verify.c165
-rw-r--r--crypto/openssl/apps/version.c2
-rw-r--r--crypto/openssl/apps/winrand.c149
-rw-r--r--crypto/openssl/apps/x509.c275
-rw-r--r--crypto/openssl/bugs/SSLv38
-rw-r--r--crypto/openssl/certs/ca-cert.pem30
-rw-r--r--crypto/openssl/certs/pca-cert.pem28
-rwxr-xr-xcrypto/openssl/config92
-rw-r--r--crypto/openssl/crypto/Makefile.save195
-rw-r--r--crypto/openssl/crypto/Makefile.ssl38
-rw-r--r--crypto/openssl/crypto/asn1/Makefile.save1184
-rw-r--r--crypto/openssl/crypto/asn1/Makefile.ssl138
-rw-r--r--crypto/openssl/crypto/asn1/a_bitstr.c15
-rw-r--r--crypto/openssl/crypto/asn1/a_bmp.c6
-rw-r--r--crypto/openssl/crypto/asn1/a_bytes.c19
-rw-r--r--crypto/openssl/crypto/asn1/a_digest.c11
-rw-r--r--crypto/openssl/crypto/asn1/a_dup.c2
-rw-r--r--crypto/openssl/crypto/asn1/a_enum.c25
-rw-r--r--crypto/openssl/crypto/asn1/a_gentm.c10
-rw-r--r--crypto/openssl/crypto/asn1/a_hdr.c6
-rw-r--r--crypto/openssl/crypto/asn1/a_i2d_fp.c2
-rw-r--r--crypto/openssl/crypto/asn1/a_int.c41
-rw-r--r--crypto/openssl/crypto/asn1/a_mbstr.c390
-rw-r--r--crypto/openssl/crypto/asn1/a_null.c119
-rw-r--r--crypto/openssl/crypto/asn1/a_object.c6
-rw-r--r--crypto/openssl/crypto/asn1/a_octet.c20
-rw-r--r--crypto/openssl/crypto/asn1/a_print.c32
-rw-r--r--crypto/openssl/crypto/asn1/a_sign.c15
-rw-r--r--crypto/openssl/crypto/asn1/a_strnid.c247
-rw-r--r--crypto/openssl/crypto/asn1/a_time.c6
-rw-r--r--crypto/openssl/crypto/asn1/a_type.c2
-rw-r--r--crypto/openssl/crypto/asn1/a_utctm.c10
-rw-r--r--crypto/openssl/crypto/asn1/a_utf8.c155
-rw-r--r--crypto/openssl/crypto/asn1/a_verify.c9
-rw-r--r--crypto/openssl/crypto/asn1/a_vis.c6
-rw-r--r--crypto/openssl/crypto/asn1/asn1.h290
-rw-r--r--crypto/openssl/crypto/asn1/asn1_err.c27
-rw-r--r--crypto/openssl/crypto/asn1/asn1_lib.c19
-rw-r--r--crypto/openssl/crypto/asn1/asn1_mac.h14
-rw-r--r--crypto/openssl/crypto/asn1/asn1_par.c78
-rw-r--r--crypto/openssl/crypto/asn1/d2i_dhp.c4
-rw-r--r--crypto/openssl/crypto/asn1/d2i_dsap.c4
-rw-r--r--crypto/openssl/crypto/asn1/d2i_pr.c23
-rw-r--r--crypto/openssl/crypto/asn1/d2i_r_pr.c11
-rw-r--r--crypto/openssl/crypto/asn1/d2i_r_pu.c10
-rw-r--r--crypto/openssl/crypto/asn1/d2i_s_pr.c4
-rw-r--r--crypto/openssl/crypto/asn1/d2i_s_pu.c4
-rw-r--r--crypto/openssl/crypto/asn1/evp_asn1.c24
-rw-r--r--crypto/openssl/crypto/asn1/f_enum.c2
-rw-r--r--crypto/openssl/crypto/asn1/f_int.c2
-rw-r--r--crypto/openssl/crypto/asn1/f_string.c2
-rw-r--r--crypto/openssl/crypto/asn1/i2d_dhp.c2
-rw-r--r--crypto/openssl/crypto/asn1/i2d_dsap.c2
-rw-r--r--crypto/openssl/crypto/asn1/i2d_r_pr.c8
-rw-r--r--crypto/openssl/crypto/asn1/i2d_r_pu.c8
-rw-r--r--crypto/openssl/crypto/asn1/i2d_s_pr.c2
-rw-r--r--crypto/openssl/crypto/asn1/i2d_s_pu.c2
-rw-r--r--crypto/openssl/crypto/asn1/n_pkey.c25
-rw-r--r--crypto/openssl/crypto/asn1/p5_pbe.c13
-rw-r--r--crypto/openssl/crypto/asn1/p5_pbev2.c34
-rw-r--r--crypto/openssl/crypto/asn1/p7_dgst.c10
-rw-r--r--crypto/openssl/crypto/asn1/p7_enc.c6
-rw-r--r--crypto/openssl/crypto/asn1/p7_enc_c.c7
-rw-r--r--crypto/openssl/crypto/asn1/p7_evp.c6
-rw-r--r--crypto/openssl/crypto/asn1/p7_i_s.c6
-rw-r--r--crypto/openssl/crypto/asn1/p7_lib.c8
-rw-r--r--crypto/openssl/crypto/asn1/p7_recip.c8
-rw-r--r--crypto/openssl/crypto/asn1/p7_s_e.c4
-rw-r--r--crypto/openssl/crypto/asn1/p7_signd.c4
-rw-r--r--crypto/openssl/crypto/asn1/p7_signi.c10
-rw-r--r--crypto/openssl/crypto/asn1/p8_key.c131
-rw-r--r--crypto/openssl/crypto/asn1/p8_pkey.c6
-rw-r--r--crypto/openssl/crypto/asn1/t_bitst.c99
-rw-r--r--crypto/openssl/crypto/asn1/t_crl.c2
-rw-r--r--crypto/openssl/crypto/asn1/t_pkey.c10
-rw-r--r--crypto/openssl/crypto/asn1/t_req.c34
-rw-r--r--crypto/openssl/crypto/asn1/t_spki.c116
-rw-r--r--crypto/openssl/crypto/asn1/t_x509.c9
-rw-r--r--crypto/openssl/crypto/asn1/t_x509a.c102
-rw-r--r--crypto/openssl/crypto/asn1/x_algor.c2
-rw-r--r--crypto/openssl/crypto/asn1/x_attrib.c2
-rw-r--r--crypto/openssl/crypto/asn1/x_cinf.c16
-rw-r--r--crypto/openssl/crypto/asn1/x_crl.c57
-rw-r--r--crypto/openssl/crypto/asn1/x_exten.c15
-rw-r--r--crypto/openssl/crypto/asn1/x_info.c3
-rw-r--r--crypto/openssl/crypto/asn1/x_name.c2
-rw-r--r--crypto/openssl/crypto/asn1/x_pkey.c8
-rw-r--r--crypto/openssl/crypto/asn1/x_pubkey.c120
-rw-r--r--crypto/openssl/crypto/asn1/x_req.c18
-rw-r--r--crypto/openssl/crypto/asn1/x_sig.c6
-rw-r--r--crypto/openssl/crypto/asn1/x_spki.c14
-rw-r--r--crypto/openssl/crypto/asn1/x_val.c10
-rw-r--r--crypto/openssl/crypto/asn1/x_x509.c67
-rw-r--r--crypto/openssl/crypto/asn1/x_x509a.c200
-rw-r--r--crypto/openssl/crypto/bf/Makefile.save116
-rw-r--r--crypto/openssl/crypto/bf/Makefile.ssl4
-rw-r--r--crypto/openssl/crypto/bf/bf_cbc.c32
-rw-r--r--crypto/openssl/crypto/bf/bf_cfb64.c4
-rw-r--r--crypto/openssl/crypto/bf/bf_ecb.c12
-rw-r--r--crypto/openssl/crypto/bf/bf_enc.c44
-rw-r--r--crypto/openssl/crypto/bf/bf_locl.h6
-rw-r--r--crypto/openssl/crypto/bf/bf_ofb64.c4
-rw-r--r--crypto/openssl/crypto/bf/bf_opts.c2
-rw-r--r--crypto/openssl/crypto/bf/bf_pi.h2
-rw-r--r--crypto/openssl/crypto/bf/bf_skey.c4
-rw-r--r--crypto/openssl/crypto/bf/bfspeed.c2
-rw-r--r--crypto/openssl/crypto/bf/bftest.c12
-rw-r--r--crypto/openssl/crypto/bf/blowfish.h24
-rw-r--r--crypto/openssl/crypto/bio/Makefile.save220
-rw-r--r--crypto/openssl/crypto/bio/Makefile.ssl50
-rw-r--r--crypto/openssl/crypto/bio/b_dump.c4
-rw-r--r--crypto/openssl/crypto/bio/b_print.c765
-rw-r--r--crypto/openssl/crypto/bio/b_sock.c24
-rw-r--r--crypto/openssl/crypto/bio/bf_buff.c26
-rw-r--r--crypto/openssl/crypto/bio/bf_nbio.c20
-rw-r--r--crypto/openssl/crypto/bio/bf_null.c16
-rw-r--r--crypto/openssl/crypto/bio/bio.h56
-rw-r--r--crypto/openssl/crypto/bio/bio_err.c10
-rw-r--r--crypto/openssl/crypto/bio/bio_lib.c58
-rw-r--r--crypto/openssl/crypto/bio/bss_acpt.c1
-rw-r--r--crypto/openssl/crypto/bio/bss_bio.c277
-rw-r--r--crypto/openssl/crypto/bio/bss_conn.c42
-rw-r--r--crypto/openssl/crypto/bio/bss_file.c3
-rw-r--r--crypto/openssl/crypto/bio/bss_log.c214
-rw-r--r--crypto/openssl/crypto/bio/bss_mem.c58
-rw-r--r--crypto/openssl/crypto/bio/bss_null.c1
-rw-r--r--crypto/openssl/crypto/bio/bss_rtcp.c1
-rw-r--r--crypto/openssl/crypto/bio/bss_sock.c5
-rw-r--r--crypto/openssl/crypto/bn/Makefile.save286
-rw-r--r--crypto/openssl/crypto/bn/Makefile.ssl113
-rw-r--r--crypto/openssl/crypto/bn/asm/README9
-rw-r--r--crypto/openssl/crypto/bn/asm/alpha.s2415
-rw-r--r--crypto/openssl/crypto/bn/asm/mips3.s143
-rw-r--r--crypto/openssl/crypto/bn/bn.h137
-rw-r--r--crypto/openssl/crypto/bn/bn_add.c4
-rw-r--r--crypto/openssl/crypto/bn/bn_asm.c145
-rw-r--r--crypto/openssl/crypto/bn/bn_ctx.c144
-rw-r--r--crypto/openssl/crypto/bn/bn_div.c206
-rw-r--r--crypto/openssl/crypto/bn/bn_err.c5
-rw-r--r--crypto/openssl/crypto/bn/bn_exp.c238
-rw-r--r--crypto/openssl/crypto/bn/bn_exp2.c14
-rw-r--r--crypto/openssl/crypto/bn/bn_gcd.c28
-rw-r--r--crypto/openssl/crypto/bn/bn_lcl.h125
-rw-r--r--crypto/openssl/crypto/bn/bn_lib.c60
-rw-r--r--crypto/openssl/crypto/bn/bn_mont.c318
-rw-r--r--crypto/openssl/crypto/bn/bn_mul.c250
-rw-r--r--crypto/openssl/crypto/bn/bn_prime.c378
-rw-r--r--crypto/openssl/crypto/bn/bn_prime.h4
-rw-r--r--crypto/openssl/crypto/bn/bn_prime.pl69
-rw-r--r--crypto/openssl/crypto/bn/bn_print.c23
-rw-r--r--crypto/openssl/crypto/bn/bn_rand.c25
-rw-r--r--crypto/openssl/crypto/bn/bn_recp.c43
-rw-r--r--crypto/openssl/crypto/bn/bn_sqr.c25
-rw-r--r--crypto/openssl/crypto/bn/bn_word.c2
-rw-r--r--crypto/openssl/crypto/bn/bnspeed.c2
-rw-r--r--crypto/openssl/crypto/bn/bntest.c242
-rw-r--r--crypto/openssl/crypto/bn/divtest.c41
-rw-r--r--crypto/openssl/crypto/bn/exp.c2
-rw-r--r--crypto/openssl/crypto/bn/expspeed.c2
-rw-r--r--crypto/openssl/crypto/bn/exptest.c15
-rw-r--r--crypto/openssl/crypto/buffer/Makefile.save87
-rw-r--r--crypto/openssl/crypto/buffer/Makefile.ssl3
-rw-r--r--crypto/openssl/crypto/buffer/buf_err.c3
-rw-r--r--crypto/openssl/crypto/cast/Makefile.save124
-rw-r--r--crypto/openssl/crypto/cast/Makefile.ssl4
-rw-r--r--crypto/openssl/crypto/cast/c_ecb.c2
-rw-r--r--crypto/openssl/crypto/cast/cast_lcl.h18
-rw-r--r--crypto/openssl/crypto/cast/cast_s.h16
-rw-r--r--crypto/openssl/crypto/cast/cast_spd.c2
-rw-r--r--crypto/openssl/crypto/cast/castopts.c2
-rw-r--r--crypto/openssl/crypto/cast/casttest.c18
-rw-r--r--crypto/openssl/crypto/comp/Makefile.save99
-rw-r--r--crypto/openssl/crypto/comp/comp.h1
-rw-r--r--crypto/openssl/crypto/comp/comp_err.c3
-rw-r--r--crypto/openssl/crypto/conf/Makefile.save92
-rw-r--r--crypto/openssl/crypto/conf/conf.c32
-rw-r--r--crypto/openssl/crypto/conf/conf.h2
-rw-r--r--crypto/openssl/crypto/conf/conf_err.c3
-rw-r--r--crypto/openssl/crypto/cpt_err.c3
-rw-r--r--crypto/openssl/crypto/cryptlib.c6
-rw-r--r--crypto/openssl/crypto/crypto.h204
-rw-r--r--crypto/openssl/crypto/des/Makefile.save206
-rw-r--r--crypto/openssl/crypto/des/Makefile.ssl40
-rw-r--r--crypto/openssl/crypto/des/cbc3_enc.c20
-rw-r--r--crypto/openssl/crypto/des/des.c29
-rw-r--r--crypto/openssl/crypto/des/des.h36
-rw-r--r--crypto/openssl/crypto/des/des.pod217
-rw-r--r--crypto/openssl/crypto/des/des_locl.h12
-rw-r--r--crypto/openssl/crypto/des/des_opts.c10
-rw-r--r--crypto/openssl/crypto/des/destest.c150
-rw-r--r--crypto/openssl/crypto/des/enc_read.c4
-rw-r--r--crypto/openssl/crypto/des/enc_writ.c13
-rw-r--r--crypto/openssl/crypto/des/fcrypt.c11
-rw-r--r--crypto/openssl/crypto/des/fcrypt_b.c4
-rw-r--r--crypto/openssl/crypto/des/ncbc_enc.c5
-rw-r--r--crypto/openssl/crypto/des/qud_cksm.c31
-rw-r--r--crypto/openssl/crypto/des/rand_key.c155
-rw-r--r--crypto/openssl/crypto/des/read_pwd.c19
-rw-r--r--crypto/openssl/crypto/des/rpc_enc.c2
-rw-r--r--crypto/openssl/crypto/des/set_key.c234
-rw-r--r--crypto/openssl/crypto/des/speed.c10
-rw-r--r--crypto/openssl/crypto/des/str2key.c20
-rw-r--r--crypto/openssl/crypto/dh/Makefile.save112
-rw-r--r--crypto/openssl/crypto/dh/Makefile.ssl20
-rw-r--r--crypto/openssl/crypto/dh/dh.h51
-rw-r--r--crypto/openssl/crypto/dh/dh_check.c10
-rw-r--r--crypto/openssl/crypto/dh/dh_err.c3
-rw-r--r--crypto/openssl/crypto/dh/dh_gen.c19
-rw-r--r--crypto/openssl/crypto/dh/dh_key.c65
-rw-r--r--crypto/openssl/crypto/dh/dh_lib.c92
-rw-r--r--crypto/openssl/crypto/dh/dhtest.c12
-rw-r--r--crypto/openssl/crypto/dsa/Makefile.save146
-rw-r--r--crypto/openssl/crypto/dsa/Makefile.ssl31
-rw-r--r--crypto/openssl/crypto/dsa/dsa.h61
-rw-r--r--crypto/openssl/crypto/dsa/dsa_asn1.c4
-rw-r--r--crypto/openssl/crypto/dsa/dsa_err.c4
-rw-r--r--crypto/openssl/crypto/dsa/dsa_gen.c171
-rw-r--r--crypto/openssl/crypto/dsa/dsa_key.c3
-rw-r--r--crypto/openssl/crypto/dsa/dsa_lib.c68
-rw-r--r--crypto/openssl/crypto/dsa/dsa_ossl.c321
-rw-r--r--crypto/openssl/crypto/dsa/dsa_sign.c123
-rw-r--r--crypto/openssl/crypto/dsa/dsa_vrf.c68
-rw-r--r--crypto/openssl/crypto/dsa/dsatest.c28
-rw-r--r--crypto/openssl/crypto/ebcdic.c217
-rw-r--r--crypto/openssl/crypto/ebcdic.h14
-rw-r--r--crypto/openssl/crypto/err/Makefile.save111
-rw-r--r--crypto/openssl/crypto/err/Makefile.ssl21
-rw-r--r--crypto/openssl/crypto/err/err.c126
-rw-r--r--crypto/openssl/crypto/err/err.h10
-rw-r--r--crypto/openssl/crypto/err/err_all.c2
-rw-r--r--crypto/openssl/crypto/err/openssl.ec5
-rw-r--r--crypto/openssl/crypto/evp/Makefile.save1133
-rw-r--r--crypto/openssl/crypto/evp/Makefile.ssl46
-rw-r--r--crypto/openssl/crypto/evp/bio_b64.c18
-rw-r--r--crypto/openssl/crypto/evp/bio_enc.c30
-rw-r--r--crypto/openssl/crypto/evp/bio_md.c17
-rw-r--r--crypto/openssl/crypto/evp/bio_ok.c33
-rw-r--r--crypto/openssl/crypto/evp/c_all.c136
-rw-r--r--crypto/openssl/crypto/evp/c_allc.c149
-rw-r--r--crypto/openssl/crypto/evp/c_alld.c100
-rw-r--r--crypto/openssl/crypto/evp/e_cbc_3d.c10
-rw-r--r--crypto/openssl/crypto/evp/e_cbc_d.c2
-rw-r--r--crypto/openssl/crypto/evp/e_cfb_3d.c10
-rw-r--r--crypto/openssl/crypto/evp/e_cfb_d.c2
-rw-r--r--crypto/openssl/crypto/evp/e_ecb_3d.c10
-rw-r--r--crypto/openssl/crypto/evp/e_ecb_d.c2
-rw-r--r--crypto/openssl/crypto/evp/e_ofb_3d.c10
-rw-r--r--crypto/openssl/crypto/evp/e_ofb_d.c2
-rw-r--r--crypto/openssl/crypto/evp/e_xcbc_d.c2
-rw-r--r--crypto/openssl/crypto/evp/encode.c4
-rw-r--r--crypto/openssl/crypto/evp/evp.h43
-rw-r--r--crypto/openssl/crypto/evp/evp_err.c11
-rw-r--r--crypto/openssl/crypto/evp/evp_key.c11
-rw-r--r--crypto/openssl/crypto/evp/evp_lib.c6
-rw-r--r--crypto/openssl/crypto/evp/evp_pkey.c271
-rw-r--r--crypto/openssl/crypto/evp/names.c5
-rw-r--r--crypto/openssl/crypto/evp/p_lib.c64
-rw-r--r--crypto/openssl/crypto/evp/p_open.c6
-rw-r--r--crypto/openssl/crypto/evp/p_seal.c5
-rw-r--r--crypto/openssl/crypto/ex_data.c40
-rw-r--r--crypto/openssl/crypto/hmac/Makefile.save94
-rw-r--r--crypto/openssl/crypto/hmac/hmac.c8
-rw-r--r--crypto/openssl/crypto/hmac/hmac.h4
-rw-r--r--crypto/openssl/crypto/hmac/hmactest.c2
-rw-r--r--crypto/openssl/crypto/lhash/Makefile.save89
-rw-r--r--crypto/openssl/crypto/lhash/Makefile.ssl7
-rw-r--r--crypto/openssl/crypto/lhash/lhash.c59
-rw-r--r--crypto/openssl/crypto/lhash/lhash.h15
-rw-r--r--crypto/openssl/crypto/md2/Makefile.save88
-rw-r--r--crypto/openssl/crypto/md2/Makefile.ssl4
-rw-r--r--crypto/openssl/crypto/md2/md2.h4
-rw-r--r--crypto/openssl/crypto/md2/md2_dgst.c8
-rw-r--r--crypto/openssl/crypto/md2/md2_one.c2
-rw-r--r--crypto/openssl/crypto/md2/md2test.c4
-rw-r--r--crypto/openssl/crypto/md32_common.h41
-rw-r--r--crypto/openssl/crypto/md5/Makefile.save133
-rw-r--r--crypto/openssl/crypto/md5/Makefile.ssl13
-rw-r--r--crypto/openssl/crypto/md5/md5.h4
-rw-r--r--crypto/openssl/crypto/md5/md5_dgst.c154
-rw-r--r--crypto/openssl/crypto/md5/md5_locl.h21
-rw-r--r--crypto/openssl/crypto/md5/md5_one.c2
-rw-r--r--crypto/openssl/crypto/md5/md5test.c4
-rw-r--r--crypto/openssl/crypto/mdc2/Makefile.save89
-rw-r--r--crypto/openssl/crypto/mdc2/Makefile.ssl4
-rw-r--r--crypto/openssl/crypto/mdc2/mdc2.h5
-rw-r--r--crypto/openssl/crypto/mdc2/mdc2_one.c2
-rw-r--r--crypto/openssl/crypto/mdc2/mdc2dgst.c10
-rw-r--r--crypto/openssl/crypto/mdc2/mdc2test.c2
-rw-r--r--crypto/openssl/crypto/mem.c432
-rw-r--r--crypto/openssl/crypto/mem_dbg.c738
-rw-r--r--crypto/openssl/crypto/objects/Makefile.save106
-rw-r--r--crypto/openssl/crypto/objects/Makefile.ssl3
-rw-r--r--crypto/openssl/crypto/objects/o_names.c106
-rw-r--r--crypto/openssl/crypto/objects/obj_dat.c22
-rw-r--r--crypto/openssl/crypto/objects/obj_dat.h956
-rw-r--r--crypto/openssl/crypto/objects/obj_dat.pl54
-rw-r--r--crypto/openssl/crypto/objects/obj_err.c3
-rw-r--r--crypto/openssl/crypto/objects/objects.h74
-rw-r--r--crypto/openssl/crypto/opensslconf.h31
-rw-r--r--crypto/openssl/crypto/opensslconf.h.in19
-rw-r--r--crypto/openssl/crypto/opensslv.h31
-rw-r--r--crypto/openssl/crypto/pem/Makefile.save188
-rw-r--r--crypto/openssl/crypto/pem/pem.h38
-rw-r--r--crypto/openssl/crypto/pem/pem_all.c94
-rw-r--r--crypto/openssl/crypto/pem/pem_err.c6
-rw-r--r--crypto/openssl/crypto/pem/pem_info.c11
-rw-r--r--crypto/openssl/crypto/pem/pem_lib.c222
-rw-r--r--crypto/openssl/crypto/pem/pem_seal.c6
-rw-r--r--crypto/openssl/crypto/perlasm/x86asm.pl6
-rw-r--r--crypto/openssl/crypto/perlasm/x86ms.pl9
-rw-r--r--crypto/openssl/crypto/perlasm/x86unix.pl14
-rw-r--r--crypto/openssl/crypto/pkcs12/Makefile.save363
-rw-r--r--crypto/openssl/crypto/pkcs12/Makefile.ssl23
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_add.c26
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_attr.c10
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_bags.c8
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_crpt.c2
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_crt.c6
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_decr.c2
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_init.c6
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_key.c31
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_kiss.c120
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_lib.c4
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_mac.c16
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_mutl.c13
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_npas.c212
-rw-r--r--crypto/openssl/crypto/pkcs12/pk12err.c5
-rw-r--r--crypto/openssl/crypto/pkcs12/pkcs12.h7
-rw-r--r--crypto/openssl/crypto/pkcs7/Makefile.save202
-rw-r--r--crypto/openssl/crypto/pkcs7/Makefile.ssl85
-rw-r--r--crypto/openssl/crypto/pkcs7/bio_ber.c18
-rw-r--r--crypto/openssl/crypto/pkcs7/dec.c12
-rw-r--r--crypto/openssl/crypto/pkcs7/enc.c15
-rw-r--r--crypto/openssl/crypto/pkcs7/example.c15
-rw-r--r--crypto/openssl/crypto/pkcs7/pk7_attr.c85
-rw-r--r--crypto/openssl/crypto/pkcs7/pk7_doit.c122
-rw-r--r--crypto/openssl/crypto/pkcs7/pk7_lib.c54
-rw-r--r--crypto/openssl/crypto/pkcs7/pk7_mime.c673
-rw-r--r--crypto/openssl/crypto/pkcs7/pk7_smime.c427
-rw-r--r--crypto/openssl/crypto/pkcs7/pkcs7.h85
-rw-r--r--crypto/openssl/crypto/pkcs7/pkcs7err.c42
-rw-r--r--crypto/openssl/crypto/pkcs7/sign.c13
-rw-r--r--crypto/openssl/crypto/pkcs7/verify.c11
-rw-r--r--crypto/openssl/crypto/rand/Makefile.save92
-rw-r--r--crypto/openssl/crypto/rand/Makefile.ssl17
-rw-r--r--crypto/openssl/crypto/rand/md_rand.c433
-rw-r--r--crypto/openssl/crypto/rand/rand.h38
-rw-r--r--crypto/openssl/crypto/rand/rand_egd.c110
-rw-r--r--crypto/openssl/crypto/rand/rand_err.c94
-rw-r--r--crypto/openssl/crypto/rand/rand_lib.c25
-rw-r--r--crypto/openssl/crypto/rand/randfile.c98
-rw-r--r--crypto/openssl/crypto/rand/randtest.c2
-rw-r--r--crypto/openssl/crypto/rc2/Makefile.save90
-rw-r--r--crypto/openssl/crypto/rc2/rc2speed.c2
-rw-r--r--crypto/openssl/crypto/rc2/rc2test.c6
-rw-r--r--crypto/openssl/crypto/rc4/Makefile.save113
-rw-r--r--crypto/openssl/crypto/rc4/Makefile.ssl5
-rw-r--r--crypto/openssl/crypto/rc4/rc4.h4
-rw-r--r--crypto/openssl/crypto/rc4/rc4_enc.c186
-rw-r--r--crypto/openssl/crypto/rc4/rc4_skey.c2
-rw-r--r--crypto/openssl/crypto/rc4/rc4speed.c2
-rw-r--r--crypto/openssl/crypto/rc4/rc4test.c8
-rw-r--r--crypto/openssl/crypto/rc5/Makefile.save112
-rw-r--r--crypto/openssl/crypto/rc5/Makefile.ssl4
-rw-r--r--crypto/openssl/crypto/rc5/rc5_locl.h2
-rw-r--r--crypto/openssl/crypto/rc5/rc5speed.c2
-rw-r--r--crypto/openssl/crypto/rc5/rc5test.c16
-rw-r--r--crypto/openssl/crypto/ripemd/Makefile.save108
-rw-r--r--crypto/openssl/crypto/ripemd/Makefile.ssl9
-rw-r--r--crypto/openssl/crypto/ripemd/asm/rips.cpp6
-rw-r--r--crypto/openssl/crypto/ripemd/asm/rmd-586.pl108
-rw-r--r--crypto/openssl/crypto/ripemd/ripemd.h27
-rw-r--r--crypto/openssl/crypto/ripemd/rmd_dgst.c448
-rw-r--r--crypto/openssl/crypto/ripemd/rmd_locl.h182
-rw-r--r--crypto/openssl/crypto/ripemd/rmd_one.c5
-rw-r--r--crypto/openssl/crypto/ripemd/rmdtest.c4
-rw-r--r--crypto/openssl/crypto/rsa/Makefile.save181
-rw-r--r--crypto/openssl/crypto/rsa/Makefile.ssl45
-rw-r--r--crypto/openssl/crypto/rsa/rsa.h33
-rw-r--r--crypto/openssl/crypto/rsa/rsa_err.c8
-rw-r--r--crypto/openssl/crypto/rsa/rsa_gen.c12
-rw-r--r--crypto/openssl/crypto/rsa/rsa_lib.c24
-rw-r--r--crypto/openssl/crypto/rsa/rsa_null.c149
-rw-r--r--crypto/openssl/crypto/rsa/rsa_oaep.c3
-rw-r--r--crypto/openssl/crypto/rsa/rsa_pk1.c18
-rw-r--r--crypto/openssl/crypto/rsa/rsa_saos.c2
-rw-r--r--crypto/openssl/crypto/rsa/rsa_sign.c153
-rw-r--r--crypto/openssl/crypto/rsa/rsa_ssl.c11
-rw-r--r--crypto/openssl/crypto/rsa/rsa_test.c314
-rw-r--r--crypto/openssl/crypto/sha/Makefile.save111
-rw-r--r--crypto/openssl/crypto/sha/Makefile.ssl9
-rw-r--r--crypto/openssl/crypto/sha/asm/sha1-586.pl107
-rw-r--r--crypto/openssl/crypto/sha/sha.h10
-rw-r--r--crypto/openssl/crypto/sha/sha1dgst.c437
-rw-r--r--crypto/openssl/crypto/sha/sha1s.cpp5
-rw-r--r--crypto/openssl/crypto/sha/sha1test.c10
-rw-r--r--crypto/openssl/crypto/sha/sha_dgst.c435
-rw-r--r--crypto/openssl/crypto/sha/sha_locl.h561
-rw-r--r--crypto/openssl/crypto/sha/shatest.c10
-rw-r--r--crypto/openssl/crypto/stack/Makefile.save86
-rw-r--r--crypto/openssl/crypto/stack/Makefile.ssl3
-rw-r--r--crypto/openssl/crypto/stack/stack.c8
-rw-r--r--crypto/openssl/crypto/stack/stack.h4
-rw-r--r--crypto/openssl/crypto/threads/README14
-rw-r--r--crypto/openssl/crypto/threads/mttest.c122
-rw-r--r--crypto/openssl/crypto/threads/profile.sh4
-rw-r--r--crypto/openssl/crypto/threads/pthread.sh9
-rwxr-xr-xcrypto/openssl/crypto/threads/pthread2.sh7
-rw-r--r--crypto/openssl/crypto/threads/purify.sh4
-rw-r--r--crypto/openssl/crypto/threads/solaris.sh4
-rw-r--r--crypto/openssl/crypto/threads/th-lock.c55
-rw-r--r--crypto/openssl/crypto/txt_db/Makefile.save87
-rw-r--r--crypto/openssl/crypto/txt_db/Makefile.ssl5
-rw-r--r--crypto/openssl/crypto/txt_db/txt_db.c8
-rw-r--r--crypto/openssl/crypto/x509/Makefile.save473
-rw-r--r--crypto/openssl/crypto/x509/Makefile.ssl123
-rw-r--r--crypto/openssl/crypto/x509/by_dir.c19
-rw-r--r--crypto/openssl/crypto/x509/by_file.c63
-rw-r--r--crypto/openssl/crypto/x509/x509.h241
-rw-r--r--crypto/openssl/crypto/x509/x509_att.c326
-rw-r--r--crypto/openssl/crypto/x509/x509_cmp.c23
-rw-r--r--crypto/openssl/crypto/x509/x509_d2.c8
-rw-r--r--crypto/openssl/crypto/x509/x509_def.c2
-rw-r--r--crypto/openssl/crypto/x509/x509_err.c20
-rw-r--r--crypto/openssl/crypto/x509/x509_ext.c17
-rw-r--r--crypto/openssl/crypto/x509/x509_lu.c26
-rw-r--r--crypto/openssl/crypto/x509/x509_r2x.c2
-rw-r--r--crypto/openssl/crypto/x509/x509_req.c165
-rw-r--r--crypto/openssl/crypto/x509/x509_set.c14
-rw-r--r--crypto/openssl/crypto/x509/x509_trs.c264
-rw-r--r--crypto/openssl/crypto/x509/x509_txt.c11
-rw-r--r--crypto/openssl/crypto/x509/x509_v3.c3
-rw-r--r--crypto/openssl/crypto/x509/x509_vfy.c220
-rw-r--r--crypto/openssl/crypto/x509/x509_vfy.h20
-rw-r--r--crypto/openssl/crypto/x509/x509name.c66
-rw-r--r--crypto/openssl/crypto/x509/x509spki.c121
-rw-r--r--crypto/openssl/crypto/x509/x_all.c100
-rw-r--r--crypto/openssl/crypto/x509v3/Makefile.save469
-rw-r--r--crypto/openssl/crypto/x509v3/Makefile.ssl43
-rw-r--r--crypto/openssl/crypto/x509v3/ext_dat.h97
-rw-r--r--crypto/openssl/crypto/x509v3/tabtest.c88
-rw-r--r--crypto/openssl/crypto/x509v3/v3_akey.c12
-rw-r--r--crypto/openssl/crypto/x509v3/v3_alt.c9
-rw-r--r--crypto/openssl/crypto/x509v3/v3_bcons.c4
-rw-r--r--crypto/openssl/crypto/x509v3/v3_bitst.c10
-rw-r--r--crypto/openssl/crypto/x509v3/v3_conf.c34
-rw-r--r--crypto/openssl/crypto/x509v3/v3_cpols.c14
-rw-r--r--crypto/openssl/crypto/x509v3/v3_crld.c18
-rw-r--r--crypto/openssl/crypto/x509v3/v3_enum.c13
-rw-r--r--crypto/openssl/crypto/x509v3/v3_genn.c70
-rw-r--r--crypto/openssl/crypto/x509v3/v3_ia5.c13
-rw-r--r--crypto/openssl/crypto/x509v3/v3_info.c236
-rw-r--r--crypto/openssl/crypto/x509v3/v3_int.c13
-rw-r--r--crypto/openssl/crypto/x509v3/v3_lib.c88
-rw-r--r--crypto/openssl/crypto/x509v3/v3_pku.c6
-rw-r--r--crypto/openssl/crypto/x509v3/v3_prn.c16
-rw-r--r--crypto/openssl/crypto/x509v3/v3_purp.c463
-rw-r--r--crypto/openssl/crypto/x509v3/v3_skey.c21
-rw-r--r--crypto/openssl/crypto/x509v3/v3_sxnet.c28
-rw-r--r--crypto/openssl/crypto/x509v3/v3_utl.c2
-rw-r--r--crypto/openssl/crypto/x509v3/v3err.c7
-rw-r--r--crypto/openssl/crypto/x509v3/x509v3.h136
-rw-r--r--crypto/openssl/demos/bio/saccept.c2
-rw-r--r--crypto/openssl/demos/bio/sconnect.c2
-rw-r--r--crypto/openssl/demos/selfsign.c54
-rw-r--r--crypto/openssl/demos/ssl/cli.cpp1
-rw-r--r--crypto/openssl/doc/README10
-rw-r--r--crypto/openssl/doc/apps/CA.pl.pod167
-rw-r--r--crypto/openssl/doc/apps/asn1parse.pod129
-rw-r--r--crypto/openssl/doc/apps/ca.pod479
-rw-r--r--crypto/openssl/doc/apps/ciphers.pod342
-rw-r--r--crypto/openssl/doc/apps/config.pod138
-rw-r--r--crypto/openssl/doc/apps/crl.pod117
-rw-r--r--crypto/openssl/doc/apps/crl2pkcs7.pod90
-rw-r--r--crypto/openssl/doc/apps/dgst.pod49
-rw-r--r--crypto/openssl/doc/apps/dhparam.pod133
-rw-r--r--crypto/openssl/doc/apps/dsa.pod150
-rw-r--r--crypto/openssl/doc/apps/dsaparam.pod102
-rw-r--r--crypto/openssl/doc/apps/enc.pod257
-rw-r--r--crypto/openssl/doc/apps/gendsa.pod58
-rw-r--r--crypto/openssl/doc/apps/genrsa.pod88
-rw-r--r--crypto/openssl/doc/apps/nseq.pod70
-rw-r--r--crypto/openssl/doc/apps/openssl.pod325
-rw-r--r--crypto/openssl/doc/apps/passwd.pod69
-rw-r--r--crypto/openssl/doc/apps/pkcs12.pod310
-rw-r--r--crypto/openssl/doc/apps/pkcs7.pod97
-rw-r--r--crypto/openssl/doc/apps/pkcs8.pod235
-rw-r--r--crypto/openssl/doc/apps/rand.pod50
-rw-r--r--crypto/openssl/doc/apps/req.pod528
-rw-r--r--crypto/openssl/doc/apps/rsa.pod156
-rw-r--r--crypto/openssl/doc/apps/s_client.pod221
-rw-r--r--crypto/openssl/doc/apps/s_server.pod265
-rw-r--r--crypto/openssl/doc/apps/sess_id.pod151
-rw-r--r--crypto/openssl/doc/apps/smime.pod325
-rw-r--r--crypto/openssl/doc/apps/speed.pod45
-rw-r--r--crypto/openssl/doc/apps/spkac.pod127
-rw-r--r--crypto/openssl/doc/apps/verify.pod273
-rw-r--r--crypto/openssl/doc/apps/version.pod56
-rw-r--r--crypto/openssl/doc/apps/x509.pod544
-rw-r--r--crypto/openssl/doc/c-indentation.el11
-rw-r--r--crypto/openssl/doc/crypto/BN_CTX_new.pod53
-rw-r--r--crypto/openssl/doc/crypto/BN_CTX_start.pod51
-rw-r--r--crypto/openssl/doc/crypto/BN_add.pod99
-rw-r--r--crypto/openssl/doc/crypto/BN_add_word.pod57
-rw-r--r--crypto/openssl/doc/crypto/BN_bn2bin.pod95
-rw-r--r--crypto/openssl/doc/crypto/BN_cmp.pod48
-rw-r--r--crypto/openssl/doc/crypto/BN_copy.pod34
-rw-r--r--crypto/openssl/doc/crypto/BN_generate_prime.pod102
-rw-r--r--crypto/openssl/doc/crypto/BN_mod_inverse.pod36
-rw-r--r--crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod95
-rw-r--r--crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod81
-rw-r--r--crypto/openssl/doc/crypto/BN_new.pod53
-rw-r--r--crypto/openssl/doc/crypto/BN_num_bytes.pod37
-rw-r--r--crypto/openssl/doc/crypto/BN_rand.pod45
-rw-r--r--crypto/openssl/doc/crypto/BN_set_bit.pod66
-rw-r--r--crypto/openssl/doc/crypto/BN_zero.pod55
-rw-r--r--crypto/openssl/doc/crypto/CRYPTO_set_ex_data.pod51
-rw-r--r--crypto/openssl/doc/crypto/DH_generate_key.pod50
-rw-r--r--crypto/openssl/doc/crypto/DH_generate_parameters.pod72
-rw-r--r--crypto/openssl/doc/crypto/DH_get_ex_new_index.pod36
-rw-r--r--crypto/openssl/doc/crypto/DH_new.pod40
-rw-r--r--crypto/openssl/doc/crypto/DH_set_method.pod99
-rw-r--r--crypto/openssl/doc/crypto/DH_size.pod33
-rw-r--r--crypto/openssl/doc/crypto/DSA_SIG_new.pod39
-rw-r--r--crypto/openssl/doc/crypto/DSA_do_sign.pod47
-rw-r--r--crypto/openssl/doc/crypto/DSA_dup_DH.pod36
-rw-r--r--crypto/openssl/doc/crypto/DSA_generate_key.pod33
-rw-r--r--crypto/openssl/doc/crypto/DSA_generate_parameters.pod105
-rw-r--r--crypto/openssl/doc/crypto/DSA_get_ex_new_index.pod36
-rw-r--r--crypto/openssl/doc/crypto/DSA_new.pod41
-rw-r--r--crypto/openssl/doc/crypto/DSA_set_method.pod112
-rw-r--r--crypto/openssl/doc/crypto/DSA_sign.pod66
-rw-r--r--crypto/openssl/doc/crypto/DSA_size.pod33
-rw-r--r--crypto/openssl/doc/crypto/ERR_GET_LIB.pod51
-rw-r--r--crypto/openssl/doc/crypto/ERR_clear_error.pod29
-rw-r--r--crypto/openssl/doc/crypto/ERR_error_string.pod65
-rw-r--r--crypto/openssl/doc/crypto/ERR_get_error.pod62
-rw-r--r--crypto/openssl/doc/crypto/ERR_load_crypto_strings.pod46
-rw-r--r--crypto/openssl/doc/crypto/ERR_load_strings.pod54
-rw-r--r--crypto/openssl/doc/crypto/ERR_print_errors.pod51
-rw-r--r--crypto/openssl/doc/crypto/ERR_put_error.pod44
-rw-r--r--crypto/openssl/doc/crypto/ERR_remove_state.pod34
-rw-r--r--crypto/openssl/doc/crypto/EVP_DigestInit.pod197
-rw-r--r--crypto/openssl/doc/crypto/EVP_EncryptInit.pod224
-rw-r--r--crypto/openssl/doc/crypto/EVP_OpenInit.pod51
-rw-r--r--crypto/openssl/doc/crypto/EVP_SealInit.pod70
-rw-r--r--crypto/openssl/doc/crypto/EVP_SignInit.pod85
-rw-r--r--crypto/openssl/doc/crypto/EVP_VerifyInit.pod71
-rw-r--r--crypto/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod46
-rw-r--r--crypto/openssl/doc/crypto/OpenSSL_add_all_algorithms.pod65
-rw-r--r--crypto/openssl/doc/crypto/RAND_add.pod77
-rw-r--r--crypto/openssl/doc/crypto/RAND_bytes.pod46
-rw-r--r--crypto/openssl/doc/crypto/RAND_cleanup.pod29
-rw-r--r--crypto/openssl/doc/crypto/RAND_egd.pod38
-rw-r--r--crypto/openssl/doc/crypto/RAND_load_file.pod53
-rw-r--r--crypto/openssl/doc/crypto/RAND_set_rand_method.pod59
-rw-r--r--crypto/openssl/doc/crypto/RSA_blinding_on.pod43
-rw-r--r--crypto/openssl/doc/crypto/RSA_check_key.pod39
-rw-r--r--crypto/openssl/doc/crypto/RSA_generate_key.pod68
-rw-r--r--crypto/openssl/doc/crypto/RSA_get_ex_new_index.pod122
-rw-r--r--crypto/openssl/doc/crypto/RSA_new.pod38
-rw-r--r--crypto/openssl/doc/crypto/RSA_padding_add_PKCS1_type_1.pod124
-rw-r--r--crypto/openssl/doc/crypto/RSA_print.pod48
-rw-r--r--crypto/openssl/doc/crypto/RSA_private_encrypt.pod69
-rw-r--r--crypto/openssl/doc/crypto/RSA_public_encrypt.pod86
-rw-r--r--crypto/openssl/doc/crypto/RSA_set_method.pod154
-rw-r--r--crypto/openssl/doc/crypto/RSA_sign.pod62
-rw-r--r--crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod59
-rw-r--r--crypto/openssl/doc/crypto/RSA_size.pod33
-rw-r--r--crypto/openssl/doc/crypto/blowfish.pod109
-rw-r--r--crypto/openssl/doc/crypto/bn.pod148
-rw-r--r--crypto/openssl/doc/crypto/bn_internal.pod225
-rw-r--r--crypto/openssl/doc/crypto/buffer.pod73
-rw-r--r--crypto/openssl/doc/crypto/crypto.pod67
-rw-r--r--crypto/openssl/doc/crypto/d2i_DHparams.pod30
-rw-r--r--crypto/openssl/doc/crypto/d2i_RSAPublicKey.pod39
-rw-r--r--crypto/openssl/doc/crypto/des.pod376
-rw-r--r--crypto/openssl/doc/crypto/des_modes.pod253
-rw-r--r--crypto/openssl/doc/crypto/dh.pod68
-rw-r--r--crypto/openssl/doc/crypto/dsa.pod104
-rw-r--r--crypto/openssl/doc/crypto/err.pod187
-rw-r--r--crypto/openssl/doc/crypto/hmac.pod75
-rw-r--r--crypto/openssl/doc/crypto/lh_stats.pod60
-rw-r--r--crypto/openssl/doc/crypto/lhash.pod155
-rw-r--r--crypto/openssl/doc/crypto/md5.pod85
-rw-r--r--crypto/openssl/doc/crypto/mdc2.pod64
-rw-r--r--crypto/openssl/doc/crypto/rand.pod158
-rw-r--r--crypto/openssl/doc/crypto/rc4.pod62
-rw-r--r--crypto/openssl/doc/crypto/ripemd.pod66
-rw-r--r--crypto/openssl/doc/crypto/rsa.pod116
-rw-r--r--crypto/openssl/doc/crypto/sha.pod70
-rw-r--r--crypto/openssl/doc/crypto/threads.pod70
-rw-r--r--crypto/openssl/doc/openssl.txt120
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_error.pod91
-rw-r--r--crypto/openssl/doc/ssl/ssl.pod634
-rw-r--r--crypto/openssl/doc/ssleay.txt4
-rw-r--r--crypto/openssl/e_os.h160
-rw-r--r--crypto/openssl/rsaref/Makefile.save99
-rw-r--r--crypto/openssl/rsaref/Makefile.ssl5
-rw-r--r--crypto/openssl/rsaref/rsar_err.c3
-rw-r--r--crypto/openssl/rsaref/rsaref.c9
-rw-r--r--crypto/openssl/shlib/Makefile.hpux10-cc51
-rw-r--r--crypto/openssl/shlib/hpux10-cc.sh90
-rw-r--r--crypto/openssl/ssl/Makefile.save831
-rw-r--r--crypto/openssl/ssl/Makefile.ssl47
-rw-r--r--crypto/openssl/ssl/bio_ssl.c33
-rw-r--r--crypto/openssl/ssl/s23_clnt.c16
-rw-r--r--crypto/openssl/ssl/s23_lib.c17
-rw-r--r--crypto/openssl/ssl/s23_pkt.c2
-rw-r--r--crypto/openssl/ssl/s23_srvr.c135
-rw-r--r--crypto/openssl/ssl/s2_clnt.c77
-rw-r--r--crypto/openssl/ssl/s2_enc.c9
-rw-r--r--crypto/openssl/ssl/s2_lib.c100
-rw-r--r--crypto/openssl/ssl/s2_meth.c10
-rw-r--r--crypto/openssl/ssl/s2_pkt.c10
-rw-r--r--crypto/openssl/ssl/s2_srvr.c23
-rw-r--r--crypto/openssl/ssl/s3_both.c164
-rw-r--r--crypto/openssl/ssl/s3_clnt.c45
-rw-r--r--crypto/openssl/ssl/s3_enc.c18
-rw-r--r--crypto/openssl/ssl/s3_lib.c434
-rw-r--r--crypto/openssl/ssl/s3_pkt.c761
-rw-r--r--crypto/openssl/ssl/s3_srvr.c187
-rw-r--r--crypto/openssl/ssl/ssl.h123
-rw-r--r--crypto/openssl/ssl/ssl2.h4
-rw-r--r--crypto/openssl/ssl/ssl3.h95
-rw-r--r--crypto/openssl/ssl/ssl_asn1.c32
-rw-r--r--crypto/openssl/ssl/ssl_cert.c60
-rw-r--r--crypto/openssl/ssl/ssl_ciph.c826
-rw-r--r--crypto/openssl/ssl/ssl_err.c22
-rw-r--r--crypto/openssl/ssl/ssl_lib.c178
-rw-r--r--crypto/openssl/ssl/ssl_locl.h152
-rw-r--r--crypto/openssl/ssl/ssl_sess.c89
-rw-r--r--crypto/openssl/ssl/ssl_stat.c8
-rw-r--r--crypto/openssl/ssl/ssl_task.c2
-rw-r--r--crypto/openssl/ssl/ssl_txt.c7
-rw-r--r--crypto/openssl/ssl/ssltest.c492
-rw-r--r--crypto/openssl/ssl/t1_enc.c6
-rw-r--r--crypto/openssl/ssl/t1_lib.c14
-rw-r--r--crypto/openssl/ssl/tls1.h6
-rw-r--r--crypto/openssl/test/Makefile.save400
-rw-r--r--crypto/openssl/test/Makefile.ssl74
-rw-r--r--crypto/openssl/test/testgen14
-rw-r--r--crypto/openssl/test/testss13
-rw-r--r--crypto/openssl/test/testssl109
-rw-r--r--crypto/openssl/test/treq5
-rw-r--r--crypto/openssl/test/trsa5
-rwxr-xr-xcrypto/openssl/util/domd2
-rwxr-xr-xcrypto/openssl/util/libeay.num406
-rwxr-xr-xcrypto/openssl/util/mk1mf.pl3
-rwxr-xr-xcrypto/openssl/util/mkdef.pl139
-rw-r--r--crypto/openssl/util/mkerr.pl28
-rw-r--r--crypto/openssl/util/pl/BC-32.pl4
-rw-r--r--crypto/openssl/util/pl/VC-32.pl2
-rwxr-xr-xcrypto/openssl/util/pod2man.pl1181
-rw-r--r--crypto/openssl/util/selftest.pl188
-rwxr-xr-xcrypto/openssl/util/ssleay.num10
713 files changed, 56254 insertions, 9597 deletions
diff --git a/crypto/openssl/CHANGES b/crypto/openssl/CHANGES
index d0db7eaf61bb..29f3c28bb517 100644
--- a/crypto/openssl/CHANGES
+++ b/crypto/openssl/CHANGES
@@ -2,6 +2,1237 @@
OpenSSL CHANGES
_______________
+ Changes between 0.9.5 and 0.9.5a [1 Apr 2000]
+
+ *) Make sure _lrotl and _lrotr are only used with MSVC.
+
+ *) Use lock CRYPTO_LOCK_RAND correctly in ssleay_rand_status
+ (the default implementation of RAND_status).
+
+ *) Rename openssl x509 option '-crlext', which was added in 0.9.5,
+ to '-clrext' (= clear extensions), as intended and documented.
+ [Bodo Moeller; inconsistency pointed out by Michael Attili
+ <attili@amaxo.com>]
+
+ *) Fix for HMAC. It wasn't zeroing the rest of the block if the key length
+ was larger than the MD block size.
+ [Steve Henson, pointed out by Yost William <YostW@tce.com>]
+
+ *) Modernise PKCS12_parse() so it uses STACK_OF(X509) for its ca argument
+ fix a leak when the ca argument was passed as NULL. Stop X509_PUBKEY_set()
+ using the passed key: if the passed key was a private key the result
+ of X509_print(), for example, would be to print out all the private key
+ components.
+ [Steve Henson]
+
+ *) des_quad_cksum() byte order bug fix.
+ [Ulf Möller, using the problem description in krb4-0.9.7, where
+ the solution is attributed to Derrick J Brashear <shadow@DEMENTIA.ORG>]
+
+ *) Fix so V_ASN1_APP_CHOOSE works again: however its use is strongly
+ discouraged.
+ [Steve Henson, pointed out by Brian Korver <briank@cs.stanford.edu>]
+
+ *) For easily testing in shell scripts whether some command
+ 'openssl XXX' exists, the new pseudo-command 'openssl no-XXX'
+ returns with exit code 0 iff no command of the given name is available.
+ 'no-XXX' is printed in this case, 'XXX' otherwise. In both cases,
+ the output goes to stdout and nothing is printed to stderr.
+ Additional arguments are always ignored.
+
+ Since for each cipher there is a command of the same name,
+ the 'no-cipher' compilation switches can be tested this way.
+
+ ('openssl no-XXX' is not able to detect pseudo-commands such
+ as 'quit', 'list-XXX-commands', or 'no-XXX' itself.)
+ [Bodo Moeller]
+
+ *) Update test suite so that 'make test' succeeds in 'no-rsa' configuration.
+ [Bodo Moeller]
+
+ *) For SSL_[CTX_]set_tmp_dh, don't create a DH key if SSL_OP_SINGLE_DH_USE
+ is set; it will be thrown away anyway because each handshake creates
+ its own key.
+ ssl_cert_dup, which is used by SSL_new, now copies DH keys in addition
+ to parameters -- in previous versions (since OpenSSL 0.9.3) the
+ 'default key' from SSL_CTX_set_tmp_dh would always be lost, meanining
+ you effectivly got SSL_OP_SINGLE_DH_USE when using this macro.
+ [Bodo Moeller]
+
+ *) New s_client option -ign_eof: EOF at stdin is ignored, and
+ 'Q' and 'R' lose their special meanings (quit/renegotiate).
+ This is part of what -quiet does; unlike -quiet, -ign_eof
+ does not suppress any output.
+ [Richard Levitte]
+
+ *) Add compatibility options to the purpose and trust code. The
+ purpose X509_PURPOSE_ANY is "any purpose" which automatically
+ accepts a certificate or CA, this was the previous behaviour,
+ with all the associated security issues.
+
+ X509_TRUST_COMPAT is the old trust behaviour: only and
+ automatically trust self signed roots in certificate store. A
+ new trust setting X509_TRUST_DEFAULT is used to specify that
+ a purpose has no associated trust setting and it should instead
+ use the value in the default purpose.
+ [Steve Henson]
+
+ *) Fix the PKCS#8 DSA private key code so it decodes keys again
+ and fix a memory leak.
+ [Steve Henson]
+
+ *) In util/mkerr.pl (which implements 'make errors'), preserve
+ reason strings from the previous version of the .c file, as
+ the default to have only downcase letters (and digits) in
+ automatically generated reasons codes is not always appropriate.
+ [Bodo Moeller]
+
+ *) In ERR_load_ERR_strings(), build an ERR_LIB_SYS error reason table
+ using strerror. Previously, ERR_reason_error_string() returned
+ library names as reason strings for SYSerr; but SYSerr is a special
+ case where small numbers are errno values, not library numbers.
+ [Bodo Moeller]
+
+ *) Add '-dsaparam' option to 'openssl dhparam' application. This
+ converts DSA parameters into DH parameters. (When creating parameters,
+ DSA_generate_parameters is used.)
+ [Bodo Moeller]
+
+ *) Include 'length' (recommended exponent length) in C code generated
+ by 'openssl dhparam -C'.
+ [Bodo Moeller]
+
+ *) The second argument to set_label in perlasm was already being used
+ so couldn't be used as a "file scope" flag. Moved to third argument
+ which was free.
+ [Steve Henson]
+
+ *) In PEM_ASN1_write_bio and some other functions, use RAND_pseudo_bytes
+ instead of RAND_bytes for encryption IVs and salts.
+ [Bodo Moeller]
+
+ *) Include RAND_status() into RAND_METHOD instead of implementing
+ it only for md_rand.c Otherwise replacing the PRNG by calling
+ RAND_set_rand_method would be impossible.
+ [Bodo Moeller]
+
+ *) Don't let DSA_generate_key() enter an infinite loop if the random
+ number generation fails.
+ [Bodo Moeller]
+
+ *) New 'rand' application for creating pseudo-random output.
+ [Bodo Moeller]
+
+ *) Added configuration support for Linux/IA64
+ [Rolf Haberrecker <rolf@suse.de>]
+
+ *) Assembler module support for Mingw32.
+ [Ulf Möller]
+
+ *) Shared library support for HPUX (in shlib/).
+ [Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> and Anonymous]
+
+ *) Shared library support for Solaris gcc.
+ [Lutz Behnke <behnke@trustcenter.de>]
+
+ Changes between 0.9.4 and 0.9.5 [28 Feb 2000]
+
+ *) PKCS7_encrypt() was adding text MIME headers twice because they
+ were added manually and by SMIME_crlf_copy().
+ [Steve Henson]
+
+ *) In bntest.c don't call BN_rand with zero bits argument.
+ [Steve Henson, pointed out by Andrew W. Gray <agray@iconsinc.com>]
+
+ *) BN_mul bugfix: In bn_mul_part_recursion() only the a>a[n] && b>b[n]
+ case was implemented. This caused BN_div_recp() to fail occasionally.
+ [Ulf Möller]
+
+ *) Add an optional second argument to the set_label() in the perl
+ assembly language builder. If this argument exists and is set
+ to 1 it signals that the assembler should use a symbol whose
+ scope is the entire file, not just the current function. This
+ is needed with MASM which uses the format label:: for this scope.
+ [Steve Henson, pointed out by Peter Runestig <peter@runestig.com>]
+
+ *) Change the ASN1 types so they are typedefs by default. Before
+ almost all types were #define'd to ASN1_STRING which was causing
+ STACK_OF() problems: you couldn't declare STACK_OF(ASN1_UTF8STRING)
+ for example.
+ [Steve Henson]
+
+ *) Change names of new functions to the new get1/get0 naming
+ convention: After 'get1', the caller owns a reference count
+ and has to call ..._free; 'get0' returns a pointer to some
+ data structure without incrementing reference counters.
+ (Some of the existing 'get' functions increment a reference
+ counter, some don't.)
+ Similarly, 'set1' and 'add1' functions increase reference
+ counters or duplicate objects.
+ [Steve Henson]
+
+ *) Allow for the possibility of temp RSA key generation failure:
+ the code used to assume it always worked and crashed on failure.
+ [Steve Henson]
+
+ *) Fix potential buffer overrun problem in BIO_printf().
+ [Ulf Möller, using public domain code by Patrick Powell; problem
+ pointed out by David Sacerdote <das33@cornell.edu>]
+
+ *) Support EGD <http://www.lothar.com/tech/crypto/>. New functions
+ RAND_egd() and RAND_status(). In the command line application,
+ the EGD socket can be specified like a seed file using RANDFILE
+ or -rand.
+ [Ulf Möller]
+
+ *) Allow the string CERTIFICATE to be tolerated in PKCS#7 structures.
+ Some CAs (e.g. Verisign) distribute certificates in this form.
+ [Steve Henson]
+
+ *) Remove the SSL_ALLOW_ADH compile option and set the default cipher
+ list to exclude them. This means that no special compilation option
+ is needed to use anonymous DH: it just needs to be included in the
+ cipher list.
+ [Steve Henson]
+
+ *) Change the EVP_MD_CTX_type macro so its meaning consistent with
+ EVP_MD_type. The old functionality is available in a new macro called
+ EVP_MD_md(). Change code that uses it and update docs.
+ [Steve Henson]
+
+ *) ..._ctrl functions now have corresponding ..._callback_ctrl functions
+ where the 'void *' argument is replaced by a function pointer argument.
+ Previously 'void *' was abused to point to functions, which works on
+ many platforms, but is not correct. As these functions are usually
+ called by macros defined in OpenSSL header files, most source code
+ should work without changes.
+ [Richard Levitte]
+
+ *) <openssl/opensslconf.h> (which is created by Configure) now contains
+ sections with information on -D... compiler switches used for
+ compiling the library so that applications can see them. To enable
+ one of these sections, a pre-processor symbol OPENSSL_..._DEFINES
+ must be defined. E.g.,
+ #define OPENSSL_ALGORITHM_DEFINES
+ #include <openssl/opensslconf.h>
+ defines all pertinent NO_<algo> symbols, such as NO_IDEA, NO_RSA, etc.
+ [Richard Levitte, Ulf and Bodo Möller]
+
+ *) Bugfix: Tolerate fragmentation and interleaving in the SSL 3/TLS
+ record layer.
+ [Bodo Moeller]
+
+ *) Change the 'other' type in certificate aux info to a STACK_OF
+ X509_ALGOR. Although not an AlgorithmIdentifier as such it has
+ the required ASN1 format: arbitrary types determined by an OID.
+ [Steve Henson]
+
+ *) Add some PEM_write_X509_REQ_NEW() functions and a command line
+ argument to 'req'. This is not because the function is newer or
+ better than others it just uses the work 'NEW' in the certificate
+ request header lines. Some software needs this.
+ [Steve Henson]
+
+ *) Reorganise password command line arguments: now passwords can be
+ obtained from various sources. Delete the PEM_cb function and make
+ it the default behaviour: i.e. if the callback is NULL and the
+ usrdata argument is not NULL interpret it as a null terminated pass
+ phrase. If usrdata and the callback are NULL then the pass phrase
+ is prompted for as usual.
+ [Steve Henson]
+
+ *) Add support for the Compaq Atalla crypto accelerator. If it is installed,
+ the support is automatically enabled. The resulting binaries will
+ autodetect the card and use it if present.
+ [Ben Laurie and Compaq Inc.]
+
+ *) Work around for Netscape hang bug. This sends certificate request
+ and server done in one record. Since this is perfectly legal in the
+ SSL/TLS protocol it isn't a "bug" option and is on by default. See
+ the bugs/SSLv3 entry for more info.
+ [Steve Henson]
+
+ *) HP-UX tune-up: new unified configs, HP C compiler bug workaround.
+ [Andy Polyakov]
+
+ *) Add -rand argument to smime and pkcs12 applications and read/write
+ of seed file.
+ [Steve Henson]
+
+ *) New 'passwd' tool for crypt(3) and apr1 password hashes.
+ [Bodo Moeller]
+
+ *) Add command line password options to the remaining applications.
+ [Steve Henson]
+
+ *) Bug fix for BN_div_recp() for numerators with an even number of
+ bits.
+ [Ulf Möller]
+
+ *) More tests in bntest.c, and changed test_bn output.
+ [Ulf Möller]
+
+ *) ./config recognizes MacOS X now.
+ [Andy Polyakov]
+
+ *) Bug fix for BN_div() when the first words of num and divsor are
+ equal (it gave wrong results if (rem=(n1-q*d0)&BN_MASK2) < d0).
+ [Ulf Möller]
+
+ *) Add support for various broken PKCS#8 formats, and command line
+ options to produce them.
+ [Steve Henson]
+
+ *) New functions BN_CTX_start(), BN_CTX_get() and BT_CTX_end() to
+ get temporary BIGNUMs from a BN_CTX.
+ [Ulf Möller]
+
+ *) Correct return values in BN_mod_exp_mont() and BN_mod_exp2_mont()
+ for p == 0.
+ [Ulf Möller]
+
+ *) Change the SSLeay_add_all_*() functions to OpenSSL_add_all_*() and
+ include a #define from the old name to the new. The original intent
+ was that statically linked binaries could for example just call
+ SSLeay_add_all_ciphers() to just add ciphers to the table and not
+ link with digests. This never worked becayse SSLeay_add_all_digests()
+ and SSLeay_add_all_ciphers() were in the same source file so calling
+ one would link with the other. They are now in separate source files.
+ [Steve Henson]
+
+ *) Add a new -notext option to 'ca' and a -pubkey option to 'spkac'.
+ [Steve Henson]
+
+ *) Use a less unusual form of the Miller-Rabin primality test (it used
+ a binary algorithm for exponentiation integrated into the Miller-Rabin
+ loop, our standard modexp algorithms are faster).
+ [Bodo Moeller]
+
+ *) Support for the EBCDIC character set completed.
+ [Martin Kraemer <Martin.Kraemer@Mch.SNI.De>]
+
+ *) Source code cleanups: use const where appropriate, eliminate casts,
+ use void * instead of char * in lhash.
+ [Ulf Möller]
+
+ *) Bugfix: ssl3_send_server_key_exchange was not restartable
+ (the state was not changed to SSL3_ST_SW_KEY_EXCH_B, and because of
+ this the server could overwrite ephemeral keys that the client
+ has already seen).
+ [Bodo Moeller]
+
+ *) Turn DSA_is_prime into a macro that calls BN_is_prime,
+ using 50 iterations of the Rabin-Miller test.
+
+ DSA_generate_parameters now uses BN_is_prime_fasttest (with 50
+ iterations of the Rabin-Miller test as required by the appendix
+ to FIPS PUB 186[-1]) instead of DSA_is_prime.
+ As BN_is_prime_fasttest includes trial division, DSA parameter
+ generation becomes much faster.
+
+ This implies a change for the callback functions in DSA_is_prime
+ and DSA_generate_parameters: The callback function is called once
+ for each positive witness in the Rabin-Miller test, not just
+ occasionally in the inner loop; and the parameters to the
+ callback function now provide an iteration count for the outer
+ loop rather than for the current invocation of the inner loop.
+ DSA_generate_parameters additionally can call the callback
+ function with an 'iteration count' of -1, meaning that a
+ candidate has passed the trial division test (when q is generated
+ from an application-provided seed, trial division is skipped).
+ [Bodo Moeller]
+
+ *) New function BN_is_prime_fasttest that optionally does trial
+ division before starting the Rabin-Miller test and has
+ an additional BN_CTX * argument (whereas BN_is_prime always
+ has to allocate at least one BN_CTX).
+ 'callback(1, -1, cb_arg)' is called when a number has passed the
+ trial division stage.
+ [Bodo Moeller]
+
+ *) Fix for bug in CRL encoding. The validity dates weren't being handled
+ as ASN1_TIME.
+ [Steve Henson]
+
+ *) New -pkcs12 option to CA.pl script to write out a PKCS#12 file.
+ [Steve Henson]
+
+ *) New function BN_pseudo_rand().
+ [Ulf Möller]
+
+ *) Clean up BN_mod_mul_montgomery(): replace the broken (and unreadable)
+ bignum version of BN_from_montgomery() with the working code from
+ SSLeay 0.9.0 (the word based version is faster anyway), and clean up
+ the comments.
+ [Ulf Möller]
+
+ *) Avoid a race condition in s2_clnt.c (function get_server_hello) that
+ made it impossible to use the same SSL_SESSION data structure in
+ SSL2 clients in multiple threads.
+ [Bodo Moeller]
+
+ *) The return value of RAND_load_file() no longer counts bytes obtained
+ by stat(). RAND_load_file(..., -1) is new and uses the complete file
+ to seed the PRNG (previously an explicit byte count was required).
+ [Ulf Möller, Bodo Möller]
+
+ *) Clean up CRYPTO_EX_DATA functions, some of these didn't have prototypes
+ used (char *) instead of (void *) and had casts all over the place.
+ [Steve Henson]
+
+ *) Make BN_generate_prime() return NULL on error if ret!=NULL.
+ [Ulf Möller]
+
+ *) Retain source code compatibility for BN_prime_checks macro:
+ BN_is_prime(..., BN_prime_checks, ...) now uses
+ BN_prime_checks_for_size to determine the appropriate number of
+ Rabin-Miller iterations.
+ [Ulf Möller]
+
+ *) Diffie-Hellman uses "safe" primes: DH_check() return code renamed to
+ DH_CHECK_P_NOT_SAFE_PRIME.
+ (Check if this is true? OpenPGP calls them "strong".)
+ [Ulf Möller]
+
+ *) Merge the functionality of "dh" and "gendh" programs into a new program
+ "dhparam". The old programs are retained for now but will handle DH keys
+ (instead of parameters) in future.
+ [Steve Henson]
+
+ *) Make the ciphers, s_server and s_client programs check the return values
+ when a new cipher list is set.
+ [Steve Henson]
+
+ *) Enhance the SSL/TLS cipher mechanism to correctly handle the TLS 56bit
+ ciphers. Before when the 56bit ciphers were enabled the sorting was
+ wrong.
+
+ The syntax for the cipher sorting has been extended to support sorting by
+ cipher-strength (using the strength_bits hard coded in the tables).
+ The new command is "@STRENGTH" (see also doc/apps/ciphers.pod).
+
+ Fix a bug in the cipher-command parser: when supplying a cipher command
+ string with an "undefined" symbol (neither command nor alphanumeric
+ [A-Za-z0-9], ssl_set_cipher_list used to hang in an endless loop. Now
+ an error is flagged.
+
+ Due to the strength-sorting extension, the code of the
+ ssl_create_cipher_list() function was completely rearranged. I hope that
+ the readability was also increased :-)
+ [Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>]
+
+ *) Minor change to 'x509' utility. The -CAcreateserial option now uses 1
+ for the first serial number and places 2 in the serial number file. This
+ avoids problems when the root CA is created with serial number zero and
+ the first user certificate has the same issuer name and serial number
+ as the root CA.
+ [Steve Henson]
+
+ *) Fixes to X509_ATTRIBUTE utilities, change the 'req' program so it uses
+ the new code. Add documentation for this stuff.
+ [Steve Henson]
+
+ *) Changes to X509_ATTRIBUTE utilities. These have been renamed from
+ X509_*() to X509at_*() on the grounds that they don't handle X509
+ structures and behave in an analagous way to the X509v3 functions:
+ they shouldn't be called directly but wrapper functions should be used
+ instead.
+
+ So we also now have some wrapper functions that call the X509at functions
+ when passed certificate requests. (TO DO: similar things can be done with
+ PKCS#7 signed and unsigned attributes, PKCS#12 attributes and a few other
+ things. Some of these need some d2i or i2d and print functionality
+ because they handle more complex structures.)
+ [Steve Henson]
+
+ *) Add missing #ifndefs that caused missing symbols when building libssl
+ as a shared library without RSA. Use #ifndef NO_SSL2 instead of
+ NO_RSA in ssl/s2*.c.
+ [Kris Kennaway <kris@hub.freebsd.org>, modified by Ulf Möller]
+
+ *) Precautions against using the PRNG uninitialized: RAND_bytes() now
+ has a return value which indicates the quality of the random data
+ (1 = ok, 0 = not seeded). Also an error is recorded on the thread's
+ error queue. New function RAND_pseudo_bytes() generates output that is
+ guaranteed to be unique but not unpredictable. RAND_add is like
+ RAND_seed, but takes an extra argument for an entropy estimate
+ (RAND_seed always assumes full entropy).
+ [Ulf Möller]
+
+ *) Do more iterations of Rabin-Miller probable prime test (specifically,
+ 3 for 1024-bit primes, 6 for 512-bit primes, 12 for 256-bit primes
+ instead of only 2 for all lengths; see BN_prime_checks_for_size definition
+ in crypto/bn/bn_prime.c for the complete table). This guarantees a
+ false-positive rate of at most 2^-80 for random input.
+ [Bodo Moeller]
+
+ *) Rewrite ssl3_read_n (ssl/s3_pkt.c) avoiding a couple of bugs.
+ [Bodo Moeller]
+
+ *) New function X509_CTX_rget_chain() (renamed to X509_CTX_get1_chain
+ in the 0.9.5 release), this returns the chain
+ from an X509_CTX structure with a dup of the stack and all
+ the X509 reference counts upped: so the stack will exist
+ after X509_CTX_cleanup() has been called. Modify pkcs12.c
+ to use this.
+
+ Also make SSL_SESSION_print() print out the verify return
+ code.
+ [Steve Henson]
+
+ *) Add manpage for the pkcs12 command. Also change the default
+ behaviour so MAC iteration counts are used unless the new
+ -nomaciter option is used. This improves file security and
+ only older versions of MSIE (4.0 for example) need it.
+ [Steve Henson]
+
+ *) Honor the no-xxx Configure options when creating .DEF files.
+ [Ulf Möller]
+
+ *) Add PKCS#10 attributes to field table: challengePassword,
+ unstructuredName and unstructuredAddress. These are taken from
+ draft PKCS#9 v2.0 but are compatible with v1.2 provided no
+ international characters are used.
+
+ More changes to X509_ATTRIBUTE code: allow the setting of types
+ based on strings. Remove the 'loc' parameter when adding
+ attributes because these will be a SET OF encoding which is sorted
+ in ASN1 order.
+ [Steve Henson]
+
+ *) Initial changes to the 'req' utility to allow request generation
+ automation. This will allow an application to just generate a template
+ file containing all the field values and have req construct the
+ request.
+
+ Initial support for X509_ATTRIBUTE handling. Stacks of these are
+ used all over the place including certificate requests and PKCS#7
+ structures. They are currently handled manually where necessary with
+ some primitive wrappers for PKCS#7. The new functions behave in a
+ manner analogous to the X509 extension functions: they allow
+ attributes to be looked up by NID and added.
+
+ Later something similar to the X509V3 code would be desirable to
+ automatically handle the encoding, decoding and printing of the
+ more complex types. The string types like challengePassword can
+ be handled by the string table functions.
+
+ Also modified the multi byte string table handling. Now there is
+ a 'global mask' which masks out certain types. The table itself
+ can use the flag STABLE_NO_MASK to ignore the mask setting: this
+ is useful when for example there is only one permissible type
+ (as in countryName) and using the mask might result in no valid
+ types at all.
+ [Steve Henson]
+
+ *) Clean up 'Finished' handling, and add functions SSL_get_finished and
+ SSL_get_peer_finished to allow applications to obtain the latest
+ Finished messages sent to the peer or expected from the peer,
+ respectively. (SSL_get_peer_finished is usually the Finished message
+ actually received from the peer, otherwise the protocol will be aborted.)
+
+ As the Finished message are message digests of the complete handshake
+ (with a total of 192 bits for TLS 1.0 and more for SSL 3.0), they can
+ be used for external authentication procedures when the authentication
+ provided by SSL/TLS is not desired or is not enough.
+ [Bodo Moeller]
+
+ *) Enhanced support for Alpha Linux is added. Now ./config checks if
+ the host supports BWX extension and if Compaq C is present on the
+ $PATH. Just exploiting of the BWX extension results in 20-30%
+ performance kick for some algorithms, e.g. DES and RC4 to mention
+ a couple. Compaq C in turn generates ~20% faster code for MD5 and
+ SHA1.
+ [Andy Polyakov]
+
+ *) Add support for MS "fast SGC". This is arguably a violation of the
+ SSL3/TLS protocol. Netscape SGC does two handshakes: the first with
+ weak crypto and after checking the certificate is SGC a second one
+ with strong crypto. MS SGC stops the first handshake after receiving
+ the server certificate message and sends a second client hello. Since
+ a server will typically do all the time consuming operations before
+ expecting any further messages from the client (server key exchange
+ is the most expensive) there is little difference between the two.
+
+ To get OpenSSL to support MS SGC we have to permit a second client
+ hello message after we have sent server done. In addition we have to
+ reset the MAC if we do get this second client hello.
+ [Steve Henson]
+
+ *) Add a function 'd2i_AutoPrivateKey()' this will automatically decide
+ if a DER encoded private key is RSA or DSA traditional format. Changed
+ d2i_PrivateKey_bio() to use it. This is only needed for the "traditional"
+ format DER encoded private key. Newer code should use PKCS#8 format which
+ has the key type encoded in the ASN1 structure. Added DER private key
+ support to pkcs8 application.
+ [Steve Henson]
+
+ *) SSL 3/TLS 1 servers now don't request certificates when an anonymous
+ ciphersuites has been selected (as required by the SSL 3/TLS 1
+ specifications). Exception: When SSL_VERIFY_FAIL_IF_NO_PEER_CERT
+ is set, we interpret this as a request to violate the specification
+ (the worst that can happen is a handshake failure, and 'correct'
+ behaviour would result in a handshake failure anyway).
+ [Bodo Moeller]
+
+ *) In SSL_CTX_add_session, take into account that there might be multiple
+ SSL_SESSION structures with the same session ID (e.g. when two threads
+ concurrently obtain them from an external cache).
+ The internal cache can handle only one SSL_SESSION with a given ID,
+ so if there's a conflict, we now throw out the old one to achieve
+ consistency.
+ [Bodo Moeller]
+
+ *) Add OIDs for idea and blowfish in CBC mode. This will allow both
+ to be used in PKCS#5 v2.0 and S/MIME. Also add checking to
+ some routines that use cipher OIDs: some ciphers do not have OIDs
+ defined and so they cannot be used for S/MIME and PKCS#5 v2.0 for
+ example.
+ [Steve Henson]
+
+ *) Simplify the trust setting structure and code. Now we just have
+ two sequences of OIDs for trusted and rejected settings. These will
+ typically have values the same as the extended key usage extension
+ and any application specific purposes.
+
+ The trust checking code now has a default behaviour: it will just
+ check for an object with the same NID as the passed id. Functions can
+ be provided to override either the default behaviour or the behaviour
+ for a given id. SSL client, server and email already have functions
+ in place for compatibility: they check the NID and also return "trusted"
+ if the certificate is self signed.
+ [Steve Henson]
+
+ *) Add d2i,i2d bio/fp functions for PrivateKey: these convert the
+ traditional format into an EVP_PKEY structure.
+ [Steve Henson]
+
+ *) Add a password callback function PEM_cb() which either prompts for
+ a password if usr_data is NULL or otherwise assumes it is a null
+ terminated password. Allow passwords to be passed on command line
+ environment or config files in a few more utilities.
+ [Steve Henson]
+
+ *) Add a bunch of DER and PEM functions to handle PKCS#8 format private
+ keys. Add some short names for PKCS#8 PBE algorithms and allow them
+ to be specified on the command line for the pkcs8 and pkcs12 utilities.
+ Update documentation.
+ [Steve Henson]
+
+ *) Support for ASN1 "NULL" type. This could be handled before by using
+ ASN1_TYPE but there wasn't any function that would try to read a NULL
+ and produce an error if it couldn't. For compatibility we also have
+ ASN1_NULL_new() and ASN1_NULL_free() functions but these are faked and
+ don't allocate anything because they don't need to.
+ [Steve Henson]
+
+ *) Initial support for MacOS is now provided. Examine INSTALL.MacOS
+ for details.
+ [Andy Polyakov, Roy Woods <roy@centicsystems.ca>]
+
+ *) Rebuild of the memory allocation routines used by OpenSSL code and
+ possibly others as well. The purpose is to make an interface that
+ provide hooks so anyone can build a separate set of allocation and
+ deallocation routines to be used by OpenSSL, for example memory
+ pool implementations, or something else, which was previously hard
+ since Malloc(), Realloc() and Free() were defined as macros having
+ the values malloc, realloc and free, respectively (except for Win32
+ compilations). The same is provided for memory debugging code.
+ OpenSSL already comes with functionality to find memory leaks, but
+ this gives people a chance to debug other memory problems.
+
+ With these changes, a new set of functions and macros have appeared:
+
+ CRYPTO_set_mem_debug_functions() [F]
+ CRYPTO_get_mem_debug_functions() [F]
+ CRYPTO_dbg_set_options() [F]
+ CRYPTO_dbg_get_options() [F]
+ CRYPTO_malloc_debug_init() [M]
+
+ The memory debug functions are NULL by default, unless the library
+ is compiled with CRYPTO_MDEBUG or friends is defined. If someone
+ wants to debug memory anyway, CRYPTO_malloc_debug_init() (which
+ gives the standard debugging functions that come with OpenSSL) or
+ CRYPTO_set_mem_debug_functions() (tells OpenSSL to use functions
+ provided by the library user) must be used. When the standard
+ debugging functions are used, CRYPTO_dbg_set_options can be used to
+ request additional information:
+ CRYPTO_dbg_set_options(V_CYRPTO_MDEBUG_xxx) corresponds to setting
+ the CRYPTO_MDEBUG_xxx macro when compiling the library.
+
+ Also, things like CRYPTO_set_mem_functions will always give the
+ expected result (the new set of functions is used for allocation
+ and deallocation) at all times, regardless of platform and compiler
+ options.
+
+ To finish it up, some functions that were never use in any other
+ way than through macros have a new API and new semantic:
+
+ CRYPTO_dbg_malloc()
+ CRYPTO_dbg_realloc()
+ CRYPTO_dbg_free()
+
+ All macros of value have retained their old syntax.
+ [Richard Levitte and Bodo Moeller]
+
+ *) Some S/MIME fixes. The OID for SMIMECapabilities was wrong, the
+ ordering of SMIMECapabilities wasn't in "strength order" and there
+ was a missing NULL in the AlgorithmIdentifier for the SHA1 signature
+ algorithm.
+ [Steve Henson]
+
+ *) Some ASN1 types with illegal zero length encoding (INTEGER,
+ ENUMERATED and OBJECT IDENTIFIER) choked the ASN1 routines.
+ [Frans Heymans <fheymans@isaserver.be>, modified by Steve Henson]
+
+ *) Merge in my S/MIME library for OpenSSL. This provides a simple
+ S/MIME API on top of the PKCS#7 code, a MIME parser (with enough
+ functionality to handle multipart/signed properly) and a utility
+ called 'smime' to call all this stuff. This is based on code I
+ originally wrote for Celo who have kindly allowed it to be
+ included in OpenSSL.
+ [Steve Henson]
+
+ *) Add variants des_set_key_checked and des_set_key_unchecked of
+ des_set_key (aka des_key_sched). Global variable des_check_key
+ decides which of these is called by des_set_key; this way
+ des_check_key behaves as it always did, but applications and
+ the library itself, which was buggy for des_check_key == 1,
+ have a cleaner way to pick the version they need.
+ [Bodo Moeller]
+
+ *) New function PKCS12_newpass() which changes the password of a
+ PKCS12 structure.
+ [Steve Henson]
+
+ *) Modify X509_TRUST and X509_PURPOSE so it also uses a static and
+ dynamic mix. In both cases the ids can be used as an index into the
+ table. Also modified the X509_TRUST_add() and X509_PURPOSE_add()
+ functions so they accept a list of the field values and the
+ application doesn't need to directly manipulate the X509_TRUST
+ structure.
+ [Steve Henson]
+
+ *) Modify the ASN1_STRING_TABLE stuff so it also uses bsearch and doesn't
+ need initialising.
+ [Steve Henson]
+
+ *) Modify the way the V3 extension code looks up extensions. This now
+ works in a similar way to the object code: we have some "standard"
+ extensions in a static table which is searched with OBJ_bsearch()
+ and the application can add dynamic ones if needed. The file
+ crypto/x509v3/ext_dat.h now has the info: this file needs to be
+ updated whenever a new extension is added to the core code and kept
+ in ext_nid order. There is a simple program 'tabtest.c' which checks
+ this. New extensions are not added too often so this file can readily
+ be maintained manually.
+
+ There are two big advantages in doing things this way. The extensions
+ can be looked up immediately and no longer need to be "added" using
+ X509V3_add_standard_extensions(): this function now does nothing.
+ [Side note: I get *lots* of email saying the extension code doesn't
+ work because people forget to call this function]
+ Also no dynamic allocation is done unless new extensions are added:
+ so if we don't add custom extensions there is no need to call
+ X509V3_EXT_cleanup().
+ [Steve Henson]
+
+ *) Modify enc utility's salting as follows: make salting the default. Add a
+ magic header, so unsalted files fail gracefully instead of just decrypting
+ to garbage. This is because not salting is a big security hole, so people
+ should be discouraged from doing it.
+ [Ben Laurie]
+
+ *) Fixes and enhancements to the 'x509' utility. It allowed a message
+ digest to be passed on the command line but it only used this
+ parameter when signing a certificate. Modified so all relevant
+ operations are affected by the digest parameter including the
+ -fingerprint and -x509toreq options. Also -x509toreq choked if a
+ DSA key was used because it didn't fix the digest.
+ [Steve Henson]
+
+ *) Initial certificate chain verify code. Currently tests the untrusted
+ certificates for consistency with the verify purpose (which is set
+ when the X509_STORE_CTX structure is set up) and checks the pathlength.
+
+ There is a NO_CHAIN_VERIFY compilation option to keep the old behaviour:
+ this is because it will reject chains with invalid extensions whereas
+ every previous version of OpenSSL and SSLeay made no checks at all.
+
+ Trust code: checks the root CA for the relevant trust settings. Trust
+ settings have an initial value consistent with the verify purpose: e.g.
+ if the verify purpose is for SSL client use it expects the CA to be
+ trusted for SSL client use. However the default value can be changed to
+ permit custom trust settings: one example of this would be to only trust
+ certificates from a specific "secure" set of CAs.
+
+ Also added X509_STORE_CTX_new() and X509_STORE_CTX_free() functions
+ which should be used for version portability: especially since the
+ verify structure is likely to change more often now.
+
+ SSL integration. Add purpose and trust to SSL_CTX and SSL and functions
+ to set them. If not set then assume SSL clients will verify SSL servers
+ and vice versa.
+
+ Two new options to the verify program: -untrusted allows a set of
+ untrusted certificates to be passed in and -purpose which sets the
+ intended purpose of the certificate. If a purpose is set then the
+ new chain verify code is used to check extension consistency.
+ [Steve Henson]
+
+ *) Support for the authority information access extension.
+ [Steve Henson]
+
+ *) Modify RSA and DSA PEM read routines to transparently handle
+ PKCS#8 format private keys. New *_PUBKEY_* functions that handle
+ public keys in a format compatible with certificate
+ SubjectPublicKeyInfo structures. Unfortunately there were already
+ functions called *_PublicKey_* which used various odd formats so
+ these are retained for compatibility: however the DSA variants were
+ never in a public release so they have been deleted. Changed dsa/rsa
+ utilities to handle the new format: note no releases ever handled public
+ keys so we should be OK.
+
+ The primary motivation for this change is to avoid the same fiasco
+ that dogs private keys: there are several incompatible private key
+ formats some of which are standard and some OpenSSL specific and
+ require various evil hacks to allow partial transparent handling and
+ even then it doesn't work with DER formats. Given the option anything
+ other than PKCS#8 should be dumped: but the other formats have to
+ stay in the name of compatibility.
+
+ With public keys and the benefit of hindsight one standard format
+ is used which works with EVP_PKEY, RSA or DSA structures: though
+ it clearly returns an error if you try to read the wrong kind of key.
+
+ Added a -pubkey option to the 'x509' utility to output the public key.
+ Also rename the EVP_PKEY_get_*() to EVP_PKEY_rget_*()
+ (renamed to EVP_PKEY_get1_*() in the OpenSSL 0.9.5 release) and add
+ EVP_PKEY_rset_*() functions (renamed to EVP_PKEY_set1_*())
+ that do the same as the EVP_PKEY_assign_*() except they up the
+ reference count of the added key (they don't "swallow" the
+ supplied key).
+ [Steve Henson]
+
+ *) Fixes to crypto/x509/by_file.c the code to read in certificates and
+ CRLs would fail if the file contained no certificates or no CRLs:
+ added a new function to read in both types and return the number
+ read: this means that if none are read it will be an error. The
+ DER versions of the certificate and CRL reader would always fail
+ because it isn't possible to mix certificates and CRLs in DER format
+ without choking one or the other routine. Changed this to just read
+ a certificate: this is the best we can do. Also modified the code
+ in apps/verify.c to take notice of return codes: it was previously
+ attempting to read in certificates from NULL pointers and ignoring
+ any errors: this is one reason why the cert and CRL reader seemed
+ to work. It doesn't check return codes from the default certificate
+ routines: these may well fail if the certificates aren't installed.
+ [Steve Henson]
+
+ *) Code to support otherName option in GeneralName.
+ [Steve Henson]
+
+ *) First update to verify code. Change the verify utility
+ so it warns if it is passed a self signed certificate:
+ for consistency with the normal behaviour. X509_verify
+ has been modified to it will now verify a self signed
+ certificate if *exactly* the same certificate appears
+ in the store: it was previously impossible to trust a
+ single self signed certificate. This means that:
+ openssl verify ss.pem
+ now gives a warning about a self signed certificate but
+ openssl verify -CAfile ss.pem ss.pem
+ is OK.
+ [Steve Henson]
+
+ *) For servers, store verify_result in SSL_SESSION data structure
+ (and add it to external session representation).
+ This is needed when client certificate verifications fails,
+ but an application-provided verification callback (set by
+ SSL_CTX_set_cert_verify_callback) allows accepting the session
+ anyway (i.e. leaves x509_store_ctx->error != X509_V_OK
+ but returns 1): When the session is reused, we have to set
+ ssl->verify_result to the appropriate error code to avoid
+ security holes.
+ [Bodo Moeller, problem pointed out by Lutz Jaenicke]
+
+ *) Fix a bug in the new PKCS#7 code: it didn't consider the
+ case in PKCS7_dataInit() where the signed PKCS7 structure
+ didn't contain any existing data because it was being created.
+ [Po-Cheng Chen <pocheng@nst.com.tw>, slightly modified by Steve Henson]
+
+ *) Add a salt to the key derivation routines in enc.c. This
+ forms the first 8 bytes of the encrypted file. Also add a
+ -S option to allow a salt to be input on the command line.
+ [Steve Henson]
+
+ *) New function X509_cmp(). Oddly enough there wasn't a function
+ to compare two certificates. We do this by working out the SHA1
+ hash and comparing that. X509_cmp() will be needed by the trust
+ code.
+ [Steve Henson]
+
+ *) SSL_get1_session() is like SSL_get_session(), but increments
+ the reference count in the SSL_SESSION returned.
+ [Geoff Thorpe <geoff@eu.c2.net>]
+
+ *) Fix for 'req': it was adding a null to request attributes.
+ Also change the X509_LOOKUP and X509_INFO code to handle
+ certificate auxiliary information.
+ [Steve Henson]
+
+ *) Add support for 40 and 64 bit RC2 and RC4 algorithms: document
+ the 'enc' command.
+ [Steve Henson]
+
+ *) Add the possibility to add extra information to the memory leak
+ detecting output, to form tracebacks, showing from where each
+ allocation was originated: CRYPTO_push_info("constant string") adds
+ the string plus current file name and line number to a per-thread
+ stack, CRYPTO_pop_info() does the obvious, CRYPTO_remove_all_info()
+ is like calling CYRPTO_pop_info() until the stack is empty.
+ Also updated memory leak detection code to be multi-thread-safe.
+ [Richard Levitte]
+
+ *) Add options -text and -noout to pkcs7 utility and delete the
+ encryption options which never did anything. Update docs.
+ [Steve Henson]
+
+ *) Add options to some of the utilities to allow the pass phrase
+ to be included on either the command line (not recommended on
+ OSes like Unix) or read from the environment. Update the
+ manpages and fix a few bugs.
+ [Steve Henson]
+
+ *) Add a few manpages for some of the openssl commands.
+ [Steve Henson]
+
+ *) Fix the -revoke option in ca. It was freeing up memory twice,
+ leaking and not finding already revoked certificates.
+ [Steve Henson]
+
+ *) Extensive changes to support certificate auxiliary information.
+ This involves the use of X509_CERT_AUX structure and X509_AUX
+ functions. An X509_AUX function such as PEM_read_X509_AUX()
+ can still read in a certificate file in the usual way but it
+ will also read in any additional "auxiliary information". By
+ doing things this way a fair degree of compatibility can be
+ retained: existing certificates can have this information added
+ using the new 'x509' options.
+
+ Current auxiliary information includes an "alias" and some trust
+ settings. The trust settings will ultimately be used in enhanced
+ certificate chain verification routines: currently a certificate
+ can only be trusted if it is self signed and then it is trusted
+ for all purposes.
+ [Steve Henson]
+
+ *) Fix assembler for Alpha (tested only on DEC OSF not Linux or *BSD).
+ The problem was that one of the replacement routines had not been working
+ since SSLeay releases. For now the offending routine has been replaced
+ with non-optimised assembler. Even so, this now gives around 95%
+ performance improvement for 1024 bit RSA signs.
+ [Mark Cox]
+
+ *) Hack to fix PKCS#7 decryption when used with some unorthodox RC2
+ handling. Most clients have the effective key size in bits equal to
+ the key length in bits: so a 40 bit RC2 key uses a 40 bit (5 byte) key.
+ A few however don't do this and instead use the size of the decrypted key
+ to determine the RC2 key length and the AlgorithmIdentifier to determine
+ the effective key length. In this case the effective key length can still
+ be 40 bits but the key length can be 168 bits for example. This is fixed
+ by manually forcing an RC2 key into the EVP_PKEY structure because the
+ EVP code can't currently handle unusual RC2 key sizes: it always assumes
+ the key length and effective key length are equal.
+ [Steve Henson]
+
+ *) Add a bunch of functions that should simplify the creation of
+ X509_NAME structures. Now you should be able to do:
+ X509_NAME_add_entry_by_txt(nm, "CN", MBSTRING_ASC, "Steve", -1, -1, 0);
+ and have it automatically work out the correct field type and fill in
+ the structures. The more adventurous can try:
+ X509_NAME_add_entry_by_txt(nm, field, MBSTRING_UTF8, str, -1, -1, 0);
+ and it will (hopefully) work out the correct multibyte encoding.
+ [Steve Henson]
+
+ *) Change the 'req' utility to use the new field handling and multibyte
+ copy routines. Before the DN field creation was handled in an ad hoc
+ way in req, ca, and x509 which was rather broken and didn't support
+ BMPStrings or UTF8Strings. Since some software doesn't implement
+ BMPStrings or UTF8Strings yet, they can be enabled using the config file
+ using the dirstring_type option. See the new comment in the default
+ openssl.cnf for more info.
+ [Steve Henson]
+
+ *) Make crypto/rand/md_rand.c more robust:
+ - Assure unique random numbers after fork().
+ - Make sure that concurrent threads access the global counter and
+ md serializably so that we never lose entropy in them
+ or use exactly the same state in multiple threads.
+ Access to the large state is not always serializable because
+ the additional locking could be a performance killer, and
+ md should be large enough anyway.
+ [Bodo Moeller]
+
+ *) New file apps/app_rand.c with commonly needed functionality
+ for handling the random seed file.
+
+ Use the random seed file in some applications that previously did not:
+ ca,
+ dsaparam -genkey (which also ignored its '-rand' option),
+ s_client,
+ s_server,
+ x509 (when signing).
+ Except on systems with /dev/urandom, it is crucial to have a random
+ seed file at least for key creation, DSA signing, and for DH exchanges;
+ for RSA signatures we could do without one.
+
+ gendh and gendsa (unlike genrsa) used to read only the first byte
+ of each file listed in the '-rand' option. The function as previously
+ found in genrsa is now in app_rand.c and is used by all programs
+ that support '-rand'.
+ [Bodo Moeller]
+
+ *) In RAND_write_file, use mode 0600 for creating files;
+ don't just chmod when it may be too late.
+ [Bodo Moeller]
+
+ *) Report an error from X509_STORE_load_locations
+ when X509_LOOKUP_load_file or X509_LOOKUP_add_dir failed.
+ [Bill Perry]
+
+ *) New function ASN1_mbstring_copy() this copies a string in either
+ ASCII, Unicode, Universal (4 bytes per character) or UTF8 format
+ into an ASN1_STRING type. A mask of permissible types is passed
+ and it chooses the "minimal" type to use or an error if not type
+ is suitable.
+ [Steve Henson]
+
+ *) Add function equivalents to the various macros in asn1.h. The old
+ macros are retained with an M_ prefix. Code inside the library can
+ use the M_ macros. External code (including the openssl utility)
+ should *NOT* in order to be "shared library friendly".
+ [Steve Henson]
+
+ *) Add various functions that can check a certificate's extensions
+ to see if it usable for various purposes such as SSL client,
+ server or S/MIME and CAs of these types. This is currently
+ VERY EXPERIMENTAL but will ultimately be used for certificate chain
+ verification. Also added a -purpose flag to x509 utility to
+ print out all the purposes.
+ [Steve Henson]
+
+ *) Add a CRYPTO_EX_DATA to X509 certificate structure and associated
+ functions.
+ [Steve Henson]
+
+ *) New X509V3_{X509,CRL,REVOKED}_get_d2i() functions. These will search
+ for, obtain and decode and extension and obtain its critical flag.
+ This allows all the necessary extension code to be handled in a
+ single function call.
+ [Steve Henson]
+
+ *) RC4 tune-up featuring 30-40% performance improvement on most RISC
+ platforms. See crypto/rc4/rc4_enc.c for further details.
+ [Andy Polyakov]
+
+ *) New -noout option to asn1parse. This causes no output to be produced
+ its main use is when combined with -strparse and -out to extract data
+ from a file (which may not be in ASN.1 format).
+ [Steve Henson]
+
+ *) Fix for pkcs12 program. It was hashing an invalid certificate pointer
+ when producing the local key id.
+ [Richard Levitte <levitte@stacken.kth.se>]
+
+ *) New option -dhparam in s_server. This allows a DH parameter file to be
+ stated explicitly. If it is not stated then it tries the first server
+ certificate file. The previous behaviour hard coded the filename
+ "server.pem".
+ [Steve Henson]
+
+ *) Add -pubin and -pubout options to the rsa and dsa commands. These allow
+ a public key to be input or output. For example:
+ openssl rsa -in key.pem -pubout -out pubkey.pem
+ Also added necessary DSA public key functions to handle this.
+ [Steve Henson]
+
+ *) Fix so PKCS7_dataVerify() doesn't crash if no certificates are contained
+ in the message. This was handled by allowing
+ X509_find_by_issuer_and_serial() to tolerate a NULL passed to it.
+ [Steve Henson, reported by Sampo Kellomaki <sampo@mail.neuronio.pt>]
+
+ *) Fix for bug in d2i_ASN1_bytes(): other ASN1 functions add an extra null
+ to the end of the strings whereas this didn't. This would cause problems
+ if strings read with d2i_ASN1_bytes() were later modified.
+ [Steve Henson, reported by Arne Ansper <arne@ats.cyber.ee>]
+
+ *) Fix for base64 decode bug. When a base64 bio reads only one line of
+ data and it contains EOF it will end up returning an error. This is
+ caused by input 46 bytes long. The cause is due to the way base64
+ BIOs find the start of base64 encoded data. They do this by trying a
+ trial decode on each line until they find one that works. When they
+ do a flag is set and it starts again knowing it can pass all the
+ data directly through the decoder. Unfortunately it doesn't reset
+ the context it uses. This means that if EOF is reached an attempt
+ is made to pass two EOFs through the context and this causes the
+ resulting error. This can also cause other problems as well. As is
+ usual with these problems it takes *ages* to find and the fix is
+ trivial: move one line.
+ [Steve Henson, reported by ian@uns.ns.ac.yu (Ivan Nejgebauer) ]
+
+ *) Ugly workaround to get s_client and s_server working under Windows. The
+ old code wouldn't work because it needed to select() on sockets and the
+ tty (for keypresses and to see if data could be written). Win32 only
+ supports select() on sockets so we select() with a 1s timeout on the
+ sockets and then see if any characters are waiting to be read, if none
+ are present then we retry, we also assume we can always write data to
+ the tty. This isn't nice because the code then blocks until we've
+ received a complete line of data and it is effectively polling the
+ keyboard at 1s intervals: however it's quite a bit better than not
+ working at all :-) A dedicated Windows application might handle this
+ with an event loop for example.
+ [Steve Henson]
+
+ *) Enhance RSA_METHOD structure. Now there are two extra methods, rsa_sign
+ and rsa_verify. When the RSA_FLAGS_SIGN_VER option is set these functions
+ will be called when RSA_sign() and RSA_verify() are used. This is useful
+ if rsa_pub_dec() and rsa_priv_enc() equivalents are not available.
+ For this to work properly RSA_public_decrypt() and RSA_private_encrypt()
+ should *not* be used: RSA_sign() and RSA_verify() must be used instead.
+ This necessitated the support of an extra signature type NID_md5_sha1
+ for SSL signatures and modifications to the SSL library to use it instead
+ of calling RSA_public_decrypt() and RSA_private_encrypt().
+ [Steve Henson]
+
+ *) Add new -verify -CAfile and -CApath options to the crl program, these
+ will lookup a CRL issuers certificate and verify the signature in a
+ similar way to the verify program. Tidy up the crl program so it
+ no longer accesses structures directly. Make the ASN1 CRL parsing a bit
+ less strict. It will now permit CRL extensions even if it is not
+ a V2 CRL: this will allow it to tolerate some broken CRLs.
+ [Steve Henson]
+
+ *) Initialize all non-automatic variables each time one of the openssl
+ sub-programs is started (this is necessary as they may be started
+ multiple times from the "OpenSSL>" prompt).
+ [Lennart Bang, Bodo Moeller]
+
+ *) Preliminary compilation option RSA_NULL which disables RSA crypto without
+ removing all other RSA functionality (this is what NO_RSA does). This
+ is so (for example) those in the US can disable those operations covered
+ by the RSA patent while allowing storage and parsing of RSA keys and RSA
+ key generation.
+ [Steve Henson]
+
+ *) Non-copying interface to BIO pairs.
+ (still largely untested)
+ [Bodo Moeller]
+
+ *) New function ANS1_tag2str() to convert an ASN1 tag to a descriptive
+ ASCII string. This was handled independently in various places before.
+ [Steve Henson]
+
+ *) New functions UTF8_getc() and UTF8_putc() that parse and generate
+ UTF8 strings a character at a time.
+ [Steve Henson]
+
+ *) Use client_version from client hello to select the protocol
+ (s23_srvr.c) and for RSA client key exchange verification
+ (s3_srvr.c), as required by the SSL 3.0/TLS 1.0 specifications.
+ [Bodo Moeller]
+
+ *) Add various utility functions to handle SPKACs, these were previously
+ handled by poking round in the structure internals. Added new function
+ NETSCAPE_SPKI_print() to print out SPKAC and a new utility 'spkac' to
+ print, verify and generate SPKACs. Based on an original idea from
+ Massimiliano Pala <madwolf@comune.modena.it> but extensively modified.
+ [Steve Henson]
+
+ *) RIPEMD160 is operational on all platforms and is back in 'make test'.
+ [Andy Polyakov]
+
+ *) Allow the config file extension section to be overwritten on the
+ command line. Based on an original idea from Massimiliano Pala
+ <madwolf@comune.modena.it>. The new option is called -extensions
+ and can be applied to ca, req and x509. Also -reqexts to override
+ the request extensions in req and -crlexts to override the crl extensions
+ in ca.
+ [Steve Henson]
+
+ *) Add new feature to the SPKAC handling in ca. Now you can include
+ the same field multiple times by preceding it by "XXXX." for example:
+ 1.OU="Unit name 1"
+ 2.OU="Unit name 2"
+ this is the same syntax as used in the req config file.
+ [Steve Henson]
+
+ *) Allow certificate extensions to be added to certificate requests. These
+ are specified in a 'req_extensions' option of the req section of the
+ config file. They can be printed out with the -text option to req but
+ are otherwise ignored at present.
+ [Steve Henson]
+
+ *) Fix a horrible bug in enc_read() in crypto/evp/bio_enc.c: if the first
+ data read consists of only the final block it would not decrypted because
+ EVP_CipherUpdate() would correctly report zero bytes had been decrypted.
+ A misplaced 'break' also meant the decrypted final block might not be
+ copied until the next read.
+ [Steve Henson]
+
+ *) Initial support for DH_METHOD. Again based on RSA_METHOD. Also added
+ a few extra parameters to the DH structure: these will be useful if
+ for example we want the value of 'q' or implement X9.42 DH.
+ [Steve Henson]
+
+ *) Initial support for DSA_METHOD. This is based on the RSA_METHOD and
+ provides hooks that allow the default DSA functions or functions on a
+ "per key" basis to be replaced. This allows hardware acceleration and
+ hardware key storage to be handled without major modification to the
+ library. Also added low level modexp hooks and CRYPTO_EX structure and
+ associated functions.
+ [Steve Henson]
+
+ *) Add a new flag to memory BIOs, BIO_FLAG_MEM_RDONLY. This marks the BIO
+ as "read only": it can't be written to and the buffer it points to will
+ not be freed. Reading from a read only BIO is much more efficient than
+ a normal memory BIO. This was added because there are several times when
+ an area of memory needs to be read from a BIO. The previous method was
+ to create a memory BIO and write the data to it, this results in two
+ copies of the data and an O(n^2) reading algorithm. There is a new
+ function BIO_new_mem_buf() which creates a read only memory BIO from
+ an area of memory. Also modified the PKCS#7 routines to use read only
+ memory BIOs.
+ [Steve Henson]
+
+ *) Bugfix: ssl23_get_client_hello did not work properly when called in
+ state SSL23_ST_SR_CLNT_HELLO_B, i.e. when the first 7 bytes of
+ a SSLv2-compatible client hello for SSLv3 or TLSv1 could be read,
+ but a retry condition occured while trying to read the rest.
+ [Bodo Moeller]
+
+ *) The PKCS7_ENC_CONTENT_new() function was setting the content type as
+ NID_pkcs7_encrypted by default: this was wrong since this should almost
+ always be NID_pkcs7_data. Also modified the PKCS7_set_type() to handle
+ the encrypted data type: this is a more sensible place to put it and it
+ allows the PKCS#12 code to be tidied up that duplicated this
+ functionality.
+ [Steve Henson]
+
+ *) Changed obj_dat.pl script so it takes its input and output files on
+ the command line. This should avoid shell escape redirection problems
+ under Win32.
+ [Steve Henson]
+
+ *) Initial support for certificate extension requests, these are included
+ in things like Xenroll certificate requests. Included functions to allow
+ extensions to be obtained and added.
+ [Steve Henson]
+
+ *) -crlf option to s_client and s_server for sending newlines as
+ CRLF (as required by many protocols).
+ [Bodo Moeller]
+
Changes between 0.9.3a and 0.9.4 [09 Aug 1999]
*) Install libRSAglue.a when OpenSSL is built with RSAref.
@@ -49,9 +1280,9 @@
method only got called if p,q,dmp1,dmq1,iqmp components were present,
otherwise bn_mod_exp was called. In the case of hardware keys for example
no private key components need be present and it might store extra data
- in the RSA structure, which cannot be accessed from bn_mod_exp. By setting
- RSA_FLAG_EXT_PKEY rsa_mod_exp will always be called for private key
- operations.
+ in the RSA structure, which cannot be accessed from bn_mod_exp.
+ By setting RSA_FLAG_EXT_PKEY rsa_mod_exp will always be called for
+ private key operations.
[Steve Henson]
*) Added support for SPARC Linux.
@@ -65,7 +1296,7 @@
The PEM[_ASN1]_{read,write}... functions and macros now take an
additional void * argument, which is just handed through whenever
the password callback is called.
- [Damien Miller <dmiller@ilogic.com.au>, with tiny changes by Bodo Moeller]
+ [Damien Miller <dmiller@ilogic.com.au>; tiny changes by Bodo Moeller]
New function SSL_CTX_set_default_passwd_cb_userdata.
diff --git a/crypto/openssl/Configure b/crypto/openssl/Configure
index fdad0c238c1a..273b7b75aaf2 100755
--- a/crypto/openssl/Configure
+++ b/crypto/openssl/Configure
@@ -10,7 +10,7 @@ use strict;
# see INSTALL for instructions.
-my $usage="Usage: Configure [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [rsaref] [no-threads] [no-asm] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [rsaref] [no-threads] [no-asm] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] os/compiler[:flags]\n";
# Options:
#
@@ -51,6 +51,10 @@ my $usage="Usage: Configure [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [rsaref] [no
# RC4_LONG use 'long' instead of 'int' for RC4_INT in crypto/rc4/rc4.h
# RC4_INDEX define RC4_INDEX in crypto/rc4/rc4_locl.h. This turns on
# array lookups instead of pointer use.
+# RC4_CHUNK enables code that handles data aligned at long (natural CPU
+# word) boundary.
+# RC4_CHUNK_LL enables code that handles data aligned at long long boundary
+# (intended for 64-bit CPUs running 32-bit OS).
# BF_PTR use 'pointer arithmatic' for Blowfish (unsafe on Alpha).
# BF_PTR2 intel specific version (generic version is more efficient).
# MD5_ASM use some extra md5 assember,
@@ -82,90 +86,135 @@ my $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:as
# -DB_ENDIAN slows things down on a sparc for md5, but helps sha1.
# So the md5_locl.h file has an undef B_ENDIAN if sun is defined
-#config-string CC : CFLAGS : LDFLAGS : special header file mods:bn_asm \
-# des_asm:bf_asm
+#config-string $cc : $cflags : $unistd : $thread_cflag : $lflags : $bn_ops : $bn_obj : $des_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj
+
my %table=(
-#"b", "$tcc:$tflags::$tlib:$bits1:$tbn_mul::",
-#"bl-4c-2c", "$tcc:$tflags::$tlib:${bits1}BN_LLONG RC4_CHAR MD2_CHAR:$tbn_mul::",
-#"bl-4c-ri", "$tcc:$tflags::$tlib:${bits1}BN_LLONG RC4_CHAR RC4_INDEX:$tbn_mul::",
-#"b2-is-ri-dp", "$tcc:$tflags::$tlib:${bits2}IDEA_SHORT RC4_INDEX DES_PTR:$tbn_mul::",
+#"b", "${tcc}:${tflags}::${tlib}:${bits1}:${tbn_mul}::",
+#"bl-4c-2c", "${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR MD2_CHAR:${tbn_mul}::",
+#"bl-4c-ri", "${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR RC4_INDEX:${tbn_mul}::",
+#"b2-is-ri-dp", "${tcc}:${tflags}::${tlib}:${bits2}IDEA_SHORT RC4_INDEX DES_PTR:${tbn_mul}::",
# Our development configs
"purify", "purify gcc:-g -DPURIFY -Wall::(unknown):-lsocket -lnsl::::",
-"debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown):-lefence::::",
-"debug-ben", "gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -DPEDANTIC -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::",
-"debug-ben-debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::",
-"debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown):::::",
-"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
-"debug-bodo", "gcc:-DBIO_PAIR_DEBUG -DL_ENDIAN -DREF_CHECK -DCRYPTO_MDEBUG_ALL -g -m486 -Wall::-D_REENTRANT::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+"debug", "gcc:-DBN_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown):-lefence::::",
+"debug-ben", "gcc:-DBN_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::",
+"debug-ben-debug", "gcc:-DBN_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::",
+"debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown):::::",
+"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"debug-bodo", "gcc:-DBIO_PAIR_DEBUG -DL_ENDIAN -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe::-D_REENTRANT:::",
"dist", "cc:-O::(unknown):::::",
-# Basic configs that should work on any box
+# Basic configs that should work on any (32 and less bit) box
"gcc", "gcc:-O3::(unknown)::BN_LLONG:::",
"cc", "cc:-O::(unknown):::::",
#### Solaris x86 setups
-"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN::-D_REENTRANT:-lsocket -lnsl:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_sol_asm",
+# -DNO_INLINE_ASM switches off inline assembler. We have to do it
+# here because whenever GNU C instantiates an assembler template it
+# surrounds it with #APP #NO_APP comment pair which (at least Solaris
+# 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic"
+# error message.
+"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM::-D_REENTRANT:-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}",
#### SPARC Solaris with GNU C setups
-"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:::",
-"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:asm/sparcv8.o::",
-"solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o:",
+"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
+"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o::",
+"solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o:",
# gcc pre-2.8 doesn't understand -mcpu=ultrasparc, so fall down to -mv8
# but keep the assembler modules.
-"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o:",
+"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o:",
####
-"debug-solaris-sparcv8-gcc","gcc:-DREF_CHECK -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:::",
-"debug-solaris-sparcv9-gcc","gcc:-DREF_CHECK -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:asm/sparcv8plus.o::",
+"debug-solaris-sparcv8-gcc","gcc:-DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o::",
+"debug-solaris-sparcv9-gcc","gcc:-DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o::",
#### SPARC Solaris with Sun C setups
# DO NOT use /xO[34] on sparc with SC3.0. It is broken, and will not pass the tests
-"solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_PTR DES_UNROLL BF_PTR:::",
+"solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:::",
# SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2.
# SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8
# SC5.0 note: Compiler common patch 107357-01 or later is required!
-"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::",
-"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o::",
-"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o:",
-"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:SIXTY_FOUR_BIT_LONG RC4_CHAR DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o:",
+"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::",
+"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o::",
+"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o:",
+"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o:",
+####
+"debug-solaris-sparcv8-cc","cc:-DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o::",
+"debug-solaris-sparcv9-cc","cc:-DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o:",
#### SPARC Linux setups
-"linux-sparcv7","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG RC4_CHAR DES_UNROLL BF_PTR::",
+"linux-sparcv7","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::",
# Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
# assisted with debugging of following two configs.
-"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:asm/sparcv8.o::::",
+"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o::::",
# it's a real mess with -mcpu=ultrasparc option under Linux, but
# -Wa,-Av8plus should do the trick no matter what.
-"linux-sparcv9","gcc:-mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o:",
+"linux-sparcv9","gcc:-mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o:",
# !!!Folowing can't be even tested yet!!!
# We have to wait till 64-bit glibc for SPARC is operational!!!
-#"linux64-sparcv9","sparc64-linux-gcc:-m64 -mcpu=v9 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR DES_UNROLL BF_PTR::::asm/md5-sparcv9.o:",
+#"linux64-sparcv9","sparc64-linux-gcc:-m64 -mcpu=v9 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::asm/md5-sparcv9.o:",
# Sunos configs, assuming sparc for the gcc one.
##"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown)::DES_UNROLL:::",
-"sunos-gcc","gcc:-O3 -mv8::(unknown)::BN_LLONG RC4_CHAR DES_UNROLL DES_PTR DES_RISC1:::",
+"sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:::",
#### IRIX 5.x configs
# -mips2 flag is added by ./config when appropriate.
-"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:::",
-"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR:::",
+"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:::",
+"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:::",
#### IRIX 6.x configs
# Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
# './Configure irix-[g]cc' manually.
# -mips4 flag is added by ./config when appropriate.
-"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN::(unknown)::MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::",
-"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown)::DES_PTR DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::",
+"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::(unknown)::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::",
+"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::(unknown)::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::",
# N64 ABI builds.
-"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN::(unknown)::DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o::",
-"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown)::DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o::",
+"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::(unknown)::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o::",
+"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::(unknown)::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:asm/mips3.o::",
+
+#### Unified HP-UX ANSI C configs.
+# Special notes:
+# - Originally we were optimizing at +O4 level. It should be noted
+# that the only difference between +O3 and +O4 is global inter-
+# procedural analysis. As it has to be performed during the link
+# stage the compiler leaves behind certain pseudo-code in lib*.a
+# which might be release or even patch level specific. Generating
+# the machine code for and analyzing the *whole* program appears
+# to be *extremely* memory demanding while the performance gain is
+# actually questionable. The situation is intensified by the default
+# HP-UX data set size limit (infamous 'maxdsiz' tunable) of 64MB
+# which is way too low for +O4. In other words, doesn't +O3 make
+# more sense?
+# - Keep in mind that the HP compiler by default generates code
+# suitable for execution on the host you're currently compiling at.
+# If the toolkit is ment to be used on various PA-RISC processors
+# consider './config +Dportable'.
+# - +DD64 is chosen in favour of +DA2.0W because it's ment to be
+# compatible with *future* releases.
+# - If you run ./Configure hpux-parisc-[g]cc manually don't forget to
+# pass -D_REENTRANT on HP-UX 10 and later.
+# - -DMD32_XARRAY triggers workaround for compiler bug we ran into in
+# 32-bit message digests. (For the moment of this writing) HP C
+# doesn't seem to "digest" too many local variables (they make "him"
+# chew forever:-). For more details look-up MD32_XARRAY comment in
+# crypto/sha/sha_lcl.h.
+# <appro@fy.chalmers.se>
+#
+"hpux-parisc-cc","cc:-Ae +O3 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+# Since there is mention of this in shlib/hpux10-cc.sh
+"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:::",
# HPUX 9.X config.
# Don't use the bundled cc. It is broken. Use HP ANSI C if possible, or
# egcs. gcc 2.8.1 is also broken.
-"hpux-cc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O4 -z::(unknown)::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+"hpux-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::(unknown)::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
# If hpux-cc fails (e.g. during "make test"), try the next one; otherwise,
-# please report your OS and compiler version to the bugs@openssl.org
+# please report your OS and compiler version to the openssl-bugs@openssl.org
# mailing list.
"hpux-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown)::DES_PTR DES_UNROLL DES_RISC1:::",
@@ -174,7 +223,7 @@ my %table=(
"hpux-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::DES_PTR DES_UNROLL DES_RISC1:::",
# HPUX 10.X config. Supports threads.
-"hpux10-cc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O4 -z::-D_REENTRANT::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+"hpux10-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::-D_REENTRANT::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
# If hpux10-cc fails, try this one (if still fails, try deleting BN_LLONG):
"hpux10-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
@@ -184,46 +233,66 @@ my %table=(
# HPUX 11.X from www.globus.org.
# Only works on PA-RISC 2.0 cpus, and not optimized. Why?
-"hpux11-32bit-cc","cc:+DA2.0 -DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit::-D_REENTRANT::DES_PTR DES_UNROLL DES_RISC1:::",
-"hpux11-64bit-cc","cc:+DA2.0W -g -D_HPUX_SOURCE -Aa -Ae +ESlit::-D_REENTRANT::SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT :::",
+#"hpux11-32bit-cc","cc:+DA2.0 -DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit::-D_REENTRANT::DES_PTR DES_UNROLL DES_RISC1:::",
+#"hpux11-64bit-cc","cc:+DA2.0W -g -D_HPUX_SOURCE -Aa -Ae +ESlit::-D_REENTRANT::SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT :::",
+# Use unified settings above instead.
# Dec Alpha, OSF/1 - the alpha164-cc is the flags for a 21164A with
# the new compiler
# For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version
-"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG DES_UNROLL DES_RISC1:::",
-"alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG:::",
-"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG:::",
-"FreeBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:::",
+"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:asm/alpha.o::",
+"alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o::",
+"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/alpha.o::",
+"FreeBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2:::",
+
+#### Alpha Linux with GNU C and Compaq C setups
+# Special notes:
+# - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
+# ought to run './Configure linux-alpha+bwx-gcc' manually, do
+# complement the command line with -mcpu=ev56, -mcpu=ev6 or whatever
+# which is appropriate.
+# - If you use ccc keep in mind that -fast implies -arch host and the
+# compiler is free to issue instructions which gonna make elder CPU
+# choke. If you wish to build "blended" toolkit, add -arch generic
+# *after* -fast and invoke './Configure linux-alpha-ccc' manually.
+#
+# <appro@fy.chalmers.se>
+#
+"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o::",
+"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:asm/alpha.o::",
+"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::",
+"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:asm/alpha.o::",
# assembler versions -- currently defunct:
-##"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG DES_UNROLL DES_RISC1:asm/alpha.o::",
-##"alpha-cc", "cc:-tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG:asm/alpha.o::",
-##"alpha164-cc", "cc:-tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG:asm/alpha.o::",
##"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:asm/alpha.o::",
# The intel boxes :-), It would be worth seeing if bsdi-gcc can use the
# bn86-elf.o file file since it is hand tweaked assembler.
-"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
-"debug-linux-elf","gcc:-DREF_CHECK -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
-"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
+"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"debug-linux-elf","gcc:-DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
"linux-mips", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
-"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::::",
+"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
+"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::SIXTY_FOUR_BIT_LONG::",
"NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
"NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
-"NetBSD-x86", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:",
-"FreeBSD-elf", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
-"FreeBSD", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
-"bsdi-gcc", "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown)::RSA_LLONG $x86_gcc_des $x86_gcc_opts:$x86_bsdi_asm",
-"bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
-"nextstep", "cc:-O -Wall:<libc.h>:(unknown)::BN_LLONG $x86_gcc_des ${x86_gcc_opts}:::",
-"nextstep3.3", "cc:-O3 -Wall:<libc.h>:(unknown)::BN_LLONG $x86_gcc_des ${x86_gcc_opts}:::",
+"NetBSD-x86", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:",
+"FreeBSD-elf", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"FreeBSD", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
+"bsdi-gcc", "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown)::RSA_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_bsdi_asm}",
+"bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"nextstep", "cc:-O -Wall:<libc.h>:(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
+"nextstep3.3", "cc:-O3 -Wall:<libc.h>:(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
# NCR MP-RAS UNIX ver 02.03.01
-"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown):-lsocket -lnsl:$x86_gcc_des ${x86_gcc_opts}:::",
+"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown):-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::",
# UnixWare 2.0
-"unixware-2.0","cc:-O -DFILIO_H::(unknown):-lsocket -lnsl:$x86_gcc_des ${x86_gcc_opts}:::",
+"unixware-2.0","cc:-O -DFILIO_H::(unknown):-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::",
"unixware-2.0-pentium","cc:-O -DFILIO_H -Kpentium -Kthread::(unknown):-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+# UnixWare 7
+"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+
# IBM's AIX.
"aix-cc", "cc:-O -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR:::",
"aix-gcc", "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR:::",
@@ -249,17 +318,17 @@ my %table=(
# for some st_addr stuff, and then sizeof and address-of fails
# I could not use the ams/alpha.o option because the Cray assembler, 'cam'
# did not like it.
-"cray-t3e", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT:::",
+"cray-t3e", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:::",
# DGUX, 88100.
"dgux-R3-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::RC4_INDEX DES_UNROLL:::",
"dgux-R4-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown):-lnsl -lsocket:RC4_INDEX:RC4_INDEX DES_UNROLL:::",
-"dgux-R4-x86-gcc", "gcc:-O3 -fomit-frame-pointer -DL_ENDIAN::(unknown):-lnsl -lsocket:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+"dgux-R4-x86-gcc", "gcc:-O3 -fomit-frame-pointer -DL_ENDIAN::(unknown):-lnsl -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
# SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the
# SCO cc.
-"sco5-cc", "cc:::(unknown):-lsocket:$x86_gcc_des ${x86_gcc_opts}:::", # des options?
-"sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown):-lsocket:BN_LLONG $x86_gcc_des ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
+"sco5-cc", "cc:::(unknown):-lsocket:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
+"sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown):-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
# Sinix/ReliantUNIX RM400
# NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g */
@@ -268,7 +337,7 @@ my %table=(
"SINIX-N","/usr/ucb/cc:-O2 -misaligned::(unknown):-lucb:RC4_INDEX RC4_CHAR:::",
# SIEMENS BS2000/OSD: an EBCDIC-based mainframe
-"BS2000-OSD","c89:-XLLML -XLLMK -XL -DB_ENDIAN -DTERMIOS -DCHARSET_EBCDIC::(unknown):-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
+"BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DTERMIOS -DCHARSET_EBCDIC::(unknown):-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
# Windows NT, Microsoft Visual C++ 4.0
@@ -286,8 +355,8 @@ my %table=(
# CygWin32
# (Note: the real CFLAGS for Windows builds are defined by util/mk1mf.pl
# and its library files in util/pl/*)
-"CygWin32", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG $x86_gcc_des $x86_gcc_opts:",
-"Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG $x86_gcc_des $x86_gcc_opts:",
+"CygWin32", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:",
+"Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:",
# Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
"ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN::(unknown)::::::",
@@ -297,10 +366,13 @@ my %table=(
# Some OpenBSD from Bob Beck <beck@obtuse.com>
"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:::",
-"OpenBSD-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
+"OpenBSD-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
"OpenBSD", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL:::",
"OpenBSD-mips","gcc:-O2 -DL_ENDIAN::(unknown):BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR::::",
+##### MacOS X (a.k.a. Rhapsody) setup
+"rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
+
);
my @WinTargets=qw(VC-NT VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS BC-32
@@ -337,21 +409,27 @@ my $ranlib;
my $perl;
$ranlib=&which("ranlib") or $ranlib="true";
-$perl=&which("perl5") or $perl=&which("perl") or $perl="perl";
+$perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl")
+ or $perl="perl";
&usage if ($#ARGV < 0);
my $flags="";
my $depflags="";
+my $openssl_algorithm_defines="";
+my $openssl_thread_defines="";
+my $openssl_other_defines="";
my $libs="";
my $target="";
my $options="";
foreach (@ARGV)
{
+ s /^-no-/no-/; # some people just can't read the instructions
if (/^no-asm$/)
{
$no_asm=1;
$flags .= "-DNO_ASM ";
+ $openssl_other_defines .= "#define NO_ASM\n";
}
elsif (/^no-threads$/)
{ $no_threads=1; }
@@ -364,11 +442,14 @@ foreach (@ARGV)
$algo =~ tr/[a-z]/[A-Z]/;
$flags .= "-DNO_$algo ";
$depflags .= "-DNO_$algo ";
+ $openssl_algorithm_defines .= "#define NO_$algo\n";
if ($algo eq "DES")
{
+ push @skip, "mdc2";
$options .= " no-mdc2";
$flags .= "-DNO_MDC2 ";
$depflags .= "-DNO_MDC2 ";
+ $openssl_algorithm_defines .= "#define NO_MDC2\n";
}
}
elsif (/^386$/)
@@ -377,6 +458,7 @@ foreach (@ARGV)
{
$libs.= "-lRSAglue -lrsaref ";
$flags.= "-DRSAref ";
+ $openssl_other_defines .= "#define RSAref\n";
}
elsif (/^[-+]/)
{
@@ -432,6 +514,14 @@ if ($target eq "TABLE") {
exit 0;
}
+if ($target eq "LIST") {
+ foreach (sort keys %table) {
+ print;
+ print "\n";
+ }
+ exit 0;
+}
+
&usage if (!defined($table{$target}));
my $IsWindows=scalar grep /^$target$/,@WinTargets;
@@ -454,6 +544,7 @@ print "IsWindows=$IsWindows\n";
$cflags="$flags$cflags" if ($flags ne "");
my $thread_cflags;
+my $thread_defines;
if ($thread_cflag ne "(unknown)" && !$no_threads)
{
# If we know how to do it, support threads by default.
@@ -463,11 +554,21 @@ if ($thread_cflag eq "(unknown)")
{
# If the user asked for "threads", hopefully they also provided
# any system-dependent compiler options that are necessary.
- $thread_cflags="-DTHREADS $cflags"
+ $thread_cflags="-DTHREADS $cflags" ;
+ $thread_defines .= "#define THREADS\n";
}
else
{
- $thread_cflags="-DTHREADS $thread_cflag $cflags"
+ $thread_cflags="-DTHREADS $thread_cflag $cflags";
+ $thread_defines .= "#define THREADS\n";
+# my $def;
+# foreach $def (split ' ',$thread_cflag)
+# {
+# if ($def =~ s/^-D// && $def !~ /^_/)
+# {
+# $thread_defines .= "#define $def\n";
+# }
+# }
}
$lflags="$libs$lflags"if ($libs ne "");
@@ -481,6 +582,7 @@ if ($no_asm)
if ($threads)
{
$cflags=$thread_cflags;
+ $openssl_thread_defines .= $thread_defines;
}
#my ($bn1)=split(/\s+/,$bn_obj);
@@ -530,6 +632,7 @@ if ($version =~ /(^[0-9]*)\.([0-9\.]*)/)
open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
open(OUT,">$Makefile") || die "unable to create $Makefile:$!\n";
+print OUT "### Generated automatically from Makefile.org by Configure.\n\n";
my $sdirs=0;
while (<IN>)
{
@@ -598,6 +701,7 @@ my $md2_int=$def_int;
my $idea_int=$def_int;
my $rc2_int=$def_int;
my $rc4_idx=0;
+my $rc4_chunk=0;
my $bf_ptr=0;
my @type=("char","short","int","long");
my ($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0);
@@ -615,6 +719,8 @@ foreach (sort split(/\s+/,$bn_ops))
$rc4_int=0 if /RC4_CHAR/;
$rc4_int=3 if /RC4_LONG/;
$rc4_idx=1 if /RC4_INDEX/;
+ $rc4_chunk=1 if /RC4_CHUNK/;
+ $rc4_chunk=2 if /RC4_CHUNK_LL/;
$md2_int=0 if /MD2_CHAR/;
$md2_int=3 if /MD2_LONG/;
$idea_int=1 if /IDEA_SHORT/;
@@ -632,6 +738,18 @@ foreach (sort split(/\s+/,$bn_ops))
open(IN,'<crypto/opensslconf.h.in') || die "unable to read crypto/opensslconf.h.in:$!\n";
open(OUT,'>crypto/opensslconf.h') || die "unable to create crypto/opensslconf.h:$!\n";
+print OUT "/* opensslconf.h */\n";
+print OUT "/* WARNING: Generated automatically from opensslconf.h.in by Configure. */\n\n";
+
+print OUT "/* OpenSSL was configured with the following options: */\n";
+$openssl_algorithm_defines =~ s/^\s*#\s*define\s+(.*)/# ifndef $1\n# define $1\n# endif/mg;
+$openssl_algorithm_defines = " /* no ciphers excluded */\n" if $openssl_algorithm_defines eq "";
+$openssl_thread_defines =~ s/^\s*#\s*define\s+(.*)/# ifndef $1\n# define $1\n# endif/mg;
+$openssl_other_defines =~ s/^\s*#\s*define\s+(.*)/# ifndef $1\n# define $1\n# endif/mg;
+print OUT "#ifdef OPENSSL_ALGORITHM_DEFINES\n$openssl_algorithm_defines#endif\n";
+print OUT "#ifdef OPENSSL_THREAD_DEFINES\n$openssl_thread_defines#endif\n";
+print OUT "#ifdef OPENSSL_OTHER_DEFINES\n$openssl_other_defines#endif\n\n";
+
while (<IN>)
{
if (/^#define\s+OPENSSLDIR/)
@@ -666,6 +784,12 @@ while (<IN>)
{ printf OUT "#%s DES_UNROLL\n",($des_unroll)?'define':'undef'; }
elsif (/^#define\s+RC4_INT\s/)
{ printf OUT "#define RC4_INT unsigned %s\n",$type[$rc4_int]; }
+ elsif (/^#undef\s+RC4_CHUNK/)
+ {
+ printf OUT "#undef RC4_CHUNK\n" if $rc4_chunk==0;
+ printf OUT "#define RC4_CHUNK unsigned long\n" if $rc4_chunk==1;
+ printf OUT "#define RC4_CHUNK unsigned long long\n" if $rc4_chunk==2;
+ }
elsif (/^#((define)|(undef))\s+RC4_INDEX/)
{ printf OUT "#%s RC4_INDEX\n",($rc4_idx)?"define":"undef"; }
elsif (/^#(define|undef)\s+I386_ONLY/)
@@ -705,6 +829,9 @@ print "DES_INT used\n" if $des_int;
print "BN_LLONG mode\n" if $bn_ll;
print "RC4 uses u$type[$rc4_int]\n" if $rc4_int != $def_int;
print "RC4_INDEX mode\n" if $rc4_idx;
+print "RC4_CHUNK is undefined\n" if $rc4_chunk==0;
+print "RC4_CHUNK is unsigned long\n" if $rc4_chunk==1;
+print "RC4_CHUNK is unsigned long long\n" if $rc4_chunk==2;
print "MD2 uses u$type[$md2_int]\n" if $md2_int != $def_int;
print "IDEA uses u$type[$idea_int]\n" if $idea_int != $def_int;
print "RC2 uses u$type[$rc2_int]\n" if $rc2_int != $def_int;
@@ -723,8 +850,6 @@ if($IsWindows) {
#endif
EOF
close(OUT);
-
- system "perl crypto/objects/obj_dat.pl <crypto\\objects\\objects.h >crypto\\objects\\obj_dat.h";
} else {
(system "make -f Makefile.ssl PERL=\'$perl\' links") == 0 or exit $?;
### (system 'make depend') == 0 or exit $? if $depflags ne "";
@@ -733,43 +858,17 @@ EOF
&dofile("tools/c_rehash",$openssldir,'^DIR=', 'DIR=%s',);
if ( $perl =~ m@^/@) {
&dofile("apps/der_chop",$perl,'^#!/', '#!%s');
+ &dofile("apps/CA.pl",$perl,'^#!/', '#!%s');
} else {
# No path for Perl known ...
&dofile("apps/der_chop",'/usr/local/bin/perl','^#!/', '#!%s');
+ &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
}
}
-my $pwd;
-
-if($IsWindows) {
- $pwd="(current directory)";
-} else {
- $pwd =`pwd`;
- chop($pwd);
-}
print <<EOF;
-NOTE: The OpenSSL header files have been moved from include/*.h
-to include/openssl/*.h. To include OpenSSL header files, now
-directives of the form
- #include <openssl/foo.h>
-should be used instead of #include <foo.h>.
-These new file locations allow installing the OpenSSL header
-files in /usr/local/include/openssl/ and should help avoid
-conflicts with other libraries.
-
-To compile programs that use the old form <foo.h>,
-usually an additional compiler option will suffice: E.g., add
- -I$prefix/include/openssl
-or
- -I$pwd/include/openssl
-to the CFLAGS in the Makefile of the program that you want to compile
-(and leave all the original -I...'s in place!).
-
-Please make sure that no old OpenSSL header files are around:
-The include directory should now be empty except for the openssl
-subdirectory.
-
+Configured for $target.
EOF
print <<\EOF if (!$no_threads && !$threads);
@@ -777,7 +876,6 @@ print <<\EOF if (!$no_threads && !$threads);
The library could not be configured for supporting multi-threaded
applications as the compiler options required on this system are not known.
See file INSTALL for details if you need multi-threading.
-
EOF
exit(0);
@@ -785,22 +883,33 @@ exit(0);
sub usage
{
print STDERR $usage;
- print STDERR "pick os/compiler from:";
+ print STDERR "\npick os/compiler from:\n";
my $j=0;
my $i;
+ my $k=0;
foreach $i (sort keys %table)
{
next if $i =~ /^debug/;
- print STDERR "\n" if ($j++ % 4) == 0;
- printf(STDERR "%-18s ",$i);
+ $k += length($i) + 1;
+ if ($k > 78)
+ {
+ print STDERR "\n";
+ $k=length($i);
+ }
+ print STDERR $i . " ";
}
foreach $i (sort keys %table)
{
next if $i !~ /^debug/;
- print STDERR "\n" if ($j++ % 4) == 0;
- printf(STDERR "%-18s ",$i);
+ $k += length($i) + 1;
+ if ($k > 78)
+ {
+ print STDERR "\n";
+ $k=length($i);
+ }
+ print STDERR $i . " ";
}
- print STDERR "\n";
+ print STDERR "\n\nNOTE: If in doubt, on Unix-ish systems use './config'.\n";
exit(1);
}
@@ -830,12 +939,11 @@ sub dofile
{
grep(/$k/ && ($_=sprintf($m{$k}."\n",$p)),@a);
}
- ($ff=$f) =~ s/\..*$//;
- open(OUT,">$ff.new") || die "unable to open $f:$!\n";
+ open(OUT,">$f.new") || die "unable to open $f.new:$!\n";
print OUT @a;
close(OUT);
- rename($f,"$ff.bak") || die "unable to rename $f\n" if -e $f;
- rename("$ff.new",$f) || die "unable to rename $ff.new\n";
+ rename($f,"$f.bak") || die "unable to rename $f\n" if -e $f;
+ rename("$f.new",$f) || die "unable to rename $f.new\n";
}
sub print_table_entry
diff --git a/crypto/openssl/FAQ b/crypto/openssl/FAQ
new file mode 100644
index 000000000000..7a27c147a475
--- /dev/null
+++ b/crypto/openssl/FAQ
@@ -0,0 +1,287 @@
+OpenSSL - Frequently Asked Questions
+--------------------------------------
+
+* Which is the current version of OpenSSL?
+* Where is the documentation?
+* How can I contact the OpenSSL developers?
+* Do I need patent licenses to use OpenSSL?
+* Is OpenSSL thread-safe?
+* Why do I get a "PRNG not seeded" error message?
+* Why does the linker complain about undefined symbols?
+* Where can I get a compiled version of OpenSSL?
+* I've compiled a program under Windows and it crashes: why?
+* I've called <some function> and it fails, why?
+* I just get a load of numbers for the error output, what do they mean?
+* Why do I get errors about unknown algorithms?
+* How do I create certificates or certificate requests?
+* Why can't I create certificate requests?
+* Why does <SSL program> fail with a certificate verify error?
+* How can I create DSA certificates?
+* Why can't I make an SSL connection using a DSA certificate?
+* Why can't the OpenSSH configure script detect OpenSSL?
+
+
+* Which is the current version of OpenSSL?
+
+The current version is available from <URL: http://www.openssl.org>.
+OpenSSL 0.9.5a was released on April 1st, 2000.
+
+In addition to the current stable release, you can also access daily
+snapshots of the OpenSSL development version at <URL:
+ftp://ftp.openssl.org/snapshot/>, or get it by anonymous CVS access.
+
+
+* Where is the documentation?
+
+OpenSSL is a library that provides cryptographic functionality to
+applications such as secure web servers. Be sure to read the
+documentation of the application you want to use. The INSTALL file
+explains how to install this library.
+
+OpenSSL includes a command line utility that can be used to perform a
+variety of cryptographic functions. It is described in the openssl(1)
+manpage. Documentation for developers is currently being written. A
+few manual pages already are available; overviews over libcrypto and
+libssl are given in the crypto(3) and ssl(3) manpages.
+
+The OpenSSL manpages are installed in /usr/local/ssl/man/ (or a
+different directory if you specified one as described in INSTALL).
+In addition, you can read the most current versions at
+<URL: http://www.openssl.org/docs/>.
+
+For information on parts of libcrypto that are not yet documented, you
+might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's
+predecessor, at <URL: http://www.columbia.edu/~ariel/ssleay/>. Much
+of this still applies to OpenSSL.
+
+There is some documentation about certificate extensions and PKCS#12
+in doc/openssl.txt
+
+The original SSLeay documentation is included in OpenSSL as
+doc/ssleay.txt. It may be useful when none of the other resources
+help, but please note that it reflects the obsolete version SSLeay
+0.6.6.
+
+
+* How can I contact the OpenSSL developers?
+
+The README file describes how to submit bug reports and patches to
+OpenSSL. Information on the OpenSSL mailing lists is available from
+<URL: http://www.openssl.org>.
+
+
+* Do I need patent licenses to use OpenSSL?
+
+The patents section of the README file lists patents that may apply to
+you if you want to use OpenSSL. For information on intellectual
+property rights, please consult a lawyer. The OpenSSL team does not
+offer legal advice.
+
+You can configure OpenSSL so as not to use RC5 and IDEA by using
+ ./config no-rc5 no-idea
+
+Until the RSA patent expires, U.S. users may want to use
+ ./config no-rc5 no-idea no-rsa
+
+Please note that you will *not* be able to communicate with most of
+the popular web browsers without RSA support.
+
+
+* Is OpenSSL thread-safe?
+
+Yes (with limitations: an SSL connection may not concurrently be used
+by multiple threads). On Windows and many Unix systems, OpenSSL
+automatically uses the multi-threaded versions of the standard
+libraries. If your platform is not one of these, consult the INSTALL
+file.
+
+Multi-threaded applications must provide two callback functions to
+OpenSSL. This is described in the threads(3) manpage.
+
+
+* Why do I get a "PRNG not seeded" error message?
+
+Cryptographic software needs a source of unpredictable data to work
+correctly. Many open source operating systems provide a "randomness
+device" that serves this purpose. On other systems, applications have
+to call the RAND_add() or RAND_seed() function with appropriate data
+before generating keys or performing public key encryption.
+
+Some broken applications do not do this. As of version 0.9.5, the
+OpenSSL functions that need randomness report an error if the random
+number generator has not been seeded with at least 128 bits of
+randomness. If this error occurs, please contact the author of the
+application you are using. It is likely that it never worked
+correctly. OpenSSL 0.9.5 and later make the error visible by refusing
+to perform potentially insecure encryption.
+
+On systems without /dev/urandom, it is a good idea to use the Entropy
+Gathering Demon; see the RAND_egd() manpage for details.
+
+Most components of the openssl command line tool try to use the
+file $HOME/.rnd (or $RANDFILE, if this environment variable is set)
+for seeding the PRNG. If this file does not exist or is too short,
+the "PRNG not seeded" error message may occur.
+
+[Note to OpenSSL 0.9.5 users: The command "openssl rsa" in version
+0.9.5 does not do this and will fail on systems without /dev/urandom
+when trying to password-encrypt an RSA key! This is a bug in the
+library; try a later version instead.]
+
+
+* Why does the linker complain about undefined symbols?
+
+Maybe the compilation was interrupted, and make doesn't notice that
+something is missing. Run "make clean; make".
+
+If you used ./Configure instead of ./config, make sure that you
+selected the right target. File formats may differ slightly between
+OS versions (for example sparcv8/sparcv9, or a.out/elf).
+
+In case you get errors about the following symbols, use the config
+option "no-asm", as described in INSTALL:
+
+ BF_cbc_encrypt, BF_decrypt, BF_encrypt, CAST_cbc_encrypt,
+ CAST_decrypt, CAST_encrypt, RC4, RC5_32_cbc_encrypt, RC5_32_decrypt,
+ RC5_32_encrypt, bn_add_words, bn_div_words, bn_mul_add_words,
+ bn_mul_comba4, bn_mul_comba8, bn_mul_words, bn_sqr_comba4,
+ bn_sqr_comba8, bn_sqr_words, bn_sub_words, des_decrypt3,
+ des_ede3_cbc_encrypt, des_encrypt, des_encrypt2, des_encrypt3,
+ des_ncbc_encrypt, md5_block_asm_host_order, sha1_block_asm_data_order
+
+If none of these helps, you may want to try using the current snapshot.
+If the problem persists, please submit a bug report.
+
+
+* Where can I get a compiled version of OpenSSL?
+
+Some applications that use OpenSSL are distributed in binary form.
+When using such an application, you don't need to install OpenSSL
+yourself; the application will include the required parts (e.g. DLLs).
+
+If you want to install OpenSSL on a Windows system and you don't have
+a C compiler, read the "Mingw32" section of INSTALL.W32 for information
+on how to obtain and install the free GNU C compiler.
+
+A number of Linux and *BSD distributions include OpenSSL.
+
+
+* I've compiled a program under Windows and it crashes: why?
+
+This is usually because you've missed the comment in INSTALL.W32. You
+must link with the multithreaded DLL version of the VC++ runtime library
+otherwise the conflict will cause a program to crash: typically on the
+first BIO related read or write operation.
+
+
+* I've called <some function> and it fails, why?
+
+Before submitting a report or asking in one of the mailing lists you
+should try to determine the cause. In particular you should call
+ERR_print_errors() or ERR_print_errors_fp() after the failed call
+and see if the message helps.
+
+
+* I just get a load of numbers for the error output, what do they mean?
+
+The actual format is described in the ERR_print_errors() manual page.
+You should call the function ERR_load_crypto_strings() before hand and
+the message will be output in text form. If you can't do this (for example
+it is a pre-compiled binary) you can use the errstr utility on the error
+code itself (the hex digits after the second colon).
+
+
+* Why do I get errors about unknown algorithms?
+
+This can happen under several circumstances such as reading in an
+encrypted private key or attempting to decrypt a PKCS#12 file. The cause
+is forgetting to load OpenSSL's table of algorithms with
+OpenSSL_add_all_algorithms(). See the manual page for more information.
+
+
+* How do I create certificates or certificate requests?
+
+Check out the CA.pl(1) manual page. This provides a simple wrapper round
+the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check
+out the manual pages for the individual utilities and the certificate
+extensions documentation (currently in doc/openssl.txt).
+
+
+* Why can't I create certificate requests?
+
+You typically get the error:
+
+ unable to find 'distinguished_name' in config
+ problems making Certificate Request
+
+This is because it can't find the configuration file. Check out the
+DIAGNOSTICS section of req(1) for more information.
+
+
+* Why does <SSL program> fail with a certificate verify error?
+
+This problem is usually indicated by log messages saying something like
+"unable to get local issuer certificate" or "self signed certificate".
+When a certificate is verified its root CA must be "trusted" by OpenSSL
+this typically means that the CA certificate must be placed in a directory
+or file and the relevant program configured to read it. The OpenSSL program
+'verify' behaves in a similar way and issues similar error messages: check
+the verify(1) program manual page for more information.
+
+
+* How can I create DSA certificates?
+
+Check the CA.pl(1) manual page for a DSA certificate example.
+
+
+* Why can't I make an SSL connection to a server using a DSA certificate?
+
+Typically you'll see a message saying there are no shared ciphers when
+the same setup works fine with an RSA certificate. There are two possible
+causes. The client may not support connections to DSA servers most web
+browsers only support connections to servers supporting RSA cipher suites.
+The other cause is that a set of DH parameters has not been supplied to
+the server. DH parameters can be created with the dhparam(1) command and
+loaded using the SSL_CTX_set_tmp_dh() for example: check the source to
+s_server in apps/s_server.c for an example.
+
+
+* Why can't the OpenSSH configure script detect OpenSSL?
+
+There is a problem with OpenSSH 1.2.2p1, in that the configure script
+can't find the installed OpenSSL libraries. The problem is actually
+a small glitch that is easily solved with the following patch to be
+applied to the OpenSSH distribution:
+
+----- snip:start -----
+--- openssh-1.2.2p1/configure.in.orig Thu Mar 23 18:56:58 2000
++++ openssh-1.2.2p1/configure.in Thu Mar 23 18:55:05 2000
+@@ -152,10 +152,10 @@
+ AC_MSG_CHECKING([for OpenSSL/SSLeay directory])
+ for ssldir in "" $tryssldir /usr /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do
+ if test ! -z "$ssldir" ; then
+- LIBS="$saved_LIBS -L$ssldir"
++ LIBS="$saved_LIBS -L$ssldir/lib"
+ CFLAGS="$CFLAGS -I$ssldir/include"
+ if test "x$need_dash_r" = "x1" ; then
+- LIBS="$LIBS -R$ssldir"
++ LIBS="$LIBS -R$ssldir/lib"
+ fi
+ fi
+ LIBS="$LIBS -lcrypto"
+--- openssh-1.2.2p1/configure.orig Thu Mar 23 18:55:02 2000
++++ openssh-1.2.2p1/configure Thu Mar 23 18:57:08 2000
+@@ -1890,10 +1890,10 @@
+ echo "configure:1891: checking for OpenSSL/SSLeay directory" >&5
+ for ssldir in "" $tryssldir /usr /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do
+ if test ! -z "$ssldir" ; then
+- LIBS="$saved_LIBS -L$ssldir"
++ LIBS="$saved_LIBS -L$ssldir/lib"
+ CFLAGS="$CFLAGS -I$ssldir/include"
+ if test "x$need_dash_r" = "x1" ; then
+- LIBS="$LIBS -R$ssldir"
++ LIBS="$LIBS -R$ssldir/lib"
+ fi
+ fi
+ LIBS="$LIBS -lcrypto"
+----- snip:end -----
diff --git a/crypto/openssl/INSTALL b/crypto/openssl/INSTALL
index 6066fddc4a15..7cbde1663bd0 100644
--- a/crypto/openssl/INSTALL
+++ b/crypto/openssl/INSTALL
@@ -2,8 +2,8 @@
INSTALLATION ON THE UNIX PLATFORM
---------------------------------
- [See INSTALL.W32 for instructions for compiling OpenSSL on Windows systems,
- and INSTALL.VMS for installing on OpenVMS systems.]
+ [Installation on Windows, OpenVMS and MacOS (before MacOS X) is described
+ in INSTALL.W32, INSTALL.VMS and INSTALL.MacOS.]
To install OpenSSL, you will need:
@@ -33,7 +33,8 @@
Configuration Options
---------------------
- There are several options to ./config to customize the build:
+ There are several options to ./config (or ./Configure) to customize
+ the build:
--prefix=DIR Install in DIR/bin, DIR/lib, DIR/include/openssl.
Configuration files used by OpenSSL will be in DIR/ssl
@@ -77,8 +78,9 @@
This guesses at your operating system (and compiler, if necessary) and
configures OpenSSL based on this guess. Run ./config -t to see
- if it guessed correctly. If it did not get it correct or you want to
- use a different compiler then go to step 1b. Otherwise go to step 2.
+ if it guessed correctly. If you want to use a different compiler, you
+ are cross-compiling for another platform, or the ./config guess was
+ wrong for other reasons, go to step 1b. Otherwise go to step 2.
On some systems, you can include debugging information as follows:
@@ -101,7 +103,8 @@
If your system is not available, you will have to edit the Configure
program and add the correct configuration for your system. The
- generic configurations "cc" or "gcc" should usually work.
+ generic configurations "cc" or "gcc" should usually work on 32 bit
+ systems.
Configure creates the file Makefile.ssl from Makefile.org and
defines various macros in crypto/opensslconf.h (generated from
@@ -115,14 +118,12 @@
OpenSSL binary ("openssl"). The libraries will be built in the top-level
directory, and the binary will be in the "apps" directory.
- If "make" fails, please report the problem to <openssl-bugs@openssl.org>.
- Include the output of "./config -t" and the OpenSSL version
- number in your message.
+ If "make" fails, please report the problem to <openssl-bugs@openssl.org>
+ (note that your message will be forwarded to a public mailing list).
+ Include the output of "make report" in your message.
[If you encounter assembler error messages, try the "no-asm"
- configuration option as an immediate fix. Note that on Solaris x86
- (not on Sparcs!) you may have to install the GNU assembler to use
- OpenSSL assembler code -- /usr/ccs/bin/as won't do.]
+ configuration option as an immediate fix.]
Compiling parts of OpenSSL with gcc and others with the system
compiler will result in unresolved symbols on some systems.
@@ -134,7 +135,7 @@
If a test fails, try removing any compiler optimization flags from
the CFLAGS line in Makefile.ssl and run "make clean; make". Please
send a bug report to <openssl-bugs@openssl.org>, including the
- output of "openssl version -a" and of the failed test.
+ output of "make report".
4. If everything tests ok, install OpenSSL with
@@ -145,11 +146,13 @@
certs Initially empty, this is the default location
for certificate files.
+ man/man1 Manual pages for the 'openssl' command line tool
+ man/man3 Manual pages for the libraries (very incomplete)
misc Various scripts.
private Initially empty, this is the default location
for private key files.
- If you didn't chose a different installation prefix, the
+ If you didn't choose a different installation prefix, the
following additional subdirectories will be created:
bin Contains the openssl binary and a few other
@@ -250,138 +253,3 @@
you can still use "no-threads" to suppress an annoying warning message
from the Configure script.)
-
---------------------------------------------------------------------------------
-The orignal Unix build instructions from SSLeay follow.
-Note: some of this may be out of date and no longer applicable
---------------------------------------------------------------------------------
-
-# When bringing the SSLeay distribution back from the evil intel world
-# of Windows NT, do the following to make it nice again under unix :-)
-# You don't normally need to run this.
-sh util/fixNT.sh # This only works for NT now - eay - 21-Jun-1996
-
-# If you have perl, and it is not in /usr/local/bin, you can run
-perl util/perlpath.pl /new/path
-# and this will fix the paths in all the scripts. DO NOT put
-# /new/path/perl, just /new/path. The build
-# environment always run scripts as 'perl perlscript.pl' but some of the
-# 'applications' are easier to usr with the path fixed.
-
-# Edit crypto/cryptlib.h, tools/c_rehash, and Makefile.ssl
-# to set the install locations if you don't like
-# the default location of /usr/local/ssl
-# Do this by running
-perl util/ssldir.pl /new/ssl/home
-# if you have perl, or by hand if not.
-
-# If things have been stuffed up with the sym links, run
-make -f Makefile.ssl links
-# This will re-populate lib/include with symlinks and for each
-# directory, link Makefile to Makefile.ssl
-
-# Setup the machine dependent stuff for the top level makefile
-# and some select .h files
-# If you don't have perl, this will bomb, in which case just edit the
-# top level Makefile.ssl
-./Configure 'system type'
-
-# The 'Configure' command contains default configuration parameters
-# for lots of machines. Configure edits 5 lines in the top level Makefile
-# It modifies the following values in the following files
-Makefile.ssl CC CFLAG EX_LIBS BN_MULW
-crypto/des/des.h DES_LONG
-crypto/des/des_locl.h DES_PTR
-crypto/md2/md2.h MD2_INT
-crypto/rc4/rc4.h RC4_INT
-crypto/rc4/rc4_enc.c RC4_INDEX
-crypto/rc2/rc2.h RC2_INT
-crypto/bf/bf_locl.h BF_INT
-crypto/idea/idea.h IDEA_INT
-crypto/bn/bn.h BN_LLONG (and defines one of SIXTY_FOUR_BIT,
- SIXTY_FOUR_BIT_LONG, THIRTY_TWO_BIT,
- SIXTEEN_BIT or EIGHT_BIT)
-Please remember that all these files are actually copies of the file with
-a .org extention. So if you change crypto/des/des.h, the next time
-you run Configure, it will be runover by a 'configured' version of
-crypto/des/des.org. So to make the changer the default, change the .org
-files. The reason these files have to be edited is because most of
-these modifications change the size of fundamental data types.
-While in theory this stuff is optional, it often makes a big
-difference in performance and when using assember, it is importaint
-for the 'Bignum bits' match those required by the assember code.
-A warning for people using gcc with sparc cpu's. Gcc needs the -mv8
-flag to use the hardware multiply instruction which was not present in
-earlier versions of the sparc CPU. I define it by default. If you
-have an old sparc, and it crashes, try rebuilding with this flag
-removed. I am leaving this flag on by default because it makes
-things run 4 times faster :-)
-
-# clean out all the old stuff
-make clean
-
-# Do a make depend only if you have the makedepend command installed
-# This is not needed but it does make things nice when developing.
-make depend
-
-# make should build everything
-make
-
-# fix up the demo certificate hash directory if it has been stuffed up.
-make rehash
-
-# test everything
-make test
-
-# install the lot
-make install
-
-# It is worth noting that all the applications are built into the one
-# program, ssleay, which is then has links from the other programs
-# names to it.
-# The applicatons can be built by themselves, just don't define the
-# 'MONOLITH' flag. So to build the 'enc' program stand alone,
-gcc -O2 -Iinclude apps/enc.c apps/apps.c libcrypto.a
-
-# Other useful make options are
-make makefile.one
-# which generate a 'makefile.one' file which will build the complete
-# SSLeay distribution with temp. files in './tmp' and 'installable' files
-# in './out'
-
-# Have a look at running
-perl util/mk1mf.pl help
-# this can be used to generate a single makefile and is about the only
-# way to generate makefiles for windows.
-
-# There is actually a final way of building SSLeay.
-gcc -O2 -c -Icrypto -Iinclude crypto/crypto.c
-gcc -O2 -c -Issl -Iinclude ssl/ssl.c
-# and you now have the 2 libraries as single object files :-).
-# If you want to use the assember code for your particular platform
-# (DEC alpha/x86 are the main ones, the other assember is just the
-# output from gcc) you will need to link the assember with the above generated
-# object file and also do the above compile as
-gcc -O2 -DBN_ASM -c -Icrypto -Iinclude crypto/crypto.c
-
-This last option is probably the best way to go when porting to another
-platform or building shared libraries. It is not good for development so
-I don't normally use it.
-
-To build shared libararies under unix, have a look in shlib, basically
-you are on your own, but it is quite easy and all you have to do
-is compile 2 (or 3) files.
-
-For mult-threading, have a read of doc/threads.doc. Again it is quite
-easy and normally only requires some extra callbacks to be defined
-by the application.
-The examples for solaris and windows NT/95 are in the mt directory.
-
-have fun
-
-eric 25-Jun-1997
-
-IRIX 5.x will build as a 32 bit system with mips1 assember.
-IRIX 6.x will build as a 64 bit system with mips3 assember. It conforms
-to n32 standards. In theory you can compile the 64 bit assember under
-IRIX 5.x but you will have to have the correct system software installed.
diff --git a/crypto/openssl/LICENSE b/crypto/openssl/LICENSE
index b9e18d5e7bf3..bdd5f7bdd09b 100644
--- a/crypto/openssl/LICENSE
+++ b/crypto/openssl/LICENSE
@@ -12,7 +12,7 @@
---------------
/* ====================================================================
- * Copyright (c) 1998-1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
diff --git a/crypto/openssl/Makefile.org b/crypto/openssl/Makefile.org
index 2def579c264e..5b997fd3489f 100644
--- a/crypto/openssl/Makefile.org
+++ b/crypto/openssl/Makefile.org
@@ -28,8 +28,6 @@ OPENSSLDIR=/usr/local/ssl
# DEVRANDOM - Give this the value of the 'random device' if your OS supports
# one. 32 bytes will be read from this when the random
# number generator is initalised.
-# SSL_ALLOW_ADH - define if you want the server to be able to use the
-# SSLv3 anon-DH ciphers.
# SSL_FORBID_ENULL - define if you want the server to be not able to use the
# NULL encryption ciphers.
#
@@ -56,6 +54,8 @@ EX_LIBS=
AR=ar r
RANLIB= ranlib
PERL= perl
+TAR= tar
+TARFLAGS= --norecurse
# Set BN_ASM to bn_asm.o if you want to use the C version
BN_ASM= bn_asm.o
@@ -156,6 +156,7 @@ SDIRS= \
MAKEFILE= Makefile.ssl
MAKE= make -f Makefile.ssl
+MANDIR=$(OPENSSLDIR)/man
MAN1=1
MAN3=3
SHELL=/bin/sh
@@ -180,6 +181,7 @@ all: Makefile.ssl
(cd $$i && echo "making all in $$i..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
done
+ -@# cd crypto; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' testapps
-@# cd perl; $(PERL) Makefile.PL; make
sub_all:
@@ -215,7 +217,7 @@ libclean:
rm -f *.a */lib */*/lib
clean:
- rm -f shlib/*.o *.o core a.out fluff *.map
+ rm -f shlib/*.o *.o core a.out fluff *.map rehash.time testlog make.log cctest cctest.c
@for i in $(DIRS) ;\
do \
(cd $$i && echo "making clean in $$i..." && \
@@ -258,8 +260,10 @@ dclean:
$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' dclean ) || exit 1; \
done;
-rehash:
+rehash: rehash.time
+rehash.time: certs
@(OPENSSL="`pwd`/apps/openssl"; export OPENSSL; sh tools/c_rehash certs)
+ touch rehash.time
test: tests
@@ -268,6 +272,9 @@ tests: rehash
$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' tests );
@apps/openssl version -a
+report:
+ @$(PERL) util/selftest.pl
+
depend:
@for i in $(DIRS) ;\
do \
@@ -298,14 +305,17 @@ util/libeay.num::
util/ssleay.num::
perl util/mkdef.pl ssl update
+crypto/objects/obj_dat.h: crypto/objects/objects.h crypto/objects/obj_dat.pl
+ perl crypto/objects/obj_dat.pl crypto/objects/objects.h crypto/objects/obj_dat.h
+
TABLE: Configure
(echo 'Output of `Configure TABLE'"':"; \
perl Configure TABLE) > TABLE
-update: depend errors util/libeay.num util/ssleay.num TABLE
+update: depend errors util/libeay.num util/ssleay.num crypto/objects/obj_dat.h TABLE
tar:
- @tar --norecurse -cvf - \
+ @$(TAR) $(TARFLAGS) -cvf - \
`find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort` |\
tardy --user_number=0 --user_name=openssl \
--group_number=0 --group_name=openssl \
@@ -322,7 +332,7 @@ dist:
dist_pem_h:
(cd crypto/pem; $(MAKE) CC='${CC}' SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
-install: all
+install: all install_docs
@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
$(INSTALL_PREFIX)$(INSTALLTOP)/lib \
$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
@@ -338,7 +348,7 @@ install: all
@for i in $(DIRS) ;\
do \
(cd $$i; echo "installing $$i..."; \
- $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' install ); \
+ $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' install ); \
done
@for i in $(LIBS) ;\
do \
@@ -348,4 +358,36 @@ install: all
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
done
+install_docs:
+ @$(PERL) $(TOP)/util/mkdir-p.pl \
+ $(INSTALL_PREFIX)$(MANDIR)/man1 \
+ $(INSTALL_PREFIX)$(MANDIR)/man3 \
+ $(INSTALL_PREFIX)$(MANDIR)/man5 \
+ $(INSTALL_PREFIX)$(MANDIR)/man7
+ @echo installing man 1 and man 5
+ @for i in doc/apps/*.pod; do \
+ fn=`basename $$i .pod`; \
+ sec=`[ "$$fn" = "config" ] && echo 5 || echo 1`; \
+ (cd `dirname $$i`; \
+ $(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
+ --release=$(VERSION) `basename $$i`) \
+ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+ done
+ @echo installing man 3 and man 7
+ @for i in doc/crypto/*.pod doc/ssl/*.pod; do \
+ fn=`basename $$i .pod`; \
+ sec=`[ "$$fn" = "des_modes" ] && echo 7 || echo 3`; \
+ (cd `dirname $$i`; \
+ $(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
+ --release=$(VERSION) `basename $$i`) \
+ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+ done
+
+shlib: all
+ if [ ! -d shlib_dir ] ; then mkdir shlib_dir ; else rm -f shlib_dir/* ; fi
+ cd shlib_dir ; ar -x ../libcrypto.a && $(CC) -shared ./*.o -Wl,-soname -Wl,libcrypto.so.0.9 \
+ -o ./libcrypto.so.0.9.4 && rm *.o
+ cd shlib_dir ; ar -x ../libssl.a && $(CC) -shared ./*.o -Wl,-soname -Wl,libssl.so.0.9 \
+ -o ./libssl.so.0.9.4 && rm *.o
+
# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/openssl/Makefile.ssl b/crypto/openssl/Makefile.ssl
index a72cbbb40c83..5f36971c2a8a 100644
--- a/crypto/openssl/Makefile.ssl
+++ b/crypto/openssl/Makefile.ssl
@@ -1,10 +1,12 @@
+### Generated automatically from Makefile.org by Configure.
+
##
## Makefile for OpenSSL
##
-VERSION=0.9.4
+VERSION=0.9.5a
MAJOR=0
-MINOR=9.4
+MINOR=9.5
PLATFORM=dist
OPTIONS=
# INSTALL_PREFIX is for package builders so that they can configure
@@ -28,8 +30,6 @@ OPENSSLDIR=/usr/local/ssl
# DEVRANDOM - Give this the value of the 'random device' if your OS supports
# one. 32 bytes will be read from this when the random
# number generator is initalised.
-# SSL_ALLOW_ADH - define if you want the server to be able to use the
-# SSLv3 anon-DH ciphers.
# SSL_FORBID_ENULL - define if you want the server to be not able to use the
# NULL encryption ciphers.
#
@@ -55,7 +55,9 @@ PEX_LIBS= -L. -L.. -L../.. -L../../..
EX_LIBS=
AR=ar r
RANLIB= /usr/bin/ranlib
-PERL= /usr/local/bin/perl5
+PERL= /usr/local/bin/perl
+TAR= tar
+TARFLAGS= --norecurse
# Set BN_ASM to bn_asm.o if you want to use the C version
BN_ASM= bn_asm.o
@@ -156,6 +158,7 @@ SDIRS= \
MAKEFILE= Makefile.ssl
MAKE= make -f Makefile.ssl
+MANDIR=$(OPENSSLDIR)/man
MAN1=1
MAN3=3
SHELL=/bin/sh
@@ -180,6 +183,7 @@ all: Makefile.ssl
(cd $$i && echo "making all in $$i..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
done
+ -@# cd crypto; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' testapps
-@# cd perl; $(PERL) Makefile.PL; make
sub_all:
@@ -215,7 +219,7 @@ libclean:
rm -f *.a */lib */*/lib
clean:
- rm -f shlib/*.o *.o core a.out fluff *.map
+ rm -f shlib/*.o *.o core a.out fluff *.map rehash.time testlog make.log cctest cctest.c
@for i in $(DIRS) ;\
do \
(cd $$i && echo "making clean in $$i..." && \
@@ -258,8 +262,10 @@ dclean:
$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' dclean ) || exit 1; \
done;
-rehash:
+rehash: rehash.time
+rehash.time: certs
@(OPENSSL="`pwd`/apps/openssl"; export OPENSSL; sh tools/c_rehash certs)
+ touch rehash.time
test: tests
@@ -268,6 +274,9 @@ tests: rehash
$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' tests );
@apps/openssl version -a
+report:
+ @$(PERL) util/selftest.pl
+
depend:
@for i in $(DIRS) ;\
do \
@@ -298,14 +307,17 @@ util/libeay.num::
util/ssleay.num::
perl util/mkdef.pl ssl update
+crypto/objects/obj_dat.h: crypto/objects/objects.h crypto/objects/obj_dat.pl
+ perl crypto/objects/obj_dat.pl crypto/objects/objects.h crypto/objects/obj_dat.h
+
TABLE: Configure
(echo 'Output of `Configure TABLE'"':"; \
perl Configure TABLE) > TABLE
-update: depend errors util/libeay.num util/ssleay.num TABLE
+update: depend errors util/libeay.num util/ssleay.num crypto/objects/obj_dat.h TABLE
tar:
- @tar --norecurse -cvf - \
+ @$(TAR) $(TARFLAGS) -cvf - \
`find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort` |\
tardy --user_number=0 --user_name=openssl \
--group_number=0 --group_name=openssl \
@@ -322,7 +334,7 @@ dist:
dist_pem_h:
(cd crypto/pem; $(MAKE) CC='${CC}' SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
-install: all
+install: all install_docs
@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
$(INSTALL_PREFIX)$(INSTALLTOP)/lib \
$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
@@ -338,7 +350,7 @@ install: all
@for i in $(DIRS) ;\
do \
(cd $$i; echo "installing $$i..."; \
- $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' install ); \
+ $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' install ); \
done
@for i in $(LIBS) ;\
do \
@@ -348,4 +360,36 @@ install: all
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
done
+install_docs:
+ @$(PERL) $(TOP)/util/mkdir-p.pl \
+ $(INSTALL_PREFIX)$(MANDIR)/man1 \
+ $(INSTALL_PREFIX)$(MANDIR)/man3 \
+ $(INSTALL_PREFIX)$(MANDIR)/man5 \
+ $(INSTALL_PREFIX)$(MANDIR)/man7
+ @echo installing man 1 and man 5
+ @for i in doc/apps/*.pod; do \
+ fn=`basename $$i .pod`; \
+ sec=`[ "$$fn" = "config" ] && echo 5 || echo 1`; \
+ (cd `dirname $$i`; \
+ $(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
+ --release=$(VERSION) `basename $$i`) \
+ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+ done
+ @echo installing man 3 and man 7
+ @for i in doc/crypto/*.pod doc/ssl/*.pod; do \
+ fn=`basename $$i .pod`; \
+ sec=`[ "$$fn" = "des_modes" ] && echo 7 || echo 3`; \
+ (cd `dirname $$i`; \
+ $(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
+ --release=$(VERSION) `basename $$i`) \
+ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+ done
+
+shlib: all
+ if [ ! -d shlib_dir ] ; then mkdir shlib_dir ; else rm -f shlib_dir/* ; fi
+ cd shlib_dir ; ar -x ../libcrypto.a && $(CC) -shared ./*.o -Wl,-soname -Wl,libcrypto.so.0.9 \
+ -o ./libcrypto.so.0.9.4 && rm *.o
+ cd shlib_dir ; ar -x ../libssl.a && $(CC) -shared ./*.o -Wl,-soname -Wl,libssl.so.0.9 \
+ -o ./libssl.so.0.9.4 && rm *.o
+
# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/openssl/NEWS b/crypto/openssl/NEWS
index c152b7155d8f..7c30b76124aa 100644
--- a/crypto/openssl/NEWS
+++ b/crypto/openssl/NEWS
@@ -5,6 +5,51 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a:
+
+ o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8
+ o Shared library support for HPUX and Solaris-gcc
+ o Support of Linux/IA64
+ o Assembler support for Mingw32
+ o New 'rand' application
+ o New way to check for existence of algorithms from scripts
+
+ Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5:
+
+ o S/MIME support in new 'smime' command
+ o Documentation for the OpenSSL command line application
+ o Automation of 'req' application
+ o Fixes to make s_client, s_server work under Windows
+ o Support for multiple fieldnames in SPKACs
+ o New SPKAC command line utilty and associated library functions
+ o Options to allow passwords to be obtained from various sources
+ o New public key PEM format and options to handle it
+ o Many other fixes and enhancements to command line utilities
+ o Usable certificate chain verification
+ o Certificate purpose checking
+ o Certificate trust settings
+ o Support of authority information access extension
+ o Extensions in certificate requests
+ o Simplified X509 name and attribute routines
+ o Initial (incomplete) support for international character sets
+ o New DH_METHOD, DSA_METHOD and enhanced RSA_METHOD
+ o Read only memory BIOs and simplified creation function
+ o TLS/SSL protocol bugfixes: Accept TLS 'client hello' in SSL 3.0
+ record; allow fragmentation and interleaving of handshake and other
+ data
+ o TLS/SSL code now "tolerates" MS SGC
+ o Work around for Netscape client certificate hang bug
+ o RSA_NULL option that removes RSA patent code but keeps other
+ RSA functionality
+ o Memory leak detection now allows applications to add extra information
+ via a per-thread stack
+ o PRNG robustness improved
+ o EGD support
+ o BIGNUM library bug fixes
+ o Faster DSA parameter generation
+ o Enhanced support for Alpha Linux
+ o Experimental MacOS support
+
Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4:
o Transparent support for PKCS#8 format private keys: these are used
diff --git a/crypto/openssl/README b/crypto/openssl/README
index d7682e8a2f64..320ac1b9b1d1 100644
--- a/crypto/openssl/README
+++ b/crypto/openssl/README
@@ -1,7 +1,7 @@
- OpenSSL 0.9.4 09 Aug 1999
+ OpenSSL 0.9.5a 1 Apr 2000
- Copyright (c) 1998-1999 The OpenSSL Project
+ Copyright (c) 1998-2000 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.
@@ -11,9 +11,10 @@
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, fully featured, and Open Source toolkit implementing the
Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
- protocols with full-strength cryptography world-wide. The project is managed
- by a worldwide community of volunteers that use the Internet to communicate,
- plan, and develop the OpenSSL toolkit and its related documentation.
+ protocols as well as a full-strength general purpose cryptography library.
+ The project is managed by a worldwide community of volunteers that use the
+ Internet to communicate, plan, and develop the OpenSSL toolkit and its
+ related documentation.
OpenSSL is based on the excellent SSLeay library developed from Eric A. Young
and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the
@@ -80,40 +81,14 @@
A Configuration loader that uses a format similar to MS .ini files.
openssl:
- A command line tool which provides the following functions:
-
- enc - a general encryption program that can encrypt/decrypt using
- one of 17 different cipher/mode combinations. The
- input/output can also be converted to/from base64
- ascii encoding.
- dgst - a generate message digesting program that will generate
- message digests for any of md2, md5, sha (sha-0 or sha-1)
- or mdc2.
- asn1parse - parse and display the structure of an asn1 encoded
- binary file.
- rsa - Manipulate RSA private keys.
- dsa - Manipulate DSA private keys.
- dh - Manipulate Diffie-Hellman parameter files.
- dsaparam- Manipulate and generate DSA parameter files.
- crl - Manipulate certificate revocation lists.
- crt2pkcs7- Generate a pkcs7 object containing a crl and a certificate.
- x509 - Manipulate x509 certificates, self-sign certificates.
- req - Manipulate PKCS#10 certificate requests and also
- generate certificate requests.
- genrsa - Generates an arbitrary sized RSA private key.
- gendsa - Generates DSA parameters.
- gendh - Generates a set of Diffie-Hellman parameters, the prime
- will be a strong prime.
- ca - Create certificates from PKCS#10 certificate requests.
- This program also maintains a database of certificates
- issued.
- verify - Check x509 certificate signatures.
- speed - Benchmark OpenSSL's ciphers.
- s_server- A test SSL server.
- s_client- A test SSL client.
- s_time - Benchmark SSL performance of SSL server programs.
- errstr - Convert from OpenSSL hex error codes to a readable form.
- nseq - Netscape certificate sequence utility
+ A command line tool that can be used for:
+ Creation of RSA, DH and DSA key parameters
+ Creation of X.509 certificates, CSRs and CRLs
+ Calculation of Message Digests
+ Encryption and Decryption with Ciphers
+ SSL/TLS Client and Server Tests
+ Handling of S/MIME signed or encrypted mail
+
PATENTS
-------
@@ -157,43 +132,40 @@
If you have any problems with OpenSSL then please take the following steps
first:
+ - Download the current snapshot from ftp://ftp.openssl.org/snapshot/
+ to see if the problem has already been addressed
- Remove ASM versions of libraries
- Remove compiler optimisation flags
- - Add compiler debug flags (if using gcc then remove -fomit-frame-pointer
- before you try to debug things)
If you wish to report a bug then please include the following information in
any bug report:
- OpenSSL Details
- - Version, most of these details can be got from the
- 'openssl version -a' command.
- Operating System Details
- - On Unix systems: Output of './config -t'
- - OS Name, Version
- - Hardware platform
- Compiler Details
- - Name
- - Version
- Application Details
- - Name
- - Version
- Problem Description
- - include steps that will reproduce the problem (if known)
- Stack Traceback (if the application dumps core)
+ - On Unix systems:
+ Self-test report generated by 'make report'
+ - On other systems:
+ OpenSSL version: output of 'openssl version -a'
+ OS Name, Version, Hardware platform
+ Compiler Details (name, version)
+ - Application Details (name, version)
+ - Problem Description (steps that will reproduce the problem, if known)
+ - Stack Traceback (if the application dumps core)
Report the bug to the OpenSSL project at:
openssl-bugs@openssl.org
+ Note that mail to openssl-bugs@openssl.org is forwarded to a public
+ mailing list. Confidential mail may be sent to openssl-security@openssl.org
+ (PGP key available from the key servers).
+
HOW TO CONTRIBUTE TO OpenSSL
----------------------------
Development is coordinated on the openssl-dev mailing list (see
http://www.openssl.org for information on subscribing). If you
- would like to submit a patch, send it to openssl-dev@openssl.org.
- Please be sure to include a textual explanation of what your patch
- does.
+ would like to submit a patch, send it to openssl-dev@openssl.org with
+ the string "[PATCH]" in the subject. Please be sure to include a
+ textual explanation of what your patch does.
The preferred format for changes is "diff -u" output. You might
generate it like this:
diff --git a/crypto/openssl/apps/CA.pl b/crypto/openssl/apps/CA.pl
index 7c023ae71f66..4eef57e6e391 100755
--- a/crypto/openssl/apps/CA.pl
+++ b/crypto/openssl/apps/CA.pl
@@ -41,6 +41,7 @@ $REQ="openssl req $SSLEAY_CONFIG";
$CA="openssl ca $SSLEAY_CONFIG";
$VERIFY="openssl verify";
$X509="openssl x509";
+$PKCS12="openssl pkcs12";
$CATOP="./demoCA";
$CAKEY="cakey.pem";
@@ -65,7 +66,7 @@ foreach (@ARGV) {
$RET=$?;
print "Request (and private key) is in newreq.pem\n";
} elsif (/^-newca$/) {
- # if explictly asked for or it doesn't exist then setup the
+ # if explicitly asked for or it doesn't exist then setup the
# directory structure that Eric likes to manage things
$NEW="1";
if ( "$NEW" || ! -f "${CATOP}/serial" ) {
@@ -99,6 +100,14 @@ foreach (@ARGV) {
$RET=$?;
}
}
+ } elsif (/^-pkcs12$/) {
+ my $cname = $ARGV[1];
+ $cname = "My Certificate" unless defined $cname;
+ system ("$PKCS12 -in newcert.pem -inkey newreq.pem " .
+ "-certfile ${CATOP}/$CACERT -out newcert.p12 " .
+ "-export -name \"$cname\"");
+ $RET=$?;
+ exit $RET;
} elsif (/^-xsign$/) {
system ("$CA -policy policy_anything -infiles newreq.pem");
$RET=$?;
diff --git a/crypto/openssl/apps/CA.pl.in b/crypto/openssl/apps/CA.pl.in
new file mode 100644
index 000000000000..4eef57e6e391
--- /dev/null
+++ b/crypto/openssl/apps/CA.pl.in
@@ -0,0 +1,162 @@
+#!/usr/local/bin/perl
+#
+# CA - wrapper around ca to make it easier to use ... basically ca requires
+# some setup stuff to be done before you can use it and this makes
+# things easier between now and when Eric is convinced to fix it :-)
+#
+# CA -newca ... will setup the right stuff
+# CA -newreq ... will generate a certificate request
+# CA -sign ... will sign the generated request and output
+#
+# At the end of that grab newreq.pem and newcert.pem (one has the key
+# and the other the certificate) and cat them together and that is what
+# you want/need ... I'll make even this a little cleaner later.
+#
+#
+# 12-Jan-96 tjh Added more things ... including CA -signcert which
+# converts a certificate to a request and then signs it.
+# 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG
+# environment variable so this can be driven from
+# a script.
+# 25-Jul-96 eay Cleaned up filenames some more.
+# 11-Jun-96 eay Fixed a few filename missmatches.
+# 03-May-96 eay Modified to use 'ssleay cmd' instead of 'cmd'.
+# 18-Apr-96 tjh Original hacking
+#
+# Tim Hudson
+# tjh@cryptsoft.com
+#
+
+# 27-Apr-98 snh Translation into perl, fix existing CA bug.
+#
+#
+# Steve Henson
+# shenson@bigfoot.com
+
+# default openssl.cnf file has setup as per the following
+# demoCA ... where everything is stored
+
+$DAYS="-days 365";
+$REQ="openssl req $SSLEAY_CONFIG";
+$CA="openssl ca $SSLEAY_CONFIG";
+$VERIFY="openssl verify";
+$X509="openssl x509";
+$PKCS12="openssl pkcs12";
+
+$CATOP="./demoCA";
+$CAKEY="cakey.pem";
+$CACERT="cacert.pem";
+
+$DIRMODE = 0777;
+
+$RET = 0;
+
+foreach (@ARGV) {
+ if ( /^(-\?|-h|-help)$/ ) {
+ print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n";
+ exit 0;
+ } elsif (/^-newcert$/) {
+ # create a certificate
+ system ("$REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS");
+ $RET=$?;
+ print "Certificate (and private key) is in newreq.pem\n"
+ } elsif (/^-newreq$/) {
+ # create a certificate request
+ system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS");
+ $RET=$?;
+ print "Request (and private key) is in newreq.pem\n";
+ } elsif (/^-newca$/) {
+ # if explicitly asked for or it doesn't exist then setup the
+ # directory structure that Eric likes to manage things
+ $NEW="1";
+ if ( "$NEW" || ! -f "${CATOP}/serial" ) {
+ # create the directory hierarchy
+ mkdir $CATOP, $DIRMODE;
+ mkdir "${CATOP}/certs", $DIRMODE;
+ mkdir "${CATOP}/crl", $DIRMODE ;
+ mkdir "${CATOP}/newcerts", $DIRMODE;
+ mkdir "${CATOP}/private", $DIRMODE;
+ open OUT, ">${CATOP}/serial";
+ print OUT "01\n";
+ close OUT;
+ open OUT, ">${CATOP}/index.txt";
+ close OUT;
+ }
+ if ( ! -f "${CATOP}/private/$CAKEY" ) {
+ print "CA certificate filename (or enter to create)\n";
+ $FILE = <STDIN>;
+
+ chop $FILE;
+
+ # ask user for existing CA certificate
+ if ($FILE) {
+ cp_pem($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
+ cp_pem($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
+ $RET=$?;
+ } else {
+ print "Making CA certificate ...\n";
+ system ("$REQ -new -x509 -keyout " .
+ "${CATOP}/private/$CAKEY -out ${CATOP}/$CACERT $DAYS");
+ $RET=$?;
+ }
+ }
+ } elsif (/^-pkcs12$/) {
+ my $cname = $ARGV[1];
+ $cname = "My Certificate" unless defined $cname;
+ system ("$PKCS12 -in newcert.pem -inkey newreq.pem " .
+ "-certfile ${CATOP}/$CACERT -out newcert.p12 " .
+ "-export -name \"$cname\"");
+ $RET=$?;
+ exit $RET;
+ } elsif (/^-xsign$/) {
+ system ("$CA -policy policy_anything -infiles newreq.pem");
+ $RET=$?;
+ } elsif (/^(-sign|-signreq)$/) {
+ system ("$CA -policy policy_anything -out newcert.pem " .
+ "-infiles newreq.pem");
+ $RET=$?;
+ print "Signed certificate is in newcert.pem\n";
+ } elsif (/^-signcert$/) {
+ system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " .
+ "-out tmp.pem");
+ system ("$CA -policy policy_anything -out newcert.pem " .
+ "-infiles tmp.pem");
+ $RET = $?;
+ print "Signed certificate is in newcert.pem\n";
+ } elsif (/^-verify$/) {
+ if (shift) {
+ foreach $j (@ARGV) {
+ system ("$VERIFY -CAfile $CATOP/$CACERT $j");
+ $RET=$? if ($? != 0);
+ }
+ exit $RET;
+ } else {
+ system ("$VERIFY -CAfile $CATOP/$CACERT newcert.pem");
+ $RET=$?;
+ exit 0;
+ }
+ } else {
+ print STDERR "Unknown arg $_\n";
+ print STDERR "usage: CA -newcert|-newreq|-newca|-sign|-verify\n";
+ exit 1;
+ }
+}
+
+exit $RET;
+
+sub cp_pem {
+my ($infile, $outfile, $bound) = @_;
+open IN, $infile;
+open OUT, ">$outfile";
+my $flag = 0;
+while (<IN>) {
+ $flag = 1 if (/^-----BEGIN.*$bound/) ;
+ print OUT $_ if ($flag);
+ if (/^-----END.*$bound/) {
+ close IN;
+ close OUT;
+ return;
+ }
+}
+}
+
diff --git a/crypto/openssl/apps/CA.sh b/crypto/openssl/apps/CA.sh
index 728f5bf4d84e..d9f3069fb2a6 100644
--- a/crypto/openssl/apps/CA.sh
+++ b/crypto/openssl/apps/CA.sh
@@ -60,7 +60,7 @@ case $i in
echo "Request (and private key) is in newreq.pem"
;;
-newca)
- # if explictly asked for or it doesn't exist then setup the directory
+ # if explicitly asked for or it doesn't exist then setup the directory
# structure that Eric likes to manage things
NEW="1"
if [ "$NEW" -o ! -f ${CATOP}/serial ]; then
diff --git a/crypto/openssl/apps/Makefile.save b/crypto/openssl/apps/Makefile.save
new file mode 100644
index 000000000000..b8d0b1b5dba4
--- /dev/null
+++ b/crypto/openssl/apps/Makefile.save
@@ -0,0 +1,818 @@
+#
+# apps/Makefile.ssl
+#
+
+DIR= apps
+TOP= ..
+CC= cc
+INCLUDES= -I../include
+CFLAG= -g -static
+INSTALL_PREFIX=
+INSTALLTOP= /usr/local/ssl
+OPENSSLDIR= /usr/local/ssl
+MAKE= make -f Makefile.ssl
+MAKEDEPEND= $(TOP)/util/domd $(TOP)
+MAKEFILE= Makefile.ssl
+PERL=/usr/local/bin/perl
+RM= rm -f
+
+PEX_LIBS=
+EX_LIBS=
+
+CFLAGS= -DMONOLITH $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile makeapps.com install.com
+
+DLIBCRYPTO=../libcrypto.a
+DLIBSSL=../libssl.a
+LIBCRYPTO=-L.. -lcrypto
+LIBSSL=-L.. -lssl
+
+PROGRAM= openssl
+
+SCRIPTS=CA.sh CA.pl der_chop
+
+EXE= $(PROGRAM)
+
+E_EXE= verify asn1pars req dgst dh dhparam enc passwd gendh errstr \
+ ca crl rsa dsa dsaparam \
+ x509 genrsa gendsa s_server s_client speed \
+ s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq pkcs12 \
+ pkcs8 spkac smime rand
+
+PROGS= $(PROGRAM).c
+
+A_OBJ=apps.o
+A_SRC=apps.c
+S_OBJ= s_cb.o s_socket.o
+S_SRC= s_cb.c s_socket.c
+RAND_OBJ=app_rand.o
+RAND_SRC=app_rand.c
+
+E_OBJ= verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o \
+ ca.o pkcs7.o crl2p7.o crl.o \
+ rsa.o dsa.o dsaparam.o \
+ x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \
+ s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \
+ ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o
+
+E_SRC= verify.c asn1pars.c req.c dgst.c dh.c enc.c passwd.c gendh.c errstr.c ca.c \
+ pkcs7.c crl2p7.c crl.c \
+ rsa.c dsa.c dsaparam.c \
+ x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \
+ s_time.c $(A_SRC) $(S_SRC) $(RAND_SRC) version.c sess_id.c \
+ ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c rand.c
+
+SRC=$(E_SRC)
+
+EXHEADER=
+HEADER= apps.h progs.h s_apps.h \
+ testdsa.h testrsa.h \
+ $(EXHEADER)
+
+ALL= $(GENERAL) $(SRC) $(HEADER)
+
+top:
+ @(cd ..; $(MAKE) DIRS=$(DIR) all)
+
+all: exe
+
+exe: $(EXE)
+
+req: sreq.o $(A_OBJ) $(DLIBCRYPTO)
+ $(CC) -o req $(CFLAG) sreq.o $(A_OBJ) $(RAND_OBJ) $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+
+sreq.o: req.c
+ $(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c
+
+files:
+ $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+install:
+ @for i in $(EXE); \
+ do \
+ (echo installing $$i; \
+ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \
+ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
+ done;
+ @for i in $(SCRIPTS); \
+ do \
+ (echo installing $$i; \
+ cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i; \
+ chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \
+ done
+ @cp openssl.cnf $(INSTALL_PREFIX)$(OPENSSLDIR); \
+ chmod 644 $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf
+
+tags:
+ ctags $(SRC)
+
+tests:
+
+links:
+ @$(TOP)/util/point.sh Makefile.ssl Makefile
+
+lint:
+ lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+ $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(SRC)
+
+dclean:
+ $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+ mv -f Makefile.new $(MAKEFILE)
+
+clean:
+ rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE)
+ rm -f req
+
+$(DLIBSSL):
+ (cd ../ssl; $(MAKE))
+
+$(DLIBCRYPTO):
+ (cd ../crypto; $(MAKE))
+
+$(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
+ $(RM) $(PROGRAM)
+ $(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
+ @(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; sh tools/c_rehash certs)
+
+progs.h: progs.pl
+ $(PERL) progs.pl $(E_EXE) >progs.h
+ $(RM) $(PROGRAM).o
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+app_rand.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+app_rand.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+app_rand.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+app_rand.o: ../include/openssl/crypto.h ../include/openssl/des.h
+app_rand.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+app_rand.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+app_rand.o: ../include/openssl/evp.h ../include/openssl/idea.h
+app_rand.o: ../include/openssl/md2.h ../include/openssl/md5.h
+app_rand.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+app_rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+app_rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+app_rand.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+app_rand.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+app_rand.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+app_rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
+app_rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+apps.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+apps.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+apps.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+apps.o: ../include/openssl/crypto.h ../include/openssl/des.h
+apps.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+apps.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+apps.o: ../include/openssl/evp.h ../include/openssl/idea.h
+apps.o: ../include/openssl/md2.h ../include/openssl/md5.h
+apps.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+apps.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+apps.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+apps.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+apps.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+apps.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+apps.o: ../include/openssl/stack.h ../include/openssl/x509.h
+apps.o: ../include/openssl/x509_vfy.h apps.h
+asn1pars.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+asn1pars.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+asn1pars.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+asn1pars.o: ../include/openssl/crypto.h ../include/openssl/des.h
+asn1pars.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+asn1pars.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+asn1pars.o: ../include/openssl/err.h ../include/openssl/evp.h
+asn1pars.o: ../include/openssl/idea.h ../include/openssl/md2.h
+asn1pars.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+asn1pars.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+asn1pars.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+asn1pars.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+asn1pars.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+asn1pars.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+asn1pars.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+asn1pars.o: ../include/openssl/sha.h ../include/openssl/stack.h
+asn1pars.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+ca.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ca.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ca.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ca.o: ../include/openssl/des.h ../include/openssl/dh.h ../include/openssl/dsa.h
+ca.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+ca.o: ../include/openssl/err.h ../include/openssl/evp.h
+ca.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+ca.o: ../include/openssl/md2.h ../include/openssl/md5.h
+ca.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+ca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ca.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+ca.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ca.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ca.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ca.o: ../include/openssl/stack.h ../include/openssl/txt_db.h
+ca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+ca.o: ../include/openssl/x509v3.h apps.h
+ciphers.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ciphers.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ciphers.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ciphers.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ciphers.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ciphers.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+ciphers.o: ../include/openssl/err.h ../include/openssl/evp.h
+ciphers.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+ciphers.o: ../include/openssl/md2.h ../include/openssl/md5.h
+ciphers.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+ciphers.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ciphers.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+ciphers.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ciphers.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ciphers.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ciphers.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ciphers.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ciphers.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+ciphers.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+crl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+crl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+crl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+crl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+crl.o: ../include/openssl/des.h ../include/openssl/dh.h
+crl.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+crl.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+crl.o: ../include/openssl/evp.h ../include/openssl/idea.h
+crl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+crl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+crl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+crl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+crl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+crl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+crl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+crl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+crl.o: ../include/openssl/sha.h ../include/openssl/stack.h
+crl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+crl.o: ../include/openssl/x509v3.h apps.h
+crl2p7.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+crl2p7.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+crl2p7.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+crl2p7.o: ../include/openssl/crypto.h ../include/openssl/des.h
+crl2p7.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+crl2p7.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+crl2p7.o: ../include/openssl/err.h ../include/openssl/evp.h
+crl2p7.o: ../include/openssl/idea.h ../include/openssl/md2.h
+crl2p7.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+crl2p7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+crl2p7.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+crl2p7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+crl2p7.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+crl2p7.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+crl2p7.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+crl2p7.o: ../include/openssl/sha.h ../include/openssl/stack.h
+crl2p7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+dgst.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+dgst.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+dgst.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+dgst.o: ../include/openssl/crypto.h ../include/openssl/des.h
+dgst.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+dgst.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+dgst.o: ../include/openssl/err.h ../include/openssl/evp.h
+dgst.o: ../include/openssl/idea.h ../include/openssl/md2.h
+dgst.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+dgst.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+dgst.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dgst.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+dgst.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+dgst.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+dgst.o: ../include/openssl/sha.h ../include/openssl/stack.h
+dgst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+dh.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+dh.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+dh.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+dh.o: ../include/openssl/crypto.h ../include/openssl/des.h
+dh.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+dh.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+dh.o: ../include/openssl/err.h ../include/openssl/evp.h
+dh.o: ../include/openssl/idea.h ../include/openssl/md2.h
+dh.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+dh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+dh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+dh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+dh.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+dh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+dh.o: ../include/openssl/sha.h ../include/openssl/stack.h
+dh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+dsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+dsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+dsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+dsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+dsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+dsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+dsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+dsa.o: ../include/openssl/idea.h ../include/openssl/md2.h
+dsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+dsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+dsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+dsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+dsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+dsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+dsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
+dsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+dsaparam.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+dsaparam.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+dsaparam.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+dsaparam.o: ../include/openssl/crypto.h ../include/openssl/des.h
+dsaparam.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+dsaparam.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+dsaparam.o: ../include/openssl/err.h ../include/openssl/evp.h
+dsaparam.o: ../include/openssl/idea.h ../include/openssl/md2.h
+dsaparam.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+dsaparam.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dsaparam.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+dsaparam.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+dsaparam.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+dsaparam.o: ../include/openssl/sha.h ../include/openssl/stack.h
+dsaparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+enc.o: ../include/openssl/crypto.h ../include/openssl/des.h
+enc.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+enc.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+enc.o: ../include/openssl/err.h ../include/openssl/evp.h
+enc.o: ../include/openssl/idea.h ../include/openssl/md2.h
+enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+enc.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+enc.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+enc.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+enc.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+enc.o: ../include/openssl/stack.h ../include/openssl/x509.h
+enc.o: ../include/openssl/x509_vfy.h apps.h
+errstr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+errstr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+errstr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+errstr.o: ../include/openssl/crypto.h ../include/openssl/des.h
+errstr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+errstr.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+errstr.o: ../include/openssl/err.h ../include/openssl/evp.h
+errstr.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+errstr.o: ../include/openssl/md2.h ../include/openssl/md5.h
+errstr.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+errstr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+errstr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+errstr.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+errstr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+errstr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+errstr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+errstr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+errstr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+errstr.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+errstr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+gendh.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+gendh.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+gendh.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+gendh.o: ../include/openssl/crypto.h ../include/openssl/des.h
+gendh.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+gendh.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+gendh.o: ../include/openssl/err.h ../include/openssl/evp.h
+gendh.o: ../include/openssl/idea.h ../include/openssl/md2.h
+gendh.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+gendh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+gendh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+gendh.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+gendh.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+gendh.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+gendh.o: ../include/openssl/stack.h ../include/openssl/x509.h
+gendh.o: ../include/openssl/x509_vfy.h apps.h
+gendsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+gendsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+gendsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+gendsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+gendsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+gendsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+gendsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+gendsa.o: ../include/openssl/idea.h ../include/openssl/md2.h
+gendsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+gendsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+gendsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+gendsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+gendsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+gendsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+gendsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
+gendsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+genrsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+genrsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+genrsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+genrsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+genrsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+genrsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+genrsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+genrsa.o: ../include/openssl/idea.h ../include/openssl/md2.h
+genrsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+genrsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+genrsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+genrsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+genrsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+genrsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+genrsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
+genrsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+nseq.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+nseq.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+nseq.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+nseq.o: ../include/openssl/crypto.h ../include/openssl/des.h
+nseq.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+nseq.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+nseq.o: ../include/openssl/err.h ../include/openssl/evp.h
+nseq.o: ../include/openssl/idea.h ../include/openssl/md2.h
+nseq.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+nseq.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+nseq.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+nseq.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+nseq.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+nseq.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+nseq.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+nseq.o: ../include/openssl/sha.h ../include/openssl/stack.h
+nseq.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+openssl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+openssl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+openssl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+openssl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+openssl.o: ../include/openssl/des.h ../include/openssl/dh.h
+openssl.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+openssl.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+openssl.o: ../include/openssl/evp.h ../include/openssl/idea.h
+openssl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+openssl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+openssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+openssl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+openssl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+openssl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+openssl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+openssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+openssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+openssl.o: ../include/openssl/x509_vfy.h apps.h progs.h s_apps.h
+passwd.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+passwd.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+passwd.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+passwd.o: ../include/openssl/crypto.h ../include/openssl/des.h
+passwd.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+passwd.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+passwd.o: ../include/openssl/err.h ../include/openssl/evp.h
+passwd.o: ../include/openssl/idea.h ../include/openssl/md2.h
+passwd.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+passwd.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+passwd.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
+passwd.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+passwd.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+passwd.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+passwd.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+passwd.o: ../include/openssl/stack.h ../include/openssl/x509.h
+passwd.o: ../include/openssl/x509_vfy.h apps.h
+pkcs12.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+pkcs12.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+pkcs12.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+pkcs12.o: ../include/openssl/crypto.h ../include/openssl/des.h
+pkcs12.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+pkcs12.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+pkcs12.o: ../include/openssl/err.h ../include/openssl/evp.h
+pkcs12.o: ../include/openssl/idea.h ../include/openssl/md2.h
+pkcs12.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+pkcs12.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+pkcs12.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
+pkcs12.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+pkcs12.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+pkcs12.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+pkcs12.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+pkcs12.o: ../include/openssl/stack.h ../include/openssl/x509.h
+pkcs12.o: ../include/openssl/x509_vfy.h apps.h
+pkcs7.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+pkcs7.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+pkcs7.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+pkcs7.o: ../include/openssl/crypto.h ../include/openssl/des.h
+pkcs7.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+pkcs7.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+pkcs7.o: ../include/openssl/err.h ../include/openssl/evp.h
+pkcs7.o: ../include/openssl/idea.h ../include/openssl/md2.h
+pkcs7.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+pkcs7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+pkcs7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+pkcs7.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+pkcs7.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+pkcs7.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+pkcs7.o: ../include/openssl/sha.h ../include/openssl/stack.h
+pkcs7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+pkcs8.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+pkcs8.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+pkcs8.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+pkcs8.o: ../include/openssl/crypto.h ../include/openssl/des.h
+pkcs8.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+pkcs8.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+pkcs8.o: ../include/openssl/err.h ../include/openssl/evp.h
+pkcs8.o: ../include/openssl/idea.h ../include/openssl/md2.h
+pkcs8.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+pkcs8.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+pkcs8.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
+pkcs8.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+pkcs8.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+pkcs8.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+pkcs8.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+pkcs8.o: ../include/openssl/stack.h ../include/openssl/x509.h
+pkcs8.o: ../include/openssl/x509_vfy.h apps.h
+rand.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+rand.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+rand.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+rand.o: ../include/openssl/crypto.h ../include/openssl/des.h
+rand.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+rand.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+rand.o: ../include/openssl/err.h ../include/openssl/evp.h
+rand.o: ../include/openssl/idea.h ../include/openssl/md2.h
+rand.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+rand.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
+rand.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+rand.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+rand.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+rand.o: ../include/openssl/stack.h ../include/openssl/x509.h
+rand.o: ../include/openssl/x509_vfy.h apps.h
+req.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+req.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+req.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+req.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+req.o: ../include/openssl/des.h ../include/openssl/dh.h
+req.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+req.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+req.o: ../include/openssl/evp.h ../include/openssl/idea.h
+req.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+req.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+req.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+req.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+req.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+req.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+req.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+req.o: ../include/openssl/sha.h ../include/openssl/stack.h
+req.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+req.o: ../include/openssl/x509v3.h apps.h
+rsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+rsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+rsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+rsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+rsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+rsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+rsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+rsa.o: ../include/openssl/idea.h ../include/openssl/md2.h
+rsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+rsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+rsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+rsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+rsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+rsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
+rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+s_cb.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s_cb.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s_cb.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s_cb.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s_cb.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s_cb.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+s_cb.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_cb.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+s_cb.o: ../include/openssl/md2.h ../include/openssl/md5.h
+s_cb.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+s_cb.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_cb.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_cb.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+s_cb.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s_cb.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s_cb.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s_cb.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s_cb.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s_cb.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+s_cb.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h s_apps.h
+s_client.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s_client.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s_client.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s_client.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s_client.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s_client.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+s_client.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_client.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+s_client.o: ../include/openssl/md2.h ../include/openssl/md5.h
+s_client.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_client.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+s_client.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s_client.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s_client.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s_client.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s_client.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s_client.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+s_client.o: s_apps.h
+s_server.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s_server.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s_server.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s_server.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s_server.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s_server.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+s_server.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_server.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+s_server.o: ../include/openssl/md2.h ../include/openssl/md5.h
+s_server.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_server.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+s_server.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s_server.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s_server.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s_server.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+s_server.o: s_apps.h
+s_socket.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s_socket.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s_socket.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s_socket.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s_socket.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s_socket.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+s_socket.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s_socket.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s_socket.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s_socket.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s_socket.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s_socket.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s_socket.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s_socket.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s_socket.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s_socket.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s_socket.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s_socket.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s_socket.o: ../include/openssl/x509_vfy.h apps.h s_apps.h
+s_time.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s_time.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s_time.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s_time.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s_time.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s_time.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+s_time.o: ../include/openssl/err.h ../include/openssl/evp.h
+s_time.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+s_time.o: ../include/openssl/md2.h ../include/openssl/md5.h
+s_time.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+s_time.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_time.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_time.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+s_time.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s_time.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s_time.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s_time.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s_time.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s_time.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+s_time.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+s_time.o: s_apps.h
+sess_id.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+sess_id.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+sess_id.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+sess_id.o: ../include/openssl/crypto.h ../include/openssl/des.h
+sess_id.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+sess_id.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+sess_id.o: ../include/openssl/err.h ../include/openssl/evp.h
+sess_id.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+sess_id.o: ../include/openssl/md2.h ../include/openssl/md5.h
+sess_id.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+sess_id.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+sess_id.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+sess_id.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+sess_id.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+sess_id.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+sess_id.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+sess_id.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+sess_id.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+sess_id.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+sess_id.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+smime.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+smime.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+smime.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+smime.o: ../include/openssl/crypto.h ../include/openssl/des.h
+smime.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+smime.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+smime.o: ../include/openssl/err.h ../include/openssl/evp.h
+smime.o: ../include/openssl/idea.h ../include/openssl/md2.h
+smime.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+smime.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+smime.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+smime.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+smime.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+smime.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+smime.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+smime.o: ../include/openssl/sha.h ../include/openssl/stack.h
+smime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+speed.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+speed.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+speed.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+speed.o: ../include/openssl/crypto.h ../include/openssl/des.h
+speed.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+speed.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+speed.o: ../include/openssl/err.h ../include/openssl/evp.h
+speed.o: ../include/openssl/hmac.h ../include/openssl/idea.h
+speed.o: ../include/openssl/md2.h ../include/openssl/md5.h
+speed.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+speed.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+speed.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+speed.o: ../include/openssl/sha.h ../include/openssl/stack.h
+speed.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ./testdsa.h
+speed.o: ./testrsa.h apps.h
+spkac.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+spkac.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+spkac.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+spkac.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+spkac.o: ../include/openssl/des.h ../include/openssl/dh.h
+spkac.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+spkac.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+spkac.o: ../include/openssl/evp.h ../include/openssl/idea.h
+spkac.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+spkac.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+spkac.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+spkac.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+spkac.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+spkac.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+spkac.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+spkac.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+spkac.o: ../include/openssl/sha.h ../include/openssl/stack.h
+spkac.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+verify.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+verify.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+verify.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+verify.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+verify.o: ../include/openssl/des.h ../include/openssl/dh.h
+verify.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+verify.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+verify.o: ../include/openssl/evp.h ../include/openssl/idea.h
+verify.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+verify.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+verify.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+verify.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+verify.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+verify.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+verify.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+verify.o: ../include/openssl/sha.h ../include/openssl/stack.h
+verify.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+verify.o: ../include/openssl/x509v3.h apps.h
+version.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+version.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+version.o: ../include/openssl/crypto.h ../include/openssl/des.h
+version.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+version.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+version.o: ../include/openssl/evp.h ../include/openssl/idea.h
+version.o: ../include/openssl/md2.h ../include/openssl/md5.h
+version.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+version.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+version.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+version.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+version.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+version.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+version.o: ../include/openssl/stack.h ../include/openssl/x509.h
+version.o: ../include/openssl/x509_vfy.h apps.h
+x509.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+x509.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+x509.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+x509.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+x509.o: ../include/openssl/des.h ../include/openssl/dh.h
+x509.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+x509.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+x509.o: ../include/openssl/evp.h ../include/openssl/idea.h
+x509.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+x509.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+x509.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+x509.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+x509.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+x509.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+x509.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+x509.o: ../include/openssl/sha.h ../include/openssl/stack.h
+x509.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+x509.o: ../include/openssl/x509v3.h apps.h
diff --git a/crypto/openssl/apps/Makefile.ssl b/crypto/openssl/apps/Makefile.ssl
index 8363ec901823..b8d0b1b5dba4 100644
--- a/crypto/openssl/apps/Makefile.ssl
+++ b/crypto/openssl/apps/Makefile.ssl
@@ -13,6 +13,7 @@ OPENSSLDIR= /usr/local/ssl
MAKE= make -f Makefile.ssl
MAKEDEPEND= $(TOP)/util/domd $(TOP)
MAKEFILE= Makefile.ssl
+PERL=/usr/local/bin/perl
RM= rm -f
PEX_LIBS=
@@ -33,11 +34,11 @@ SCRIPTS=CA.sh CA.pl der_chop
EXE= $(PROGRAM)
-E_EXE= verify asn1pars req dgst dh enc gendh errstr ca crl \
- rsa dsa dsaparam \
+E_EXE= verify asn1pars req dgst dh dhparam enc passwd gendh errstr \
+ ca crl rsa dsa dsaparam \
x509 genrsa gendsa s_server s_client speed \
s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq pkcs12 \
- pkcs8
+ pkcs8 spkac smime rand
PROGS= $(PROGRAM).c
@@ -45,24 +46,22 @@ A_OBJ=apps.o
A_SRC=apps.c
S_OBJ= s_cb.o s_socket.o
S_SRC= s_cb.c s_socket.c
+RAND_OBJ=app_rand.o
+RAND_SRC=app_rand.c
-E_OBJ= verify.o asn1pars.o req.o dgst.o dh.o enc.o gendh.o errstr.o ca.o \
- pkcs7.o crl2p7.o crl.o \
+E_OBJ= verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o \
+ ca.o pkcs7.o crl2p7.o crl.o \
rsa.o dsa.o dsaparam.o \
x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \
- s_time.o $(A_OBJ) $(S_OBJ) version.o sess_id.o \
- ciphers.o nseq.o pkcs12.o pkcs8.o
+ s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \
+ ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o
-# pem_mail.o
-
-E_SRC= verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c \
+E_SRC= verify.c asn1pars.c req.c dgst.c dh.c enc.c passwd.c gendh.c errstr.c ca.c \
pkcs7.c crl2p7.c crl.c \
rsa.c dsa.c dsaparam.c \
x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \
- s_time.c $(A_SRC) $(S_SRC) version.c sess_id.c \
- ciphers.c nseq.c pkcs12.c pkcs8.c
-
-# pem_mail.c
+ s_time.c $(A_SRC) $(S_SRC) $(RAND_SRC) version.c sess_id.c \
+ ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c rand.c
SRC=$(E_SRC)
@@ -81,7 +80,7 @@ all: exe
exe: $(EXE)
req: sreq.o $(A_OBJ) $(DLIBCRYPTO)
- $(CC) -o req $(CFLAG) sreq.o $(A_OBJ) $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+ $(CC) -o req $(CFLAG) sreq.o $(A_OBJ) $(RAND_OBJ) $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
sreq.o: req.c
$(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c
@@ -138,16 +137,44 @@ $(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
$(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
@(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; sh tools/c_rehash certs)
-progs.h:
- $(PERL) ./progs.pl $(E_EXE) >progs.h
+progs.h: progs.pl
+ $(PERL) progs.pl $(E_EXE) >progs.h
$(RM) $(PROGRAM).o
# DO NOT DELETE THIS LINE -- make depend depends on it.
-apps.o: ../include/openssl/bio.h ../include/openssl/buffer.h
-apps.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
-apps.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
-apps.o: ../include/openssl/opensslv.h ../include/openssl/stack.h apps.h progs.h
+app_rand.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+app_rand.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+app_rand.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+app_rand.o: ../include/openssl/crypto.h ../include/openssl/des.h
+app_rand.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+app_rand.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+app_rand.o: ../include/openssl/evp.h ../include/openssl/idea.h
+app_rand.o: ../include/openssl/md2.h ../include/openssl/md5.h
+app_rand.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+app_rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+app_rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+app_rand.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+app_rand.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+app_rand.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+app_rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
+app_rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+apps.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+apps.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+apps.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+apps.o: ../include/openssl/crypto.h ../include/openssl/des.h
+apps.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+apps.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+apps.o: ../include/openssl/evp.h ../include/openssl/idea.h
+apps.o: ../include/openssl/md2.h ../include/openssl/md5.h
+apps.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+apps.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+apps.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+apps.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+apps.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+apps.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+apps.o: ../include/openssl/stack.h ../include/openssl/x509.h
+apps.o: ../include/openssl/x509_vfy.h apps.h
asn1pars.o: ../include/openssl/asn1.h ../include/openssl/bio.h
asn1pars.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
asn1pars.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -165,7 +192,6 @@ asn1pars.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
asn1pars.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
asn1pars.o: ../include/openssl/sha.h ../include/openssl/stack.h
asn1pars.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-asn1pars.o: progs.h
ca.o: ../include/openssl/asn1.h ../include/openssl/bio.h
ca.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
ca.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -184,7 +210,7 @@ ca.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
ca.o: ../include/openssl/safestack.h ../include/openssl/sha.h
ca.o: ../include/openssl/stack.h ../include/openssl/txt_db.h
ca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-ca.o: ../include/openssl/x509v3.h apps.h progs.h
+ca.o: ../include/openssl/x509v3.h apps.h
ciphers.o: ../include/openssl/asn1.h ../include/openssl/bio.h
ciphers.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
ciphers.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -205,7 +231,6 @@ ciphers.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
ciphers.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
ciphers.o: ../include/openssl/stack.h ../include/openssl/tls1.h
ciphers.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-ciphers.o: progs.h
crl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
crl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
crl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -224,7 +249,7 @@ crl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
crl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
crl.o: ../include/openssl/sha.h ../include/openssl/stack.h
crl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-crl.o: ../include/openssl/x509v3.h apps.h progs.h
+crl.o: ../include/openssl/x509v3.h apps.h
crl2p7.o: ../include/openssl/asn1.h ../include/openssl/bio.h
crl2p7.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
crl2p7.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -242,7 +267,6 @@ crl2p7.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
crl2p7.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
crl2p7.o: ../include/openssl/sha.h ../include/openssl/stack.h
crl2p7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-crl2p7.o: progs.h
dgst.o: ../include/openssl/asn1.h ../include/openssl/bio.h
dgst.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
dgst.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -259,7 +283,7 @@ dgst.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
dgst.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
dgst.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
dgst.o: ../include/openssl/sha.h ../include/openssl/stack.h
-dgst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
+dgst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
dh.o: ../include/openssl/asn1.h ../include/openssl/bio.h
dh.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
dh.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -276,7 +300,7 @@ dh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
dh.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
dh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
dh.o: ../include/openssl/sha.h ../include/openssl/stack.h
-dh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
+dh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
dsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
dsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
dsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -293,7 +317,7 @@ dsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
dsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
dsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
dsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
-dsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
+dsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
dsaparam.o: ../include/openssl/asn1.h ../include/openssl/bio.h
dsaparam.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
dsaparam.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -306,12 +330,11 @@ dsaparam.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
dsaparam.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-dsaparam.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-dsaparam.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-dsaparam.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-dsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-dsaparam.o: ../include/openssl/stack.h ../include/openssl/x509.h
-dsaparam.o: ../include/openssl/x509_vfy.h apps.h progs.h
+dsaparam.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+dsaparam.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+dsaparam.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+dsaparam.o: ../include/openssl/sha.h ../include/openssl/stack.h
+dsaparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h
enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -324,11 +347,12 @@ enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
enc.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-enc.o: ../include/openssl/sha.h ../include/openssl/stack.h
-enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
+enc.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+enc.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+enc.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+enc.o: ../include/openssl/stack.h ../include/openssl/x509.h
+enc.o: ../include/openssl/x509_vfy.h apps.h
errstr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
errstr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
errstr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -349,7 +373,6 @@ errstr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
errstr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
errstr.o: ../include/openssl/stack.h ../include/openssl/tls1.h
errstr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-errstr.o: progs.h
gendh.o: ../include/openssl/asn1.h ../include/openssl/bio.h
gendh.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
gendh.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -367,7 +390,7 @@ gendh.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
gendh.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
gendh.o: ../include/openssl/stack.h ../include/openssl/x509.h
-gendh.o: ../include/openssl/x509_vfy.h apps.h progs.h
+gendh.o: ../include/openssl/x509_vfy.h apps.h
gendsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
gendsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
gendsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -380,12 +403,11 @@ gendsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
gendsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
gendsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-gendsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-gendsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-gendsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-gendsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-gendsa.o: ../include/openssl/stack.h ../include/openssl/x509.h
-gendsa.o: ../include/openssl/x509_vfy.h apps.h progs.h
+gendsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+gendsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+gendsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+gendsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
+gendsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
genrsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
genrsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
genrsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -398,12 +420,11 @@ genrsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
genrsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
genrsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-genrsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-genrsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-genrsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-genrsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-genrsa.o: ../include/openssl/stack.h ../include/openssl/x509.h
-genrsa.o: ../include/openssl/x509_vfy.h apps.h progs.h
+genrsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+genrsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+genrsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+genrsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
+genrsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
nseq.o: ../include/openssl/asn1.h ../include/openssl/bio.h
nseq.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
nseq.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -420,7 +441,7 @@ nseq.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
nseq.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
nseq.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
nseq.o: ../include/openssl/sha.h ../include/openssl/stack.h
-nseq.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
+nseq.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
openssl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
openssl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
openssl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -442,6 +463,23 @@ openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
openssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h
openssl.o: ../include/openssl/x509_vfy.h apps.h progs.h s_apps.h
+passwd.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+passwd.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+passwd.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+passwd.o: ../include/openssl/crypto.h ../include/openssl/des.h
+passwd.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+passwd.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+passwd.o: ../include/openssl/err.h ../include/openssl/evp.h
+passwd.o: ../include/openssl/idea.h ../include/openssl/md2.h
+passwd.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+passwd.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+passwd.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
+passwd.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+passwd.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+passwd.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+passwd.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+passwd.o: ../include/openssl/stack.h ../include/openssl/x509.h
+passwd.o: ../include/openssl/x509_vfy.h apps.h
pkcs12.o: ../include/openssl/asn1.h ../include/openssl/bio.h
pkcs12.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
pkcs12.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -459,7 +497,7 @@ pkcs12.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
pkcs12.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
pkcs12.o: ../include/openssl/safestack.h ../include/openssl/sha.h
pkcs12.o: ../include/openssl/stack.h ../include/openssl/x509.h
-pkcs12.o: ../include/openssl/x509_vfy.h apps.h progs.h
+pkcs12.o: ../include/openssl/x509_vfy.h apps.h
pkcs7.o: ../include/openssl/asn1.h ../include/openssl/bio.h
pkcs7.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
pkcs7.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -476,7 +514,7 @@ pkcs7.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
pkcs7.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
pkcs7.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
pkcs7.o: ../include/openssl/sha.h ../include/openssl/stack.h
-pkcs7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
+pkcs7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
pkcs8.o: ../include/openssl/asn1.h ../include/openssl/bio.h
pkcs8.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
pkcs8.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -494,7 +532,24 @@ pkcs8.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
pkcs8.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
pkcs8.o: ../include/openssl/safestack.h ../include/openssl/sha.h
pkcs8.o: ../include/openssl/stack.h ../include/openssl/x509.h
-pkcs8.o: ../include/openssl/x509_vfy.h apps.h progs.h
+pkcs8.o: ../include/openssl/x509_vfy.h apps.h
+rand.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+rand.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+rand.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+rand.o: ../include/openssl/crypto.h ../include/openssl/des.h
+rand.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+rand.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+rand.o: ../include/openssl/err.h ../include/openssl/evp.h
+rand.o: ../include/openssl/idea.h ../include/openssl/md2.h
+rand.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+rand.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
+rand.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+rand.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+rand.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+rand.o: ../include/openssl/stack.h ../include/openssl/x509.h
+rand.o: ../include/openssl/x509_vfy.h apps.h
req.o: ../include/openssl/asn1.h ../include/openssl/bio.h
req.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
req.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -508,12 +563,12 @@ req.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
req.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
req.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-req.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-req.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-req.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-req.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-req.o: ../include/openssl/stack.h ../include/openssl/x509.h
-req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h progs.h
+req.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+req.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+req.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+req.o: ../include/openssl/sha.h ../include/openssl/stack.h
+req.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+req.o: ../include/openssl/x509v3.h apps.h
rsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
rsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
rsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -530,7 +585,7 @@ rsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
rsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
rsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
-rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
+rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
s_cb.o: ../include/openssl/asn1.h ../include/openssl/bio.h
s_cb.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
s_cb.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -550,8 +605,7 @@ s_cb.o: ../include/openssl/safestack.h ../include/openssl/sha.h
s_cb.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
s_cb.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
s_cb.o: ../include/openssl/stack.h ../include/openssl/tls1.h
-s_cb.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h progs.h
-s_cb.o: s_apps.h
+s_cb.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h s_apps.h
s_client.o: ../include/openssl/asn1.h ../include/openssl/bio.h
s_client.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
s_client.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -572,7 +626,7 @@ s_client.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
s_client.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
s_client.o: ../include/openssl/stack.h ../include/openssl/tls1.h
s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-s_client.o: progs.h s_apps.h
+s_client.o: s_apps.h
s_server.o: ../include/openssl/asn1.h ../include/openssl/bio.h
s_server.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
s_server.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -593,7 +647,7 @@ s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
s_server.o: ../include/openssl/stack.h ../include/openssl/tls1.h
s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-s_server.o: progs.h s_apps.h
+s_server.o: s_apps.h
s_socket.o: ../include/openssl/asn1.h ../include/openssl/bio.h
s_socket.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
s_socket.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -613,7 +667,7 @@ s_socket.o: ../include/openssl/sha.h ../include/openssl/ssl.h
s_socket.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
s_socket.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
s_socket.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s_socket.o: ../include/openssl/x509_vfy.h apps.h progs.h s_apps.h
+s_socket.o: ../include/openssl/x509_vfy.h apps.h s_apps.h
s_time.o: ../include/openssl/asn1.h ../include/openssl/bio.h
s_time.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
s_time.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -634,7 +688,7 @@ s_time.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
s_time.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
s_time.o: ../include/openssl/stack.h ../include/openssl/tls1.h
s_time.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-s_time.o: progs.h s_apps.h
+s_time.o: s_apps.h
sess_id.o: ../include/openssl/asn1.h ../include/openssl/bio.h
sess_id.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
sess_id.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -655,7 +709,23 @@ sess_id.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
sess_id.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
sess_id.o: ../include/openssl/stack.h ../include/openssl/tls1.h
sess_id.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-sess_id.o: progs.h
+smime.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+smime.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+smime.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+smime.o: ../include/openssl/crypto.h ../include/openssl/des.h
+smime.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+smime.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+smime.o: ../include/openssl/err.h ../include/openssl/evp.h
+smime.o: ../include/openssl/idea.h ../include/openssl/md2.h
+smime.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+smime.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+smime.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+smime.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+smime.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+smime.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+smime.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+smime.o: ../include/openssl/sha.h ../include/openssl/stack.h
+smime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
speed.o: ../include/openssl/asn1.h ../include/openssl/bio.h
speed.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
speed.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -673,15 +743,34 @@ speed.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
speed.o: ../include/openssl/sha.h ../include/openssl/stack.h
speed.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ./testdsa.h
-speed.o: ./testrsa.h apps.h progs.h
+speed.o: ./testrsa.h apps.h
+spkac.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+spkac.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+spkac.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+spkac.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+spkac.o: ../include/openssl/des.h ../include/openssl/dh.h
+spkac.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+spkac.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+spkac.o: ../include/openssl/evp.h ../include/openssl/idea.h
+spkac.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+spkac.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+spkac.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+spkac.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+spkac.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+spkac.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+spkac.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+spkac.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+spkac.o: ../include/openssl/sha.h ../include/openssl/stack.h
+spkac.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
verify.o: ../include/openssl/asn1.h ../include/openssl/bio.h
verify.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
verify.o: ../include/openssl/buffer.h ../include/openssl/cast.h
-verify.o: ../include/openssl/crypto.h ../include/openssl/des.h
-verify.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-verify.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
-verify.o: ../include/openssl/err.h ../include/openssl/evp.h
-verify.o: ../include/openssl/idea.h ../include/openssl/md2.h
+verify.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+verify.o: ../include/openssl/des.h ../include/openssl/dh.h
+verify.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+verify.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+verify.o: ../include/openssl/evp.h ../include/openssl/idea.h
+verify.o: ../include/openssl/lhash.h ../include/openssl/md2.h
verify.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
verify.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
verify.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
@@ -690,8 +779,8 @@ verify.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
verify.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
verify.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
verify.o: ../include/openssl/sha.h ../include/openssl/stack.h
-verify.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-verify.o: progs.h
+verify.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+verify.o: ../include/openssl/x509v3.h apps.h
version.o: ../include/openssl/asn1.h ../include/openssl/bio.h
version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
version.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -702,10 +791,12 @@ version.o: ../include/openssl/evp.h ../include/openssl/idea.h
version.o: ../include/openssl/md2.h ../include/openssl/md5.h
version.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
version.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-version.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-version.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-version.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-version.o: ../include/openssl/sha.h ../include/openssl/stack.h apps.h progs.h
+version.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+version.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+version.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+version.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+version.o: ../include/openssl/stack.h ../include/openssl/x509.h
+version.o: ../include/openssl/x509_vfy.h apps.h
x509.o: ../include/openssl/asn1.h ../include/openssl/bio.h
x509.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
x509.o: ../include/openssl/buffer.h ../include/openssl/cast.h
@@ -724,4 +815,4 @@ x509.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
x509.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
x509.o: ../include/openssl/sha.h ../include/openssl/stack.h
x509.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-x509.o: ../include/openssl/x509v3.h apps.h progs.h
+x509.o: ../include/openssl/x509v3.h apps.h
diff --git a/crypto/openssl/apps/app_rand.c b/crypto/openssl/apps/app_rand.c
new file mode 100644
index 000000000000..1146f9f7f38a
--- /dev/null
+++ b/crypto/openssl/apps/app_rand.c
@@ -0,0 +1,213 @@
+/* apps/app_rand.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#define NON_MAIN
+#include "apps.h"
+#undef NON_MAIN
+#include <openssl/bio.h>
+#include <openssl/rand.h>
+
+
+static int seeded = 0;
+static int egdsocket = 0;
+
+int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
+ {
+ int consider_randfile = (file == NULL);
+ char buffer[200];
+
+#ifdef WINDOWS
+ BIO_printf(bio_e,"Loading 'screen' into random state -");
+ BIO_flush(bio_e);
+ RAND_screen();
+ BIO_printf(bio_e," done\n");
+#endif
+
+ if (file == NULL)
+ file = RAND_file_name(buffer, sizeof buffer);
+ else if (RAND_egd(file) > 0)
+ {
+ /* we try if the given filename is an EGD socket.
+ if it is, we don't write anything back to the file. */
+ egdsocket = 1;
+ return 1;
+ }
+ if (file == NULL || !RAND_load_file(file, -1))
+ {
+ if (RAND_status() == 0 && !dont_warn)
+ {
+ BIO_printf(bio_e,"unable to load 'random state'\n");
+ BIO_printf(bio_e,"This means that the random number generator has not been seeded\n");
+ BIO_printf(bio_e,"with much random data.\n");
+ if (consider_randfile) /* explanation does not apply when a file is explicitly named */
+ {
+ BIO_printf(bio_e,"Consider setting the RANDFILE environment variable to point at a file that\n");
+ BIO_printf(bio_e,"'random' data can be kept in (the file will be overwritten).\n");
+ }
+ }
+ return 0;
+ }
+ seeded = 1;
+ return 1;
+ }
+
+long app_RAND_load_files(char *name)
+ {
+ char *p,*n;
+ int last;
+ long tot=0;
+ int egd;
+
+ for (;;)
+ {
+ last=0;
+ for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++);
+ if (*p == '\0') last=1;
+ *p='\0';
+ n=name;
+ name=p+1;
+ if (*n == '\0') break;
+
+ egd=RAND_egd(n);
+ if (egd > 0) tot+=egd;
+ tot+=RAND_load_file(n,-1);
+ if (last) break;
+ }
+ if (tot > 512)
+ app_RAND_allow_write_file();
+ return(tot);
+ }
+
+int app_RAND_write_file(const char *file, BIO *bio_e)
+ {
+ char buffer[200];
+
+ if (egdsocket || !seeded)
+ /* If we did not manage to read the seed file,
+ * we should not write a low-entropy seed file back --
+ * it would suppress a crucial warning the next time
+ * we want to use it. */
+ return 0;
+
+ if (file == NULL)
+ file = RAND_file_name(buffer, sizeof buffer);
+ if (file == NULL || !RAND_write_file(file))
+ {
+ BIO_printf(bio_e,"unable to write 'random state'\n");
+ return 0;
+ }
+ return 1;
+ }
+
+void app_RAND_allow_write_file(void)
+ {
+ seeded = 1;
+ }
diff --git a/crypto/openssl/apps/apps.c b/crypto/openssl/apps/apps.c
index 8fb5e8aaa736..a87d23bf3312 100644
--- a/crypto/openssl/apps/apps.c
+++ b/crypto/openssl/apps/apps.c
@@ -324,3 +324,93 @@ int app_init(long mesgwin)
return(1);
}
#endif
+
+
+int dump_cert_text (BIO *out, X509 *x)
+{
+ char buf[256];
+ X509_NAME_oneline(X509_get_subject_name(x),buf,256);
+ BIO_puts(out,"subject=");
+ BIO_puts(out,buf);
+
+ X509_NAME_oneline(X509_get_issuer_name(x),buf,256);
+ BIO_puts(out,"\nissuer= ");
+ BIO_puts(out,buf);
+ BIO_puts(out,"\n");
+ return 0;
+}
+
+static char *app_get_pass(BIO *err, char *arg, int keepbio);
+
+int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2)
+{
+ int same;
+ if(!arg2 || !arg1 || strcmp(arg1, arg2)) same = 0;
+ else same = 1;
+ if(arg1) {
+ *pass1 = app_get_pass(err, arg1, same);
+ if(!*pass1) return 0;
+ } else if(pass1) *pass1 = NULL;
+ if(arg2) {
+ *pass2 = app_get_pass(err, arg2, same ? 2 : 0);
+ if(!*pass2) return 0;
+ } else if(pass2) *pass2 = NULL;
+ return 1;
+}
+
+static char *app_get_pass(BIO *err, char *arg, int keepbio)
+{
+ char *tmp, tpass[APP_PASS_LEN];
+ static BIO *pwdbio = NULL;
+ int i;
+ if(!strncmp(arg, "pass:", 5)) return BUF_strdup(arg + 5);
+ if(!strncmp(arg, "env:", 4)) {
+ tmp = getenv(arg + 4);
+ if(!tmp) {
+ BIO_printf(err, "Can't read environment variable %s\n", arg + 4);
+ return NULL;
+ }
+ return BUF_strdup(tmp);
+ }
+ if(!keepbio || !pwdbio) {
+ if(!strncmp(arg, "file:", 5)) {
+ pwdbio = BIO_new_file(arg + 5, "r");
+ if(!pwdbio) {
+ BIO_printf(err, "Can't open file %s\n", arg + 5);
+ return NULL;
+ }
+ } else if(!strncmp(arg, "fd:", 3)) {
+ BIO *btmp;
+ i = atoi(arg + 3);
+ if(i >= 0) pwdbio = BIO_new_fd(i, BIO_NOCLOSE);
+ if((i < 0) || !pwdbio) {
+ BIO_printf(err, "Can't access file descriptor %s\n", arg + 3);
+ return NULL;
+ }
+ /* Can't do BIO_gets on an fd BIO so add a buffering BIO */
+ btmp = BIO_new(BIO_f_buffer());
+ pwdbio = BIO_push(btmp, pwdbio);
+ } else if(!strcmp(arg, "stdin")) {
+ pwdbio = BIO_new_fp(stdin, BIO_NOCLOSE);
+ if(!pwdbio) {
+ BIO_printf(err, "Can't open BIO for stdin\n");
+ return NULL;
+ }
+ } else {
+ BIO_printf(err, "Invalid password argument \"%s\"\n", arg);
+ return NULL;
+ }
+ }
+ i = BIO_gets(pwdbio, tpass, APP_PASS_LEN);
+ if(keepbio != 1) {
+ BIO_free_all(pwdbio);
+ pwdbio = NULL;
+ }
+ if(i <= 0) {
+ BIO_printf(err, "Error reading password from BIO\n");
+ return NULL;
+ }
+ tmp = strchr(tpass, '\n');
+ if(tmp) *tmp = 0;
+ return BUF_strdup(tpass);
+}
diff --git a/crypto/openssl/apps/apps.h b/crypto/openssl/apps/apps.h
index 063f9c65be72..2dcdb88c4315 100644
--- a/crypto/openssl/apps/apps.h
+++ b/crypto/openssl/apps/apps.h
@@ -64,7 +64,17 @@
#include <openssl/buffer.h>
#include <openssl/bio.h>
#include <openssl/crypto.h>
-#include "progs.h"
+#include <openssl/x509.h>
+
+int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
+int app_RAND_write_file(const char *file, BIO *bio_e);
+/* When `file' is NULL, use defaults.
+ * `bio_e' is for error messages. */
+void app_RAND_allow_write_file(void);
+long app_RAND_load_files(char *file); /* `file' is a list of files to read,
+ * separated by LIST_SEPARATOR_CHAR
+ * (see e_os.h). The string is
+ * destroyed! */
#ifdef NO_STDIO
BIO_METHOD *BIO_s_file();
@@ -103,7 +113,7 @@ extern BIO *bio_err;
#define do_pipe_sig()
#endif
-#if defined(MONOLITH) && !defined(SSLEAY)
+#if defined(MONOLITH) && !defined(OPENSSL_C)
# define apps_startup() do_pipe_sig()
#else
# if defined(MSDOS) || defined(WIN16) || defined(WIN32)
@@ -132,10 +142,16 @@ int args_from_file(char *file, int *argc, char **argv[]);
int str2fmt(char *s);
void program_name(char *in,char *out,int size);
int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
+#ifdef HEADER_X509_H
+int dump_cert_text(BIO *out, X509 *x);
+#endif
+int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
#define FORMAT_UNDEF 0
#define FORMAT_ASN1 1
#define FORMAT_TEXT 2
#define FORMAT_PEM 3
#define FORMAT_NETSCAPE 4
+#define APP_PASS_LEN 1024
+
#endif
diff --git a/crypto/openssl/apps/asn1pars.c b/crypto/openssl/apps/asn1pars.c
index 1b272b29770a..f104ebc1f08a 100644
--- a/crypto/openssl/apps/asn1pars.c
+++ b/crypto/openssl/apps/asn1pars.c
@@ -74,19 +74,21 @@
* -i - indent the details by depth
* -offset - where in the file to start
* -length - how many bytes to use
- * -oid file - extra oid decription file
+ * -oid file - extra oid description file
*/
#undef PROG
#define PROG asn1parse_main
+int MAIN(int, char **);
+
int MAIN(int argc, char **argv)
{
int i,badops=0,offset=0,ret=1,j;
unsigned int length=0;
long num,tmplen;
BIO *in=NULL,*out=NULL,*b64=NULL, *derout = NULL;
- int informat,indent=0;
+ int informat,indent=0, noout = 0;
char *infile=NULL,*str=NULL,*prog,*oidfile=NULL, *derfile=NULL;
unsigned char *tmpbuf;
BUF_MEM *buf=NULL;
@@ -130,6 +132,7 @@ int MAIN(int argc, char **argv)
{
indent=1;
}
+ else if (strcmp(*argv,"-noout") == 0) noout = 1;
else if (strcmp(*argv,"-oid") == 0)
{
if (--argc < 1) goto bad;
@@ -168,8 +171,10 @@ bad:
BIO_printf(bio_err,"where options are\n");
BIO_printf(bio_err," -inform arg input format - one of DER TXT PEM\n");
BIO_printf(bio_err," -in arg input file\n");
+ BIO_printf(bio_err," -out arg output file\n");
+ BIO_printf(bio_err," -noout arg don't produce any output\n");
BIO_printf(bio_err," -offset arg offset into file\n");
- BIO_printf(bio_err," -length arg lenth of section in file\n");
+ BIO_printf(bio_err," -length arg length of section in file\n");
BIO_printf(bio_err," -i indent entries\n");
BIO_printf(bio_err," -oid file file of extra oid definitions\n");
BIO_printf(bio_err," -strparse offset\n");
@@ -287,7 +292,8 @@ bad:
goto end;
}
}
- if (!ASN1_parse(out,(unsigned char *)&(str[offset]),length,indent))
+ if (!noout &&
+ !ASN1_parse(out,(unsigned char *)&(str[offset]),length,indent))
{
ERR_print_errors(bio_err);
goto end;
diff --git a/crypto/openssl/apps/ca.c b/crypto/openssl/apps/ca.c
index 9ed100dd3c1c..73df13fe8e2a 100644
--- a/crypto/openssl/apps/ca.c
+++ b/crypto/openssl/apps/ca.c
@@ -147,6 +147,8 @@ static char *ca_usage[]={
" -gencrl - Generate a new CRL\n",
" -crldays days - Days is when the next CRL is due\n",
" -crlhours hours - Hours is when the next CRL is due\n",
+" -startdate YYMMDDHHMMSSZ - certificate validity notBefore\n",
+" -enddate YYMMDDHHMMSSZ - certificate validity notAfter (overrides -days)\n",
" -days arg - number of days to certify the certificate for\n",
" -md arg - md to use, one of md2, md5, sha or sha1\n",
" -policy arg - The CA 'policy' to support\n",
@@ -163,6 +165,8 @@ static char *ca_usage[]={
" -batch - Don't ask questions\n",
" -msie_hack - msie modifications to handle all those universal strings\n",
" -revoke file - Revoke a certificate (given in file)\n",
+" -extensions .. - Extension section (override value in config file)\n",
+" -crlexts .. - CRL extension section (override value in config file)\n",
NULL
};
@@ -174,7 +178,6 @@ extern int EF_ALIGNMENT;
static int add_oid_section(LHASH *conf);
static void lookup_fail(char *name,char *tag);
-static int MS_CALLBACK key_callback(char *buf,int len,int verify,void *u);
static unsigned long index_serial_hash(char **a);
static int index_serial_cmp(char **a, char **b);
static unsigned long index_name_hash(char **a);
@@ -197,22 +200,24 @@ static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
char *enddate, int days, char *ext_sect,LHASH *conf,
int verbose);
static int fix_data(int nid, int *type);
-static void write_new_certificate(BIO *bp, X509 *x, int output_der);
+static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,
char *startdate, char *enddate, int days, int batch, int verbose,
X509_REQ *req, char *ext_sect, LHASH *conf);
static int do_revoke(X509 *x509, TXT_DB *db);
static int check_time_format(char *str);
-static LHASH *conf;
-static char *key=NULL;
+static LHASH *conf=NULL;
static char *section=NULL;
static int preserve=0;
static int msie_hack=0;
+int MAIN(int, char **);
+
int MAIN(int argc, char **argv)
{
+ char *key=NULL;
int total=0;
int total_done=0;
int badops=0;
@@ -244,6 +249,7 @@ int MAIN(int argc, char **argv)
char *enddate=NULL;
int days=0;
int batch=0;
+ int notext=0;
X509 *x509=NULL;
X509 *x=NULL;
BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL;
@@ -262,6 +268,7 @@ int MAIN(int argc, char **argv)
#undef BSIZE
#define BSIZE 256
MS_STATIC char buf[3][BSIZE];
+ char *randfile=NULL;
#ifdef EFENCE
EF_PROTECT_FREE=1;
@@ -271,9 +278,12 @@ EF_ALIGNMENT=0;
apps_startup();
- X509V3_add_standard_extensions();
+ conf = NULL;
+ key = NULL;
+ section = NULL;
preserve=0;
+ msie_hack=0;
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
@@ -350,6 +360,8 @@ EF_ALIGNMENT=0;
if (--argc < 1) goto bad;
outdir= *(++argv);
}
+ else if (strcmp(*argv,"-notext") == 0)
+ notext=1;
else if (strcmp(*argv,"-batch") == 0)
batch=1;
else if (strcmp(*argv,"-preserveDN") == 0)
@@ -393,6 +405,16 @@ EF_ALIGNMENT=0;
infile= *(++argv);
dorevoke=1;
}
+ else if (strcmp(*argv,"-extensions") == 0)
+ {
+ if (--argc < 1) goto bad;
+ extensions= *(++argv);
+ }
+ else if (strcmp(*argv,"-crlexts") == 0)
+ {
+ if (--argc < 1) goto bad;
+ crl_ext= *(++argv);
+ }
else
{
bad:
@@ -476,12 +498,16 @@ bad:
BIO_free(oid_bio);
}
}
- }
- if(!add_oid_section(conf)) {
+ if(!add_oid_section(conf))
+ {
ERR_print_errors(bio_err);
goto err;
+ }
}
+ randfile = CONF_get_string(conf, BASE_SECTION, "RANDFILE");
+ app_RAND_load_file(randfile, bio_err, 0);
+
in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
Sout=BIO_new(BIO_s_file());
@@ -493,7 +519,7 @@ bad:
}
/*****************************************************************/
- /* we definitly need an public key, so lets get it */
+ /* we definitely need an public key, so lets get it */
if ((keyfile == NULL) && ((keyfile=CONF_get_string(conf,
section,ENV_PRIVATE_KEY)) == NULL))
@@ -507,13 +533,8 @@ bad:
BIO_printf(bio_err,"trying to load CA private key\n");
goto err;
}
- if (key == NULL)
- pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL);
- else
- {
- pkey=PEM_read_bio_PrivateKey(in,NULL,key_callback,NULL);
- memset(key,0,strlen(key));
- }
+ pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key);
+ if(key) memset(key,0,strlen(key));
if (pkey == NULL)
{
BIO_printf(bio_err,"unable to load CA private key\n");
@@ -566,14 +587,19 @@ bad:
BIO_printf(bio_err,"there needs to be defined a directory for new certificate to be placed in\n");
goto err;
}
-#ifdef VMS
- /* For technical reasons, VMS misbehaves with X_OK */
- if (access(outdir,R_OK|W_OK) != 0)
-#else
+#ifndef VMS /* outdir is a directory spec, but access() for VMS demands a
+ filename. In any case, stat(), below, will catch the problem
+ if outdir is not a directory spec, and the fopen() or open()
+ will catch an error if there is no write access.
+
+ Presumably, this problem could also be solved by using the DEC
+ C routines to convert the directory syntax to Unixly, and give
+ that to access(). However, time's too short to do that just
+ now.
+ */
if (access(outdir,R_OK|W_OK|X_OK) != 0)
-#endif
{
- BIO_printf(bio_err,"I am unable to acces the %s directory\n",outdir);
+ BIO_printf(bio_err,"I am unable to access the %s directory\n",outdir);
perror(outdir);
goto err;
}
@@ -584,12 +610,15 @@ bad:
perror(outdir);
goto err;
}
+#ifdef S_IFDIR
if (!(sb.st_mode & S_IFDIR))
{
BIO_printf(bio_err,"%s need to be a directory\n",outdir);
perror(outdir);
goto err;
}
+#endif
+#endif
}
/*****************************************************************/
@@ -655,7 +684,7 @@ bad:
TXT_DB_write(out,db);
BIO_printf(bio_err,"%d entries loaded from the database\n",
db->data->num);
- BIO_printf(bio_err,"generating indexs\n");
+ BIO_printf(bio_err,"generating index\n");
}
if (!TXT_DB_create_index(db,DB_serial,NULL,index_serial_hash,
@@ -720,8 +749,8 @@ bad:
lookup_fail(section,ENV_SERIAL);
goto err;
}
-
- extensions=CONF_get_string(conf,section,ENV_EXTENSIONS);
+ if(!extensions)
+ extensions=CONF_get_string(conf,section,ENV_EXTENSIONS);
if(extensions) {
/* Check syntax of file */
X509V3_CTX ctx;
@@ -966,8 +995,8 @@ bad:
perror(buf[2]);
goto err;
}
- write_new_certificate(Cout,x, 0);
- write_new_certificate(Sout,x, output_der);
+ write_new_certificate(Cout,x, 0, notext);
+ write_new_certificate(Sout,x, output_der, notext);
}
if (sk_num(cert_sk))
@@ -987,14 +1016,14 @@ bad:
out=NULL;
if (rename(serialfile,buf[2]) < 0)
{
- BIO_printf(bio_err,"unabel to rename %s to %s\n",
+ BIO_printf(bio_err,"unable to rename %s to %s\n",
serialfile,buf[2]);
perror("reason");
goto err;
}
if (rename(buf[0],serialfile) < 0)
{
- BIO_printf(bio_err,"unabel to rename %s to %s\n",
+ BIO_printf(bio_err,"unable to rename %s to %s\n",
buf[0],serialfile);
perror("reason");
rename(buf[2],serialfile);
@@ -1011,14 +1040,14 @@ bad:
if (rename(dbfile,buf[2]) < 0)
{
- BIO_printf(bio_err,"unabel to rename %s to %s\n",
+ BIO_printf(bio_err,"unable to rename %s to %s\n",
dbfile,buf[2]);
perror("reason");
goto err;
}
if (rename(buf[1],dbfile) < 0)
{
- BIO_printf(bio_err,"unabel to rename %s to %s\n",
+ BIO_printf(bio_err,"unable to rename %s to %s\n",
buf[1],dbfile);
perror("reason");
rename(buf[2],dbfile);
@@ -1031,7 +1060,7 @@ bad:
/*****************************************************************/
if (gencrl)
{
- crl_ext=CONF_get_string(conf,section,ENV_CRLEXT);
+ if(!crl_ext) crl_ext=CONF_get_string(conf,section,ENV_CRLEXT);
if(crl_ext) {
/* Check syntax of file */
X509V3_CTX ctx;
@@ -1143,13 +1172,6 @@ bad:
/*****************************************************************/
if (dorevoke)
{
- in=BIO_new(BIO_s_file());
- out=BIO_new(BIO_s_file());
- if ((in == NULL) || (out == NULL))
- {
- ERR_print_errors(bio_err);
- goto err;
- }
if (infile == NULL)
{
BIO_printf(bio_err,"no input files\n");
@@ -1157,19 +1179,22 @@ bad:
}
else
{
+ X509 *revcert;
if (BIO_read_filename(in,infile) <= 0)
{
perror(infile);
BIO_printf(bio_err,"error trying to load '%s' certificate\n",infile);
goto err;
}
- x509=PEM_read_bio_X509(in,NULL,NULL,NULL);
- if (x509 == NULL)
+ revcert=PEM_read_bio_X509(in,NULL,NULL,NULL);
+ if (revcert == NULL)
{
BIO_printf(bio_err,"unable to load '%s' certificate\n",infile);
goto err;
}
- j=do_revoke(x509,db);
+ j=do_revoke(revcert,db);
+ if (j <= 0) goto err;
+ X509_free(revcert);
strncpy(buf[0],dbfile,BSIZE-4);
strcat(buf[0],".new");
@@ -1181,10 +1206,6 @@ bad:
}
j=TXT_DB_write(out,db);
if (j <= 0) goto err;
- BIO_free(in);
- BIO_free(out);
- in=NULL;
- out=NULL;
strncpy(buf[1],dbfile,BSIZE-4);
strcat(buf[1],".old");
if (rename(dbfile,buf[1]) < 0)
@@ -1215,13 +1236,13 @@ err:
sk_pop_free(cert_sk,X509_free);
if (ret) ERR_print_errors(bio_err);
+ app_RAND_write_file(randfile, bio_err);
BN_free(serial);
TXT_DB_free(db);
EVP_PKEY_free(pkey);
X509_free(x509);
X509_CRL_free(crl);
CONF_free(conf);
- X509V3_EXT_cleanup();
OBJ_cleanup();
EXIT(ret);
}
@@ -1231,17 +1252,6 @@ static void lookup_fail(char *name, char *tag)
BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag);
}
-static int MS_CALLBACK key_callback(char *buf, int len, int verify, void *u)
- {
- int i;
-
- if (key == NULL) return(0);
- i=strlen(key);
- i=(i > len)?len:i;
- memcpy(buf,key,i);
- return(i);
- }
-
static unsigned long index_serial_hash(char **a)
{
char *n;
@@ -1652,7 +1662,7 @@ again2:
}
if (j < 0)
{
- BIO_printf(bio_err,"The %s field needed to be the same in the\nCA certificate (%s) and the request (%s)\n",cv->name,((str == NULL)?"NULL":(char *)str->data),((str2 == NULL)?"NULL":(char *)str2->data));
+ BIO_printf(bio_err,"The %s field needed to be the same in the\nCA certificate (%s) and the request (%s)\n",cv->name,((str2 == NULL)?"NULL":(char *)str2->data),((str == NULL)?"NULL":(char *)str->data));
goto err;
}
}
@@ -1664,8 +1674,7 @@ again2:
if (push != NULL)
{
- if (!X509_NAME_add_entry(subject,push,
- X509_NAME_entry_count(subject),0))
+ if (!X509_NAME_add_entry(subject,push, -1, 0))
{
if (push != NULL)
X509_NAME_ENTRY_free(push);
@@ -1685,7 +1694,7 @@ again2:
}
if (verbose)
- BIO_printf(bio_err,"The subject name apears to be ok, checking data base for clashes\n");
+ BIO_printf(bio_err,"The subject name appears to be ok, checking data base for clashes\n");
row[DB_name]=X509_NAME_oneline(subject,NULL,0);
row[DB_serial]=BN_bn2hex(serial);
@@ -1742,7 +1751,7 @@ again2:
goto err;
}
- /* We are now totaly happy, lets make and sign the certificate */
+ /* We are now totally happy, lets make and sign the certificate */
if (verbose)
BIO_printf(bio_err,"Everything appears to be ok, creating and signing the certificate\n");
@@ -1789,7 +1798,7 @@ again2:
ASN1_INTEGER_set(ci->version,2); /* version 3 certificate */
/* Free the current entries if any, there should not
- * be any I belive */
+ * be any I believe */
if (ci->extensions != NULL)
sk_X509_EXTENSION_pop_free(ci->extensions,
X509_EXTENSION_free);
@@ -1883,6 +1892,8 @@ err:
X509_NAME_free(CAname);
if (subject != NULL)
X509_NAME_free(subject);
+ if (tmptm != NULL)
+ ASN1_UTCTIME_free(tmptm);
if (ok <= 0)
{
if (ret != NULL) X509_free(ret);
@@ -1893,17 +1904,16 @@ err:
return(ok);
}
-static void write_new_certificate(BIO *bp, X509 *x, int output_der)
+static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext)
{
- char *f;
- char buf[256];
if (output_der)
{
(void)i2d_X509_bio(bp,x);
return;
}
-
+#if 0
+ /* ??? Not needed since X509_print prints all this stuff anyway */
f=X509_NAME_oneline(X509_get_issuer_name(x),buf,256);
BIO_printf(bp,"issuer :%s\n",f);
@@ -1913,10 +1923,9 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der)
BIO_puts(bp,"serial :");
i2a_ASN1_INTEGER(bp,x->cert_info->serialNumber);
BIO_puts(bp,"\n\n");
- X509_print(bp,x);
- BIO_puts(bp,"\n");
+#endif
+ if(!notext)X509_print(bp,x);
PEM_write_bio_X509(bp,x);
- BIO_puts(bp,"\n");
}
static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
@@ -1929,7 +1938,6 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
X509_REQ *req=NULL;
CONF_VALUE *cv=NULL;
NETSCAPE_SPKI *spki = NULL;
- unsigned char *spki_der = NULL,*p;
X509_REQ_INFO *ri;
char *type,*buf;
EVP_PKEY *pktmp=NULL;
@@ -1986,31 +1994,22 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
cv=sk_CONF_VALUE_value(sk,i);
type=cv->name;
- buf=cv->value;
+ /* Skip past any leading X. X: X, etc to allow for
+ * multiple instances
+ */
+ for(buf = cv->name; *buf ; buf++)
+ if ((*buf == ':') || (*buf == ',') || (*buf == '.')) {
+ buf++;
+ if(*buf) type = buf;
+ break;
+ }
+ buf=cv->value;
if ((nid=OBJ_txt2nid(type)) == NID_undef)
{
if (strcmp(type, "SPKAC") == 0)
{
- spki_der=(unsigned char *)Malloc(
- strlen(cv->value)+1);
- if (spki_der == NULL)
- {
- BIO_printf(bio_err,"Malloc failure\n");
- goto err;
- }
- j = EVP_DecodeBlock(spki_der, (unsigned char *)cv->value,
- strlen(cv->value));
- if (j <= 0)
- {
- BIO_printf(bio_err, "Can't b64 decode SPKAC structure\n");
- goto err;
- }
-
- p=spki_der;
- spki = d2i_NETSCAPE_SPKI(&spki, &p, j);
- Free(spki_der);
- spki_der = NULL;
+ spki = NETSCAPE_SPKI_b64_decode(cv->value, -1);
if (spki == NULL)
{
BIO_printf(bio_err,"unable to load Netscape SPKAC structure\n");
@@ -2034,8 +2033,7 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
strlen(buf))) == NULL)
goto err;
- if (!X509_NAME_add_entry(n,ne,X509_NAME_entry_count(n),0))
- goto err;
+ if (!X509_NAME_add_entry(n,ne,-1, 0)) goto err;
}
if (spki == NULL)
{
@@ -2050,7 +2048,7 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
BIO_printf(bio_err,"Check that the SPKAC request matches the signature\n");
- if ((pktmp=X509_PUBKEY_get(spki->spkac->pubkey)) == NULL)
+ if ((pktmp=NETSCAPE_SPKI_get_pubkey(spki)) == NULL)
{
BIO_printf(bio_err,"error unpacking SPKAC public key\n");
goto err;
@@ -2071,7 +2069,6 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
err:
if (req != NULL) X509_REQ_free(req);
if (parms != NULL) CONF_free(parms);
- if (spki_der != NULL) Free(spki_der);
if (spki != NULL) NETSCAPE_SPKI_free(spki);
if (ne != NULL) X509_NAME_ENTRY_free(ne);
@@ -2127,20 +2124,26 @@ static int add_oid_section(LHASH *hconf)
static int do_revoke(X509 *x509, TXT_DB *db)
{
- ASN1_UTCTIME *tm=NULL;
+ ASN1_UTCTIME *tm=NULL, *revtm=NULL;
char *row[DB_NUMBER],**rrow,**irow;
+ BIGNUM *bn = NULL;
int ok=-1,i;
for (i=0; i<DB_NUMBER; i++)
row[i]=NULL;
- row[DB_name]=X509_NAME_oneline(x509->cert_info->subject,NULL,0);
- row[DB_serial]=BN_bn2hex(ASN1_INTEGER_to_BN(x509->cert_info->serialNumber,NULL));
+ row[DB_name]=X509_NAME_oneline(X509_get_subject_name(x509),NULL,0);
+ bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL);
+ row[DB_serial]=BN_bn2hex(bn);
+ BN_free(bn);
if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
{
BIO_printf(bio_err,"Malloc failure\n");
goto err;
}
- rrow=TXT_DB_get_by_index(db,DB_name,row);
+ /* We have to lookup by serial number because name lookup
+ * skips revoked certs
+ */
+ rrow=TXT_DB_get_by_index(db,DB_serial,row);
if (rrow == NULL)
{
BIO_printf(bio_err,"Adding Entry to DB for %s\n", row[DB_name]);
@@ -2191,16 +2194,15 @@ static int do_revoke(X509 *x509, TXT_DB *db)
}
/* Revoke Certificate */
- do_revoke(x509,db);
+ ok = do_revoke(x509,db);
- ok=1;
goto err;
}
- else if (index_serial_cmp(row,rrow))
+ else if (index_name_cmp(row,rrow))
{
- BIO_printf(bio_err,"ERROR:no same serial number %s\n",
- row[DB_serial]);
+ BIO_printf(bio_err,"ERROR:name does not match %s\n",
+ row[DB_name]);
goto err;
}
else if (rrow[DB_type][0]=='R')
@@ -2212,12 +2214,14 @@ static int do_revoke(X509 *x509, TXT_DB *db)
else
{
BIO_printf(bio_err,"Revoking Certificate %s.\n", rrow[DB_serial]);
- tm=X509_gmtime_adj(tm,0);
+ revtm = ASN1_UTCTIME_new();
+ revtm=X509_gmtime_adj(revtm,0);
rrow[DB_type][0]='R';
rrow[DB_type][1]='\0';
- rrow[DB_rev_date]=(char *)Malloc(tm->length+1);
- memcpy(rrow[DB_rev_date],tm->data,tm->length);
- rrow[DB_rev_date][tm->length]='\0';
+ rrow[DB_rev_date]=(char *)Malloc(revtm->length+1);
+ memcpy(rrow[DB_rev_date],revtm->data,revtm->length);
+ rrow[DB_rev_date][revtm->length]='\0';
+ ASN1_UTCTIME_free(revtm);
}
ok=1;
err:
@@ -2226,7 +2230,6 @@ err:
if (row[i] != NULL)
Free(row[i]);
}
- ASN1_UTCTIME_free(tm);
return(ok);
}
diff --git a/crypto/openssl/apps/ciphers.c b/crypto/openssl/apps/ciphers.c
index 08e47be4f787..f8e9e7be2e6d 100644
--- a/crypto/openssl/apps/ciphers.c
+++ b/crypto/openssl/apps/ciphers.c
@@ -66,10 +66,6 @@
#include <openssl/err.h>
#include <openssl/ssl.h>
-#if defined(NO_RSA) && !defined(NO_SSL2)
-#define NO_SSL2
-#endif
-
#undef PROG
#define PROG ciphers_main
@@ -81,6 +77,8 @@ static char *ciphers_usage[]={
NULL
};
+int MAIN(int, char **);
+
int MAIN(int argc, char **argv)
{
int ret=1,i;
@@ -145,12 +143,16 @@ int MAIN(int argc, char **argv)
goto end;
}
- SSLeay_add_ssl_algorithms();
+ OpenSSL_add_ssl_algorithms();
ctx=SSL_CTX_new(meth);
if (ctx == NULL) goto err;
- if (ciphers != NULL)
- SSL_CTX_set_cipher_list(ctx,ciphers);
+ if (ciphers != NULL) {
+ if(!SSL_CTX_set_cipher_list(ctx,ciphers)) {
+ BIO_printf(bio_err, "Error in cipher list\n");
+ goto err;
+ }
+ }
ssl=SSL_new(ctx);
if (ssl == NULL) goto err;
diff --git a/crypto/openssl/apps/crl.c b/crypto/openssl/apps/crl.c
index f7bdf76676c8..338f46d97c5f 100644
--- a/crypto/openssl/apps/crl.c
+++ b/crypto/openssl/apps/crl.c
@@ -75,7 +75,7 @@
static char *crl_usage[]={
"usage: crl args\n",
"\n",
-" -inform arg - input format - default PEM (one of DER, TXT or PEM)\n",
+" -inform arg - input format - default PEM (DER or PEM)\n",
" -outform arg - output format - default PEM\n",
" -text - print out a text format version\n",
" -in arg - input file - default stdin\n",
@@ -85,21 +85,32 @@ static char *crl_usage[]={
" -lastupdate - lastUpdate field\n",
" -nextupdate - nextUpdate field\n",
" -noout - no CRL output\n",
+" -CAfile name - verify CRL using certificates in file \"name\"\n",
+" -CApath dir - verify CRL using certificates in \"dir\"\n",
NULL
};
static X509_CRL *load_crl(char *file, int format);
static BIO *bio_out=NULL;
+int MAIN(int, char **);
+
int MAIN(int argc, char **argv)
{
X509_CRL *x=NULL;
+ char *CAfile = NULL, *CApath = NULL;
int ret=1,i,num,badops=0;
BIO *out=NULL;
int informat,outformat;
char *infile=NULL,*outfile=NULL;
int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
char **pp,buf[256];
+ X509_STORE *store = NULL;
+ X509_STORE_CTX ctx;
+ X509_LOOKUP *lookup = NULL;
+ X509_OBJECT xobj;
+ EVP_PKEY *pkey;
+ int do_ver = 0;
apps_startup();
@@ -146,6 +157,20 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
outfile= *(++argv);
}
+ else if (strcmp(*argv,"-CApath") == 0)
+ {
+ if (--argc < 1) goto bad;
+ CApath = *(++argv);
+ do_ver = 1;
+ }
+ else if (strcmp(*argv,"-CAfile") == 0)
+ {
+ if (--argc < 1) goto bad;
+ CAfile = *(++argv);
+ do_ver = 1;
+ }
+ else if (strcmp(*argv,"-verify") == 0)
+ do_ver = 1;
else if (strcmp(*argv,"-text") == 0)
text = 1;
else if (strcmp(*argv,"-hash") == 0)
@@ -177,36 +202,74 @@ bad:
}
ERR_load_crypto_strings();
- X509V3_add_standard_extensions();
x=load_crl(infile,informat);
if (x == NULL) { goto end; }
+ if(do_ver) {
+ store = X509_STORE_new();
+ lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());
+ if (lookup == NULL) goto end;
+ if (!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM))
+ X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
+
+ lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());
+ if (lookup == NULL) goto end;
+ if (!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM))
+ X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
+ ERR_clear_error();
+
+ X509_STORE_CTX_init(&ctx, store, NULL, NULL);
+
+ i = X509_STORE_get_by_subject(&ctx, X509_LU_X509,
+ X509_CRL_get_issuer(x), &xobj);
+ if(i <= 0) {
+ BIO_printf(bio_err,
+ "Error getting CRL issuer certificate\n");
+ goto end;
+ }
+ pkey = X509_get_pubkey(xobj.data.x509);
+ X509_OBJECT_free_contents(&xobj);
+ if(!pkey) {
+ BIO_printf(bio_err,
+ "Error getting CRL issuer public key\n");
+ goto end;
+ }
+ i = X509_CRL_verify(x, pkey);
+ EVP_PKEY_free(pkey);
+ if(i < 0) goto end;
+ if(i == 0) BIO_printf(bio_err, "verify failure\n");
+ else BIO_printf(bio_err, "verify OK\n");
+ }
+
if (num)
{
for (i=1; i<=num; i++)
{
if (issuer == i)
{
- X509_NAME_oneline(x->crl->issuer,buf,256);
+ X509_NAME_oneline(X509_CRL_get_issuer(x),
+ buf,256);
BIO_printf(bio_out,"issuer= %s\n",buf);
}
if (hash == i)
{
BIO_printf(bio_out,"%08lx\n",
- X509_NAME_hash(x->crl->issuer));
+ X509_NAME_hash(X509_CRL_get_issuer(x)));
}
if (lastupdate == i)
{
BIO_printf(bio_out,"lastUpdate=");
- ASN1_TIME_print(bio_out,x->crl->lastUpdate);
+ ASN1_TIME_print(bio_out,
+ X509_CRL_get_lastUpdate(x));
BIO_printf(bio_out,"\n");
}
if (nextupdate == i)
{
BIO_printf(bio_out,"nextUpdate=");
- if (x->crl->nextUpdate != NULL)
- ASN1_TIME_print(bio_out,x->crl->nextUpdate);
+ if (X509_CRL_get_nextUpdate(x))
+ ASN1_TIME_print(bio_out,
+ X509_CRL_get_nextUpdate(x));
else
BIO_printf(bio_out,"NONE");
BIO_printf(bio_out,"\n");
@@ -250,8 +313,12 @@ bad:
end:
BIO_free(out);
BIO_free(bio_out);
+ bio_out=NULL;
X509_CRL_free(x);
- X509V3_EXT_cleanup();
+ if(store) {
+ X509_STORE_CTX_cleanup(&ctx);
+ X509_STORE_free(store);
+ }
EXIT(ret);
}
diff --git a/crypto/openssl/apps/crl2p7.c b/crypto/openssl/apps/crl2p7.c
index 8634e3a1ec07..405659167698 100644
--- a/crypto/openssl/apps/crl2p7.c
+++ b/crypto/openssl/apps/crl2p7.c
@@ -76,12 +76,14 @@ static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile);
#undef PROG
#define PROG crl2pkcs7_main
-/* -inform arg - input format - default PEM (one of DER, TXT or PEM)
+/* -inform arg - input format - default PEM (DER or PEM)
* -outform arg - output format - default PEM
* -in arg - input file - default stdin
* -out arg - output file - default stdout
*/
+int MAIN(int, char **);
+
int MAIN(int argc, char **argv)
{
int i,badops=0;
@@ -157,8 +159,8 @@ int MAIN(int argc, char **argv)
bad:
BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
BIO_printf(bio_err,"where options are\n");
- BIO_printf(bio_err," -inform arg input format - one of DER TXT PEM\n");
- BIO_printf(bio_err," -outform arg output format - one of DER TXT PEM\n");
+ BIO_printf(bio_err," -inform arg input format - DER or PEM\n");
+ BIO_printf(bio_err," -outform arg output format - DER or PEM\n");
BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -certfile arg certificates file of chain to a trusted CA\n");
diff --git a/crypto/openssl/apps/der_chop b/crypto/openssl/apps/der_chop
index fbd2889842e2..9070b032fc38 100644
--- a/crypto/openssl/apps/der_chop
+++ b/crypto/openssl/apps/der_chop
@@ -1,4 +1,4 @@
-#!/usr/local/bin/perl5
+#!/usr/local/bin/perl
#
# der_chop ... this is one total hack that Eric is really not proud of
# so don't look at it and don't ask for support
diff --git a/crypto/openssl/apps/dgst.c b/crypto/openssl/apps/dgst.c
index 5f0506ed8cd6..1b56d6ef4416 100644
--- a/crypto/openssl/apps/dgst.c
+++ b/crypto/openssl/apps/dgst.c
@@ -74,6 +74,9 @@
#define PROG dgst_main
void do_fp(unsigned char *buf,BIO *f,int sep);
+
+int MAIN(int, char **);
+
int MAIN(int argc, char **argv)
{
unsigned char *buf=NULL;
diff --git a/crypto/openssl/apps/dh.c b/crypto/openssl/apps/dh.c
index 9efdcd78a36a..674963f81a90 100644
--- a/crypto/openssl/apps/dh.c
+++ b/crypto/openssl/apps/dh.c
@@ -1,4 +1,5 @@
/* apps/dh.c */
+/* obsoleted by dhparam.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -72,7 +73,7 @@
#undef PROG
#define PROG dh_main
-/* -inform arg - input format - default PEM (one of DER, TXT or PEM)
+/* -inform arg - input format - default PEM (DER or PEM)
* -outform arg - output format - default PEM
* -in arg - input file - default stdin
* -out arg - output file - default stdout
@@ -82,6 +83,8 @@
* -C
*/
+int MAIN(int, char **);
+
int MAIN(int argc, char **argv)
{
DH *dh=NULL;
@@ -149,8 +152,8 @@ int MAIN(int argc, char **argv)
bad:
BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
BIO_printf(bio_err,"where options are\n");
- BIO_printf(bio_err," -inform arg input format - one of DER TXT PEM\n");
- BIO_printf(bio_err," -outform arg output format - one of DER TXT PEM\n");
+ BIO_printf(bio_err," -inform arg input format - one of DER PEM\n");
+ BIO_printf(bio_err," -outform arg output format - one of DER PEM\n");
BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -check check the DH parameters\n");
@@ -219,7 +222,7 @@ bad:
BN_print(stdout,dh->g);
printf("\n");
if (dh->length != 0)
- printf("recomented private length=%ld\n",dh->length);
+ printf("recommended private length=%ld\n",dh->length);
#endif
}
@@ -232,8 +235,8 @@ bad:
}
if (i & DH_CHECK_P_NOT_PRIME)
printf("p value is not prime\n");
- if (i & DH_CHECK_P_NOT_STRONG_PRIME)
- printf("p value is not a strong prime\n");
+ if (i & DH_CHECK_P_NOT_SAFE_PRIME)
+ printf("p value is not a safe prime\n");
if (i & DH_UNABLE_TO_CHECK_GENERATOR)
printf("unable to check the generator value\n");
if (i & DH_NOT_SUITABLE_GENERATOR)
@@ -282,6 +285,7 @@ bad:
printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n");
printf("\t\treturn(NULL);\n");
printf("\treturn(dh);\n\t}\n");
+ Free(data);
}
@@ -297,7 +301,7 @@ bad:
}
if (!i)
{
- BIO_printf(bio_err,"unable to write DH paramaters\n");
+ BIO_printf(bio_err,"unable to write DH parameters\n");
ERR_print_errors(bio_err);
goto end;
}
diff --git a/crypto/openssl/apps/dhparam.c b/crypto/openssl/apps/dhparam.c
new file mode 100644
index 000000000000..709547ff5e6f
--- /dev/null
+++ b/crypto/openssl/apps/dhparam.c
@@ -0,0 +1,520 @@
+/* apps/dhparam.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef NO_DH
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+#ifndef NO_DSA
+#include <openssl/dsa.h>
+#endif
+
+#undef PROG
+#define PROG dhparam_main
+
+#define DEFBITS 512
+
+/* -inform arg - input format - default PEM (DER or PEM)
+ * -outform arg - output format - default PEM
+ * -in arg - input file - default stdin
+ * -out arg - output file - default stdout
+ * -dsaparam - read or generate DSA parameters, convert to DH
+ * -check - check the parameters are ok
+ * -noout
+ * -text
+ * -C
+ */
+
+static void MS_CALLBACK dh_cb(int p, int n, void *arg);
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+ {
+ DH *dh=NULL;
+ int i,badops=0,text=0;
+#ifndef NO_DSA
+ int dsaparam=0;
+#endif
+ BIO *in=NULL,*out=NULL;
+ int informat,outformat,check=0,noout=0,C=0,ret=1;
+ char *infile,*outfile,*prog;
+ char *inrand=NULL;
+ int num = 0, g = 0;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+ infile=NULL;
+ outfile=NULL;
+ informat=FORMAT_PEM;
+ outformat=FORMAT_PEM;
+
+ prog=argv[0];
+ argc--;
+ argv++;
+ while (argc >= 1)
+ {
+ if (strcmp(*argv,"-inform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ informat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-outform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outformat=str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-in") == 0)
+ {
+ if (--argc < 1) goto bad;
+ infile= *(++argv);
+ }
+ else if (strcmp(*argv,"-out") == 0)
+ {
+ if (--argc < 1) goto bad;
+ outfile= *(++argv);
+ }
+ else if (strcmp(*argv,"-check") == 0)
+ check=1;
+ else if (strcmp(*argv,"-text") == 0)
+ text=1;
+#ifndef NO_DSA
+ else if (strcmp(*argv,"-dsaparam") == 0)
+ dsaparam=1;
+#endif
+ else if (strcmp(*argv,"-C") == 0)
+ C=1;
+ else if (strcmp(*argv,"-noout") == 0)
+ noout=1;
+ else if (strcmp(*argv,"-2") == 0)
+ g=2;
+ else if (strcmp(*argv,"-5") == 0)
+ g=5;
+ else if (strcmp(*argv,"-rand") == 0)
+ {
+ if (--argc < 1) goto bad;
+ inrand= *(++argv);
+ }
+ else if (((sscanf(*argv,"%d",&num) == 0) || (num <= 0)))
+ goto bad;
+ argv++;
+ argc--;
+ }
+
+ if (badops)
+ {
+bad:
+ BIO_printf(bio_err,"%s [options] [numbits]\n",prog);
+ BIO_printf(bio_err,"where options are\n");
+ BIO_printf(bio_err," -inform arg input format - one of DER PEM\n");
+ BIO_printf(bio_err," -outform arg output format - one of DER PEM\n");
+ BIO_printf(bio_err," -in arg input file\n");
+ BIO_printf(bio_err," -out arg output file\n");
+#ifndef NO_DSA
+ BIO_printf(bio_err," -dsaparam read or generate DSA parameters, convert to DH\n");
+#endif
+ BIO_printf(bio_err," -check check the DH parameters\n");
+ BIO_printf(bio_err," -text print a text form of the DH parameters\n");
+ BIO_printf(bio_err," -C Output C code\n");
+ BIO_printf(bio_err," -2 generate parameters using 2 as the generator value\n");
+ BIO_printf(bio_err," -5 generate parameters using 5 as the generator value\n");
+ BIO_printf(bio_err," numbits number of bits in to generate (default 512)\n");
+ BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+ BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
+ BIO_printf(bio_err," the random number generator\n");
+ BIO_printf(bio_err," -noout no output\n");
+ goto end;
+ }
+
+ ERR_load_crypto_strings();
+
+ if (g && !num)
+ num = DEFBITS;
+
+#ifndef NO_DSA
+ if (dsaparam)
+ {
+ if (g)
+ {
+ BIO_printf(bio_err, "generator may not be chosen for DSA parameters\n");
+ goto end;
+ }
+ }
+ else
+#endif
+ {
+ /* DH parameters */
+ if (num && !g)
+ g = 2;
+ }
+
+ if(num) {
+
+ if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
+ {
+ BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
+ }
+ if (inrand != NULL)
+ BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+ app_RAND_load_files(inrand));
+
+#ifndef NO_DSA
+ if (dsaparam)
+ {
+ DSA *dsa;
+
+ BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
+ dsa = DSA_generate_parameters(num, NULL, 0, NULL, NULL, dh_cb, bio_err);
+ if (dsa == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ dh = DSA_dup_DH(dsa);
+ DSA_free(dsa);
+ if (dh == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+ else
+#endif
+ {
+ BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g);
+ BIO_printf(bio_err,"This is going to take a long time\n");
+ dh=DH_generate_parameters(num,g,dh_cb,bio_err);
+
+ if (dh == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ app_RAND_write_file(NULL, bio_err);
+ } else {
+
+ in=BIO_new(BIO_s_file());
+ if (in == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ if (infile == NULL)
+ BIO_set_fp(in,stdin,BIO_NOCLOSE);
+ else
+ {
+ if (BIO_read_filename(in,infile) <= 0)
+ {
+ perror(infile);
+ goto end;
+ }
+ }
+
+ if (informat != FORMAT_ASN1 && informat != FORMAT_PEM)
+ {
+ BIO_printf(bio_err,"bad input format specified\n");
+ goto end;
+ }
+
+#ifndef NO_DSA
+ if (dsaparam)
+ {
+ DSA *dsa;
+
+ if (informat == FORMAT_ASN1)
+ dsa=d2i_DSAparams_bio(in,NULL);
+ else /* informat == FORMAT_PEM */
+ dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL);
+
+ if (dsa == NULL)
+ {
+ BIO_printf(bio_err,"unable to load DSA parameters\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ dh = DSA_dup_DH(dsa);
+ DSA_free(dsa);
+ if (dh == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+ else
+#endif
+ {
+ if (informat == FORMAT_ASN1)
+ dh=d2i_DHparams_bio(in,NULL);
+ else /* informat == FORMAT_PEM */
+ dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL);
+
+ if (dh == NULL)
+ {
+ BIO_printf(bio_err,"unable to load DH parameters\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ /* dh != NULL */
+ }
+
+ out=BIO_new(BIO_s_file());
+ if (out == NULL)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ if (outfile == NULL)
+ BIO_set_fp(out,stdout,BIO_NOCLOSE);
+ else
+ {
+ if (BIO_write_filename(out,outfile) <= 0)
+ {
+ perror(outfile);
+ goto end;
+ }
+ }
+
+
+ if (text)
+ {
+ DHparams_print(out,dh);
+ }
+
+ if (check)
+ {
+ if (!DH_check(dh,&i))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ if (i & DH_CHECK_P_NOT_PRIME)
+ printf("p value is not prime\n");
+ if (i & DH_CHECK_P_NOT_SAFE_PRIME)
+ printf("p value is not a safe prime\n");
+ if (i & DH_UNABLE_TO_CHECK_GENERATOR)
+ printf("unable to check the generator value\n");
+ if (i & DH_NOT_SUITABLE_GENERATOR)
+ printf("the g value is not a generator\n");
+ if (i == 0)
+ printf("DH parameters appear to be ok.\n");
+ }
+ if (C)
+ {
+ unsigned char *data;
+ int len,l,bits;
+
+ len=BN_num_bytes(dh->p);
+ bits=BN_num_bits(dh->p);
+ data=(unsigned char *)Malloc(len);
+ if (data == NULL)
+ {
+ perror("Malloc");
+ goto end;
+ }
+ printf("#ifndef HEADER_DH_H\n"
+ "#include <openssl/dh.h>\n"
+ "#endif\n");
+ printf("DH *get_dh%d()\n\t{\n",bits);
+
+ l=BN_bn2bin(dh->p,data);
+ printf("\tstatic unsigned char dh%d_p[]={",bits);
+ for (i=0; i<l; i++)
+ {
+ if ((i%12) == 0) printf("\n\t\t");
+ printf("0x%02X,",data[i]);
+ }
+ printf("\n\t\t};\n");
+
+ l=BN_bn2bin(dh->g,data);
+ printf("\tstatic unsigned char dh%d_g[]={",bits);
+ for (i=0; i<l; i++)
+ {
+ if ((i%12) == 0) printf("\n\t\t");
+ printf("0x%02X,",data[i]);
+ }
+ printf("\n\t\t};\n");
+
+ printf("\tDH *dh;\n\n");
+ printf("\tif ((dh=DH_new()) == NULL) return(NULL);\n");
+ printf("\tdh->p=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);\n",
+ bits,bits);
+ printf("\tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);\n",
+ bits,bits);
+ printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n");
+ printf("\t\t{ DH_free(dh); return(NULL); }\n");
+ if (dh->length)
+ printf("\tdh->length = %d;\n", dh->length);
+ printf("\treturn(dh);\n\t}\n");
+ Free(data);
+ }
+
+
+ if (!noout)
+ {
+ if (outformat == FORMAT_ASN1)
+ i=i2d_DHparams_bio(out,dh);
+ else if (outformat == FORMAT_PEM)
+ i=PEM_write_bio_DHparams(out,dh);
+ else {
+ BIO_printf(bio_err,"bad output format specified for outfile\n");
+ goto end;
+ }
+ if (!i)
+ {
+ BIO_printf(bio_err,"unable to write DH parameters\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+ ret=0;
+end:
+ if (in != NULL) BIO_free(in);
+ if (out != NULL) BIO_free(out);
+ if (dh != NULL) DH_free(dh);
+ EXIT(ret);
+ }
+
+/* dh_cb is identical to dsa_cb in apps/dsaparam.c */
+static void MS_CALLBACK dh_cb(int p, int n, void *arg)
+ {
+ char c='*';
+
+ if (p == 0) c='.';
+ if (p == 1) c='+';
+ if (p == 2) c='*';
+ if (p == 3) c='\n';
+ BIO_write((BIO *)arg,&c,1);
+ (void)BIO_flush((BIO *)arg);
+#ifdef LINT
+ p=n;
+#endif
+ }
+
+#endif
diff --git a/crypto/openssl/apps/dsa.c b/crypto/openssl/apps/dsa.c
index fedecf27397b..4977671b8adc 100644
--- a/crypto/openssl/apps/dsa.c
+++ b/crypto/openssl/apps/dsa.c
@@ -83,6 +83,8 @@
* -modulus - print the DSA public key
*/
+int MAIN(int, char **);
+
int MAIN(int argc, char **argv)
{
int ret=1;
@@ -91,7 +93,10 @@ int MAIN(int argc, char **argv)
const EVP_CIPHER *enc=NULL;
BIO *in=NULL,*out=NULL;
int informat,outformat,text=0,noout=0;
+ int pubin = 0, pubout = 0;
char *infile,*outfile,*prog;
+ char *passargin = NULL, *passargout = NULL;
+ char *passin = NULL, *passout = NULL;
int modulus=0;
apps_startup();
@@ -130,12 +135,26 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
outfile= *(++argv);
}
+ else if (strcmp(*argv,"-passin") == 0)
+ {
+ if (--argc < 1) goto bad;
+ passargin= *(++argv);
+ }
+ else if (strcmp(*argv,"-passout") == 0)
+ {
+ if (--argc < 1) goto bad;
+ passargout= *(++argv);
+ }
else if (strcmp(*argv,"-noout") == 0)
noout=1;
else if (strcmp(*argv,"-text") == 0)
text=1;
else if (strcmp(*argv,"-modulus") == 0)
modulus=1;
+ else if (strcmp(*argv,"-pubin") == 0)
+ pubin=1;
+ else if (strcmp(*argv,"-pubout") == 0)
+ pubout=1;
else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -151,23 +170,30 @@ int MAIN(int argc, char **argv)
bad:
BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
BIO_printf(bio_err,"where options are\n");
- BIO_printf(bio_err," -inform arg input format - one of DER NET PEM\n");
- BIO_printf(bio_err," -outform arg output format - one of DER NET PEM\n");
- BIO_printf(bio_err," -in arg input file\n");
- BIO_printf(bio_err," -out arg output file\n");
- BIO_printf(bio_err," -des encrypt PEM output with cbc des\n");
- BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
+ BIO_printf(bio_err," -inform arg input format - DER or PEM\n");
+ BIO_printf(bio_err," -outform arg output format - DER or PEM\n");
+ BIO_printf(bio_err," -in arg input file\n");
+ BIO_printf(bio_err," -passin arg input file pass phrase source\n");
+ BIO_printf(bio_err," -out arg output file\n");
+ BIO_printf(bio_err," -passout arg output file pass phrase source\n");
+ BIO_printf(bio_err," -des encrypt PEM output with cbc des\n");
+ BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
#ifndef NO_IDEA
- BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n");
+ BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n");
#endif
- BIO_printf(bio_err," -text print the key in text\n");
- BIO_printf(bio_err," -noout don't print key out\n");
- BIO_printf(bio_err," -modulus print the DSA public value\n");
+ BIO_printf(bio_err," -text print the key in text\n");
+ BIO_printf(bio_err," -noout don't print key out\n");
+ BIO_printf(bio_err," -modulus print the DSA public value\n");
goto end;
}
ERR_load_crypto_strings();
+ if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
+ BIO_printf(bio_err, "Error getting passwords\n");
+ goto end;
+ }
+
in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL))
@@ -187,19 +213,21 @@ bad:
}
}
- BIO_printf(bio_err,"read DSA private key\n");
- if (informat == FORMAT_ASN1)
- dsa=d2i_DSAPrivateKey_bio(in,NULL);
- else if (informat == FORMAT_PEM)
- dsa=PEM_read_bio_DSAPrivateKey(in,NULL,NULL,NULL);
- else
+ BIO_printf(bio_err,"read DSA key\n");
+ if (informat == FORMAT_ASN1) {
+ if(pubin) dsa=d2i_DSA_PUBKEY_bio(in,NULL);
+ else dsa=d2i_DSAPrivateKey_bio(in,NULL);
+ } else if (informat == FORMAT_PEM) {
+ if(pubin) dsa=PEM_read_bio_DSA_PUBKEY(in,NULL, NULL, NULL);
+ else dsa=PEM_read_bio_DSAPrivateKey(in,NULL,NULL,passin);
+ } else
{
BIO_printf(bio_err,"bad input format specified for key\n");
goto end;
}
if (dsa == NULL)
{
- BIO_printf(bio_err,"unable to load Private Key\n");
+ BIO_printf(bio_err,"unable to load Key\n");
ERR_print_errors(bio_err);
goto end;
}
@@ -231,12 +259,16 @@ bad:
}
if (noout) goto end;
- BIO_printf(bio_err,"writing DSA private key\n");
- if (outformat == FORMAT_ASN1)
- i=i2d_DSAPrivateKey_bio(out,dsa);
- else if (outformat == FORMAT_PEM)
- i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL,NULL);
- else {
+ BIO_printf(bio_err,"writing DSA key\n");
+ if (outformat == FORMAT_ASN1) {
+ if(pubin || pubout) i=i2d_DSA_PUBKEY_bio(out,dsa);
+ else i=i2d_DSAPrivateKey_bio(out,dsa);
+ } else if (outformat == FORMAT_PEM) {
+ if(pubin || pubout)
+ i=PEM_write_bio_DSA_PUBKEY(out,dsa);
+ else i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,
+ NULL,0,NULL, passout);
+ } else {
BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end;
}
@@ -248,9 +280,11 @@ bad:
else
ret=0;
end:
- if (in != NULL) BIO_free(in);
- if (out != NULL) BIO_free(out);
- if (dsa != NULL) DSA_free(dsa);
+ if(in != NULL) BIO_free(in);
+ if(out != NULL) BIO_free(out);
+ if(dsa != NULL) DSA_free(dsa);
+ if(passin) Free(passin);
+ if(passout) Free(passout);
EXIT(ret);
}
#endif
diff --git a/crypto/openssl/apps/dsaparam.c b/crypto/openssl/apps/dsaparam.c
index fb8d47110876..4d4e1ad2b500 100644
--- a/crypto/openssl/apps/dsaparam.c
+++ b/crypto/openssl/apps/dsaparam.c
@@ -57,6 +57,7 @@
*/
#ifndef NO_DSA
+#include <assert.h>
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
@@ -65,7 +66,6 @@
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/bn.h>
-#include <openssl/rand.h>
#include <openssl/dsa.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
@@ -73,7 +73,7 @@
#undef PROG
#define PROG dsaparam_main
-/* -inform arg - input format - default PEM (one of DER, TXT or PEM)
+/* -inform arg - input format - default PEM (DER or PEM)
* -outform arg - output format - default PEM
* -in arg - input file - default stdin
* -out arg - output file - default stdout
@@ -84,7 +84,10 @@
* -genkey
*/
-static void MS_CALLBACK dsa_cb(int p, int n, char *arg);
+static void MS_CALLBACK dsa_cb(int p, int n, void *arg);
+
+int MAIN(int, char **);
+
int MAIN(int argc, char **argv)
{
DSA *dsa=NULL;
@@ -93,7 +96,7 @@ int MAIN(int argc, char **argv)
int informat,outformat,noout=0,C=0,ret=1;
char *infile,*outfile,*prog,*inrand=NULL;
int numbits= -1,num,genkey=0;
- char buffer[200],*randfile=NULL;
+ int need_rand=0;
apps_startup();
@@ -136,11 +139,15 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv,"-C") == 0)
C=1;
else if (strcmp(*argv,"-genkey") == 0)
+ {
genkey=1;
+ need_rand=1;
+ }
else if (strcmp(*argv,"-rand") == 0)
{
if (--argc < 1) goto bad;
inrand= *(++argv);
+ need_rand=1;
}
else if (strcmp(*argv,"-noout") == 0)
noout=1;
@@ -148,6 +155,7 @@ int MAIN(int argc, char **argv)
{
/* generate a key */
numbits=num;
+ need_rand=1;
}
else
{
@@ -164,11 +172,11 @@ int MAIN(int argc, char **argv)
bad:
BIO_printf(bio_err,"%s [options] [bits] <infile >outfile\n",prog);
BIO_printf(bio_err,"where options are\n");
- BIO_printf(bio_err," -inform arg input format - one of DER TXT PEM\n");
- BIO_printf(bio_err," -outform arg output format - one of DER TXT PEM\n");
+ BIO_printf(bio_err," -inform arg input format - DER or PEM\n");
+ BIO_printf(bio_err," -outform arg output format - DER or PEM\n");
BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -out arg output file\n");
- BIO_printf(bio_err," -text check the DSA parameters\n");
+ BIO_printf(bio_err," -text print the key in text\n");
BIO_printf(bio_err," -C Output C code\n");
BIO_printf(bio_err," -noout no output\n");
BIO_printf(bio_err," -rand files to use for random number input\n");
@@ -207,15 +215,20 @@ bad:
}
}
- if (numbits > 0)
+ if (need_rand)
{
- randfile=RAND_file_name(buffer,200);
- RAND_load_file(randfile,1024L*1024L);
+ app_RAND_load_file(NULL, bio_err, (inrand != NULL));
+ if (inrand != NULL)
+ BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+ app_RAND_load_files(inrand));
+ }
+ if (numbits > 0)
+ {
+ assert(need_rand);
BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
BIO_printf(bio_err,"This could take some time\n");
- dsa=DSA_generate_parameters(num,NULL,0,NULL,NULL,
- dsa_cb,(char *)bio_err);
+ dsa=DSA_generate_parameters(num,NULL,0,NULL,NULL, dsa_cb,bio_err);
}
else if (informat == FORMAT_ASN1)
dsa=d2i_DSAparams_bio(in,NULL);
@@ -307,7 +320,7 @@ bad:
}
if (!i)
{
- BIO_printf(bio_err,"unable to write DSA paramaters\n");
+ BIO_printf(bio_err,"unable to write DSA parameters\n");
ERR_print_errors(bio_err);
goto end;
}
@@ -316,6 +329,7 @@ bad:
{
DSA *dsakey;
+ assert(need_rand);
if ((dsakey=DSAparams_dup(dsa)) == NULL) goto end;
if (!DSA_generate_key(dsakey)) goto end;
if (outformat == FORMAT_ASN1)
@@ -328,6 +342,8 @@ bad:
}
DSA_free(dsakey);
}
+ if (need_rand)
+ app_RAND_write_file(NULL, bio_err);
ret=0;
end:
if (in != NULL) BIO_free(in);
@@ -336,7 +352,7 @@ end:
EXIT(ret);
}
-static void MS_CALLBACK dsa_cb(int p, int n, char *arg)
+static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
{
char c='*';
@@ -344,8 +360,8 @@ static void MS_CALLBACK dsa_cb(int p, int n, char *arg)
if (p == 1) c='+';
if (p == 2) c='*';
if (p == 3) c='\n';
- BIO_write((BIO *)arg,&c,1);
- (void)BIO_flush((BIO *)arg);
+ BIO_write(arg,&c,1);
+ (void)BIO_flush(arg);
#ifdef LINT
p=n;
#endif
diff --git a/crypto/openssl/apps/enc.c b/crypto/openssl/apps/enc.c
index bce936a2fc62..6531c58c542e 100644
--- a/crypto/openssl/apps/enc.c
+++ b/crypto/openssl/apps/enc.c
@@ -65,6 +65,7 @@
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
+#include <openssl/rand.h>
#ifndef NO_MD5
#include <openssl/md5.h>
#endif
@@ -79,17 +80,22 @@ int set_hex(char *in,unsigned char *out,int size);
#define BSIZE (8*1024)
#define PROG enc_main
+int MAIN(int, char **);
+
int MAIN(int argc, char **argv)
{
+ static const char magic[]="Salted__";
+ char mbuf[8]; /* should be 1 smaller than magic */
char *strbuf=NULL;
unsigned char *buff=NULL,*bufsize=NULL;
int bsize=BSIZE,verbose=0;
int ret=1,inl;
unsigned char key[24],iv[MD5_DIGEST_LENGTH];
- char *str=NULL;
- char *hkey=NULL,*hiv=NULL;
+ unsigned char salt[PKCS5_SALT_LEN];
+ char *str=NULL, *passarg = NULL, *pass = NULL;
+ char *hkey=NULL,*hiv=NULL,*hsalt = NULL;
int enc=1,printkey=0,i,base64=0;
- int debug=0,olb64=0;
+ int debug=0,olb64=0,nosalt=0;
const EVP_CIPHER *cipher=NULL,*c;
char *inf=NULL,*outf=NULL;
BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
@@ -130,14 +136,22 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
outf= *(++argv);
}
+ else if (strcmp(*argv,"-pass") == 0)
+ {
+ if (--argc < 1) goto bad;
+ passarg= *(++argv);
+ }
else if (strcmp(*argv,"-d") == 0)
enc=0;
else if (strcmp(*argv,"-p") == 0)
printkey=1;
else if (strcmp(*argv,"-v") == 0)
verbose=1;
- else if ((strcmp(*argv,"-debug") == 0) ||
- (strcmp(*argv,"-d") == 0))
+ else if (strcmp(*argv,"-salt") == 0)
+ nosalt=0;
+ else if (strcmp(*argv,"-nosalt") == 0)
+ nosalt=1;
+ else if (strcmp(*argv,"-debug") == 0)
debug=1;
else if (strcmp(*argv,"-P") == 0)
printkey=2;
@@ -194,6 +208,11 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
hkey= *(++argv);
}
+ else if (strcmp(*argv,"-S") == 0)
+ {
+ if (--argc < 1) goto bad;
+ hsalt= *(++argv);
+ }
else if (strcmp(*argv,"-iv") == 0)
{
if (--argc < 1) goto bad;
@@ -212,7 +231,8 @@ int MAIN(int argc, char **argv)
bad:
BIO_printf(bio_err,"options are\n");
BIO_printf(bio_err,"%-14s input file\n","-in <file>");
- BIO_printf(bio_err,"%-14s output fileencrypt\n","-out <file>");
+ BIO_printf(bio_err,"%-14s output file\n","-out <file>");
+ BIO_printf(bio_err,"%-14s pass phrase source\n","-pass <arg>");
BIO_printf(bio_err,"%-14s encrypt\n","-e");
BIO_printf(bio_err,"%-14s decrypt\n","-d");
BIO_printf(bio_err,"%-14s base64 encode/decode, depending on encryption flag\n","-a/-base64");
@@ -233,7 +253,7 @@ bad:
BIO_printf(bio_err,"rc2 :128 bit key RC2 encryption\n");
#endif
#ifndef NO_BF
- BIO_printf(bio_err,"bf :128 bit key BlowFish encryption\n");
+ BIO_printf(bio_err,"bf :128 bit key Blowfish encryption\n");
#endif
#ifndef NO_RC4
BIO_printf(bio_err," -%-5s :128 bit key RC4 encryption\n",
@@ -357,6 +377,14 @@ bad:
}
}
+ if(!str && passarg) {
+ if(!app_passwd(bio_err, passarg, NULL, &pass, NULL)) {
+ BIO_printf(bio_err, "Error getting password\n");
+ goto end;
+ }
+ str = pass;
+ }
+
if ((str == NULL) && (cipher != NULL) && (hkey == NULL))
{
for (;;)
@@ -386,11 +414,83 @@ bad:
}
}
+
+ if (outf == NULL)
+ BIO_set_fp(out,stdout,BIO_NOCLOSE);
+ else
+ {
+ if (BIO_write_filename(out,outf) <= 0)
+ {
+ perror(outf);
+ goto end;
+ }
+ }
+
+ rbio=in;
+ wbio=out;
+
+ if (base64)
+ {
+ if ((b64=BIO_new(BIO_f_base64())) == NULL)
+ goto end;
+ if (debug)
+ {
+ BIO_set_callback(b64,BIO_debug_callback);
+ BIO_set_callback_arg(b64,bio_err);
+ }
+ if (olb64)
+ BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL);
+ if (enc)
+ wbio=BIO_push(b64,wbio);
+ else
+ rbio=BIO_push(b64,rbio);
+ }
+
if (cipher != NULL)
{
if (str != NULL)
{
- EVP_BytesToKey(cipher,EVP_md5(),NULL,
+ /* Salt handling: if encrypting generate a salt and
+ * write to output BIO. If decrypting read salt from
+ * input BIO.
+ */
+ unsigned char *sptr;
+ if(nosalt) sptr = NULL;
+ else {
+ if(enc) {
+ if(hsalt) {
+ if(!set_hex(hsalt,salt,PKCS5_SALT_LEN)) {
+ BIO_printf(bio_err,
+ "invalid hex salt value\n");
+ goto end;
+ }
+ } else if (RAND_pseudo_bytes(salt, PKCS5_SALT_LEN) < 0)
+ goto end;
+ /* If -P option then don't bother writing */
+ if((printkey != 2)
+ && (BIO_write(wbio,magic,
+ sizeof magic-1) != sizeof magic-1
+ || BIO_write(wbio,
+ (char *)salt,
+ PKCS5_SALT_LEN) != PKCS5_SALT_LEN)) {
+ BIO_printf(bio_err,"error writing output file\n");
+ goto end;
+ }
+ } else if(BIO_read(rbio,mbuf,sizeof mbuf) != sizeof mbuf
+ || BIO_read(rbio,
+ (unsigned char *)salt,
+ PKCS5_SALT_LEN) != PKCS5_SALT_LEN) {
+ BIO_printf(bio_err,"error reading input file\n");
+ goto end;
+ } else if(memcmp(mbuf,magic,sizeof magic-1)) {
+ BIO_printf(bio_err,"bad magic number\n");
+ goto end;
+ }
+
+ sptr = salt;
+ }
+
+ EVP_BytesToKey(cipher,EVP_md5(),sptr,
(unsigned char *)str,
strlen(str),1,key,iv);
/* zero the complete buffer or the string
@@ -424,6 +524,13 @@ bad:
if (printkey)
{
+ if (!nosalt)
+ {
+ printf("salt=");
+ for (i=0; i<PKCS5_SALT_LEN; i++)
+ printf("%02X",salt[i]);
+ printf("\n");
+ }
if (cipher->key_len > 0)
{
printf("key=");
@@ -446,38 +553,6 @@ bad:
}
}
-
- if (outf == NULL)
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
- else
- {
- if (BIO_write_filename(out,outf) <= 0)
- {
- perror(outf);
- goto end;
- }
- }
-
- rbio=in;
- wbio=out;
-
- if (base64)
- {
- if ((b64=BIO_new(BIO_f_base64())) == NULL)
- goto end;
- if (debug)
- {
- BIO_set_callback(b64,BIO_debug_callback);
- BIO_set_callback_arg(b64,bio_err);
- }
- if (olb64)
- BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL);
- if (enc)
- wbio=BIO_push(b64,wbio);
- else
- rbio=BIO_push(b64,rbio);
- }
-
/* Only encrypt/decrypt as we write the file */
if (benc != NULL)
wbio=BIO_push(benc,wbio);
@@ -505,12 +580,14 @@ bad:
BIO_printf(bio_err,"bytes written:%8ld\n",BIO_number_written(out));
}
end:
+ ERR_print_errors(bio_err);
if (strbuf != NULL) Free(strbuf);
if (buff != NULL) Free(buff);
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free(out);
if (benc != NULL) BIO_free(benc);
if (b64 != NULL) BIO_free(b64);
+ if(pass) Free(pass);
EXIT(ret);
}
diff --git a/crypto/openssl/apps/errstr.c b/crypto/openssl/apps/errstr.c
index c86b5d940bca..4650379589df 100644
--- a/crypto/openssl/apps/errstr.c
+++ b/crypto/openssl/apps/errstr.c
@@ -68,6 +68,8 @@
#undef PROG
#define PROG errstr_main
+int MAIN(int, char **);
+
int MAIN(int argc, char **argv)
{
int i,ret=0;
diff --git a/crypto/openssl/apps/gendh.c b/crypto/openssl/apps/gendh.c
index 3d509485800d..caf5e8d736bd 100644
--- a/crypto/openssl/apps/gendh.c
+++ b/crypto/openssl/apps/gendh.c
@@ -1,4 +1,5 @@
/* apps/gendh.c */
+/* obsoleted by dhparam.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -75,15 +76,16 @@
#define PROG gendh_main
static void MS_CALLBACK dh_cb(int p, int n, void *arg);
-static long dh_load_rand(char *names);
+
+int MAIN(int, char **);
+
int MAIN(int argc, char **argv)
{
- char buffer[200];
DH *dh=NULL;
int ret=1,num=DEFBITS;
int g=2;
char *outfile=NULL;
- char *inrand=NULL,*randfile;
+ char *inrand=NULL;
BIO *out=NULL;
apps_startup();
@@ -126,7 +128,7 @@ bad:
BIO_printf(bio_err," -2 use 2 as the generator value\n");
/* BIO_printf(bio_err," -3 use 3 as the generator value\n"); */
BIO_printf(bio_err," -5 use 5 as the generator value\n");
- BIO_printf(bio_err," -rand file:file:...\n");
+ BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n");
goto end;
@@ -150,28 +152,21 @@ bad:
}
}
- randfile=RAND_file_name(buffer,200);
- if ((randfile == NULL)|| !RAND_load_file(randfile,1024L*1024L))
- BIO_printf(bio_err,"unable to load 'random state'\n");
-
- if (inrand == NULL)
- BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
- else
+ if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
{
- BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
- dh_load_rand(inrand));
+ BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
}
+ if (inrand != NULL)
+ BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+ app_RAND_load_files(inrand));
- BIO_printf(bio_err,"Generating DH parameters, %d bit long strong prime, generator of %d\n",num,g);
+ BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g);
BIO_printf(bio_err,"This is going to take a long time\n");
dh=DH_generate_parameters(num,g,dh_cb,bio_err);
if (dh == NULL) goto end;
- if (randfile == NULL)
- BIO_printf(bio_err,"unable to write 'random state'\n");
- else
- RAND_write_file(randfile);
+ app_RAND_write_file(NULL, bio_err);
if (!PEM_write_bio_DHparams(out,dh))
goto end;
@@ -198,26 +193,4 @@ static void MS_CALLBACK dh_cb(int p, int n, void *arg)
p=n;
#endif
}
-
-static long dh_load_rand(char *name)
- {
- char *p,*n;
- int last;
- long tot=0;
-
- for (;;)
- {
- last=0;
- for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++);
- if (*p == '\0') last=1;
- *p='\0';
- n=name;
- name=p+1;
- if (*n == '\0') break;
-
- tot+=RAND_load_file(n,1);
- if (last) break;
- }
- return(tot);
- }
#endif
diff --git a/crypto/openssl/apps/gendsa.c b/crypto/openssl/apps/gendsa.c
index 5f00b89bb0ed..b1a1c4fcfae9 100644
--- a/crypto/openssl/apps/gendsa.c
+++ b/crypto/openssl/apps/gendsa.c
@@ -63,7 +63,6 @@
#include <sys/stat.h>
#include "apps.h"
#include <openssl/bio.h>
-#include <openssl/rand.h>
#include <openssl/err.h>
#include <openssl/bn.h>
#include <openssl/dsa.h>
@@ -74,14 +73,15 @@
#undef PROG
#define PROG gendsa_main
-static long dsa_load_rand(char *names);
+int MAIN(int, char **);
+
int MAIN(int argc, char **argv)
{
- char buffer[200];
DSA *dsa=NULL;
int ret=1;
char *outfile=NULL;
- char *inrand=NULL,*randfile,*dsaparams=NULL;
+ char *inrand=NULL,*dsaparams=NULL;
+ char *passargout = NULL, *passout = NULL;
BIO *out=NULL,*in=NULL;
EVP_CIPHER *enc=NULL;
@@ -101,6 +101,11 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
outfile= *(++argv);
}
+ else if (strcmp(*argv,"-passout") == 0)
+ {
+ if (--argc < 1) goto bad;
+ passargout= *(++argv);
+ }
else if (strcmp(*argv,"-rand") == 0)
{
if (--argc < 1) goto bad;
@@ -140,7 +145,7 @@ bad:
#ifndef NO_IDEA
BIO_printf(bio_err," -idea - encrypt the generated key with IDEA in cbc mode\n");
#endif
- BIO_printf(bio_err," -rand file:file:...\n");
+ BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n");
BIO_printf(bio_err," dsaparam-file\n");
@@ -148,6 +153,12 @@ bad:
goto end;
}
+ if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
+ BIO_printf(bio_err, "Error getting password\n");
+ goto end;
+ }
+
+
in=BIO_new(BIO_s_file());
if (!(BIO_read_filename(in,dsaparams)))
{
@@ -161,6 +172,7 @@ bad:
goto end;
}
BIO_free(in);
+ in = NULL;
out=BIO_new(BIO_s_file());
if (out == NULL) goto end;
@@ -176,57 +188,30 @@ bad:
}
}
- randfile=RAND_file_name(buffer,200);
- if ((randfile == NULL)|| !RAND_load_file(randfile,1024L*1024L))
- BIO_printf(bio_err,"unable to load 'random state'\n");
-
- if (inrand == NULL)
- BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
- else
+ if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
{
- BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
- dsa_load_rand(inrand));
+ BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
}
+ if (inrand != NULL)
+ BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+ app_RAND_load_files(inrand));
BIO_printf(bio_err,"Generating DSA key, %d bits\n",
BN_num_bits(dsa->p));
if (!DSA_generate_key(dsa)) goto end;
- if (randfile == NULL)
- BIO_printf(bio_err,"unable to write 'random state'\n");
- else
- RAND_write_file(randfile);
+ app_RAND_write_file(NULL, bio_err);
- if (!PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL,NULL))
+ if (!PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL, passout))
goto end;
ret=0;
end:
if (ret != 0)
ERR_print_errors(bio_err);
+ if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free(out);
if (dsa != NULL) DSA_free(dsa);
+ if(passout) Free(passout);
EXIT(ret);
}
-
-static long dsa_load_rand(char *name)
- {
- char *p,*n;
- int last;
- long tot=0;
-
- for (;;)
- {
- last=0;
- for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++);
- if (*p == '\0') last=1;
- *p='\0';
- n=name;
- name=p+1;
- if (*n == '\0') break;
-
- tot+=RAND_load_file(n,1);
- if (last) break;
- }
- return(tot);
- }
#endif
diff --git a/crypto/openssl/apps/genrsa.c b/crypto/openssl/apps/genrsa.c
index 67382065fb99..6fe578d69feb 100644
--- a/crypto/openssl/apps/genrsa.c
+++ b/crypto/openssl/apps/genrsa.c
@@ -63,7 +63,6 @@
#include <sys/stat.h>
#include "apps.h"
#include <openssl/bio.h>
-#include <openssl/rand.h>
#include <openssl/err.h>
#include <openssl/bn.h>
#include <openssl/rsa.h>
@@ -76,18 +75,20 @@
#define PROG genrsa_main
static void MS_CALLBACK genrsa_cb(int p, int n, void *arg);
-static long gr_load_rand(char *names);
+
+int MAIN(int, char **);
+
int MAIN(int argc, char **argv)
{
int ret=1;
- char buffer[200];
RSA *rsa=NULL;
int i,num=DEFBITS;
- long rnum=0,l;
+ long l;
EVP_CIPHER *enc=NULL;
unsigned long f4=RSA_F4;
char *outfile=NULL;
- char *inrand=NULL,*randfile;
+ char *passargout = NULL, *passout = NULL;
+ char *inrand=NULL;
BIO *out=NULL;
apps_startup();
@@ -97,7 +98,7 @@ int MAIN(int argc, char **argv)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
if ((out=BIO_new(BIO_s_file())) == NULL)
{
- BIO_printf(bio_err,"unable to creat BIO for output\n");
+ BIO_printf(bio_err,"unable to create BIO for output\n");
goto err;
}
@@ -130,6 +131,11 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv,"-idea") == 0)
enc=EVP_idea_cbc();
#endif
+ else if (strcmp(*argv,"-passout") == 0)
+ {
+ if (--argc < 1) goto bad;
+ passargout= *(++argv);
+ }
else
break;
argv++;
@@ -139,21 +145,28 @@ int MAIN(int argc, char **argv)
{
bad:
BIO_printf(bio_err,"usage: genrsa [args] [numbits]\n");
- BIO_printf(bio_err," -des - encrypt the generated key with DES in cbc mode\n");
- BIO_printf(bio_err," -des3 - encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
+ BIO_printf(bio_err," -des encrypt the generated key with DES in cbc mode\n");
+ BIO_printf(bio_err," -des3 encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
#ifndef NO_IDEA
- BIO_printf(bio_err," -idea - encrypt the generated key with IDEA in cbc mode\n");
+ BIO_printf(bio_err," -idea encrypt the generated key with IDEA in cbc mode\n");
#endif
- BIO_printf(bio_err," -out file - output the key to 'file\n");
- BIO_printf(bio_err," -f4 - use F4 (0x10001) for the E value\n");
- BIO_printf(bio_err," -3 - use 3 for the E value\n");
- BIO_printf(bio_err," -rand file:file:...\n");
- BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
- BIO_printf(bio_err," the random number generator\n");
+ BIO_printf(bio_err," -out file output the key to 'file\n");
+ BIO_printf(bio_err," -passout arg output file pass phrase source\n");
+ BIO_printf(bio_err," -f4 use F4 (0x10001) for the E value\n");
+ BIO_printf(bio_err," -3 use 3 for the E value\n");
+ BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+ BIO_printf(bio_err," load the file (or the files in the directory) into\n");
+ BIO_printf(bio_err," the random number generator\n");
goto err;
}
ERR_load_crypto_strings();
+
+ if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
+ BIO_printf(bio_err, "Error getting password\n");
+ goto err;
+ }
+
if (outfile == NULL)
BIO_set_fp(out,stdout,BIO_NOCLOSE);
else
@@ -165,45 +178,23 @@ bad:
}
}
-#ifdef WINDOWS
- BIO_printf(bio_err,"Loading 'screen' into random state -");
- BIO_flush(bio_err);
- RAND_screen();
- BIO_printf(bio_err," done\n");
-#endif
- randfile=RAND_file_name(buffer,200);
- if ((randfile == NULL) ||
- !(rnum=(long)RAND_load_file(randfile,1024L*1024L)))
+ if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
{
- BIO_printf(bio_err,"unable to load 'random state'\n");
+ BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
}
-
- if (inrand == NULL)
- {
- if (rnum == 0)
- {
- BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
- }
- }
- else
- {
- rnum+=gr_load_rand(inrand);
- }
- if (rnum != 0)
- BIO_printf(bio_err,"%ld semi-random bytes loaded\n",rnum);
+ if (inrand != NULL)
+ BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+ app_RAND_load_files(inrand));
BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n",
num);
rsa=RSA_generate_key(num,f4,genrsa_cb,bio_err);
- if (randfile == NULL)
- BIO_printf(bio_err,"unable to write 'random state'\n");
- else
- RAND_write_file(randfile);
+ app_RAND_write_file(NULL, bio_err);
if (rsa == NULL) goto err;
- /* We need to do the folloing for when the base number size is <
+ /* We need to do the following for when the base number size is <
* long, esp windows 3.1 :-(. */
l=0L;
for (i=0; i<rsa->e->top; i++)
@@ -215,13 +206,14 @@ bad:
l+=rsa->e->d[i];
}
BIO_printf(bio_err,"e is %ld (0x%lX)\n",l,l);
- if (!PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,NULL,NULL))
+ if (!PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,NULL, passout))
goto err;
ret=0;
err:
if (rsa != NULL) RSA_free(rsa);
if (out != NULL) BIO_free(out);
+ if(passout) Free(passout);
if (ret != 0)
ERR_print_errors(bio_err);
EXIT(ret);
@@ -241,26 +233,10 @@ static void MS_CALLBACK genrsa_cb(int p, int n, void *arg)
p=n;
#endif
}
+#else /* !NO_RSA */
-static long gr_load_rand(char *name)
- {
- char *p,*n;
- int last;
- long tot=0;
-
- for (;;)
- {
- last=0;
- for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++);
- if (*p == '\0') last=1;
- *p='\0';
- n=name;
- name=p+1;
- if (*n == '\0') break;
+# if PEDANTIC
+static void *dummy=&dummy;
+# endif
- tot+=RAND_load_file(n,1024L*1024L);
- if (last) break;
- }
- return(tot);
- }
#endif
diff --git a/crypto/openssl/apps/nseq.c b/crypto/openssl/apps/nseq.c
index d9d01659e78d..cc88d50ceba5 100644
--- a/crypto/openssl/apps/nseq.c
+++ b/crypto/openssl/apps/nseq.c
@@ -65,7 +65,7 @@
#undef PROG
#define PROG nseq_main
-static int dump_cert_text(BIO *out, X509 *x);
+int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
@@ -158,17 +158,3 @@ end:
EXIT(ret);
}
-static int dump_cert_text(BIO *out, X509 *x)
-{
- char buf[256];
- X509_NAME_oneline(X509_get_subject_name(x),buf,256);
- BIO_puts(out,"subject=");
- BIO_puts(out,buf);
-
- X509_NAME_oneline(X509_get_issuer_name(x),buf,256);
- BIO_puts(out,"\nissuer= ");
- BIO_puts(out,buf);
- BIO_puts(out,"\n");
- return 0;
-}
-
diff --git a/crypto/openssl/apps/openssl.c b/crypto/openssl/apps/openssl.c
index 9a337fb316e7..a2a263062dfb 100644
--- a/crypto/openssl/apps/openssl.c
+++ b/crypto/openssl/apps/openssl.c
@@ -56,13 +56,10 @@
* [including the GNU Public Licence.]
*/
-#ifndef DEBUG
-#undef DEBUG
-#endif
-
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
+#define OPENSSL_C /* tells apps.h to use complete apps_startup() */
#include <openssl/bio.h>
#include <openssl/crypto.h>
#include <openssl/lhash.h>
@@ -70,19 +67,12 @@
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
-#define SSLEAY /* turn off a few special case MONOLITH macros */
#define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */
-#define SSLEAY_SRC
#include "apps.h"
+#include "progs.h"
#include "s_apps.h"
#include <openssl/err.h>
-/*
-#ifdef WINDOWS
-#include "bss_file.c"
-#endif
-*/
-
static unsigned long MS_CALLBACK hash(FUNCTION *a);
static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b);
static LHASH *prog_init(void );
@@ -90,15 +80,6 @@ static int do_cmd(LHASH *prog,int argc,char *argv[]);
LHASH *config=NULL;
char *default_config_file=NULL;
-#ifdef DEBUG
-static void sig_stop(int i)
- {
- char *a=NULL;
-
- *a='\0';
- }
-#endif
-
/* Make sure there is only one when MONOLITH is defined */
#ifdef MONOLITH
BIO *bio_err=NULL;
@@ -120,24 +101,14 @@ int main(int Argc, char *Argv[])
arg.data=NULL;
arg.count=0;
- /* SSLeay_add_ssl_algorithms(); is called in apps_startup() */
- apps_startup();
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-#if defined(DEBUG) && !defined(WINDOWS) && !defined(MSDOS)
-#ifdef SIGBUS
- signal(SIGBUS,sig_stop);
-#endif
-#ifdef SIGSEGV
- signal(SIGSEGV,sig_stop);
-#endif
-#endif
+ apps_startup();
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
ERR_load_crypto_strings();
/* Lets load up our environment a little */
@@ -165,7 +136,7 @@ int main(int Argc, char *Argv[])
program_name(Argv[0],pname,PROG_NAME_SIZE);
f.name=pname;
- fp=(FUNCTION *)lh_retrieve(prog,(char *)&f);
+ fp=(FUNCTION *)lh_retrieve(prog,&f);
if (fp != NULL)
{
Argv[0]=pname;
@@ -235,7 +206,7 @@ end:
EVP_cleanup();
ERR_free_strings();
-
+
CRYPTO_mem_leaks(bio_err);
if (bio_err != NULL)
{
@@ -257,11 +228,23 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
if ((argc <= 0) || (argv[0] == NULL))
{ ret=0; goto end; }
f.name=argv[0];
- fp=(FUNCTION *)lh_retrieve(prog,(char *)&f);
+ fp=(FUNCTION *)lh_retrieve(prog,&f);
if (fp != NULL)
{
ret=fp->func(argc,argv);
}
+ else if ((strncmp(argv[0],"no-",3)) == 0)
+ {
+ BIO *bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
+ f.name=argv[0]+3;
+ ret = (lh_retrieve(prog,&f) != NULL);
+ if (!ret)
+ BIO_printf(bio_stdout, "%s\n", argv[0]);
+ else
+ BIO_printf(bio_stdout, "%s\n", argv[0]+3);
+ BIO_free(bio_stdout);
+ goto end;
+ }
else if ((strcmp(argv[0],"quit") == 0) ||
(strcmp(argv[0],"q") == 0) ||
(strcmp(argv[0],"exit") == 0) ||
@@ -356,7 +339,7 @@ static LHASH *prog_init(void)
if ((ret=lh_new(hash,cmp)) == NULL) return(NULL);
for (f=functions; f->name != NULL; f++)
- lh_insert(ret,(char *)f);
+ lh_insert(ret,f);
return(ret);
}
@@ -369,5 +352,3 @@ static unsigned long MS_CALLBACK hash(FUNCTION *a)
{
return(lh_strhash(a->name));
}
-
-#undef SSLEAY
diff --git a/crypto/openssl/apps/openssl.cnf b/crypto/openssl/apps/openssl.cnf
index d70dd25622bb..dbe8cbefe0ea 100644
--- a/crypto/openssl/apps/openssl.cnf
+++ b/crypto/openssl/apps/openssl.cnf
@@ -3,8 +3,13 @@
# This is mostly being used for generation of certificate requests.
#
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME = .
RANDFILE = $ENV::HOME/.rnd
-oid_file = $ENV::HOME/.oid
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file = $ENV::HOME/.oid
oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
@@ -86,6 +91,22 @@ distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = AU
@@ -170,8 +191,16 @@ authorityKeyIdentifier=keyid,issuer:always
#nsCaPolicyUrl
#nsSslServerName
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
[ v3_ca ]
+
# Extensions for a typical CA
@@ -200,10 +229,11 @@ basicConstraints = CA:true
# Copy issuer details
# issuerAltName=issuer:copy
-# RAW DER hex encoding of an extension: beware experts only!
-# 1.2.3.5=RAW:02:03
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
# You can even override a supported extension:
-# basicConstraints= critical, RAW:30:03:01:01:FF
+# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
diff --git a/crypto/openssl/apps/passwd.c b/crypto/openssl/apps/passwd.c
new file mode 100644
index 000000000000..c7e21d2081ae
--- /dev/null
+++ b/crypto/openssl/apps/passwd.c
@@ -0,0 +1,475 @@
+/* apps/passwd.c */
+
+#if defined NO_MD5 || defined CHARSET_EBCDIC
+# define NO_APR1
+#endif
+
+#if !defined(NO_DES) || !defined(NO_APR1)
+
+#include <assert.h>
+#include <string.h>
+
+#include "apps.h"
+
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+
+#ifndef NO_DES
+# include <openssl/des.h>
+#endif
+#ifndef NO_APR1
+# include <openssl/md5.h>
+#endif
+
+
+#undef PROG
+#define PROG passwd_main
+
+
+static unsigned const char cov_2char[64]={
+ /* from crypto/des/fcrypt.c */
+ 0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,0x35,
+ 0x36,0x37,0x38,0x39,0x41,0x42,0x43,0x44,
+ 0x45,0x46,0x47,0x48,0x49,0x4A,0x4B,0x4C,
+ 0x4D,0x4E,0x4F,0x50,0x51,0x52,0x53,0x54,
+ 0x55,0x56,0x57,0x58,0x59,0x5A,0x61,0x62,
+ 0x63,0x64,0x65,0x66,0x67,0x68,0x69,0x6A,
+ 0x6B,0x6C,0x6D,0x6E,0x6F,0x70,0x71,0x72,
+ 0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A
+};
+
+static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
+ char *passwd, BIO *out, int quiet, int table, int reverse,
+ size_t pw_maxlen, int usecrypt, int useapr1);
+
+/* -crypt - standard Unix password algorithm (default, only choice)
+ * -apr1 - MD5-based password algorithm
+ * -salt string - salt
+ * -in file - read passwords from file
+ * -stdin - read passwords from stdin
+ * -quiet - no warnings
+ * -table - format output as table
+ * -reverse - switch table columns
+ */
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+ {
+ int ret = 1;
+ char *infile = NULL;
+ int in_stdin = 0;
+ char *salt = NULL, *passwd = NULL, **passwds = NULL;
+ char *salt_malloc = NULL, *passwd_malloc = NULL;
+ int pw_source_defined = 0;
+ BIO *in = NULL, *out = NULL;
+ int i, badopt, opt_done;
+ int passed_salt = 0, quiet = 0, table = 0, reverse = 0;
+ int usecrypt = 0, useapr1 = 0;
+ size_t pw_maxlen = 0;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+ out = BIO_new(BIO_s_file());
+ if (out == NULL)
+ goto err;
+ BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
+
+ badopt = 0, opt_done = 0;
+ i = 0;
+ while (!badopt && !opt_done && argv[++i] != NULL)
+ {
+ if (strcmp(argv[i], "-crypt") == 0)
+ usecrypt = 1;
+ else if (strcmp(argv[i], "-apr1") == 0)
+ useapr1 = 1;
+ else if (strcmp(argv[i], "-salt") == 0)
+ {
+ if ((argv[i+1] != NULL) && (salt == NULL))
+ {
+ passed_salt = 1;
+ salt = argv[++i];
+ }
+ else
+ badopt = 1;
+ }
+ else if (strcmp(argv[i], "-in") == 0)
+ {
+ if ((argv[i+1] != NULL) && !pw_source_defined)
+ {
+ pw_source_defined = 1;
+ infile = argv[++i];
+ }
+ else
+ badopt = 1;
+ }
+ else if (strcmp(argv[i], "-stdin") == 0)
+ {
+ if (!pw_source_defined)
+ {
+ pw_source_defined = 1;
+ in_stdin = 1;
+ }
+ else
+ badopt = 1;
+ }
+ else if (strcmp(argv[i], "-quiet") == 0)
+ quiet = 1;
+ else if (strcmp(argv[i], "-table") == 0)
+ table = 1;
+ else if (strcmp(argv[i], "-reverse") == 0)
+ reverse = 1;
+ else if (argv[i][0] == '-')
+ badopt = 1;
+ else if (!pw_source_defined)
+ /* non-option arguments, use as passwords */
+ {
+ pw_source_defined = 1;
+ passwds = &argv[i];
+ opt_done = 1;
+ }
+ else
+ badopt = 1;
+ }
+
+ if (!usecrypt && !useapr1) /* use default */
+ usecrypt = 1;
+ if (usecrypt + useapr1 > 1) /* conflict */
+ badopt = 1;
+
+ /* reject unsupported algorithms */
+#ifdef NO_DES
+ if (usecrypt) badopt = 1;
+#endif
+#ifdef NO_APR1
+ if (useapr1) badopt = 1;
+#endif
+
+ if (badopt)
+ {
+ BIO_printf(bio_err, "Usage: passwd [options] [passwords]\n");
+ BIO_printf(bio_err, "where options are\n");
+#ifndef NO_DES
+ BIO_printf(bio_err, "-crypt standard Unix password algorithm (default)\n");
+#endif
+#ifndef NO_APR1
+ BIO_printf(bio_err, "-apr1 MD5-based password algorithm\n");
+#endif
+ BIO_printf(bio_err, "-salt string use provided salt\n");
+ BIO_printf(bio_err, "-in file read passwords from file\n");
+ BIO_printf(bio_err, "-stdin read passwords from stdin\n");
+ BIO_printf(bio_err, "-quiet no warnings\n");
+ BIO_printf(bio_err, "-table format output as table\n");
+ BIO_printf(bio_err, "-reverse switch table columns\n");
+
+ goto err;
+ }
+
+ if ((infile != NULL) || in_stdin)
+ {
+ in = BIO_new(BIO_s_file());
+ if (in == NULL)
+ goto err;
+ if (infile != NULL)
+ {
+ assert(in_stdin == 0);
+ if (BIO_read_filename(in, infile) <= 0)
+ goto err;
+ }
+ else
+ {
+ assert(in_stdin);
+ BIO_set_fp(in, stdin, BIO_NOCLOSE);
+ }
+ }
+
+ if (usecrypt)
+ pw_maxlen = 8;
+ else if (useapr1)
+ pw_maxlen = 256; /* arbitrary limit, should be enough for most passwords */
+
+ if (passwds == NULL)
+ {
+ /* no passwords on the command line */
+ passwd = passwd_malloc = Malloc(pw_maxlen + 1);
+ if (passwd_malloc == NULL)
+ goto err;
+ }
+
+ if ((in == NULL) && (passwds == NULL))
+ {
+ /* build a null-terminated list */
+ static char *passwds_static[2] = {NULL, NULL};
+
+ passwds = passwds_static;
+ if (in == NULL)
+ if (EVP_read_pw_string(passwd_malloc, pw_maxlen + 1, "Password: ", 0) != 0)
+ goto err;
+ passwds[0] = passwd_malloc;
+ }
+
+ if (in == NULL)
+ {
+ assert(passwds != NULL);
+ assert(*passwds != NULL);
+
+ do /* loop over list of passwords */
+ {
+ passwd = *passwds++;
+ if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out,
+ quiet, table, reverse, pw_maxlen, usecrypt, useapr1))
+ goto err;
+ }
+ while (*passwds != NULL);
+ }
+ else
+ /* in != NULL */
+ {
+ int done;
+
+ assert (passwd != NULL);
+ do
+ {
+ int r = BIO_gets(in, passwd, pw_maxlen + 1);
+ if (r > 0)
+ {
+ char *c = (strchr(passwd, '\n')) ;
+ if (c != NULL)
+ *c = 0; /* truncate at newline */
+ else
+ {
+ /* ignore rest of line */
+ char trash[BUFSIZ];
+ do
+ r = BIO_gets(in, trash, sizeof trash);
+ while ((r > 0) && (!strchr(trash, '\n')));
+ }
+
+ if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out,
+ quiet, table, reverse, pw_maxlen, usecrypt, useapr1))
+ goto err;
+ }
+ done = (r <= 0);
+ }
+ while (!done);
+ }
+
+err:
+ ERR_print_errors(bio_err);
+ if (salt_malloc)
+ Free(salt_malloc);
+ if (passwd_malloc)
+ Free(passwd_malloc);
+ if (in)
+ BIO_free(in);
+ if (out)
+ BIO_free(out);
+ EXIT(ret);
+ }
+
+
+#ifndef NO_APR1
+/* MD5-based password algorithm compatible to the one found in Apache
+ * (should probably be available as a library function;
+ * then the static buffer would not be acceptable) */
+static char *apr1_crypt(const char *passwd, const char *salt)
+ {
+ static char out_buf[6 + 9 + 24 + 2]; /* "$apr1$..salt..$.......md5hash..........\0" */
+ unsigned char buf[MD5_DIGEST_LENGTH];
+ char *salt_out;
+ int n, i;
+ MD5_CTX md;
+ size_t passwd_len, salt_len;
+
+ passwd_len = strlen(passwd);
+ strcpy(out_buf, "$apr1$");
+ strncat(out_buf, salt, 8);
+ assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */
+ salt_out = out_buf + 6;
+ salt_len = strlen(salt_out);
+ assert(salt_len <= 8);
+
+ MD5_Init(&md);
+ MD5_Update(&md, passwd, passwd_len);
+ MD5_Update(&md, "$apr1$", 6);
+ MD5_Update(&md, salt_out, salt_len);
+
+ {
+ MD5_CTX md2;
+
+ MD5_Init(&md2);
+ MD5_Update(&md2, passwd, passwd_len);
+ MD5_Update(&md2, salt_out, salt_len);
+ MD5_Update(&md2, passwd, passwd_len);
+ MD5_Final(buf, &md2);
+ }
+ for (i = passwd_len; i > sizeof buf; i -= sizeof buf)
+ MD5_Update(&md, buf, sizeof buf);
+ MD5_Update(&md, buf, i);
+
+ n = passwd_len;
+ while (n)
+ {
+ MD5_Update(&md, (n & 1) ? "\0" : passwd, 1);
+ n >>= 1;
+ }
+ MD5_Final(buf, &md);
+
+ for (i = 0; i < 1000; i++)
+ {
+ MD5_CTX md2;
+
+ MD5_Init(&md2);
+ MD5_Update(&md2, (i & 1) ? (unsigned char *) passwd : buf,
+ (i & 1) ? passwd_len : sizeof buf);
+ if (i % 3)
+ MD5_Update(&md2, salt_out, salt_len);
+ if (i % 7)
+ MD5_Update(&md2, passwd, passwd_len);
+ MD5_Update(&md2, (i & 1) ? buf : (unsigned char *) passwd,
+ (i & 1) ? sizeof buf : passwd_len);
+ MD5_Final(buf, &md2);
+ }
+
+ {
+ /* transform buf into output string */
+
+ unsigned char buf_perm[sizeof buf];
+ int dest, source;
+ char *output;
+
+ /* silly output permutation */
+ for (dest = 0, source = 0; dest < 14; dest++, source = (source + 6) % 17)
+ buf_perm[dest] = buf[source];
+ buf_perm[14] = buf[5];
+ buf_perm[15] = buf[11];
+#ifndef PEDANTIC /* Unfortunately, this generates a "no effect" warning */
+ assert(16 == sizeof buf_perm);
+#endif
+
+ output = salt_out + salt_len;
+ assert(output == out_buf + strlen(out_buf));
+
+ *output++ = '$';
+
+ for (i = 0; i < 15; i += 3)
+ {
+ *output++ = cov_2char[buf_perm[i+2] & 0x3f];
+ *output++ = cov_2char[((buf_perm[i+1] & 0xf) << 2) |
+ (buf_perm[i+2] >> 6)];
+ *output++ = cov_2char[((buf_perm[i] & 3) << 4) |
+ (buf_perm[i+1] >> 4)];
+ *output++ = cov_2char[buf_perm[i] >> 2];
+ }
+ assert(i == 15);
+ *output++ = cov_2char[buf_perm[i] & 0x3f];
+ *output++ = cov_2char[buf_perm[i] >> 6];
+ *output = 0;
+ assert(strlen(out_buf) < sizeof(out_buf));
+ }
+
+ return out_buf;
+ }
+#endif
+
+
+static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
+ char *passwd, BIO *out, int quiet, int table, int reverse,
+ size_t pw_maxlen, int usecrypt, int useapr1)
+ {
+ char *hash = NULL;
+
+ assert(salt_p != NULL);
+ assert(salt_malloc_p != NULL);
+
+ /* first make sure we have a salt */
+ if (!passed_salt)
+ {
+#ifndef NO_DES
+ if (usecrypt)
+ {
+ if (*salt_malloc_p == NULL)
+ {
+ *salt_p = *salt_malloc_p = Malloc(3);
+ if (*salt_malloc_p == NULL)
+ goto err;
+ }
+ if (RAND_pseudo_bytes((unsigned char *)*salt_p, 2) < 0)
+ goto err;
+ (*salt_p)[0] = cov_2char[(*salt_p)[0] & 0x3f]; /* 6 bits */
+ (*salt_p)[1] = cov_2char[(*salt_p)[1] & 0x3f]; /* 6 bits */
+ (*salt_p)[2] = 0;
+#ifdef CHARSET_EBCDIC
+ ascii2ebcdic(*salt_p, *salt_p, 2); /* des_crypt will convert
+ * back to ASCII */
+#endif
+ }
+#endif /* !NO_DES */
+
+#ifndef NO_APR1
+ if (useapr1)
+ {
+ int i;
+
+ if (*salt_malloc_p == NULL)
+ {
+ *salt_p = *salt_malloc_p = Malloc(9);
+ if (*salt_malloc_p == NULL)
+ goto err;
+ }
+ if (RAND_pseudo_bytes((unsigned char *)*salt_p, 8) < 0)
+ goto err;
+
+ for (i = 0; i < 8; i++)
+ (*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */
+ (*salt_p)[8] = 0;
+ }
+#endif /* !NO_APR1 */
+ }
+
+ assert(*salt_p != NULL);
+
+ /* truncate password if necessary */
+ if ((strlen(passwd) > pw_maxlen))
+ {
+ if (!quiet)
+ BIO_printf(bio_err, "Warning: truncating password to %u characters\n", pw_maxlen);
+ passwd[pw_maxlen] = 0;
+ }
+ assert(strlen(passwd) <= pw_maxlen);
+
+ /* now compute password hash */
+#ifndef NO_DES
+ if (usecrypt)
+ hash = des_crypt(passwd, *salt_p);
+#endif
+#ifndef NO_APR1
+ if (useapr1)
+ hash = apr1_crypt(passwd, *salt_p);
+#endif
+ assert(hash != NULL);
+
+ if (table && !reverse)
+ BIO_printf(out, "%s\t%s\n", passwd, hash);
+ else if (table && reverse)
+ BIO_printf(out, "%s\t%s\n", hash, passwd);
+ else
+ BIO_printf(out, "%s\n", hash);
+ return 1;
+
+err:
+ return 0;
+ }
+#else
+
+int MAIN(int argc, char **argv)
+ {
+ fputs("Program not available.\n", stderr)
+ EXIT(1);
+ }
+#endif
diff --git a/crypto/openssl/apps/pkcs12.c b/crypto/openssl/apps/pkcs12.c
index 5defddeb320f..bf7686471373 100644
--- a/crypto/openssl/apps/pkcs12.c
+++ b/crypto/openssl/apps/pkcs12.c
@@ -61,12 +61,12 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#include <openssl/des.h>
-#include <openssl/pem.h>
+#include "apps.h"
+#include <openssl/crypto.h>
#include <openssl/err.h>
+#include <openssl/pem.h>
#include <openssl/pkcs12.h>
-#include "apps.h"
#define PROG pkcs12_main
EVP_CIPHER *enc;
@@ -79,14 +79,16 @@ EVP_CIPHER *enc;
#define CACERTS 0x10
int get_cert_chain(X509 *cert, STACK_OF(X509) **chain);
-int dump_cert_text (BIO *out, X509 *x);
-int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int options);
-int dump_certs_pkeys_bags(BIO *out, STACK *bags, char *pass, int passlen, int options);
-int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options);
+int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int options, char *pempass);
+int dump_certs_pkeys_bags(BIO *out, STACK *bags, char *pass, int passlen, int options, char *pempass);
+int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options, char *pempass);
int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, char *name);
void hex_prin(BIO *out, unsigned char *buf, int len);
int alg_print(BIO *x, X509_ALGOR *alg);
int cert_load(BIO *in, STACK_OF(X509) *sk);
+
+int MAIN(int, char **);
+
int MAIN(int argc, char **argv)
{
char *infile=NULL, *outfile=NULL, *keyname = NULL;
@@ -101,15 +103,19 @@ int MAIN(int argc, char **argv)
int chain = 0;
int badarg = 0;
int iter = PKCS12_DEFAULT_ITER;
- int maciter = 1;
+ int maciter = PKCS12_DEFAULT_ITER;
int twopass = 0;
int keytype = 0;
int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
+ int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
int ret = 1;
int macver = 1;
int noprompt = 0;
STACK *canames = NULL;
char *cpass = NULL, *mpass = NULL;
+ char *passargin = NULL, *passargout = NULL, *passarg = NULL;
+ char *passin = NULL, *passout = NULL;
+ char *inrand = NULL;
apps_startup();
@@ -143,8 +149,35 @@ int MAIN(int argc, char **argv)
else if (!strcmp (*args, "-noiter")) iter = 1;
else if (!strcmp (*args, "-maciter"))
maciter = PKCS12_DEFAULT_ITER;
+ else if (!strcmp (*args, "-nomaciter"))
+ maciter = 1;
else if (!strcmp (*args, "-nodes")) enc=NULL;
- else if (!strcmp (*args, "-inkey")) {
+ else if (!strcmp (*args, "-certpbe")) {
+ if (args[1]) {
+ args++;
+ cert_pbe=OBJ_txt2nid(*args);
+ if(cert_pbe == NID_undef) {
+ BIO_printf(bio_err,
+ "Unknown PBE algorithm %s\n", *args);
+ badarg = 1;
+ }
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-keypbe")) {
+ if (args[1]) {
+ args++;
+ key_pbe=OBJ_txt2nid(*args);
+ if(key_pbe == NID_undef) {
+ BIO_printf(bio_err,
+ "Unknown PBE algorithm %s\n", *args);
+ badarg = 1;
+ }
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-rand")) {
+ if (args[1]) {
+ args++;
+ inrand = *args;
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-inkey")) {
if (args[1]) {
args++;
keyname = *args;
@@ -175,20 +208,20 @@ int MAIN(int argc, char **argv)
args++;
outfile = *args;
} else badarg = 1;
- } else if (!strcmp (*args, "-envpass")) {
+ } else if (!strcmp(*args,"-passin")) {
if (args[1]) {
args++;
- if(!(cpass = getenv(*args))) {
- BIO_printf(bio_err,
- "Can't read environment variable %s\n", *args);
- goto end;
- }
- noprompt = 1;
+ passargin = *args;
+ } else badarg = 1;
+ } else if (!strcmp(*args,"-passout")) {
+ if (args[1]) {
+ args++;
+ passargout = *args;
} else badarg = 1;
} else if (!strcmp (*args, "-password")) {
if (args[1]) {
args++;
- cpass = *args;
+ passarg = *args;
noprompt = 1;
} else badarg = 1;
} else badarg = 1;
@@ -225,21 +258,54 @@ int MAIN(int argc, char **argv)
BIO_printf (bio_err, "-maciter use MAC iteration\n");
BIO_printf (bio_err, "-twopass separate MAC, encryption passwords\n");
BIO_printf (bio_err, "-descert encrypt PKCS#12 certificates with triple DES (default RC2-40)\n");
+ BIO_printf (bio_err, "-certpbe alg specify certificate PBE algorithm (default RC2-40)\n");
+ BIO_printf (bio_err, "-keypbe alg specify private key PBE algorithm (default 3DES)\n");
BIO_printf (bio_err, "-keyex set MS key exchange type\n");
BIO_printf (bio_err, "-keysig set MS key signature type\n");
- BIO_printf (bio_err, "-password p set import/export password (NOT RECOMMENDED)\n");
- BIO_printf (bio_err, "-envpass p set import/export password from environment\n");
+ BIO_printf (bio_err, "-password p set import/export password source\n");
+ BIO_printf (bio_err, "-passin p input file pass phrase source\n");
+ BIO_printf (bio_err, "-passout p output file pass phrase source\n");
+ BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+ BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
+ BIO_printf(bio_err, " the random number generator\n");
goto end;
}
- if(cpass) mpass = cpass;
- else {
+ if(passarg) {
+ if(export_cert) passargout = passarg;
+ else passargin = passarg;
+ }
+
+ if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
+ BIO_printf(bio_err, "Error getting passwords\n");
+ goto end;
+ }
+
+ if(!cpass) {
+ if(export_cert) cpass = passout;
+ else cpass = passin;
+ }
+
+ if(cpass) {
+ mpass = cpass;
+ noprompt = 1;
+ } else {
cpass = pass;
mpass = macpass;
}
+ if(export_cert || inrand) {
+ app_RAND_load_file(NULL, bio_err, (inrand != NULL));
+ if (inrand != NULL)
+ BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+ app_RAND_load_files(inrand));
+ }
ERR_load_crypto_strings();
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_push_info("read files");
+#endif
+
if (!infile) in = BIO_new_fp(stdin, BIO_NOCLOSE);
else in = BIO_new_file(infile, "rb");
if (!in) {
@@ -265,6 +331,11 @@ int MAIN(int argc, char **argv)
}
}
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+ CRYPTO_push_info("write files");
+#endif
+
if (!outfile) out = BIO_new_fp(stdout, BIO_NOCLOSE);
else out = BIO_new_file(outfile, "wb");
if (!out) {
@@ -274,27 +345,38 @@ int MAIN(int argc, char **argv)
goto end;
}
if (twopass) {
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_push_info("read MAC password");
+#endif
if(EVP_read_pw_string (macpass, 50, "Enter MAC Password:", export_cert))
{
BIO_printf (bio_err, "Can't read Password\n");
goto end;
}
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+#endif
}
-if (export_cert) {
+ if (export_cert) {
EVP_PKEY *key;
STACK *bags, *safes;
PKCS12_SAFEBAG *bag;
PKCS8_PRIV_KEY_INFO *p8;
PKCS7 *authsafe;
- X509 *cert = NULL, *ucert = NULL;
- STACK_OF(X509) *certs;
+ X509 *ucert = NULL;
+ STACK_OF(X509) *certs=NULL;
char *catmp;
int i;
unsigned char keyid[EVP_MAX_MD_SIZE];
unsigned int keyidlen = 0;
- key = PEM_read_bio_PrivateKey(inkey ? inkey : in, NULL, NULL, NULL);
+
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_push_info("process -export_cert");
+#endif
+ key = PEM_read_bio_PrivateKey(inkey ? inkey : in, NULL, NULL, passin);
if (!inkey) (void) BIO_reset(in);
+ else BIO_free(inkey);
if (!key) {
BIO_printf (bio_err, "Error loading private key\n");
ERR_print_errors(bio_err);
@@ -313,7 +395,7 @@ if (export_cert) {
for(i = 0; i < sk_X509_num(certs); i++) {
ucert = sk_X509_value(certs, i);
if(X509_check_private_key(ucert, key)) {
- X509_digest(cert, EVP_sha1(), keyid, &keyidlen);
+ X509_digest(ucert, EVP_sha1(), keyid, &keyidlen);
break;
}
}
@@ -354,6 +436,7 @@ if (export_cert) {
/* We now have loads of certificates: include them all */
for(i = 0; i < sk_X509_num(certs); i++) {
+ X509 *cert = NULL;
cert = sk_X509_value(certs, i);
bag = M_PKCS12_x5092certbag(cert);
/* If it matches private key set id */
@@ -364,7 +447,7 @@ if (export_cert) {
PKCS12_add_friendlyname(bag, catmp, -1);
sk_push(bags, (char *)bag);
}
-
+ sk_X509_pop_free(certs, X509_free);
if (canames) sk_free(canames);
if(!noprompt &&
@@ -390,8 +473,7 @@ if (export_cert) {
p8 = EVP_PKEY2PKCS8 (key);
EVP_PKEY_free(key);
if(keytype) PKCS8_add_keyusage(p8, keytype);
- bag = PKCS12_MAKE_SHKEYBAG(NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
- cpass, -1, NULL, 0, iter, p8);
+ bag = PKCS12_MAKE_SHKEYBAG(key_pbe, cpass, -1, NULL, 0, iter, p8);
PKCS8_PRIV_KEY_INFO_free(p8);
if (name) PKCS12_add_friendlyname (bag, name, -1);
PKCS12_add_localkeyid (bag, keyid, keyidlen);
@@ -415,6 +497,10 @@ if (export_cert) {
PKCS12_free(p12);
ret = 0;
+
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+#endif
goto end;
}
@@ -424,50 +510,61 @@ if (export_cert) {
goto end;
}
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_push_info("read import password");
+#endif
if(!noprompt && EVP_read_pw_string(pass, 50, "Enter Import Password:", 0)) {
BIO_printf (bio_err, "Can't read Password\n");
goto end;
}
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+#endif
if (!twopass) strcpy(macpass, pass);
if (options & INFO) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1);
if(macver) {
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_push_info("verify MAC");
+#endif
if (!PKCS12_verify_mac (p12, mpass, -1)) {
- BIO_printf (bio_err, "Mac verify errror: invalid password?\n");
+ BIO_printf (bio_err, "Mac verify error: invalid password?\n");
ERR_print_errors (bio_err);
goto end;
} else BIO_printf (bio_err, "MAC verified OK\n");
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+#endif
}
- if (!dump_certs_keys_p12 (out, p12, cpass, -1, options)) {
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_push_info("output keys and certificates");
+#endif
+ if (!dump_certs_keys_p12 (out, p12, cpass, -1, options, passout)) {
BIO_printf(bio_err, "Error outputting keys and certificates\n");
ERR_print_errors (bio_err);
goto end;
}
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+#endif
PKCS12_free(p12);
ret = 0;
end:
+ if(export_cert || inrand) app_RAND_write_file(NULL, bio_err);
+#ifdef CRYPTO_MDEBUG
+ CRYPTO_remove_all_info();
+#endif
+ BIO_free(in);
BIO_free(out);
+ if(passin) Free(passin);
+ if(passout) Free(passout);
EXIT(ret);
}
-int dump_cert_text (BIO *out, X509 *x)
-{
- char buf[256];
- X509_NAME_oneline(X509_get_subject_name(x),buf,256);
- BIO_puts(out,"subject=");
- BIO_puts(out,buf);
-
- X509_NAME_oneline(X509_get_issuer_name(x),buf,256);
- BIO_puts(out,"\nissuer= ");
- BIO_puts(out,buf);
- BIO_puts(out,"\n");
- return 0;
-}
-
int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
- int passlen, int options)
+ int passlen, int options, char *pempass)
{
STACK *asafes, *bags;
int i, bagnid;
@@ -489,7 +586,7 @@ int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
} else continue;
if (!bags) return 0;
if (!dump_certs_pkeys_bags (out, bags, pass, passlen,
- options)) {
+ options, pempass)) {
sk_pop_free (bags, PKCS12_SAFEBAG_free);
return 0;
}
@@ -500,19 +597,19 @@ int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
}
int dump_certs_pkeys_bags (BIO *out, STACK *bags, char *pass,
- int passlen, int options)
+ int passlen, int options, char *pempass)
{
int i;
for (i = 0; i < sk_num (bags); i++) {
if (!dump_certs_pkeys_bag (out,
(PKCS12_SAFEBAG *)sk_value (bags, i), pass, passlen,
- options)) return 0;
+ options, pempass)) return 0;
}
return 1;
}
int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
- int passlen, int options)
+ int passlen, int options, char *pempass)
{
EVP_PKEY *pkey;
PKCS8_PRIV_KEY_INFO *p8;
@@ -527,7 +624,7 @@ int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
p8 = bag->value.keybag;
if (!(pkey = EVP_PKCS82PKEY (p8))) return 0;
print_attribs (out, p8->attributes, "Key Attributes");
- PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, NULL);
+ PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass);
EVP_PKEY_free(pkey);
break;
@@ -543,7 +640,7 @@ int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
if (!(pkey = EVP_PKCS82PKEY (p8))) return 0;
print_attribs (out, p8->attributes, "Key Attributes");
PKCS8_PRIV_KEY_INFO_free(p8);
- PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, NULL);
+ PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass);
EVP_PKEY_free(pkey);
break;
@@ -566,7 +663,7 @@ int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
if (options & INFO) BIO_printf (bio_err, "Safe Contents bag\n");
print_attribs (out, bag->attrib, "Bag Attributes");
return dump_certs_pkeys_bags (out, bag->value.safes, pass,
- passlen, options);
+ passlen, options, pempass);
default:
BIO_printf (bio_err, "Warning unsupported bag type: ");
@@ -588,7 +685,7 @@ int get_cert_chain (X509 *cert, STACK_OF(X509) **chain)
X509_STORE_CTX store_ctx;
STACK_OF(X509) *chn;
int i;
- X509 *x;
+
store = X509_STORE_new ();
X509_STORE_set_default_paths (store);
X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
@@ -596,11 +693,7 @@ int get_cert_chain (X509 *cert, STACK_OF(X509) **chain)
i = X509_STORE_CTX_get_error (&store_ctx);
goto err;
}
- chn = sk_X509_dup(X509_STORE_CTX_get_chain (&store_ctx));
- for (i = 0; i < sk_X509_num(chn); i++) {
- x = sk_X509_value(chn, i);
- CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
- }
+ chn = X509_STORE_CTX_get1_chain(&store_ctx);
i = 0;
*chain = chn;
err:
diff --git a/crypto/openssl/apps/pkcs7.c b/crypto/openssl/apps/pkcs7.c
index 0e1427cc3155..f471cc77fda3 100644
--- a/crypto/openssl/apps/pkcs7.c
+++ b/crypto/openssl/apps/pkcs7.c
@@ -71,27 +71,23 @@
#undef PROG
#define PROG pkcs7_main
-/* -inform arg - input format - default PEM (one of DER, TXT or PEM)
+/* -inform arg - input format - default PEM (DER or PEM)
* -outform arg - output format - default PEM
* -in arg - input file - default stdin
* -out arg - output file - default stdout
- * -des - encrypt output if PEM format with DES in cbc mode
- * -des3 - encrypt output if PEM format
- * -idea - encrypt output if PEM format
* -print_certs
*/
+int MAIN(int, char **);
+
int MAIN(int argc, char **argv)
{
PKCS7 *p7=NULL;
int i,badops=0;
-#if !defined(NO_DES) || !defined(NO_IDEA)
- EVP_CIPHER *enc=NULL;
-#endif
BIO *in=NULL,*out=NULL;
int informat,outformat;
- char *infile,*outfile,*prog,buf[256];
- int print_certs=0;
+ char *infile,*outfile,*prog;
+ int print_certs=0,text=0,noout=0;
int ret=0;
apps_startup();
@@ -130,18 +126,12 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
outfile= *(++argv);
}
+ else if (strcmp(*argv,"-noout") == 0)
+ noout=1;
+ else if (strcmp(*argv,"-text") == 0)
+ text=1;
else if (strcmp(*argv,"-print_certs") == 0)
print_certs=1;
-#ifndef NO_DES
- else if (strcmp(*argv,"-des") == 0)
- enc=EVP_des_cbc();
- else if (strcmp(*argv,"-des3") == 0)
- enc=EVP_des_ede3_cbc();
-#endif
-#ifndef NO_IDEA
- else if (strcmp(*argv,"-idea") == 0)
- enc=EVP_idea_cbc();
-#endif
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -157,16 +147,13 @@ int MAIN(int argc, char **argv)
bad:
BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
BIO_printf(bio_err,"where options are\n");
- BIO_printf(bio_err," -inform arg input format - one of DER TXT PEM\n");
- BIO_printf(bio_err," -outform arg output format - one of DER TXT PEM\n");
+ BIO_printf(bio_err," -inform arg input format - DER or PEM\n");
+ BIO_printf(bio_err," -outform arg output format - DER or PEM\n");
BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -print_certs print any certs or crl in the input\n");
- BIO_printf(bio_err," -des encrypt PEM output with cbc des\n");
- BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
-#ifndef NO_IDEA
- BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n");
-#endif
+ BIO_printf(bio_err," -text print full details of certificates\n");
+ BIO_printf(bio_err," -noout don't output encoded data\n");
EXIT(1);
}
@@ -246,19 +233,10 @@ bad:
for (i=0; i<sk_X509_num(certs); i++)
{
x=sk_X509_value(certs,i);
+ if(text) X509_print(out, x);
+ else dump_cert_text(out, x);
- X509_NAME_oneline(X509_get_subject_name(x),
- buf,256);
- BIO_puts(out,"subject=");
- BIO_puts(out,buf);
-
- X509_NAME_oneline(X509_get_issuer_name(x),
- buf,256);
- BIO_puts(out,"\nissuer= ");
- BIO_puts(out,buf);
- BIO_puts(out,"\n");
-
- PEM_write_bio_X509(out,x);
+ if(!noout) PEM_write_bio_X509(out,x);
BIO_puts(out,"\n");
}
}
@@ -270,17 +248,9 @@ bad:
{
crl=sk_X509_CRL_value(crls,i);
- X509_NAME_oneline(crl->crl->issuer,buf,256);
- BIO_puts(out,"issuer= ");
- BIO_puts(out,buf);
+ X509_CRL_print(out, crl);
- BIO_puts(out,"\nlast update=");
- ASN1_TIME_print(out,crl->crl->lastUpdate);
- BIO_puts(out,"\nnext update=");
- ASN1_TIME_print(out,crl->crl->nextUpdate);
- BIO_puts(out,"\n");
-
- PEM_write_bio_X509_CRL(out,crl);
+ if(!noout)PEM_write_bio_X509_CRL(out,crl);
BIO_puts(out,"\n");
}
}
@@ -289,21 +259,23 @@ bad:
goto end;
}
- if (outformat == FORMAT_ASN1)
- i=i2d_PKCS7_bio(out,p7);
- else if (outformat == FORMAT_PEM)
- i=PEM_write_bio_PKCS7(out,p7);
- else {
- BIO_printf(bio_err,"bad output format specified for outfile\n");
- goto end;
- }
+ if(!noout) {
+ if (outformat == FORMAT_ASN1)
+ i=i2d_PKCS7_bio(out,p7);
+ else if (outformat == FORMAT_PEM)
+ i=PEM_write_bio_PKCS7(out,p7);
+ else {
+ BIO_printf(bio_err,"bad output format specified for outfile\n");
+ goto end;
+ }
- if (!i)
- {
- BIO_printf(bio_err,"unable to write pkcs7 object\n");
- ERR_print_errors(bio_err);
- goto end;
- }
+ if (!i)
+ {
+ BIO_printf(bio_err,"unable to write pkcs7 object\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
ret=0;
end:
if (p7 != NULL) PKCS7_free(p7);
diff --git a/crypto/openssl/apps/pkcs8.c b/crypto/openssl/apps/pkcs8.c
index a05388300ad6..3e59b74124a2 100644
--- a/crypto/openssl/apps/pkcs8.c
+++ b/crypto/openssl/apps/pkcs8.c
@@ -57,6 +57,7 @@
*/
#include <stdio.h>
#include <string.h>
+#include "apps.h"
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/evp.h>
@@ -65,10 +66,12 @@
#include "apps.h"
#define PROG pkcs8_main
+int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
char **args, *infile = NULL, *outfile = NULL;
+ char *passargin = NULL, *passargout = NULL;
BIO *in = NULL, *out = NULL;
int topk8 = 0;
int pbe_nid = -1;
@@ -80,13 +83,13 @@ int MAIN(int argc, char **argv)
X509_SIG *p8;
PKCS8_PRIV_KEY_INFO *p8inf;
EVP_PKEY *pkey;
- char pass[50];
+ char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
int badarg = 0;
if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
informat=FORMAT_PEM;
outformat=FORMAT_PEM;
ERR_load_crypto_strings();
- SSLeay_add_all_algorithms();
+ OpenSSL_add_all_algorithms();
args = argv + 1;
while (!badarg && *args && *args[0] == '-') {
if (!strcmp(*args,"-v2")) {
@@ -99,6 +102,16 @@ int MAIN(int argc, char **argv)
badarg = 1;
}
} else badarg = 1;
+ } else if (!strcmp(*args,"-v1")) {
+ if (args[1]) {
+ args++;
+ pbe_nid=OBJ_txt2nid(*args);
+ if(pbe_nid == NID_undef) {
+ BIO_printf(bio_err,
+ "Unknown PBE algorithm %s\n", *args);
+ badarg = 1;
+ }
+ } else badarg = 1;
} else if (!strcmp(*args,"-inform")) {
if (args[1]) {
args++;
@@ -113,6 +126,18 @@ int MAIN(int argc, char **argv)
else if (!strcmp (*args, "-noiter")) iter = 1;
else if (!strcmp (*args, "-nocrypt")) nocrypt = 1;
else if (!strcmp (*args, "-nooct")) p8_broken = PKCS8_NO_OCTET;
+ else if (!strcmp (*args, "-nsdb")) p8_broken = PKCS8_NS_DB;
+ else if (!strcmp (*args, "-embed")) p8_broken = PKCS8_EMBEDDED_PARAM;
+ else if (!strcmp(*args,"-passin"))
+ {
+ if (!args[1]) goto bad;
+ passargin= *(++args);
+ }
+ else if (!strcmp(*args,"-passout"))
+ {
+ if (!args[1]) goto bad;
+ passargout= *(++args);
+ }
else if (!strcmp (*args, "-in")) {
if (args[1]) {
args++;
@@ -128,25 +153,36 @@ int MAIN(int argc, char **argv)
}
if (badarg) {
- BIO_printf (bio_err, "Usage pkcs8 [options]\n");
- BIO_printf (bio_err, "where options are\n");
- BIO_printf (bio_err, "-in file input file\n");
- BIO_printf (bio_err, "-inform X input format (DER or PEM)\n");
- BIO_printf (bio_err, "-outform X output format (DER or PEM)\n");
- BIO_printf (bio_err, "-out file output file\n");
- BIO_printf (bio_err, "-topk8 output PKCS8 file\n");
- BIO_printf (bio_err, "-nooct use (broken) no octet form\n");
- BIO_printf (bio_err, "-noiter use 1 as iteration count\n");
- BIO_printf (bio_err, "-nocrypt use or expect unencrypted private key\n");
- BIO_printf (bio_err, "-v2 alg use PKCS#5 v2.0 and cipher \"alg\"\n");
+ bad:
+ BIO_printf(bio_err, "Usage pkcs8 [options]\n");
+ BIO_printf(bio_err, "where options are\n");
+ BIO_printf(bio_err, "-in file input file\n");
+ BIO_printf(bio_err, "-inform X input format (DER or PEM)\n");
+ BIO_printf(bio_err, "-passin arg input file pass phrase source\n");
+ BIO_printf(bio_err, "-outform X output format (DER or PEM)\n");
+ BIO_printf(bio_err, "-out file output file\n");
+ BIO_printf(bio_err, "-passout arg output file pass phrase source\n");
+ BIO_printf(bio_err, "-topk8 output PKCS8 file\n");
+ BIO_printf(bio_err, "-nooct use (nonstandard) no octet format\n");
+ BIO_printf(bio_err, "-embed use (nonstandard) embedded DSA parameters format\n");
+ BIO_printf(bio_err, "-nsdb use (nonstandard) DSA Netscape DB format\n");
+ BIO_printf(bio_err, "-noiter use 1 as iteration count\n");
+ BIO_printf(bio_err, "-nocrypt use or expect unencrypted private key\n");
+ BIO_printf(bio_err, "-v2 alg use PKCS#5 v2.0 and cipher \"alg\"\n");
+ BIO_printf(bio_err, "-v1 obj use PKCS#5 v1.5 and cipher \"alg\"\n");
+ return (1);
+ }
+
+ if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
+ BIO_printf(bio_err, "Error getting passwords\n");
return (1);
}
if ((pbe_nid == -1) && !cipher) pbe_nid = NID_pbeWithMD5AndDES_CBC;
if (infile) {
- if (!(in = BIO_new_file (infile, "rb"))) {
- BIO_printf (bio_err,
+ if (!(in = BIO_new_file(infile, "rb"))) {
+ BIO_printf(bio_err,
"Can't open input file %s\n", infile);
return (1);
}
@@ -154,25 +190,32 @@ int MAIN(int argc, char **argv)
if (outfile) {
if (!(out = BIO_new_file (outfile, "wb"))) {
- BIO_printf (bio_err,
+ BIO_printf(bio_err,
"Can't open output file %s\n", outfile);
return (1);
}
} else out = BIO_new_fp (stdout, BIO_NOCLOSE);
if (topk8) {
- if (!(pkey = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL))) {
- BIO_printf (bio_err, "Error reading key\n", outfile);
+ if(informat == FORMAT_PEM)
+ pkey = PEM_read_bio_PrivateKey(in, NULL, NULL, passin);
+ else if(informat == FORMAT_ASN1)
+ pkey = d2i_PrivateKey_bio(in, NULL);
+ else {
+ BIO_printf(bio_err, "Bad format specified for key\n");
+ return (1);
+ }
+ if (!pkey) {
+ BIO_printf(bio_err, "Error reading key\n", outfile);
ERR_print_errors(bio_err);
return (1);
}
BIO_free(in);
- if (!(p8inf = EVP_PKEY2PKCS8(pkey))) {
- BIO_printf (bio_err, "Error converting key\n", outfile);
+ if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken))) {
+ BIO_printf(bio_err, "Error converting key\n", outfile);
ERR_print_errors(bio_err);
return (1);
}
- PKCS8_set_broken(p8inf, p8_broken);
if(nocrypt) {
if(outformat == FORMAT_PEM)
PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf);
@@ -183,17 +226,23 @@ int MAIN(int argc, char **argv)
return (1);
}
} else {
- EVP_read_pw_string(pass, 50, "Enter Encryption Password:", 1);
+ if(passout) p8pass = passout;
+ else {
+ p8pass = pass;
+ EVP_read_pw_string(pass, 50, "Enter Encryption Password:", 1);
+ }
+ app_RAND_load_file(NULL, bio_err, 0);
if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
- pass, strlen(pass),
+ p8pass, strlen(p8pass),
NULL, 0, iter, p8inf))) {
- BIO_printf (bio_err, "Error encrypting key\n",
+ BIO_printf(bio_err, "Error encrypting key\n",
outfile);
ERR_print_errors(bio_err);
return (1);
}
+ app_RAND_write_file(NULL, bio_err);
if(outformat == FORMAT_PEM)
- PEM_write_bio_PKCS8 (out, p8);
+ PEM_write_bio_PKCS8(out, p8);
else if(outformat == FORMAT_ASN1)
i2d_PKCS8_bio(out, p8);
else {
@@ -205,6 +254,8 @@ int MAIN(int argc, char **argv)
PKCS8_PRIV_KEY_INFO_free (p8inf);
EVP_PKEY_free(pkey);
BIO_free(out);
+ if(passin) Free(passin);
+ if(passout) Free(passout);
return (0);
}
@@ -232,8 +283,12 @@ int MAIN(int argc, char **argv)
ERR_print_errors(bio_err);
return (1);
}
- EVP_read_pw_string(pass, 50, "Enter Password:", 0);
- p8inf = M_PKCS8_decrypt(p8, pass, strlen(pass));
+ if(passin) p8pass = passin;
+ else {
+ p8pass = pass;
+ EVP_read_pw_string(pass, 50, "Enter Password:", 0);
+ }
+ p8inf = M_PKCS8_decrypt(p8, p8pass, strlen(p8pass));
X509_SIG_free(p8);
}
@@ -253,7 +308,15 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "Warning: broken key encoding: ");
switch (p8inf->broken) {
case PKCS8_NO_OCTET:
- BIO_printf(bio_err, "No Octet String\n");
+ BIO_printf(bio_err, "No Octet String in PrivateKey\n");
+ break;
+
+ case PKCS8_EMBEDDED_PARAM:
+ BIO_printf(bio_err, "DSA parameters included in PrivateKey\n");
+ break;
+
+ case PKCS8_NS_DB:
+ BIO_printf(bio_err, "DSA public key include in PrivateKey\n");
break;
default:
@@ -263,12 +326,20 @@ int MAIN(int argc, char **argv)
}
PKCS8_PRIV_KEY_INFO_free(p8inf);
-
- PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, NULL);
+ if(outformat == FORMAT_PEM)
+ PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout);
+ else if(outformat == FORMAT_ASN1)
+ i2d_PrivateKey_bio(out, pkey);
+ else {
+ BIO_printf(bio_err, "Bad format specified for key\n");
+ return (1);
+ }
EVP_PKEY_free(pkey);
BIO_free(out);
BIO_free(in);
+ if(passin) Free(passin);
+ if(passout) Free(passout);
return (0);
}
diff --git a/crypto/openssl/apps/progs.h b/crypto/openssl/apps/progs.h
index df067182bc46..7d2238493a4e 100644
--- a/crypto/openssl/apps/progs.h
+++ b/crypto/openssl/apps/progs.h
@@ -1,11 +1,14 @@
-/* This file was generated by progs.pl. */
+/* apps/progs.h */
+/* automatically generated by progs.pl for openssl.c */
extern int verify_main(int argc,char *argv[]);
extern int asn1parse_main(int argc,char *argv[]);
extern int req_main(int argc,char *argv[]);
extern int dgst_main(int argc,char *argv[]);
extern int dh_main(int argc,char *argv[]);
+extern int dhparam_main(int argc,char *argv[]);
extern int enc_main(int argc,char *argv[]);
+extern int passwd_main(int argc,char *argv[]);
extern int gendh_main(int argc,char *argv[]);
extern int errstr_main(int argc,char *argv[]);
extern int ca_main(int argc,char *argv[]);
@@ -28,8 +31,9 @@ extern int ciphers_main(int argc,char *argv[]);
extern int nseq_main(int argc,char *argv[]);
extern int pkcs12_main(int argc,char *argv[]);
extern int pkcs8_main(int argc,char *argv[]);
-
-#ifdef SSLEAY_SRC /* Defined only in openssl.c. */
+extern int spkac_main(int argc,char *argv[]);
+extern int smime_main(int argc,char *argv[]);
+extern int rand_main(int argc,char *argv[]);
#define FUNC_TYPE_GENERAL 1
#define FUNC_TYPE_MD 2
@@ -49,7 +53,11 @@ FUNCTION functions[] = {
#ifndef NO_DH
{FUNC_TYPE_GENERAL,"dh",dh_main},
#endif
+#ifndef NO_DH
+ {FUNC_TYPE_GENERAL,"dhparam",dhparam_main},
+#endif
{FUNC_TYPE_GENERAL,"enc",enc_main},
+ {FUNC_TYPE_GENERAL,"passwd",passwd_main},
#ifndef NO_DH
{FUNC_TYPE_GENERAL,"gendh",gendh_main},
#endif
@@ -72,14 +80,14 @@ FUNCTION functions[] = {
#ifndef NO_DSA
{FUNC_TYPE_GENERAL,"gendsa",gendsa_main},
#endif
-#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))
+#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3))
{FUNC_TYPE_GENERAL,"s_server",s_server_main},
#endif
-#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))
+#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3))
{FUNC_TYPE_GENERAL,"s_client",s_client_main},
#endif
{FUNC_TYPE_GENERAL,"speed",speed_main},
-#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))
+#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3))
{FUNC_TYPE_GENERAL,"s_time",s_time_main},
#endif
{FUNC_TYPE_GENERAL,"version",version_main},
@@ -94,6 +102,9 @@ FUNCTION functions[] = {
{FUNC_TYPE_GENERAL,"pkcs12",pkcs12_main},
#endif
{FUNC_TYPE_GENERAL,"pkcs8",pkcs8_main},
+ {FUNC_TYPE_GENERAL,"spkac",spkac_main},
+ {FUNC_TYPE_GENERAL,"smime",smime_main},
+ {FUNC_TYPE_GENERAL,"rand",rand_main},
{FUNC_TYPE_MD,"md2",dgst_main},
{FUNC_TYPE_MD,"md5",dgst_main},
{FUNC_TYPE_MD,"sha",dgst_main},
@@ -116,6 +127,9 @@ FUNCTION functions[] = {
#ifndef NO_RC4
{FUNC_TYPE_CIPHER,"rc4",enc_main},
#endif
+#ifndef NO_RC4
+ {FUNC_TYPE_CIPHER,"rc4-40",enc_main},
+#endif
#ifndef NO_RC2
{FUNC_TYPE_CIPHER,"rc2",enc_main},
#endif
@@ -188,6 +202,12 @@ FUNCTION functions[] = {
#ifndef NO_RC2
{FUNC_TYPE_CIPHER,"rc2-ofb",enc_main},
#endif
+#ifndef NO_RC2
+ {FUNC_TYPE_CIPHER,"rc2-64-cbc",enc_main},
+#endif
+#ifndef NO_RC2
+ {FUNC_TYPE_CIPHER,"rc2-40-cbc",enc_main},
+#endif
#ifndef NO_BF
{FUNC_TYPE_CIPHER,"bf-cbc",enc_main},
#endif
@@ -229,5 +249,3 @@ FUNCTION functions[] = {
#endif
{0,NULL,NULL}
};
-#endif
-
diff --git a/crypto/openssl/apps/progs.pl b/crypto/openssl/apps/progs.pl
index 7a69fc7b18dc..9842d2ace725 100644
--- a/crypto/openssl/apps/progs.pl
+++ b/crypto/openssl/apps/progs.pl
@@ -1,6 +1,7 @@
#!/usr/local/bin/perl
-print "/* This file was generated by progs.pl. */\n\n";
+print "/* apps/progs.h */\n";
+print "/* automatically generated by progs.pl for openssl.c */\n\n";
grep(s/^asn1pars$/asn1parse/,@ARGV);
@@ -9,8 +10,6 @@ foreach (@ARGV)
print <<'EOF';
-#ifdef SSLEAY_SRC /* Defined only in openssl.c. */
-
#define FUNC_TYPE_GENERAL 1
#define FUNC_TYPE_MD 2
#define FUNC_TYPE_CIPHER 3
@@ -29,13 +28,15 @@ foreach (@ARGV)
push(@files,$_);
$str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n";
if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/))
- { print "#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))\n${str}#endif\n"; }
+ { print "#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(NO_SSL3))\n${str}#endif\n"; }
elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) )
{ print "#ifndef NO_RSA\n${str}#endif\n"; }
elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/))
{ print "#ifndef NO_DSA\n${str}#endif\n"; }
- elsif ( ($_ =~ /^dh$/) || ($_ =~ /^gendh$/))
+ elsif ( ($_ =~ /^dh$/) || ($_ =~ /^gendh$/) || ($_ =~ /^dhparam$/))
{ print "#ifndef NO_DH\n${str}#endif\n"; }
+ elsif ( ($_ =~ /^pkcs12$/))
+ { print "#if !defined(NO_DES) && !defined(NO_SHA1)\n${str}#endif\n"; }
else
{ print $str; }
}
@@ -48,13 +49,14 @@ foreach ("md2","md5","sha","sha1","mdc2","rmd160")
foreach (
"base64",
- "des", "des3", "desx", "idea", "rc4", "rc2","bf","cast","rc5",
+ "des", "des3", "desx", "idea", "rc4", "rc4-40",
+ "rc2", "bf", "cast", "rc5",
"des-ecb", "des-ede", "des-ede3",
"des-cbc", "des-ede-cbc","des-ede3-cbc",
"des-cfb", "des-ede-cfb","des-ede3-cfb",
"des-ofb", "des-ede-ofb","des-ede3-ofb",
"idea-cbc","idea-ecb", "idea-cfb", "idea-ofb",
- "rc2-cbc", "rc2-ecb", "rc2-cfb", "rc2-ofb",
+ "rc2-cbc", "rc2-ecb", "rc2-cfb","rc2-ofb", "rc2-64-cbc", "rc2-40-cbc",
"bf-cbc", "bf-ecb", "bf-cfb", "bf-ofb",
"cast5-cbc","cast5-ecb", "cast5-cfb","cast5-ofb",
"cast-cbc", "rc5-cbc", "rc5-ecb", "rc5-cfb", "rc5-ofb")
@@ -73,5 +75,3 @@ foreach (
}
print "\t{0,NULL,NULL}\n\t};\n";
-print "#endif\n\n";
-
diff --git a/crypto/openssl/apps/rand.c b/crypto/openssl/apps/rand.c
new file mode 100644
index 000000000000..cfbba3075586
--- /dev/null
+++ b/crypto/openssl/apps/rand.c
@@ -0,0 +1,140 @@
+/* apps/rand.c */
+
+#include "apps.h"
+
+#include <ctype.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+
+#undef PROG
+#define PROG rand_main
+
+/* -out file - write to file
+ * -rand file:file - PRNG seed files
+ * -base64 - encode output
+ * num - write 'num' bytes
+ */
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+ {
+ int i, r, ret = 1;
+ int badopt;
+ char *outfile = NULL;
+ char *inrand = NULL;
+ int base64 = 0;
+ BIO *out = NULL;
+ int num = -1;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
+
+ badopt = 0;
+ i = 0;
+ while (!badopt && argv[++i] != NULL)
+ {
+ if (strcmp(argv[i], "-out") == 0)
+ {
+ if ((argv[i+1] != NULL) && (outfile == NULL))
+ outfile = argv[++i];
+ else
+ badopt = 1;
+ }
+ else if (strcmp(argv[i], "-rand") == 0)
+ {
+ if ((argv[i+1] != NULL) && (inrand == NULL))
+ inrand = argv[++i];
+ else
+ badopt = 1;
+ }
+ else if (strcmp(argv[i], "-base64") == 0)
+ {
+ if (!base64)
+ base64 = 1;
+ else
+ badopt = 1;
+ }
+ else if (isdigit(argv[i][0]))
+ {
+ if (num < 0)
+ {
+ r = sscanf(argv[i], "%d", &num);
+ if (r == 0 || num < 0)
+ badopt = 1;
+ }
+ else
+ badopt = 1;
+ }
+ else
+ badopt = 1;
+ }
+
+ if (num < 0)
+ badopt = 1;
+
+ if (badopt)
+ {
+ BIO_printf(bio_err, "Usage: rand [options] num\n");
+ BIO_printf(bio_err, "where options are\n");
+ BIO_printf(bio_err, "-out file - write to file\n");
+ BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+ BIO_printf(bio_err, "-base64 - encode output\n");
+ goto err;
+ }
+
+ app_RAND_load_file(NULL, bio_err, (inrand != NULL));
+ if (inrand != NULL)
+ BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+ app_RAND_load_files(inrand));
+
+ out = BIO_new(BIO_s_file());
+ if (out == NULL)
+ goto err;
+ if (outfile != NULL)
+ r = BIO_write_filename(out, outfile);
+ else
+ r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
+ if (r <= 0)
+ goto err;
+
+ if (base64)
+ {
+ BIO *b64 = BIO_new(BIO_f_base64());
+ if (b64 == NULL)
+ goto err;
+ out = BIO_push(b64, out);
+ }
+
+ while (num > 0)
+ {
+ unsigned char buf[4096];
+ int chunk;
+
+ chunk = num;
+ if (chunk > sizeof buf)
+ chunk = sizeof buf;
+ r = RAND_bytes(buf, chunk);
+ if (r <= 0)
+ goto err;
+ BIO_write(out, buf, chunk);
+ num -= chunk;
+ }
+ BIO_flush(out);
+
+ app_RAND_write_file(NULL, bio_err);
+ ret = 0;
+
+err:
+ ERR_print_errors(bio_err);
+ if (out)
+ BIO_free_all(out);
+ EXIT(ret);
+ }
diff --git a/crypto/openssl/apps/req.c b/crypto/openssl/apps/req.c
index 463ac156ea45..eb338eeb1b2b 100644
--- a/crypto/openssl/apps/req.c
+++ b/crypto/openssl/apps/req.c
@@ -66,7 +66,6 @@
#include "apps.h"
#include <openssl/bio.h>
#include <openssl/evp.h>
-#include <openssl/rand.h>
#include <openssl/conf.h>
#include <openssl/err.h>
#include <openssl/asn1.h>
@@ -79,9 +78,12 @@
#define BITS "default_bits"
#define KEYFILE "default_keyfile"
+#define PROMPT "prompt"
#define DISTINGUISHED_NAME "distinguished_name"
#define ATTRIBUTES "attributes"
#define V3_EXTENSIONS "x509_extensions"
+#define REQ_EXTENSIONS "req_extensions"
+#define STRING_MASK "string_mask"
#define DEFAULT_KEY_LENGTH 512
#define MIN_KEY_LENGTH 384
@@ -89,7 +91,7 @@
#undef PROG
#define PROG req_main
-/* -inform arg - input format - default PEM (one of DER, TXT or PEM)
+/* -inform arg - input format - default PEM (DER or PEM)
* -outform arg - output format - default PEM
* -in arg - input file - default stdin
* -out arg - output file - default stdout
@@ -108,13 +110,20 @@
*/
static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,int attribs);
-static int add_attribute_object(STACK_OF(X509_ATTRIBUTE) *n, char *text,
+static int prompt_info(X509_REQ *req,
+ STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect,
+ STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs);
+static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *sk,
+ STACK_OF(CONF_VALUE) *attr, int attribs);
+static int add_attribute_object(X509_REQ *req, char *text,
char *def, char *value, int nid, int min,
int max);
static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
int nid,int min,int max);
+#ifndef NO_RSA
static void MS_CALLBACK req_cb(int p,int n,void *arg);
-static int req_fix_data(int nid,int *type,int len,int min,int max);
+#endif
+static int req_check_len(int len,int min,int max);
static int check_end(char *str, char *end);
static int add_oid_section(LHASH *conf);
#ifndef MONOLITH
@@ -127,6 +136,8 @@ static LHASH *req_conf=NULL;
#define TYPE_DSA 2
#define TYPE_DH 3
+int MAIN(int, char **);
+
int MAIN(int argc, char **argv)
{
#ifndef NO_DSA
@@ -139,17 +150,21 @@ int MAIN(int argc, char **argv)
int i,badops=0,newreq=0,newkey= -1,pkey_type=0;
BIO *in=NULL,*out=NULL;
int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
- int nodes=0,kludge=0;
+ int nodes=0,kludge=0,newhdr=0;
char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;
char *extensions = NULL;
+ char *req_exts = NULL;
EVP_CIPHER *cipher=NULL;
int modulus=0;
+ char *passargin = NULL, *passargout = NULL;
+ char *passin = NULL, *passout = NULL;
char *p;
const EVP_MD *md_alg=NULL,*digest=EVP_md5();
#ifndef MONOLITH
MS_STATIC char config_name[256];
#endif
+ req_conf = NULL;
#ifndef NO_DES
cipher=EVP_des_ede3_cbc();
#endif
@@ -214,6 +229,16 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
keyout= *(++argv);
}
+ else if (strcmp(*argv,"-passin") == 0)
+ {
+ if (--argc < 1) goto bad;
+ passargin= *(++argv);
+ }
+ else if (strcmp(*argv,"-passout") == 0)
+ {
+ if (--argc < 1) goto bad;
+ passargout= *(++argv);
+ }
else if (strcmp(*argv,"-newkey") == 0)
{
int is_numeric;
@@ -281,6 +306,8 @@ int MAIN(int argc, char **argv)
newreq=1;
}
+ else if (strcmp(*argv,"-newhdr") == 0)
+ newhdr=1;
else if (strcmp(*argv,"-modulus") == 0)
modulus=1;
else if (strcmp(*argv,"-verify") == 0)
@@ -308,8 +335,17 @@ int MAIN(int argc, char **argv)
/* ok */
digest=md_alg;
}
+ else if (strcmp(*argv,"-extensions") == 0)
+ {
+ if (--argc < 1) goto bad;
+ extensions = *(++argv);
+ }
+ else if (strcmp(*argv,"-reqexts") == 0)
+ {
+ if (--argc < 1) goto bad;
+ req_exts = *(++argv);
+ }
else
-
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
badops=1;
@@ -324,8 +360,8 @@ int MAIN(int argc, char **argv)
bad:
BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
BIO_printf(bio_err,"where options are\n");
- BIO_printf(bio_err," -inform arg input format - one of DER TXT PEM\n");
- BIO_printf(bio_err," -outform arg output format - one of DER TXT PEM\n");
+ BIO_printf(bio_err," -inform arg input format - DER or PEM\n");
+ BIO_printf(bio_err," -outform arg output format - DER or PEM\n");
BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -text text form of request\n");
@@ -344,16 +380,21 @@ bad:
BIO_printf(bio_err," -new new request.\n");
BIO_printf(bio_err," -x509 output a x509 structure instead of a cert. req.\n");
BIO_printf(bio_err," -days number of days a x509 generated by -x509 is valid for.\n");
+ BIO_printf(bio_err," -newhdr output \"NEW\" in the header lines\n");
BIO_printf(bio_err," -asn1-kludge Output the 'request' in a format that is wrong but some CA's\n");
BIO_printf(bio_err," have been reported as requiring\n");
- BIO_printf(bio_err," [ It is now always turned on but can be turned off with -no-asn1-kludge ]\n");
+ BIO_printf(bio_err," -extensions .. specify certificate extension section (override value in config file)\n");
+ BIO_printf(bio_err," -reqexts .. specify request extension section (override value in config file)\n");
goto end;
}
ERR_load_crypto_strings();
- X509V3_add_standard_extensions();
+ if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
+ BIO_printf(bio_err, "Error getting passwords\n");
+ goto end;
+ }
-#ifndef MONOLITH
+#ifndef MONOLITH /* else this has happened in openssl.c (global `config') */
/* Lets load up our environment a little */
p=getenv("OPENSSL_CONF");
if (p == NULL)
@@ -367,7 +408,7 @@ bad:
strcat(config_name,OPENSSL_CONF);
p=config_name;
}
- default_config_file=p;
+ default_config_file=p;
config=CONF_load(config,p,NULL);
#endif
@@ -425,7 +466,8 @@ bad:
digest=md_alg;
}
- extensions = CONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
+ if(!extensions)
+ extensions = CONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
if(extensions) {
/* Check syntax of file */
X509V3_CTX ctx;
@@ -438,6 +480,34 @@ bad:
}
}
+ if(!passin)
+ passin = CONF_get_string(req_conf, SECTION, "input_password");
+
+ if(!passout)
+ passout = CONF_get_string(req_conf, SECTION, "output_password");
+
+ p = CONF_get_string(req_conf, SECTION, STRING_MASK);
+
+ if(p && !ASN1_STRING_set_default_mask_asc(p)) {
+ BIO_printf(bio_err, "Invalid global string mask setting %s\n", p);
+ goto end;
+ }
+
+ if(!req_exts)
+ req_exts = CONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);
+ if(req_exts) {
+ /* Check syntax of file */
+ X509V3_CTX ctx;
+ X509V3_set_ctx_test(&ctx);
+ X509V3_set_conf_lhash(&ctx, req_conf);
+ if(!X509V3_EXT_add_conf(req_conf, &ctx, req_exts, NULL)) {
+ BIO_printf(bio_err,
+ "Error Loading request extension section %s\n",
+ req_exts);
+ goto end;
+ }
+ }
+
in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL))
@@ -451,11 +521,12 @@ bad:
goto end;
}
-/* if (keyform == FORMAT_ASN1)
- rsa=d2i_RSAPrivateKey_bio(in,NULL);
- else */
- if (keyform == FORMAT_PEM)
- pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL);
+ if (keyform == FORMAT_ASN1)
+ pkey=d2i_PrivateKey_bio(in,NULL);
+ else if (keyform == FORMAT_PEM)
+ {
+ pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,passin);
+ }
else
{
BIO_printf(bio_err,"bad input format specified for X509 request\n");
@@ -471,25 +542,9 @@ bad:
if (newreq && (pkey == NULL))
{
- char *randfile;
- char buffer[200];
-
- if ((randfile=CONF_get_string(req_conf,SECTION,"RANDFILE")) == NULL)
- randfile=RAND_file_name(buffer,200);
-#ifdef WINDOWS
- BIO_printf(bio_err,"Loading 'screen' into random state -");
- BIO_flush(bio_err);
- RAND_screen();
- BIO_printf(bio_err," done\n");
-#endif
- if ((randfile == NULL) || !RAND_load_file(randfile,1024L*1024L))
- {
- BIO_printf(bio_err,"unable to load 'random state'\n");
- BIO_printf(bio_err,"What this means is that the random number generator has not been seeded\n");
- BIO_printf(bio_err,"with much random data.\n");
- BIO_printf(bio_err,"Consider setting the RANDFILE environment variable to point at a file that\n");
- BIO_printf(bio_err,"'random' data can be kept in.\n");
- }
+ char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE");
+ app_RAND_load_file(randfile, bio_err, 0);
+
if (newkey <= 0)
{
newkey=(int)CONF_get_number(req_conf,SECTION,BITS);
@@ -527,8 +582,7 @@ bad:
}
#endif
- if ((randfile == NULL) || (RAND_write_file(randfile) == 0))
- BIO_printf(bio_err,"unable to write 'random state'\n");
+ app_RAND_write_file(randfile, bio_err);
if (pkey == NULL) goto end;
@@ -560,7 +614,7 @@ bad:
i=0;
loop:
if (!PEM_write_bio_PrivateKey(out,pkey,cipher,
- NULL,0,NULL,NULL))
+ NULL,0,NULL,passout))
{
if ((ERR_GET_REASON(ERR_peek_error()) ==
PEM_R_PROBLEMS_GETTING_PASSWORD) && (i < 3))
@@ -677,6 +731,22 @@ loop:
}
else
{
+ X509V3_CTX ext_ctx;
+
+ /* Set up V3 context struct */
+
+ X509V3_set_ctx(&ext_ctx, NULL, NULL, req, NULL, 0);
+ X509V3_set_conf_lhash(&ext_ctx, req_conf);
+
+ /* Add extensions */
+ if(req_exts && !X509V3_EXT_REQ_add_conf(req_conf,
+ &ext_ctx, req_exts, req))
+ {
+ BIO_printf(bio_err,
+ "Error Loading extension section %s\n",
+ req_exts);
+ goto end;
+ }
if (!(i=X509_REQ_sign(req,pkey,digest)))
goto end;
}
@@ -767,9 +837,10 @@ loop:
{
if (outformat == FORMAT_ASN1)
i=i2d_X509_REQ_bio(out,req);
- else if (outformat == FORMAT_PEM)
- i=PEM_write_bio_X509_REQ(out,req);
- else {
+ else if (outformat == FORMAT_PEM) {
+ if(newhdr) i=PEM_write_bio_X509_REQ_NEW(out,req);
+ else i=PEM_write_bio_X509_REQ(out,req);
+ } else {
BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end;
}
@@ -807,7 +878,8 @@ end:
EVP_PKEY_free(pkey);
X509_REQ_free(req);
X509_free(x509ss);
- X509V3_EXT_cleanup();
+ if(passargin && passin) Free(passin);
+ if(passargout && passout) Free(passout);
OBJ_cleanup();
#ifndef NO_DSA
if (dsa_params != NULL) DSA_free(dsa_params);
@@ -818,43 +890,67 @@ end:
static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs)
{
int ret=0,i;
- char *p,*q;
- X509_REQ_INFO *ri;
- char buf[100];
- int nid,min,max;
- char *type,*def,*tmp,*value,*tmp_attr;
- STACK_OF(CONF_VALUE) *sk, *attr=NULL;
- CONF_VALUE *v;
-
- tmp=CONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME);
- if (tmp == NULL)
+ char no_prompt = 0;
+ STACK_OF(CONF_VALUE) *dn_sk, *attr_sk = NULL;
+ char *tmp, *dn_sect,*attr_sect;
+
+ tmp=CONF_get_string(req_conf,SECTION,PROMPT);
+ if((tmp != NULL) && !strcmp(tmp, "no")) no_prompt = 1;
+
+ dn_sect=CONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME);
+ if (dn_sect == NULL)
{
BIO_printf(bio_err,"unable to find '%s' in config\n",
DISTINGUISHED_NAME);
goto err;
}
- sk=CONF_get_section(req_conf,tmp);
- if (sk == NULL)
+ dn_sk=CONF_get_section(req_conf,dn_sect);
+ if (dn_sk == NULL)
{
- BIO_printf(bio_err,"unable to get '%s' section\n",tmp);
+ BIO_printf(bio_err,"unable to get '%s' section\n",dn_sect);
goto err;
}
- tmp_attr=CONF_get_string(req_conf,SECTION,ATTRIBUTES);
- if (tmp_attr == NULL)
- attr=NULL;
+ attr_sect=CONF_get_string(req_conf,SECTION,ATTRIBUTES);
+ if (attr_sect == NULL)
+ attr_sk=NULL;
else
{
- attr=CONF_get_section(req_conf,tmp_attr);
- if (attr == NULL)
+ attr_sk=CONF_get_section(req_conf,attr_sect);
+ if (attr_sk == NULL)
{
- BIO_printf(bio_err,"unable to get '%s' section\n",tmp_attr);
+ BIO_printf(bio_err,"unable to get '%s' section\n",attr_sect);
goto err;
}
}
- ri=req->req_info;
+ /* setup version number */
+ if (!X509_REQ_set_version(req,0L)) goto err; /* version 1 */
+
+ if(no_prompt) i = auto_info(req, dn_sk, attr_sk, attribs);
+ else i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs);
+ if(!i) goto err;
+
+ X509_REQ_set_pubkey(req,pkey);
+ ret=1;
+err:
+ return(ret);
+ }
+
+
+static int prompt_info(X509_REQ *req,
+ STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect,
+ STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs)
+ {
+ int i;
+ char *p,*q;
+ char buf[100];
+ int nid,min,max;
+ char *type,*def,*value;
+ CONF_VALUE *v;
+ X509_NAME *subj;
+ subj = X509_REQ_get_subject_name(req);
BIO_printf(bio_err,"You are about to be asked to enter information that will be incorporated\n");
BIO_printf(bio_err,"into your certificate request.\n");
BIO_printf(bio_err,"What you are about to enter is what is called a Distinguished Name or a DN.\n");
@@ -863,18 +959,16 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs)
BIO_printf(bio_err,"If you enter '.', the field will be left blank.\n");
BIO_printf(bio_err,"-----\n");
- /* setup version number */
- if (!ASN1_INTEGER_set(ri->version,0L)) goto err; /* version 1 */
- if (sk_CONF_VALUE_num(sk))
+ if (sk_CONF_VALUE_num(dn_sk))
{
i= -1;
start: for (;;)
{
i++;
- if (sk_CONF_VALUE_num(sk) <= i) break;
+ if (sk_CONF_VALUE_num(dn_sk) <= i) break;
- v=sk_CONF_VALUE_value(sk,i);
+ v=sk_CONF_VALUE_value(dn_sk,i);
p=q=NULL;
type=v->name;
if(!check_end(type,"_min") || !check_end(type,"_max") ||
@@ -893,32 +987,32 @@ start: for (;;)
/* If OBJ not recognised ignore it */
if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start;
sprintf(buf,"%s_default",v->name);
- if ((def=CONF_get_string(req_conf,tmp,buf)) == NULL)
+ if ((def=CONF_get_string(req_conf,dn_sect,buf)) == NULL)
def="";
sprintf(buf,"%s_value",v->name);
- if ((value=CONF_get_string(req_conf,tmp,buf)) == NULL)
+ if ((value=CONF_get_string(req_conf,dn_sect,buf)) == NULL)
value=NULL;
sprintf(buf,"%s_min",v->name);
- min=(int)CONF_get_number(req_conf,tmp,buf);
+ min=(int)CONF_get_number(req_conf,dn_sect,buf);
sprintf(buf,"%s_max",v->name);
- max=(int)CONF_get_number(req_conf,tmp,buf);
+ max=(int)CONF_get_number(req_conf,dn_sect,buf);
- if (!add_DN_object(ri->subject,v->value,def,value,nid,
+ if (!add_DN_object(subj,v->value,def,value,nid,
min,max))
- goto err;
+ return 0;
}
- if (sk_X509_NAME_ENTRY_num(ri->subject->entries) == 0)
+ if (X509_NAME_entry_count(subj) == 0)
{
BIO_printf(bio_err,"error, no objects specified in config file\n");
- goto err;
+ return 0;
}
if (attribs)
{
- if ((attr != NULL) && (sk_CONF_VALUE_num(attr) > 0))
+ if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0))
{
BIO_printf(bio_err,"\nPlease enter the following 'extra' attributes\n");
BIO_printf(bio_err,"to be sent with your certificate request\n");
@@ -928,57 +1022,101 @@ start: for (;;)
start2: for (;;)
{
i++;
- if ((attr == NULL) ||
- (sk_CONF_VALUE_num(attr) <= i))
+ if ((attr_sk == NULL) ||
+ (sk_CONF_VALUE_num(attr_sk) <= i))
break;
- v=sk_CONF_VALUE_value(attr,i);
+ v=sk_CONF_VALUE_value(attr_sk,i);
type=v->name;
if ((nid=OBJ_txt2nid(type)) == NID_undef)
goto start2;
sprintf(buf,"%s_default",type);
- if ((def=CONF_get_string(req_conf,tmp_attr,buf))
+ if ((def=CONF_get_string(req_conf,attr_sect,buf))
== NULL)
def="";
sprintf(buf,"%s_value",type);
- if ((value=CONF_get_string(req_conf,tmp_attr,buf))
+ if ((value=CONF_get_string(req_conf,attr_sect,buf))
== NULL)
value=NULL;
sprintf(buf,"%s_min",type);
- min=(int)CONF_get_number(req_conf,tmp_attr,buf);
+ min=(int)CONF_get_number(req_conf,attr_sect,buf);
sprintf(buf,"%s_max",type);
- max=(int)CONF_get_number(req_conf,tmp_attr,buf);
+ max=(int)CONF_get_number(req_conf,attr_sect,buf);
- if (!add_attribute_object(ri->attributes,
+ if (!add_attribute_object(req,
v->value,def,value,nid,min,max))
- goto err;
+ return 0;
}
}
}
else
{
BIO_printf(bio_err,"No template, please set one up.\n");
- goto err;
+ return 0;
}
- X509_REQ_set_pubkey(req,pkey);
+ return 1;
- ret=1;
-err:
- return(ret);
}
+static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
+ STACK_OF(CONF_VALUE) *attr_sk, int attribs)
+ {
+ int i;
+ char *p,*q;
+ char *type;
+ CONF_VALUE *v;
+ X509_NAME *subj;
+
+ subj = X509_REQ_get_subject_name(req);
+
+ for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++)
+ {
+ v=sk_CONF_VALUE_value(dn_sk,i);
+ p=q=NULL;
+ type=v->name;
+ /* Skip past any leading X. X: X, etc to allow for
+ * multiple instances
+ */
+ for(p = v->name; *p ; p++)
+ if ((*p == ':') || (*p == ',') || (*p == '.')) {
+ p++;
+ if(*p) type = p;
+ break;
+ }
+ if (!X509_NAME_add_entry_by_txt(subj,type, MBSTRING_ASC,
+ (unsigned char *) v->value,-1,-1,0)) return 0;
+
+ }
+
+ if (!X509_NAME_entry_count(subj))
+ {
+ BIO_printf(bio_err,"error, no objects specified in config file\n");
+ return 0;
+ }
+ if (attribs)
+ {
+ for (i = 0; i < sk_CONF_VALUE_num(attr_sk); i++)
+ {
+ v=sk_CONF_VALUE_value(attr_sk,i);
+ if(!X509_REQ_add1_attr_by_txt(req, v->name, MBSTRING_ASC,
+ (unsigned char *)v->value, -1)) return 0;
+ }
+ }
+ return 1;
+ }
+
+
static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
int nid, int min, int max)
{
- int i,j,ret=0;
- X509_NAME_ENTRY *ne=NULL;
+ int i,ret=0;
MS_STATIC char buf[1024];
-
+start:
BIO_printf(bio_err,"%s [%s]:",text,def);
(void)BIO_flush(bio_err);
if (value != NULL)
@@ -1011,33 +1149,23 @@ static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
}
buf[--i]='\0';
- j=ASN1_PRINTABLE_type((unsigned char *)buf,-1);
- if (req_fix_data(nid,&j,i,min,max) == 0)
- goto err;
#ifdef CHARSET_EBCDIC
ebcdic2ascii(buf, buf, i);
#endif
- if ((ne=X509_NAME_ENTRY_create_by_NID(NULL,nid,j,(unsigned char *)buf,
- strlen(buf)))
- == NULL) goto err;
- if (!X509_NAME_add_entry(n,ne,X509_NAME_entry_count(n),0))
- goto err;
-
+ if(!req_check_len(i, min, max)) goto start;
+ if (!X509_NAME_add_entry_by_NID(n,nid, MBSTRING_ASC,
+ (unsigned char *) buf, -1,-1,0)) goto err;
ret=1;
err:
- if (ne != NULL) X509_NAME_ENTRY_free(ne);
return(ret);
}
-static int add_attribute_object(STACK_OF(X509_ATTRIBUTE) *n, char *text,
+static int add_attribute_object(X509_REQ *req, char *text,
char *def, char *value, int nid, int min,
int max)
{
- int i,z;
- X509_ATTRIBUTE *xa=NULL;
+ int i;
static char buf[1024];
- ASN1_BIT_STRING *bs=NULL;
- ASN1_TYPE *at=NULL;
start:
BIO_printf(bio_err,"%s [%s]:",text,def);
@@ -1071,50 +1199,21 @@ start:
return(0);
}
buf[--i]='\0';
+ if(!req_check_len(i, min, max)) goto start;
- /* add object plus value */
- if ((xa=X509_ATTRIBUTE_new()) == NULL)
- goto err;
- if ((xa->value.set=sk_ASN1_TYPE_new_null()) == NULL)
+ if(!X509_REQ_add1_attr_by_NID(req, nid, MBSTRING_ASC,
+ (unsigned char *)buf, -1)) {
+ BIO_printf(bio_err, "Error adding attribute\n");
+ ERR_print_errors(bio_err);
goto err;
- xa->set=1;
-
- if (xa->object != NULL) ASN1_OBJECT_free(xa->object);
- xa->object=OBJ_nid2obj(nid);
-
- if ((bs=ASN1_BIT_STRING_new()) == NULL) goto err;
-
- bs->type=ASN1_PRINTABLE_type((unsigned char *)buf,-1);
-
- z=req_fix_data(nid,&bs->type,i,min,max);
- if (z == 0)
- {
- if (value == NULL)
- goto start;
- else goto err;
- }
-
- if (!ASN1_STRING_set(bs,(unsigned char *)buf,i+1))
- { BIO_printf(bio_err,"Malloc failure\n"); goto err; }
-
- if ((at=ASN1_TYPE_new()) == NULL)
- { BIO_printf(bio_err,"Malloc failure\n"); goto err; }
-
- ASN1_TYPE_set(at,bs->type,(char *)bs);
- sk_ASN1_TYPE_push(xa->value.set,at);
- bs=NULL;
- at=NULL;
- /* only one item per attribute */
+ }
- if (!sk_X509_ATTRIBUTE_push(n,xa)) goto err;
return(1);
err:
- if (xa != NULL) X509_ATTRIBUTE_free(xa);
- if (at != NULL) ASN1_TYPE_free(at);
- if (bs != NULL) ASN1_BIT_STRING_free(bs);
return(0);
}
+#ifndef NO_RSA
static void MS_CALLBACK req_cb(int p, int n, void *arg)
{
char c='*';
@@ -1129,26 +1228,10 @@ static void MS_CALLBACK req_cb(int p, int n, void *arg)
p=n;
#endif
}
+#endif
-static int req_fix_data(int nid, int *type, int len, int min, int max)
+static int req_check_len(int len, int min, int max)
{
- if (nid == NID_pkcs9_emailAddress)
- *type=V_ASN1_IA5STRING;
- if ((nid == NID_commonName) && (*type == V_ASN1_IA5STRING))
- *type=V_ASN1_T61STRING;
- if ((nid == NID_pkcs9_challengePassword) &&
- (*type == V_ASN1_IA5STRING))
- *type=V_ASN1_T61STRING;
-
- if ((nid == NID_pkcs9_unstructuredName) &&
- (*type == V_ASN1_T61STRING))
- {
- BIO_printf(bio_err,"invalid characters in string, please re-enter the string\n");
- return(0);
- }
- if (nid == NID_pkcs9_unstructuredName)
- *type=V_ASN1_IA5STRING;
-
if (len < min)
{
BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",min);
diff --git a/crypto/openssl/apps/rsa.c b/crypto/openssl/apps/rsa.c
index 9b723ee406cc..9d4c2e656405 100644
--- a/crypto/openssl/apps/rsa.c
+++ b/crypto/openssl/apps/rsa.c
@@ -82,8 +82,12 @@
* -text - print a text version
* -modulus - print the RSA key modulus
* -check - verify key consistency
+ * -pubin - Expect a public key in input file.
+ * -pubout - Output a public key.
*/
+int MAIN(int, char **);
+
int MAIN(int argc, char **argv)
{
int ret=1;
@@ -92,7 +96,10 @@ int MAIN(int argc, char **argv)
const EVP_CIPHER *enc=NULL;
BIO *in=NULL,*out=NULL;
int informat,outformat,text=0,check=0,noout=0;
+ int pubin = 0, pubout = 0;
char *infile,*outfile,*prog;
+ char *passargin = NULL, *passargout = NULL;
+ char *passin = NULL, *passout = NULL;
int modulus=0;
apps_startup();
@@ -131,6 +138,20 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
outfile= *(++argv);
}
+ else if (strcmp(*argv,"-passin") == 0)
+ {
+ if (--argc < 1) goto bad;
+ passargin= *(++argv);
+ }
+ else if (strcmp(*argv,"-passout") == 0)
+ {
+ if (--argc < 1) goto bad;
+ passargout= *(++argv);
+ }
+ else if (strcmp(*argv,"-pubin") == 0)
+ pubin=1;
+ else if (strcmp(*argv,"-pubout") == 0)
+ pubout=1;
else if (strcmp(*argv,"-noout") == 0)
noout=1;
else if (strcmp(*argv,"-text") == 0)
@@ -154,24 +175,38 @@ int MAIN(int argc, char **argv)
bad:
BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
BIO_printf(bio_err,"where options are\n");
- BIO_printf(bio_err," -inform arg input format - one of DER NET PEM\n");
- BIO_printf(bio_err," -outform arg output format - one of DER NET PEM\n");
- BIO_printf(bio_err," -in arg input file\n");
- BIO_printf(bio_err," -out arg output file\n");
- BIO_printf(bio_err," -des encrypt PEM output with cbc des\n");
- BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
+ BIO_printf(bio_err," -inform arg input format - one of DER NET PEM\n");
+ BIO_printf(bio_err," -outform arg output format - one of DER NET PEM\n");
+ BIO_printf(bio_err," -in arg input file\n");
+ BIO_printf(bio_err," -passin arg input file pass phrase source\n");
+ BIO_printf(bio_err," -out arg output file\n");
+ BIO_printf(bio_err," -passout arg output file pass phrase source\n");
+ BIO_printf(bio_err," -des encrypt PEM output with cbc des\n");
+ BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
#ifndef NO_IDEA
- BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n");
+ BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n");
#endif
- BIO_printf(bio_err," -text print the key in text\n");
- BIO_printf(bio_err," -noout don't print key out\n");
- BIO_printf(bio_err," -modulus print the RSA key modulus\n");
- BIO_printf(bio_err," -check verify key consistency\n");
+ BIO_printf(bio_err," -text print the key in text\n");
+ BIO_printf(bio_err," -noout don't print key out\n");
+ BIO_printf(bio_err," -modulus print the RSA key modulus\n");
+ BIO_printf(bio_err," -check verify key consistency\n");
+ BIO_printf(bio_err," -pubin expect a public key in input file\n");
+ BIO_printf(bio_err," -pubout output a public key\n");
goto end;
}
ERR_load_crypto_strings();
+ if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
+ BIO_printf(bio_err, "Error getting passwords\n");
+ goto end;
+ }
+
+ if(check && pubin) {
+ BIO_printf(bio_err, "Only private keys can be checked\n");
+ goto end;
+ }
+
in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL))
@@ -191,9 +226,11 @@ bad:
}
}
- BIO_printf(bio_err,"read RSA private key\n");
- if (informat == FORMAT_ASN1)
- rsa=d2i_RSAPrivateKey_bio(in,NULL);
+ BIO_printf(bio_err,"read RSA key\n");
+ if (informat == FORMAT_ASN1) {
+ if (pubin) rsa=d2i_RSA_PUBKEY_bio(in,NULL);
+ else rsa=d2i_RSAPrivateKey_bio(in,NULL);
+ }
#ifndef NO_RC4
else if (informat == FORMAT_NETSCAPE)
{
@@ -217,12 +254,14 @@ bad:
}
}
p=(unsigned char *)buf->data;
- rsa=(RSA *)d2i_Netscape_RSA(NULL,&p,(long)size,NULL);
+ rsa=d2i_Netscape_RSA(NULL,&p,(long)size,NULL);
BUF_MEM_free(buf);
}
#endif
- else if (informat == FORMAT_PEM)
- rsa=PEM_read_bio_RSAPrivateKey(in,NULL,NULL,NULL);
+ else if (informat == FORMAT_PEM) {
+ if(pubin) rsa=PEM_read_bio_RSA_PUBKEY(in,NULL,NULL,NULL);
+ else rsa=PEM_read_bio_RSAPrivateKey(in,NULL, NULL,passin);
+ }
else
{
BIO_printf(bio_err,"bad input format specified for key\n");
@@ -230,7 +269,7 @@ bad:
}
if (rsa == NULL)
{
- BIO_printf(bio_err,"unable to load Private Key\n");
+ BIO_printf(bio_err,"unable to load key\n");
ERR_print_errors(bio_err);
goto end;
}
@@ -256,9 +295,9 @@ bad:
if (modulus)
{
- fprintf(stdout,"Modulus=");
+ BIO_printf(out,"Modulus=");
BN_print(out,rsa->n);
- fprintf(stdout,"\n");
+ BIO_printf(out,"\n");
}
if (check)
@@ -288,10 +327,16 @@ bad:
}
}
- if (noout) goto end;
- BIO_printf(bio_err,"writing RSA private key\n");
- if (outformat == FORMAT_ASN1)
- i=i2d_RSAPrivateKey_bio(out,rsa);
+ if (noout)
+ {
+ ret = 0;
+ goto end;
+ }
+ BIO_printf(bio_err,"writing RSA key\n");
+ if (outformat == FORMAT_ASN1) {
+ if(pubout || pubin) i=i2d_RSA_PUBKEY_bio(out,rsa);
+ else i=i2d_RSAPrivateKey_bio(out,rsa);
+ }
#ifndef NO_RC4
else if (outformat == FORMAT_NETSCAPE)
{
@@ -311,23 +356,34 @@ bad:
Free(pp);
}
#endif
- else if (outformat == FORMAT_PEM)
- i=PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,NULL,NULL);
- else {
+ else if (outformat == FORMAT_PEM) {
+ if(pubout || pubin)
+ i=PEM_write_bio_RSA_PUBKEY(out,rsa);
+ else i=PEM_write_bio_RSAPrivateKey(out,rsa,
+ enc,NULL,0,NULL,passout);
+ } else {
BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end;
}
if (!i)
{
- BIO_printf(bio_err,"unable to write private key\n");
+ BIO_printf(bio_err,"unable to write key\n");
ERR_print_errors(bio_err);
}
else
ret=0;
end:
- if (in != NULL) BIO_free(in);
- if (out != NULL) BIO_free(out);
- if (rsa != NULL) RSA_free(rsa);
+ if(in != NULL) BIO_free(in);
+ if(out != NULL) BIO_free(out);
+ if(rsa != NULL) RSA_free(rsa);
+ if(passin) Free(passin);
+ if(passout) Free(passout);
EXIT(ret);
}
+#else /* !NO_RSA */
+
+# if PEDANTIC
+static void *dummy=&dummy;
+# endif
+
#endif
diff --git a/crypto/openssl/apps/s_apps.h b/crypto/openssl/apps/s_apps.h
index 1a0e9f9f92ff..57af7c0f8cf0 100644
--- a/crypto/openssl/apps/s_apps.h
+++ b/crypto/openssl/apps/s_apps.h
@@ -84,7 +84,6 @@ typedef fd_mask fd_set;
#define PORT_STR "4433"
#define PROTOCOL "tcp"
-int do_accept(int acc_sock, int *sock, char **host);
int do_server(int port, int *ret, int (*cb) (), char *context);
#ifdef HEADER_X509_H
int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
@@ -97,17 +96,9 @@ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
int set_cert_stuff(char *ctx, char *cert_file, char *key_file);
#endif
int init_client(int *sock, char *server, int port);
-int init_client_ip(int *sock,unsigned char ip[4], int port);
-int nbio_init_client_ip(int *sock,unsigned char ip[4], int port);
-int nbio_sock_error(int sock);
-int spawn(int argc, char **argv, int *in, int *out);
-int init_server(int *sock, int port);
-int init_server_long(int *sock, int port,char *ip);
int should_retry(int i);
-void sock_cleanup(void );
int extract_port(char *str, short *port_ptr);
int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
-int host_ip(char *str, unsigned char ip[4]);
long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp,
int argi, long argl, long ret);
diff --git a/crypto/openssl/apps/s_cb.c b/crypto/openssl/apps/s_cb.c
index fdb11a1d11d7..fd622597d62b 100644
--- a/crypto/openssl/apps/s_cb.c
+++ b/crypto/openssl/apps/s_cb.c
@@ -1,4 +1,4 @@
-/* apps/s_cb.c */
+/* apps/s_cb.c - callback functions used by s_client, s_server, and s_time */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
diff --git a/crypto/openssl/apps/s_client.c b/crypto/openssl/apps/s_client.c
index b06104130e53..e629f8e7f13f 100644
--- a/crypto/openssl/apps/s_client.c
+++ b/crypto/openssl/apps/s_client.c
@@ -56,9 +56,7 @@
* [including the GNU Public Licence.]
*/
-#ifdef APPS_CRLF
-# include <assert.h>
-#endif
+#include <assert.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -83,15 +81,16 @@ typedef unsigned int u_int;
#include <openssl/pem.h>
#include "s_apps.h"
+#ifdef WINDOWS
+#include <conio.h>
+#endif
+
+
#if (defined(VMS) && __VMS_VER < 70000000)
/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
#undef FIONBIO
#endif
-#if defined(NO_RSA) && !defined(NO_SSL2)
-#define NO_SSL2
-#endif
-
#undef PROG
#define PROG s_client_main
@@ -118,6 +117,7 @@ static void sc_usage(void);
static void print_stuff(BIO *berr,SSL *con,int full);
static BIO *bio_c_out=NULL;
static int c_quiet=0;
+static int c_ign_eof=0;
static void sc_usage(void)
{
@@ -142,20 +142,21 @@ static void sc_usage(void)
#ifdef FIONBIO
BIO_printf(bio_err," -nbio - Run with non-blocking IO\n");
#endif
-#ifdef APPS_CRLF /* won't be #ifdef'd in next release */
BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n");
-#endif
BIO_printf(bio_err," -quiet - no s_client output\n");
+ BIO_printf(bio_err," -ign_eof - ignore input eof (default when -quiet)\n");
BIO_printf(bio_err," -ssl2 - just use SSLv2\n");
BIO_printf(bio_err," -ssl3 - just use SSLv3\n");
BIO_printf(bio_err," -tls1 - just use TLSv1\n");
BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n");
- BIO_printf(bio_err," -cipher - prefered cipher to use, use the 'openssl ciphers'\n");
+ BIO_printf(bio_err," -cipher - preferred cipher to use, use the 'openssl ciphers'\n");
BIO_printf(bio_err," command to see what is available\n");
}
+int MAIN(int, char **);
+
int MAIN(int argc, char **argv)
{
int off=0;
@@ -171,15 +172,16 @@ int MAIN(int argc, char **argv)
char *cert_file=NULL,*key_file=NULL;
char *CApath=NULL,*CAfile=NULL,*cipher=NULL;
int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;
-#ifdef APPS_CRLF
int crlf=0;
-#endif
int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
SSL_CTX *ctx=NULL;
int ret=1,in_init=1,i,nbio_test=0;
+ int prexit = 0;
SSL_METHOD *meth=NULL;
BIO *sbio;
- /*static struct timeval timeout={10,0};*/
+#ifdef WINDOWS
+ struct timeval tv;
+#endif
#if !defined(NO_SSL2) && !defined(NO_SSL3)
meth=SSLv23_client_method();
@@ -192,6 +194,7 @@ int MAIN(int argc, char **argv)
apps_startup();
c_Pause=0;
c_quiet=0;
+ c_ign_eof=0;
c_debug=0;
c_showcerts=0;
@@ -244,12 +247,17 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
cert_file= *(++argv);
}
-#ifdef APPS_CRLF
+ else if (strcmp(*argv,"-prexit") == 0)
+ prexit=1;
else if (strcmp(*argv,"-crlf") == 0)
crlf=1;
-#endif
else if (strcmp(*argv,"-quiet") == 0)
+ {
c_quiet=1;
+ c_ign_eof=1;
+ }
+ else if (strcmp(*argv,"-ign_eof") == 0)
+ c_ign_eof=1;
else if (strcmp(*argv,"-pause") == 0)
c_Pause=1;
else if (strcmp(*argv,"-debug") == 0)
@@ -324,6 +332,8 @@ bad:
goto end;
}
+ app_RAND_load_file(NULL, bio_err, 0);
+
if (bio_c_out == NULL)
{
if (c_quiet)
@@ -337,7 +347,8 @@ bad:
}
}
- SSLeay_add_ssl_algorithms();
+ OpenSSL_add_ssl_algorithms();
+ SSL_load_error_strings();
ctx=SSL_CTX_new(meth);
if (ctx == NULL)
{
@@ -352,7 +363,11 @@ bad:
if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
if (cipher != NULL)
- SSL_CTX_set_cipher_list(ctx,cipher);
+ if(!SSL_CTX_set_cipher_list(ctx,cipher)) {
+ BIO_printf(bio_err,"error setting cipher list\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
#if 0
else
SSL_CTX_set_cipher_list(ctx,getenv("SSL_CIPHER"));
@@ -365,14 +380,13 @@ bad:
if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
(!SSL_CTX_set_default_verify_paths(ctx)))
{
- /* BIO_printf(bio_err,"error seting default verify locations\n"); */
+ /* BIO_printf(bio_err,"error setting default verify locations\n"); */
ERR_print_errors(bio_err);
/* goto end; */
}
- SSL_load_error_strings();
- con=(SSL *)SSL_new(ctx);
+ con=SSL_new(ctx);
/* SSL_set_cipher_list(con,"RC4-MD5"); */
re_start:
@@ -473,12 +487,18 @@ re_start:
if (read_tty) FD_SET(fileno(stdin),&readfds);
if (write_tty) FD_SET(fileno(stdout),&writefds);
}
-#endif
if (read_ssl)
FD_SET(SSL_get_fd(con),&readfds);
if (write_ssl)
FD_SET(SSL_get_fd(con),&writefds);
-
+#else
+ if(!tty_on || !write_tty) {
+ if (read_ssl)
+ FD_SET(SSL_get_fd(con),&readfds);
+ if (write_ssl)
+ FD_SET(SSL_get_fd(con),&writefds);
+ }
+#endif
/* printf("mode tty(%d %d%d) ssl(%d%d)\n",
tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
@@ -488,8 +508,29 @@ re_start:
* will choke the compiler: if you do have a cast then
* you can either go for (int *) or (void *).
*/
+#ifdef WINDOWS
+ /* Under Windows we make the assumption that we can
+ * always write to the tty: therefore if we need to
+ * write to the tty we just fall through. Otherwise
+ * we timeout the select every second and see if there
+ * are any keypresses. Note: this is a hack, in a proper
+ * Windows application we wouldn't do this.
+ */
+ i=0;
+ if(!write_tty) {
+ if(read_tty) {
+ tv.tv_sec = 1;
+ tv.tv_usec = 0;
+ i=select(width,(void *)&readfds,(void *)&writefds,
+ NULL,&tv);
+ if(!i && (!_kbhit() || !read_tty) ) continue;
+ } else i=select(width,(void *)&readfds,(void *)&writefds,
+ NULL,NULL);
+ }
+#else
i=select(width,(void *)&readfds,(void *)&writefds,
NULL,NULL);
+#endif
if ( i < 0)
{
BIO_printf(bio_err,"bad select %d\n",
@@ -566,8 +607,12 @@ re_start:
goto shut;
}
}
-#ifndef WINDOWS
+#ifdef WINDOWS
+ /* Assume Windows can always write */
+ else if (!ssl_pending && write_tty)
+#else
else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds))
+#endif
{
#ifdef CHARSET_EBCDIC
ascii2ebcdic(&(sbuf[sbuf_off]),&(sbuf[sbuf_off]),sbuf_len);
@@ -589,7 +634,6 @@ re_start:
write_tty=0;
}
}
-#endif
else if (ssl_pending || FD_ISSET(SSL_get_fd(con),&readfds))
{
#ifdef RENEG
@@ -644,10 +688,12 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240
}
}
-#ifndef WINDOWS
+#ifdef WINDOWS
+ else if (_kbhit())
+#else
else if (FD_ISSET(fileno(stdin),&readfds))
+#endif
{
-#ifdef APPS_CRLF
if (crlf)
{
int j, lf_num;
@@ -671,16 +717,15 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240
assert(lf_num == 0);
}
else
-#endif
i=read(fileno(stdin),cbuf,BUFSIZZ);
- if ((!c_quiet) && ((i <= 0) || (cbuf[0] == 'Q')))
+ if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q')))
{
BIO_printf(bio_err,"DONE\n");
goto shut;
}
- if ((!c_quiet) && (cbuf[0] == 'R'))
+ if ((!c_ign_eof) && (cbuf[0] == 'R'))
{
BIO_printf(bio_err,"RENEGOTIATING\n");
SSL_renegotiate(con);
@@ -698,13 +743,13 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240
write_ssl=1;
read_tty=0;
}
-#endif
}
shut:
SSL_shutdown(con);
SHUTDOWN(SSL_get_fd(con));
ret=0;
end:
+ if(prexit) print_stuff(bio_c_out,con,1);
if (con != NULL) SSL_free(con);
if (con2 != NULL) SSL_free(con2);
if (ctx != NULL) SSL_CTX_free(ctx);
diff --git a/crypto/openssl/apps/s_server.c b/crypto/openssl/apps/s_server.c
index 9a81418cda84..af19b89227a0 100644
--- a/crypto/openssl/apps/s_server.c
+++ b/crypto/openssl/apps/s_server.c
@@ -56,9 +56,7 @@
* [including the GNU Public Licence.]
*/
-#ifdef APPS_CRLF
-# include <assert.h>
-#endif
+#include <assert.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -87,15 +85,15 @@ typedef unsigned int u_int;
#include <openssl/ssl.h>
#include "s_apps.h"
+#ifdef WINDOWS
+#include <conio.h>
+#endif
+
#if (defined(VMS) && __VMS_VER < 70000000)
/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
#undef FIONBIO
#endif
-#if defined(NO_RSA) && !defined(NO_SSL2)
-#define NO_SSL2
-#endif
-
#ifndef NO_RSA
static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength);
#endif
@@ -106,10 +104,12 @@ static void sv_usage(void);
static int init_ssl_connection(SSL *s);
static void print_stats(BIO *bp,SSL_CTX *ctx);
#ifndef NO_DH
-static DH *load_dh_param(void );
+static DH *load_dh_param(char *dhfile);
static DH *get_dh512(void);
#endif
-/* static void s_server_init(void);*/
+#ifdef MONOLITH
+static void s_server_init(void);
+#endif
#ifndef S_ISDIR
# if defined(_S_IFMT) && defined(_S_IFDIR)
@@ -149,15 +149,13 @@ static DH *get_dh512(void)
#undef BUFSIZZ
#define BUFSIZZ 16*1024
-static int bufsize=32;
+static int bufsize=BUFSIZZ;
static int accept_socket= -1;
#define TEST_CERT "server.pem"
#undef PROG
#define PROG s_server_main
-#define DH_PARAM "server.pem"
-
extern int verify_depth;
static char *cipher=NULL;
@@ -169,9 +167,7 @@ static char *s_dcert_file=NULL,*s_dkey_file=NULL;
static int s_nbio=0;
#endif
static int s_nbio_test=0;
-#ifdef APPS_CRLF /* won't be #ifdef'd in next release */
int s_crlf=0;
-#endif
static SSL_CTX *ctx=NULL;
static int www=0;
@@ -179,9 +175,12 @@ static BIO *bio_s_out=NULL;
static int s_debug=0;
static int s_quiet=0;
-#if 0
+static int hack=0;
+
+#ifdef MONOLITH
static void s_server_init(void)
{
+ accept_socket=-1;
cipher=NULL;
s_server_verify=SSL_VERIFY_NONE;
s_dcert_file=NULL;
@@ -198,6 +197,7 @@ static void s_server_init(void)
bio_s_out=NULL;
s_debug=0;
s_quiet=0;
+ hack=0;
}
#endif
@@ -211,17 +211,17 @@ static void sv_usage(void)
BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n");
BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n");
BIO_printf(bio_err," (default is %s)\n",TEST_CERT);
- BIO_printf(bio_err," -key arg - RSA file to use, PEM format assumed, in cert file if\n");
+ BIO_printf(bio_err," -key arg - Private Key file to use, PEM format assumed, in cert file if\n");
BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT);
BIO_printf(bio_err," -dcert arg - second certificate file to use (usually for DSA)\n");
BIO_printf(bio_err," -dkey arg - second private key file to use (usually for DSA)\n");
+ BIO_printf(bio_err," -dhparam arg - DH parameter file to use, in cert file if not specified\n");
+ BIO_printf(bio_err," or a default set of parameters is used\n");
#ifdef FIONBIO
BIO_printf(bio_err," -nbio - Run with non-blocking IO\n");
#endif
BIO_printf(bio_err," -nbio_test - test with the non-blocking test bio\n");
-#ifdef APPS_CRLF
BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n");
-#endif
BIO_printf(bio_err," -debug - Print more output\n");
BIO_printf(bio_err," -state - Print the SSL states\n");
BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
@@ -239,14 +239,13 @@ static void sv_usage(void)
#ifndef NO_DH
BIO_printf(bio_err," -no_dhe - Disable ephemeral DH\n");
#endif
- BIO_printf(bio_err," -bugs - Turn on SSL bug compatability\n");
+ BIO_printf(bio_err," -bugs - Turn on SSL bug compatibility\n");
BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n");
BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
}
static int local_argc=0;
static char **local_argv;
-static int hack=0;
#ifdef CHARSET_EBCDIC
static int ebcdic_new(BIO *bi);
@@ -337,7 +336,7 @@ static int ebcdic_write(BIO *b, char *in, int inl)
num = num + num; /* double the size */
if (num < inl)
num = inl;
- Free((char*)wbuf);
+ Free(wbuf);
wbuf=(EBCDIC_OUTBUFF *)Malloc(sizeof(EBCDIC_OUTBUFF) + num);
wbuf->alloced = num;
@@ -398,11 +397,14 @@ static int ebcdic_puts(BIO *bp, char *str)
}
#endif
+int MAIN(int, char **);
+
int MAIN(int argc, char *argv[])
{
short port=PORT;
char *CApath=NULL,*CAfile=NULL;
char *context = NULL;
+ char *dhfile = NULL;
int badop=0,bugs=0;
int ret=1;
int off=0;
@@ -425,8 +427,9 @@ int MAIN(int argc, char *argv[])
local_argv=argv;
apps_startup();
- s_quiet=0;
- s_debug=0;
+#ifdef MONOLITH
+ s_server_init();
+#endif
if (bio_err == NULL)
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
@@ -479,6 +482,11 @@ int MAIN(int argc, char *argv[])
if (--argc < 1) goto bad;
s_key_file= *(++argv);
}
+ else if (strcmp(*argv,"-dhparam") == 0)
+ {
+ if (--argc < 1) goto bad;
+ dhfile = *(++argv);
+ }
else if (strcmp(*argv,"-dcert") == 0)
{
if (--argc < 1) goto bad;
@@ -525,10 +533,8 @@ int MAIN(int argc, char *argv[])
{ hack=1; }
else if (strcmp(*argv,"-state") == 0)
{ state=1; }
-#ifdef APPS_CRLF
else if (strcmp(*argv,"-crlf") == 0)
{ s_crlf=1; }
-#endif
else if (strcmp(*argv,"-quiet") == 0)
{ s_quiet=1; }
else if (strcmp(*argv,"-bugs") == 0)
@@ -575,6 +581,8 @@ bad:
goto end;
}
+ app_RAND_load_file(NULL, bio_err, 0);
+
if (bio_s_out == NULL)
{
if (s_quiet && !s_debug)
@@ -599,7 +607,7 @@ bad:
}
SSL_load_error_strings();
- SSLeay_add_ssl_algorithms();
+ OpenSSL_add_ssl_algorithms();
ctx=SSL_CTX_new(meth);
if (ctx == NULL)
@@ -641,8 +649,7 @@ bad:
#ifndef NO_DH
if (!no_dhe)
{
- /* EAY EAY EAY evil hack */
- dh=load_dh_param();
+ dh=load_dh_param(dhfile ? dhfile : s_cert_file);
if (dh != NULL)
{
BIO_printf(bio_s_out,"Setting temp DH parameters\n");
@@ -692,12 +699,17 @@ bad:
#endif
if (cipher != NULL)
- SSL_CTX_set_cipher_list(ctx,cipher);
+ if(!SSL_CTX_set_cipher_list(ctx,cipher)) {
+ BIO_printf(bio_err,"error setting cipher list\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
SSL_CTX_set_verify(ctx,s_server_verify,verify_callback);
SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context,
sizeof s_server_session_id_context);
- SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));
+ if (CAfile != NULL)
+ SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));
BIO_printf(bio_s_out,"ACCEPT\n");
if (www)
@@ -750,6 +762,9 @@ static int sv_body(char *hostname, int s, unsigned char *context)
unsigned long l;
SSL *con=NULL;
BIO *sbio;
+#ifdef WINDOWS
+ struct timeval tv;
+#endif
if ((buf=Malloc(bufsize)) == NULL)
{
@@ -769,7 +784,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
#endif
if (con == NULL) {
- con=(SSL *)SSL_new(ctx);
+ con=SSL_new(ctx);
if(context)
SSL_set_session_id_context(con, context,
strlen((char *)context));
@@ -798,22 +813,48 @@ static int sv_body(char *hostname, int s, unsigned char *context)
width=s+1;
for (;;)
{
- FD_ZERO(&readfds);
+ int read_from_terminal;
+ int read_from_sslcon;
+
+ read_from_terminal = 0;
+ read_from_sslcon = SSL_pending(con);
+
+ if (!read_from_sslcon)
+ {
+ FD_ZERO(&readfds);
#ifndef WINDOWS
- FD_SET(fileno(stdin),&readfds);
+ FD_SET(fileno(stdin),&readfds);
#endif
- FD_SET(s,&readfds);
- /* Note: under VMS with SOCKETSHR the second parameter is
- * currently of type (int *) whereas under other systems
- * it is (void *) if you don't have a cast it will choke
- * the compiler: if you do have a cast then you can either
- * go for (int *) or (void *).
- */
- i=select(width,(void *)&readfds,NULL,NULL,NULL);
- if (i <= 0) continue;
- if (FD_ISSET(fileno(stdin),&readfds))
+ FD_SET(s,&readfds);
+ /* Note: under VMS with SOCKETSHR the second parameter is
+ * currently of type (int *) whereas under other systems
+ * it is (void *) if you don't have a cast it will choke
+ * the compiler: if you do have a cast then you can either
+ * go for (int *) or (void *).
+ */
+#ifdef WINDOWS
+ /* Under Windows we can't select on stdin: only
+ * on sockets. As a workaround we timeout the select every
+ * second and check for any keypress. In a proper Windows
+ * application we wouldn't do this because it is inefficient.
+ */
+ tv.tv_sec = 1;
+ tv.tv_usec = 0;
+ i=select(width,(void *)&readfds,NULL,NULL,&tv);
+ if((i < 0) || (!i && !_kbhit() ) )continue;
+ if(_kbhit())
+ read_from_terminal = 1;
+#else
+ i=select(width,(void *)&readfds,NULL,NULL,NULL);
+ if (i <= 0) continue;
+ if (FD_ISSET(fileno(stdin),&readfds))
+ read_from_terminal = 1;
+#endif
+ if (FD_ISSET(s,&readfds))
+ read_from_sslcon = 1;
+ }
+ if (read_from_terminal)
{
-#ifdef APPS_CRLF
if (s_crlf)
{
int j, lf_num;
@@ -837,7 +878,6 @@ static int sv_body(char *hostname, int s, unsigned char *context)
assert(lf_num == 0);
}
else
-#endif
i=read(fileno(stdin),buf,bufsize);
if (!s_quiet)
{
@@ -926,7 +966,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
if (i <= 0) break;
}
}
- if (FD_ISSET(s,&readfds))
+ if (read_from_sslcon)
{
if (!SSL_is_init_finished(con))
{
@@ -1059,12 +1099,12 @@ static int init_ssl_connection(SSL *con)
}
#ifndef NO_DH
-static DH *load_dh_param(void)
+static DH *load_dh_param(char *dhfile)
{
DH *ret=NULL;
BIO *bio;
- if ((bio=BIO_new_file(DH_PARAM,"r")) == NULL)
+ if ((bio=BIO_new_file(dhfile,"r")) == NULL)
goto err;
ret=PEM_read_bio_DHparams(bio,NULL,NULL,NULL);
err:
@@ -1126,7 +1166,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
/* lets make the output buffer a reasonable size */
if (!BIO_set_write_buffer_size(io,bufsize)) goto err;
- if ((con=(SSL *)SSL_new(ctx)) == NULL) goto err;
+ if ((con=SSL_new(ctx)) == NULL) goto err;
if(context) SSL_set_session_id_context(con, context,
strlen((char *)context));
@@ -1424,7 +1464,7 @@ end:
/* make sure we re-use sessions */
SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
#else
- /* This kills performace */
+ /* This kills performance */
/* SSL_shutdown(con); A shutdown gets sent in the
* BIO_free_all(io) procession */
#endif
diff --git a/crypto/openssl/apps/s_socket.c b/crypto/openssl/apps/s_socket.c
index 888b66df18ea..081b1a57d174 100644
--- a/crypto/openssl/apps/s_socket.c
+++ b/crypto/openssl/apps/s_socket.c
@@ -1,4 +1,4 @@
-/* apps/s_socket.c */
+/* apps/s_socket.c - socket-related functions used by s_client and s_server */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -79,16 +79,17 @@ typedef unsigned int u_int;
#include "s_apps.h"
#include <openssl/ssl.h>
-#ifdef VMS
-#if (__VMS_VER < 70000000) /* FIONBIO used as a switch to enable ioctl,
- and that isn't in VMS < 7.0 */
-#undef FIONBIO
-#endif
-#include <processes.h> /* for vfork() */
+static struct hostent *GetHostByName(char *name);
+#ifdef WINDOWS
+static void sock_cleanup(void);
#endif
+static int sock_init(void);
+static int init_client_ip(int *sock,unsigned char ip[4], int port);
+static int init_server(int *sock, int port);
+static int init_server_long(int *sock, int port,char *ip);
+static int do_accept(int acc_sock, int *sock, char **host);
+static int host_ip(char *str, unsigned char ip[4]);
-static struct hostent *GetHostByName(char *name);
-int sock_init(void );
#ifdef WIN16
#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
#else
@@ -131,19 +132,19 @@ static BOOL CALLBACK enumproc(HWND hwnd,LPARAM lParam)
#endif /* WIN32 */
#endif /* WINDOWS */
-void sock_cleanup(void)
- {
#ifdef WINDOWS
+static void sock_cleanup(void)
+ {
if (wsa_init_done)
{
wsa_init_done=0;
WSACancelBlockingCall();
WSACleanup();
}
-#endif
}
+#endif
-int sock_init(void)
+static int sock_init(void)
{
#ifdef WINDOWS
if (!wsa_init_done)
@@ -187,7 +188,7 @@ int init_client(int *sock, char *host, int port)
return(init_client_ip(sock,ip,port));
}
-int init_client_ip(int *sock, unsigned char ip[4], int port)
+static int init_client_ip(int *sock, unsigned char ip[4], int port)
{
unsigned long addr;
struct sockaddr_in them;
@@ -218,75 +219,6 @@ int init_client_ip(int *sock, unsigned char ip[4], int port)
return(1);
}
-int nbio_sock_error(int sock)
- {
- int j,i;
- int size;
-
- size=sizeof(int);
- /* Note: under VMS with SOCKETSHR the third parameter is currently
- * of type (int *) whereas under other systems it is (void *) if
- * you don't have a cast it will choke the compiler: if you do
- * have a cast then you can either go for (int *) or (void *).
- */
- i=getsockopt(sock,SOL_SOCKET,SO_ERROR,(char *)&j,(void *)&size);
- if (i < 0)
- return(1);
- else
- return(j);
- }
-
-int nbio_init_client_ip(int *sock, unsigned char ip[4], int port)
- {
- unsigned long addr;
- struct sockaddr_in them;
- int s,i;
-
- if (!sock_init()) return(0);
-
- memset((char *)&them,0,sizeof(them));
- them.sin_family=AF_INET;
- them.sin_port=htons((unsigned short)port);
- addr= (unsigned long)
- ((unsigned long)ip[0]<<24L)|
- ((unsigned long)ip[1]<<16L)|
- ((unsigned long)ip[2]<< 8L)|
- ((unsigned long)ip[3]);
- them.sin_addr.s_addr=htonl(addr);
-
- if (*sock <= 0)
- {
-#ifdef FIONBIO
- unsigned long l=1;
-#endif
-
- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
- if (s == INVALID_SOCKET) { perror("socket"); return(0); }
-
- i=0;
- i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
- if (i < 0) { perror("keepalive"); return(0); }
- *sock=s;
-
-#ifdef FIONBIO
- BIO_socket_ioctl(s,FIONBIO,&l);
-#endif
- }
- else
- s= *sock;
-
- i=connect(s,(struct sockaddr *)&them,sizeof(them));
- if (i == INVALID_SOCKET)
- {
- if (BIO_sock_should_retry(i))
- return(-1);
- else
- return(0);
- }
- else
- return(1);
- }
-
int do_server(int port, int *ret, int (*cb)(), char *context)
{
int sock;
@@ -319,7 +251,7 @@ int do_server(int port, int *ret, int (*cb)(), char *context)
}
}
-int init_server_long(int *sock, int port, char *ip)
+static int init_server_long(int *sock, int port, char *ip)
{
int ret=0;
struct sockaddr_in server;
@@ -369,12 +301,12 @@ err:
return(ret);
}
-int init_server(int *sock, int port)
+static int init_server(int *sock, int port)
{
return(init_server_long(sock, port, NULL));
}
-int do_accept(int acc_sock, int *sock, char **host)
+static int do_accept(int acc_sock, int *sock, char **host)
{
int ret,i;
struct hostent *h1,*h2;
@@ -490,7 +422,7 @@ err:
return(0);
}
-int host_ip(char *str, unsigned char ip[4])
+static int host_ip(char *str, unsigned char ip[4])
{
unsigned int in[4];
int i;
@@ -606,69 +538,3 @@ static struct hostent *GetHostByName(char *name)
return(ret);
}
}
-
-#ifndef MSDOS
-int spawn(int argc, char **argv, int *in, int *out)
- {
- int pid;
-#define CHILD_READ p1[0]
-#define CHILD_WRITE p2[1]
-#define PARENT_READ p2[0]
-#define PARENT_WRITE p1[1]
- int p1[2],p2[2];
-
- if ((pipe(p1) < 0) || (pipe(p2) < 0)) return(-1);
-
-#ifdef VMS
- if ((pid=vfork()) == 0)
-#else
- if ((pid=fork()) == 0)
-#endif
- { /* child */
- if (dup2(CHILD_WRITE,fileno(stdout)) < 0)
- perror("dup2");
- if (dup2(CHILD_WRITE,fileno(stderr)) < 0)
- perror("dup2");
- if (dup2(CHILD_READ,fileno(stdin)) < 0)
- perror("dup2");
- close(CHILD_READ);
- close(CHILD_WRITE);
-
- close(PARENT_READ);
- close(PARENT_WRITE);
- execvp(argv[0],argv);
- perror("child");
- exit(1);
- }
-
- /* parent */
- *in= PARENT_READ;
- *out=PARENT_WRITE;
- close(CHILD_READ);
- close(CHILD_WRITE);
- return(pid);
- }
-#endif /* MSDOS */
-
-
-#ifdef undef
- /* Turn on synchronous sockets so that we can do a WaitForMultipleObjects
- * on sockets */
- {
- SOCKET s;
- int optionValue = SO_SYNCHRONOUS_NONALERT;
- int err;
-
- err = setsockopt(
- INVALID_SOCKET,
- SOL_SOCKET,
- SO_OPENTYPE,
- (char *)&optionValue,
- sizeof(optionValue));
- if (err != NO_ERROR) {
- /* failed for some reason... */
- BIO_printf(bio_err, "failed to setsockopt(SO_OPENTYPE, SO_SYNCHRONOUS_ALERT) - %d\n",
- WSAGetLastError());
- }
- }
-#endif
diff --git a/crypto/openssl/apps/s_time.c b/crypto/openssl/apps/s_time.c
index a529e2a1190d..39fd3b8b4d98 100644
--- a/crypto/openssl/apps/s_time.c
+++ b/crypto/openssl/apps/s_time.c
@@ -67,10 +67,6 @@
#include <stdlib.h>
#include <string.h>
-#if defined(NO_RSA) && !defined(NO_SSL2)
-#define NO_SSL2
-#endif
-
#ifdef NO_STDIO
#define APPS_WIN16
#endif
@@ -220,7 +216,7 @@ static void s_time_usage(void)
file if not specified by this option\n\
-CApath arg - PEM format directory of CA's\n\
-CAfile arg - PEM format file of CA's\n\
--cipher - prefered cipher to use, play with 'openssl ciphers'\n\n";
+-cipher - preferred cipher to use, play with 'openssl ciphers'\n\n";
printf( "usage: s_time <args>\n\n" );
@@ -229,7 +225,7 @@ static void s_time_usage(void)
printf("-nbio - Run with non-blocking IO\n");
printf("-ssl2 - Just use SSLv2\n");
printf("-ssl3 - Just use SSLv3\n");
- printf("-bugs - Turn on SSL bug compatability\n");
+ printf("-bugs - Turn on SSL bug compatibility\n");
printf("-new - Just time new connections\n");
printf("-reuse - Just time connection reuse\n");
printf("-www page - Retrieve 'page' from the site\n");
@@ -248,15 +244,6 @@ static int parseArgs(int argc, char **argv)
verify_depth=0;
verify_error=X509_V_OK;
-#ifdef FIONBIO
- t_nbio=0;
-#endif
-
- apps_startup();
- s_time_init();
-
- if (bio_err == NULL)
- bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
argc--;
argv++;
@@ -401,6 +388,8 @@ static double tm_Time_F(int s)
* MAIN - main processing area for client
* real name depends on MONOLITH
*/
+int MAIN(int, char **);
+
int MAIN(int argc, char **argv)
{
double totalTime = 0.0;
@@ -411,6 +400,12 @@ int MAIN(int argc, char **argv)
MS_STATIC char buf[1024*8];
int ver;
+ apps_startup();
+ s_time_init();
+
+ if (bio_err == NULL)
+ bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+
#if !defined(NO_SSL2) && !defined(NO_SSL3)
s_time_meth=SSLv23_client_method();
#elif !defined(NO_SSL3)
@@ -423,7 +418,7 @@ int MAIN(int argc, char **argv)
if( parseArgs( argc, argv ) < 0 )
goto end;
- SSLeay_add_ssl_algorithms();
+ OpenSSL_add_ssl_algorithms();
if ((tm_ctx=SSL_CTX_new(s_time_meth)) == NULL) return(1);
SSL_CTX_set_quiet_shutdown(tm_ctx,1);
@@ -438,7 +433,7 @@ int MAIN(int argc, char **argv)
if ((!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) ||
(!SSL_CTX_set_default_verify_paths(tm_ctx)))
{
- /* BIO_printf(bio_err,"error seting default verify locations\n"); */
+ /* BIO_printf(bio_err,"error setting default verify locations\n"); */
ERR_print_errors(bio_err);
/* goto end; */
}
@@ -639,7 +634,7 @@ static SSL *doConnection(SSL *scon)
BIO_set_conn_hostname(conn,host);
if (scon == NULL)
- serverCon=(SSL *)SSL_new(tm_ctx);
+ serverCon=SSL_new(tm_ctx);
else
{
serverCon=scon;
diff --git a/crypto/openssl/apps/sess_id.c b/crypto/openssl/apps/sess_id.c
index 8ac118d4a1e6..71d5aa0b7c6c 100644
--- a/crypto/openssl/apps/sess_id.c
+++ b/crypto/openssl/apps/sess_id.c
@@ -72,7 +72,7 @@
static char *sess_id_usage[]={
"usage: sess_id args\n",
"\n",
-" -inform arg - input format - default PEM (one of DER, TXT or PEM)\n",
+" -inform arg - input format - default PEM (DER or PEM)\n",
" -outform arg - output format - default PEM\n",
" -in arg - input file - default stdin\n",
" -out arg - output file - default stdout\n",
@@ -84,6 +84,9 @@ NULL
};
static SSL_SESSION *load_sess_id(char *file, int format);
+
+int MAIN(int, char **);
+
int MAIN(int argc, char **argv)
{
SSL_SESSION *x=NULL;
diff --git a/crypto/openssl/apps/smime.c b/crypto/openssl/apps/smime.c
new file mode 100644
index 000000000000..7dc66d6ecd56
--- /dev/null
+++ b/crypto/openssl/apps/smime.c
@@ -0,0 +1,535 @@
+/* smime.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* S/MIME utility function */
+
+#include <stdio.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/crypto.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+
+#undef PROG
+#define PROG smime_main
+static X509 *load_cert(char *file);
+static EVP_PKEY *load_key(char *file, char *pass);
+static STACK_OF(X509) *load_certs(char *file);
+static X509_STORE *setup_verify(char *CAfile, char *CApath);
+static int save_certs(char *signerfile, STACK_OF(X509) *signers);
+
+#define SMIME_OP 0x10
+#define SMIME_ENCRYPT (1 | SMIME_OP)
+#define SMIME_DECRYPT 2
+#define SMIME_SIGN (3 | SMIME_OP)
+#define SMIME_VERIFY 4
+#define SMIME_PK7OUT 5
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+ int operation = 0;
+ int ret = 0;
+ char **args;
+ char *inmode = "r", *outmode = "w";
+ char *infile = NULL, *outfile = NULL;
+ char *signerfile = NULL, *recipfile = NULL;
+ char *certfile = NULL, *keyfile = NULL;
+ EVP_CIPHER *cipher = NULL;
+ PKCS7 *p7 = NULL;
+ X509_STORE *store = NULL;
+ X509 *cert = NULL, *recip = NULL, *signer = NULL;
+ EVP_PKEY *key = NULL;
+ STACK_OF(X509) *encerts = NULL, *other = NULL;
+ BIO *in = NULL, *out = NULL, *indata = NULL;
+ int badarg = 0;
+ int flags = PKCS7_DETACHED;
+ char *to = NULL, *from = NULL, *subject = NULL;
+ char *CAfile = NULL, *CApath = NULL;
+ char *passargin = NULL, *passin = NULL;
+ char *inrand = NULL;
+ int need_rand = 0;
+ args = argv + 1;
+
+ ret = 1;
+
+ while (!badarg && *args && *args[0] == '-') {
+ if (!strcmp (*args, "-encrypt")) operation = SMIME_ENCRYPT;
+ else if (!strcmp (*args, "-decrypt")) operation = SMIME_DECRYPT;
+ else if (!strcmp (*args, "-sign")) operation = SMIME_SIGN;
+ else if (!strcmp (*args, "-verify")) operation = SMIME_VERIFY;
+ else if (!strcmp (*args, "-pk7out")) operation = SMIME_PK7OUT;
+#ifndef NO_DES
+ else if (!strcmp (*args, "-des3"))
+ cipher = EVP_des_ede3_cbc();
+ else if (!strcmp (*args, "-des"))
+ cipher = EVP_des_cbc();
+#endif
+#ifndef NO_RC2
+ else if (!strcmp (*args, "-rc2-40"))
+ cipher = EVP_rc2_40_cbc();
+ else if (!strcmp (*args, "-rc2-128"))
+ cipher = EVP_rc2_cbc();
+ else if (!strcmp (*args, "-rc2-64"))
+ cipher = EVP_rc2_64_cbc();
+#endif
+ else if (!strcmp (*args, "-text"))
+ flags |= PKCS7_TEXT;
+ else if (!strcmp (*args, "-nointern"))
+ flags |= PKCS7_NOINTERN;
+ else if (!strcmp (*args, "-noverify"))
+ flags |= PKCS7_NOVERIFY;
+ else if (!strcmp (*args, "-nochain"))
+ flags |= PKCS7_NOCHAIN;
+ else if (!strcmp (*args, "-nocerts"))
+ flags |= PKCS7_NOCERTS;
+ else if (!strcmp (*args, "-noattr"))
+ flags |= PKCS7_NOATTR;
+ else if (!strcmp (*args, "-nodetach"))
+ flags &= ~PKCS7_DETACHED;
+ else if (!strcmp (*args, "-binary"))
+ flags |= PKCS7_BINARY;
+ else if (!strcmp (*args, "-nosigs"))
+ flags |= PKCS7_NOSIGS;
+ else if (!strcmp(*args,"-rand")) {
+ if (args[1]) {
+ args++;
+ inrand = *args;
+ } else badarg = 1;
+ need_rand = 1;
+ } else if (!strcmp(*args,"-passin")) {
+ if (args[1]) {
+ args++;
+ passargin = *args;
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-to")) {
+ if (args[1]) {
+ args++;
+ to = *args;
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-from")) {
+ if (args[1]) {
+ args++;
+ from = *args;
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-subject")) {
+ if (args[1]) {
+ args++;
+ subject = *args;
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-signer")) {
+ if (args[1]) {
+ args++;
+ signerfile = *args;
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-recip")) {
+ if (args[1]) {
+ args++;
+ recipfile = *args;
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-inkey")) {
+ if (args[1]) {
+ args++;
+ keyfile = *args;
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-certfile")) {
+ if (args[1]) {
+ args++;
+ certfile = *args;
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-CAfile")) {
+ if (args[1]) {
+ args++;
+ CAfile = *args;
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-CApath")) {
+ if (args[1]) {
+ args++;
+ CApath = *args;
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-in")) {
+ if (args[1]) {
+ args++;
+ infile = *args;
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-out")) {
+ if (args[1]) {
+ args++;
+ outfile = *args;
+ } else badarg = 1;
+ } else badarg = 1;
+ args++;
+ }
+
+ if(operation == SMIME_SIGN) {
+ if(!signerfile) {
+ BIO_printf(bio_err, "No signer certificate specified\n");
+ badarg = 1;
+ }
+ need_rand = 1;
+ } else if(operation == SMIME_DECRYPT) {
+ if(!recipfile) {
+ BIO_printf(bio_err, "No recipient certificate and key specified\n");
+ badarg = 1;
+ }
+ } else if(operation == SMIME_ENCRYPT) {
+ if(!*args) {
+ BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
+ badarg = 1;
+ }
+ need_rand = 1;
+ } else if(!operation) badarg = 1;
+
+ if (badarg) {
+ BIO_printf (bio_err, "Usage smime [options] cert.pem ...\n");
+ BIO_printf (bio_err, "where options are\n");
+ BIO_printf (bio_err, "-encrypt encrypt message\n");
+ BIO_printf (bio_err, "-decrypt decrypt encrypted message\n");
+ BIO_printf (bio_err, "-sign sign message\n");
+ BIO_printf (bio_err, "-verify verify signed message\n");
+ BIO_printf (bio_err, "-pk7out output PKCS#7 structure\n");
+#ifndef NO_DES
+ BIO_printf (bio_err, "-des3 encrypt with triple DES\n");
+ BIO_printf (bio_err, "-des encrypt with DES\n");
+#endif
+#ifndef NO_RC2
+ BIO_printf (bio_err, "-rc2-40 encrypt with RC2-40 (default)\n");
+ BIO_printf (bio_err, "-rc2-64 encrypt with RC2-64\n");
+ BIO_printf (bio_err, "-rc2-128 encrypt with RC2-128\n");
+#endif
+ BIO_printf (bio_err, "-nointern don't search certificates in message for signer\n");
+ BIO_printf (bio_err, "-nosigs don't verify message signature\n");
+ BIO_printf (bio_err, "-noverify don't verify signers certificate\n");
+ BIO_printf (bio_err, "-nocerts don't include signers certificate when signing\n");
+ BIO_printf (bio_err, "-nodetach use opaque signing\n");
+ BIO_printf (bio_err, "-noattr don't include any signed attributes\n");
+ BIO_printf (bio_err, "-binary don't translate message to text\n");
+ BIO_printf (bio_err, "-certfile file other certificates file\n");
+ BIO_printf (bio_err, "-signer file signer certificate file\n");
+ BIO_printf (bio_err, "-recip file recipient certificate file for decryption\n");
+ BIO_printf (bio_err, "-in file input file\n");
+ BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n");
+ BIO_printf (bio_err, "-out file output file\n");
+ BIO_printf (bio_err, "-to addr to address\n");
+ BIO_printf (bio_err, "-from ad from address\n");
+ BIO_printf (bio_err, "-subject s subject\n");
+ BIO_printf (bio_err, "-text include or delete text MIME headers\n");
+ BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
+ BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
+ BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+ BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
+ BIO_printf(bio_err, " the random number generator\n");
+ BIO_printf (bio_err, "cert.pem recipient certificate(s) for encryption\n");
+ goto end;
+ }
+
+ if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
+ BIO_printf(bio_err, "Error getting password\n");
+ goto end;
+ }
+
+ if (need_rand) {
+ app_RAND_load_file(NULL, bio_err, (inrand != NULL));
+ if (inrand != NULL)
+ BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+ app_RAND_load_files(inrand));
+ }
+
+ ret = 2;
+
+ if(operation != SMIME_SIGN) flags &= ~PKCS7_DETACHED;
+
+ if(flags & PKCS7_BINARY) {
+ if(operation & SMIME_OP) inmode = "rb";
+ else outmode = "rb";
+ }
+
+ if(operation == SMIME_ENCRYPT) {
+ if (!cipher) {
+#ifndef NO_RC2
+ cipher = EVP_rc2_40_cbc();
+#else
+ BIO_printf(bio_err, "No cipher selected\n");
+ goto end;
+#endif
+ }
+ encerts = sk_X509_new_null();
+ while (*args) {
+ if(!(cert = load_cert(*args))) {
+ BIO_printf(bio_err, "Can't read recipient certificate file %s\n", *args);
+ goto end;
+ }
+ sk_X509_push(encerts, cert);
+ cert = NULL;
+ args++;
+ }
+ }
+
+ if(signerfile && (operation == SMIME_SIGN)) {
+ if(!(signer = load_cert(signerfile))) {
+ BIO_printf(bio_err, "Can't read signer certificate file %s\n", signerfile);
+ goto end;
+ }
+ }
+
+ if(certfile) {
+ if(!(other = load_certs(certfile))) {
+ BIO_printf(bio_err, "Can't read certificate file %s\n", certfile);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ if(recipfile && (operation == SMIME_DECRYPT)) {
+ if(!(recip = load_cert(recipfile))) {
+ BIO_printf(bio_err, "Can't read recipient certificate file %s\n", recipfile);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ if(operation == SMIME_DECRYPT) {
+ if(!keyfile) keyfile = recipfile;
+ } else if(operation == SMIME_SIGN) {