HTY1024/dockerfile
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

更新构建openssl镜像相关文件

Browse Source
This commit is contained in:
huty 2024-03-22 14:58:37 +08:00 committed by huty
parent 3c8bbedbd7
commit 7555429db6
19130 changed files with 2648588 additions and 7 deletions

16
examples/openssl/alpine/dockerfile

@ -14,8 +14,7 @@ ARG GROUP_ID=1024 \
# 更新应用并安装基础应用
RUN set -ex && \
apk add tzdata && \
apk add --no-cache bash bash-doc bash-completion
apk add --no-cache tzdata bash bash-doc bash-completion
# 设置时区、新建用户组及用户、配置目录权限
RUN ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \
@ -25,7 +24,18 @@ RUN ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \
chown -R $GROUP_NAME.$USER_NAME $USER_HOME
# 安装 OpenSSL
RUN apk add openssl
ADD openssl-3.2.1.zip $USER_HOME/openssl-3.2.1.zip
RUN apk add --no-cache unzip perl && \
cd $USER_HOME && \
unzip openssl-3.2.1.zip && \
rm -rf openssl-3.2.1.zip && \
apk del unzip && \
chown -R $GROUP_NAME.$USER_NAME $USER_HOME && \
mv /usr/lib/libssl.so.3 /usr/lib/libssl.so.3.bak && \
mv /usr/lib/libcrypto.so.3 /usr/lib/libcrypto.so.3.bak && \
ln -s $USER_HOME/openssl-3.2.1/lib64/libssl.so.3 /usr/lib/libssl.so.3 && \
ln -s $USER_HOME/openssl-3.2.1/lib64/libcrypto.so.3 /usr/lib/libcrypto.so.3 && \
ln -s $USER_HOME/openssl-3.2.1/bin/openssl /usr/bin/openssl
# 设置工作目录
WORKDIR $USER_HOME

37
examples/openssl/alpine/dockerfile.apk Normal file

@ -0,0 +1,37 @@
# 配置参数(指定基础镜像版本)
ARG BASE_TAG=3.19.1
# 基于 AlpineLinux 构建
FROM alpine:$BASE_TAG
# 配置参数
ARG GROUP_ID=1024 \
GROUP_NAME=openssl \
USER_ID=1024 \
USER_NAME=openssl \
USER_HOME=/home/openssl \
USER_SHELL=/bin/bash
# 更新应用并安装基础应用
RUN set -ex && \
apk add tzdata && \
apk add --no-cache bash bash-doc bash-completion
# 设置时区、新建用户组及用户、配置目录权限
RUN ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \
addgroup $GROUP_NAME -g $GROUP_ID && \
adduser $USER_NAME -G $GROUP_NAME -h $USER_HOME -s $USER_SHELL -u $USER_ID -D && \
mkdir -pv $USER_HOME && \
chown -R $GROUP_NAME.$USER_NAME $USER_HOME
# 安装 OpenSSL
RUN apk add openssl
# 设置工作目录
WORKDIR $USER_HOME
# 设置启动用户
USER $GROUP_NAME:$USER_NAME
# 设置执行启动脚本
CMD ["/bin/bash"]

52
examples/openssl/alpine/dockerfile.src Normal file

@ -0,0 +1,52 @@
# 配置参数(指定基础镜像版本)
ARG BASE_TAG=3.19.1
# 基于 AlpineLinux 构建
FROM alpine:$BASE_TAG
# 配置参数
ARG GROUP_ID=1024 \
GROUP_NAME=openssl \
USER_ID=1024 \
USER_NAME=openssl \
USER_HOME=/home/openssl \
USER_SHELL=/bin/bash \
INSTALL_PATH=/opt/openssl
# 更新应用并安装基础应用
RUN set -ex && \
apk add tzdata && \
apk add --no-cache bash bash-doc bash-completion
# 设置时区、新建用户组及用户、配置目录权限
RUN ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \
addgroup $GROUP_NAME -g $GROUP_ID && \
adduser $USER_NAME -G $GROUP_NAME -h $USER_HOME -s $USER_SHELL -u $USER_ID -D && \
mkdir -pv $USER_HOME && \
chown -R $GROUP_NAME.$USER_NAME $USER_HOME
# 安装 OpenSSL
ADD openssl-3.2.1-src.tar.gz $USER_HOME/openssl-3.2.1-src.tar.gz
RUN apk add tar perl perl-IPC-Cmd && \
cd $USER_HOME && \
tar zxvf openssl-3.2.1-src.tar.gz && \
cd openssl-3.2.1-src && \
mkdir -pv $INSTALL_PATH && \
chown -R $GROUP_NAME.$USER_NAME $INSTALL_PATH && \
./Configure --prefix=$INSTALL_PATH && \
make install && \
mv /usr/lib/libssl.so.3 /usr/lib/libssl.so.3.bak && \
mv /usr/lib/libcrypto.so.3 /usr/lib/libcrypto.so.3.bak && \
ln -s $INSTALL_PATH/lib64/libssl.so.3 /usr/lib/libssl.so.3 && \
ln -s $INSTALL_PATH/lib64/libcrypto.so.3 /usr/lib/libcrypto.so.3 && \
ln -s $INSTALL_PATH/bin/openssl /usr/bin/openssl && \
rm -rf $USER_HOME/*
# 设置工作目录
WORKDIR $USER_HOME
# 设置启动用户
USER $GROUP_NAME:$USER_NAME
# 设置执行启动脚本
CMD ["/bin/bash"]

0
examples/openssl/openssl-3.2.1.tar.gz → examples/openssl/alpine/openssl-3.2.1-src.tar.gz

BIN
examples/openssl/alpine/openssl-3.2.1.zip Normal file

Binary file not shown.

BIN
examples/openssl/openssl-3.2.1-src.tar.gz Normal file

Binary file not shown.

6
examples/openssl/openssl-3.2.1-src/ACKNOWLEDGEMENTS.md Normal file

@ -0,0 +1,6 @@
Acknowledgements
================
Please see our [Thanks!][] page for the current acknowledgements.
[Thanks!]: https://www.openssl.org/community/thanks.html

51
examples/openssl/openssl-3.2.1-src/AUTHORS.md Normal file

@ -0,0 +1,51 @@
Authors
=======
This is the list of OpenSSL authors for copyright purposes.
It does not necessarily list everyone who has contributed code,
since in some cases, their employer may be the copyright holder.
To see the full list of contributors, see the revision history in
source control.
Groups
------
* OpenSSL Software Services, Inc.
* OpenSSL Software Foundation, Inc.
Individuals
-----------
* Andy Polyakov
* Ben Laurie
* Ben Kaduk
* Bernd Edlinger
* Bodo Möller
* David Benjamin
* David von Oheimb
* Dmitry Belyavskiy (Дмитрий Белявский)
* Emilia Käsper
* Eric Young
* Geoff Thorpe
* Holger Reif
* Kurt Roeckx
* Lutz Jänicke
* Mark J. Cox
* Matt Caswell
* Matthias St. Pierre
* Nicola Tuveri
* Nils Larsch
* Patrick Steuer
* Paul Dale
* Paul C. Sutton
* Paul Yang
* Ralf S. Engelschall
* Rich Salz
* Richard Levitte
* Shane Lontis
* Stephen Henson
* Steve Marquess
* Tim Hudson
* Tomáš Mráz
* Ulf Möller
* Viktor Dukhovni

20582
examples/openssl/openssl-3.2.1-src/CHANGES.md Normal file

File diff suppressed because it is too large Load Diff

6
examples/openssl/openssl-3.2.1-src/CODE-OF-CONDUCT.md Normal file

@ -0,0 +1,6 @@
Code of Conduct
===============
The OpenSSL [Code of Conduct] is published on the project's website.
[Code of Conduct]: https://www.openssl.org/community/conduct.html

102
examples/openssl/openssl-3.2.1-src/CONTRIBUTING.md Normal file

@ -0,0 +1,102 @@
HOW TO CONTRIBUTE TO OpenSSL
============================
Please visit our [Getting Started] page for other ideas about how to contribute.
[Getting Started]: <https://www.openssl.org/community/getting-started.html>
Development is done on GitHub in the [openssl/openssl] repository.
[openssl/openssl]: <https://github.com/openssl/openssl>
To request new a feature, ask a question, or report a bug,
please open an [issue on GitHub](https://github.com/openssl/openssl/issues).
To submit a patch or implement a new feature, please open a
[pull request on GitHub](https://github.com/openssl/openssl/pulls).
If you are thinking of making a large contribution,
open an issue for it before starting work, to get comments from the community.
Someone may be already working on the same thing,
or there may be special reasons why a feature is not implemented.
To make it easier to review and accept your pull request, please follow these
guidelines:
1. Anything other than a trivial contribution requires a [Contributor
License Agreement] (CLA), giving us permission to use your code.
If your contribution is too small to require a CLA (e.g., fixing a spelling
mistake), then place the text "`CLA: trivial`" on a line by itself below
the rest of your commit message separated by an empty line, like this:
```
One-line summary of trivial change
Optional main body of commit message. It might contain a sentence
or two explaining the trivial change.
CLA: trivial
```
It is not sufficient to only place the text "`CLA: trivial`" in the GitHub
pull request description.
[Contributor License Agreement]: <https://www.openssl.org/policies/cla.html>
To amend a missing "`CLA: trivial`" line after submission, do the following:
```
git commit --amend
# add the line, save and quit the editor
git push -f [<repository> [<branch>]]
```
2. All source files should start with the following text (with
appropriate comment characters at the start of each line and the
year(s) updated):
```
Copyright 20xx-20yy The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
https://www.openssl.org/source/license.html
```
3. Patches should be as current as possible; expect to have to rebase
often. We do not accept merge commits, you will have to remove them
(usually by rebasing) before it will be acceptable.
4. Code provided should follow our [coding style] and compile without warnings.
There is a [Perl tool](util/check-format.pl) that helps
finding code formatting mistakes and other coding style nits.
Where `gcc` or `clang` is available, you should use the
`--strict-warnings` `Configure` option. OpenSSL compiles on many varied
platforms: try to ensure you only use portable features.
Clean builds via GitHub Actions are required. They are started automatically
whenever a PR is created or updated by committers.
[coding style]: https://www.openssl.org/policies/technical/coding-style.html
5. When at all possible, code contributions should include tests. These can
either be added to an existing test, or completely new. Please see
[test/README.md](test/README.md) for information on the test framework.
6. New features or changed functionality must include
documentation. Please look at the `.pod` files in `doc/man[1357]` for
examples of our style. Run `make doc-nits` to make sure that your
documentation changes are clean.
7. For user visible changes (API changes, behaviour changes, ...),
consider adding a note in [CHANGES.md](CHANGES.md).
This could be a summarising description of the change, and could
explain the grander details.
Have a look through existing entries for inspiration.
Please note that this is NOT simply a copy of git-log one-liners.
Also note that security fixes get an entry in [CHANGES.md](CHANGES.md).
This file helps users get more in-depth information of what comes
with a specific release without having to sift through the higher
noise ratio in git-log.
8. Guidelines how to integrate error output of new crypto library modules
can be found in [crypto/err/README.md](crypto/err/README.md).

181
examples/openssl/openssl-3.2.1-src/Configurations/00-base-templates.conf Normal file

@ -0,0 +1,181 @@
# -*- Mode: perl -*-
my %targets=(
DEFAULTS => {
template => 1,
cflags => "",
cppflags => "",
lflags => "",
defines => [],
includes => [],
lib_cflags => "",
lib_cppflags => "",
lib_defines => [],
thread_scheme => "(unknown)", # Assume we don't know
thread_defines => [],
unistd => "<unistd.h>",
shared_target => "",
shared_cflag => "",
shared_defines => [],
shared_ldflag => "",
shared_rcflag => "",
#### Defaults for the benefit of the config targets who don't inherit
#### a BASE and assume Unix defaults
#### THESE WILL DISAPPEAR IN OpenSSL 1.2
build_scheme => [ "unified", "unix" ],
build_file => "Makefile",
AR => "(unused)",
ARFLAGS => "(unused)",
CC => "cc",
HASHBANGPERL => "/usr/bin/env perl",
RANLIB => sub { which("$config{cross_compile_prefix}ranlib")
? "ranlib" : "" },
RC => "windres",
#### THESE WILL BE ENABLED IN OpenSSL 1.2
#HASHBANGPERL => "PERL", # Only Unix actually cares
},
BASE_common => {
template => 1,
enable => [],
disable => [],
defines =>
sub {
my @defs = ( 'OPENSSL_BUILDING_OPENSSL' );
push @defs, "BROTLI" unless $disabled{brotli};
push @defs, "BROTLI_SHARED" unless $disabled{"brotli-dynamic"};
push @defs, "ZLIB" unless $disabled{zlib};
push @defs, "ZLIB_SHARED" unless $disabled{"zlib-dynamic"};
push @defs, "ZSTD" unless $disabled{zstd};
push @defs, "ZSTD_SHARED" unless $disabled{"zstd-dynamic"};
return [ @defs ];
},
includes =>
sub {
my @incs = ();
push @incs, $withargs{brotli_include}
if !$disabled{brotli} && $withargs{brotli_include};
push @incs, $withargs{zlib_include}
if !$disabled{zlib} && $withargs{zlib_include};
push @incs, $withargs{zstd_include}
if !$disabled{zstd} && $withargs{zstd_include};
return [ @incs ];
},
},
BASE_unix => {
inherit_from => [ "BASE_common" ],
template => 1,
AR => "ar",
ARFLAGS => "qc",
CC => "cc",
lflags =>
sub {
my @libs = ();
push(@libs, "-L".$withargs{zlib_lib}) if $withargs{zlib_lib};
push(@libs, "-L".$withargs{brotli_lib}) if $withargs{brotli_lib};
push(@libs, "-L".$withargs{zstd_lib}) if $withargs{zstd_lib};
return join(" ", @libs);
},
ex_libs =>
sub {
my @libs = ();
push(@libs, "-lz") if !defined($disabled{zlib}) && defined($disabled{"zlib-dynamic"});
if (!defined($disabled{brotli}) && defined($disabled{"brotli-dynamic"})) {
push(@libs, "-lbrotlienc");
push(@libs, "-lbrotlidec");
push(@libs, "-lbrotlicommon");
push(@libs, "-lm");
}
push(@libs, "-lzstd") if !defined($disabled{zstd}) && defined($disabled{"zstd-dynamic"});
return join(" ", @libs);
},
HASHBANGPERL => "/usr/bin/env perl", # Only Unix actually cares
RANLIB => sub { which("$config{cross_compile_prefix}ranlib")
? "ranlib" : "" },
RC => "windres",
build_scheme => [ "unified", "unix" ],
build_file => "Makefile",
perl_platform => 'Unix',
},
BASE_Windows => {
inherit_from => [ "BASE_common" ],
template => 1,
lib_defines =>
sub {
my @defs = ();
unless ($disabled{"zlib-dynamic"}) {
my $zlib = $withargs{zlib_lib} // "ZLIB1";
push @defs, 'LIBZ=' . (quotify("perl", $zlib))[0];
}
return [ @defs ];
},
ex_libs =>
sub {
my @libs = ();
unless ($disabled{zlib}) {
if (defined($disabled{"zlib-dynamic"})) {
push(@libs, $withargs{zlib_lib} // "ZLIB1");
}
}
unless ($disabled{zstd}) {
if (defined($disabled{"zstd-dynamic"})) {
push(@libs, $withargs{zstd_lib} // "libzstd");
}
}
unless ($disabled{brotli}) {
if (defined($disabled{"brotli-dynamic"})) {
my $path = "";
if (defined($withargs{brotli_lib})) {
$path = $withargs{brotli_lib} . "\\";
}
push(@libs, $path . "brotlicommon.lib");
push(@libs, $path . "brotlidec.lib");
push(@libs, $path . "brotlienc.lib");
}
}
return join(" ", @libs);
},
MT => "mt",
MTFLAGS => "-nologo",
mtinflag => "-manifest ",
mtoutflag => "-outputresource:",
build_file => "makefile",
build_scheme => [ "unified", "windows" ],
perl_platform => 'Windows',
},
BASE_VMS => {
inherit_from => [ "BASE_common" ],
template => 1,
includes =>
add(sub {
my @incs = ();
# GNV$ZLIB_INCLUDE is the standard logical name for later
# zlib incarnations.
push @incs, 'GNV$ZLIB_INCLUDE:'
if !$disabled{zlib} && !$withargs{zlib_include};
return [ @incs ];
}),
build_file => "descrip.mms",
build_scheme => [ "unified", "VMS" ],
perl_platform => 'VMS',
},
);

2139
examples/openssl/openssl-3.2.1-src/Configurations/10-main.conf Normal file

File diff suppressed because it is too large Load Diff

291
examples/openssl/openssl-3.2.1-src/Configurations/15-android.conf Normal file

@ -0,0 +1,291 @@
#### Android...
#
# See NOTES-Android.md for details, and don't miss platform-specific
# comments below...
{
use File::Spec::Functions;
my $android_ndk = {};
my %triplet = (
arm => "arm-linux-androideabi",
arm64 => "aarch64-linux-android",
mips => "mipsel-linux-android",
mips64 => "mips64el-linux-android",
x86 => "i686-linux-android",
x86_64 => "x86_64-linux-android",
);
sub android_ndk {
unless (%$android_ndk) {
if ($now_printing =~ m|^android|) {
return $android_ndk = { bn_ops => "BN_AUTO" };
}
my $ndk_var;
my $ndk;
foreach (qw(ANDROID_NDK_ROOT ANDROID_NDK)) {
$ndk_var = $_;
$ndk = $ENV{$ndk_var};
last if defined $ndk;
}
die "\$ANDROID_NDK_ROOT is not defined" if (!$ndk);
my $is_standalone_toolchain = -f "$ndk/AndroidVersion.txt";
my $ndk_src_props = "$ndk/source.properties";
my $is_ndk = -f $ndk_src_props;
if ($is_ndk == $is_standalone_toolchain) {
die "\$ANDROID_NDK_ROOT=$ndk is invalid";
}
$ndk = canonpath($ndk);
my $ndkver = undef;
if (open my $fh, "<$ndk_src_props") {
local $_;
while(<$fh>) {
if (m|Pkg\.Revision\s*=\s*([0-9]+)|) {
$ndkver = $1;
last;
}
}
close $fh;
}
my ($sysroot, $api, $arch);
$config{target} =~ m|[^-]+-([^-]+)$|; # split on dash
$arch = $1;
if ($sysroot = $ENV{CROSS_SYSROOT}) {
$sysroot =~ m|/android-([0-9]+)/arch-(\w+)/?$|;
($api, $arch) = ($1, $2);
} elsif ($is_standalone_toolchain) {
$sysroot = "$ndk/sysroot";
} else {
$api = "*";
# see if user passed -D__ANDROID_API__=N
foreach (@{$useradd{CPPDEFINES}}, @{$user{CPPFLAGS}}) {
if (m|__ANDROID_API__=([0-9]+)|) {
$api = $1;
last;
}
}
if (-d "$ndk/platforms") {
# list available platforms (numerically)
my @platforms = sort { $a =~ m/-([0-9]+)$/; my $aa = $1;
$b =~ m/-([0-9]+)$/; $aa <=> $1;
} glob("$ndk/platforms/android-$api");
die "no $ndk/platforms/android-$api" if ($#platforms < 0);
$sysroot = "@platforms[$#platforms]/arch-$arch";
$sysroot =~ m|/android-([0-9]+)/arch-$arch|;
$api = $1;
} elsif ($api eq "*") {
# r22 Removed platforms dir, use this JSON file
my $path = "$ndk/meta/platforms.json";
open my $fh, $path or die "Could not open '$path' $!";
while (<$fh>) {
if (/"max": (\d+),/) {
$api = $1;
last;
}
}
close $fh;
}
die "Could not get default API Level" if ($api eq "*");
}
die "no sysroot=$sysroot" if (length $sysroot && !-d $sysroot);
my $triarch = $triplet{$arch};
my $cflags;
my $cppflags;
# see if there is NDK clang on $PATH, "universal" or "standalone"
if (which("clang") =~ m|^$ndk/.*/prebuilt/([^/]+)/|) {
my $host=$1;
# harmonize with gcc default
my $arm = $ndkver > 16 ? "armv7a" : "armv5te";
(my $tridefault = $triarch) =~ s/^arm-/$arm-/;
(my $tritools = $triarch) =~ s/(?:x|i6)86(_64)?-.*/x86$1/;
if (length $sysroot) {
$cflags .= " -target $tridefault "
. "-gcc-toolchain \$($ndk_var)/toolchains"
. "/$tritools-4.9/prebuilt/$host";
$user{CC} = "clang" if ($user{CC} !~ m|clang|);
} else {
$user{CC} = "$tridefault$api-clang";
}
$user{CROSS_COMPILE} = undef;
if (which("llvm-ar") =~ m|^$ndk/.*/prebuilt/([^/]+)/|) {
$user{AR} = "llvm-ar";
$user{ARFLAGS} = [ "rs" ];
$user{RANLIB} = ":";
}
} elsif ($is_standalone_toolchain) {
my $cc = $user{CC} // "clang";
# One can probably argue that both clang and gcc should be
# probed, but support for "standalone toolchain" was added
# *after* announcement that gcc is being phased out, so
# favouring clang is considered adequate. Those who insist
# have option to enforce test for gcc with CC=gcc.
if (which("$triarch-$cc") !~ m|^$ndk|) {
die "no NDK $triarch-$cc on \$PATH";
}
$user{CC} = $cc;
$user{CROSS_COMPILE} = "$triarch-";
} elsif ($user{CC} eq "clang") {
die "no NDK clang on \$PATH";
} else {
if (which("$triarch-gcc") !~ m|^$ndk/.*/prebuilt/([^/]+)/|) {
die "no NDK $triarch-gcc on \$PATH";
}
$cflags .= " -mandroid";
$user{CROSS_COMPILE} = "$triarch-";
}
if (length $sysroot) {
if (!-d "$sysroot/usr/include") {
my $incroot = "$ndk/sysroot/usr/include";
die "no $incroot" if (!-d $incroot);
die "no $incroot/$triarch" if (!-d "$incroot/$triarch");
$incroot =~ s|^$ndk/||;
$cppflags = "-D__ANDROID_API__=$api";
$cppflags .= " -isystem \$($ndk_var)/$incroot/$triarch";
$cppflags .= " -isystem \$($ndk_var)/$incroot";
}
$sysroot =~ s|^$ndk/||;
$sysroot = " --sysroot=\$($ndk_var)/$sysroot";
}
$android_ndk = {
cflags => $cflags . $sysroot,
cppflags => $cppflags,
bn_ops => $arch =~ m/64$/ ? "SIXTY_FOUR_BIT_LONG"
: "BN_LLONG",
};
}
return $android_ndk;
}
}
my %targets = (
"android" => {
inherit_from => [ "linux-generic32" ],
template => 1,
################################################################
# Special note about -pie. The underlying reason is that
# Lollipop refuses to run non-PIE. But what about older systems
# and NDKs? -fPIC was never problem, so the only concern is -pie.
# Older toolchains, e.g. r4, appear to handle it and binaries
# turn out mostly functional. "Mostly" means that oldest
# Androids, such as Froyo, fail to handle executable, but newer
# systems are perfectly capable of executing binaries targeting
# Froyo. Keep in mind that in the nutshell Android builds are
# about JNI, i.e. shared libraries, not applications.
cflags => add(sub { android_ndk()->{cflags} }),
cppflags => add(sub { android_ndk()->{cppflags} }),
cxxflags => add(sub { android_ndk()->{cflags} }),
bn_ops => sub { android_ndk()->{bn_ops} },
bin_cflags => "-fPIE",
bin_lflags => "-pie",
enable => [ ],
shared_extension => ".so",
},
"android-arm" => {
################################################################
# Contemporary Android applications can provide multiple JNI
# providers in .apk, targeting multiple architectures. Among
# them there is "place" for two ARM flavours: generic eabi and
# armv7-a/hard-float. However, it should be noted that OpenSSL's
# ability to engage NEON is not constrained by ABI choice, nor
# is your ability to call OpenSSL from your application code
# compiled with floating-point ABI other than default 'soft'.
# (Latter thanks to __attribute__((pcs("aapcs"))) declaration.)
# This means that choice of ARM libraries you provide in .apk
# is driven by application needs. For example if application
# itself benefits from NEON or is floating-point intensive, then
# it might be appropriate to provide both libraries. Otherwise
# just generic eabi would do. But in latter case it would be
# appropriate to
#
# ./Configure android-arm -D__ARM_MAX_ARCH__=8
#
# in order to build "universal" binary and allow OpenSSL take
# advantage of NEON when it's available.
#
# Keep in mind that (just like with linux-armv4) we rely on
# compiler defaults, which is not necessarily what you had
# in mind, in which case you would have to pass additional
# -march and/or -mfloat-abi flags. NDK defaults to armv5te.
# Newer NDK versions reportedly require additional -latomic.
#
inherit_from => [ "android" ],
bn_ops => add("RC4_CHAR"),
asm_arch => 'armv4',
perlasm_scheme => "void",
},
"android-arm64" => {
inherit_from => [ "android" ],
bn_ops => add("RC4_CHAR"),
asm_arch => 'aarch64',
perlasm_scheme => "linux64",
},
"android-mips" => {
inherit_from => [ "android" ],
bn_ops => add("RC4_CHAR"),
asm_arch => 'mips32',
perlasm_scheme => "o32",
},
"android-mips64" => {
################################################################
# You are more than likely have to specify target processor
# on ./Configure command line. Trouble is that toolchain's
# default is MIPS64r6 (at least in r10d), but there are no
# such processors around (or they are too rare to spot one).
# Actual problem is that MIPS64r6 is binary incompatible
# with previous MIPS ISA versions, in sense that unlike
# prior versions original MIPS binary code will fail.
#
inherit_from => [ "android" ],
bn_ops => add("RC4_CHAR"),
asm_arch => 'mips64',
perlasm_scheme => "64",
},
"android-x86" => {
inherit_from => [ "android" ],
CFLAGS => add(picker(release => "-fomit-frame-pointer")),
bn_ops => add("RC4_INT"),
asm_arch => 'x86',
perlasm_scheme => "android",
ex_libs => add(threads("-latomic")),
},
"android-x86_64" => {
inherit_from => [ "android" ],
bn_ops => add("RC4_INT"),
asm_arch => 'x86_64',
perlasm_scheme => "elf",
},
####################################################################
# Backward compatible targets, (might) require $CROSS_SYSROOT
#
"android-armeabi" => {
inherit_from => [ "android-arm" ],
},
"android64" => {
inherit_from => [ "android" ],
},
"android64-aarch64" => {
inherit_from => [ "android-arm64" ],
},
"android64-x86_64" => {
inherit_from => [ "android-x86_64" ],
},
"android64-mips64" => {
inherit_from => [ "android-mips64" ],
},
);

89
examples/openssl/openssl-3.2.1-src/Configurations/15-ios.conf Normal file

@ -0,0 +1,89 @@
#### iPhoneOS/iOS
#
# `xcrun` targets require an Xcode that can determine the correct C compiler via
# `xcrun -sdk iphoneos`. This has been standard in Xcode for a while now - any recent
# Xcode should do. If the Xcode on the build machine doesn't support this then use
# the legacy targets at the end of this file. These require manual definition of
# environment variables.
#
my %targets = (
"ios-common" => {
template => 1,
inherit_from => [ "darwin-common" ],
sys_id => "iOS",
disable => [ "shared", "async" ],
},
"ios-xcrun" => {
inherit_from => [ "ios-common" ],
# It should be possible to go below iOS 6 and even add -arch armv6,
# thus targeting iPhone pre-3GS, but it's assumed to be irrelevant
# at this point.
CC => "xcrun -sdk iphoneos cc",
cflags => add("-arch armv7 -mios-version-min=6.0.0 -fno-common"),
asm_arch => 'armv4',
perlasm_scheme => "ios32",
},
"ios64-xcrun" => {
inherit_from => [ "ios-common" ],
CC => "xcrun -sdk iphoneos cc",
cflags => add("-arch arm64 -mios-version-min=7.0.0 -fno-common"),
bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
asm_arch => 'aarch64',
perlasm_scheme => "ios64",
},
"iossimulator-xcrun" => {
inherit_from => [ "ios-common" ],
CC => "xcrun -sdk iphonesimulator cc",
},
"iossimulator-arm64-xcrun" => {
inherit_from => [ "ios-common" ],
CC => "xcrun -sdk iphonesimulator cc",
cflags => add("-arch arm64 -mios-simulator-version-min=7.0.0 -fno-common"),
bn_ops => "SIXTY_FOUR_BIT_LONG",
asm_arch => 'aarch64',
perlasm_scheme => "ios64",
},
"iossimulator-i386-xcrun" => {
inherit_from => [ "ios-common" ],
CC => "xcrun -sdk iphonesimulator cc",
cflags => add("-arch i386 -mios-simulator-version-min=7.0.0 -fno-common"),
bn_ops => "BN_LLONG",
asm_arch => 'x86',
perlasm_scheme => "macosx",
},
"iossimulator-x86_64-xcrun" => {
inherit_from => [ "ios-common" ],
CC => "xcrun -sdk iphonesimulator cc",
cflags => add("-arch x86_64 -mios-simulator-version-min=7.0.0 -fno-common"),
bn_ops => "SIXTY_FOUR_BIT_LONG",
asm_arch => 'x86_64',
perlasm_scheme => "macosx",
},
# It takes three prior-set environment variables to make it work:
#
# CROSS_COMPILE=/where/toolchain/is/usr/bin/ [note ending slash]
# CROSS_TOP=/where/SDKs/are
# CROSS_SDK=iPhoneOSx.y.sdk
#
# Exact paths vary with Xcode releases, but for couple of last ones
# they would look like this:
#
# CROSS_COMPILE=`xcode-select --print-path`/Toolchains/XcodeDefault.xctoolchain/usr/bin/
# CROSS_TOP=`xcode-select --print-path`/Platforms/iPhoneOS.platform/Developer
# CROSS_SDK=iPhoneOS.sdk
#
"iphoneos-cross" => {
inherit_from => [ "ios-common" ],
cflags => add("-isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common"),
},
"ios-cross" => {
inherit_from => [ "ios-xcrun" ],
CC => "cc",
cflags => add("-isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK)"),
},
"ios64-cross" => {
inherit_from => [ "ios64-xcrun" ],
CC => "cc",
cflags => add("-isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK)"),
},
);

62
examples/openssl/openssl-3.2.1-src/Configurations/50-cppbuilder.conf Normal file

@ -0,0 +1,62 @@
my %targets = (
"BC-32" => {
inherit_from => [ "BASE_Windows" ],
sys_id => "WIN32",
bn_ops => "BN_LLONG",
thread_scheme => "winthreads",
cc => "bcc32c",
CPP => "cpp32 -oCON -Sc -Sr",
defines => add("WIN32_LEAN_AND_MEAN", "OPENSSL_SYS_WIN32",
"L_ENDIAN", "DSO_WIN32", "_stricmp=stricmp",
"_strnicmp=strnicmp", "_malloca=malloc",
"_freea=free", "_setmode=setmode"),
cflags => picker(default => add("-q -c",
threads("-tM"),
shared("-tR")),
debug => "-Od -v -vi- -D_DEBUG",
release => "-O2"),
bin_cflags => "-tWC",
lib_cflags => shared("-tWD -D_WINDLL -D_DLL"),
coutflag => "-o",
# -Sx isn't documented, but 'cpp32 -H -S' explains it:
#
# -Sx Omit preprocessed text in output
makedepcmd => "cpp32 -oCON -Sx -Hp",
makedep_scheme => "embarcadero",
LD => "ilink32",
LDFLAGS => picker(default => "-x -Gn -q -w-dup",
debug => '-j"$(BDS)\lib\win32c\debug" ' .
'-L"$(BDS)\lib\win32c\debug" -v',
release => '-j"$(BDS)\lib\win32c\release" ' .
'-L"$(BDS)\lib\win32c\release"'),
bin_lflags => "-ap -Tpe c0x32.obj wildargs.obj",
ldoutflag => ",",
ldpostoutflag => ",,",
ld_resp_delim => " +\n",
ex_libs => add(sub {
my @ex_libs = ("import32.lib",
($disabled{shared}
? ($disabled{threads} ? "cw32.lib" : "cw32mt.lib")
: ($disabled{threads} ? "cw32i.lib" : "cw32mti.lib")));
push @ex_libs, "ws2_32.lib" unless $disabled{sock};
return join(" ", @ex_libs);
}),
AR => "tlib",
ARFLAGS => "/P256 /N /u",
ar_resp_delim => " &\n",
RC => "brcc32",
RCFLAGS => '-i"$(BDS)\include\windows\sdk"',
rcoutflag => "-fo",
shared_target => "win-shared",
shared_ldflag => "-aa -Tpd c0d32.obj",
lddefflag => ",",
ldresflag => ",",
ld_implib_rule => 'implib -a $< $**',
dso_scheme => "win32",
shared_defflag => '',
perl_platform => 'Windows::cppbuilder',
uplink_arch => 'common',
}
);

18
examples/openssl/openssl-3.2.1-src/Configurations/50-djgpp.conf Normal file

@ -0,0 +1,18 @@
# We can't make any commitment to support the DJGPP platform,
# and rely entirely on the OpenSSL community to help is fine
# tune and test.
my %targets = (
"DJGPP" => {
inherit_from => [ "BASE_unix" ],
CC => "gcc",
CFLAGS => "-fomit-frame-pointer -O2 -Wall",
cflags => "-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN",
sys_id => "MSDOS",
lflags => add("-L/dev/env/WATT_ROOT/lib"),
ex_libs => add("-lwatt"),
bn_ops => "BN_LLONG",
asm_arch => 'x86',
perlasm_scheme => "a.out",
},
);

35
examples/openssl/openssl-3.2.1-src/Configurations/50-haiku.conf Normal file

@ -0,0 +1,35 @@
my %targets = (
"haiku-common" => {
template => 1,
CC => "cc",
CFLAGS => add_before(picker(default => "-Wall",
debug => "-g -O0",
release => "-O2")),
cflags => add_before("-DL_ENDIAN -include \$(SRCDIR)/os-dep/haiku.h",
threads("-D_REENTRANT")),
AR => "ar",
ARFLAGS => "qc",
HASHBANGPERL => "/bin/env perl",
sys_id => "HAIKU",
ex_libs => "-lnetwork",
perlasm_scheme => "elf",
thread_scheme => "pthreads",
dso_scheme => "dlfcn",
shared_target => "gnu-shared",
shared_cflag => "-fPIC",
shared_ldflag => "-shared",
perl_platform => 'Unix',
},
"haiku-x86" => {
inherit_from => [ "haiku-common" ],
CFLAGS => add(picker(release => "-fomit-frame-pointer")),
bn_ops => "BN_LLONG",
asm_arch => 'x86',
perlasm_scheme => 'elf',
},
"haiku-x86_64" => {
inherit_from => [ "haiku-common" ],
cflags => add("-m64"),
bn_ops => "SIXTY_FOUR_BIT_LONG",
},
);

22
examples/openssl/openssl-3.2.1-src/Configurations/50-masm.conf Normal file

@ -0,0 +1,22 @@
# We can't make commitment to supporting Microsoft assembler,
# because it would mean supporting all masm versions. This in
# in turn is because masm is not really an interchangeable option,
# while users tend to have reasons to stick with specific Visual
# Studio versions. It's usually lesser hassle to make it work
# with latest assembler, but tweaking for older versions had
# proven to be daunting task. This is experimental target, for
# production builds stick with [up-to-date version of] nasm.
my %targets = (
"VC-WIN64A-masm" => {
inherit_from => [ "VC-WIN64-common" ],
AS => "ml64",
ASFLAGS => "/nologo /Zi",
asoutflag => "/Fo",
asflags => "/c /Cp /Cx",
sys_id => "WIN64A",
uplink_arch => 'x86_64',
asm_arch => 'x86_64',
perlasm_scheme => "masm",
},
);

271
examples/openssl/openssl-3.2.1-src/Configurations/50-nonstop.conf Normal file

@ -0,0 +1,271 @@
#### Nonstop configurations
# Common for all
'nonstop-common' => {
inherit_from => [ 'BASE_unix' ],
template => 1,
cc => 'c99',
cflags => add_before(picker(debug => '-g -O0',
release => '-g -O2'),
'-Wextensions',
'-Wnowarn=203,220,272,734,770,1506',
'-Wbuild_neutral_library',
'-Wverbose'),
defines => add('OPENSSL_VPROC=$(OPENSSL_VPROC)',
'_XOPEN_SOURCE',
'_XOPEN_SOURCE_EXTENDED=1',
'_TANDEM_SOURCE',
'__NSK_OPTIONAL_TYPES__',
'B_ENDIAN'),
perl => '/usr/bin/perl',
shared_target => 'nonstop-shared',
shared_extension => ".so",
ex_libs => add('-lrld'),
enable => ['egd'],
dso_scheme => 'DLFCN',
sys_id => 'TANDEM',
},
######################################################################
# Additional variant settings, to be combined with nonstop-common
# Note that these do not inherit anything. However, the diverse values
# are merged with other entries in an 'inherit_from'.
#
# These combine:
# - System architecture (MIPS, Itanium, or x86)
# - Execution environment (oss [default] or guardian)
#
# Unfortunately, they can't be separated into independent templates, because
# a number of the above are encoded as different linkers, and by consequence,
# different c99 linker flags (-Wld, -Weld, and -Wxld)
#
# In addition, the are modifiers for:
# - Size of long + pointer (ilp32 [default] and lp64)
# - Float type (neutral and tandem)
#
# Unfortunately, because the float types affect the linker settings, those
# are divided per system architecture
#
# MIPS + guardian (unused but present for convenience):
'nonstop-archenv-mips-guardian' => {
template => 1,
defines => ['NO_GETPID'],
cflags => '-Wtarget=tns/r -Wsystype=guardian',
lflags => '-Wld="-set systype guardian"',
shared_ldflag => '-Wshared -Wld="-soname $(@:lib%.so=%)"',
shared_defflag => '-Wld_obey=',
shared_argfileflag => '-Wld_obey=',
},
# Itanium + guardian:
'nonstop-archenv-itanium-guardian' => {
template => 1,
defines => ['NO_GETPID'],
cflags => '-Wtarget=tns/e -Wsystype=guardian',
lflags => '-Weld="-set systype guardian"',
shared_ldflag => '-Wshared -Weld="-soname $(@:lib%.so=%)"',
shared_defflag => '-Weld_obey=',
shared_argfileflag => '-Weld_obey=',
},
# x86 + guardian:
'nonstop-archenv-x86_64-guardian' => {
template => 1,
defines => ['NO_GETPID'],
cflags => '-Wtarget=tns/x -Wsystype=guardian',
lflags => '-Wxld="-set systype guardian"',
shared_ldflag => '-Wshared -Wxld="-soname $(@:lib%.so=%)"',
shared_defflag => '-Wxld_obey=',
shared_argfileflag => '-Wxld_obey=',
},
# MIPS + oss (unused but present for convenience):
'nonstop-archenv-mips-oss' => {
template => 1,
cflags => '-Wtarget=tns/r -Wsystype=oss',
lflags => '-Wld="-set systype oss"',
shared_ldflag => '-Wshared',
shared_defflag => '-Wld_obey=',
shared_argfileflag => '-Wld_obey=',
},
# Itanium + oss:
'nonstop-archenv-itanium-oss' => {
template => 1,
cflags => '-Wtarget=tns/e -Wsystype=oss',
lflags => '-Weld="-set systype oss"',
shared_ldflag => '-Wshared',
shared_defflag => '-Weld_obey=',
shared_argfileflag => '-Weld_obey=',
},
# x86_64 + oss:
'nonstop-archenv-x86_64-oss' => {
template => 1,
cflags => '-Wtarget=tns/x -Wsystype=oss',
lflags => '-Wxld="-set systype oss"',
shared_ldflag => '-Wshared',
shared_defflag => '-Wxld_obey=',
shared_argfileflag => '-Wxld_obey=',
},
# Size variants
'nonstop-ilp32' => {
template => 1,
cflags => '-Wilp32',
bn_ops => 'THIRTY_TWO_BIT',
},
'nonstop-lp64-itanium' => {
template => 1,
cflags => '-Wlp64',
bn_ops => 'SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR',
},
'nonstop-lp64-x86_64' => {
template => 1,
cflags => '-Wlp64',
lflags => '-Wxld="-set data_model lp64"',
bn_ops => 'SIXTY_FOUR_BIT',
},
# Float variants
'nonstop-nfloat-mips' => {
template => 1,
lflags => '-Wld="-set floattype neutral_float"',
},
'nonstop-tfloat-mips' => {
template => 1,
lflags => '-Wld="-set floattype tandem_float"',
},
'nonstop-efloat-itanium' => {
template => 1,
cflags => '-WIEEE_float',
lflags => '-Weld="-set floattype ieee_float"',
},
'nonstop-nfloat-itanium' => {
template => 1,
lflags => '-Weld="-set floattype neutral_float"',
},
'nonstop-tfloat-itanium' => {
template => 1,
cflags => '-WTandem_float',
lflags => '-Weld="-set floattype tandem_float"',
},
'nonstop-efloat-x86_64' => {
template => 1,
cflags => '-WIEEE_float',
lflags => '-Wxld="-set floattype ieee_float"',
},
'nonstop-nfloat-x86_64' => {
template => 1,
lflags => '-Wxld="-set floattype neutral_float"',
},
'nonstop-tfloat-x86_64' => {
template => 1,
cflags => '-WTandem_float',
lflags => '-Wxld="-set floattype tandem_float"',
},
######################################################################
# Build models
'nonstop-model-put' => {
template => 1,
defines => ['_PUT_MODEL_',
'_REENTRANT', '_THREAD_SUPPORT_FUNCTIONS'],
ex_libs => '-lput',
},
######################################################################
# Now for the entries themselves, let's combine things!
'nonstop-nsx' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-x86_64-oss',
'nonstop-ilp32',
'nonstop-efloat-x86_64' ],
disable => ['threads'],
},
'nonstop-nsx_put' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-x86_64-oss',
'nonstop-ilp32',
'nonstop-efloat-x86_64',
'nonstop-model-put' ],
multilib => '-put',
multibin => '-put',
},
'nonstop-nsx_64' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-x86_64-oss',
'nonstop-lp64-x86_64',
'nonstop-efloat-x86_64' ],
multilib => '64',
multibin => '64',
disable => ['threads'],
},
'nonstop-nsx_64_put' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-x86_64-oss',
'nonstop-lp64-x86_64',
'nonstop-efloat-x86_64',
'nonstop-model-put' ],
multilib => '64-put',
multibin => '64-put',
},
'nonstop-nsx_g' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-x86_64-guardian',
'nonstop-ilp32', 'nonstop-nfloat-x86_64' ],
disable => ['threads'],
},
'nonstop-nsx_g_tandem' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-x86_64-guardian',
'nonstop-ilp32', 'nonstop-tfloat-x86_64' ],
disable => ['threads'],
},
'nonstop-nsv' => {
inherit_from => [ 'nonstop-nsx' ],
},
'nonstop-nse' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-itanium-oss',
'nonstop-ilp32',
'nonstop-efloat-itanium' ],
disable => ['threads'],
},
'nonstop-nse_put' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-itanium-oss',
'nonstop-ilp32',
'nonstop-efloat-itanium',
'nonstop-model-put' ],
multilib => '-put',
multibin => '-put',
},
'nonstop-nse_64' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-itanium-oss',
'nonstop-lp64-itanium',
'nonstop-efloat-itanium' ],
multilib => '64',
multibin => '64',
disable => ['threads'],
},
'nonstop-nse_64_put' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-itanium-oss',
'nonstop-lp64-itanium',
'nonstop-efloat-itanium',
'nonstop-model-put' ],
multilib => '64-put',
multibin => '64-put',
},
'nonstop-nse_g' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-itanium-guardian',
'nonstop-ilp32', 'nonstop-nfloat-itanium' ],
disable => ['threads'],
},
'nonstop-nse_g_tandem' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-itanium-guardian',
'nonstop-ilp32', 'nonstop-tfloat-itanium' ],
disable => ['threads'],
},

11
examples/openssl/openssl-3.2.1-src/Configurations/50-os390.conf Normal file

@ -0,0 +1,11 @@
## -*- mode: perl; -*-
(
# OS/390 Unix an EBCDIC-based Unix system on IBM mainframe
"OS390-Unix" => {
inherit_from => [ "BASE_unix" ],
cc => "cc",
cflags => "-O -DB_ENDIAN -DCHARSET_EBCDIC",
bn_ops => "THIRTY_TWO_BIT RC4_CHAR",
thread_scheme => "(unknown)",
}
);

14
examples/openssl/openssl-3.2.1-src/Configurations/50-vms-x86_64.conf Normal file

@ -0,0 +1,14 @@
## -*- mode: perl; -*-
# OpenVMS cross compilation of x86_64 binaries on Itanium. This doesn't
# fit the usual cross compilation parameters that are used on Unixly machines
(
'vms-x86_64-cross-ia64' => {
inherit_from => [ 'vms-generic' ],
CC => 'XCC',
bn_ops => 'SIXTY_FOUR_BIT',
pointer_size => '',
setup_commands => [ '@SYS$MANAGER:X86_XTOOLS$SYLOGIN.COM' ],
}
);

35
examples/openssl/openssl-3.2.1-src/Configurations/50-win-clang-cl.conf Normal file

@ -0,0 +1,35 @@
## -*- mode: perl; -*-
# Windows on Arm clang-cl targets.
#
my %targets = (
"VC-WIN64-CLANGASM-ARM" => {
inherit_from => [ "VC-noCE-common" ],
defines => add("_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE",
"OPENSSL_SYS_WIN_CORE"),
bn_ops => "SIXTY_FOUR_BIT RC4_CHAR",
multilib => "-arm64",
asm_arch => "aarch64",
AS => "clang-cl.exe",
ASFLAGS => "/nologo /Zi",
asflags => "/c",
asoutflag => "/Fo",
perlasm_scheme => "win64",
uplink_arch => 'armv8',
},
"VC-CLANG-WIN64-CLANGASM-ARM" => {
CC => "clang-cl",
inherit_from => [ "VC-noCE-common" ],
defines => add("_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE",
"OPENSSL_SYS_WIN_CORE"),
bn_ops => "SIXTY_FOUR_BIT RC4_CHAR",
multilib => "-arm64",
asm_arch => "aarch64",
AS => "clang-cl.exe",
ASFLAGS => "/nologo /Zi",
asflags => "/c",
asoutflag => "/Fo",
perlasm_scheme => "win64",
uplink_arch => 'armv8',
},
);

37
examples/openssl/openssl-3.2.1-src/Configurations/50-win-hybridcrt.conf Normal file

@ -0,0 +1,37 @@
## -*- mode: perl; -*-
# Windows HybridCRT targets.
#
# https://github.com/microsoft/WindowsAppSDK/blob/77761e244289fda6b3d5f14c7bded189fed4fb89/docs/Coding-Guidelines/HybridCRT.md
# Link statically against the runtime and STL, but link dynamically against the CRT by ignoring the static CRT
# lib and instead linking against the Universal CRT DLL import library. This "Hybrid" linking mechanism is
# supported according to the CRT maintainer. Dynamic linking against the CRT makes the binaries a bit smaller
# than they would otherwise be if the CRT, runtime, and STL were all statically linked in.
sub remove_from_flags {
my ($toRemove, $flags) = @_;
$flags =~ s/$toRemove//;
return $flags;
}
my %targets = (
"VC-WIN32-HYBRIDCRT" => {
inherit_from => [ "VC-WIN32" ],
cflags => sub {
remove_from_flags(qr/\/MDd?\s/, add(picker(debug => "/MTd",
release => "/MT"))->(@_))
},
lflags => add(picker(debug => "/NODEFAULTLIB:libucrtd.lib /DEFAULTLIB:ucrtd.lib",
release => "/NODEFAULTLIB:libucrt.lib /DEFAULTLIB:ucrt.lib")),
},
"VC-WIN64A-HYBRIDCRT" => {
inherit_from => [ "VC-WIN64A" ],
cflags => sub {
remove_from_flags(qr/\/MDd?\s/, add(picker(debug => "/MTd",
release => "/MT"))->(@_))
},
lflags => add(picker(debug => "/NODEFAULTLIB:libucrtd.lib /DEFAULTLIB:ucrtd.lib",
release => "/NODEFAULTLIB:libucrt.lib /DEFAULTLIB:ucrt.lib")),
},
);

137
examples/openssl/openssl-3.2.1-src/Configurations/50-win-onecore.conf Normal file

@ -0,0 +1,137 @@
## -*- mode: perl; -*-
# Windows OneCore targets.
#
# OneCore is new API stability "contract" that transcends Desktop, IoT and
# Mobile[?] Windows editions. It's a set up "umbrella" libraries that
# export subset of Win32 API that are common to all Windows 10 devices.
#
# OneCore Configuration temporarily dedicated for console applications
# due to disabled event logging, which is incompatible with one core.
# Error messages are provided via standard error only.
# TODO: extend error handling to use ETW based eventing
# (Or rework whole error messaging)
my $UWP_info = {};
sub UWP_info {
unless (%$UWP_info) {
my $SDKver = `powershell -Command \"& {\$(Get-Item \\\"hklm:\\SOFTWARE\\WOW6432Node\\Microsoft\\Microsoft SDKs\\Windows\\\").GetValue(\\\"CurrentVersion\\\")}\"`;
$SDKver =~ s|\R$||;
my @SDKver_split = split(/\./, $SDKver);
# SDK version older than 10.0.17763 don't support our ASM builds
if ($SDKver_split[0] < 10
|| ($SDKver_split[0] == 10
&& $SDKver_split[1] == 0
&& $SDKver_split[2] < 17763)) {
$UWP_info->{disable} = [ 'asm' ];
} else {
$UWP_info->{disable} = [ ];
}
}
return $UWP_info;
}
my %targets = (
"VC-WIN32-ONECORE" => {
inherit_from => [ "VC-WIN32" ],
# /NODEFAULTLIB:kernel32.lib is needed, because MSVCRT.LIB has
# hidden reference to kernel32.lib, but we don't actually want
# it in "onecore" build.
lflags => add("/NODEFAULTLIB:kernel32.lib"),
defines => add("OPENSSL_SYS_WIN_CORE"),
ex_libs => "onecore.lib",
},
"VC-WIN64A-ONECORE" => {
inherit_from => [ "VC-WIN64A" ],
lflags => add("/NODEFAULTLIB:kernel32.lib"),
defines => add("OPENSSL_SYS_WIN_CORE"),
ex_libs => "onecore.lib",
},
# Windows on ARM targets. ARM compilers are additional components in
# VS2017, i.e. they are not installed by default. And when installed,
# there are no "ARM Tool Command Prompt"s on Start menu, you have
# to locate vcvarsall.bat and act accordingly. VC-WIN32-ARM has
# received limited testing with evp_test.exe on Windows 10 IoT Core,
# but not VC-WIN64-ARM, no hardware... In other words they are not
# actually supported...
#
# Another thing to keep in mind [in cross-compilation scenario such
# as this one] is that target's file system has nothing to do with
# compilation system's one. This means that you're are likely to use
# --prefix and --openssldir with target-specific values. 'nmake install'
# step is effectively meaningless in cross-compilation case, though
# it might be useful to 'nmake install DESTDIR=S:\ome\where' where you
# can point Visual Studio to when compiling custom application code.
"VC-WIN32-ARM" => {
inherit_from => [ "VC-noCE-common" ],
defines => add("_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE",
"OPENSSL_SYS_WIN_CORE"),
bn_ops => "BN_LLONG RC4_CHAR",
lflags => add("/NODEFAULTLIB:kernel32.lib"),
ex_libs => "onecore.lib",
multilib => "-arm",
},
"VC-WIN64-ARM" => {
inherit_from => [ "VC-noCE-common" ],
defines => add("_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE",
"OPENSSL_SYS_WIN_CORE"),
bn_ops => "SIXTY_FOUR_BIT RC4_CHAR",
lflags => add("/NODEFAULTLIB:kernel32.lib"),
ex_libs => "onecore.lib",
multilib => "-arm64",
},
# Universal Windows Platform (UWP) App Support
# TODO
#
# The 'disable' attribute should have 'uplink'.
# however, these are checked in some 'inherit_from', which is processed
# very early, before the 'disable' attributes are seen.
# This is a problem that needs to be resolved in Configure first.
#
# But if you want to build library with Windows 10 Version 1809 SDK or
# earlier, the 'disable' attribute should also have 'asm'.
"VC-WIN32-UWP" => {
inherit_from => [ "VC-WIN32-ONECORE" ],
lflags => add("/APPCONTAINER"),
defines => add("WINAPI_FAMILY=WINAPI_FAMILY_APP",
"_WIN32_WINNT=0x0A00"),
dso_scheme => "",
disable => sub { [ 'ui-console', 'stdio', 'async', 'uplink',
@{ UWP_info()->{disable} } ] },
ex_libs => "WindowsApp.lib",
},
"VC-WIN64A-UWP" => {
inherit_from => [ "VC-WIN64A-ONECORE" ],
lflags => add("/APPCONTAINER"),
defines => add("WINAPI_FAMILY=WINAPI_FAMILY_APP",
"_WIN32_WINNT=0x0A00"),
dso_scheme => "",
disable => sub { [ 'ui-console', 'stdio', 'async', 'uplink',
@{ UWP_info()->{disable} } ] },
ex_libs => "WindowsApp.lib",
},
"VC-WIN32-ARM-UWP" => {
inherit_from => [ "VC-WIN32-ARM" ],
lflags => add("/APPCONTAINER"),
defines => add("WINAPI_FAMILY=WINAPI_FAMILY_APP",
"_WIN32_WINNT=0x0A00"),
dso_scheme => "",
disable => sub { [ 'ui-console', 'stdio', 'async', 'uplink',
@{ UWP_info()->{disable} } ] },
ex_libs => "WindowsApp.lib",
},
"VC-WIN64-ARM-UWP" => {
inherit_from => [ "VC-WIN64-ARM" ],
lflags => add("/APPCONTAINER"),
defines => add("WINAPI_FAMILY=WINAPI_FAMILY_APP",
"_WIN32_WINNT=0x0A00"),
dso_scheme => "",
disable => sub { [ 'ui-console', 'stdio', 'async', 'uplink',
@{ UWP_info()->{disable} } ] },
ex_libs => "WindowsApp.lib",
},
);

136
examples/openssl/openssl-3.2.1-src/Configurations/INTERNALS.Configure Normal file

@ -0,0 +1,136 @@
Configure Internals
===================
[ note: this file uses markdown for formatting ]
Intro
-----
This is a collection of notes that are hopefully of interest to those
who decide to dive into Configure and what it does. This is a living
document and anyone is encouraged to add to it and submit changes.
There's no claim for this document to be complete at any time, but it
will hopefully reach such a point in time.
----------------------------------------------------------------------
Parsing build.info files, processing conditions
-----------------------------------------------
Processing conditions in build.info files is done with the help of a
condition stack that tell if a build.info should be processed or if it
should just be skipped over. The possible states of the stack top are
expressed in the following comment from Configure:
# The top item of this stack has the following values
# -2 positive already run and we found ELSE (following ELSIF should fail)
# -1 positive already run (skip until ENDIF)
# 0 negatives so far (if we're at a condition, check it)
# 1 last was positive (don't skip lines until next ELSE, ELSIF or ENDIF)
# 2 positive ELSE (following ELSIF should fail)
Ground rule is that non-condition lines are skipped over if the
stack top is > 0. Condition lines (IF, ELSIF, ELSE and ENDIF
statements) need to be processed either way to keep track of the skip
stack states, so they are a little more intricate.
Instead of trying to describe in words, here are some example of what
the skip stack should look like after each line is processed:
Example 1:
| IF[1] | 1 | |
| ... whatever ... | | this line is processed |
| IF[1] | 1 1 | |
| ... whatever ... | | this line is processed |
| ELSIF[1] | 1 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSE | 1 -2 | |
| ... whatever ... | | this line is skipped over |
| ENDIF | 1 | |
| ... whatever ... | | this line is processed |
| ELSIF[1] | -1 | |
| ... whatever ... | | this line is skipped over |
| IF[1] | -1 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[1] | -1 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSE | -1 -2 | |
| ... whatever ... | | this line is skipped over |
| ENDIF | -1 | |
| ... whatever ... | | this line is skipped over |
| ENDIF | | |
Example 2:
| IF[0] | 0 | |
| ... whatever ... | | this line is skipped over |
| IF[1] | 0 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[1] | 0 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSE | 0 -2 | |
| ... whatever ... | | this line is skipped over |
| ENDIF | 0 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[1] | 1 | |
| ... whatever ... | | this line is processed |
| IF[1] | 1 1 | |
| ... whatever ... | | this line is processed |
| ELSIF[1] | 1 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSE | 1 -2 | |
| ... whatever ... | | this line is skipped over |
| ENDIF | 1 | |
| ... whatever ... | | this line is processed |
| ENDIF | | |
Example 3:
| IF[0] | 0 | |
| ... whatever ... | | this line is skipped over |
| IF[0] | 0 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[1] | 0 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSE | 0 -2 | |
| ... whatever ... | | this line is skipped over |
| ENDIF | 0 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[1] | 1 | |
| ... whatever ... | | this line is processed |
| IF[0] | 1 0 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[1] | 1 1 | |
| ... whatever ... | | this line is processed |
| ELSE | 1 -2 | |
| ... whatever ... | | this line is skipped over |
| ENDIF | 1 | |
| ... whatever ... | | this line is processed |
| ENDIF | | |
Example 4:
| IF[0] | 0 | |
| ... whatever ... | | this line is skipped over |
| IF[0] | 0 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[0] | 0 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSE | 0 -2 | |
| ... whatever ... | | this line is skipped over |
| ENDIF | 0 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[1] | 1 | |
| ... whatever ... | | this line is processed |
| IF[0] | 1 0 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[0] | 1 0 | |
| ... whatever ... | | this line is skipped over |
| ELSE | 1 2 | |
| ... whatever ... | | this line is processed |
| ENDIF | 1 | |
| ... whatever ... | | this line is processed |
| ENDIF | | |

604
examples/openssl/openssl-3.2.1-src/Configurations/README-design.md Normal file

@ -0,0 +1,604 @@
Design document for the unified scheme data
===========================================
How are things connected?
-------------------------
The unified scheme takes all its data from the `build.info` files seen
throughout the source tree. These files hold the minimum information
needed to build end product files from diverse sources. See the
section on `build.info` files below.
From the information in `build.info` files, `Configure` builds up an
information database as a hash table called `%unified_info`, which is
stored in configdata.pm, found at the top of the build tree (which may
or may not be the same as the source tree).
[`Configurations/common.tmpl`](common.tmpl) uses the data from `%unified_info` to
generate the rules for building end product files as well as
intermediary files with the help of a few functions found in the
build-file templates. See the section on build-file templates further
down for more information.
build.info files
----------------
As mentioned earlier, `build.info` files are meant to hold the minimum
information needed to build output files, and therefore only (with a
few possible exceptions [1]) have information about end products (such
as scripts, library files and programs) and source files (such as C
files, C header files, assembler files, etc). Intermediate files such
as object files are rarely directly referred to in `build.info` files (and
when they are, it's always with the file name extension `.o`), they are
inferred by `Configure`. By the same rule of minimalism, end product
file name extensions (such as `.so`, `.a`, `.exe`, etc) are never mentioned
in `build.info`. Their file name extensions will be inferred by the
build-file templates, adapted for the platform they are meant for (see
sections on `%unified_info` and build-file templates further down).
The variables `PROGRAMS`, `LIBS`, `MODULES` and `SCRIPTS` are used to declare
end products. There are variants for them with `_NO_INST` as suffix
(`PROGRAM_NO_INST` etc) to specify end products that shouldn't get installed.
The variables `SOURCE`, `DEPEND`, `INCLUDE` and `DEFINE` are indexed by a
produced file, and their values are the source used to produce that
particular produced file, extra dependencies, include directories
needed, or C macros to be defined.
All their values in all the `build.info` throughout the source tree are
collected together and form a set of programs, libraries, modules and
scripts to be produced, source files, dependencies, etc etc etc.
Let's have a pretend example, a very limited contraption of OpenSSL,
composed of the program `apps/openssl`, the libraries `libssl` and
`libcrypto`, an module `engines/ossltest` and their sources and
dependencies.
# build.info
LIBS=libcrypto libssl
INCLUDE[libcrypto]=include
INCLUDE[libssl]=include
DEPEND[libssl]=libcrypto
This is the top directory `build.info` file, and it tells us that two
libraries are to be built, the include directory `include/` shall be
used throughout when building anything that will end up in each
library, and that the library `libssl` depend on the library
`libcrypto` to function properly.
# apps/build.info
PROGRAMS=openssl
SOURCE[openssl]=openssl.c
INCLUDE[openssl]=.. ../include
DEPEND[openssl]=../libssl
This is the `build.info` file in `apps/`, one may notice that all file
paths mentioned are relative to the directory the `build.info` file is
located in. This one tells us that there's a program to be built
called `apps/openss` (the file name extension will depend on the
platform and is therefore not mentioned in the `build.info` file). It's
built from one source file, `apps/openssl.c`, and building it requires
the use of `.` and `include/` include directories (both are declared
from the point of view of the `apps/` directory), and that the program
depends on the library `libssl` to function properly.
# crypto/build.info
LIBS=../libcrypto
SOURCE[../libcrypto]=aes.c evp.c cversion.c
DEPEND[cversion.o]=buildinf.h
GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)"
DEPEND[buildinf.h]=../Makefile
DEPEND[../util/mkbuildinf.pl]=../util/Foo.pm
This is the `build.info` file in `crypto/`, and it tells us a little more
about what's needed to produce `libcrypto`. LIBS is used again to
declare that `libcrypto` is to be produced. This declaration is
really unnecessary as it's already mentioned in the top `build.info`
file, but can make the info file easier to understand. This is to
show that duplicate information isn't an issue.
This `build.info` file informs us that `libcrypto` is built from a few
source files, `crypto/aes.c`, `crypto/evp.c` and `crypto/cversion.c`.
It also shows us that building the object file inferred from
`crypto/cversion.c` depends on `crypto/buildinf.h`. Finally, it
also shows the possibility to declare how some files are generated
using some script, in this case a perl script, and how such scripts
can be declared to depend on other files, in this case a perl module.
Two things are worth an extra note:
`DEPEND[cversion.o]` mentions an object file. DEPEND indexes is the
only location where it's valid to mention them
# ssl/build.info
LIBS=../libssl
SOURCE[../libssl]=tls.c
This is the build.info file in `ssl/`, and it tells us that the
library `libssl` is built from the source file `ssl/tls.c`.
# engines/build.info
MODULES=dasync
SOURCE[dasync]=e_dasync.c
DEPEND[dasync]=../libcrypto
INCLUDE[dasync]=../include
MODULES_NO_INST=ossltest
SOURCE[ossltest]=e_ossltest.c
DEPEND[ossltest]=../libcrypto.a
INCLUDE[ossltest]=../include
This is the `build.info` file in `engines/`, telling us that two modules
called `engines/dasync` and `engines/ossltest` shall be built, that
`dasync`'s source is `engines/e_dasync.c` and `ossltest`'s source is
`engines/e_ossltest.c` and that the include directory `include/` may
be used when building anything that will be part of these modules.
Also, both modules depend on the library `libcrypto` to function
properly. `ossltest` is explicitly linked with the static variant of
the library `libcrypto`. Finally, only `dasync` is being installed, as
`ossltest` is only for internal testing.
When `Configure` digests these `build.info` files, the accumulated
information comes down to this:
LIBS=libcrypto libssl
SOURCE[libcrypto]=crypto/aes.c crypto/evp.c crypto/cversion.c
DEPEND[crypto/cversion.o]=crypto/buildinf.h
INCLUDE[libcrypto]=include
SOURCE[libssl]=ssl/tls.c
INCLUDE[libssl]=include
DEPEND[libssl]=libcrypto
PROGRAMS=apps/openssl
SOURCE[apps/openssl]=apps/openssl.c
INCLUDE[apps/openssl]=. include
DEPEND[apps/openssl]=libssl
MODULES=engines/dasync
SOURCE[engines/dasync]=engines/e_dasync.c
DEPEND[engines/dasync]=libcrypto
INCLUDE[engines/dasync]=include
MODULES_NO_INST=engines/ossltest
SOURCE[engines/ossltest]=engines/e_ossltest.c
DEPEND[engines/ossltest]=libcrypto.a
INCLUDE[engines/ossltest]=include
GENERATE[crypto/buildinf.h]=util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)"
DEPEND[crypto/buildinf.h]=Makefile
DEPEND[util/mkbuildinf.pl]=util/Foo.pm
A few notes worth mentioning:
`LIBS` may be used to declare routine libraries only.
`PROGRAMS` may be used to declare programs only.
`MODULES` may be used to declare modules only.
The indexes for `SOURCE` must only be end product files, such as
libraries, programs or modules. The values of `SOURCE` variables must
only be source files (possibly generated).
`INCLUDE` and `DEPEND` shows a relationship between different files
(usually produced files) or between files and directories, such as a
program depending on a library, or between an object file and some
extra source file.
When `Configure` processes the `build.info` files, it will take it as
truth without question, and will therefore perform very few checks.
If the build tree is separate from the source tree, it will assume
that all built files and up in the build directory and that all source
files are to be found in the source tree, if they can be found there.
`Configure` will assume that source files that can't be found in the
source tree (such as `crypto/bildinf.h` in the example above) are
generated and will be found in the build tree.
The `%unified_info` database
----------------------------
The information in all the `build.info` get digested by `Configure` and
collected into the `%unified_info` database, divided into the following
indexes:
depends => a hash table containing 'file' => [ 'dependency' ... ]
pairs. These are directly inferred from the DEPEND
variables in build.info files.
modules => a list of modules. These are directly inferred from
the MODULES variable in build.info files.
generate => a hash table containing 'file' => [ 'generator' ... ]
pairs. These are directly inferred from the GENERATE
variables in build.info files.
includes => a hash table containing 'file' => [ 'include' ... ]
pairs. These are directly inferred from the INCLUDE
variables in build.info files.
install => a hash table containing 'type' => [ 'file' ... ] pairs.
The types are 'programs', 'libraries', 'modules' and
'scripts', and the array of files list the files of
that type that should be installed.
libraries => a list of libraries. These are directly inferred from
the LIBS variable in build.info files.
programs => a list of programs. These are directly inferred from
the PROGRAMS variable in build.info files.
scripts => a list of scripts. There are directly inferred from
the SCRIPTS variable in build.info files.
sources => a hash table containing 'file' => [ 'sourcefile' ... ]
pairs. These are indirectly inferred from the SOURCE
variables in build.info files. Object files are
mentioned in this hash table, with source files from
SOURCE variables, and AS source files for programs and
libraries.
shared_sources =>
a hash table just like 'sources', but only as source
files (object files) for building shared libraries.
As an example, here is how the `build.info` files example from the
section above would be digested into a `%unified_info` table:
our %unified_info = (
"depends" =>
{
"apps/openssl" =>
[
"libssl",
],
"crypto/buildinf.h" =>
[
"Makefile",
],
"crypto/cversion.o" =>
[
"crypto/buildinf.h",
],
"engines/dasync" =>
[
"libcrypto",
],
"engines/ossltest" =>
[
"libcrypto.a",
],
"libssl" =>
[
"libcrypto",
],
"util/mkbuildinf.pl" =>
[
"util/Foo.pm",
],
},
"modules" =>
[
"engines/dasync",
"engines/ossltest",
],
"generate" =>
{
"crypto/buildinf.h" =>
[
"util/mkbuildinf.pl",
"\"\$(CC)",
"\$(CFLAGS)\"",
"\"$(PLATFORM)\"",
],
},
"includes" =>
{
"apps/openssl" =>
[
".",
"include",
],
"engines/ossltest" =>
[
"include"
],
"libcrypto" =>
[
"include",
],
"libssl" =>
[
"include",
],
"util/mkbuildinf.pl" =>
[
"util",
],
}
"install" =>
{
"modules" =>
[
"engines/dasync",
],
"libraries" =>
[
"libcrypto",
"libssl",
],
"programs" =>
[
"apps/openssl",
],
},
"libraries" =>
[
"libcrypto",
"libssl",
],
"programs" =>
[
"apps/openssl",
],
"sources" =>
{
"apps/openssl" =>
[
"apps/openssl.o",
],
"apps/openssl.o" =>
[
"apps/openssl.c",
],
"crypto/aes.o" =>
[
"crypto/aes.c",
],
"crypto/cversion.o" =>
[
"crypto/cversion.c",
],
"crypto/evp.o" =>
[
"crypto/evp.c",
],
"engines/e_dasync.o" =>
[
"engines/e_dasync.c",
],
"engines/dasync" =>
[
"engines/e_dasync.o",
],
"engines/e_ossltest.o" =>
[
"engines/e_ossltest.c",
],
"engines/ossltest" =>
[
"engines/e_ossltest.o",
],
"libcrypto" =>
[
"crypto/aes.c",
"crypto/cversion.c",
"crypto/evp.c",
],
"libssl" =>
[
"ssl/tls.c",
],
"ssl/tls.o" =>
[
"ssl/tls.c",
],
},
);
As can be seen, everything in `%unified_info` is fairly simple suggest
of information. Still, it tells us that to build all programs, we
must build `apps/openssl`, and to build the latter, we will need to
build all its sources (`apps/openssl.o` in this case) and all the
other things it depends on (such as `libssl`). All those dependencies
need to be built as well, using the same logic, so to build `libssl`,
we need to build `ssl/tls.o` as well as `libcrypto`, and to build the
latter...
Build-file templates
--------------------
Build-file templates are essentially build-files (such as `Makefile` on
Unix) with perl code fragments mixed in. Those perl code fragment
will generate all the configuration dependent data, including all the
rules needed to build end product files and intermediary files alike.
At a minimum, there must be a perl code fragment that defines a set of
functions that are used to generates specific build-file rules, to
build static libraries from object files, to build shared libraries
from static libraries, to programs from object files and libraries,
etc.
generatesrc - function that produces build file lines to generate
a source file from some input.
It's called like this:
generatesrc(src => "PATH/TO/tobegenerated",
generator => [ "generatingfile", ... ]
generator_incs => [ "INCL/PATH", ... ]
generator_deps => [ "dep1", ... ]
incs => [ "INCL/PATH", ... ],
deps => [ "dep1", ... ],
intent => one of "libs", "dso", "bin" );
'src' has the name of the file to be generated.
'generator' is the command or part of command to
generate the file, of which the first item is
expected to be the file to generate from.
generatesrc() is expected to analyse and figure out
exactly how to apply that file and how to capture
the result. 'generator_incs' and 'generator_deps'
are include directories and files that the generator
file itself depends on. 'incs' and 'deps' are
include directories and files that are used if $(CC)
is used as an intermediary step when generating the
end product (the file indicated by 'src'). 'intent'
indicates what the generated file is going to be
used for.
src2obj - function that produces build file lines to build an
object file from source files and associated data.
It's called like this:
src2obj(obj => "PATH/TO/objectfile",
srcs => [ "PATH/TO/sourcefile", ... ],
deps => [ "dep1", ... ],
incs => [ "INCL/PATH", ... ]
intent => one of "lib", "dso", "bin" );
'obj' has the intended object file with `.o`
extension, src2obj() is expected to change it to
something more suitable for the platform.
'srcs' has the list of source files to build the
object file, with the first item being the source
file that directly corresponds to the object file.
'deps' is a list of explicit dependencies. 'incs'
is a list of include file directories. Finally,
'intent' indicates what this object file is going
to be used for.
obj2lib - function that produces build file lines to build a
static library file ("libfoo.a" in Unix terms) from
object files.
called like this:
obj2lib(lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ]);
'lib' has the intended library file name *without*
extension, obj2lib is expected to add that. 'objs'
has the list of object files to build this library.
libobj2shlib - backward compatibility function that's used the
same way as obj2shlib (described next), and was
expected to build the shared library from the
corresponding static library when that was suitable.
NOTE: building a shared library from a static
library is now DEPRECATED, as they no longer share
object files. Attempting to do this will fail.
obj2shlib - function that produces build file lines to build a
shareable object library file ("libfoo.so" in Unix
terms) from the corresponding object files.
called like this:
obj2shlib(shlib => "PATH/TO/shlibfile",
lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/otherlibfile", ... ]);
'lib' has the base (static) library file name
*without* extension. This is useful in case
supporting files are needed (such as import
libraries on Windows).
'shlib' has the corresponding shared library name
*without* extension. 'deps' has the list of other
libraries (also *without* extension) this library
needs to be linked with. 'objs' has the list of
object files to build this library.
obj2dso - function that produces build file lines to build a
dynamic shared object file from object files.
called like this:
obj2dso(lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/otherlibfile",
... ]);
This is almost the same as obj2shlib, but the
intent is to build a shareable library that can be
loaded in runtime (a "plugin"...).
obj2bin - function that produces build file lines to build an
executable file from object files.
called like this:
obj2bin(bin => "PATH/TO/binfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/libfile", ... ]);
'bin' has the intended executable file name
*without* extension, obj2bin is expected to add
that. 'objs' has the list of object files to build
this library. 'deps' has the list of library files
(also *without* extension) that the programs needs
to be linked with.
in2script - function that produces build file lines to build a
script file from some input.
called like this:
in2script(script => "PATH/TO/scriptfile",
sources => [ "PATH/TO/infile", ... ]);
'script' has the intended script file name.
'sources' has the list of source files to build the
resulting script from.
Along with the build-file templates is the driving template
[`Configurations/common.tmpl`](common.tmpl), which looks through all the
information in `%unified_info` and generates all the rulesets to build libraries,
programs and all intermediate files, using the rule generating
functions defined in the build-file template.
As an example with the smaller `build.info` set we've seen as an
example, producing the rules to build `libcrypto` would result in the
following calls:
# Note: obj2shlib will only be called if shared libraries are
# to be produced.
# Note 2: obj2shlib must convert the '.o' extension to whatever
# is suitable on the local platform.
obj2shlib(shlib => "libcrypto",
objs => [ "crypto/aes.o", "crypto/evp.o", "crypto/cversion.o" ],
deps => [ ]);
obj2lib(lib => "libcrypto"
objs => [ "crypto/aes.o", "crypto/evp.o", "crypto/cversion.o" ]);
src2obj(obj => "crypto/aes.o"
srcs => [ "crypto/aes.c" ],
deps => [ ],
incs => [ "include" ],
intent => "lib");
src2obj(obj => "crypto/evp.o"
srcs => [ "crypto/evp.c" ],
deps => [ ],
incs => [ "include" ],
intent => "lib");
src2obj(obj => "crypto/cversion.o"
srcs => [ "crypto/cversion.c" ],
deps => [ "crypto/buildinf.h" ],
incs => [ "include" ],
intent => "lib");
generatesrc(src => "crypto/buildinf.h",
generator => [ "util/mkbuildinf.pl", "\"$(CC)",
"$(CFLAGS)\"", "\"$(PLATFORM)\"" ],
generator_incs => [ "util" ],
generator_deps => [ "util/Foo.pm" ],
incs => [ ],
deps => [ ],
intent => "lib");
The returned strings from all those calls are then concatenated
together and written to the resulting build-file.

674
examples/openssl/openssl-3.2.1-src/Configurations/README.md Normal file

@ -0,0 +1,674 @@
Intro
=====
This directory contains a few sets of files that are used for
configuration in diverse ways:
*.conf Target platform configurations, please read
'Configurations of OpenSSL target platforms' for more
information.
*.tmpl Build file templates, please read 'Build-file
programming with the "unified" build system' as well
as 'Build info files' for more information.
*.pm Helper scripts / modules for the main `Configure`
script. See 'Configure helper scripts for more
information.
Configurations of OpenSSL target platforms
==========================================
Configuration targets are a collection of facts that we know about
different platforms and their capabilities. We organise them in a
hash table, where each entry represent a specific target.
Note that configuration target names must be unique across all config
files. The Configure script does check that a config file doesn't
have config targets that shadow config targets from other files.
In each table entry, the following keys are significant:
inherit_from => Other targets to inherit values from.
Explained further below. [1]
template => Set to 1 if this isn't really a platform
target. Instead, this target is a template
upon which other targets can be built.
Explained further below. [1]
sys_id => System identity for systems where that
is difficult to determine automatically.
enable => Enable specific configuration features.
This MUST be an array of words.
disable => Disable specific configuration features.
This MUST be an array of words.
Note: if the same feature is both enabled
and disabled, disable wins.
as => The assembler command. This is not always
used (for example on Unix, where the C
compiler is used instead).
asflags => Default assembler command flags [4].
cpp => The C preprocessor command, normally not
given, as the build file defaults are
usually good enough.
cppflags => Default C preprocessor flags [4].
defines => As an alternative, macro definitions may be
given here instead of in 'cppflags' [4].
If given here, they MUST be as an array of
the string such as "MACRO=value", or just
"MACRO" for definitions without value.
includes => As an alternative, inclusion directories
may be given here instead of in 'cppflags'
[4]. If given here, the MUST be an array
of strings, one directory specification
each.
cc => The C compiler command, usually one of "cc",
"gcc" or "clang". This command is normally
also used to link object files and
libraries into the final program.
cxx => The C++ compiler command, usually one of
"c++", "g++" or "clang++". This command is
also used when linking a program where at
least one of the object file is made from
C++ source.
cflags => Defaults C compiler flags [4].
cxxflags => Default C++ compiler flags [4]. If unset,
it gets the same value as cflags.
(linking is a complex thing, see [3] below)
ld => Linker command, usually not defined
(meaning the compiler command is used
instead).
(NOTE: this is here for future use, it's
not implemented yet)
lflags => Default flags used when linking apps,
shared libraries or DSOs [4].
ex_libs => Extra libraries that are needed when
linking shared libraries, DSOs or programs.
The value is also assigned to Libs.private
in $(libdir)/pkgconfig/libcrypto.pc.
shared_cppflags => Extra C preprocessor flags used when
processing C files for shared libraries.
shared_cflag => Extra C compiler flags used when compiling
for shared libraries, typically something
like "-fPIC".
shared_ldflag => Extra linking flags used when linking
shared libraries.
module_cppflags
module_cflags
module_ldflags => Has the same function as the corresponding
'shared_' attributes, but for building DSOs.
When unset, they get the same values as the
corresponding 'shared_' attributes.
ar => The library archive command, the default is
"ar".
(NOTE: this is here for future use, it's
not implemented yet)
arflags => Flags to be used with the library archive
command. On Unix, this includes the
command letter, 'r' by default.
ranlib => The library archive indexing command, the
default is 'ranlib' it it exists.
unistd => An alternative header to the typical
'<unistd.h>'. This is very rarely needed.
shared_extension => File name extension used for shared
libraries.
obj_extension => File name extension used for object files.
On unix, this defaults to ".o" (NOTE: this
is here for future use, it's not
implemented yet)
exe_extension => File name extension used for executable
files. On unix, this defaults to "" (NOTE:
this is here for future use, it's not
implemented yet)
shlib_variant => A "variant" identifier inserted between the base
shared library name and the extension. On "unixy"
platforms (BSD, Linux, Solaris, MacOS/X, ...) this
supports installation of custom OpenSSL libraries
that don't conflict with other builds of OpenSSL
installed on the system. The variant identifier
becomes part of the SONAME of the library and also
any symbol versions (symbol versions are not used or
needed with MacOS/X). For example, on a system
where a default build would normally create the SSL
shared library as 'libssl.so -> libssl.so.1.1' with
the value of the symlink as the SONAME, a target
definition that sets 'shlib_variant => "-abc"' will
create 'libssl.so -> libssl-abc.so.1.1', again with
an SONAME equal to the value of the symlink. The
symbol versions associated with the variant library
would then be 'OPENSSL_ABC_<version>' rather than
the default 'OPENSSL_<version>'. The string inserted
into symbol versions is obtained by mapping all
letters in the "variant" identifier to uppercase
and all non-alphanumeric characters to '_'.
thread_scheme => The type of threads is used on the
configured platform. Currently known
values are "(unknown)", "pthreads",
"uithreads" (a.k.a solaris threads) and
"winthreads". Except for "(unknown)", the
actual value is currently ignored but may
be used in the future. See further notes
below [2].
dso_scheme => The type of dynamic shared objects to build
for. This mostly comes into play with
modules, but can be used for other purposes
as well. Valid values are "DLFCN"
(dlopen() et al), "DLFCN_NO_H" (for systems
that use dlopen() et al but do not have
fcntl.h), "DL" (shl_load() et al), "WIN32"
and "VMS".
asm_arch => The architecture to be used for compiling assembly
source. This acts as a selector in build.info files.
uplink_arch => The architecture to be used for compiling uplink
source. This acts as a selector in build.info files.
This is separate from asm_arch because it's compiled
even when 'no-asm' is given, even though it contains
assembler source.
perlasm_scheme => The perlasm method used to create the
assembler files used when compiling with
assembler implementations.
shared_target => The shared library building method used.
This serves multiple purposes:
- as index for targets found in shared_info.pl.
- as linker script generation selector.
To serve both purposes, the index for shared_info.pl
should end with '-shared', and this suffix will be
removed for use as a linker script generation
selector. Note that the latter is only used if
'shared_defflag' is defined.
build_scheme => The scheme used to build up a Makefile.
In its simplest form, the value is a string
with the name of the build scheme.
The value may also take the form of a list
of strings, if the build_scheme is to have
some options. In this case, the first
string in the list is the name of the build
scheme.
Currently recognised build scheme is "unified".
For the "unified" build scheme, this item
*must* be an array with the first being the
word "unified" and the second being a word
to identify the platform family.
multilib => On systems that support having multiple
implementations of a library (typically a
32-bit and a 64-bit variant), this is used
to have the different variants in different
directories.
multibin => On systems that support having multiple
implementations of a library and binaries
(typically a 32-bit and a 64-bit variant),
this is used to have the different variants
in different binary directories. This setting
works in conjunction with multilib.
bn_ops => Building options (was just bignum options in
the earlier history of this option, hence the
name). This is a string of words that describe
algorithms' implementation parameters that
are optimal for the designated target platform,
such as the type of integers used to build up
the bignum, different ways to implement certain
ciphers and so on. To fully comprehend the
meaning, the best is to read the affected
source.
The valid words are:
THIRTY_TWO_BIT bignum limbs are 32 bits,
this is default if no
option is specified, it
works on any supported
system [unless "wider"
limb size is implied in
assembly code];
BN_LLONG bignum limbs are 32 bits,
but 64-bit 'unsigned long
long' is used internally
in calculations;
SIXTY_FOUR_BIT_LONG bignum limbs are 64 bits
and sizeof(long) is 8;
SIXTY_FOUR_BIT bignums limbs are 64 bits,
but execution environment
is ILP32;
RC4_CHAR RC4 key schedule is made
up of 'unsigned char's;
Note: should not be used
for new configuration
targets
RC4_INT RC4 key schedule is made
up of 'unsigned int's;
Note: should not be used
for new configuration
targets
[1] as part of the target configuration, one can have a key called
`inherit_from` that indicates what other configurations to inherit
data from. These are resolved recursively.
Inheritance works as a set of default values that can be overridden
by corresponding key values in the inheriting configuration.
Note 1: any configuration table can be used as a template.
Note 2: pure templates have the attribute `template => 1` and
cannot be used as build targets.
If several configurations are given in the `inherit_from` array,
the values of same attribute are concatenated with space
separation. With this, it's possible to have several smaller
templates for different configuration aspects that can be combined
into a complete configuration.
Instead of a scalar value or an array, a value can be a code block
of the form `sub { /* your code here */ }`. This code block will
be called with the list of inherited values for that key as
arguments. In fact, the concatenation of strings is really done
by using `sub { join(" ",@_) }` on the list of inherited values.
An example:
"foo" => {
template => 1,
haha => "ha ha",
hoho => "ho",
ignored => "This should not appear in the end result",
},
"bar" => {
template => 1,
haha => "ah",
hoho => "haho",
hehe => "hehe"
},
"laughter" => {
inherit_from => [ "foo", "bar" ],
hehe => sub { join(" ",(@_,"!!!")) },
ignored => "",
}
The entry for "laughter" will become as follows after processing:
"laughter" => {
haha => "ha ha ah",
hoho => "ho haho",
hehe => "hehe !!!",
ignored => ""
}
[2] OpenSSL is built with threading capabilities unless the user
specifies `no-threads`. The value of the key `thread_scheme` may
be `(unknown)`, in which case the user MUST give some compilation
flags to `Configure`.
[3] OpenSSL has three types of things to link from object files or
static libraries:
- shared libraries; that would be libcrypto and libssl.
- shared objects (sometimes called dynamic libraries); that would
be the modules.
- applications; those are apps/openssl and all the test apps.
Very roughly speaking, linking is done like this (words in braces
represent the configuration settings documented at the beginning
of this file):
shared libraries:
{ld} $(CFLAGS) {lflags} {shared_ldflag} -o libfoo.so \
foo/something.o foo/somethingelse.o {ex_libs}
shared objects:
{ld} $(CFLAGS) {lflags} {module_ldflags} -o libeng.so \
blah1.o blah2.o -lcrypto {ex_libs}
applications:
{ld} $(CFLAGS) {lflags} -o app \
app1.o utils.o -lssl -lcrypto {ex_libs}
[4] There are variants of these attribute, prefixed with `lib_`,
`dso_` or `bin_`. Those variants replace the unprefixed attribute
when building library, DSO or program modules specifically.
Historically, the target configurations came in form of a string with
values separated by colons. This use is deprecated. The string form
looked like this:
"target" => "{cc}:{cflags}:{unistd}:{thread_cflag}:{sys_id}:{lflags}:
{bn_ops}:{cpuid_obj}:{bn_obj}:{ec_obj}:{des_obj}:{aes_obj}:
{bf_obj}:{md5_obj}:{sha1_obj}:{cast_obj}:{rc4_obj}:
{rmd160_obj}:{rc5_obj}:{wp_obj}:{cmll_obj}:{modes_obj}:
{padlock_obj}:{perlasm_scheme}:{dso_scheme}:{shared_target}:
{shared_cflag}:{shared_ldflag}:{shared_extension}:{ranlib}:
{arflags}:{multilib}"
Build info files
================
The `build.info` files that are spread over the source tree contain the
minimum information needed to build and distribute OpenSSL. It uses a
simple and yet fairly powerful language to determine what needs to be
built, from what sources, and other relationships between files.
For every `build.info` file, all file references are relative to the
directory of the `build.info` file for source files, and the
corresponding build directory for built files if the build tree
differs from the source tree.
When processed, every line is processed with the perl module
Text::Template, using the delimiters `{-` and `-}`. The hashes
`%config` and `%target` are passed to the perl fragments, along with
$sourcedir and $builddir, which are the locations of the source
directory for the current `build.info` file and the corresponding build
directory, all relative to the top of the build tree.
`Configure` only knows inherently about the top `build.info` file. For
any other directory that has one, further directories to look into
must be indicated like this:
SUBDIRS=something someelse
On to things to be built; they are declared by setting specific
variables:
PROGRAMS=foo bar
LIBS=libsomething
MODULES=libeng
SCRIPTS=myhack
Note that the files mentioned for PROGRAMS, LIBS and MODULES *must* be
without extensions. The build file templates will figure them out.
For each thing to be built, it is then possible to say what sources
they are built from:
PROGRAMS=foo bar
SOURCE[foo]=foo.c common.c
SOURCE[bar]=bar.c extra.c common.c
It's also possible to tell some other dependencies:
DEPEND[foo]=libsomething
DEPEND[libbar]=libsomethingelse
(it could be argued that 'libsomething' and 'libsomethingelse' are
source as well. However, the files given through SOURCE are expected
to be located in the source tree while files given through DEPEND are
expected to be located in the build tree)
It's also possible to depend on static libraries explicitly:
DEPEND[foo]=libsomething.a
DEPEND[libbar]=libsomethingelse.a
This should be rarely used, and care should be taken to make sure it's
only used when supported. For example, native Windows build doesn't
support building static libraries and DLLs at the same time, so using
static libraries on Windows can only be done when configured
`no-shared`.
In some cases, it's desirable to include some source files in the
shared form of a library only:
SHARED_SOURCE[libfoo]=dllmain.c
For any file to be built, it's also possible to tell what extra
include paths the build of their source files should use:
INCLUDE[foo]=include
It's also possible to specify C macros that should be defined:
DEFINE[foo]=FOO BAR=1
In some cases, one might want to generate some source files from
others, that's done as follows:
GENERATE[foo.s]=asm/something.pl $(CFLAGS)
GENERATE[bar.s]=asm/bar.S
The value of each GENERATE line is a command line or part of it.
Configure places no rules on the command line, except that the first
item must be the generator file. It is, however, entirely up to the
build file template to define exactly how those command lines should
be handled, how the output is captured and so on.
Sometimes, the generator file itself depends on other files, for
example if it is a perl script that depends on other perl modules.
This can be expressed using DEPEND like this:
DEPEND[asm/something.pl]=../perlasm/Foo.pm
There may also be cases where the exact file isn't easily specified,
but an inclusion directory still needs to be specified. INCLUDE can
be used in that case:
INCLUDE[asm/something.pl]=../perlasm
NOTE: GENERATE lines are limited to one command only per GENERATE.
Finally, you can have some simple conditional use of the `build.info`
information, looking like this:
IF[1]
something
ELSIF[2]
something other
ELSE
something else
ENDIF
The expression in square brackets is interpreted as a string in perl,
and will be seen as true if perl thinks it is, otherwise false. For
example, the above would have "something" used, since 1 is true.
Together with the use of Text::Template, this can be used as
conditions based on something in the passed variables, for example:
IF[{- $disabled{shared} -}]
LIBS=libcrypto
SOURCE[libcrypto]=...
ELSE
LIBS=libfoo
SOURCE[libfoo]=...
ENDIF
Build-file programming with the "unified" build system
======================================================
"Build files" are called `Makefile` on Unix-like operating systems,
`descrip.mms` for MMS on VMS, `makefile` for `nmake` on Windows, etc.
To use the "unified" build system, the target configuration needs to
set the three items `build_scheme`, `build_file` and `build_command`.
In the rest of this section, we will assume that `build_scheme` is set
to "unified" (see the configurations documentation above for the
details).
For any name given by `build_file`, the "unified" system expects a
template file in `Configurations/` named like the build file, with
`.tmpl` appended, or in case of possible ambiguity, a combination of
the second `build_scheme` list item and the `build_file` name. For
example, if `build_file` is set to `Makefile`, the template could be
`Configurations/Makefile.tmpl` or `Configurations/unix-Makefile.tmpl`.
In case both `Configurations/unix-Makefile.tmpl` and
`Configurations/Makefile.tmpl` are present, the former takes precedence.
The build-file template is processed with the perl module
Text::Template, using `{-` and `-}` as delimiters that enclose the
perl code fragments that generate configuration-dependent content.
Those perl fragments have access to all the hash variables from
configdata.pem.
The build-file template is expected to define at least the following
perl functions in a perl code fragment enclosed with `{-` and `-}`.
They are all expected to return a string with the lines they produce.
generatesrc - function that produces build file lines to generate
a source file from some input.
It's called like this:
generatesrc(src => "PATH/TO/tobegenerated",
generator => [ "generatingfile", ... ]
generator_incs => [ "INCL/PATH", ... ]
generator_deps => [ "dep1", ... ]
generator => [ "generatingfile", ... ]
incs => [ "INCL/PATH", ... ],
deps => [ "dep1", ... ],
intent => one of "libs", "dso", "bin" );
'src' has the name of the file to be generated.
'generator' is the command or part of command to
generate the file, of which the first item is
expected to be the file to generate from.
generatesrc() is expected to analyse and figure out
exactly how to apply that file and how to capture
the result. 'generator_incs' and 'generator_deps'
are include directories and files that the generator
file itself depends on. 'incs' and 'deps' are
include directories and files that are used if $(CC)
is used as an intermediary step when generating the
end product (the file indicated by 'src'). 'intent'
indicates what the generated file is going to be
used for.
src2obj - function that produces build file lines to build an
object file from source files and associated data.
It's called like this:
src2obj(obj => "PATH/TO/objectfile",
srcs => [ "PATH/TO/sourcefile", ... ],
deps => [ "dep1", ... ],
incs => [ "INCL/PATH", ... ]
intent => one of "lib", "dso", "bin" );
'obj' has the intended object file with '.o'
extension, src2obj() is expected to change it to
something more suitable for the platform.
'srcs' has the list of source files to build the
object file, with the first item being the source
file that directly corresponds to the object file.
'deps' is a list of explicit dependencies. 'incs'
is a list of include file directories. Finally,
'intent' indicates what this object file is going
to be used for.
obj2lib - function that produces build file lines to build a
static library file ("libfoo.a" in Unix terms) from
object files.
called like this:
obj2lib(lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ]);
'lib' has the intended library filename *without*
extension, obj2lib is expected to add that. 'objs'
has the list of object files to build this library.
libobj2shlib - backward compatibility function that's used the
same way as obj2shlib (described next), and was
expected to build the shared library from the
corresponding static library when that was suitable.
NOTE: building a shared library from a static
library is now DEPRECATED, as they no longer share
object files. Attempting to do this will fail.
obj2shlib - function that produces build file lines to build a
shareable object library file ("libfoo.so" in Unix
terms) from the corresponding object files.
called like this:
obj2shlib(shlib => "PATH/TO/shlibfile",
lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/otherlibfile", ... ]);
'lib' has the base (static) library filename
*without* extension. This is useful in case
supporting files are needed (such as import
libraries on Windows).
'shlib' has the corresponding shared library name
*without* extension. 'deps' has the list of other
libraries (also *without* extension) this library
needs to be linked with. 'objs' has the list of
object files to build this library.
obj2dso - function that produces build file lines to build a
dynamic shared object file from object files.
called like this:
obj2dso(lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/otherlibfile",
... ]);
This is almost the same as obj2shlib, but the
intent is to build a shareable library that can be
loaded in runtime (a "plugin"...).
obj2bin - function that produces build file lines to build an
executable file from object files.
called like this:
obj2bin(bin => "PATH/TO/binfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/libfile", ... ]);
'bin' has the intended executable filename
*without* extension, obj2bin is expected to add
that. 'objs' has the list of object files to build
this library. 'deps' has the list of library files
(also *without* extension) that the programs needs
to be linked with.
in2script - function that produces build file lines to build a
script file from some input.
called like this:
in2script(script => "PATH/TO/scriptfile",
sources => [ "PATH/TO/infile", ... ]);
'script' has the intended script filename.
'sources' has the list of source files to build the
resulting script from.
In all cases, file file paths are relative to the build tree top, and
the build file actions run with the build tree top as current working
directory.
Make sure to end the section with these functions with a string that
you thing is appropriate for the resulting build file. If nothing
else, end it like this:
""; # Make sure no lingering values end up in the Makefile
-}
Configure helper scripts
========================
Configure uses helper scripts in this directory:
Checker scripts
---------------
These scripts are per platform family, to check the integrity of the
tools used for configuration and building. The checker script used is
either `{build_platform}-{build_file}-checker.pm` or
`{build_platform}-checker.pm`, where `{build_platform}` is the second
`build_scheme` list element from the configuration target data, and
`{build_file}` is `build_file` from the same target data.
If the check succeeds, the script is expected to end with a non-zero
expression. If the check fails, the script can end with a zero, or
with a `die`.

31
examples/openssl/openssl-3.2.1-src/Configurations/common0.tmpl Normal file

@ -0,0 +1,31 @@
{- # -*- Mode: perl -*-
# Commonly used list of generated files
# The reason for the complexity is that the build.info files provide
# GENERATE rules for *all* platforms without discrimination, while the
# build files only want those for a particular build. Therefore, we
# need to extrapolate exactly what we need to generate. The way to do
# that is to extract all possible source files from diverse tables and
# filter out all that are not generated
my %generatables =
map { $_ => 1 }
( # The sources of stuff may be generated
( map { @{$unified_info{sources}->{$_}} }
keys %{$unified_info{sources}} ),
$disabled{shared}
? ()
: ( map { @{$unified_info{shared_sources}->{$_}} }
keys %{$unified_info{shared_sources}} ),
# Things we explicitly depend on are usually generated
( map { $_ eq "" ? () : @{$unified_info{depends}->{$_}} }
keys %{$unified_info{depends}} ));
our @generated =
sort ( ( grep { defined $unified_info{generate}->{$_} }
sort keys %generatables ),
# Scripts are assumed to be generated, so add them too
( grep { defined $unified_info{sources}->{$_} }
@{$unified_info{scripts}} ) );
# Avoid strange output
"";
-}

1486
examples/openssl/openssl-3.2.1-src/Configurations/descrip.mms.tmpl Normal file

File diff suppressed because it is too large Load Diff

556
examples/openssl/openssl-3.2.1-src/Configurations/gentemplate.pm Normal file

@ -0,0 +1,556 @@
package gentemplate;
use strict;
use warnings;
use Carp;
use Exporter;
use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
@ISA = qw(Exporter);
@EXPORT = qw(gentemplate);
use File::Basename;
sub gentemplate {
my %opts = @_;
my $generator = OpenSSL::GenTemplate->new(%opts);
# Build mandatory header file generators
foreach (@{$generator->{info}->{depends}->{""}}) { $generator->dogenerate($_); }
# Build all known targets, libraries, modules, programs and scripts.
# Everything else will be handled as a consequence.
foreach (@{$generator->{info}->{targets}}) { $generator->dotarget($_); }
foreach (@{$generator->{info}->{libraries}}) { $generator->dolib($_); }
foreach (@{$generator->{info}->{modules}}) { $generator->domodule($_); }
foreach (@{$generator->{info}->{programs}}) { $generator->dobin($_); }
foreach (@{$generator->{info}->{scripts}}) { $generator->doscript($_); }
foreach (sort keys %{$generator->{info}->{htmldocs}}) { $generator->dodocs('html', $_); }
foreach (sort keys %{$generator->{info}->{mandocs}}) { $generator->dodocs('man', $_); }
foreach (sort keys %{$generator->{info}->{dirinfo}}) { $generator->dodir($_); }
}
package OpenSSL::GenTemplate;
use OpenSSL::Util;
sub new {
my $class = shift;
my %opts = @_;
my $data = {
output => $opts{output},
config => $opts{config} // {},
disabled => $opts{disabled} // {},
info => $opts{unified_info} // {},
};
return bless $data, $class;
};
sub emit {
my $self = shift;
my $name = shift;
my %opts = @_;
my $fh = $self->{output};
die "No name?" unless $name;
print $fh "{-\n ", $name, '(', dump_data(\%opts), ');', " \n-}"
unless defined $opts{attrs}->{skip};
}
my $debug_resolvedepends = $ENV{BUILDFILE_DEBUG_DEPENDS};
my $debug_rules = $ENV{BUILDFILE_DEBUG_RULES};
# A cache of objects for which a recipe has already been generated
our %cache;
# collectdepends, expanddepends and reducedepends work together to make
# sure there are no duplicate or weak dependencies and that they are in
# the right order. This is used to sort the list of libraries that a
# build depends on.
sub extensionlesslib {
my @result = map { $_ =~ /(\.a)?$/; $` } @_;
return @result if wantarray;
return $result[0];
}
# collectdepends dives into the tree of dependencies and returns
# a list of all the non-weak ones.
sub collectdepends {
my $self = shift;
return () unless @_;
my $thing = shift;
my $extensionlessthing = extensionlesslib($thing);
my @listsofar = @_; # to check if we're looping
my @list = @{ $self->{info}->{depends}->{$thing} //
$self->{info}->{depends}->{$extensionlessthing}
// [] };
my @newlist = ();
print STDERR "DEBUG[collectdepends] $thing > ", join(' ', @listsofar), "\n"
if $debug_resolvedepends;
foreach my $item (@list) {
my $extensionlessitem = extensionlesslib($item);
# It's time to break off when the dependency list starts looping
next if grep { extensionlesslib($_) eq $extensionlessitem } @listsofar;
# Don't add anything here if the dependency is weak
next if defined $self->{info}->{attributes}->{depends}->{$thing}->{$item}->{'weak'};
my @resolved = $self->collectdepends($item, @listsofar, $item);
push @newlist, $item, @resolved;
}
print STDERR "DEBUG[collectdepends] $thing < ", join(' ', @newlist), "\n"
if $debug_resolvedepends;
@newlist;
}
# expanddepends goes through a list of stuff, checks if they have any
# dependencies, and adds them at the end of the current position if
# they aren't already present later on.
sub expanddepends {
my $self = shift;
my @after = ( @_ );
print STDERR "DEBUG[expanddepends]> ", join(' ', @after), "\n"
if $debug_resolvedepends;
my @before = ();
while (@after) {
my $item = shift @after;
print STDERR "DEBUG[expanddepends]\\ ", join(' ', @before), "\n"
if $debug_resolvedepends;
print STDERR "DEBUG[expanddepends] - ", $item, "\n"
if $debug_resolvedepends;
my @middle = (
$item,
map {
my $x = $_;
my $extlessx = extensionlesslib($x);
if (grep { $extlessx eq extensionlesslib($_) } @before
and
!grep { $extlessx eq extensionlesslib($_) } @after) {
print STDERR "DEBUG[expanddepends] + ", $x, "\n"
if $debug_resolvedepends;
( $x )
} else {
print STDERR "DEBUG[expanddepends] ! ", $x, "\n"
if $debug_resolvedepends;
()
}
} @{$self->{info}->{depends}->{$item} // []}
);
print STDERR "DEBUG[expanddepends] = ", join(' ', @middle), "\n"
if $debug_resolvedepends;
print STDERR "DEBUG[expanddepends]/ ", join(' ', @after), "\n"
if $debug_resolvedepends;
push @before, @middle;
}
print STDERR "DEBUG[expanddepends]< ", join(' ', @before), "\n"
if $debug_resolvedepends;
@before;
}
# reducedepends looks through a list, and checks if each item is
# repeated later on. If it is, the earlier copy is dropped.
sub reducedepends {
my @list = @_;
print STDERR "DEBUG[reducedepends]> ", join(' ', @list), "\n"
if $debug_resolvedepends;
my @newlist = ();
my %replace = ();
while (@list) {
my $item = shift @list;
my $extensionlessitem = extensionlesslib($item);
if (grep { $extensionlessitem eq extensionlesslib($_) } @list) {
if ($item ne $extensionlessitem) {
# If this instance of the library is explicitly static, we
# prefer that to any shared library name, since it must have
# been done on purpose.
$replace{$extensionlessitem} = $item;
}
} else {
push @newlist, $item;
}
}
@newlist = map { $replace{$_} // $_; } @newlist;
print STDERR "DEBUG[reducedepends]< ", join(' ', @newlist), "\n"
if $debug_resolvedepends;
@newlist;
}
# Do it all
# This takes multiple inputs and combine them into a single list of
# interdependent things. The returned value will include all the input.
# Callers are responsible for taking away the things they are building.
sub resolvedepends {
my $self = shift;
print STDERR "DEBUG[resolvedepends] START (", join(', ', @_), ")\n"
if $debug_resolvedepends;
my @all =
reducedepends($self->expanddepends(map { ( $_, $self->collectdepends($_) ) } @_));
print STDERR "DEBUG[resolvedepends] END (", join(', ', @_), ") : ",
join(',', map { "\n $_" } @all), "\n"
if $debug_resolvedepends;
@all;
}
# dogenerate is responsible for producing all the recipes that build
# generated source files. It recurses in case a dependency is also a
# generated source file.
sub dogenerate {
my $self = shift;
my $src = shift;
# Safety measure
return "" unless defined $self->{info}->{generate}->{$src};
return "" if $cache{$src};
my $obj = shift;
my $bin = shift;
my %opts = @_;
if ($self->{info}->{generate}->{$src}) {
die "$src is generated by Configure, should not appear in build file\n"
if ref $self->{info}->{generate}->{$src} eq "";
my $script = $self->{info}->{generate}->{$src}->[0];
my %attrs = %{$self->{info}->{attributes}->{generate}->{$src} // {}};
$self->emit('generatesrc',
src => $src,
product => $bin,
generator => $self->{info}->{generate}->{$src},
generator_incs => $self->{info}->{includes}->{$script} // [],
generator_deps => $self->{info}->{depends}->{$script} // [],
deps => $self->{info}->{depends}->{$src} // [],
incs => [ defined $obj ? @{$self->{info}->{includes}->{$obj} // []} : (),
defined $bin ? @{$self->{info}->{includes}->{$bin} // []} : () ],
defs => [ defined $obj ? @{$self->{info}->{defines}->{$obj} // []} : (),
defined $bin ? @{$self->{info}->{defines}->{$bin} // []} : () ],
attrs => { %attrs },
%opts);
foreach (@{$self->{info}->{depends}->{$src} // []}) {
$self->dogenerate($_, $obj, $bin, %opts);
}
# The generator itself may be is generated
if ($self->{info}->{generate}->{$script}) {
$self->dogenerate($script, $obj, $bin, %opts);
}
}
$cache{$src} = 1;
}
sub dotarget {
my $self = shift;
my $target = shift;
return "" if $cache{$target};
$self->emit('generatetarget',
target => $target,
deps => $self->{info}->{depends}->{$target} // []);
foreach (@{$self->{info}->{depends}->{$target} // []}) {
$self->dogenerate($_);
}
$cache{$target} = 1;
}
# doobj is responsible for producing all the recipes that build
# object files as well as dependency files.
sub doobj {
my $self = shift;
my $obj = shift;
return "" if $cache{$obj};
my $bin = shift;
my %opts = @_;
if (@{$self->{info}->{sources}->{$obj} // []}) {
my @srcs = @{$self->{info}->{sources}->{$obj}};
my @deps = @{$self->{info}->{depends}->{$obj} // []};
my @incs = ( @{$self->{info}->{includes}->{$obj} // []},
@{$self->{info}->{includes}->{$bin} // []} );
my @defs = ( @{$self->{info}->{defines}->{$obj} // []},
@{$self->{info}->{defines}->{$bin} // []} );
print STDERR "DEBUG[doobj] \@srcs for $obj ($bin) : ",
join(",", map { "\n $_" } @srcs), "\n"
if $debug_rules;
print STDERR "DEBUG[doobj] \@deps for $obj ($bin) : ",
join(",", map { "\n $_" } @deps), "\n"
if $debug_rules;
print STDERR "DEBUG[doobj] \@incs for $obj ($bin) : ",
join(",", map { "\n $_" } @incs), "\n"
if $debug_rules;
print STDERR "DEBUG[doobj] \@defs for $obj ($bin) : ",
join(",", map { "\n $_" } @defs), "\n"
if $debug_rules;
print STDERR "DEBUG[doobj] \%opts for $obj ($bin) : ", ,
join(",", map { "\n $_ = $opts{$_}" } sort keys %opts), "\n"
if $debug_rules;
$self->emit('src2obj',
obj => $obj, product => $bin,
srcs => [ @srcs ], deps => [ @deps ],
incs => [ @incs ], defs => [ @defs ],
%opts);
foreach ((@{$self->{info}->{sources}->{$obj}},
@{$self->{info}->{depends}->{$obj} // []})) {
$self->dogenerate($_, $obj, $bin, %opts);
}
}
$cache{$obj} = 1;
}
# Helper functions to grab all applicable intermediary files.
# This is particularly useful when a library is given as source
# rather than a dependency. In that case, we consider it to be a
# container with object file references, or possibly references
# to further libraries to pilfer in the same way.
sub getsrclibs {
my $self = shift;
my $section = shift;
# For all input, see if it sources static libraries. If it does,
# return them together with the result of a recursive call.
map { ( $_, getsrclibs($section, $_) ) }
grep { $_ =~ m|\.a$| }
map { @{$self->{info}->{$section}->{$_} // []} }
@_;
}
sub getlibobjs {
my $self = shift;
my $section = shift;
# For all input, see if it's an intermediary file (library or object).
# If it is, collect the result of a recursive call, or if that returns
# an empty list, the element itself. Return the result.
map {
my @x = $self->getlibobjs($section, @{$self->{info}->{$section}->{$_}});
@x ? @x : ( $_ );
}
grep { defined $self->{info}->{$section}->{$_} }
@_;
}
# dolib is responsible for building libraries. It will call
# obj2shlib if shared libraries are produced, and obj2lib in all
# cases. It also makes sure all object files for the library are
# built.
sub dolib {
my $self = shift;
my $lib = shift;
return "" if $cache{$lib};
my %attrs = %{$self->{info}->{attributes}->{libraries}->{$lib} // {}};
my @deps = ( $self->resolvedepends(getsrclibs('sources', $lib)) );
# We support two types of objs, those who are specific to this library
# (they end up in @objs) and those that we get indirectly, via other
# libraries (they end up in @foreign_objs). We get the latter any time
# someone has done something like this in build.info:
# SOURCE[libfoo.a]=libbar.a
# The indirect object files must be kept in a separate array so they
# don't get rebuilt unnecessarily (and with incorrect auxiliary
# information).
#
# Object files can't be collected commonly for shared and static
# libraries, because we contain their respective object files in
# {shared_sources} and {sources}, and because the implications are
# slightly different for each library form.
#
# We grab all these "foreign" object files recursively with getlibobjs().
unless ($self->{disabled}->{shared} || $lib =~ /\.a$/) {
# If this library sources other static libraries and those
# libraries are marked {noinst}, there's no need to include
# all of their object files. Instead, we treat those static
# libraries as dependents alongside any other library this
# one depends on, and let symbol resolution do its job.
my @sourced_libs = ();
my @objs = ();
my @foreign_objs = ();
my @deps = ();
foreach (@{$self->{info}->{shared_sources}->{$lib} // []}) {
if ($_ !~ m|\.a$|) {
push @objs, $_;
} elsif ($self->{info}->{attributes}->{libraries}->{$_}->{noinst}) {
push @deps, $_;
} else {
push @deps, $self->getsrclibs('sources', $_);
push @foreign_objs, $self->getlibobjs('sources', $_);
}
}
@deps = ( grep { $_ ne $lib } $self->resolvedepends($lib, @deps) );
print STDERR "DEBUG[dolib:shlib] \%attrs for $lib : ", ,
join(",", map { "\n $_ = $attrs{$_}" } sort keys %attrs), "\n"
if %attrs && $debug_rules;
print STDERR "DEBUG[dolib:shlib] \@deps for $lib : ",
join(",", map { "\n $_" } @deps), "\n"
if @deps && $debug_rules;
print STDERR "DEBUG[dolib:shlib] \@objs for $lib : ",
join(",", map { "\n $_" } @objs), "\n"
if @objs && $debug_rules;
print STDERR "DEBUG[dolib:shlib] \@foreign_objs for $lib : ",
join(",", map { "\n $_" } @foreign_objs), "\n"
if @foreign_objs && $debug_rules;
$self->emit('obj2shlib',
lib => $lib,
attrs => { %attrs },
objs => [ @objs, @foreign_objs ],
deps => [ @deps ]);
foreach (@objs) {
# If this is somehow a compiled object, take care of it that way
# Otherwise, it might simply be generated
if (defined $self->{info}->{sources}->{$_}) {
if($_ =~ /\.a$/) {
$self->dolib($_);
} else {
$self->doobj($_, $lib, intent => "shlib", attrs => { %attrs });
}
} else {
$self->dogenerate($_, undef, undef, intent => "lib");
}
}
}
{
# When putting static libraries together, we cannot rely on any
# symbol resolution, so for all static libraries used as source for
# this one, as well as other libraries they depend on, we simply
# grab all their object files unconditionally,
# Symbol resolution will happen when any program, module or shared
# library is linked with this one.
my @objs = ();
my @sourcedeps = ();
my @foreign_objs = ();
foreach (@{$self->{info}->{sources}->{$lib}}) {
if ($_ !~ m|\.a$|) {
push @objs, $_;
} else {
push @sourcedeps, $_;
}
}
@sourcedeps = ( grep { $_ ne $lib } $self->resolvedepends(@sourcedeps) );
print STDERR "DEBUG[dolib:lib] : \@sourcedeps for $_ : ",
join(",", map { "\n $_" } @sourcedeps), "\n"
if @sourcedeps && $debug_rules;
@foreign_objs = $self->getlibobjs('sources', @sourcedeps);
print STDERR "DEBUG[dolib:lib] \%attrs for $lib : ", ,
join(",", map { "\n $_ = $attrs{$_}" } sort keys %attrs), "\n"
if %attrs && $debug_rules;
print STDERR "DEBUG[dolib:lib] \@objs for $lib : ",
join(",", map { "\n $_" } @objs), "\n"
if @objs && $debug_rules;
print STDERR "DEBUG[dolib:lib] \@foreign_objs for $lib : ",
join(",", map { "\n $_" } @foreign_objs), "\n"
if @foreign_objs && $debug_rules;
$self->emit('obj2lib',
lib => $lib, attrs => { %attrs },
objs => [ @objs, @foreign_objs ]);
foreach (@objs) {
$self->doobj($_, $lib, intent => "lib", attrs => { %attrs });
}
}
$cache{$lib} = 1;
}
# domodule is responsible for building modules. It will call
# obj2dso, and also makes sure all object files for the library
# are built.
sub domodule {
my $self = shift;
my $module = shift;
return "" if $cache{$module};
my %attrs = %{$self->{info}->{attributes}->{modules}->{$module} // {}};
my @objs = @{$self->{info}->{sources}->{$module}};
my @deps = ( grep { $_ ne $module }
$self->resolvedepends($module) );
print STDERR "DEBUG[domodule] \%attrs for $module :",
join(",", map { "\n $_ = $attrs{$_}" } sort keys %attrs), "\n"
if $debug_rules;
print STDERR "DEBUG[domodule] \@objs for $module : ",
join(",", map { "\n $_" } @objs), "\n"
if $debug_rules;
print STDERR "DEBUG[domodule] \@deps for $module : ",
join(",", map { "\n $_" } @deps), "\n"
if $debug_rules;
$self->emit('obj2dso',
module => $module,
attrs => { %attrs },
objs => [ @objs ],
deps => [ @deps ]);
foreach (@{$self->{info}->{sources}->{$module}}) {
# If this is somehow a compiled object, take care of it that way
# Otherwise, it might simply be generated
if (defined $self->{info}->{sources}->{$_}) {
$self->doobj($_, $module, intent => "dso", attrs => { %attrs });
} else {
$self->dogenerate($_, undef, $module, intent => "dso");
}
}
$cache{$module} = 1;
}
# dobin is responsible for building programs. It will call obj2bin,
# and also makes sure all object files for the library are built.
sub dobin {
my $self = shift;
my $bin = shift;
return "" if $cache{$bin};
my %attrs = %{$self->{info}->{attributes}->{programs}->{$bin} // {}};
my @objs = @{$self->{info}->{sources}->{$bin}};
my @deps = ( grep { $_ ne $bin } $self->resolvedepends($bin) );
print STDERR "DEBUG[dobin] \%attrs for $bin : ",
join(",", map { "\n $_ = $attrs{$_}" } sort keys %attrs), "\n"
if %attrs && $debug_rules;
print STDERR "DEBUG[dobin] \@objs for $bin : ",
join(",", map { "\n $_" } @objs), "\n"
if @objs && $debug_rules;
print STDERR "DEBUG[dobin] \@deps for $bin : ",
join(",", map { "\n $_" } @deps), "\n"
if @deps && $debug_rules;
$self->emit('obj2bin',
bin => $bin,
attrs => { %attrs },
objs => [ @objs ],
deps => [ @deps ]);
foreach (@objs) {
$self->doobj($_, $bin, intent => "bin", attrs => { %attrs });
}
$cache{$bin} = 1;
}
# doscript is responsible for building scripts from templates. It will
# call in2script.
sub doscript {
my $self = shift;
my $script = shift;
return "" if $cache{$script};
$self->emit('in2script',
script => $script,
attrs => $self->{info}->{attributes}->{scripts}->{$script} // {},
sources => $self->{info}->{sources}->{$script});
$cache{$script} = 1;
}
sub dodir {
my $self = shift;
my $dir = shift;
return "" if !exists(&generatedir) or $cache{$dir};
$self->emit('generatedir',
dir => $dir,
deps => $self->{info}->{dirinfo}->{$dir}->{deps} // [],
%{$self->{info}->{dirinfo}->{$_}->{products}});
$cache{$dir} = 1;
}
# dodocs is responsible for building documentation from .pods.
# It will call generatesrc.
sub dodocs {
my $self = shift;
my $type = shift;
my $section = shift;
foreach my $doc (@{$self->{info}->{"${type}docs"}->{$section}}) {
next if $cache{$doc};
$self->emit('generatesrc',
src => $doc,
generator => $self->{info}->{generate}->{$doc});
foreach ((@{$self->{info}->{depends}->{$doc} // []})) {
$self->dogenerate($_, undef, undef);
}
$cache{$doc} = 1;
}
}
1;

18
examples/openssl/openssl-3.2.1-src/Configurations/platform.pm Normal file

@ -0,0 +1,18 @@
package platform;
use strict;
use warnings;
use vars qw(@ISA);
# Callers must make sure @INC has the build directory
use configdata;
my $module = $target{perl_platform} || 'Unix';
(my $module_path = $module) =~ s|::|/|g;
require "platform/$module_path.pm";
@ISA = ("platform::$module");
1;
__END__

29
examples/openssl/openssl-3.2.1-src/Configurations/platform/AIX.pm Normal file

@ -0,0 +1,29 @@
package platform::AIX;
use strict;
use warnings;
use Carp;
use vars qw(@ISA);
require platform::Unix;
@ISA = qw(platform::Unix);
# Assume someone set @INC right before loading this module
use configdata;
sub dsoext { '.so' }
sub shlibextsimple { '.a' }
# In shared mode, the default static library names clashes with the final
# "simple" full shared library name, so we add '_a' to the basename of the
# static libraries in that case.
sub staticname {
# Non-installed libraries are *always* static, and their names remain
# the same, except for the mandatory extension
my $in_libname = platform::BASE->staticname($_[1]);
return $in_libname
if $unified_info{attributes}->{libraries}->{$_[1]}->{noinst};
return platform::BASE->staticname($_[1]) . ($disabled{shared} ? '' : '_a');
}

99
examples/openssl/openssl-3.2.1-src/Configurations/platform/BASE.pm Normal file

@ -0,0 +1,99 @@
package platform::BASE;
use strict;
use warnings;
use Carp;
# Assume someone set @INC right before loading this module
use configdata;
# Globally defined "platform specific" extensions, available for uniformity
sub depext { '.d' }
# Functions to convert internal file representations to platform specific
# ones. Note that these all depend on extension functions that MUST be
# defined per platform.
#
# Currently known internal or semi-internal extensions are:
#
# .a For libraries that are made static only.
# Internal libraries only.
# .o For object files.
# .s, .S Assembler files. This is an actual extension on Unix
# .res Resource file. This is an actual extension on Windows
sub binname { return $_[1] } # Name of executable binary
sub dsoname { return $_[1] } # Name of dynamic shared object (DSO)
sub sharedname { return __isshared($_[1]) ? $_[1] : undef } # Name of shared lib
sub staticname { return __base($_[1], '.a') } # Name of static lib
# Convenience function to convert the shlib version to an acceptable part
# of a file or directory name. By default, we consider it acceptable as is.
sub shlib_version_as_filename { return $config{shlib_version} }
# Convenience functions to convert the possible extension of an input file name
sub bin { return $_[0]->binname($_[1]) . $_[0]->binext() }
sub dso { return $_[0]->dsoname($_[1]) . $_[0]->dsoext() }
sub sharedlib { return __concat($_[0]->sharedname($_[1]), $_[0]->shlibext()) }
sub staticlib { return $_[0]->staticname($_[1]) . $_[0]->libext() }
# More convenience functions for intermediary files
sub def { return __base($_[1], '.ld') . $_[0]->defext() }
sub obj { return __base($_[1], '.o') . $_[0]->objext() }
sub res { return __base($_[1], '.res') . $_[0]->resext() }
sub dep { return __base($_[1], '.o') . $_[0]->depext() } # <- objname
sub asm { return __base($_[1], '.s') . $_[0]->asmext() }
# Another set of convenience functions for standard checks of certain
# internal extensions and conversion from internal to platform specific
# extension. Note that the latter doesn't deal with libraries because
# of ambivalence
sub isdef { return $_[1] =~ m|\.ld$|; }
sub isobj { return $_[1] =~ m|\.o$|; }
sub isres { return $_[1] =~ m|\.res$|; }
sub isasm { return $_[1] =~ m|\.s$|; }
sub iscppasm { return $_[1] =~ m|\.S$|; }
sub isstaticlib { return $_[1] =~ m|\.a$|; }
sub convertext {
if ($_[0]->isdef($_[1])) { return $_[0]->def($_[1]); }
if ($_[0]->isobj($_[1])) { return $_[0]->obj($_[1]); }
if ($_[0]->isres($_[1])) { return $_[0]->res($_[1]); }
if ($_[0]->isasm($_[1])) { return $_[0]->asm($_[1]); }
if ($_[0]->isstaticlib($_[1])) { return $_[0]->staticlib($_[1]); }
return $_[1];
}
# Helpers ############################################################
# __base EXPR, LIST
# This returns the given path (EXPR) with the matching suffix from LIST stripped
sub __base {
my $path = shift;
foreach (@_) {
if ($path =~ m|\Q${_}\E$|) {
return $`;
}
}
return $path;
}
# __isshared EXPR
# EXPR is supposed to be a library name. This will return true if that library
# can be assumed to be a shared library, otherwise false
sub __isshared {
return !($disabled{shared} || $_[0] =~ /\.a$/);
}
# __concat LIST
# Returns the concatenation of all elements of LIST if none of them is
# undefined. If one of them is undefined, returns undef instead.
sub __concat {
my $result = '';
foreach (@_) {
return undef unless defined $_;
$result .= $_;
}
return $result;
}
1;

22
examples/openssl/openssl-3.2.1-src/Configurations/platform/Cygwin.pm Normal file

@ -0,0 +1,22 @@
package platform::Cygwin;
use strict;
use warnings;
use Carp;
use vars qw(@ISA);
require platform::mingw;
@ISA = qw(platform::mingw);
# Assume someone set @INC right before loading this module
use configdata;
sub sharedname {
my $class = shift;
my $lib = platform::mingw->sharedname(@_);
$lib =~ s|^lib|cyg| if defined $lib;
return $lib;
}
1;

87
examples/openssl/openssl-3.2.1-src/Configurations/platform/Unix.pm Normal file

@ -0,0 +1,87 @@
package platform::Unix;
use strict;
use warnings;
use Carp;
use vars qw(@ISA);
require platform::BASE;
@ISA = qw(platform::BASE);
# Assume someone set @INC right before loading this module
use configdata;
sub binext { $target{exe_extension} || '' }
sub dsoext { $target{dso_extension} || platform->shlibextsimple()
|| '.so' }
# Because these are also used in scripts and not just Makefile, we must
# convert $(SHLIB_VERSION_NUMBER) to the actual number.
sub shlibext { (my $x = $target{shared_extension}
|| '.so.$(SHLIB_VERSION_NUMBER)')
=~ s|\.\$\(SHLIB_VERSION_NUMBER\)
|.$config{shlib_version}|x;
$x; }
sub libext { $target{lib_extension} || '.a' }
sub defext { $target{def_extension} || '.ld' }
sub objext { $target{obj_extension} || '.o' }
sub depext { $target{obj_extension} || '.d' }
# Other extra that aren't defined in platform::BASE
sub shlibextsimple { (my $x = $target{shared_extension} || '.so')
=~ s|\.\$\(SHLIB_VERSION_NUMBER\)||;
$x; }
sub shlibvariant { $target{shlib_variant} || "" }
sub makedepcmd { $disabled{makedepend} ? undef : $config{makedepcmd} }
# No conversion of assembler extension on Unix
sub asm {
return $_[1];
}
# At some point, we might decide that static libraries are called something
# other than the default...
sub staticname {
# Non-installed libraries are *always* static, and their names remain
# the same, except for the mandatory extension
my $in_libname = platform::BASE->staticname($_[1]);
return $in_libname
if $unified_info{attributes}->{libraries}->{$_[1]}->{noinst};
# We currently return the same name anyway... but we might choose to
# append '_static' or '_a' some time in the future.
return platform::BASE->staticname($_[1]);
}
sub sharedname {
return platform::BASE::__concat(platform::BASE->sharedname($_[1]),
($_[0]->shlibvariant() // ''));
}
sub sharedname_simple {
return platform::BASE::__isshared($_[1]) ? $_[1] : undef;
}
sub sharedlib_simple {
# This function returns the simplified shared library name (no version
# or variant in the shared library file name) if the simple variants of
# the base name or the suffix differ from the full variants of the same.
# Note: if $_[1] isn't a shared library name, then $_[0]->sharedname()
# and $_[0]->sharedname_simple() will return undef. This needs being
# accounted for.
my $name = $_[0]->sharedname($_[1]);
my $simplename = $_[0]->sharedname_simple($_[1]);
my $ext = $_[0]->shlibext();
my $simpleext = $_[0]->shlibextsimple();
return undef unless defined $simplename && defined $name;
return undef if ($name eq $simplename && $ext eq $simpleext);
return platform::BASE::__concat($simplename, $simpleext);
}
sub sharedlib_import {
return undef;
}
1;

65
examples/openssl/openssl-3.2.1-src/Configurations/platform/VMS.pm Normal file

@ -0,0 +1,65 @@
package platform::VMS;
use strict;
use warnings;
use Carp;
use vars qw(@ISA);
require platform::BASE;
@ISA = qw(platform::BASE);
# Assume someone set @INC right before loading this module
use configdata;
# VMS has a cultural standard where all installed libraries are prefixed.
# For OpenSSL, the choice is 'ossl$' (this prefix was claimed in a
# conversation with VSI, Tuesday January 26 2016)
sub osslprefix { 'OSSL$' }
sub binext { '.EXE' }
sub dsoext { '.EXE' }
sub shlibext { '.EXE' }
sub libext { '.OLB' }
sub defext { '.OPT' }
sub objext { '.OBJ' }
sub depext { '.D' }
sub asmext { '.ASM' }
# Other extra that aren't defined in platform::BASE
sub shlibvariant { $target{shlib_variant} || '' }
sub optext { '.OPT' }
sub optname { return $_[1] }
sub opt { return $_[0]->optname($_[1]) . $_[0]->optext() }
# Other projects include the pointer size in the name of installed libraries,
# so we do too.
sub staticname {
# Non-installed libraries are *always* static, and their names remain
# the same, except for the mandatory extension
my $in_libname = platform::BASE->staticname($_[1]);
return $in_libname
if $unified_info{attributes}->{libraries}->{$_[1]}->{noinst};
return platform::BASE::__concat($_[0]->osslprefix(),
platform::BASE->staticname($_[1]),
$target{pointer_size});
}
# To enable installation of multiple major OpenSSL releases, we include the
# version number in installed shared library names.
my $sover_filename =
join('', map { sprintf "%02d", $_ } split(m|\.|, $config{shlib_version}));
sub shlib_version_as_filename {
return $sover_filename;
}
sub sharedname {
return platform::BASE::__concat($_[0]->osslprefix(),
platform::BASE->sharedname($_[1]),
$_[0]->shlib_version_as_filename(),
($_[0]->shlibvariant() // ''),
"_shr$target{pointer_size}");
}
1;

64
examples/openssl/openssl-3.2.1-src/Configurations/platform/Windows.pm Normal file

@ -0,0 +1,64 @@
package platform::Windows;
use strict;
use warnings;
use Carp;
use vars qw(@ISA);
require platform::BASE;
@ISA = qw(platform::BASE);
# Assume someone set @INC right before loading this module
use configdata;
sub binext { '.exe' }
sub dsoext { '.dll' }
sub shlibext { '.dll' }
sub libext { '.lib' }
sub defext { '.def' }
sub objext { '.obj' }
sub depext { '.d' }
sub asmext { '.asm' }
# Other extra that aren't defined in platform::BASE
sub resext { '.res' }
sub shlibextimport { '.lib' }
sub shlibvariant { $target{shlib_variant} || '' }
sub staticname {
# Non-installed libraries are *always* static, and their names remain
# the same, except for the mandatory extension
my $in_libname = platform::BASE->staticname($_[1]);
return $in_libname
if $unified_info{attributes}->{libraries}->{$_[1]}->{noinst};
# To make sure not to clash with an import library, we make the static
# variant of our installed libraries get '_static' added to their names.
return platform::BASE->staticname($_[1])
. ($disabled{shared} ? '' : '_static');
}
# To mark forward compatibility, we include the OpenSSL major release version
# number in the installed shared library names.
(my $sover_filename = $config{shlib_version}) =~ s|\.|_|g;
sub shlib_version_as_filename {
return $sover_filename
}
sub sharedname {
return platform::BASE::__concat(platform::BASE->sharedname($_[1]),
"-",
$_[0]->shlib_version_as_filename(),
($_[0]->shlibvariant() // ''));
}
sub sharedname_import {
return platform::BASE::__isshared($_[1]) ? $_[1] : undef;
}
sub sharedlib_import {
return platform::BASE::__concat($_[0]->sharedname_import($_[1]),
$_[0]->shlibextimport());
}
1;

44
examples/openssl/openssl-3.2.1-src/Configurations/platform/Windows/MSVC.pm Normal file

@ -0,0 +1,44 @@
package platform::Windows::MSVC;
use strict;
use warnings;
use Carp;
use vars qw(@ISA);
require platform::Windows;
@ISA = qw(platform::Windows);
# Assume someone set @INC right before loading this module
use configdata;
sub pdbext { '.pdb' }
# It's possible that this variant of |sharedname| should be in Windows.pm.
# However, this variant was VC only in 1.1.1, so we maintain that here until
# further notice.
sub sharedname {
return platform::BASE::__concat(platform::BASE->sharedname($_[1]),
"-",
$_[0]->shlib_version_as_filename(),
($target{multilib} // '' ),
($_[0]->shlibvariant() // ''));
}
sub staticlibpdb {
return platform::BASE::__concat($_[0]->staticname($_[1]), $_[0]->pdbext());
}
sub sharedlibpdb {
return platform::BASE::__concat($_[0]->sharedname($_[1]), $_[0]->pdbext());
}
sub dsopdb {
return platform::BASE::__concat($_[0]->dsoname($_[1]), $_[0]->pdbext());
}
sub binpdb {
return platform::BASE::__concat($_[0]->binname($_[1]), $_[0]->pdbext());
}
1;

16
examples/openssl/openssl-3.2.1-src/Configurations/platform/Windows/cppbuilder.pm Normal file

@ -0,0 +1,16 @@
package platform::Windows::cppbuilder;
use vars qw(@ISA);
require platform::Windows::MSVC;
@ISA = qw(platform::Windows::MSVC);
sub pdbext { '.tds' }
# C++Builder's Clang-based compilers prepend an underscore to __cdecl-convention
# C functions, and the linker needs those as the InternalName in the .def file.
sub export2internal {
return "_$_[1]";
}
1;

51
examples/openssl/openssl-3.2.1-src/Configurations/platform/mingw.pm Normal file

@ -0,0 +1,51 @@
package platform::mingw;
use strict;
use warnings;
use Carp;
use vars qw(@ISA);
require platform::Unix;
@ISA = qw(platform::Unix);
# Assume someone set @INC right before loading this module
use configdata;
sub binext { '.exe' }
sub objext { '.obj' }
sub libext { '.a' }
sub dsoext { '.dll' }
sub defext { '.def' }
# Other extra that aren't defined in platform::BASE
sub resext { '.res.obj' }
sub shlibext { '.dll' }
sub shlibextimport { $target{shared_import_extension} || '.dll.a' }
sub shlibextsimple { undef }
sub makedepcmd { $disabled{makedepend} ? undef : $config{makedepcmd} }
(my $sover_filename = $config{shlib_version}) =~ s|\.|_|g;
sub shlib_version_as_filename {
return $sover_filename;
}
sub sharedname {
return platform::BASE::__concat(platform::BASE->sharedname($_[1]),
"-",
$_[0]->shlib_version_as_filename(),
($config{target} eq "mingw64"
? "-x64" : ""));
}
# With Mingw and other DLL producers, there isn't any "simpler" shared
# library name. However, there is a static import library.
sub sharedlib_simple {
return undef;
}
sub sharedlib_import {
return platform::BASE::__concat(platform::BASE->sharedname($_[1]),
$_[0]->shlibextimport());
}
1;

100
examples/openssl/openssl-3.2.1-src/Configurations/shared-info.pl Normal file

@ -0,0 +1,100 @@
#! /usr/bin/env perl
# -*- mode: perl; -*-
# Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
# This is a collection of extra attributes to be used as input for creating
# shared libraries, currently on any Unix variant, including Unix like
# environments on Windows.
sub detect_gnu_ld {
my @lines =
`$config{CROSS_COMPILE}$config{CC} -Wl,-V /dev/null 2>&1`;
return grep /^GNU ld/, @lines;
}
sub detect_gnu_cc {
my @lines =
`$config{CROSS_COMPILE}$config{CC} -v 2>&1`;
return grep /gcc/, @lines;
}
my %shared_info;
%shared_info = (
'gnu-shared' => {
shared_ldflag => '-shared -Wl,-Bsymbolic',
shared_sonameflag => '-Wl,-soname=',
},
'linux-shared' => sub {
return {
%{$shared_info{'gnu-shared'}},
shared_defflag => '-Wl,--version-script=',
dso_ldflags =>
(grep /(?:^|\s)-fsanitize/,
@{$config{CFLAGS}}, @{$config{cflags}})
? ''
: '-Wl,-z,defs',
};
},
'bsd-gcc-shared' => sub { return $shared_info{'linux-shared'}; },
'bsd-gcc-nodef-shared' => sub {
return {
%{$shared_info{'gnu-shared'}},
shared_defflags => '-Wl,--version-script=',
};
},
'darwin-shared' => {
module_ldflags => '-bundle',
shared_ldflag => '-dynamiclib -current_version $(SHLIB_VERSION_NUMBER) -compatibility_version $(SHLIB_VERSION_NUMBER)',
shared_sonameflag => '-install_name $(libdir)/',
},
'cygwin-shared' => {
shared_ldflag => '-shared -Wl,--enable-auto-image-base',
shared_impflag => '-Wl,--out-implib=',
},
'mingw-shared' => sub {
return {
%{$shared_info{'cygwin-shared'}},
# def_flag made to empty string so it still generates
# something
shared_defflag => '',
shared_argfileflag => '@',
};
},
'alpha-osf1-shared' => sub {
return $shared_info{'gnu-shared'} if detect_gnu_ld();
return {
module_ldflags => '-shared -Wl,-Bsymbolic',
shared_ldflag => '-shared -Wl,-Bsymbolic -set_version $(SHLIB_VERSION_NUMBER)',
};
},
'svr3-shared' => sub {
return $shared_info{'gnu-shared'} if detect_gnu_ld();
return {
shared_ldflag => '-G',
shared_sonameflag => '-h ',
};
},
'svr5-shared' => sub {
return $shared_info{'gnu-shared'} if detect_gnu_ld();
return {
shared_ldflag => detect_gnu_cc() ? '-shared' : '-G',
shared_sonameflag => '-h ',
};
},
'solaris-gcc-shared' => sub {
return $shared_info{'linux-shared'} if detect_gnu_ld();
return {
# Note: we should also have -shared here, but because some
# config targets define it with an added -static-libgcc
# following it, we don't want to change the order. This
# forces all solaris gcc config targets to define shared_ldflag
shared_ldflag => '-Wl,-Bsymbolic',
shared_defflag => "-Wl,-M,",
shared_sonameflag => "-Wl,-h,",
};
},
);

2072
examples/openssl/openssl-3.2.1-src/Configurations/unix-Makefile.tmpl Normal file

File diff suppressed because it is too large Load Diff

22
examples/openssl/openssl-3.2.1-src/Configurations/unix-checker.pm Normal file

@ -0,0 +1,22 @@
#! /usr/bin/env perl
use Config;
# Check that the perl implementation file modules generate paths that
# we expect for the platform
use File::Spec::Functions qw(:DEFAULT rel2abs);
if (rel2abs('.') !~ m|/|) {
die <<EOF;
******************************************************************************
This perl implementation doesn't produce Unix like paths (with forward slash
directory separators). Please use an implementation that matches your
building platform.
This Perl version: $Config{version} for $Config{archname}
******************************************************************************
EOF
}
1;

22
examples/openssl/openssl-3.2.1-src/Configurations/windows-checker.pm Normal file

@ -0,0 +1,22 @@
#! /usr/bin/env perl
use Config;
# Check that the perl implementation file modules generate paths that
# we expect for the platform
use File::Spec::Functions qw(:DEFAULT rel2abs);
if (!$ENV{CONFIGURE_INSIST} && rel2abs('.') !~ m|\\|) {
die <<EOF;
******************************************************************************
This perl implementation doesn't produce Windows like paths (with backward
slash directory separators). Please use an implementation that matches your
building platform.
This Perl version: $Config{version} for $Config{archname}
******************************************************************************
EOF
}
1;

1082
examples/openssl/openssl-3.2.1-src/Configurations/windows-makefile.tmpl Normal file

File diff suppressed because it is too large Load Diff

3683
examples/openssl/openssl-3.2.1-src/Configure Executable file

File diff suppressed because it is too large Load Diff

6
examples/openssl/openssl-3.2.1-src/FAQ.md Normal file

@ -0,0 +1,6 @@
Frequently Asked Questions (FAQ)
================================
The [Frequently Asked Questions][FAQ] are now maintained on the OpenSSL homepage.
[FAQ]: https://www.openssl.org/docs/faq.html

33
examples/openssl/openssl-3.2.1-src/HACKING.md Normal file

@ -0,0 +1,33 @@
MODIFYING OPENSSL SOURCE
========================
This document describes the way to add custom modifications to OpenSSL sources.
If you are adding new public functions to the custom library build, you need to
either add a prototype in one of the existing OpenSSL header files;
or provide a new header file and edit
[Configurations/unix-Makefile.tmpl](Configurations/unix-Makefile.tmpl)
to pick up that file.
After that, perform the following steps:
./Configure -Werror --strict-warnings [your-options]
make update
make
make test
`make update` ensures that your functions declarations are added to
`util/libcrypto.num` or `util/libssl.num`.
If you plan to submit the changes you made to OpenSSL
(see [CONTRIBUTING.md](CONTRIBUTING.md)), it's worth running:
make doc-nits
after running `make update` to ensure that documentation has correct format.
`make update` also generates files related to OIDs (in the `crypto/objects/`
folder) and errors.
If a merge error occurs in one of these generated files, then the
generated files need to be removed and regenerated using `make update`.
To aid in this process, the generated files can be committed separately
so they can be removed easily.

1943
examples/openssl/openssl-3.2.1-src/INSTALL.md Normal file

File diff suppressed because it is too large Load Diff

177
examples/openssl/openssl-3.2.1-src/LICENSE.txt Normal file

@ -0,0 +1,177 @@
Apache License
Version 2.0, January 2004
https://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS

77326
examples/openssl/openssl-3.2.1-src/Makefile Normal file

File diff suppressed because one or more lines are too long

11524
examples/openssl/openssl-3.2.1-src/Makefile.in Normal file

File diff suppressed because one or more lines are too long

1754
examples/openssl/openssl-3.2.1-src/NEWS.md Normal file

File diff suppressed because it is too large Load Diff

90
examples/openssl/openssl-3.2.1-src/NOTES-ANDROID.md Normal file

@ -0,0 +1,90 @@
Notes for Android platforms
===========================
Requirement details
-------------------
Beside basic tools like perl and make, you'll need to download the Android
NDK. It's available for Linux, macOS and Windows, but only Linux
version was actually tested. There is no reason to believe that macOS
wouldn't work. And as for Windows, it's unclear which "shell" would be
suitable, MSYS2 might have best chances. NDK version should play lesser
role, the goal is to support a range of most recent versions.
Configuration
-------------
Android is a cross-compiled target and you can't rely on `./Configure`
to find out the configuration target for you. You have to name your
target explicitly; there are `android-arm`, `android-arm64`, `android-mips`,
`android-mip64`, `android-x86` and `android-x86_64` (`*MIPS` targets are no
longer supported with NDK R20+).
Do not pass --cross-compile-prefix (as you might be tempted), as it
will be "calculated" automatically based on chosen platform. However,
you still need to know the prefix to extend your PATH, in order to
invoke `$(CROSS_COMPILE)clang` [`*gcc` on NDK 19 and lower] and company.
(`./Configure` will fail and give you a hint if you get it wrong.)
Apart from `PATH` adjustment, you need to set `ANDROID_NDK_ROOT` environment
to point at the `NDK` directory. If you're using a side-by-side NDK the path
will look something like `/some/where/android-sdk/ndk/<ver>`, and for a
standalone NDK the path will be something like `/some/where/android-ndk-<ver>`.
Both variables are significant at both configuration and compilation times.
The NDK customarily supports multiple Android API levels, e.g. `android-14`,
`android-21`, etc. By default, latest API level is chosen. If you need to target
an older platform pass the argument `-D__ANDROID_API__=N` to `Configure`,
with `N` being the numerical value of the target platform version. For example,
to compile for Android 10 arm64 with a side-by-side NDK r20.0.5594570
export ANDROID_NDK_ROOT=/home/whoever/Android/android-sdk/ndk/20.0.5594570
PATH=$ANDROID_NDK_ROOT/toolchains/llvm/prebuilt/linux-x86_64/bin:$ANDROID_NDK_ROOT/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/bin:$PATH
./Configure android-arm64 -D__ANDROID_API__=29
make
Older versions of the NDK have GCC under their common prebuilt tools
directory, so the bin path will be slightly different. EG: to compile
for ICS on ARM with NDK 10d:
export ANDROID_NDK_ROOT=/some/where/android-ndk-10d
PATH=$ANDROID_NDK_ROOT/toolchains/arm-linux-androideabi-4.8/prebuilt/linux-x86_64/bin:$PATH
./Configure android-arm -D__ANDROID_API__=14
make
Caveat lector! Earlier OpenSSL versions relied on additional `CROSS_SYSROOT`
variable set to `$ANDROID_NDK_ROOT/platforms/android-<api>/arch-<arch>` to
appoint headers-n-libraries' location. It's still recognized in order
to facilitate migration from older projects. However, since API level
appears in `CROSS_SYSROOT` value, passing `-D__ANDROID_API__=N` can be in
conflict, and mixing the two is therefore not supported. Migration to
`CROSS_SYSROOT`-less setup is recommended.
One can engage clang by adjusting PATH to cover the same NDK's clang. Just
keep in mind that if you miss it, Configure will try to use gcc...
Also, PATH would need even further adjustment to cover unprefixed, yet
target-specific, ar and ranlib. It's possible that you don't need to
bother, if binutils-multiarch is installed on your Linux system.
Another option is to create so called "standalone toolchain" tailored
for single specific platform including Android API level, and assign its
location to `ANDROID_NDK_ROOT`. In such case, you have to pass matching
target name to Configure and shouldn't use `-D__ANDROID_API__=N`. `PATH`
adjustment becomes simpler, `$ANDROID_NDK_ROOT/bin:$PATH` suffices.
Running tests (on Linux)
------------------------
This is not actually supported. Notes are meant rather as inspiration.
Even though build output targets alien system, it's possible to execute
test suite on Linux system by employing qemu-user. The trick is static
linking. Pass -static to Configure, then edit generated Makefile and
remove occurrences of -ldl and -pie flags. You would also need to pick
API version that comes with usable static libraries, 42/2=21 used to
work. Once built, you should be able to
env EXE_SHELL=qemu-<arch> make test
If you need to pass additional flag to qemu, quotes are your friend, e.g.
env EXE_SHELL="qemu-mips64el -cpu MIPS64R6-generic" make test

46
examples/openssl/openssl-3.2.1-src/NOTES-DJGPP.md Normal file

@ -0,0 +1,46 @@
Notes for the DOS platform with DJGPP
=====================================
OpenSSL has been ported to DJGPP, a Unix look-alike 32-bit run-time
environment for 16-bit DOS, but only with long filename support.
If you wish to compile on native DOS with 8+3 filenames, you will
have to tweak the installation yourself, including renaming files
with illegal or duplicate names.
You should have a full DJGPP environment installed, including the
latest versions of DJGPP, GCC, BINUTILS, BASH, etc. This package
requires that PERL and the PERL module `Text::Template` also be
installed (see [NOTES-PERL.md](NOTES-PERL.md)).
All of these can be obtained from the usual DJGPP mirror sites or
directly at <http://www.delorie.com/pub/djgpp>. For help on which
files to download, see the DJGPP "ZIP PICKER" page at
<http://www.delorie.com/djgpp/zip-picker.html>. You also need to have
the WATT-32 networking package installed before you try to compile
OpenSSL. This can be obtained from <http://www.watt-32.net/>.
The Makefile assumes that the WATT-32 code is in the directory
specified by the environment variable WATT_ROOT. If you have watt-32
in directory `watt32` under your main DJGPP directory, specify
`WATT_ROOT="/dev/env/DJDIR/watt32"`.
To compile OpenSSL, start your BASH shell, then configure for DJGPP by
running `./Configure` with appropriate arguments:
./Configure no-threads --prefix=/dev/env/DJDIR DJGPP
And finally fire up `make`. You may run out of DPMI selectors when
running in a DOS box under Windows. If so, just close the BASH
shell, go back to Windows, and restart BASH. Then run `make` again.
RUN-TIME CAVEAT LECTOR
--------------
Quoting FAQ:
"Cryptographic software needs a source of unpredictable data to work
correctly. Many open source operating systems provide a "randomness
device" (`/dev/urandom` or `/dev/random`) that serves this purpose."
As of version 0.9.7f DJGPP port checks upon `/dev/urandom$` for a 3rd
party "randomness" DOS driver. One such driver, `NOISE.SYS`, can be
obtained from <http://www.rahul.net/dkaufman/index.html>.

252
examples/openssl/openssl-3.2.1-src/NOTES-NONSTOP.md Normal file

@ -0,0 +1,252 @@
NOTES FOR THE HPE NONSTOP PLATFORM
==============================
Requirement details
-------------------
In addition to the requirements and instructions listed
in [INSTALL.md](INSTALL.md), the following are required as well:
* The TNS/X platform supports hardware randomization.
Specify the `--with-rand-seed=rdcpu` option to the `./Configure` script.
This is recommended but not required. `egd` is supported at 3.0 but cannot
be used if FIPS is selected.
* The TNS/E platform does not support hardware randomization, so
specify the `--with-rand-seed=egd` option to the `./Configure` script.
About c99 compiler
------------------
The c99 compiler is required for building OpenSSL from source. While c11
may work, it has not been broadly tested. c99 is the only compiler
prerequisite needed to build OpenSSL 3.0 on this platform. You should also
have the FLOSS package installed on your system. The ITUGLIB FLOSS package
is the only FLOSS variant that has been broadly tested.
Threading Models
----------------
OpenSSL can be built either using the POSIX User Threads (PUT) threading model,
or with threading support disabled. Select the following build configuration
for each on the TNS/X (L-Series) platform:
* `nonstop-nsx` or default will select an unthreaded 32-bit build.
* `nonstop-nsx_64` selects an unthreaded 64-bit memory and file length build.
* `nonstop-nsx_put` selects the PUT build.
* `nonstop-nsx_64_put` selects the 64-bit memory and file length PUT build.
The SPT threading model is no longer supported as of OpenSSL 3.2.
### TNS/E Considerations
The TNS/E platform is build using the same set of builds specifying `nse`
instead of `nsx` in the set above.
You cannot build for TNS/E for FIPS, so you must specify the `no-fips`
option to `./Configure`.
Linking and Loading Considerations
----------------------------------
Because of how the NonStop Common Runtime Environment (CRE) works, there are
restrictions on how programs can link and load with OpenSSL libraries.
On current NonStop platforms, programs cannot both statically link OpenSSL
libraries and dynamically load OpenSSL shared libraries concurrently. If this
is done, there is a high probability of encountering a SIGSEGV condition
relating to `atexit()` processing when a shared library is unloaded and when
the program terminates. This limitation applies to all OpenSSL shared library
components.
A resolution to this situation is under investigation.
About Prefix and OpenSSLDir
---------------------------
Because there are many potential builds that must co-exist on any given
NonStop node, managing the location of your build distribution is crucial.
Keep each destination separate and distinct. Mixing any mode described in
this document can cause application instability. The recommended approach
is to specify the OpenSSL version and threading model in your configuration
options, and keeping your memory and float options consistent, for example:
* For 1.1 `--prefix=/usr/local-ssl1.1 --openssldir=/usr/local-ssl1.1/ssl`
* For 1.1 PUT `--prefix=/usr/local-ssl1.1_put --openssldir=/usr/local-ssl1.1_put/ssl`
As of 3.0, the NonStop configurations use the multilib attribute to distinguish
between different models:
* For 3.0 `--prefix=/usr/local-ssl3.0 --openssldir=/usr/local-ssl3.0/ssl`
The PUT model is placed in `${prefix}/lib-put` for 32-bit models and
`${prefix}/lib64-put` for 64-bit models.
Use the `_RLD_LIB_PATH` environment variable in OSS to select the appropriate
directory containing `libcrypto.so` and `libssl.so`. In GUARDIAN, use the
`=_RLD_LIB_PATH` search define to locate the GUARDIAN subvolume where OpenSSL
is installed.
Float Considerations
--------------------
OpenSSL is built using IEEE Float mode by default. If you need a different
IEEE mode, create a new configuration specifying `tfloat-x86-64` (for Tandem
Float) or `nfloat-x86-64` (for Neutral Float).
Memory Models
-------------
The current OpenSSL default memory model uses the default platform address
model. If you need a different address model, you must specify the appropriate
c99 options for compile (`CFLAGS`) and linkers (`LDFLAGS`).
Cross Compiling on Windows
--------------------------
To configure and compile OpenSSL, you will need to set up a Cygwin environment.
The Cygwin tools should include bash, make, and any other normal tools required
for building programs.
Your `PATH` must include the bin directory for the c99 cross-compiler, as in:
export PATH=/cygdrive/c/Program\ Files\ \(x86\)/HPE\ NonStop/L16.05/usr/bin:$PATH
This should be set before Configure is run. For the c99 cross-compiler to work
correctly, you also need the `COMP_ROOT` set, as in:
export COMP_ROOT="C:\Program Files (x86)\HPE NonStop\L16.05"
`COMP_ROOT` needs to be in Windows form.
`Configure` must specify the `no-makedepend` option otherwise errors will
result when running the build because the c99 cross-compiler does not support
the `gcc -MT` option. An example of a `Configure` command to be run from the
OpenSSL directory is:
./Configure nonstop-nsx_64 no-makedepend --with-rand-seed=rdcpu
Do not forget to include any OpenSSL cross-compiling prefix and certificate
options when creating your libraries.
The OpenSSL test suite will not run on your workstation. In order to verify the
build, you will need to perform the build and test steps in OSS in your NonStop
server. You can also build under gcc and run the test suite for Windows but that
is not equivalent.
**Note:** In the event that you are attempting a FIPS-compliant cross-compile,
be aware that signatures may not match between builds done under OSS and under
cross-compiles as the compilers do not necessarily generate identical objects.
Anything and everything to do with FIPS is outside the scope of this document.
Refer to the FIPS security policy for more information.
The following build configurations have been successfully attempted at one
point or another. If you are successful in your cross-compile efforts, please
update this list:
- nonstop-nsx_64
- nonstop-nsx_64_put
**Note:** Cross-compile builds for TNS/E have not been attempted, but should
follow the same considerations as for TNS/X above.
Also see the NSDEE discussion below for more historical information.
Cross Compiling with NSDEE
--------------------------
**Note:** None of these builds have been tested by the platform maintainer and
are supplied for historical value. Please submit a Pull Request to OpenSSL
should these need to be adjusted.
If you are attempting to build OpenSSL with NSDEE, you will need to specify
the following variables. The following set of compiler defines are required:
# COMP_ROOT must be a full path for the build system (e.g. windows)
COMP_ROOT=$(cygpath -w /path/to/comp_root)
# CC must be executable by your shell
CC=/path/to/c99
### Optional Build Variables
DBGFLAG="--debug"
CIPHENABLES="enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-rc4"
### Internal Known TNS/X to TNS/E Cross Compile Variables
The following definition is required if you are building on TNS/X for TNS/E
and have access to a TNS/E machine on your EXPAND network - with an example
node named `\CS3`:
SYSTEMLIBS="-L/E/cs3/usr/local/lib"
Version Procedure (VPROC) Considerations
----------------------------------------
If you require a VPROC entry for platform version identification, use the
following variables:
### For Itanium
OPENSSL_VPROC_PREFIX=T0085H06
### For x86
OPENSSL_VPROC_PREFIX=T0085L01
### Common Definition
export OPENSSL_VPROC=${OPENSSL_VPROC_PREFIX}_$(
. VERSION.dat
if [ -n "$PRE_RELEASE_TAG" ]; then
PRE_RELEASE_TAG="-$PRE_RELEASE_TAG"
fi
if [ -n "$BUILD_METADATA" ]; then
BUILD_METADATA="+$BUILD_METADATA"
fi
echo "$MAJOR.$MINOR.$PATCH$PRE_RELEASE_TAG$BUILD_METADATA" |\
sed -e 's/[-.+]/_/g'
)
Example Configure Targets
-------------------------
For OSS targets, the main DLL names will be `libssl.so` and `libcrypto.so`.
For GUARDIAN targets, DLL names will be `ssl` and `crypto`. The following
assumes that your PWD is set according to your installation standards.
./Configure nonstop-nsx --prefix=${PWD} \
--openssldir=${PWD}/ssl no-threads \
--with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
./Configure nonstop-nsx_g --prefix=${PWD} \
--openssldir=${PWD}/ssl no-threads \
--with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
./Configure nonstop-nsx_put --prefix=${PWD} \
--openssldir=${PWD}/ssl threads "-D_REENTRANT" \
--with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
./Configure nonstop-nsx_64 --prefix=${PWD} \
--openssldir=${PWD}/ssl no-threads \
--with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
./Configure nonstop-nsx_64_put --prefix=${PWD} \
--openssldir=${PWD}/ssl threads "-D_REENTRANT" \
--with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
./Configure nonstop-nsx_g_tandem --prefix=${PWD} \
--openssldir=${PWD}/ssl no-threads \
--with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
./Configure nonstop-nse --prefix=${PWD} \
--openssldir=${PWD}/ssl no-threads \
--with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
./Configure nonstop-nse_g --prefix=${PWD} \
--openssldir=${PWD}/ssl no-threads \
--with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
./Configure nonstop-nse_put --prefix=${PWD} \
--openssldir=${PWD}/ssl threads "-D_REENTRANT" \
--with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
./Configure nonstop-nse_64 --prefix=${PWD} \
--openssldir=${PWD}/ssl no-threads \
--with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
./Configure nonstop-nse_64_put --prefix=${PWD} \
--openssldir=${PWD}/ssl threads "-D_REENTRANT"
--with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
./Configure nonstop-nse_g_tandem --prefix=${PWD} \
--openssldir=${PWD}/ssl no-threads \
--with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}

127
examples/openssl/openssl-3.2.1-src/NOTES-PERL.md Normal file

@ -0,0 +1,127 @@
Notes on Perl
=============
- [General Notes](#general-notes)
- [Perl on Windows](#perl-on-windows)
- [Perl on VMS](#perl-on-vms)
- [Perl on NonStop](#perl-on-nonstop)
- [Required Perl modules](#required-perl-modules)
- [Notes on installing a Perl module](#notes-on-installing-a-perl-module])
General Notes
-------------
For our scripts, we rely quite a bit on Perl, and increasingly on
some core Perl modules. These Perl modules are part of the Perl
source, so if you build Perl on your own, you should be set.
However, if you install Perl as binary packages, the outcome might
differ, and you may have to check that you do get the core modules
installed properly. We do not claim to know them all, but experience
has told us the following:
- on Linux distributions based on Debian, the package `perl` will
install the core Perl modules as well, so you will be fine.
- on Linux distributions based on RPMs, you will need to install
`perl-core` rather than just `perl`.
You MUST have at least Perl version 5.10.0 installed. This minimum
requirement is due to our use of regexp backslash sequence \R among
other features that didn't exist in core Perl before that version.
Perl on Windows
---------------
There are a number of build targets that can be viewed as "Windows".
Indeed, there are `VC-*` configs targeting Visual Studio C, as well as
MinGW and Cygwin. The key recommendation is to use a Perl installation
that matches the build environment. For example, if you will build
on Cygwin be sure to use the Cygwin package manager to install Perl.
For MSYS builds use the MSYS provided Perl.
For VC-* builds, we recommend Strawberry Perl, from <http://strawberryperl.com>.
An alternative is ActiveState Perl, from <http://www.activestate.com/ActivePerl>
for which you may need to explicitly select the Perl module Win32/Console.pm
available via <https://platform.activestate.com/ActiveState>.
Perl on VMS
-----------
You will need to install Perl separately. One way to do so is to
download the source from <http://perl.org/>, unpacking it, reading
`README-VMS.md` and follow the instructions. Another way is to download a
`.PCSI` file from <http://www.vmsperl.com/> and install it using the
POLYCENTER install tool.
Perl on NonStop
---------------
Perl is installed on HPE NonStop platforms as part of the Scripting Languages
package T1203PAX file. The package is shipped as part of a NonStop RVU
(Release Version Updates) package. Individual SPRs (Software Product Release)
representing fixes can be obtained from the Scout website at
<https://h22204.www2.hpe.com/NEP>. Follow the appropriate set of installation
instructions for your operating system release as described in the
Script Language User Guide available from the NonStop Technical Library.
Required Perl modules
---------------------
We do our best to limit ourselves to core Perl modules to keep the
requirements down. There are just a few exceptions.
* Text::Template this is required *for building*
To avoid unnecessary initial hurdles, we include a copy of this module
in the source. It will work as a fallback if the module isn't already
installed.
* `Test::More` this is required *for testing*
We require the minimum version to be 0.96, which appeared in Perl 5.13.4,
because that version was the first to have all the features we're using.
This module is required for testing only! If you don't plan on running
the tests, you don't need to bother with this one.
Notes on installing a Perl module
---------------------------------
There are a number of ways to install a perl module. In all
descriptions below, `Text::Template` will serve as an example.
1. for Linux users, the easiest is to install with the use of your
favorite package manager. Usually, all you need to do is search
for the module name and to install the package that comes up.
On Debian based Linux distributions, it would go like this:
$ apt-cache search Text::Template
...
libtext-template-perl - perl module to process text templates
$ sudo apt-get install libtext-template-perl
Perl modules in Debian based distributions use package names like
the name of the module in question, with "lib" prepended and
"-perl" appended.
2. Install using CPAN. This is very easy, but usually requires root
access:
$ cpan -i Text::Template
Note that this runs all the tests that the module to be installed
comes with. This is usually a smooth operation, but there are
platforms where a failure is indicated even though the actual tests
were successful. Should that happen, you can force an
installation regardless (that should be safe since you've already
seen the tests succeed!):
$ cpan -f -i Text::Template
Note: on VMS, you must quote any argument that contains uppercase
characters, so the lines above would be:
$ cpan -i "Text::Template"
and:
$ cpan -f -i "Text::Template"

115
examples/openssl/openssl-3.2.1-src/NOTES-UNIX.md Normal file

@ -0,0 +1,115 @@
Notes for UNIX-like platforms
=============================
For Unix/POSIX runtime systems on Windows,
please see the [Notes for Windows platforms](NOTES-WINDOWS.md).
OpenSSL uses the compiler to link programs and shared libraries
---------------------------------------------------------------
OpenSSL's generated Makefile uses the C compiler command line to
link programs, shared libraries and dynamically loadable shared
objects. Because of this, any linking option that's given to the
configuration scripts MUST be in a form that the compiler can accept.
This varies between systems, where some have compilers that accept
linker flags directly, while others take them in `-Wl,` form. You need
to read your compiler documentation to figure out what is acceptable,
and `ld(1)` to figure out what linker options are available.
Shared libraries and installation in non-default locations
----------------------------------------------------------
Every Unix system has its own set of default locations for shared
libraries, such as `/lib`, `/usr/lib` or possibly `/usr/local/lib`. If
libraries are installed in non-default locations, dynamically linked
binaries will not find them and therefore fail to run, unless they get
a bit of help from a defined runtime shared library search path.
For OpenSSL's application (the `openssl` command), our configuration
scripts do NOT generally set the runtime shared library search path for
you. It's therefore advisable to set it explicitly when configuring,
unless the libraries are to be installed in directories that you know
to be in the default list.
Runtime shared library search paths are specified with different
linking options depending on operating system and versions thereof, and
are talked about differently in their respective documentation;
variations of RPATH are the most usual (note: ELF systems have two such
tags, more on that below).
Possible options to set the runtime shared library search path include
the following:
-Wl,-rpath,/whatever/path # Linux, *BSD, etc.
-R /whatever/path # Solaris
-Wl,-R,/whatever/path # AIX (-bsvr4 is passed internally)
-Wl,+b,/whatever/path # HP-UX
-rpath /whatever/path # Tru64, IRIX
OpenSSL's configuration scripts recognise all these options and pass
them to the Makefile that they build. (In fact, all arguments starting
with `-Wl,` are recognised as linker options.)
Please note that 'l' in '-Wl' is lowercase L and not 1.
Please do not use verbatim directories in your runtime shared library
search path! Some OpenSSL config targets add an extra directory level
for multilib installations. To help with that, the produced Makefile
includes the variable LIBRPATH, which is a convenience variable to be
used with the runtime shared library search path options, as shown in
this example:
$ ./Configure --prefix=/usr/local/ssl --openssldir=/usr/local/ssl \
'-Wl,-rpath,$(LIBRPATH)'
On modern ELF based systems, there are two runtime search paths tags to
consider, `DT_RPATH` and `DT_RUNPATH`. Shared objects are searched for in
this order:
1. Using directories specified in DT_RPATH, unless DT_RUNPATH is also set.
2. Using the environment variable LD_LIBRARY_PATH
3. Using directories specified in DT_RUNPATH.
4. Using system shared object caches and default directories.
This means that the values in the environment variable `LD_LIBRARY_PATH`
won't matter if the library is found in the paths given by `DT_RPATH`
(and `DT_RUNPATH` isn't set).
Exactly which of `DT_RPATH` or `DT_RUNPATH` is set by default appears to
depend on the system. For example, according to documentation,
`DT_RPATH` appears to be deprecated on Solaris in favor of `DT_RUNPATH`,
while on Debian GNU/Linux, either can be set, and `DT_RPATH` is the
default at the time of writing.
How to choose which runtime search path tag is to be set depends on
your system, please refer to ld(1) for the exact information on your
system. As an example, the way to ensure the `DT_RUNPATH` is set on
Debian GNU/Linux systems rather than DT_RPATH is to tell the linker to
set new dtags, like this:
$ ./Configure --prefix=/usr/local/ssl --openssldir=/usr/local/ssl \
'-Wl,--enable-new-dtags,-rpath,$(LIBRPATH)'
It might be worth noting that some/most ELF systems implement support
for runtime search path relative to the directory containing current
executable, by interpreting `$ORIGIN` along with some other internal
variables. Consult your system documentation.
Linking your application
------------------------
Third-party applications dynamically linked with OpenSSL (or any other)
shared library face exactly the same problem with non-default locations.
The OpenSSL config options mentioned above might or might not have bearing
on linking of the target application. "Might" means that under some
circumstances, it would be sufficient to link with OpenSSL shared library
"naturally", i.e. with `-L/whatever/path -lssl -lcrypto`. But there are
also cases when you'd have to explicitly specify runtime search path
when linking your application. Consult your system documentation and use
above section as inspiration...
Shared OpenSSL builds also install static libraries. Linking with the
latter is likely to require special care because linkers usually look
for shared libraries first and tend to remain "blind" to static OpenSSL
libraries. Referring to system documentation would suffice, if not for
a corner case. On AIX static libraries (in shared build) are named
differently, add `_a` suffix to link with them, e.g. `-lcrypto_a`.

72
examples/openssl/openssl-3.2.1-src/NOTES-VALGRIND.md Normal file

@ -0,0 +1,72 @@
Notes on Valgrind
=================
Valgrind is a test harness that includes many tools such as memcheck,
which is commonly used to check for memory leaks, etc. The default tool
run by Valgrind is memcheck. There are other tools available, but this
will focus on memcheck.
Valgrind runs programs in a virtual machine, this means OpenSSL unit
tests run under Valgrind will take longer than normal.
Requirements
------------
1. Platform supported by Valgrind
See <http://valgrind.org/info/platforms.html>
2. Valgrind installed on the platform
See <http://valgrind.org/downloads/current.html>
3. OpenSSL compiled
See [INSTALL.md](INSTALL.md)
Running Tests
-------------
Test behavior can be modified by adjusting environment variables.
`EXE_SHELL`
This variable is used to specify the shell used to execute OpenSSL test
programs. The default wrapper (`util/wrap.pl`) initializes the environment
to allow programs to find shared libraries. The variable can be modified
to specify a different executable environment.
EXE_SHELL=\
"`/bin/pwd`/util/wrap.pl valgrind --error-exitcode=1 --leak-check=full -q"
This will start up Valgrind with the default checker (`memcheck`).
The `--error-exitcode=1` option specifies that Valgrind should exit with an
error code of 1 when memory leaks occur.
The `--leak-check=full` option specifies extensive memory checking.
The `-q` option prints only error messages.
Additional Valgrind options may be added to the `EXE_SHELL` variable.
`OPENSSL_ia32cap`
This variable controls the processor-specific code on Intel processors.
By default, OpenSSL will attempt to figure out the capabilities of a
processor, and use it to its fullest capability. This variable can be
used to control what capabilities OpenSSL uses.
As of valgrind-3.15.0 on Linux/x86_64, instructions up to AVX2 are
supported. Setting the following disables instructions beyond AVX2:
`OPENSSL_ia32cap=":0"`
This variable may need to be set to something different based on the
processor and Valgrind version you are running tests on. More information
may be found in [doc/man3/OPENSSL_ia32cap.pod](doc/man3/OPENSSL_ia32cap.pod).
Additional variables (such as `VERBOSE` and `TESTS`) are described in the
file [test/README.md](test/README.md).
Example command line:
$ make test EXE_SHELL="`/bin/pwd`/util/wrap.pl valgrind --error-exitcode=1 \
--leak-check=full -q" OPENSSL_ia32cap=":0"
If an error occurs, you can then run the specific test via the `TESTS` variable
with the `VERBOSE` or `VF` or `VFP` options to gather additional information.
$ make test VERBOSE=1 TESTS=test_test EXE_SHELL="`/bin/pwd`/util/wrap.pl \
valgrind --error-exitcode=1 --leak-check=full -q" OPENSSL_ia32cap=":0"

132
examples/openssl/openssl-3.2.1-src/NOTES-VMS.md Normal file

@ -0,0 +1,132 @@
Notes for the OpenVMS platform
==============================
- [Requirement details](#requirement-details)
- [About ANSI C compiler](#about-ansi-c-compiler)
- [About ODS-5 directory names and Perl](#about-ods-5-directory-names-and-perl)
- [About MMS and DCL](#about-mms-and-dcl)
- [About debugging](#about-debugging)
- [Checking the distribution](#checking-the-distribution)
Requirement details
-------------------
In addition to the requirements and instructions listed
in [INSTALL.md](INSTALL.md), this are required as well:
* At least ODS-5 disk organization for source and build.
Installation can be done on any existing disk organization.
About ANSI C compiler
---------------------
An ANSI C compiled is needed among other things. This means that
VAX C is not and will not be supported.
We have only tested with DEC C (aka HP VMS C / VSI C) and require
version 7.1 or later. Compiling with a different ANSI C compiler may
require some work.
Please avoid using C RTL feature logical names `DECC$*` when building
and testing OpenSSL. Most of all, they can be disruptive when
running the tests, as they affect the Perl interpreter.
About ODS-5 directory names and Perl
------------------------------------
It seems that the perl function canonpath() in the `File::Spec` module
doesn't treat file specifications where the last directory name
contains periods very well. Unfortunately, some versions of VMS tar
will keep the periods in the OpenSSL source directory instead of
converting them to underscore, thereby leaving your source in
something like `[.openssl-1^.1^.0]`. This will lead to issues when
configuring and building OpenSSL.
We have no replacement for Perl's canonpath(), so the best workaround
for now is to rename the OpenSSL source directory, as follows (please
adjust for the actual source directory name you have):
$ rename openssl-1^.1^.0.DIR openssl-1_1_0.DIR
About MMS and DCL
-----------------
MMS has certain limitations when it comes to line length, and DCL has
certain limitations when it comes to total command length. We do
what we can to mitigate, but there is the possibility that it's not
enough. Should you run into issues, a very simple solution is to set
yourself up a few logical names for the directory trees you're going
to use.
About debugging
---------------
If you build for debugging, the default on VMS is that image
activation starts the debugger automatically, giving you a debug
prompt. Unfortunately, this disrupts all other uses, such as running
test programs in the test framework.
Generally speaking, if you build for debugging, only use the programs
directly for debugging. Do not try to use them from a script, such
as running the test suite.
### The following is not available on Alpha
As a compromise, we're turning off the flag that makes the debugger
start automatically. If there is a program that you need to debug,
you need to turn that flag back on first, for example:
$ set image /flag=call_debug [.test]evp_test.exe
Then just run it and you will find yourself in a debugging session.
When done, we recommend that you turn that flag back off:
$ set image /flag=nocall_debug [.test]evp_test.exe
About assembler acceleration
----------------------------
OpenSSL has assembler acceleration for a number of BIGNUM and crypto
routines. The VMS config targets tries to look for a selection of
assemblers and will use what they find. If none of the assemblers are
found, OpenSSL will be built as if `no-asm` was configured.
### For Itanium / IA64 / I64
- There is only one assembler, a port of Intel's `ias`, found in the
HP Open Source Tools CD, available through [DECUSlib](http://www.decuslib.com).
It's assumed to be set up as per the instructions, where `disk` and
`dir` are expected to be adapted to local conditions:
$ ias :== $disk:[dir]iasi64.exe
Checking the distribution
-------------------------
There have been reports of places where the distribution didn't quite
get through, for example if you've copied the tree from a NFS-mounted
Unix mount point.
The easiest way to check if everything got through as it should is to
check that this file exists:
[.include.openssl]configuration^.h.in
The best way to get a correct distribution is to download the gzipped
tar file from ftp://ftp.openssl.org/source/, use `GZIP -d` to uncompress
it and `VMSTAR` to unpack the resulting tar file.
Gzip and VMSTAR are available here:
<http://antinode.info/dec/index.html#Software>
Should you need it, you can find UnZip for VMS here:
<http://www.info-zip.org/UnZip.html>
How the value of 'arch' is determined
-------------------------------------
'arch' is mentioned in INSTALL. It's value is determined like this:
arch = f$edit( f$getsyi( "arch_name"), "upcase")

273
examples/openssl/openssl-3.2.1-src/NOTES-WINDOWS.md Normal file

@ -0,0 +1,273 @@
Notes for Windows platforms
===========================
- [Native builds using Visual C++](#native-builds-using-visual-c++)
- [Native builds using Embarcadero C++Builder](
#native-builds-using-embarcadero-c++-builder)
- [Native builds using MinGW](#native-builds-using-mingw)
- [Linking native applications](#linking-native-applications)
- [Hosted builds using Cygwin](#hosted-builds-using-cygwin)
There are various options to build and run OpenSSL on the Windows platforms.
"Native" OpenSSL uses the Windows APIs directly at run time.
To build a native OpenSSL you can either use:
Microsoft Visual C++ (MSVC) C compiler on the command line
or
Embarcadero C++Builder
or
MinGW cross compiler
run on the GNU-like development environment MSYS2
or run on Linux or Cygwin
"Hosted" OpenSSL relies on an external POSIX compatibility layer
for building (using GNU/Unix shell, compiler, and tools) and at run time.
For this option, you can use Cygwin.
Native builds using Visual C++
==============================
The native builds using Visual C++ have a `VC-*` prefix.
Requirement details
-------------------
In addition to the requirements and instructions listed in `INSTALL.md`,
these are required as well:
### Perl
We recommend Strawberry Perl, available from <http://strawberryperl.com/>
Please read NOTES.PERL for more information, including the use of CPAN.
An alternative is ActiveState Perl, <https://www.activestate.com/ActivePerl>
for which you may need to explicitly build the Perl module Win32/Console.pm
via <https://platform.activestate.com/ActiveState> and then download it.
### Microsoft Visual C compiler.
Since these are proprietary and ever-changing we cannot test them all.
Older versions may not work. Use a recent version wherever possible.
### Netwide Assembler (NASM)
NASM is the only supported assembler. It is available from <https://www.nasm.us>.
Quick start
-----------
1. Install Perl
2. Install NASM
3. Make sure both Perl and NASM are on your %PATH%
4. Use Visual Studio Developer Command Prompt with administrative privileges,
choosing one of its variants depending on the intended architecture.
Or run `cmd` and execute `vcvarsall.bat` with one of the options `x86`,
`x86_amd64`, `x86_arm`, `x86_arm64`, `amd64`, `amd64_x86`, `amd64_arm`,
or `amd64_arm64`.
This sets up the environment variables needed for `nmake.exe`, `cl.exe`,
etc.
See also
<https://docs.microsoft.com/cpp/build/building-on-the-command-line>
5. From the root of the OpenSSL source directory enter
- `perl Configure VC-WIN32` if you want 32-bit OpenSSL or
- `perl Configure VC-WIN64A` if you want 64-bit OpenSSL or
- `perl Configure VC-WIN64-ARM` if you want Windows on Arm (win-arm64)
OpenSSL or
- `perl Configure VC-WIN64-CLANGASM-ARM` if you want Windows on Arm (win-arm64)
OpenSSL with assembly support using clang-cl as assembler or
- `perl Configure VC-CLANG-WIN64-CLANGASM-ARM` if you want Windows on Arm (win-arm64)
OpenSSL using clang-cl as both compiler and assembler or
- `perl Configure VC-WIN32-HYBRIDCRT` if you want 32-bit OpenSSL dependent
on the Universal CRT or
- `perl Configure VC-WIN64A-HYBRIDCRT` if you want 64-bit OpenSSL dependent
on the Universal CRT or
- `perl Configure` to let Configure figure out the platform
6. `nmake`
7. `nmake test`
8. `nmake install`
For the full installation instructions, or if anything goes wrong at any stage,
check the INSTALL.md file.
Installation directories
------------------------
The default installation directories are derived from environment
variables.
For VC-WIN32, the following defaults are use:
PREFIX: %ProgramFiles(x86)%\OpenSSL
OPENSSLDIR: %CommonProgramFiles(x86)%\SSL
For VC-WIN64, the following defaults are use:
PREFIX: %ProgramW6432%\OpenSSL
OPENSSLDIR: %CommonProgramW6432%\SSL
Should those environment variables not exist (on a pure Win32
installation for examples), these fallbacks are used:
PREFIX: %ProgramFiles%\OpenSSL
OPENSSLDIR: %CommonProgramFiles%\SSL
ALSO NOTE that those directories are usually write protected, even if
your account is in the Administrators group. To work around that,
start the command prompt by right-clicking on it and choosing "Run as
Administrator" before running `nmake install`. The other solution
is, of course, to choose a different set of directories by using
`--prefix` and `--openssldir` when configuring.
Special notes for Universal Windows Platform builds, aka `VC-*-UWP`
-------------------------------------------------------------------
- UWP targets only support building the static and dynamic libraries.
- You should define the platform type to `uwp` and the target arch via
`vcvarsall.bat` before you compile. For example, if you want to build
`arm64` builds, you should run `vcvarsall.bat x86_arm64 uwp`.
Native builds using Embarcadero C++Builder
=========================================
This toolchain (a descendant of Turbo/Borland C++) is an alternative to MSVC.
OpenSSL currently includes an experimental 32-bit configuration targeting the
Clang-based compiler (`bcc32c.exe`) in v10.3.3 Community Edition.
<https://www.embarcadero.com/products/cbuilder/starter>
1. Install Perl.
2. Open the RAD Studio Command Prompt.
3. Go to the root of the OpenSSL source directory and run:
`perl Configure BC-32 --prefix=%CD%`
4. `make -N`
5. `make -N test`
6. Build your program against this OpenSSL:
* Set your include search path to the "include" subdirectory of OpenSSL.
* Set your library search path to the OpenSSL source directory.
Note that this is very experimental. Support for 64-bit and other Configure
options is still pending.
Native builds using MinGW
=========================
MinGW offers an alternative way to build native OpenSSL, by cross compilation.
* Usually the build is done on Windows in a GNU-like environment called MSYS2.
MSYS2 provides GNU tools, a Unix-like command prompt,
and a UNIX compatibility layer for applications.
However, in this context it is only used for building OpenSSL.
The resulting OpenSSL does not rely on MSYS2 to run and is fully native.
Requirement details
- MSYS2 shell, from <https://www.msys2.org/>
- Perl, at least version 5.10.0, which usually comes pre-installed with MSYS2
- make, installed using `pacman -S make` into the MSYS2 environment
- MinGW[64] compiler: `mingw-w64-i686-gcc` and/or `mingw-w64-x86_64-gcc`.
These compilers must be on your MSYS2 $PATH.
A common error is to not have these on your $PATH.
The MSYS2 version of gcc will not work correctly here.
In the MSYS2 shell do the configuration depending on the target architecture:
./Configure mingw ...
or
./Configure mingw64 ...
or
./Configure ...
for the default architecture.
Apart from that, follow the Unix / Linux instructions in `INSTALL.md`.
* It is also possible to build mingw[64] on Linux or Cygwin.
In this case configure with the corresponding `--cross-compile-prefix=`
option. For example
./Configure mingw --cross-compile-prefix=i686-w64-mingw32- ...
or
./Configure mingw64 --cross-compile-prefix=x86_64-w64-mingw32- ...
This requires that you've installed the necessary add-on packages for
mingw[64] cross compilation.
Linking native applications
===========================
This section applies to all native builds.
If you link with static OpenSSL libraries, then you're expected to
additionally link your application with `WS2_32.LIB`, `GDI32.LIB`,
`ADVAPI32.LIB`, `CRYPT32.LIB` and `USER32.LIB`. Those developing
non-interactive service applications might feel concerned about
linking with `GDI32.LIB` and `USER32.LIB`, as they are justly associated
with interactive desktop, which is not available to service
processes. The toolkit is designed to detect in which context it's
currently executed, GUI, console app or service, and act accordingly,
namely whether to actually make GUI calls. Additionally, those
who wish to `/DELAYLOAD:GDI32.DLL` and `/DELAYLOAD:USER32.DLL` and
actually keep them off service process should consider implementing
and exporting from .exe image in question own `_OPENSSL_isservice` not
relying on `USER32.DLL`. E.g., on Windows Vista and later you could:
__declspec(dllexport) __cdecl BOOL _OPENSSL_isservice(void)
{
DWORD sess;
if (ProcessIdToSessionId(GetCurrentProcessId(), &sess))
return sess == 0;
return FALSE;
}
If you link with OpenSSL .DLLs, then you're expected to include into
your application code a small "shim" snippet, which provides
the glue between the OpenSSL BIO layer and your compiler run-time.
See also the OPENSSL_Applink manual page.
Hosted builds using Cygwin
==========================
Cygwin implements a POSIX/Unix runtime system (`cygwin1.dll`) on top of the
Windows subsystem and provides a Bash shell and GNU tools environment.
Consequently, a build of OpenSSL with Cygwin is virtually identical to the
Unix procedure.
To build OpenSSL using Cygwin, you need to:
* Install Cygwin, see <https://cygwin.com/>
* Install Cygwin Perl, at least version 5.10.0
and ensure it is in the $PATH
* Run the Cygwin Bash shell
Apart from that, follow the Unix / Linux instructions in INSTALL.md.
NOTE: `make test` and normal file operations may fail in directories
mounted as text (i.e. `mount -t c:\somewhere /home`) due to Cygwin
stripping of carriage returns. To avoid this, ensure that a binary
mount is used, e.g. `mount -b c:\somewhere /home`.

317
examples/openssl/openssl-3.2.1-src/README-ENGINES.md Normal file

@ -0,0 +1,317 @@
Engines
=======
Deprecation Note
----------------
The ENGINE API was introduced in OpenSSL version 0.9.6 as a low level
interface for adding alternative implementations of cryptographic
primitives, most notably for integrating hardware crypto devices.
The ENGINE interface has its limitations and it has been superseded
by the [PROVIDER API](README-PROVIDERS.md), it is deprecated in OpenSSL
version 3.0. The following documentation is retained as an aid for
users who need to maintain or support existing ENGINE implementations.
Support for new hardware devices or new algorithms should be added
via providers, and existing engines should be converted to providers
as soon as possible.
Built-in ENGINE implementations
-------------------------------
There are currently built-in ENGINE implementations for the following
crypto devices:
- Microsoft CryptoAPI
- VIA Padlock
- nCipher CHIL
In addition, dynamic binding to external ENGINE implementations is now
provided by a special ENGINE called "dynamic". See the "DYNAMIC ENGINE"
section below for details.
At this stage, a number of things are still needed and are being worked on:
1. Integration of EVP support.
2. Configuration support.
3. Documentation!
Integration of EVP support
--------------------------
With respect to EVP, this relates to support for ciphers and digests in
the ENGINE model so that alternative implementations of existing
algorithms/modes (or previously unimplemented ones) can be provided by
ENGINE implementations.
Configuration support
---------------------
Configuration support currently exists in the ENGINE API itself, in the
form of "control commands". These allow an application to expose to the
user/admin the set of commands and parameter types a given ENGINE
implementation supports, and for an application to directly feed string
based input to those ENGINEs, in the form of name-value pairs. This is an
extensible way for ENGINEs to define their own "configuration" mechanisms
that are specific to a given ENGINE (eg. for a particular hardware
device) but that should be consistent across *all* OpenSSL-based
applications when they use that ENGINE. Work is in progress (or at least
in planning) for supporting these control commands from the CONF (or
NCONF) code so that applications using OpenSSL's existing configuration
file format can have ENGINE settings specified in much the same way.
Presently however, applications must use the ENGINE API itself to provide
such functionality. To see first hand the types of commands available
with the various compiled-in ENGINEs (see further down for dynamic
ENGINEs), use the "engine" openssl utility with full verbosity, i.e.:
openssl engine -vvvv
Documentation
-------------
Documentation? Volunteers welcome! The source code is reasonably well
self-documenting, but some summaries and usage instructions are needed -
moreover, they are needed in the same POD format the existing OpenSSL
documentation is provided in. Any complete or incomplete contributions
would help make this happen.
STABILITY & BUG-REPORTS
=======================
What already exists is fairly stable as far as it has been tested, but
the test base has been a bit small most of the time. For the most part,
the vendors of the devices these ENGINEs support have contributed to the
development and/or testing of the implementations, and *usually* (with no
guarantees) have experience in using the ENGINE support to drive their
devices from common OpenSSL-based applications. Bugs and/or inexplicable
behaviour in using a specific ENGINE implementation should be sent to the
author of that implementation (if it is mentioned in the corresponding C
file), and in the case of implementations for commercial hardware
devices, also through whatever vendor support channels are available. If
none of this is possible, or the problem seems to be something about the
ENGINE API itself (ie. not necessarily specific to a particular ENGINE
implementation) then you should mail complete details to the relevant
OpenSSL mailing list. For a definition of "complete details", refer to
the OpenSSL "README" file. As for which list to send it to:
- openssl-users: if you are *using* the ENGINE abstraction, either in an
pre-compiled application or in your own application code.
- openssl-dev: if you are discussing problems with OpenSSL source code.
USAGE
=====
The default "openssl" ENGINE is always chosen when performing crypto
operations unless you specify otherwise. You must actively tell the
openssl utility commands to use anything else through a new command line
switch called "-engine". Also, if you want to use the ENGINE support in
your own code to do something similar, you must likewise explicitly
select the ENGINE implementation you want.
Depending on the type of hardware, system, and configuration, "settings"
may need to be applied to an ENGINE for it to function as expected/hoped.
The recommended way of doing this is for the application to support
ENGINE "control commands" so that each ENGINE implementation can provide
whatever configuration primitives it might require and the application
can allow the user/admin (and thus the hardware vendor's support desk
also) to provide any such input directly to the ENGINE implementation.
This way, applications do not need to know anything specific to any
device, they only need to provide the means to carry such user/admin
input through to the ENGINE in question. Ie. this connects *you* (and
your helpdesk) to the specific ENGINE implementation (and device), and
allows application authors to not get buried in hassle supporting
arbitrary devices they know (and care) nothing about.
A new "openssl" utility, "openssl engine", has been added in that allows
for testing and examination of ENGINE implementations. Basic usage
instructions are available by specifying the "-?" command line switch.
DYNAMIC ENGINES
===============
The new "dynamic" ENGINE provides a low-overhead way to support ENGINE
implementations that aren't pre-compiled and linked into OpenSSL-based
applications. This could be because existing compiled-in implementations
have known problems and you wish to use a newer version with an existing
application. It could equally be because the application (or OpenSSL
library) you are using simply doesn't have support for the ENGINE you
wish to use, and the ENGINE provider (eg. hardware vendor) is providing
you with a self-contained implementation in the form of a shared-library.
The other use-case for "dynamic" is with applications that wish to
maintain the smallest foot-print possible and so do not link in various
ENGINE implementations from OpenSSL, but instead leaves you to provide
them, if you want them, in the form of "dynamic"-loadable
shared-libraries. It should be possible for hardware vendors to provide
their own shared-libraries to support arbitrary hardware to work with
applications based on OpenSSL 0.9.7 or later. If you're using an
application based on 0.9.7 (or later) and the support you desire is only
announced for versions later than the one you need, ask the vendor to
backport their ENGINE to the version you need.
How does "dynamic" work?
------------------------
The dynamic ENGINE has a special flag in its implementation such that
every time application code asks for the 'dynamic' ENGINE, it in fact
gets its own copy of it. As such, multi-threaded code (or code that
multiplexes multiple uses of 'dynamic' in a single application in any
way at all) does not get confused by 'dynamic' being used to do many
independent things. Other ENGINEs typically don't do this so there is
only ever 1 ENGINE structure of its type (and reference counts are used
to keep order). The dynamic ENGINE itself provides absolutely no
cryptographic functionality, and any attempt to "initialise" the ENGINE
automatically fails. All it does provide are a few "control commands"
that can be used to control how it will load an external ENGINE
implementation from a shared-library. To see these control commands,
use the command-line;
openssl engine -vvvv dynamic
The "SO_PATH" control command should be used to identify the
shared-library that contains the ENGINE implementation, and "NO_VCHECK"
might possibly be useful if there is a minor version conflict and you
(or a vendor helpdesk) is convinced you can safely ignore it.
"ID" is probably only needed if a shared-library implements
multiple ENGINEs, but if you know the engine id you expect to be using,
it doesn't hurt to specify it (and this provides a sanity check if
nothing else). "LIST_ADD" is only required if you actually wish the
loaded ENGINE to be discoverable by application code later on using the
ENGINE's "id". For most applications, this isn't necessary - but some
application authors may have nifty reasons for using it. The "LOAD"
command is the only one that takes no parameters and is the command
that uses the settings from any previous commands to actually *load*
the shared-library ENGINE implementation. If this command succeeds, the
(copy of the) 'dynamic' ENGINE will magically morph into the ENGINE
that has been loaded from the shared-library. As such, any control
commands supported by the loaded ENGINE could then be executed as per
normal. For instance, if ENGINE "foo" is implemented in the shared-library
"libfoo.so" and it supports some special control command "CMD_FOO", the
following code would load and use it (NB: obviously this code has no
error checking);
ENGINE *e = ENGINE_by_id("dynamic");
ENGINE_ctrl_cmd_string(e, "SO_PATH", "/lib/libfoo.so", 0);
ENGINE_ctrl_cmd_string(e, "ID", "foo", 0);
ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0);
ENGINE_ctrl_cmd_string(e, "CMD_FOO", "some input data", 0);
For testing, the "openssl engine" utility can be useful for this sort
of thing. For example the above code excerpt would achieve much the
same result as;
openssl engine dynamic \
-pre SO_PATH:/lib/libfoo.so \
-pre ID:foo \
-pre LOAD \
-pre "CMD_FOO:some input data"
Or to simply see the list of commands supported by the "foo" ENGINE;
openssl engine -vvvv dynamic \
-pre SO_PATH:/lib/libfoo.so \
-pre ID:foo \
-pre LOAD
Applications that support the ENGINE API and more specifically, the
"control commands" mechanism, will provide some way for you to pass
such commands through to ENGINEs. As such, you would select "dynamic"
as the ENGINE to use, and the parameters/commands you pass would
control the *actual* ENGINE used. Each command is actually a name-value
pair and the value can sometimes be omitted (eg. the "LOAD" command).
Whilst the syntax demonstrated in "openssl engine" uses a colon to
separate the command name from the value, applications may provide
their own syntax for making that separation (eg. a win32 registry
key-value pair may be used by some applications). The reason for the
"-pre" syntax in the "openssl engine" utility is that some commands
might be issued to an ENGINE *after* it has been initialised for use.
Eg. if an ENGINE implementation requires a smart-card to be inserted
during initialisation (or a PIN to be typed, or whatever), there may be
a control command you can issue afterwards to "forget" the smart-card
so that additional initialisation is no longer possible. In
applications such as web-servers, where potentially volatile code may
run on the same host system, this may provide some arguable security
value. In such a case, the command would be passed to the ENGINE after
it has been initialised for use, and so the "-post" switch would be
used instead. Applications may provide a different syntax for
supporting this distinction, and some may simply not provide it at all
("-pre" is almost always what you're after, in reality).
How do I build a "dynamic" ENGINE?
----------------------------------
This question is trickier - currently OpenSSL bundles various ENGINE
implementations that are statically built in, and any application that
calls the "ENGINE_load_builtin_engines()" function will automatically
have all such ENGINEs available (and occupying memory). Applications
that don't call that function have no ENGINEs available like that and
would have to use "dynamic" to load any such ENGINE - but on the other
hand such applications would only have the memory footprint of any
ENGINEs explicitly loaded using user/admin provided control commands.
The main advantage of not statically linking ENGINEs and only using
"dynamic" for hardware support is that any installation using no
"external" ENGINE suffers no unnecessary memory footprint from unused
ENGINEs. Likewise, installations that do require an ENGINE incur the
overheads from only *that* ENGINE once it has been loaded.
Sounds good? Maybe, but currently building an ENGINE implementation as
a shared-library that can be loaded by "dynamic" isn't automated in
OpenSSL's build process. It can be done manually quite easily however.
Such a shared-library can either be built with any OpenSSL code it
needs statically linked in, or it can link dynamically against OpenSSL
if OpenSSL itself is built as a shared library. The instructions are
the same in each case, but in the former (statically linked any
dependencies on OpenSSL) you must ensure OpenSSL is built with
position-independent code ("PIC"). The default OpenSSL compilation may
already specify the relevant flags to do this, but you should consult
with your compiler documentation if you are in any doubt.
This example will show building the "atalla" ENGINE in the
crypto/engine/ directory as a shared-library for use via the "dynamic"
ENGINE.
1. "cd" to the crypto/engine/ directory of a pre-compiled OpenSSL
source tree.
2. Recompile at least one source file so you can see all the compiler
flags (and syntax) being used to build normally. Eg;
touch hw_atalla.c ; make
will rebuild "hw_atalla.o" using all such flags.
3. Manually enter the same compilation line to compile the
"hw_atalla.c" file but with the following two changes;
- add "-DENGINE_DYNAMIC_SUPPORT" to the command line switches,
- change the output file from "hw_atalla.o" to something new,
eg. "tmp_atalla.o"
4. Link "tmp_atalla.o" into a shared-library using the top-level
OpenSSL libraries to resolve any dependencies. The syntax for doing
this depends heavily on your system/compiler and is a nightmare
known well to anyone who has worked with shared-library portability
before. 'gcc' on Linux, for example, would use the following syntax;
gcc -shared -o dyn_atalla.so tmp_atalla.o -L../.. -lcrypto
5. Test your shared library using "openssl engine" as explained in the
previous section. Eg. from the top-level directory, you might try
apps/openssl engine -vvvv dynamic \
-pre SO_PATH:./crypto/engine/dyn_atalla.so -pre LOAD
If the shared-library loads successfully, you will see both "-pre"
commands marked as "SUCCESS" and the list of control commands
displayed (because of "-vvvv") will be the control commands for the
*atalla* ENGINE (ie. *not* the 'dynamic' ENGINE). You can also add
the "-t" switch to the utility if you want it to try and initialise
the atalla ENGINE for use to test any possible hardware/driver issues.
PROBLEMS
========
It seems like the ENGINE part doesn't work too well with CryptoSwift on Win32.
A quick test done right before the release showed that trying "openssl speed
-engine cswift" generated errors. If the DSO gets enabled, an attempt is made
to write at memory address 0x00000002.

168
examples/openssl/openssl-3.2.1-src/README-FIPS.md Normal file

@ -0,0 +1,168 @@
OpenSSL FIPS support
====================
This release of OpenSSL includes a cryptographic module that can be
FIPS validated. The module is implemented as an OpenSSL provider.
A provider is essentially a dynamically loadable module which implements
cryptographic algorithms, see the [README-PROVIDERS](README-PROVIDERS.md) file
for further details.
A cryptographic module is only FIPS validated after it has gone through the complex
FIPS 140 validation process. As this process takes a very long time, it is not
possible to validate every minor release of OpenSSL.
If you need a FIPS validated module then you must ONLY generate a FIPS provider
using OpenSSL versions that have valid FIPS certificates. A FIPS certificate
contains a link to a Security Policy, and you MUST follow the instructions
in the Security Policy in order to be FIPS compliant.
See <https://www.openssl.org/source/> for information related to OpenSSL
FIPS certificates and Security Policies.
Newer OpenSSL Releases that include security or bug fixes can be used to build
all other components (such as the core API's, TLS and the default, base and
legacy providers) without any restrictions, but the FIPS provider must be built
as specified in the Security Policy (normally with a different version of the
source code).
The OpenSSL FIPS provider is a shared library called `fips.so` (on Unix), or
resp. `fips.dll` (on Windows). The FIPS provider does not get built and
installed automatically. To enable it, you need to configure OpenSSL using
the `enable-fips` option.
Installing the FIPS provider
============================
In order to be FIPS compliant you must only use FIPS validated source code.
Refer to <https://www.openssl.org/source/> for information related to
which versions are FIPS validated. The instructions given below build OpenSSL
just using the FIPS validated source code.
If you want to use a validated FIPS provider, but also want to use the latest
OpenSSL release to build everything else, then refer to the next section.
The following is only a guide.
Please read the Security Policy for up to date installation instructions.
If the FIPS provider is enabled, it gets installed automatically during the
normal installation process. Simply follow the normal procedure (configure,
make, make test, make install) as described in the [INSTALL](INSTALL.md) file.
For example, on Unix the final command
$ make install
effectively executes the following install targets
$ make install_sw
$ make install_ssldirs
$ make install_docs
$ make install_fips # for `enable-fips` only
The `install_fips` make target can also be invoked explicitly to install
the FIPS provider independently, without installing the rest of OpenSSL.
The Installation of the FIPS provider consists of two steps. In the first step,
the shared library is copied to its installed location, which by default is
/usr/local/lib/ossl-modules/fips.so on Unix, and
C:\Program Files\OpenSSL\lib\ossl-modules\fips.dll on Windows.
In the second step, the `openssl fipsinstall` command is executed, which completes
the installation by doing the following two things:
- Runs the FIPS module self tests
- Generates the so-called FIPS module configuration file containing information
about the module such as the module checksum (and for OpenSSL 3.0 the
self test status).
The FIPS module must have the self tests run, and the FIPS module config file
output generated on every machine that it is to be used on. For OpenSSL 3.0,
you must not copy the FIPS module config file output data from one machine to another.
On Unix, the `openssl fipsinstall` command will be invoked as follows by default:
$ openssl fipsinstall -out /usr/local/ssl/fipsmodule.cnf -module /usr/local/lib/ossl-modules/fips.so
If you configured OpenSSL to be installed to a different location, the paths will
vary accordingly. In the rare case that you need to install the fipsmodule.cnf
to a non-standard location, you can execute the `openssl fipsinstall` command manually.
Installing the FIPS provider and using it with the latest release
=================================================================
This normally requires you to download 2 copies of the OpenSSL source code.
Download and build a validated FIPS provider
--------------------------------------------
Refer to <https://www.openssl.org/source/> for information related to
which versions are FIPS validated. For this example we use OpenSSL 3.0.0.
$ wget https://www.openssl.org/source/openssl-3.0.0.tar.gz
$ tar -xf openssl-3.0.0.tar.gz
$ cd openssl-3.0.0
$ ./Configure enable-fips
$ make
$ cd ..
Download and build the latest release of OpenSSL
------------------------------------------------
We use OpenSSL 3.1.0 here, (but you could also use the latest 3.0.X)
$ wget https://www.openssl.org/source/openssl-3.1.0.tar.gz
$ tar -xf openssl-3.1.0.tar.gz
$ cd openssl-3.1.0
$ ./Configure enable-fips
$ make
Use the OpenSSL FIPS provider for testing
-----------------------------------------
We do this by replacing the artifact for the OpenSSL 3.1.0 FIPS provider.
Note that the OpenSSL 3.1.0 FIPS provider has not been validated
so it must not be used for FIPS purposes.
$ cp ../openssl-3.0.0/providers/fips.so providers/.
$ cp ../openssl-3.0.0/providers/fipsmodule.cnf providers/.
// Note that for OpenSSL 3.0 that the `fipsmodule.cnf` file should not
// be copied across multiple machines if it contains an entry for
// `install-status`. (Otherwise the self tests would be skipped).
// Validate the output of the following to make sure we are using the
// OpenSSL 3.0.0 FIPS provider
$ ./util/wrap.pl -fips apps/openssl list -provider-path providers \
-provider fips -providers
// Now run the current tests using the OpenSSL 3.0 FIPS provider.
$ make tests
Copy the FIPS provider artifacts (`fips.so` & `fipsmodule.cnf`) to known locations
-------------------------------------------------------------------------------------
$ cd ../openssl-3.0.0
$ sudo make install_fips
Check that the correct FIPS provider is being used
--------------------------------------------------
$./util/wrap.pl -fips apps/openssl list -provider-path providers \
-provider fips -providers
// This should produce the following output
Providers:
base
name: OpenSSL Base Provider
version: 3.1.0
status: active
fips
name: OpenSSL FIPS Provider
version: 3.0.0
status: active
Using the FIPS Module in applications
=====================================
Documentation about using the FIPS module is available on the [fips_module(7)]
manual page.
[fips_module(7)]: https://www.openssl.org/docs/manmaster/man7/fips_module.html

145
examples/openssl/openssl-3.2.1-src/README-PROVIDERS.md Normal file

@ -0,0 +1,145 @@
Providers
=========
- [Standard Providers](#standard-providers)
- [The Default Provider](#the-default-provider)
- [The Legacy Provider](#the-legacy-provider)
- [The FIPS Provider](#the-fips-provider)
- [The Base Provider](#the-base-provider)
- [The Null Provider](#the-null-provider)
- [Loading Providers](#loading-providers)
Standard Providers
==================
Providers are containers for algorithm implementations. Whenever a cryptographic
algorithm is used via the high level APIs a provider is selected. It is that
provider implementation that actually does the required work. There are five
providers distributed with OpenSSL. In the future, we expect third parties to
distribute their own providers which can be added to OpenSSL dynamically.
Documentation about writing providers is available on the [provider(7)]
manual page.
[provider(7)]: https://www.openssl.org/docs/manmaster/man7/provider.html
The Default Provider
--------------------
The default provider collects together all of the standard built-in OpenSSL
algorithm implementations. If an application doesn't specify anything else
explicitly (e.g. in the application or via config), then this is the provider
that will be used. It is loaded automatically the first time that we try to
get an algorithm from a provider if no other provider has been loaded yet.
If another provider has already been loaded then it won't be loaded
automatically. Therefore, if you want to use it in conjunction with other
providers, then you must load it explicitly.
This is a "built-in" provider, which means that it is compiled and linked
into the libcrypto library and does not exist as a separate standalone module.
The Legacy Provider
-------------------
The legacy provider is a collection of legacy algorithms that are either no
longer in common use or considered insecure and strongly discouraged from use.
However, some applications may need to use these algorithms for backwards
compatibility reasons. This provider is **not** loaded by default.
This may mean that some applications upgrading from earlier versions of OpenSSL
may find that some algorithms are no longer available unless they load the
legacy provider explicitly.
Algorithms in the legacy provider include MD2, MD4, MDC2, RMD160, CAST5,
BF (Blowfish), IDEA, SEED, RC2, RC4, RC5 and DES (but not 3DES).
The FIPS Provider
-----------------
The FIPS provider contains a sub-set of the algorithm implementations available
from the default provider, consisting of algorithms conforming to FIPS standards.
It is intended that this provider will be FIPS140-2 validated.
In some cases, there may be minor behavioural differences between algorithm
implementations in this provider compared to the equivalent algorithm in the
default provider. This is typically in order to conform to FIPS standards.
The Base Provider
-----------------
The base provider contains a small sub-set of non-cryptographic algorithms
available in the default provider. For example, it contains algorithms to
serialize and deserialize keys to files. If you do not load the default
provider then you should always load this one instead (in particular, if
you are using the FIPS provider).
The Null Provider
-----------------
The null provider is "built-in" to libcrypto and contains no algorithm
implementations. In order to guarantee that the default provider is not
automatically loaded, the null provider can be loaded instead.
This can be useful if you are using non-default library contexts and want
to ensure that the default library context is never used unintentionally.
Loading Providers
=================
Providers to be loaded can be specified in the OpenSSL config file.
See the [config(5)] manual page for information about how to configure
providers via the config file, and how to automatically activate them.
[config(5)]: https://www.openssl.org/docs/manmaster/man5/config.html
The following is a minimal config file example to load and activate both
the legacy and the default provider in the default library context.
openssl_conf = openssl_init
[openssl_init]
providers = provider_sect
[provider_sect]
default = default_sect
legacy = legacy_sect
[default_sect]
activate = 1
[legacy_sect]
activate = 1
It is also possible to load providers programmatically. For example you can
load the legacy provider into the default library context as shown below.
Note that once you have explicitly loaded a provider into the library context
the default provider will no longer be automatically loaded. Therefore you will
often also want to explicitly load the default provider, as is done here:
#include <stdio.h>
#include <stdlib.h>
#include <openssl/provider.h>
int main(void)
{
OSSL_PROVIDER *legacy;
OSSL_PROVIDER *deflt;
/* Load Multiple providers into the default (NULL) library context */
legacy = OSSL_PROVIDER_load(NULL, "legacy");
if (legacy == NULL) {
printf("Failed to load Legacy provider\n");
exit(EXIT_FAILURE);
}
deflt = OSSL_PROVIDER_load(NULL, "default");
if (deflt == NULL) {
printf("Failed to load Default provider\n");
OSSL_PROVIDER_unload(legacy);
exit(EXIT_FAILURE);
}
/* Rest of application */
OSSL_PROVIDER_unload(legacy);
OSSL_PROVIDER_unload(deflt);
exit(EXIT_SUCCESS);
}

80
examples/openssl/openssl-3.2.1-src/README-QUIC.md Normal file

@ -0,0 +1,80 @@
Using OpenSSL with QUIC
=======================
From OpenSSL 3.2, OpenSSL features support for making QUIC connections as a
client.
Users interested in using the new QUIC functionality are encouraged to look at
some of the following resources:
- The new [OpenSSL Guide], which provides introductory guides on the use of TLS,
QUIC, and other OpenSSL functionality.
- The [OpenSSL Guide] incorporates various code samples. The complete source
for these can be [found in the source tree under `demos/guide`](./demos/guide/).
- The [openssl-quic(7) manual page], which provides a basic reference overview
of QUIC functionality and how use of QUIC differs from use of TLS with regard
to our API.
- The [Demo-Driven Design (DDD)][DDD] demos, which demonstrate the use of QUIC
using simple examples. These can be [found in the source tree under
`doc/designs/ddd`].
- The [demo found in `demos/http3`], which provides an HTTP/3 client example
using the nghttp3 HTTP/3 library.
FAQ
---
### Why would I want to use QUIC, and what functionality does QUIC offer relative to TLS or DTLS?
QUIC is a state-of-the-art secure transport protocol carried over UDP. It can
serve many of the use cases of SSL/TLS as well as those of DTLS.
QUIC delivers a number of advantages such as support for multiple streams of
communication; it is the basis for HTTP/3 [RFC 9114]; fast connection
initiation; and connection migration (enabling a connection to survive IP
address changes). For a more complete description of what QUIC is and its
advantages see the [QUIC Introduction] in the [OpenSSL Guide].
For a comprehensive overview of OpenSSL's QUIC implementation, see the
[openssl-quic(7) manual page].
### How can I use HTTP/3 with OpenSSL?
There are many HTTP/3 implementations in C available. The use of one such HTTP/3
library with OpenSSL QUIC is demonstrated via the [demo found in `demos/http3`].
### How can I use OpenSSL QUIC in my own application for a different protocol?
The [OpenSSL Guide] provides introductory examples for how to make use of
OpenSSL QUIC.
The [openssl-quic(7) manual page] and the [Demo-Driven Design (DDD)][DDD] demos
may also be helpful to illustrate the changes needed if you are trying to adapt
an existing application.
### How can I test QUIC using `openssl s_client`?
There is basic support for single-stream QUIC using `openssl s_client`:
```shell
$ openssl s_client -quic -alpn myalpn -connect host:port
```
In the above example replace `host` with the hostname of the server (e.g.
`www.example.com`) and `port` with the port for the server (e.g. `443`). Replace
`myalpn` with the Application Layer Protocol to use (e.g.`h3` represents
HTTP/3). IANA maintains a standard list of [ALPN ids] that can be used.
This example connects to a QUIC server and opens a single bidirectional stream.
Data can be passed via stdin/stdout as usual. This allows test usage of QUIC
using simple TCP/TLS-like usage. Note that OpenSSL has no direct support for
HTTP/3 so connecting to an HTTP/3 server should be possible but sending an
HTTP/3 request or receiving any response data is not.
[openssl-quic(7) manual page]: https://www.openssl.org/docs/manmaster/man7/openssl-quic.html
[OpenSSL Guide]: https://www.openssl.org/docs/manmaster/man7/ossl-guide-introduction.html
[DDD]: https://github.com/openssl/openssl/tree/master/doc/designs/ddd
[found in the source tree under `doc/designs/ddd`]: ./doc/designs/ddd/
[demo found in `demos/http3`]: ./demos/http3/
[QUIC Introduction]: https://www.openssl.org/docs/manmaster/man7/ossl-guide-quic-introduction.html
[RFC 9114]: https://tools.ietf.org/html/rfc9114
[ALPN ids]: https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids

271
examples/openssl/openssl-3.2.1-src/README.md Normal file

@ -0,0 +1,271 @@
Welcome to the OpenSSL Project
==============================
[![openssl logo]][www.openssl.org]
[![github actions ci badge]][github actions ci]
[![appveyor badge]][appveyor jobs]
OpenSSL is a robust, commercial-grade, full-featured Open Source Toolkit
for the TLS (formerly SSL), DTLS and QUIC (currently client side only)
protocols.
The protocol implementations are based on a full-strength general purpose
cryptographic library, which can also be used stand-alone. Also included is a
cryptographic module validated to conform with FIPS standards.
OpenSSL is descended from the SSLeay library developed by Eric A. Young
and Tim J. Hudson.
The official Home Page of the OpenSSL Project is [www.openssl.org].
Table of Contents
=================
- [Overview](#overview)
- [Download](#download)
- [Build and Install](#build-and-install)
- [Documentation](#documentation)
- [License](#license)
- [Support](#support)
- [Contributing](#contributing)
- [Legalities](#legalities)
Overview
========
The OpenSSL toolkit includes:
- **libssl**
an implementation of all TLS protocol versions up to TLSv1.3 ([RFC 8446]),
DTLS protocol versions up to DTLSv1.2 ([RFC 6347]) and
the QUIC (currently client side only) version 1 protocol ([RFC 9000]).
- **libcrypto**
a full-strength general purpose cryptographic library. It constitutes the
basis of the TLS implementation, but can also be used independently.
- **openssl**
the OpenSSL command line tool, a swiss army knife for cryptographic tasks,
testing and analyzing. It can be used for
- creation of key parameters
- creation of X.509 certificates, CSRs and CRLs
- calculation of message digests
- encryption and decryption
- SSL/TLS/DTLS and client and server tests
- QUIC client tests
- handling of S/MIME signed or encrypted mail
- and more...
Download
========
For Production Use
------------------
Source code tarballs of the official releases can be downloaded from
[www.openssl.org/source](https://www.openssl.org/source).
The OpenSSL project does not distribute the toolkit in binary form.
However, for a large variety of operating systems precompiled versions
of the OpenSSL toolkit are available. In particular, on Linux and other
Unix operating systems, it is normally recommended to link against the
precompiled shared libraries provided by the distributor or vendor.
We also maintain a list of third parties that produce OpenSSL binaries for
various Operating Systems (including Windows) on the [Binaries] page on our
wiki.
For Testing and Development
---------------------------
Although testing and development could in theory also be done using
the source tarballs, having a local copy of the git repository with
the entire project history gives you much more insight into the
code base.
The official OpenSSL Git Repository is located at [git.openssl.org].
There is a GitHub mirror of the repository at [github.com/openssl/openssl],
which is updated automatically from the former on every commit.
A local copy of the Git Repository can be obtained by cloning it from
the original OpenSSL repository using
git clone git://git.openssl.org/openssl.git
or from the GitHub mirror using
git clone https://github.com/openssl/openssl.git
If you intend to contribute to OpenSSL, either to fix bugs or contribute
new features, you need to fork the OpenSSL repository openssl/openssl on
GitHub and clone your public fork instead.
git clone https://github.com/yourname/openssl.git
This is necessary because all development of OpenSSL nowadays is done via
GitHub pull requests. For more details, see [Contributing](#contributing).
Build and Install
=================
After obtaining the Source, have a look at the [INSTALL](INSTALL.md) file for
detailed instructions about building and installing OpenSSL. For some
platforms, the installation instructions are amended by a platform specific
document.
* [Notes for UNIX-like platforms](NOTES-UNIX.md)
* [Notes for Android platforms](NOTES-ANDROID.md)
* [Notes for Windows platforms](NOTES-WINDOWS.md)
* [Notes for the DOS platform with DJGPP](NOTES-DJGPP.md)
* [Notes for the OpenVMS platform](NOTES-VMS.md)
* [Notes on Perl](NOTES-PERL.md)
* [Notes on Valgrind](NOTES-VALGRIND.md)
Specific notes on upgrading to OpenSSL 3.x from previous versions can be found
in the [ossl-guide-migration(7ossl)] manual page.
Documentation
=============
README Files
------------
There are some README.md files in the top level of the source distribution
containing additional information on specific topics.
* [Information about the OpenSSL QUIC protocol implementation](README-QUIC.md)
* [Information about the OpenSSL Provider architecture](README-PROVIDERS.md)
* [Information about using the OpenSSL FIPS validated module](README-FIPS.md)
* [Information about the legacy OpenSSL Engine architecture](README-ENGINES.md)
The OpenSSL Guide
-----------------
There are some tutorial and introductory pages on some important OpenSSL topics
within the [OpenSSL Guide].
Manual Pages
------------
The manual pages for the master branch and all current stable releases are
available online.
- [OpenSSL master](https://www.openssl.org/docs/manmaster)
- [OpenSSL 3.0](https://www.openssl.org/docs/man3.0)
- [OpenSSL 3.1](https://www.openssl.org/docs/man3.1)
- [OpenSSL 3.2](https://www.openssl.org/docs/man3.2)
Demos
-----
The are numerous source code demos for using various OpenSSL capabilities in the
[demos subfolder](./demos).
Wiki
----
There is a Wiki at [wiki.openssl.org] which is currently not very active.
It contains a lot of useful information, not all of which is up-to-date.
License
=======
OpenSSL is licensed under the Apache License 2.0, which means that
you are free to get and use it for commercial and non-commercial
purposes as long as you fulfill its conditions.
See the [LICENSE.txt](LICENSE.txt) file for more details.
Support
=======
There are various ways to get in touch. The correct channel depends on
your requirement. See the [SUPPORT](SUPPORT.md) file for more details.
Contributing
============
If you are interested and willing to contribute to the OpenSSL project,
please take a look at the [CONTRIBUTING](CONTRIBUTING.md) file.
Legalities
==========
A number of nations restrict the use or export of cryptography. If you are
potentially subject to such restrictions, you should seek legal advice before
attempting to develop or distribute cryptographic code.
Copyright
=========
Copyright (c) 1998-2024 The OpenSSL Project Authors
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.
<!-- Links -->
[www.openssl.org]:
<https://www.openssl.org>
"OpenSSL Homepage"
[git.openssl.org]:
<https://git.openssl.org>
"OpenSSL Git Repository"
[git.openssl.org]:
<https://git.openssl.org>
"OpenSSL Git Repository"
[github.com/openssl/openssl]:
<https://github.com/openssl/openssl>
"OpenSSL GitHub Mirror"
[wiki.openssl.org]:
<https://wiki.openssl.org>
"OpenSSL Wiki"
[ossl-guide-migration(7ossl)]:
<https://www.openssl.org/docs/manmaster/man7/ossl-guide-migration.html>
"OpenSSL Migration Guide"
[RFC 8446]:
<https://tools.ietf.org/html/rfc8446>
[RFC 6347]:
<https://tools.ietf.org/html/rfc6347>
[RFC 9000]:
<https://tools.ietf.org/html/rfc9000>
[Binaries]:
<https://wiki.openssl.org/index.php/Binaries>
"List of third party OpenSSL binaries"
[OpenSSL Guide]:
<https://www.openssl.org/docs/manmaster/man7/ossl-guide-introduction.html>
"An introduction to OpenSSL"
<!-- Logos and Badges -->
[openssl logo]:
doc/images/openssl.svg
"OpenSSL Logo"
[github actions ci badge]:
<https://github.com/openssl/openssl/workflows/GitHub%20CI/badge.svg>
"GitHub Actions CI Status"
[github actions ci]:
<https://github.com/openssl/openssl/actions?query=workflow%3A%22GitHub+CI%22>
"GitHub Actions CI"
[appveyor badge]:
<https://ci.appveyor.com/api/projects/status/8e10o7xfrg73v98f/branch/master?svg=true>
"AppVeyor Build Status"
[appveyor jobs]:
<https://ci.appveyor.com/project/openssl/openssl/branch/master>
"AppVeyor Jobs"

93
examples/openssl/openssl-3.2.1-src/SUPPORT.md Normal file

@ -0,0 +1,93 @@
OpenSSL User Support resources
==============================
See the <https://www.openssl.org/support/contracts.html> for details on how to
obtain commercial technical support.
If you have general questions about using OpenSSL
-------------------------------------------------
In this case the [openssl-users] mailing list is the right place for you.
The list is not only watched by the OpenSSL team members, but also by many
other OpenSSL users. Here you will most likely get the answer to your questions.
An overview over the [mailing lists](#mailing-lists) can be found below.
If you think you found a Bug
----------------------------
*NOTE: this section assumes that you want to report it or figure it out and
fix it. What's written here is not to be taken as a recipe for how to get a
working production installation*
If you have any problems with OpenSSL then please take the following steps
first:
- Search the mailing lists and/or the GitHub issues to find out whether
the problem has already been reported.
- Download the latest version from the repository to see if the problem
has already been addressed.
- Configure without assembler support (`no-asm`) and check whether the
problem persists.
- Remove compiler optimization flags.
Please keep in mind: Just because something doesn't work the way you expect
does not mean it is necessarily a bug in OpenSSL. If you are not sure,
consider searching the mail archives and posting a question to the
[openssl-users] mailing list first.
### Open an Issue
If you wish to report a bug, please open an [issue][github-issues] on GitHub
and include the following information:
- OpenSSL version: output of `openssl version -a`
- Configuration data: output of `perl configdata.pm --dump`
- OS Name, Version, Hardware platform
- Compiler Details (name, version)
- Application Details (name, version)
- Problem Description (steps that will reproduce the problem, if known)
- Stack Traceback (if the application dumps core)
Not only errors in the software, also errors in the documentation, in
particular the manual pages, can be reported as issues.
### Submit a Pull Request
The fastest way to get a bug fixed is to fix it yourself ;-). If you are
experienced in programming and know how to fix the bug, you can open a
pull request. The details are covered in the [Contributing][contributing] section.
Don't hesitate to open a pull request, even if it's only a small change
like a grammatical or typographical error in the documentation.
Mailing Lists
=============
The OpenSSL maintains a number of [mailing lists] for various purposes.
The most important lists are:
- [openssl-users] for general questions about using the OpenSSL software
and discussions between OpenSSL users.
- [openssl-announce] for official announcements to the OpenSSL community.
- [openssl-project] for discussion about the development roadmap
and governance.
Only subscribers can post to [openssl-users] or [openssl-project]. The
archives are made public, however. For more information, see the [mailing
lists] page.
There was an [openssl-dev] list that has been discontinued since development
is now taking place in the form of GitHub pull requests. Although not active
anymore, the searchable archive may still contain useful information.
<!-- Links -->
[mailing lists]: https://www.openssl.org/community/mailinglists.html
[openssl-users]: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-announce]: https://mta.openssl.org/mailman/listinfo/openssl-announce
[openssl-project]: https://mta.openssl.org/mailman/listinfo/openssl-project
[openssl-dev]: https://mta.openssl.org/mailman/listinfo/openssl-dev
[github-issues]: https://github.com/openssl/openssl/issues/new/choose
[contributing]: https://github.com/openssl/openssl/blob/master/CONTRIBUTING.md

7
examples/openssl/openssl-3.2.1-src/VERSION.dat Normal file

@ -0,0 +1,7 @@
MAJOR=3
MINOR=2
PATCH=1
PRE_RELEASE_TAG=
BUILD_METADATA=
RELEASE_DATE="30 Jan 2024"
SHLIB_VERSION=3

41
examples/openssl/openssl-3.2.1-src/VMS/VMSify-conf.pl Normal file

@ -0,0 +1,41 @@
#! /usr/bin/env perl
# Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
use strict;
use warnings;
my @directory_vars = ( "dir", "certs", "crl_dir", "new_certs_dir" );
my @file_vars = ( "database", "certificate", "serial", "crlnumber",
"crl", "private_key", "RANDFILE" );
while(<STDIN>) {
s|\R$||;
foreach my $d (@directory_vars) {
if (/^(\s*\#?\s*${d}\s*=\s*)\.\/([^\s\#]*)([\s\#].*)$/) {
$_ = "$1sys\\\$disk:\[.$2$3";
} elsif (/^(\s*\#?\s*${d}\s*=\s*)(\w[^\s\#]*)([\s\#].*)$/) {
$_ = "$1sys\\\$disk:\[.$2$3";
}
s/^(\s*\#?\s*${d}\s*=\s*\$\w+)\/([^\s\#]*)([\s\#].*)$/$1.$2\]$3/;
while(/^(\s*\#?\s*${d}\s*=\s*(\$\w+\.|sys\\\$disk:\[\.)[\w\.]+)\/([^\]]*)\](.*)$/) {
$_ = "$1.$3]$4";
}
}
foreach my $f (@file_vars) {
s/^(\s*\#?\s*${f}\s*=\s*)\.\/(.*)$/$1sys\\\$disk:\[\/$2/;
while(/^(\s*\#?\s*${f}\s*=\s*(\$\w+|sys\\\$disk:\[)[^\/]*)\/(\w+\/[^\s\#]*)([\s\#].*)$/) {
$_ = "$1.$3$4";
}
if (/^(\s*\#?\s*${f}\s*=\s*(\$\w+|sys\\\$disk:\[)[^\/]*)\/(\w+)([\s\#].*)$/) {
$_ = "$1]$3.$4";
} elsif (/^(\s*\#?\s*${f}\s*=\s*(\$\w+|sys\\\$disk:\[)[^\/]*)\/([^\s\#]*)([\s\#].*)$/) {
$_ = "$1]$3$4";
}
}
print $_,"\n";
}

3
examples/openssl/openssl-3.2.1-src/VMS/engine.opt Normal file

@ -0,0 +1,3 @@
CASE_SENSITIVE=YES
SYMBOL_VECTOR=(BIND_ENGINE=PROCEDURE,V_CHECK=PROCEDURE,-
bind_engine/BIND_ENGINE=PROCEDURE,v_check/V_CHECK=PROCEDURE)

19
examples/openssl/openssl-3.2.1-src/VMS/msg_install.com Normal file

@ -0,0 +1,19 @@
$ ! Used by the main descrip.mms to print the installation complete
$ ! message.
$ ! Arguments:
$ ! P1 startup / setup / shutdown scripts directory
$ ! P2 distinguishing version number ("major version")
$
$ systartup = p1
$ osslver = p2
$
$ WRITE SYS$OUTPUT "Installation complete"
$ WRITE SYS$OUTPUT ""
$ WRITE SYS$OUTPUT "The following commands need to be executed to enable you to use OpenSSL:"
$ WRITE SYS$OUTPUT ""
$ WRITE SYS$OUTPUT "- to set up OpenSSL logical names:"
$ WRITE SYS$OUTPUT " @''systartup'openssl_startup''osslver'"
$ WRITE SYS$OUTPUT ""
$ WRITE SYS$OUTPUT "- to define the OpenSSL command"
$ WRITE SYS$OUTPUT " @''systartup'openssl_utils''osslver'"
$ WRITE SYS$OUTPUT ""

37
examples/openssl/openssl-3.2.1-src/VMS/msg_staging.com Normal file

@ -0,0 +1,37 @@
$ ! Used by the main descrip.mms to print the statging installation
$ ! complete
$ ! message.
$ ! Arguments:
$ ! P1 staging software installation directory
$ ! P2 staging data installation directory
$ ! P3 final software installation directory
$ ! P4 final data installation directory
$ ! P5 startup / setup / shutdown scripts directory
$ ! P6 distinguishing version number ("major version")
$
$ staging_instdir = p1
$ staging_datadir = p2
$ final_instdir = p3
$ final_datadir = p4
$ systartup = p5
$ osslver = p6
$
$ WRITE SYS$OUTPUT "Staging installation complete"
$ WRITE SYS$OUTPUT ""
$ WRITE SYS$OUTPUT "Finish or package in such a way that the contents of the following directory"
$ WRITE SYS$OUTPUT "trees end up being copied:"
$ WRITE SYS$OUTPUT ""
$ WRITE SYS$OUTPUT "- from ", staging_instdir
$ WRITE SYS$OUTPUT " to ", final_instdir
$ WRITE SYS$OUTPUT "- from ", staging_datadir
$ WRITE SYS$OUTPUT " to ", final_datadir
$ WRITE SYS$OUTPUT ""
$ WRITE SYS$OUTPUT "When in its final destination, the following commands need to be executed"
$ WRITE SYS$OUTPUT "to use OpenSSL:"
$ WRITE SYS$OUTPUT ""
$ WRITE SYS$OUTPUT "- to set up OpenSSL logical names:"
$ WRITE SYS$OUTPUT " @''systartup'openssl_startup''osslver'"
$ WRITE SYS$OUTPUT ""
$ WRITE SYS$OUTPUT "- to define the OpenSSL command"
$ WRITE SYS$OUTPUT " @''systartup'openssl_utils''osslver'"
$ WRITE SYS$OUTPUT ""

56
examples/openssl/openssl-3.2.1-src/VMS/openssl_ivp.com.in Normal file

@ -0,0 +1,56 @@
$ ! OpenSSL Internal Verification Procedure
$ !
$ ! This script checks the consistency of a OpenSSL installation
$ ! It had better be spawned, as it creates process logicals
$
$ ! Generated information
$ INSTALLTOP := {- $config{INSTALLTOP} -}
$ OPENSSLDIR := {- $config{OPENSSLDIR} -}
$
$ ! Make sure that INSTALLTOP and OPENSSLDIR become something one
$ ! can use to call the startup procedure
$ INSTALLTOP_ = F$PARSE("A.;",INSTALLTOP,,,"NO_CONCEAL") -
- ".][000000" - "[000000." - "][" - "]A.;" + "."
$ OPENSSLDIR_ = F$PARSE("A.;",OPENSSLDIR,,,"NO_CONCEAL") -
- ".][000000" - "[000000." - "][" - "]A.;" + "."
$
$ v := {- sprintf "%02d", split(/\./, $config{version}) -}
$ pz := {- $target{pointer_size} -}
$
$ @'INSTALLTOP_'SYS$STARTUP]openssl_startup'v'
$ @'INSTALLTOP_'SYS$STARTUP]openssl_utils'v'
$
$ IF F$SEARCH("OSSL$LIBCRYPTO''pz'") .EQS. "" -
.OR. F$SEARCH("OSSL$LIBSSL''pz'") .EQS. "" {- output_off() if $disabled{shared}; "" -}-
.OR. F$SEARCH("OSSL$LIBCRYPTO_SHR''pz'") .EQS. "" -
.OR. F$SEARCH("OSSL$LIBSSL_SHR''pz'") .EQS. "" {- output_on() if $disabled{shared}; "" -}-
.OR. F$SEARCH("OSSL$INCLUDE:[OPENSSL]crypto.h") .EQS. "" -
.OR. F$SEARCH("OPENSSL:crypto.h") .EQS. "" -
.OR. F$SEARCH("OSSL$EXE:OPENSSL''v'.EXE") .EQS. ""
$ THEN
$ WRITE SYS$ERROR "Installation inconsistent"
$ EXIT %x00018292 ! RMS$_FNF, file not found
$ ENDIF
$
$ ON ERROR THEN GOTO error
$
$ ! If something else is wrong with the installation, we're likely
$ ! to get an image activation error here
$ openssl version -a
$
$ ! FUTURE ENHANCEMENT: Verify that engines are where they should be.
$ ! openssl engine -c -t checker
$
$ ! Verify that the built in providers are reachable. If they aren't,
$ ! then we're likely to get an image activation error here
$ openssl list -provider base -providers
$ openssl list -provider default -providers
$ openssl list -provider legacy -providers
$
$ WRITE SYS$ERROR "OpenSSL IVP passed"
$ EXIT %x10000001
$
$ error:
$ save_status = $STATUS
$ WRITE SYS$ERROR "OpenSSL IVP failed"
$ EXIT 'save_status'

57
examples/openssl/openssl-3.2.1-src/VMS/openssl_shutdown.com.in Normal file

@ -0,0 +1,57 @@
$ ! OpenSSL shutdown script
$ !
$ ! This script deassigns the logical names used by the installation
$ ! of OpenSSL. It can do so at any level, defined by P1.
$ !
$ ! P1 Qualifier(s) for DEASSIGN.
$ ! Default: /PROCESS
$ !
$ ! P2 If the value is "NOALIASES", no alias logical names are
$ ! deassigned.
$
$ status = %x10000001 ! Generic success
$
$ ! In case there's a problem
$ ON CONTROL_Y THEN GOTO bailout
$ ON ERROR THEN GOTO bailout
$
$ ! Find the architecture
$ IF F$GETSYI("CPU") .LT. 128
$ THEN
$ arch := VAX
$ ELSE
$ arch := F$EDIT(F$GETSYI("ARCH_NAME"),"UPCASE")
$ IF arch .EQS. "" THEN GOTO unknown_arch
$ ENDIF
$
$ ! Abbrevs
$ DEAS := DEASSIGN /NOLOG 'P1'
$ sv := {- platform->shlib_version_as_filename(); -}
$ pz := {- $target{pointer_size} -}
$
$ DEAS OSSL$DATAROOT
$ DEAS OSSL$INSTROOT
$ DEAS OSSL$INCLUDE
$ DEAS OSSL$LIB
$ DEAS OSSL$SHARE
$ DEAS OSSL$ENGINES'sv''pz'
$ DEAS OSSL$MODULES'pz'
$ DEAS OSSL$EXE
$ DEAS OSSL$LIBCRYPTO'pz'
$ DEAS OSSL$LIBSSL'pz'
${- output_off() if $disabled{shared}; "" -}
$ DEAS OSSL$LIBCRYPTO'sv'_SHR'pz'
$ DEAS OSSL$LIBSSL'sv'_SHR'pz'
${- output_on() if $disabled{shared}; "" -}
$ DEAS OPENSSL
$
$ IF P2 .NES. "NOALIASES"
$ THEN
$ DEAS OSSL$ENGINES'pz'
${- output_off() if $disabled{shared}; "" -}
$ DEAS OSSL$LIBCRYPTO_SHR'pz'
$ DEAS OSSL$LIBSSL_SHR'pz'
${- output_on() if $disabled{shared}; "" -}
$ ENDIF
$
$ EXIT 'status'

125
examples/openssl/openssl-3.2.1-src/VMS/openssl_startup.com.in Normal file

@ -0,0 +1,125 @@
$ ! OpenSSL startup script
$ !
$ ! This script defines the logical names used by the installation
$ ! of OpenSSL. It can provide those logical names at any level,
$ ! defined by P1.
$ !
$ ! The logical names created are:
$ !
$ ! OSSL$INSTROOT Installation root
$ ! OSSL$DATAROOT Data root (common directory
$ ! for certs etc)
$ ! OSSL$INCLUDE Include directory root
$ ! OSSL$LIB Where the static library files
$ ! are located
$ ! OSSL$SHARE Where the shareable image files
$ ! are located
$ ! OSSL$EXE Where the executables are located
$ ! OSSL$ENGINESnnn Where the engines modules are located
$ ! OSSL$MODULES Where the non-engine modules are located
$ ! OSSL$LIBCRYPTO The static crypto library
$ ! OSSL$LIBSSL The static ssl library
$ ! OSSL$LIBCRYPTOnnn_SHR The shareable crypto image
$ ! OSSL$LIBSSLnnn_SHR The shareable ssl image
$ ! OPENSSL is OSSL$INCLUDE:[OPENSSL]
$ !
$ ! In all these, nnn is the OpenSSL version number. This allows
$ ! several OpenSSL versions to be installed simultaneously, which
$ ! matters for applications that are linked to the shareable images
$ ! or that depend on engines.
$ !
$ ! In addition, unless P2 is "NOALIASES", these logical names are
$ ! created:
$ !
$ ! OSSL$ENGINES Alias for OSSL$ENGINESnnn
$ ! OSSL$LIBCRYPTO_SHR Alias for OSSL$LIBCRYPTOnnn_SHR
$ ! OSSL$LIBSSL_SHR Alias for OSSL$LIBSSLnnn_SHR
$ !
$ ! P1 Qualifier(s) for DEFINE. "/SYSTEM" would be typical when
$ ! calling this script from SYS$STARTUP:SYSTARTUP_VMS.COM,
$ ! while "/PROCESS" would be typical for a personal install.
$ ! Default: /PROCESS
$ !
$ ! P2 If the value is "NOALIASES", no alias logical names are
$ ! created.
$
$ status = %x10000001 ! Generic success
$
$ ! In case there's a problem
$ ON CONTROL_Y THEN GOTO bailout
$ ON ERROR THEN GOTO bailout
$
$ ! Find the architecture
$ IF F$GETSYI("CPU") .LT. 128
$ THEN
$ arch := VAX
$ ELSE
$ arch = F$EDIT(F$GETSYI("ARCH_NAME"),"UPCASE")
$ IF arch .EQS. "" THEN GOTO unknown_arch
$ ENDIF
$
$ ! Generated information
$ INSTALLTOP := {- $config{INSTALLTOP} -}
$ OPENSSLDIR := {- $config{OPENSSLDIR} -}
$
$ ! Make sure that INSTALLTOP and OPENSSLDIR become something one
$ ! can build concealed logical names on
$ INSTALLTOP_ = F$PARSE("A.;",INSTALLTOP,,,"NO_CONCEAL") -
- ".][000000" - "[000000." - "][" - "]A.;" + "."
$ OPENSSLDIR_ = F$PARSE("A.;",OPENSSLDIR,,,"NO_CONCEAL") -
- ".][000000" - "[000000." - "][" - "]A.;" + "."
$
$ DEFINE /TRANSLATION=CONCEALED /NOLOG WRK_INSTALLTOP 'INSTALLTOP_']
$ DEFINE /TRANSLATION=CONCEALED /NOLOG WRK_OPENSSLDIR 'OPENSSLDIR_']
$
$ ! Check that things are in place, and specifically, the stuff
$ ! belonging to this architecture
$ IF F$SEARCH("WRK_INSTALLTOP:[000000]INCLUDE.DIR;1") .EQS. "" -
.OR. F$SEARCH("WRK_INSTALLTOP:[000000]LIB.DIR;1") .EQS. "" -
.OR. F$SEARCH("WRK_INSTALLTOP:[000000]EXE.DIR;1") .EQS. "" -
.OR. F$SEARCH("WRK_INSTALLTOP:[LIB]''arch'.DIR;1") .EQS. "" -
.OR. F$SEARCH("WRK_INSTALLTOP:[EXE]''arch'.DIR;1") .EQS. "" -
.OR. F$SEARCH("WRK_OPENSSLDIR:[000000]openssl.cnf") .EQS. ""
$ THEN
$ WRITE SYS$ERROR "''INSTALLTOP' doesn't look like an OpenSSL installation for ''arch'"
$ status = %x00018292 ! RMS$_FNF, file not found
$ GOTO bailout
$ ENDIF
$
$ ! Abbrevs
$ DEFT := DEFINE /TRANSLATION=CONCEALED /NOLOG 'P1'
$ DEF := DEFINE /NOLOG 'P1'
$ sv := {- platform->shlib_version_as_filename(); -}
$ pz := {- $target{pointer_size} -}
$
$ DEFT OSSL$DATAROOT 'OPENSSLDIR_']
$ DEFT OSSL$INSTROOT 'INSTALLTOP_']
$ DEFT OSSL$INCLUDE 'INSTALLTOP_'INCLUDE.]
$ DEF OSSL$LIB OSSL$INSTROOT:[LIB.'arch']
$ DEF OSSL$SHARE OSSL$INSTROOT:[LIB.'arch']
$ DEF OSSL$ENGINES'sv''pz' OSSL$INSTROOT:[ENGINES'sv''pz'.'arch']
$ DEF OSSL$MODULES'pz' OSSL$INSTROOT:[MODULES'pz'.'arch']
$ DEF OSSL$EXE OSSL$INSTROOT:[EXE.'arch'],-
OSSL$INSTROOT:[EXE]
$ DEF OSSL$LIBCRYPTO'pz' OSSL$LIB:OSSL$LIBCRYPTO'pz'.OLB
$ DEF OSSL$LIBSSL'pz' OSSL$LIB:OSSL$LIBSSL'pz'.OLB
${- output_off() if $disabled{shared}; "" -}
$ DEF OSSL$LIBCRYPTO'sv'_SHR'pz' OSSL$SHARE:OSSL$LIBCRYPTO'sv'_SHR'pz'.EXE
$ DEF OSSL$LIBSSL'sv'_SHR'pz' OSSL$SHARE:OSSL$LIBSSL'sv'_SHR'pz'.EXE
${- output_on() if $disabled{shared}; "" -}
$ DEF OPENSSL OSSL$INCLUDE:[OPENSSL]
$
$ IF P2 .NES. "NOALIASES"
$ THEN
$ DEF OSSL$ENGINES'pz' OSSL$ENGINES'sv''pz'
${- output_off() if $disabled{shared}; "" -}
$ DEF OSSL$LIBCRYPTO_SHR'pz' OSSL$LIBCRYPTO'sv'_SHR'pz'
$ DEF OSSL$LIBSSL_SHR'pz' OSSL$LIBSSL'sv'_SHR'pz'
${- output_on() if $disabled{shared}; "" -}
$ ENDIF
$
$ bailout:
$ DEASSIGN WRK_INSTALLTOP
$ DEASSIGN WRK_OPENSSLDIR
$
$ EXIT 'status'

14
examples/openssl/openssl-3.2.1-src/VMS/openssl_utils.com.in Normal file

@ -0,0 +1,14 @@
$ ! OpenSSL utilities
$ !
$
$ v := {- sprintf "%02d", split(/\./, $config{version}) -}
$
$ OPENSSL'v' :== $OSSL$EXE:OPENSSL'v'
$ OPENSSL :== $OSSL$EXE:OPENSSL'v'
$
$ IF F$TYPE(PERL) .EQS. "STRING"
$ THEN
$ C_REHASH :== 'PERL' OSSL$EXE:c_rehash.pl
$ ELSE
$ WRITE SYS$ERROR "NOTE: no perl => no C_REHASH"
$ ENDIF

28
examples/openssl/openssl-3.2.1-src/VMS/test-includes.com Normal file

@ -0,0 +1,28 @@
$! Quick script to check how well including individual header files works
$! on VMS, even when the VMS macro isn't defined.
$
$ sav_def = f$env("DEFAULT")
$ here = f$parse("A.;0",f$ENV("PROCEDURE")) - "A.;0"
$ set default 'here'
$ set default [-.include.openssl]
$ define openssl 'f$env("DEFAULT")'
$ set default [--]
$
$ loop:
$ f = f$search("openssl:*.h")
$ if f .eqs. "" then goto loop_end
$ write sys$output "Checking ",f
$ open/write foo foo.c
$ write foo "#undef VMS"
$ write foo "#include <stdio.h>"
$ write foo "#include <openssl/",f$parse(f,,,"NAME"),".h>"
$ write foo "main()"
$ write foo "{printf(""foo\n"");}"
$ close foo
$ cc/STANDARD=ANSI89/NOLIST/PREFIX=ALL foo.c
$ delete foo.c;
$ goto loop
$ loop_end:
$ set default 'save_def'
$ exit

62
examples/openssl/openssl-3.2.1-src/VMS/translatesyms.pl Normal file

@ -0,0 +1,62 @@
#! /usr/bin/env perl
# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
# This script will translate any SYMBOL_VECTOR item that has a translation
# in CXX$DEMANGLER_DB. The latter is generated by and CC/DECC command that
# uses the qualifier /REPOSITORY with the build directory as value. When
# /NAMES=SHORTENED has been used, this file will hold the translations from
# the original symbols to the shortened variants.
#
# CXX$DEMAGLER_DB. is an ISAM file, but with the magic of RMS, it can be
# read as a text file, with each record as one line.
#
# The lines will have the following syntax for any symbol found that's longer
# than 31 characters:
#
# LONG_symbol_34567890123{cksum}$LONG_symbol_34567890123_more_than_31_chars
#
# $ is present at the end of the shortened symbol name, and is preceded by a
# 7 character checksum. The $ makes it easy to separate the shortened name
# from the original one.
use strict;
use warnings;
usage() if scalar @ARGV < 1;
my %translations = ();
open DEMANGLER_DATA, $ARGV[0]
or die "Couldn't open $ARGV[0]: $!\n";
while(<DEMANGLER_DATA>) {
s|\R$||;
(my $translated, my $original) = split /\$/;
$translations{$original} = $translated.'$';
}
close DEMANGLER_DATA;
$| = 1; # Autoflush
while(<STDIN>) {
s@
((?:[A-Za-z0-9_]+)\/)?([A-Za-z0-9_]+)=(PROCEDURE|DATA)
@
if (defined($translations{$2})) {
my $trans = $translations{$2};
my $trans_uc = uc $trans;
if (defined($1) && $trans ne $trans_uc) {
"$trans_uc/$trans=$3"
} else {
"$trans=$3"
}
} else {
$&
}
@gxe;
print $_;
}

239
examples/openssl/openssl-3.2.1-src/apps/CA.pl Executable file

@ -0,0 +1,239 @@
#!/usr/bin/env perl
# Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
#
# Wrapper around the ca to make it easier to use
#
# WARNING: do not edit!
# Generated by Makefile from apps/CA.pl.in
use strict;
use warnings;
my $verbose = 1;
my @OPENSSL_CMDS = ("req", "ca", "pkcs12", "x509", "verify");
my $openssl = $ENV{'OPENSSL'} // "openssl";
$ENV{'OPENSSL'} = $openssl;
my $OPENSSL_CONFIG = $ENV{"OPENSSL_CONFIG"} // "";
# Command invocations.
my $REQ = "$openssl req $OPENSSL_CONFIG";
my $CA = "$openssl ca $OPENSSL_CONFIG";
my $VERIFY = "$openssl verify";
my $X509 = "$openssl x509";
my $PKCS12 = "$openssl pkcs12";
# Default values for various configuration settings.
my $CATOP = "./demoCA";
my $CAKEY = "cakey.pem";
my $CAREQ = "careq.pem";
my $CACERT = "cacert.pem";
my $CACRL = "crl.pem";
my $DAYS = "-days 365";
my $CADAYS = "-days 1095"; # 3 years
my $EXTENSIONS = "-extensions v3_ca";
my $POLICY = "-policy policy_anything";
my $NEWKEY = "newkey.pem";
my $NEWREQ = "newreq.pem";
my $NEWCERT = "newcert.pem";
my $NEWP12 = "newcert.p12";
# Commandline parsing
my %EXTRA;
my $WHAT = shift @ARGV || "";
@ARGV = parse_extra(@ARGV);
my $RET = 0;
# Split out "-extra-CMD value", and return new |@ARGV|. Fill in
# |EXTRA{CMD}| with list of values.
sub parse_extra
{
foreach ( @OPENSSL_CMDS ) {
$EXTRA{$_} = '';
}
my @result;
while ( scalar(@_) > 0 ) {
my $arg = shift;
if ( $arg !~ m/-extra-([a-z0-9]+)/ ) {
push @result, $arg;
next;
}
$arg =~ s/-extra-//;
die("Unknown \"-${arg}-extra\" option, exiting")
unless scalar grep { $arg eq $_ } @OPENSSL_CMDS;
$EXTRA{$arg} .= " " . shift;
}
return @result;
}
# See if reason for a CRL entry is valid; exit if not.
sub crl_reason_ok
{
my $r = shift;
if ($r eq 'unspecified' || $r eq 'keyCompromise'
|| $r eq 'CACompromise' || $r eq 'affiliationChanged'
|| $r eq 'superseded' || $r eq 'cessationOfOperation'
|| $r eq 'certificateHold' || $r eq 'removeFromCRL') {
return 1;
}
print STDERR "Invalid CRL reason; must be one of:\n";
print STDERR " unspecified, keyCompromise, CACompromise,\n";
print STDERR " affiliationChanged, superseded, cessationOfOperation\n";
print STDERR " certificateHold, removeFromCRL";
exit 1;
}
# Copy a PEM-format file; return like exit status (zero means ok)
sub copy_pemfile
{
my ($infile, $outfile, $bound) = @_;
my $found = 0;
open IN, $infile || die "Cannot open $infile, $!";
open OUT, ">$outfile" || die "Cannot write to $outfile, $!";
while (<IN>) {
$found = 1 if /^-----BEGIN.*$bound/;
print OUT $_ if $found;
$found = 2, last if /^-----END.*$bound/;
}
close IN;
close OUT;
return $found == 2 ? 0 : 1;
}
# Wrapper around system; useful for debugging. Returns just the exit status
sub run
{
my $cmd = shift;
print "====\n$cmd\n" if $verbose;
my $status = system($cmd);
print "==> $status\n====\n" if $verbose;
return $status >> 8;
}
if ( $WHAT =~ /^(-\?|-h|-help)$/ ) {
print STDERR <<EOF;
Usage:
CA.pl -newcert | -newreq | -newreq-nodes | -xsign | -sign | -signCA | -signcert | -crl | -newca [-extra-cmd parameter]
CA.pl -pkcs12 [certname]
CA.pl -verify certfile ...
CA.pl -revoke certfile [reason]
EOF
exit 0;
}
if ($WHAT eq '-newcert' ) {
# create a certificate
$RET = run("$REQ -new -x509 -keyout $NEWKEY -out $NEWCERT $DAYS"
. " $EXTRA{req}");
print "Cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0;
} elsif ($WHAT eq '-precert' ) {
# create a pre-certificate
$RET = run("$REQ -x509 -precert -keyout $NEWKEY -out $NEWCERT $DAYS"
. " $EXTRA{req}");
print "Pre-cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0;
} elsif ($WHAT =~ /^\-newreq(\-nodes)?$/ ) {
# create a certificate request
$RET = run("$REQ -new $1 -keyout $NEWKEY -out $NEWREQ $DAYS $EXTRA{req}");
print "Request is in $NEWREQ, private key is in $NEWKEY\n" if $RET == 0;
} elsif ($WHAT eq '-newca' ) {
# create the directory hierarchy
my @dirs = ( "${CATOP}", "${CATOP}/certs", "${CATOP}/crl",
"${CATOP}/newcerts", "${CATOP}/private" );
die "${CATOP}/index.txt exists.\nRemove old sub-tree to proceed,"
if -f "${CATOP}/index.txt";
die "${CATOP}/serial exists.\nRemove old sub-tree to proceed,"
if -f "${CATOP}/serial";
foreach my $d ( @dirs ) {
if ( -d $d ) {
warn "Directory $d exists" if -d $d;
} else {
mkdir $d or die "Can't mkdir $d, $!";
}
}
open OUT, ">${CATOP}/index.txt";
close OUT;
open OUT, ">${CATOP}/crlnumber";
print OUT "01\n";
close OUT;
# ask user for existing CA certificate
print "CA certificate filename (or enter to create)\n";
my $FILE;
$FILE = "" unless defined($FILE = <STDIN>);
$FILE =~ s{\R$}{};
if ($FILE ne "") {
copy_pemfile($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
copy_pemfile($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
} else {
print "Making CA certificate ...\n";
$RET = run("$REQ -new -keyout ${CATOP}/private/$CAKEY"
. " -out ${CATOP}/$CAREQ $EXTRA{req}");
$RET = run("$CA -create_serial"
. " -out ${CATOP}/$CACERT $CADAYS -batch"
. " -keyfile ${CATOP}/private/$CAKEY -selfsign"
. " $EXTENSIONS"
. " -infiles ${CATOP}/$CAREQ $EXTRA{ca}") if $RET == 0;
print "CA certificate is in ${CATOP}/$CACERT\n" if $RET == 0;
}
} elsif ($WHAT eq '-pkcs12' ) {
my $cname = $ARGV[0];
$cname = "My Certificate" unless defined $cname;
$RET = run("$PKCS12 -in $NEWCERT -inkey $NEWKEY"
. " -certfile ${CATOP}/$CACERT -out $NEWP12"
. " -export -name \"$cname\" $EXTRA{pkcs12}");
print "PKCS #12 file is in $NEWP12\n" if $RET == 0;
} elsif ($WHAT eq '-xsign' ) {
$RET = run("$CA $POLICY -infiles $NEWREQ $EXTRA{ca}");
} elsif ($WHAT eq '-sign' ) {
$RET = run("$CA $POLICY -out $NEWCERT"
. " -infiles $NEWREQ $EXTRA{ca}");
print "Signed certificate is in $NEWCERT\n" if $RET == 0;
} elsif ($WHAT eq '-signCA' ) {
$RET = run("$CA $POLICY -out $NEWCERT"
. " $EXTENSIONS -infiles $NEWREQ $EXTRA{ca}");
print "Signed CA certificate is in $NEWCERT\n" if $RET == 0;
} elsif ($WHAT eq '-signcert' ) {
$RET = run("$X509 -x509toreq -in $NEWREQ -signkey $NEWREQ"
. " -out tmp.pem $EXTRA{x509}");
$RET = run("$CA $POLICY -out $NEWCERT"
. "-infiles tmp.pem $EXTRA{ca}") if $RET == 0;
print "Signed certificate is in $NEWCERT\n" if $RET == 0;
} elsif ($WHAT eq '-verify' ) {
my @files = @ARGV ? @ARGV : ( $NEWCERT );
foreach my $file (@files) {
# -CAfile quoted for VMS, since the C RTL downcases all unquoted
# arguments to C programs
my $status = run("$VERIFY \"-CAfile\" ${CATOP}/$CACERT $file $EXTRA{verify}");
$RET = $status if $status != 0;
}
} elsif ($WHAT eq '-crl' ) {
$RET = run("$CA -gencrl -out ${CATOP}/crl/$CACRL $EXTRA{ca}");
print "Generated CRL is in ${CATOP}/crl/$CACRL\n" if $RET == 0;
} elsif ($WHAT eq '-revoke' ) {
my $cname = $ARGV[0];
if (!defined $cname) {
print "Certificate filename is required; reason optional.\n";
exit 1;
}
my $reason = $ARGV[1];
$reason = " -crl_reason $reason"
if defined $reason && crl_reason_ok($reason);
$RET = run("$CA -revoke \"$cname\"" . $reason . $EXTRA{ca});
} else {
print STDERR "Unknown arg \"$WHAT\"\n";
print STDERR "Use -help for help.\n";
exit 1;
}
exit $RET;

238
examples/openssl/openssl-3.2.1-src/apps/CA.pl.in Normal file

@ -0,0 +1,238 @@
#!{- $config{HASHBANGPERL} -}
# Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
#
# Wrapper around the ca to make it easier to use
#
# {- join("\n# ", @autowarntext) -}
use strict;
use warnings;
my $verbose = 1;
my @OPENSSL_CMDS = ("req", "ca", "pkcs12", "x509", "verify");
my $openssl = $ENV{'OPENSSL'} // "openssl";
$ENV{'OPENSSL'} = $openssl;
my $OPENSSL_CONFIG = $ENV{"OPENSSL_CONFIG"} // "";
# Command invocations.
my $REQ = "$openssl req $OPENSSL_CONFIG";
my $CA = "$openssl ca $OPENSSL_CONFIG";
my $VERIFY = "$openssl verify";
my $X509 = "$openssl x509";
my $PKCS12 = "$openssl pkcs12";
# Default values for various configuration settings.
my $CATOP = "./demoCA";
my $CAKEY = "cakey.pem";
my $CAREQ = "careq.pem";
my $CACERT = "cacert.pem";
my $CACRL = "crl.pem";
my $DAYS = "-days 365";
my $CADAYS = "-days 1095"; # 3 years
my $EXTENSIONS = "-extensions v3_ca";
my $POLICY = "-policy policy_anything";
my $NEWKEY = "newkey.pem";
my $NEWREQ = "newreq.pem";
my $NEWCERT = "newcert.pem";
my $NEWP12 = "newcert.p12";
# Commandline parsing
my %EXTRA;
my $WHAT = shift @ARGV || "";
@ARGV = parse_extra(@ARGV);
my $RET = 0;
# Split out "-extra-CMD value", and return new |@ARGV|. Fill in
# |EXTRA{CMD}| with list of values.
sub parse_extra
{
foreach ( @OPENSSL_CMDS ) {
$EXTRA{$_} = '';
}
my @result;
while ( scalar(@_) > 0 ) {
my $arg = shift;
if ( $arg !~ m/-extra-([a-z0-9]+)/ ) {
push @result, $arg;
next;
}
$arg =~ s/-extra-//;
die("Unknown \"-${arg}-extra\" option, exiting")
unless scalar grep { $arg eq $_ } @OPENSSL_CMDS;
$EXTRA{$arg} .= " " . shift;
}
return @result;
}
# See if reason for a CRL entry is valid; exit if not.
sub crl_reason_ok
{
my $r = shift;
if ($r eq 'unspecified' || $r eq 'keyCompromise'
|| $r eq 'CACompromise' || $r eq 'affiliationChanged'
|| $r eq 'superseded' || $r eq 'cessationOfOperation'
|| $r eq 'certificateHold' || $r eq 'removeFromCRL') {
return 1;
}
print STDERR "Invalid CRL reason; must be one of:\n";
print STDERR " unspecified, keyCompromise, CACompromise,\n";
print STDERR " affiliationChanged, superseded, cessationOfOperation\n";
print STDERR " certificateHold, removeFromCRL";
exit 1;
}
# Copy a PEM-format file; return like exit status (zero means ok)
sub copy_pemfile
{
my ($infile, $outfile, $bound) = @_;
my $found = 0;
open IN, $infile || die "Cannot open $infile, $!";
open OUT, ">$outfile" || die "Cannot write to $outfile, $!";
while (<IN>) {
$found = 1 if /^-----BEGIN.*$bound/;
print OUT $_ if $found;
$found = 2, last if /^-----END.*$bound/;
}
close IN;
close OUT;
return $found == 2 ? 0 : 1;
}
# Wrapper around system; useful for debugging. Returns just the exit status
sub run
{
my $cmd = shift;
print "====\n$cmd\n" if $verbose;
my $status = system($cmd);
print "==> $status\n====\n" if $verbose;
return $status >> 8;
}
if ( $WHAT =~ /^(-\?|-h|-help)$/ ) {
print STDERR <<EOF;
Usage:
CA.pl -newcert | -newreq | -newreq-nodes | -xsign | -sign | -signCA | -signcert | -crl | -newca [-extra-cmd parameter]
CA.pl -pkcs12 [certname]
CA.pl -verify certfile ...
CA.pl -revoke certfile [reason]
EOF
exit 0;
}
if ($WHAT eq '-newcert' ) {
# create a certificate
$RET = run("$REQ -new -x509 -keyout $NEWKEY -out $NEWCERT $DAYS"
. " $EXTRA{req}");
print "Cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0;
} elsif ($WHAT eq '-precert' ) {
# create a pre-certificate
$RET = run("$REQ -x509 -precert -keyout $NEWKEY -out $NEWCERT $DAYS"
. " $EXTRA{req}");
print "Pre-cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0;
} elsif ($WHAT =~ /^\-newreq(\-nodes)?$/ ) {
# create a certificate request
$RET = run("$REQ -new $1 -keyout $NEWKEY -out $NEWREQ $DAYS $EXTRA{req}");
print "Request is in $NEWREQ, private key is in $NEWKEY\n" if $RET == 0;
} elsif ($WHAT eq '-newca' ) {
# create the directory hierarchy
my @dirs = ( "${CATOP}", "${CATOP}/certs", "${CATOP}/crl",
"${CATOP}/newcerts", "${CATOP}/private" );
die "${CATOP}/index.txt exists.\nRemove old sub-tree to proceed,"
if -f "${CATOP}/index.txt";
die "${CATOP}/serial exists.\nRemove old sub-tree to proceed,"
if -f "${CATOP}/serial";
foreach my $d ( @dirs ) {
if ( -d $d ) {
warn "Directory $d exists" if -d $d;
} else {
mkdir $d or die "Can't mkdir $d, $!";
}
}
open OUT, ">${CATOP}/index.txt";
close OUT;
open OUT, ">${CATOP}/crlnumber";
print OUT "01\n";
close OUT;
# ask user for existing CA certificate
print "CA certificate filename (or enter to create)\n";
my $FILE;
$FILE = "" unless defined($FILE = <STDIN>);
$FILE =~ s{\R$}{};
if ($FILE ne "") {
copy_pemfile($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
copy_pemfile($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
} else {
print "Making CA certificate ...\n";
$RET = run("$REQ -new -keyout ${CATOP}/private/$CAKEY"
. " -out ${CATOP}/$CAREQ $EXTRA{req}");
$RET = run("$CA -create_serial"
. " -out ${CATOP}/$CACERT $CADAYS -batch"
. " -keyfile ${CATOP}/private/$CAKEY -selfsign"
. " $EXTENSIONS"
. " -infiles ${CATOP}/$CAREQ $EXTRA{ca}") if $RET == 0;
print "CA certificate is in ${CATOP}/$CACERT\n" if $RET == 0;
}
} elsif ($WHAT eq '-pkcs12' ) {
my $cname = $ARGV[0];
$cname = "My Certificate" unless defined $cname;
$RET = run("$PKCS12 -in $NEWCERT -inkey $NEWKEY"
. " -certfile ${CATOP}/$CACERT -out $NEWP12"
. " -export -name \"$cname\" $EXTRA{pkcs12}");
print "PKCS #12 file is in $NEWP12\n" if $RET == 0;
} elsif ($WHAT eq '-xsign' ) {
$RET = run("$CA $POLICY -infiles $NEWREQ $EXTRA{ca}");
} elsif ($WHAT eq '-sign' ) {
$RET = run("$CA $POLICY -out $NEWCERT"
. " -infiles $NEWREQ $EXTRA{ca}");
print "Signed certificate is in $NEWCERT\n" if $RET == 0;
} elsif ($WHAT eq '-signCA' ) {
$RET = run("$CA $POLICY -out $NEWCERT"
. " $EXTENSIONS -infiles $NEWREQ $EXTRA{ca}");
print "Signed CA certificate is in $NEWCERT\n" if $RET == 0;
} elsif ($WHAT eq '-signcert' ) {
$RET = run("$X509 -x509toreq -in $NEWREQ -signkey $NEWREQ"
. " -out tmp.pem $EXTRA{x509}");
$RET = run("$CA $POLICY -out $NEWCERT"
. "-infiles tmp.pem $EXTRA{ca}") if $RET == 0;
print "Signed certificate is in $NEWCERT\n" if $RET == 0;
} elsif ($WHAT eq '-verify' ) {
my @files = @ARGV ? @ARGV : ( $NEWCERT );
foreach my $file (@files) {
# -CAfile quoted for VMS, since the C RTL downcases all unquoted
# arguments to C programs
my $status = run("$VERIFY \"-CAfile\" ${CATOP}/$CACERT $file $EXTRA{verify}");
$RET = $status if $status != 0;
}
} elsif ($WHAT eq '-crl' ) {
$RET = run("$CA -gencrl -out ${CATOP}/crl/$CACRL $EXTRA{ca}");
print "Generated CRL is in ${CATOP}/crl/$CACRL\n" if $RET == 0;
} elsif ($WHAT eq '-revoke' ) {
my $cname = $ARGV[0];
if (!defined $cname) {
print "Certificate filename is required; reason optional.\n";
exit 1;
}
my $reason = $ARGV[1];
$reason = " -crl_reason $reason"
if defined $reason && crl_reason_ok($reason);
$RET = run("$CA -revoke \"$cname\"" . $reason . $EXTRA{ca});
} else {
print STDERR "Unknown arg \"$WHAT\"\n";
print STDERR "Use -help for help.\n";
exit 1;
}
exit $RET;

361
examples/openssl/openssl-3.2.1-src/apps/asn1parse.c Normal file

@ -0,0 +1,361 @@
/*
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "apps.h"
#include "progs.h"
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/asn1t.h>
typedef enum OPTION_choice {
OPT_COMMON,
OPT_INFORM, OPT_IN, OPT_OUT, OPT_INDENT, OPT_NOOUT,
OPT_OID, OPT_OFFSET, OPT_LENGTH, OPT_DUMP, OPT_DLIMIT,
OPT_STRPARSE, OPT_GENSTR, OPT_GENCONF, OPT_STRICTPEM,
OPT_ITEM
} OPTION_CHOICE;
const OPTIONS asn1parse_options[] = {
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
{"oid", OPT_OID, '<', "file of extra oid definitions"},
OPT_SECTION("I/O"),
{"inform", OPT_INFORM, 'A', "input format - one of DER PEM B64"},
{"in", OPT_IN, '<', "input file"},
{"out", OPT_OUT, '>', "output file (output format is always DER)"},
{"noout", OPT_NOOUT, 0, "do not produce any output"},
{"offset", OPT_OFFSET, 'p', "offset into file"},
{"length", OPT_LENGTH, 'p', "length of section in file"},
{"strparse", OPT_STRPARSE, 'p',
"offset; a series of these can be used to 'dig'"},
{"genstr", OPT_GENSTR, 's', "string to generate ASN1 structure from"},
{OPT_MORE_STR, 0, 0, "into multiple ASN1 blob wrappings"},
{"genconf", OPT_GENCONF, 's', "file to generate ASN1 structure from"},
{"strictpem", OPT_STRICTPEM, 0,
"equivalent to '-inform pem' (obsolete)"},
{"item", OPT_ITEM, 's', "item to parse and print"},
{OPT_MORE_STR, 0, 0, "(-inform will be ignored)"},
OPT_SECTION("Formatting"),
{"i", OPT_INDENT, 0, "indents the output"},
{"dump", OPT_DUMP, 0, "unknown data in hex form"},
{"dlimit", OPT_DLIMIT, 'p',
"dump the first arg bytes of unknown data in hex form"},
{NULL}
};
static int do_generate(char *genstr, const char *genconf, BUF_MEM *buf);
int asn1parse_main(int argc, char **argv)
{
ASN1_TYPE *at = NULL;
BIO *in = NULL, *b64 = NULL, *derout = NULL;
BUF_MEM *buf = NULL;
STACK_OF(OPENSSL_STRING) *osk = NULL;
char *genstr = NULL, *genconf = NULL;
char *infile = NULL, *oidfile = NULL, *derfile = NULL;
unsigned char *str = NULL;
char *name = NULL, *header = NULL, *prog;
const unsigned char *ctmpbuf;
int indent = 0, noout = 0, dump = 0, informat = FORMAT_PEM;
int offset = 0, ret = 1, i, j;
long num, tmplen;
unsigned char *tmpbuf;
unsigned int length = 0;
OPTION_CHOICE o;
const ASN1_ITEM *it = NULL;
prog = opt_init(argc, argv, asn1parse_options);
if ((osk = sk_OPENSSL_STRING_new_null()) == NULL) {
BIO_printf(bio_err, "%s: Memory allocation failure\n", prog);
goto end;
}
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(asn1parse_options);
ret = 0;
goto end;
case OPT_INFORM:
if (!opt_format(opt_arg(), OPT_FMT_ASN1, &informat))
goto opthelp;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUT:
derfile = opt_arg();
break;
case OPT_INDENT:
indent = 1;
break;
case OPT_NOOUT:
noout = 1;
break;
case OPT_OID:
oidfile = opt_arg();
break;
case OPT_OFFSET:
offset = strtol(opt_arg(), NULL, 0);
break;
case OPT_LENGTH:
length = strtol(opt_arg(), NULL, 0);
break;
case OPT_DUMP:
dump = -1;
break;
case OPT_DLIMIT:
dump = strtol(opt_arg(), NULL, 0);
break;
case OPT_STRPARSE:
sk_OPENSSL_STRING_push(osk, opt_arg());
break;
case OPT_GENSTR:
genstr = opt_arg();
break;
case OPT_GENCONF:
genconf = opt_arg();
break;
case OPT_STRICTPEM:
/* accepted for backward compatibility */
informat = FORMAT_PEM;
break;
case OPT_ITEM:
it = ASN1_ITEM_lookup(opt_arg());
if (it == NULL) {
size_t tmp;
BIO_printf(bio_err, "Unknown item name %s\n", opt_arg());
BIO_puts(bio_err, "Supported types:\n");
for (tmp = 0;; tmp++) {
it = ASN1_ITEM_get(tmp);
if (it == NULL)
break;
BIO_printf(bio_err, " %s\n", it->sname);
}
goto end;
}
break;
}
}
/* No extra args. */
if (!opt_check_rest_arg(NULL))
goto opthelp;
if (oidfile != NULL) {
in = bio_open_default(oidfile, 'r', FORMAT_TEXT);
if (in == NULL)
goto end;
OBJ_create_objects(in);
BIO_free(in);
}
if ((in = bio_open_default(infile, 'r', informat)) == NULL)
goto end;
if (derfile && (derout = bio_open_default(derfile, 'w', FORMAT_ASN1)) == NULL)
goto end;
if ((buf = BUF_MEM_new()) == NULL)
goto end;
if (genconf == NULL && genstr == NULL && informat == FORMAT_PEM) {
if (PEM_read_bio(in, &name, &header, &str, &num) != 1) {
BIO_printf(bio_err, "Error reading PEM file\n");
ERR_print_errors(bio_err);
goto end;
}
buf->data = (char *)str;
buf->length = buf->max = num;
} else {
if (!BUF_MEM_grow(buf, BUFSIZ * 8))
goto end; /* Pre-allocate :-) */
if (genstr || genconf) {
num = do_generate(genstr, genconf, buf);
if (num < 0) {
ERR_print_errors(bio_err);
goto end;
}
} else {
if (informat == FORMAT_BASE64) {
BIO *tmp;
if ((b64 = BIO_new(BIO_f_base64())) == NULL)
goto end;
BIO_push(b64, in);
tmp = in;
in = b64;
b64 = tmp;
}
num = 0;
for (;;) {
if (!BUF_MEM_grow(buf, num + BUFSIZ))
goto end;
i = BIO_read(in, &(buf->data[num]), BUFSIZ);
if (i <= 0)
break;
num += i;
}
}
str = (unsigned char *)buf->data;
}
/* If any structs to parse go through in sequence */
if (sk_OPENSSL_STRING_num(osk)) {
tmpbuf = str;
tmplen = num;
for (i = 0; i < sk_OPENSSL_STRING_num(osk); i++) {
ASN1_TYPE *atmp;
int typ;
j = strtol(sk_OPENSSL_STRING_value(osk, i), NULL, 0);
if (j <= 0 || j >= tmplen) {
BIO_printf(bio_err, "'%s' is out of range\n",
sk_OPENSSL_STRING_value(osk, i));
continue;
}
tmpbuf += j;
tmplen -= j;
atmp = at;
ctmpbuf = tmpbuf;
at = d2i_ASN1_TYPE(NULL, &ctmpbuf, tmplen);
ASN1_TYPE_free(atmp);
if (!at) {
BIO_printf(bio_err, "Error parsing structure\n");
ERR_print_errors(bio_err);
goto end;
}
typ = ASN1_TYPE_get(at);
if ((typ == V_ASN1_OBJECT)
|| (typ == V_ASN1_BOOLEAN)
|| (typ == V_ASN1_NULL)) {
BIO_printf(bio_err, "Can't parse %s type\n", ASN1_tag2str(typ));
ERR_print_errors(bio_err);
goto end;
}
/* hmm... this is a little evil but it works */
tmpbuf = at->value.asn1_string->data;
tmplen = at->value.asn1_string->length;
}
str = tmpbuf;
num = tmplen;
}
if (offset < 0 || offset >= num) {
BIO_printf(bio_err, "Error: offset out of range\n");
goto end;
}
num -= offset;
if (length == 0 || length > (unsigned int)num)
length = (unsigned int)num;
if (derout != NULL) {
if (BIO_write(derout, str + offset, length) != (int)length) {
BIO_printf(bio_err, "Error writing output\n");
ERR_print_errors(bio_err);
goto end;
}
}
if (!noout) {
const unsigned char *p = str + offset;
if (it != NULL) {
ASN1_VALUE *value = ASN1_item_d2i(NULL, &p, length, it);
if (value == NULL) {
BIO_printf(bio_err, "Error parsing item %s\n", it->sname);
ERR_print_errors(bio_err);
goto end;
}
ASN1_item_print(bio_out, value, 0, it, NULL);
ASN1_item_free(value, it);
} else {
if (!ASN1_parse_dump(bio_out, p, length, indent, dump)) {
ERR_print_errors(bio_err);
goto end;
}
}
}
ret = 0;
end:
BIO_free(derout);
BIO_free(in);
BIO_free(b64);
if (ret != 0)
ERR_print_errors(bio_err);
BUF_MEM_free(buf);
OPENSSL_free(name);
OPENSSL_free(header);
ASN1_TYPE_free(at);
sk_OPENSSL_STRING_free(osk);
return ret;
}
static int do_generate(char *genstr, const char *genconf, BUF_MEM *buf)
{
CONF *cnf = NULL;
int len;
unsigned char *p;
ASN1_TYPE *atyp = NULL;
if (genconf != NULL) {
if ((cnf = app_load_config(genconf)) == NULL)
goto err;
if (genstr == NULL)
genstr = NCONF_get_string(cnf, "default", "asn1");
if (genstr == NULL) {
BIO_printf(bio_err, "Can't find 'asn1' in '%s'\n", genconf);
goto err;
}
}
atyp = ASN1_generate_nconf(genstr, cnf);
NCONF_free(cnf);
cnf = NULL;
if (atyp == NULL)
return -1;
len = i2d_ASN1_TYPE(atyp, NULL);
if (len <= 0)
goto err;
if (!BUF_MEM_grow(buf, len))
goto err;
p = (unsigned char *)buf->data;
i2d_ASN1_TYPE(atyp, &p);
ASN1_TYPE_free(atyp);
return len;
err:
NCONF_free(cnf);
ASN1_TYPE_free(atyp);
return -1;
}

90
examples/openssl/openssl-3.2.1-src/apps/build.info Normal file

@ -0,0 +1,90 @@
SUBDIRS=lib
# Program init source, that don't have direct linkage with the rest of the
# source, and can therefore not be part of a library.
IF[{- !$disabled{uplink} -}]
$INITSRC=../ms/applink.c
ENDIF
IF[{- $config{target} =~ /^vms-/ -}]
$INITSRC=vms_decc_init.c
ENDIF
# Source for the 'openssl' program
$OPENSSLSRC=\
openssl.c \
asn1parse.c ca.c ciphers.c crl.c crl2pkcs7.c dgst.c \
enc.c errstr.c \
genpkey.c kdf.c mac.c nseq.c passwd.c pkcs7.c \
pkcs8.c pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c \
s_client.c s_server.c s_time.c sess_id.c smime.c speed.c \
spkac.c verify.c version.c x509.c rehash.c storeutl.c \
list.c info.c fipsinstall.c pkcs12.c
IF[{- !$disabled{'ec'} -}]
$OPENSSLSRC=$OPENSSLSRC ec.c ecparam.c
ENDIF
IF[{- !$disabled{'ocsp'} -}]
$OPENSSLSRC=$OPENSSLSRC ocsp.c
ENDIF
IF[{- !$disabled{'srp'} -}]
$OPENSSLSRC=$OPENSSLSRC srp.c
ENDIF
IF[{- !$disabled{'ts'} -}]
$OPENSSLSRC=$OPENSSLSRC ts.c
ENDIF
IF[{- !$disabled{'dh'} -}]
$OPENSSLSRC=$OPENSSLSRC dhparam.c
ENDIF
IF[{- !$disabled{'dsa'} -}]
$OPENSSLSRC=$OPENSSLSRC dsa.c dsaparam.c gendsa.c
ENDIF
IF[{- !$disabled{'engine'} -}]
$OPENSSLSRC=$OPENSSLSRC engine.c
ENDIF
IF[{- !$disabled{'rsa'} -}]
$OPENSSLSRC=$OPENSSLSRC rsa.c genrsa.c
ENDIF
IF[{- !$disabled{'deprecated-3.0'} -}]
IF[{- !$disabled{'rsa'} -}]
$OPENSSLSRC=$OPENSSLSRC rsautl.c
ENDIF
ENDIF
IF[{- !$disabled{'cms'} -}]
$OPENSSLSRC=$OPENSSLSRC cms.c
ENDIF
IF[{- !$disabled{'cmp'} -}]
$OPENSSLSRC=$OPENSSLSRC cmp.c lib/cmp_mock_srv.c
ENDIF
IF[{- !$disabled{apps} -}]
PROGRAMS=openssl
SOURCE[openssl]=$INITSRC $OPENSSLSRC
INCLUDE[openssl]=.. ../include include
DEPEND[openssl]=libapps.a ../libssl
# The nocheck attribute is picked up by progs.pl as a signal not to look
# at that file; some systems may have locked it as the output file, and
# therefore don't allow it to be read at the same time, making progs.pl
# fail.
SOURCE[openssl]{nocheck}=progs.c
DEPEND[${OPENSSLSRC/.c/.o} progs.o]=progs.h
GENERATE[progs.c]=progs.pl "-C" $(APPS_OPENSSL)
GENERATE[progs.h]=progs.pl "-H" $(APPS_OPENSSL)
# progs.pl tries to read all 'openssl' sources, including progs.c, so we make
# sure things are generated in the correct order.
DEPEND[progs.h]=progs.c
# Because the files to look through may change (depends on $OPENSSLSRC),
# always depend on a changed configuration.
DEPEND[progs.c]=../configdata.pm
IF[{- $config{target} =~ /^(?:Cygwin|mingw|VC-|BC-)/ -}]
GENERATE[openssl.rc]=../util/mkrc.pl openssl
SOURCE[openssl]=openssl.rc
ENDIF
SCRIPTS{misc}=CA.pl
SOURCE[CA.pl]=CA.pl.in
# linkname tells build files that a symbolic link or copy of this script
# without extension must be installed as well. Unix or Unix lookalike only.
SCRIPTS{misc,linkname=tsget}=tsget.pl
SOURCE[tsget.pl]=tsget.in
ENDIF

1
examples/openssl/openssl-3.2.1-src/apps/ca-cert.srl Normal file

@ -0,0 +1 @@
07

16
examples/openssl/openssl-3.2.1-src/apps/ca-key.pem Normal file

@ -0,0 +1,16 @@
-----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAL4tQNyKy4U2zX6l
IZvORB1edmwMwIgSB4cgoFECrG5pixzYxKauZkAwKG9/+L4DB8qXRjfXWcvafcOU
DlYpRROykJ7wGkiqmqbZyrxY8DWjk5ZZQXiSuhYOAJB+Fyfb11JZV6+CvBQX/1g+
vhJr39Gmp6oAesoYrj90ecozClmnAgMBAAECgYA3j6sSg+5f9hnldUMzbPjTh8Sb
XsJlPrc6UFrmMBzGiUleXSpe9Dbla+x0XvQCN4pwMvAN4nnWp/f0Su5BV/9Y93nb
im5ijGNrfN9i6QrnqGCr+MMute+4E8HR2pCScX0mBLDDf40SmDvMzCaxtd21keyr
9DqHgInQZNEi6NKlkQJBAPCbUTFg6iQ6VTCQ8CsEf5q2xHhuTK23fJ999lvWVxN7
QsvWb9RP9Ng34HVtvB7Pl6P7FyHLQYiDJhhvYR0L0+kCQQDKV/09Kt6Wjf5Omp1I
wd3A+tFnipdqnPw+qNHGjevv0hYiEIWQOYbx00zXgaX+WN/pzV9eeNN2XAxlNJ++
dxcPAkBrzeuPKFFAcjKBVC+H1rgl5gYZv7Hzk+buv02G0H6rZ+sB0c7BXiHiTwbv
Fn/XfkP/YR14Ms3mEH0dLaphjU8hAkEAh3Ar/rRiN04mCcEuRFQXtaNtZSv8PA2G
Pf7MI2Y9pdHupLCAZlBLRjTUO2/5hu1AO4QPMPIZQSFN3rRBtMCL+wJAMp/m2hvI
TmtbMp/IrKGfma09e3yFiCmoNn7cHLJ7jLvXcacV2XNzpr9YHfBxiZo0g9FqZKvv
PZoQ5B2XJ7bhTQ==
-----END PRIVATE KEY-----

11
examples/openssl/openssl-3.2.1-src/apps/ca-req.pem Normal file

@ -0,0 +1,11 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIBmzCCAQQCAQAwWzELMAkGA1UEBhMCQVUxEzARBgNVBAgMClF1ZWVuc2xhbmQx
GjAYBgNVBAoMEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDDBJUZXN0IENBICgx
MDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL4tQNyKy4U2zX6l
IZvORB1edmwMwIgSB4cgoFECrG5pixzYxKauZkAwKG9/+L4DB8qXRjfXWcvafcOU
DlYpRROykJ7wGkiqmqbZyrxY8DWjk5ZZQXiSuhYOAJB+Fyfb11JZV6+CvBQX/1g+
vhJr39Gmp6oAesoYrj90ecozClmnAgMBAAGgADANBgkqhkiG9w0BAQsFAAOBgQCo
2jE7J1SNV7kyRm9m8CoPw8xYsuVcVFxPheBymYp8BlO0/rSdYygRjobpYnLVRUPZ
pV792wzT1Rp4sXfZWO10lkFY4yi0pH2cdK2RX7qedibV1Xu9vt/yYANFBKVpA4dy
PRyTQwi3In1N8hdfddpYR8f5MIUYRe5poFMIJcf8JA==
-----END CERTIFICATE REQUEST-----

2643
examples/openssl/openssl-3.2.1-src/apps/ca.c Normal file

File diff suppressed because it is too large Load Diff

33
examples/openssl/openssl-3.2.1-src/apps/ca_internals_test-bin-ca.d Normal file

@ -0,0 +1,33 @@
apps/ca_internals_test-bin-ca.o: apps/ca.c include/openssl/conf.h \
include/openssl/macros.h include/openssl/opensslconf.h \
include/openssl/configuration.h include/openssl/opensslv.h \
include/openssl/bio.h include/openssl/e_os2.h include/openssl/crypto.h \
include/openssl/safestack.h include/openssl/stack.h \
include/openssl/types.h include/openssl/cryptoerr.h \
include/openssl/symhacks.h include/openssl/cryptoerr_legacy.h \
include/openssl/core.h include/openssl/bioerr.h include/openssl/lhash.h \
include/openssl/conferr.h include/openssl/conftypes.h \
include/openssl/err.h include/openssl/bn.h include/openssl/bnerr.h \
include/openssl/txt_db.h include/openssl/evp.h \
include/openssl/core_dispatch.h include/openssl/evperr.h \
include/openssl/params.h include/openssl/objects.h \
include/openssl/obj_mac.h include/openssl/asn1.h \
include/openssl/asn1err.h include/openssl/objectserr.h \
include/openssl/x509.h include/openssl/buffer.h \
include/openssl/buffererr.h include/openssl/ec.h include/openssl/ecerr.h \
include/openssl/rsa.h include/openssl/rsaerr.h include/openssl/dsa.h \
include/openssl/dh.h include/openssl/dherr.h include/openssl/dsaerr.h \
include/openssl/sha.h include/openssl/x509err.h \
include/openssl/x509_vfy.h include/openssl/pkcs7.h \
include/openssl/pkcs7err.h include/openssl/http.h \
include/openssl/x509v3.h include/openssl/x509v3err.h \
include/openssl/ocsp.h include/openssl/ocsperr.h include/openssl/pem.h \
include/openssl/pemerr.h apps/include/apps.h include/internal/e_os.h \
include/internal/numbers.h include/internal/common.h \
include/internal/nelem.h include/internal/sockets.h \
include/openssl/engine.h include/openssl/rand.h \
include/openssl/randerr.h include/openssl/ui.h include/openssl/uierr.h \
include/openssl/engineerr.h apps/include/apps_ui.h apps/include/opt.h \
apps/include/fmt.h apps/include/platform.h apps/include/engine_loader.h \
include/openssl/store.h include/openssl/storeerr.h \
apps/include/app_libctx.h apps/progs.h apps/include/function.h

BIN
examples/openssl/openssl-3.2.1-src/apps/ca_internals_test-bin-ca.o Normal file

Binary file not shown.

11
examples/openssl/openssl-3.2.1-src/apps/cert.pem Normal file

@ -0,0 +1,11 @@
-----BEGIN CERTIFICATE-----
MIIBoDCCAUoCAQAwDQYJKoZIhvcNAQEEBQAwYzELMAkGA1UEBhMCQVUxEzARBgNV
BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYD
VQQDExpTZXJ2ZXIgdGVzdCBjZXJ0ICg1MTIgYml0KTAeFw05NzA5MDkwMzQxMjZa
Fw05NzEwMDkwMzQxMjZaMF4xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0
YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxFzAVBgNVBAMT
DkVyaWMgdGhlIFlvdW5nMFEwCQYFKw4DAgwFAANEAAJBALVEqPODnpI4rShlY8S7
tB713JNvabvn6Gned7zylwLLiXQAo/PAT6mfdWPTyCX9RlId/Aroh1ou893BA32Q
sggwDQYJKoZIhvcNAQEEBQADQQCU5SSgapJSdRXJoX+CpCvFy+JVh9HpSjCpSNKO
19raHv98hKAUJuP9HyM+SUsffO6mAIgitUaqW8/wDMePhEC3
-----END CERTIFICATE-----

284
examples/openssl/openssl-3.2.1-src/apps/ciphers.c Normal file

@ -0,0 +1,284 @@
/*
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "apps.h"
#include "progs.h"
#include <openssl/err.h>
#include <openssl/ssl.h>
#include "s_apps.h"
typedef enum OPTION_choice {
OPT_COMMON,
OPT_STDNAME,
OPT_CONVERT,
OPT_SSL3,
OPT_TLS1,
OPT_TLS1_1,
OPT_TLS1_2,
OPT_TLS1_3,
OPT_PSK,
OPT_SRP,
OPT_CIPHERSUITES,
OPT_V, OPT_UPPER_V, OPT_S, OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS ciphers_options[] = {
{OPT_HELP_STR, 1, '-', "Usage: %s [options] [cipher]\n"},
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
OPT_SECTION("Output"),
{"v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers"},
{"V", OPT_UPPER_V, '-', "Even more verbose"},
{"stdname", OPT_STDNAME, '-', "Show standard cipher names"},
{"convert", OPT_CONVERT, 's', "Convert standard name into OpenSSL name"},
OPT_SECTION("Cipher specification"),
{"s", OPT_S, '-', "Only supported ciphers"},
#ifndef OPENSSL_NO_SSL3
{"ssl3", OPT_SSL3, '-', "Ciphers compatible with SSL3"},
#endif
#ifndef OPENSSL_NO_TLS1
{"tls1", OPT_TLS1, '-', "Ciphers compatible with TLS1"},
#endif
#ifndef OPENSSL_NO_TLS1_1
{"tls1_1", OPT_TLS1_1, '-', "Ciphers compatible with TLS1.1"},
#endif
#ifndef OPENSSL_NO_TLS1_2
{"tls1_2", OPT_TLS1_2, '-', "Ciphers compatible with TLS1.2"},
#endif
#ifndef OPENSSL_NO_TLS1_3
{"tls1_3", OPT_TLS1_3, '-', "Ciphers compatible with TLS1.3"},
#endif
#ifndef OPENSSL_NO_PSK
{"psk", OPT_PSK, '-', "Include ciphersuites requiring PSK"},
#endif
#ifndef OPENSSL_NO_SRP
{"srp", OPT_SRP, '-', "(deprecated) Include ciphersuites requiring SRP"},
#endif
{"ciphersuites", OPT_CIPHERSUITES, 's',
"Configure the TLSv1.3 ciphersuites to use"},
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
{"cipher", 0, 0, "Cipher string to decode (optional)"},
{NULL}
};
#ifndef OPENSSL_NO_PSK
static unsigned int dummy_psk(SSL *ssl, const char *hint, char *identity,
unsigned int max_identity_len,
unsigned char *psk,
unsigned int max_psk_len)
{
return 0;
}
#endif
int ciphers_main(int argc, char **argv)
{
SSL_CTX *ctx = NULL;
SSL *ssl = NULL;
STACK_OF(SSL_CIPHER) *sk = NULL;
const SSL_METHOD *meth = TLS_server_method();
int ret = 1, i, verbose = 0, Verbose = 0, use_supported = 0;
int stdname = 0;
#ifndef OPENSSL_NO_PSK
int psk = 0;
#endif
#ifndef OPENSSL_NO_SRP
int srp = 0;
#endif
const char *p;
char *ciphers = NULL, *prog, *convert = NULL, *ciphersuites = NULL;
char buf[512];
OPTION_CHOICE o;
int min_version = 0, max_version = 0;
prog = opt_init(argc, argv, ciphers_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(ciphers_options);
ret = 0;
goto end;
case OPT_V:
verbose = 1;
break;
case OPT_UPPER_V:
verbose = Verbose = 1;
break;
case OPT_S:
use_supported = 1;
break;
case OPT_STDNAME:
stdname = verbose = 1;
break;
case OPT_CONVERT:
convert = opt_arg();
break;
case OPT_SSL3:
min_version = SSL3_VERSION;
max_version = SSL3_VERSION;
break;
case OPT_TLS1:
min_version = TLS1_VERSION;
max_version = TLS1_VERSION;
break;
case OPT_TLS1_1:
min_version = TLS1_1_VERSION;
max_version = TLS1_1_VERSION;
break;
case OPT_TLS1_2:
min_version = TLS1_2_VERSION;
max_version = TLS1_2_VERSION;
break;
case OPT_TLS1_3:
min_version = TLS1_3_VERSION;
max_version = TLS1_3_VERSION;
break;
case OPT_PSK:
#ifndef OPENSSL_NO_PSK
psk = 1;
#endif
break;
case OPT_SRP:
#ifndef OPENSSL_NO_SRP
srp = 1;
#endif
break;
case OPT_CIPHERSUITES:
ciphersuites = opt_arg();
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
}
}
/* Optional arg is cipher name. */
argv = opt_rest();
if (opt_num_rest() == 1)
ciphers = argv[0];
else if (!opt_check_rest_arg(NULL))
goto opthelp;
if (convert != NULL) {
BIO_printf(bio_out, "OpenSSL cipher name: %s\n",
OPENSSL_cipher_name(convert));
ret = 0;
goto end;
}
ctx = SSL_CTX_new_ex(app_get0_libctx(), app_get0_propq(), meth);
if (ctx == NULL)
goto err;
if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
goto err;
if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
goto err;
#ifndef OPENSSL_NO_PSK
if (psk)
SSL_CTX_set_psk_client_callback(ctx, dummy_psk);
#endif
#ifndef OPENSSL_NO_SRP
if (srp)
set_up_dummy_srp(ctx);
#endif
if (ciphersuites != NULL && !SSL_CTX_set_ciphersuites(ctx, ciphersuites)) {
BIO_printf(bio_err, "Error setting TLSv1.3 ciphersuites\n");
goto err;
}
if (ciphers != NULL) {
if (!SSL_CTX_set_cipher_list(ctx, ciphers)) {
BIO_printf(bio_err, "Error in cipher list\n");
goto err;
}
}
ssl = SSL_new(ctx);
if (ssl == NULL)
goto err;
if (use_supported)
sk = SSL_get1_supported_ciphers(ssl);
else
sk = SSL_get_ciphers(ssl);
if (!verbose) {
for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i);
if (!ossl_assert(c != NULL))
continue;
p = SSL_CIPHER_get_name(c);
if (p == NULL)
break;
if (i != 0)
BIO_printf(bio_out, ":");
BIO_printf(bio_out, "%s", p);
}
BIO_printf(bio_out, "\n");
} else {
for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
const SSL_CIPHER *c;
c = sk_SSL_CIPHER_value(sk, i);
if (!ossl_assert(c != NULL))
continue;
if (Verbose) {
unsigned long id = SSL_CIPHER_get_id(c);
int id0 = (int)(id >> 24);
int id1 = (int)((id >> 16) & 0xffL);
int id2 = (int)((id >> 8) & 0xffL);
int id3 = (int)(id & 0xffL);
if ((id & 0xff000000L) == 0x03000000L)
BIO_printf(bio_out, " 0x%02X,0x%02X - ", id2, id3); /* SSL3
* cipher */
else
BIO_printf(bio_out, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */
}
if (stdname) {
const char *nm = SSL_CIPHER_standard_name(c);
if (nm == NULL)
nm = "UNKNOWN";
BIO_printf(bio_out, "%-45s - ", nm);
}
BIO_puts(bio_out, SSL_CIPHER_description(c, buf, sizeof(buf)));
}
}
ret = 0;
goto end;
err:
ERR_print_errors(bio_err);
end:
if (use_supported)
sk_SSL_CIPHER_free(sk);
SSL_CTX_free(ctx);
SSL_free(ssl);
return ret;
}

52
examples/openssl/openssl-3.2.1-src/apps/client.pem Normal file

@ -0,0 +1,52 @@
subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Client Cert
issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA
-----BEGIN CERTIFICATE-----
MIID5zCCAs+gAwIBAgIJALnu1NlVpZ6yMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt
ZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoXDTIxMTAxNjE0MDE0OFowZDELMAkG
A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU
RVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgQ2xpZW50IENlcnQw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0ranbHRLcLVqN+0BzcZpY
+yOLqxzDWT1LD9eW1stC4NzXX9/DCtSIVyN7YIHdGLrIPr64IDdXXaMRzgZ2rOKs
lmHCAiFpO/ja99gGCJRxH0xwQatqAULfJVHeUhs7OEGOZc2nWifjqKvGfNTilP7D
nwi69ipQFq9oS19FmhwVHk2wg7KZGHI1qDyG04UrfCZMRitvS9+UVhPpIPjuiBi2
x3/FZIpL5gXJvvFK6xHY63oq2asyzBATntBgnP4qJFWWcvRx24wF1PnZabxuVoL2
bPnQ/KvONDrw3IdqkKhYNTul7jEcu3OlcZIMw+7DiaKJLAzKb/bBF5gm/pwW6As9
AgMBAAGjgY8wgYwwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwLAYJYIZI
AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
BBSZHKyLoTh7Mb409Zn/mK1ceSDAjDAfBgNVHSMEGDAWgBQ2w2yI55X+sL3szj49
hqshgYfa2jANBgkqhkiG9w0BAQUFAAOCAQEAD0mL7PtPYgCEuDyOQSbLpeND5hVS
curxQdGnrJ6Acrhodb7E9ccATokeb0PLx6HBLQUicxhTZIQ9FbO43YkQcOU6C3BB
IlwskqmtN6+VmrQzNolHCDzvxNZs9lYL2VbGPGqVRyjZeHpoAlf9cQr8PgDb4d4b
vUx2KAhHQvV2nkmYvKyXcgnRuHggumF87mkxidriGAEFwH4qfOqetUg64WyxP7P2
QLipm04SyQa7ONtIApfVXgHcE42Py4/f4arzCzMjKe3VyhGkS7nsT55X/fWgTaRm
CQPkO+H94P958WTvQDt77bQ+D3IvYaVvfil8n6HJMOJfFT0LJuSUbpSXJg==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAtK2p2x0S3C1ajftAc3GaWPsji6scw1k9Sw/XltbLQuDc11/f
wwrUiFcje2CB3Ri6yD6+uCA3V12jEc4GdqzirJZhwgIhaTv42vfYBgiUcR9McEGr
agFC3yVR3lIbOzhBjmXNp1on46irxnzU4pT+w58IuvYqUBavaEtfRZocFR5NsIOy
mRhyNag8htOFK3wmTEYrb0vflFYT6SD47ogYtsd/xWSKS+YFyb7xSusR2Ot6Ktmr
MswQE57QYJz+KiRVlnL0cduMBdT52Wm8blaC9mz50PyrzjQ68NyHapCoWDU7pe4x
HLtzpXGSDMPuw4miiSwMym/2wReYJv6cFugLPQIDAQABAoIBAAZOyc9MhIwLSU4L
p4RgQvM4UVVe8/Id+3XTZ8NsXExJbWxXfIhiqGjaIfL8u4vsgRjcl+v1s/jo2/iT
KMab4o4D8gXD7UavQVDjtjb/ta79WL3SjRl2Uc9YjjMkyq6WmDNQeo2NKDdafCTB
1uzSJtLNipB8Z53ELPuHJhxX9QMHrMnuha49riQgXZ7buP9iQrHJFhImBjSzbxJx
L+TI6rkyLSf9Wi0Pd3L27Ob3QWNfNRYNSeTE+08eSRChkur5W0RuXAcuAICdQlCl
LBvWO/LmmvbzCqiDcgy/TliSb6CGGwgiNG7LJZmlkYNj8laGwalNlYZs3UrVv6NO
Br2loAECgYEA2kvCvPGj0Dg/6g7WhXDvAkEbcaL1tSeCxBbNH+6HS2UWMWvyTtCn
/bbD519QIdkvayy1QjEf32GV/UjUVmlULMLBcDy0DGjtL3+XpIhLKWDNxN1v1/ai
1oz23ZJCOgnk6K4qtFtlRS1XtynjA+rBetvYvLP9SKeFrnpzCgaA2r0CgYEA0+KX
1ACXDTNH5ySX3kMjSS9xdINf+OOw4CvPHFwbtc9aqk2HePlEsBTz5I/W3rKwXva3
NqZ/bRqVVeZB/hHKFywgdUQk2Uc5z/S7Lw70/w1HubNTXGU06Ngb6zOFAo/o/TwZ
zTP1BMIKSOB6PAZPS3l+aLO4FRIRotfFhgRHOoECgYEAmiZbqt8cJaJDB/5YYDzC
mp3tSk6gIb936Q6M5VqkMYp9pIKsxhk0N8aDCnTU+kIK6SzWBpr3/d9Ecmqmfyq7
5SvWO3KyVf0WWK9KH0abhOm2BKm2HBQvI0DB5u8sUx2/hsvOnjPYDISbZ11t0MtK
u35Zy89yMYcSsIYJjG/ROCUCgYEAgI2P9G5PNxEP5OtMwOsW84Y3Xat/hPAQFlI+
HES+AzbFGWJkeT8zL2nm95tVkFP1sggZ7Kxjz3w7cpx7GX0NkbWSE9O+T51pNASV
tN1sQ3p5M+/a+cnlqgfEGJVvc7iAcXQPa3LEi5h2yPR49QYXAgG6cifn3dDSpmwn
SUI7PQECgYEApGCIIpSRPLAEHTGmP87RBL1smurhwmy2s/pghkvUkWehtxg0sGHh
kuaqDWcskogv+QC0sVdytiLSz8G0DwcEcsHK1Fkyb8A+ayiw6jWJDo2m9+IF4Fww
1Te6jFPYDESnbhq7+TLGgHGhtwcu5cnb4vSuYXGXKupZGzoLOBbv1Zw=
-----END RSA PRIVATE KEY-----

3314
examples/openssl/openssl-3.2.1-src/apps/cmp.c Normal file

File diff suppressed because it is too large Load Diff

1491
examples/openssl/openssl-3.2.1-src/apps/cms.c Normal file

File diff suppressed because it is too large Load Diff

394
examples/openssl/openssl-3.2.1-src/apps/crl.c Normal file

@ -0,0 +1,394 @@
/*
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "apps.h"
#include "progs.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/pem.h>
typedef enum OPTION_choice {
OPT_COMMON,
OPT_INFORM, OPT_IN, OPT_OUTFORM, OPT_OUT, OPT_KEYFORM, OPT_KEY,
OPT_ISSUER, OPT_LASTUPDATE, OPT_NEXTUPDATE, OPT_FINGERPRINT,
OPT_CRLNUMBER, OPT_BADSIG, OPT_GENDELTA, OPT_CAPATH, OPT_CAFILE, OPT_CASTORE,
OPT_NOCAPATH, OPT_NOCAFILE, OPT_NOCASTORE, OPT_VERIFY, OPT_DATEOPT, OPT_TEXT, OPT_HASH,
OPT_HASH_OLD, OPT_NOOUT, OPT_NAMEOPT, OPT_MD, OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS crl_options[] = {
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
{"verify", OPT_VERIFY, '-', "Verify CRL signature"},
OPT_SECTION("Input"),
{"in", OPT_IN, '<', "Input file - default stdin"},
{"inform", OPT_INFORM, 'F', "CRL input format (DER or PEM); has no effect"},
{"key", OPT_KEY, '<', "CRL signing Private key to use"},
{"keyform", OPT_KEYFORM, 'F', "Private key file format (DER/PEM/P12); has no effect"},
OPT_SECTION("Output"),
{"out", OPT_OUT, '>', "output file - default stdout"},
{"outform", OPT_OUTFORM, 'F', "Output format - default PEM"},
{"dateopt", OPT_DATEOPT, 's', "Datetime format used for printing. (rfc_822/iso_8601). Default is rfc_822."},
{"text", OPT_TEXT, '-', "Print out a text format version"},
{"hash", OPT_HASH, '-', "Print hash value"},
#ifndef OPENSSL_NO_MD5
{"hash_old", OPT_HASH_OLD, '-', "Print old-style (MD5) hash value"},
#endif
{"nameopt", OPT_NAMEOPT, 's', "Certificate subject/issuer name printing options"},
{"", OPT_MD, '-', "Any supported digest"},
OPT_SECTION("CRL"),
{"issuer", OPT_ISSUER, '-', "Print issuer DN"},
{"lastupdate", OPT_LASTUPDATE, '-', "Set lastUpdate field"},
{"nextupdate", OPT_NEXTUPDATE, '-', "Set nextUpdate field"},
{"noout", OPT_NOOUT, '-', "No CRL output"},
{"fingerprint", OPT_FINGERPRINT, '-', "Print the crl fingerprint"},
{"crlnumber", OPT_CRLNUMBER, '-', "Print CRL number"},
{"badsig", OPT_BADSIG, '-', "Corrupt last byte of loaded CRL signature (for test)" },
{"gendelta", OPT_GENDELTA, '<', "Other CRL to compare/diff to the Input one"},
OPT_SECTION("Certificate"),
{"CApath", OPT_CAPATH, '/', "Verify CRL using certificates in dir"},
{"CAfile", OPT_CAFILE, '<', "Verify CRL using certificates in file name"},
{"CAstore", OPT_CASTORE, ':', "Verify CRL using certificates in store URI"},
{"no-CAfile", OPT_NOCAFILE, '-',
"Do not load the default certificates file"},
{"no-CApath", OPT_NOCAPATH, '-',
"Do not load certificates from the default certificates directory"},
{"no-CAstore", OPT_NOCASTORE, '-',
"Do not load certificates from the default certificates store"},
OPT_PROV_OPTIONS,
{NULL}
};
int crl_main(int argc, char **argv)
{
X509_CRL *x = NULL;
BIO *out = NULL;
X509_STORE *store = NULL;
X509_STORE_CTX *ctx = NULL;
X509_LOOKUP *lookup = NULL;
X509_OBJECT *xobj = NULL;
EVP_PKEY *pkey;
EVP_MD *digest = (EVP_MD *)EVP_sha1();
char *infile = NULL, *outfile = NULL, *crldiff = NULL, *keyfile = NULL;
char *digestname = NULL;
const char *CAfile = NULL, *CApath = NULL, *CAstore = NULL, *prog;
OPTION_CHOICE o;
int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout = 0;
int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, keyformat = FORMAT_UNDEF;
int ret = 1, num = 0, badsig = 0, fingerprint = 0, crlnumber = 0;
int text = 0, do_ver = 0, noCAfile = 0, noCApath = 0, noCAstore = 0;
unsigned long dateopt = ASN1_DTFLGS_RFC822;
int i;
#ifndef OPENSSL_NO_MD5
int hash_old = 0;
#endif
opt_set_unknown_name("digest");
prog = opt_init(argc, argv, crl_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(crl_options);
ret = 0;
goto end;
case OPT_INFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
goto opthelp;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUTFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
goto opthelp;
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_KEYFORM:
if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyformat))
goto opthelp;
break;
case OPT_KEY:
keyfile = opt_arg();
break;
case OPT_GENDELTA:
crldiff = opt_arg();
break;
case OPT_CAPATH:
CApath = opt_arg();
do_ver = 1;
break;
case OPT_CAFILE:
CAfile = opt_arg();
do_ver = 1;
break;
case OPT_CASTORE:
CAstore = opt_arg();
do_ver = 1;
break;
case OPT_NOCAPATH:
noCApath = 1;
break;
case OPT_NOCAFILE:
noCAfile = 1;
break;
case OPT_NOCASTORE:
noCAstore = 1;
break;
case OPT_HASH_OLD:
#ifndef OPENSSL_NO_MD5
hash_old = ++num;
#endif
break;
case OPT_VERIFY:
do_ver = 1;
break;
case OPT_DATEOPT:
if (!set_dateopt(&dateopt, opt_arg()))
goto opthelp;
break;
case OPT_TEXT:
text = 1;
break;
case OPT_HASH:
hash = ++num;
break;
case OPT_ISSUER:
issuer = ++num;
break;
case OPT_LASTUPDATE:
lastupdate = ++num;
break;
case OPT_NEXTUPDATE:
nextupdate = ++num;
break;
case OPT_NOOUT:
noout = 1;
break;
case OPT_FINGERPRINT:
fingerprint = ++num;
break;
case OPT_CRLNUMBER:
crlnumber = ++num;
break;
case OPT_BADSIG:
badsig = 1;
break;
case OPT_NAMEOPT:
if (!set_nameopt(opt_arg()))
goto opthelp;
break;
case OPT_MD:
digestname = opt_unknown();
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
}
}
/* No remaining args. */
if (!opt_check_rest_arg(NULL))
goto opthelp;
if (!opt_md(digestname, &digest))
goto opthelp;
x = load_crl(infile, informat, 1, "CRL");
if (x == NULL)
goto end;
if (do_ver) {
if ((store = setup_verify(CAfile, noCAfile, CApath, noCApath,
CAstore, noCAstore)) == NULL)
goto end;
lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
if (lookup == NULL)
goto end;
ctx = X509_STORE_CTX_new();
if (ctx == NULL || !X509_STORE_CTX_init(ctx, store, NULL, NULL)) {
BIO_printf(bio_err, "Error initialising X509 store\n");
goto end;
}
xobj = X509_STORE_CTX_get_obj_by_subject(ctx, X509_LU_X509,
X509_CRL_get_issuer(x));
if (xobj == NULL) {
BIO_printf(bio_err, "Error getting CRL issuer certificate\n");
goto end;
}
pkey = X509_get_pubkey(X509_OBJECT_get0_X509(xobj));
X509_OBJECT_free(xobj);
if (pkey == NULL) {
BIO_printf(bio_err, "Error getting CRL issuer public key\n");
goto end;
}
i = X509_CRL_verify(x, pkey);
EVP_PKEY_free(pkey);
if (i < 0)
goto end;
if (i == 0)
BIO_printf(bio_err, "verify failure\n");
else
BIO_printf(bio_err, "verify OK\n");
}
if (crldiff != NULL) {
X509_CRL *newcrl, *delta;
if (!keyfile) {
BIO_puts(bio_err, "Missing CRL signing key\n");
goto end;
}
newcrl = load_crl(crldiff, informat, 0, "other CRL");
if (!newcrl)
goto end;
pkey = load_key(keyfile, keyformat, 0, NULL, NULL, "CRL signing key");
if (pkey == NULL) {
X509_CRL_free(newcrl);
goto end;
}
delta = X509_CRL_diff(x, newcrl, pkey, digest, 0);
X509_CRL_free(newcrl);
EVP_PKEY_free(pkey);
if (delta) {
X509_CRL_free(x);
x = delta;
} else {
BIO_puts(bio_err, "Error creating delta CRL\n");
goto end;
}
}
if (badsig) {
const ASN1_BIT_STRING *sig;
X509_CRL_get0_signature(x, &sig, NULL);
corrupt_signature(sig);
}
if (num) {
for (i = 1; i <= num; i++) {
if (issuer == i) {
print_name(bio_out, "issuer=", X509_CRL_get_issuer(x));
}
if (crlnumber == i) {
ASN1_INTEGER *crlnum;
crlnum = X509_CRL_get_ext_d2i(x, NID_crl_number, NULL, NULL);
BIO_printf(bio_out, "crlNumber=");
if (crlnum) {
BIO_puts(bio_out, "0x");
i2a_ASN1_INTEGER(bio_out, crlnum);
ASN1_INTEGER_free(crlnum);
} else {
BIO_puts(bio_out, "<NONE>");
}
BIO_printf(bio_out, "\n");
}
if (hash == i) {
int ok;
unsigned long hash_value =
X509_NAME_hash_ex(X509_CRL_get_issuer(x), app_get0_libctx(),
app_get0_propq(), &ok);
if (num > 1)
BIO_printf(bio_out, "issuer name hash=");
if (ok) {
BIO_printf(bio_out, "%08lx\n", hash_value);
} else {
BIO_puts(bio_out, "<ERROR>");
goto end;
}
}
#ifndef OPENSSL_NO_MD5
if (hash_old == i) {
if (num > 1)
BIO_printf(bio_out, "issuer name old hash=");
BIO_printf(bio_out, "%08lx\n",
X509_NAME_hash_old(X509_CRL_get_issuer(x)));
}
#endif
if (lastupdate == i) {
BIO_printf(bio_out, "lastUpdate=");
ASN1_TIME_print_ex(bio_out, X509_CRL_get0_lastUpdate(x), dateopt);
BIO_printf(bio_out, "\n");
}
if (nextupdate == i) {
BIO_printf(bio_out, "nextUpdate=");
if (X509_CRL_get0_nextUpdate(x))
ASN1_TIME_print_ex(bio_out, X509_CRL_get0_nextUpdate(x), dateopt);
else
BIO_printf(bio_out, "NONE");
BIO_printf(bio_out, "\n");
}
if (fingerprint == i) {
int j;
unsigned int n;
unsigned char md[EVP_MAX_MD_SIZE];
if (!X509_CRL_digest(x, digest, md, &n)) {
BIO_printf(bio_err, "out of memory\n");
goto end;
}
BIO_printf(bio_out, "%s Fingerprint=",
EVP_MD_get0_name(digest));
for (j = 0; j < (int)n; j++) {
BIO_printf(bio_out, "%02X%c", md[j], (j + 1 == (int)n)
? '\n' : ':');
}
}
}
}
out = bio_open_default(outfile, 'w', outformat);
if (out == NULL)
goto end;
if (text)
X509_CRL_print_ex(out, x, get_nameopt());
if (noout) {
ret = 0;
goto end;
}
if (outformat == FORMAT_ASN1)
i = (int)i2d_X509_CRL_bio(out, x);
else
i = PEM_write_bio_X509_CRL(out, x);
if (!i) {
BIO_printf(bio_err, "unable to write CRL\n");
goto end;
}
ret = 0;
end:
if (ret != 0)
ERR_print_errors(bio_err);
BIO_free_all(out);
EVP_MD_free(digest);
X509_CRL_free(x);
X509_STORE_CTX_free(ctx);
X509_STORE_free(store);
return ret;
}

232
examples/openssl/openssl-3.2.1-src/apps/crl2pkcs7.c Normal file

@ -0,0 +1,232 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include "apps.h"
#include "progs.h"
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pkcs7.h>
#include <openssl/pem.h>
#include <openssl/objects.h>
static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile);
typedef enum OPTION_choice {
OPT_COMMON,
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_NOCRL, OPT_CERTFILE,
OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS crl2pkcs7_options[] = {
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
OPT_SECTION("Input"),
{"in", OPT_IN, '<', "Input file"},
{"inform", OPT_INFORM, 'F', "Input format - DER or PEM"},
{"nocrl", OPT_NOCRL, '-', "No crl to load, just certs from '-certfile'"},
{"certfile", OPT_CERTFILE, '<',
"File of chain of certs to a trusted CA; can be repeated"},
OPT_SECTION("Output"),
{"out", OPT_OUT, '>', "Output file"},
{"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
OPT_PROV_OPTIONS,
{NULL}
};
int crl2pkcs7_main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL;
PKCS7 *p7 = NULL;
PKCS7_SIGNED *p7s = NULL;
STACK_OF(OPENSSL_STRING) *certflst = NULL;
STACK_OF(X509) *cert_stack = NULL;
STACK_OF(X509_CRL) *crl_stack = NULL;
X509_CRL *crl = NULL;
char *infile = NULL, *outfile = NULL, *prog, *certfile;
int i = 0, informat = FORMAT_PEM, outformat = FORMAT_PEM, ret = 1, nocrl =
0;
OPTION_CHOICE o;
prog = opt_init(argc, argv, crl2pkcs7_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(crl2pkcs7_options);
ret = 0;
goto end;
case OPT_INFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
goto opthelp;
break;
case OPT_OUTFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
goto opthelp;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_NOCRL:
nocrl = 1;
break;
case OPT_CERTFILE:
if ((certflst == NULL)
&& (certflst = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
if (!sk_OPENSSL_STRING_push(certflst, opt_arg()))
goto end;
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
}
}
/* No remaining args. */
if (!opt_check_rest_arg(NULL))
goto opthelp;
if (!nocrl) {
in = bio_open_default(infile, 'r', informat);
if (in == NULL)
goto end;
if (informat == FORMAT_ASN1)
crl = d2i_X509_CRL_bio(in, NULL);
else if (informat == FORMAT_PEM)
crl = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
if (crl == NULL) {
BIO_printf(bio_err, "unable to load CRL\n");
ERR_print_errors(bio_err);
goto end;
}
}
if ((p7 = PKCS7_new()) == NULL)
goto end;
if ((p7s = PKCS7_SIGNED_new()) == NULL)
goto end;
p7->type = OBJ_nid2obj(NID_pkcs7_signed);
p7->d.sign = p7s;
p7s->contents->type = OBJ_nid2obj(NID_pkcs7_data);
if (!ASN1_INTEGER_set(p7s->version, 1))
goto end;
if (crl != NULL) {
if ((crl_stack = sk_X509_CRL_new_null()) == NULL)
goto end;
p7s->crl = crl_stack;
sk_X509_CRL_push(crl_stack, crl);
crl = NULL; /* now part of p7 for OPENSSL_freeing */
}
if (certflst != NULL) {
if ((cert_stack = sk_X509_new_null()) == NULL)
goto end;
p7s->cert = cert_stack;
for (i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) {
certfile = sk_OPENSSL_STRING_value(certflst, i);
if (add_certs_from_file(cert_stack, certfile) < 0) {
BIO_printf(bio_err, "error loading certificates\n");
ERR_print_errors(bio_err);
goto end;
}
}
}
out = bio_open_default(outfile, 'w', outformat);
if (out == NULL)
goto end;
if (outformat == FORMAT_ASN1)
i = i2d_PKCS7_bio(out, p7);
else if (outformat == FORMAT_PEM)
i = PEM_write_bio_PKCS7(out, p7);
if (!i) {
BIO_printf(bio_err, "unable to write pkcs7 object\n");
ERR_print_errors(bio_err);
goto end;
}
ret = 0;
end:
sk_OPENSSL_STRING_free(certflst);
BIO_free(in);
BIO_free_all(out);
PKCS7_free(p7);
X509_CRL_free(crl);
return ret;
}
/*-
*----------------------------------------------------------------------
* int add_certs_from_file
*
* Read a list of certificates to be checked from a file.
*
* Results:
* number of certs added if successful, -1 if not.
*----------------------------------------------------------------------
*/
static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
{
BIO *in = NULL;
int count = 0;
int ret = -1;
STACK_OF(X509_INFO) *sk = NULL;
X509_INFO *xi;
in = BIO_new_file(certfile, "r");
if (in == NULL) {
BIO_printf(bio_err, "error opening the file, %s\n", certfile);
goto end;
}
/* This loads from a file, a stack of x509/crl/pkey sets */
sk = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
if (sk == NULL) {
BIO_printf(bio_err, "error reading the file, %s\n", certfile);
goto end;
}
/* scan over it and pull out the CRL's */
while (sk_X509_INFO_num(sk)) {
xi = sk_X509_INFO_shift(sk);
if (xi->x509 != NULL) {
sk_X509_push(stack, xi->x509);
xi->x509 = NULL;
count++;
}
X509_INFO_free(xi);
}
ret = count;
end:
/* never need to OPENSSL_free x */
BIO_free(in);
sk_X509_INFO_free(sk);
return ret;
}

9
examples/openssl/openssl-3.2.1-src/apps/ct_log_list.cnf Normal file

@ -0,0 +1,9 @@
# This file specifies the Certificate Transparency logs
# that are to be trusted.
# Google's list of logs can be found here:
# www.certificate-transparency.org/known-logs
# A Python program to convert the log list to OpenSSL's format can be
# found here:
# https://github.com/google/certificate-transparency/blob/master/python/utilities/log_list/print_log_list.py
# Use the "--openssl_output" flag.

6
examples/openssl/openssl-3.2.1-src/apps/demoSRP/srp_verifier.txt Normal file

@ -0,0 +1,6 @@
# This is a file that will be filled by the openssl srp routine.
# You can initialize the file with additional groups, these are
# records starting with an I followed by the g and N values and the id.
# The exact values ... you have to dig this out from the source of srp.c
# or srp_vfy.c
# The last value of an I is used as the default group for new users.

1
examples/openssl/openssl-3.2.1-src/apps/demoSRP/srp_verifier.txt.attr Normal file

@ -0,0 +1 @@
unique_subject = yes

658
examples/openssl/openssl-3.2.1-src/apps/dgst.c Normal file

@ -0,0 +1,658 @@
/*
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include "apps.h"
#include "progs.h"
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/hmac.h>
#include <ctype.h>
#undef BUFSIZE
#define BUFSIZE 1024*8
int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, int xoflen,
EVP_PKEY *key, unsigned char *sigin, int siglen,
const char *sig_name, const char *md_name,
const char *file);
static void show_digests(const OBJ_NAME *name, void *bio_);
struct doall_dgst_digests {
BIO *bio;
int n;
};
typedef enum OPTION_choice {
OPT_COMMON,
OPT_LIST,
OPT_C, OPT_R, OPT_OUT, OPT_SIGN, OPT_PASSIN, OPT_VERIFY,
OPT_PRVERIFY, OPT_SIGNATURE, OPT_KEYFORM, OPT_ENGINE, OPT_ENGINE_IMPL,
OPT_HEX, OPT_BINARY, OPT_DEBUG, OPT_FIPS_FINGERPRINT,
OPT_HMAC, OPT_MAC, OPT_SIGOPT, OPT_MACOPT, OPT_XOFLEN,
OPT_DIGEST,
OPT_R_ENUM, OPT_PROV_ENUM
} OPTION_CHOICE;
const OPTIONS dgst_options[] = {
{OPT_HELP_STR, 1, '-', "Usage: %s [options] [file...]\n"},
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
{"list", OPT_LIST, '-', "List digests"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
{"engine_impl", OPT_ENGINE_IMPL, '-',
"Also use engine given by -engine for digest operations"},
#endif
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
OPT_SECTION("Output"),
{"c", OPT_C, '-', "Print the digest with separating colons"},
{"r", OPT_R, '-', "Print the digest in coreutils format"},
{"out", OPT_OUT, '>', "Output to filename rather than stdout"},
{"keyform", OPT_KEYFORM, 'f', "Key file format (ENGINE, other values ignored)"},
{"hex", OPT_HEX, '-', "Print as hex dump"},
{"binary", OPT_BINARY, '-', "Print in binary form"},
{"xoflen", OPT_XOFLEN, 'p', "Output length for XOF algorithms. To obtain the maximum security strength set this to 32 (or greater) for SHAKE128, and 64 (or greater) for SHAKE256"},
{"d", OPT_DEBUG, '-', "Print debug info"},
{"debug", OPT_DEBUG, '-', "Print debug info"},
OPT_SECTION("Signing"),
{"sign", OPT_SIGN, 's', "Sign digest using private key"},
{"verify", OPT_VERIFY, 's', "Verify a signature using public key"},
{"prverify", OPT_PRVERIFY, 's', "Verify a signature using private key"},
{"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
{"signature", OPT_SIGNATURE, '<', "File with signature to verify"},
{"hmac", OPT_HMAC, 's', "Create hashed MAC with key"},
{"mac", OPT_MAC, 's', "Create MAC (not necessarily HMAC)"},
{"macopt", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form or key"},
{"", OPT_DIGEST, '-', "Any supported digest"},
{"fips-fingerprint", OPT_FIPS_FINGERPRINT, '-',
"Compute HMAC with the key used in OpenSSL-FIPS fingerprint"},
OPT_R_OPTIONS,
OPT_PROV_OPTIONS,
OPT_PARAMETERS(),
{"file", 0, 0, "Files to digest (optional; default is stdin)"},
{NULL}
};
int dgst_main(int argc, char **argv)
{
BIO *in = NULL, *inp, *bmd = NULL, *out = NULL;
ENGINE *e = NULL, *impl = NULL;
EVP_PKEY *sigkey = NULL;
STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL;
char *hmac_key = NULL;
char *mac_name = NULL, *digestname = NULL;
char *passinarg = NULL, *passin = NULL;
EVP_MD *md = NULL;
const char *outfile = NULL, *keyfile = NULL, *prog = NULL;
const char *sigfile = NULL;
const char *md_name = NULL;
OPTION_CHOICE o;
int separator = 0, debug = 0, keyform = FORMAT_UNDEF, siglen = 0;
int i, ret = EXIT_FAILURE, out_bin = -1, want_pub = 0, do_verify = 0;
int xoflen = 0;
unsigned char *buf = NULL, *sigbuf = NULL;
int engine_impl = 0;
struct doall_dgst_digests dec;
buf = app_malloc(BUFSIZE, "I/O buffer");
md = (EVP_MD *)EVP_get_digestbyname(argv[0]);
if (md != NULL)
digestname = argv[0];
opt_set_unknown_name("digest");
prog = opt_init(argc, argv, dgst_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(dgst_options);
ret = EXIT_SUCCESS;
goto end;
case OPT_LIST:
BIO_printf(bio_out, "Supported digests:\n");
dec.bio = bio_out;
dec.n = 0;
OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_MD_METH,
show_digests, &dec);
BIO_printf(bio_out, "\n");
ret = EXIT_SUCCESS;
goto end;
case OPT_C:
separator = 1;
break;
case OPT_R:
separator = 2;
break;
case OPT_R_CASES:
if (!opt_rand(o))
goto end;
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_SIGN:
keyfile = opt_arg();
break;
case OPT_PASSIN:
passinarg = opt_arg();
break;
case OPT_VERIFY:
keyfile = opt_arg();
want_pub = do_verify = 1;
break;
case OPT_PRVERIFY:
keyfile = opt_arg();
do_verify = 1;
break;
case OPT_SIGNATURE:
sigfile = opt_arg();
break;
case OPT_KEYFORM:
if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyform))
goto opthelp;
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_ENGINE_IMPL:
engine_impl = 1;
break;
case OPT_HEX:
out_bin = 0;
break;
case OPT_BINARY:
out_bin = 1;
break;
case OPT_XOFLEN:
xoflen = atoi(opt_arg());
break;
case OPT_DEBUG:
debug = 1;
break;
case OPT_FIPS_FINGERPRINT:
hmac_key = "etaonrishdlcupfm";
break;
case OPT_HMAC:
hmac_key = opt_arg();
break;
case OPT_MAC:
mac_name = opt_arg();
break;
case OPT_SIGOPT:
if (!sigopts)
sigopts = sk_OPENSSL_STRING_new_null();
if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, opt_arg()))
goto opthelp;
break;
case OPT_MACOPT:
if (!macopts)
macopts = sk_OPENSSL_STRING_new_null();
if (!macopts || !sk_OPENSSL_STRING_push(macopts, opt_arg()))
goto opthelp;
break;
case OPT_DIGEST:
digestname = opt_unknown();
break;
case OPT_PROV_CASES:
if (!opt_provider(o))
goto end;
break;
}
}
/* Remaining args are files to digest. */
argc = opt_num_rest();
argv = opt_rest();
if (keyfile != NULL && argc > 1) {
BIO_printf(bio_err, "%s: Can only sign or verify one file.\n", prog);
goto end;
}
if (!app_RAND_load())
goto end;
if (digestname != NULL) {
if (!opt_md(digestname, &md))
goto opthelp;
}
if (do_verify && sigfile == NULL) {
BIO_printf(bio_err,
"No signature to verify: use the -signature option\n");
goto end;
}
if (engine_impl)
impl = e;
in = BIO_new(BIO_s_file());
bmd = BIO_new(BIO_f_md());
if (in == NULL || bmd == NULL)
goto end;
if (debug) {
BIO_set_callback_ex(in, BIO_debug_callback_ex);
/* needed for windows 3.1 */
BIO_set_callback_arg(in, (char *)bio_err);
}
if (!app_passwd(passinarg, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
}
if (out_bin == -1) {
if (keyfile != NULL)
out_bin = 1;
else
out_bin = 0;
}
out = bio_open_default(outfile, 'w', out_bin ? FORMAT_BINARY : FORMAT_TEXT);
if (out == NULL)
goto end;
if ((!(mac_name == NULL) + !(keyfile == NULL) + !(hmac_key == NULL)) > 1) {
BIO_printf(bio_err, "MAC and signing key cannot both be specified\n");
goto end;
}
if (keyfile != NULL) {
int type;
if (want_pub)
sigkey = load_pubkey(keyfile, keyform, 0, NULL, e, "public key");
else
sigkey = load_key(keyfile, keyform, 0, passin, e, "private key");
if (sigkey == NULL) {
/*
* load_[pub]key() has already printed an appropriate message
*/
goto end;
}
type = EVP_PKEY_get_id(sigkey);
if (type == EVP_PKEY_ED25519 || type == EVP_PKEY_ED448) {
/*
* We implement PureEdDSA for these which doesn't have a separate
* digest, and only supports one shot.
*/
BIO_printf(bio_err, "Key type not supported for this operation\n");
goto end;
}
}
if (mac_name != NULL) {
EVP_PKEY_CTX *mac_ctx = NULL;
if (!init_gen_str(&mac_ctx, mac_name, impl, 0, NULL, NULL))
goto end;
if (macopts != NULL) {
for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++) {
char *macopt = sk_OPENSSL_STRING_value(macopts, i);
if (pkey_ctrl_string(mac_ctx, macopt) <= 0) {
EVP_PKEY_CTX_free(mac_ctx);
BIO_printf(bio_err, "MAC parameter error \"%s\"\n", macopt);
goto end;
}
}
}
sigkey = app_keygen(mac_ctx, mac_name, 0, 0 /* not verbose */);
/* Verbose output would make external-tests gost-engine fail */
EVP_PKEY_CTX_free(mac_ctx);
if (sigkey == NULL)
goto end;
}
if (hmac_key != NULL) {
if (md == NULL) {
md = (EVP_MD *)EVP_sha256();
digestname = SN_sha256;
}
sigkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, impl,
(unsigned char *)hmac_key,
strlen(hmac_key));
if (sigkey == NULL)
goto end;
}
if (sigkey != NULL) {
EVP_MD_CTX *mctx = NULL;
EVP_PKEY_CTX *pctx = NULL;
int res;
if (BIO_get_md_ctx(bmd, &mctx) <= 0) {
BIO_printf(bio_err, "Error getting context\n");
goto end;
}
if (do_verify)
if (impl == NULL)
res = EVP_DigestVerifyInit_ex(mctx, &pctx, digestname,
app_get0_libctx(),
app_get0_propq(), sigkey, NULL);
else
res = EVP_DigestVerifyInit(mctx, &pctx, md, impl, sigkey);
else
if (impl == NULL)
res = EVP_DigestSignInit_ex(mctx, &pctx, digestname,
app_get0_libctx(),
app_get0_propq(), sigkey, NULL);
else
res = EVP_DigestSignInit(mctx, &pctx, md, impl, sigkey);
if (res == 0) {
BIO_printf(bio_err, "Error setting context\n");
goto end;
}
if (sigopts != NULL) {
for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) {
char *sigopt = sk_OPENSSL_STRING_value(sigopts, i);
if (pkey_ctrl_string(pctx, sigopt) <= 0) {
BIO_printf(bio_err, "Signature parameter error \"%s\"\n",
sigopt);
goto end;
}
}
}
}
/* we use md as a filter, reading from 'in' */
else {
EVP_MD_CTX *mctx = NULL;
if (BIO_get_md_ctx(bmd, &mctx) <= 0) {
BIO_printf(bio_err, "Error getting context\n");
goto end;
}
if (md == NULL)
md = (EVP_MD *)EVP_sha256();
if (!EVP_DigestInit_ex(mctx, md, impl)) {
BIO_printf(bio_err, "Error setting digest\n");
goto end;
}
}
if (sigfile != NULL && sigkey != NULL) {
BIO *sigbio = BIO_new_file(sigfile, "rb");
if (sigbio == NULL) {
BIO_printf(bio_err, "Error opening signature file %s\n", sigfile);
goto end;
}
siglen = EVP_PKEY_get_size(sigkey);
sigbuf = app_malloc(siglen, "signature buffer");
siglen = BIO_read(sigbio, sigbuf, siglen);
BIO_free(sigbio);
if (siglen <= 0) {
BIO_printf(bio_err, "Error reading signature file %s\n", sigfile);
goto end;
}
}
inp = BIO_push(bmd, in);
if (md == NULL) {
EVP_MD_CTX *tctx;
BIO_get_md_ctx(bmd, &tctx);
md = EVP_MD_CTX_get1_md(tctx);
}
if (md != NULL)
md_name = EVP_MD_get0_name(md);
if (xoflen > 0) {
if (!(EVP_MD_get_flags(md) & EVP_MD_FLAG_XOF)) {
BIO_printf(bio_err, "Length can only be specified for XOF\n");
goto end;
}
/*
* Signing using XOF is not supported by any algorithms currently since
* each algorithm only calls EVP_DigestFinal_ex() in their sign_final
* and verify_final methods.
*/
if (sigkey != NULL) {
BIO_printf(bio_err, "Signing key cannot be specified for XOF\n");
goto end;
}
}
if (argc == 0) {
BIO_set_fp(in, stdin, BIO_NOCLOSE);
ret = do_fp(out, buf, inp, separator, out_bin, xoflen, sigkey, sigbuf,
siglen, NULL, md_name, "stdin");
} else {
const char *sig_name = NULL;
if (out_bin == 0) {
if (sigkey != NULL)
sig_name = EVP_PKEY_get0_type_name(sigkey);
}
ret = EXIT_SUCCESS;
for (i = 0; i < argc; i++) {
if (BIO_read_filename(in, argv[i]) <= 0) {
perror(argv[i]);
ret = EXIT_FAILURE;
continue;
} else {
if (do_fp(out, buf, inp, separator, out_bin, xoflen,
sigkey, sigbuf, siglen, sig_name, md_name, argv[i]))
ret = EXIT_FAILURE;
}
(void)BIO_reset(bmd);
}
}
end:
if (ret != EXIT_SUCCESS)
ERR_print_errors(bio_err);
OPENSSL_clear_free(buf, BUFSIZE);
BIO_free(in);
OPENSSL_free(passin);
BIO_free_all(out);
EVP_MD_free(md);
EVP_PKEY_free(sigkey);
sk_OPENSSL_STRING_free(sigopts);
sk_OPENSSL_STRING_free(macopts);
OPENSSL_free(sigbuf);
BIO_free(bmd);
release_engine(e);
return ret;
}
static void show_digests(const OBJ_NAME *name, void *arg)
{
struct doall_dgst_digests *dec = (struct doall_dgst_digests *)arg;
const EVP_MD *md = NULL;
/* Filter out signed digests (a.k.a signature algorithms) */
if (strstr(name->name, "rsa") != NULL || strstr(name->name, "RSA") != NULL)
return;
if (!islower((unsigned char)*name->name))
return;
/* Filter out message digests that we cannot use */
md = EVP_MD_fetch(app_get0_libctx(), name->name, app_get0_propq());
if (md == NULL) {
md = EVP_get_digestbyname(name->name);
if (md == NULL)
return;
}
BIO_printf(dec->bio, "-%-25s", name->name);
if (++dec->n == 3) {
BIO_printf(dec->bio, "\n");
dec->n = 0;
} else {
BIO_printf(dec->bio, " ");
}
}
/*
* The newline_escape_filename function performs newline escaping for any
* filename that contains a newline. This function also takes a pointer
* to backslash. The backslash pointer is a flag to indicating whether a newline
* is present in the filename. If a newline is present, the backslash flag is
* set and the output format will contain a backslash at the beginning of the
* digest output. This output format is to replicate the output format found
* in the '*sum' checksum programs. This aims to preserve backward
* compatibility.
*/
static const char *newline_escape_filename(const char *file, int *backslash)
{
size_t i, e = 0, length = strlen(file), newline_count = 0, mem_len = 0;
char *file_cpy = NULL;
for (i = 0; i < length; i++)
if (file[i] == '\n')
newline_count++;
mem_len = length + newline_count + 1;
file_cpy = app_malloc(mem_len, file);
i = 0;
while (e < length) {
const char c = file[e];
if (c == '\n') {
file_cpy[i++] = '\\';
file_cpy[i++] = 'n';
*backslash = 1;
} else {
file_cpy[i++] = c;
}
e++;
}
file_cpy[i] = '\0';
return (const char*)file_cpy;
}
int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, int xoflen,
EVP_PKEY *key, unsigned char *sigin, int siglen,
const char *sig_name, const char *md_name,
const char *file)
{
size_t len = BUFSIZE;
int i, backslash = 0, ret = EXIT_FAILURE;
unsigned char *allocated_buf = NULL;
while (BIO_pending(bp) || !BIO_eof(bp)) {
i = BIO_read(bp, (char *)buf, BUFSIZE);
if (i < 0) {
BIO_printf(bio_err, "Read error in %s\n", file);
goto end;
}
if (i == 0)
break;
}
if (sigin != NULL) {
EVP_MD_CTX *ctx;
BIO_get_md_ctx(bp, &ctx);
i = EVP_DigestVerifyFinal(ctx, sigin, (unsigned int)siglen);
if (i > 0) {
BIO_printf(out, "Verified OK\n");
} else if (i == 0) {
BIO_printf(out, "Verification failure\n");
goto end;
} else {
BIO_printf(bio_err, "Error verifying data\n");
goto end;
}
ret = EXIT_SUCCESS;
goto end;
}
if (key != NULL) {
EVP_MD_CTX *ctx;
size_t tmplen;
BIO_get_md_ctx(bp, &ctx);
if (!EVP_DigestSignFinal(ctx, NULL, &tmplen)) {
BIO_printf(bio_err, "Error getting maximum length of signed data\n");
goto end;
}
if (tmplen > BUFSIZE) {
len = tmplen;
allocated_buf = app_malloc(len, "Signature buffer");
buf = allocated_buf;
}
if (!EVP_DigestSignFinal(ctx, buf, &len)) {
BIO_printf(bio_err, "Error signing data\n");
goto end;
}
} else if (xoflen > 0) {
EVP_MD_CTX *ctx;
len = xoflen;
if (len > BUFSIZE) {
allocated_buf = app_malloc(len, "Digest buffer");
buf = allocated_buf;
}
BIO_get_md_ctx(bp, &ctx);
if (!EVP_DigestFinalXOF(ctx, buf, len)) {
BIO_printf(bio_err, "Error Digesting Data\n");
goto end;
}
} else {
len = BIO_gets(bp, (char *)buf, BUFSIZE);
if ((int)len < 0)
goto end;
}
if (binout) {
BIO_write(out, buf, len);
} else if (sep == 2) {
file = newline_escape_filename(file, &backslash);
if (backslash == 1)
BIO_puts(out, "\\");
for (i = 0; i < (int)len; i++)
BIO_printf(out, "%02x", buf[i]);
BIO_printf(out, " *%s\n", file);
OPENSSL_free((char *)file);
} else {
if (sig_name != NULL) {
BIO_puts(out, sig_name);
if (md_name != NULL)
BIO_printf(out, "-%s", md_name);
BIO_printf(out, "(%s)= ", file);
} else if (md_name != NULL) {
BIO_printf(out, "%s(%s)= ", md_name, file);
} else {
BIO_printf(out, "(%s)= ", file);
}
for (i = 0; i < (int)len; i++) {
if (sep && (i != 0))
BIO_printf(out, ":");
BIO_printf(out, "%02x", buf[i]);
}
BIO_printf(out, "\n");
}
ret = EXIT_SUCCESS;
end:
if (allocated_buf != NULL)
OPENSSL_clear_free(allocated_buf, len);
return ret;
}

Some files were not shown because too many files have changed in this diff Show More