diff options
| author | Richard Levitte <levitte@openssl.org> | 2000-10-26 19:20:14 +0000 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2000-10-26 19:20:14 +0000 |
| commit | f84f5b0c5a828ca747e2e87a89522cfd67f754bf (patch) | |
| tree | a95741333a528dc532826aa17cf65eff3bd7a4e0 | |
| parent | c80abb148d254e4eb852ed28608040e3cfed4005 (diff) | |
| download | openssl-new-BRANCH_engine.tar.gz | |
Merge from main trunk, conflicts resolved.BRANCH_engine
Change what needs to be changed in crypto/engine to adapt to the new
way DSO works.
Change hw_nuron.c to use DSO functions instead of using dl*()
functions directly.
49 files changed, 948 insertions, 422 deletions
@@ -5,6 +5,32 @@ Changes between 0.9.6 and 0.9.7 [xx XXX 2000] + *) Support threads on FreeBSD-elf in Configure. + [Richard Levitte] + + *) Add the possibility to create shared libraries on HP-UX + [Richard Levitte] + + *) Fix for SHA1 assembly problem with MASM: it produces + warnings about corrupt line number information when assembling + with debugging information. This is caused by the overlapping + of two sections. + [Bernd Matthes <mainbug@celocom.de>, Steve Henson] + + *) NCONF changes. + NCONF_get_number() has no error checking at all. As a replacement, + NCONF_get_number_e() is defined (_e for "error checking") and is + promoted strongly. The old NCONF_get_number is kept around for + binary backward compatibility. + Make it possible for methods to load from something other than a BIO, + by providing a function pointer that is given a name instead of a BIO. + For example, this could be used to load configuration data from an + LDAP server. + [Richard Levitte] + + *) Fix typo in get_cert_by_subject() in by_dir.c + [Jean-Marc Desperrier <jean-marc.desperrier@certplus.com>] + *) Rework the system to generate shared libraries: - Make note of the expected extension for the shared libraries and @@ -223,41 +223,41 @@ my %table=( # #!#"hpux-parisc-cc","cc:-Ae +O3 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl", # Since there is mention of this in shlib/hpux10-cc.sh -"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl", -"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl", -"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn", +"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # More attempts at unified 10.X and 11.X targets for HP C compiler. # # Chris Ruemmler <ruemmler@cup.hp.com> # Kevin Steves <ks@hp.se> -"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl", -"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl", -"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn", -"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl", +"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # HPUX 9.X config. # Don't use the bundled cc. It is broken. Use HP ANSI C if possible, or # egcs. gcc 2.8.1 is also broken. -"hpux-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::(unknown):-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl", +"hpux-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::(unknown):-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # If hpux-cc fails (e.g. during "make test"), try the next one; otherwise, # please report your OS and compiler version to the openssl-bugs@openssl.org # mailing list. -"hpux-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown):-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl", +"hpux-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown):-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl", +"hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # If hpux-gcc fails, try this one: -"hpux-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl", +"hpux-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # HPUX 10.X config. Supports threads. -"hpux10-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl", +"hpux10-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # If hpux10-cc fails, try this one (if still fails, try deleting BN_LLONG): -"hpux10-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl", +"hpux10-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"hpux10-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl", +"hpux10-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # If hpux10-gcc fails, try this one: -"hpux10-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl", +"hpux10-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # HPUX 11.X from www.globus.org. # Only works on PA-RISC 2.0 cpus, and not optimized. Why? @@ -310,7 +310,7 @@ my %table=( "NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "NetBSD-x86", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"FreeBSD-elf", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"FreeBSD-elf", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "FreeBSD", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}", "bsdi-gcc", "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown)::RSA_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_bsdi_asm}", "bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -852,7 +852,16 @@ while (<IN>) s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/; s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/; s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); - s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.so.\$(SHLIB_MAJOR) .so/ if ($shared_extension ne "" && $shared_extension !~ /^\.s[ol]$/); + if ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*$/) + { + my $sotmp = $1; + s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp/ + } + elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/) + { + my $sotmp = $1; + s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/; + } print OUT $_."\n"; } close(IN); @@ -27,6 +27,8 @@ OpenSSL - Frequently Asked Questions * Why does the OpenSSL test fail with "bc: 1 no implemented"? * Why does the OpenSSL compilation fail on Alpha True64 Unix? * Why does the OpenSSL compilation fail with "ar: command not found"? +* Why does the OpenSSL compilation fail on Win32 with VC++? +* Why aren't tools like 'autoconf' and 'libtool' used? * Which is the current version of OpenSSL? @@ -430,3 +432,29 @@ and then redo the compilation. What you should really do is make sure '/usr/ccs/bin' is permanently in your $PATH, for example through your '.profile' (again, assuming you use a sh-compatible shell). + +* Why does the OpenSSL compilation fail on Win32 with VC++? + +Sometimes, you may get reports from VC++ command line (cl) that it +can't find standard include files like stdio.h and other weirdnesses. +One possible cause is that the environment isn't correctly set up. +To solve that problem, one should run VCVARS32.BAT which is found in +the 'bin' subdirectory of the VC++ installation directory (somewhere +under 'Program Files'). This needs to be done prior to running NMAKE, +and the changes are only valid for the current DOS session. + + +* Why aren't tools like 'autoconf' and 'libtool' used? + +autoconf is a nice tool, but is unfortunately very Unix-centric. +Although one can come up with solution to have ports keep in track, +there's also some work needed for that, and can be quite painful at +times. If there was a 'autoconf'-like tool that generated perl +scripts or something similarly general, it would probably be used +in OpenSSL much earlier. + +libtool has repeatadly been reported by some members of the OpenSSL +development and others to be a pain to use. So far, those in the +development team who have said anything about this have expressed +a wish to avoid libtool for that reason. + diff --git a/Makefile.org b/Makefile.org index 0314ac3b8a..184fd768e1 100644 --- a/Makefile.org +++ b/Makefile.org @@ -207,7 +207,7 @@ sub_all: fi; \ done; \ if echo "$(DIRS)" | \ - grep '\(^\| \)\(crypto\|ssl\)\( \|$$\)' > /dev/null 2>&1 && \ + egrep '(^| )(crypto|ssl)( |$$)' > /dev/null 2>&1 && \ [ -n "$(SHARED_LIBS)" ]; then \ $(MAKE) $(SHARED_LIBS); \ fi @@ -278,6 +278,25 @@ do_solaris-shared: libs="$$libs -L. -l$$i"; \ done +# This assumes that GNU utilities are *not* used +do_hpux-shared: + libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ + ( set -x; /usr/ccs/bin/ld +vnocompatwarnings \ + -b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \ + +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \ + -Fl lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \ + libs="$$libs -L. -l$$i"; \ + done + +# This assumes that GNU utilities are *not* used +do_hpux64-shared: + libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ + ( set -x; /usr/ccs/bin/ld -b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \ + +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \ + +forceload lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \ + libs="$$libs -L. -l$$i"; \ + done + Makefile.ssl: Makefile.org @echo "Makefile.ssl is older than Makefile.org." @echo "Reconfigure the source tree (via './config' or 'perl Configure'), please." @@ -1,6 +1,6 @@ OpenSSL STATUS Last modified at - ______________ $Date: 2000/10/10 08:39:58 $ + ______________ $Date: 2000/10/26 19:20:03 $ DEVELOPMENT STATE @@ -25,7 +25,7 @@ o Steve is currently working on (in no particular order): ASN1 code redesign, butchery, replacement. EVP cipher enhancement. - Proper (or at least usable) certificate chain verification. + /* Proper (or at least usable) certificate chain verification. */ Private key, certificate and CRL API and implementation. Developing and bugfixing PKCS#7 (S/MIME code). Various X509 issues: character sets, certificate request extensions. @@ -45,9 +45,6 @@ OPEN ISSUES - o internal_verify doesn't know about X509.v3 (basicConstraints - CA flag ...) - o The Makefile hierarchy and build mechanism is still not a round thing: 1. The config vs. Configure scripts @@ -1172,9 +1172,9 @@ $rc4_obj = $rmd160_obj = $rc5_obj = $dso_scheme = dl -$shared_target= -$shared_cflag = -$shared_extension = +$shared_target= hpux-shared +$shared_cflag = +Z +$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) *** hpux-brokengcc $cc = gcc @@ -1193,9 +1193,9 @@ $rc4_obj = $rmd160_obj = $rc5_obj = $dso_scheme = dl -$shared_target= -$shared_cflag = -$shared_extension = +$shared_target= hpux-shared +$shared_cflag = -fPIC +$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) *** hpux-cc $cc = cc @@ -1214,9 +1214,9 @@ $rc4_obj = $rmd160_obj = $rc5_obj = $dso_scheme = dl -$shared_target= -$shared_cflag = -$shared_extension = +$shared_target= hpux-shared +$shared_cflag = +Z +$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) *** hpux-gcc $cc = gcc @@ -1235,9 +1235,9 @@ $rc4_obj = $rmd160_obj = $rc5_obj = $dso_scheme = dl -$shared_target= -$shared_cflag = -$shared_extension = +$shared_target= hpux-shared +$shared_cflag = -fPIC +$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) *** hpux-parisc-cc $cc = cc @@ -1256,9 +1256,9 @@ $rc4_obj = $rmd160_obj = $rc5_obj = $dso_scheme = dl -$shared_target= -$shared_cflag = -$shared_extension = +$shared_target= hpux-shared +$shared_cflag = +Z +$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) *** hpux-parisc-cc-o4 $cc = cc @@ -1277,9 +1277,9 @@ $rc4_obj = $rmd160_obj = $rc5_obj = $dso_scheme = dl -$shared_target= -$shared_cflag = -$shared_extension = +$shared_target= hpux-shared +$shared_cflag = +Z +$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) *** hpux-parisc-gcc $cc = gcc @@ -1298,9 +1298,9 @@ $rc4_obj = $rmd160_obj = $rc5_obj = $dso_scheme = dl -$shared_target= -$shared_cflag = -$shared_extension = +$shared_target= hpux-shared +$shared_cflag = -fPIC +$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) *** hpux-parisc1_1-cc $cc = cc @@ -1319,9 +1319,9 @@ $rc4_obj = $rmd160_obj = $rc5_obj = $dso_scheme = dl -$shared_target= -$shared_cflag = -$shared_extension = +$shared_target= hpux-shared +$shared_cflag = +Z +$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) *** hpux-parisc2-cc $cc = cc @@ -1340,9 +1340,9 @@ $rc4_obj = $rmd160_obj = $rc5_obj = $dso_scheme = dl -$shared_target= -$shared_cflag = -$shared_extension = +$shared_target= hpux-shared +$shared_cflag = +Z +$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) *** hpux10-brokencc $cc = cc @@ -1361,9 +1361,9 @@ $rc4_obj = $rmd160_obj = $rc5_obj = $dso_scheme = dl -$shared_target= -$shared_cflag = -$shared_extension = +$shared_target= hpux-shared +$shared_cflag = +Z +$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) *** hpux10-brokengcc $cc = gcc @@ -1382,9 +1382,9 @@ $rc4_obj = $rmd160_obj = $rc5_obj = $dso_scheme = dl -$shared_target= -$shared_cflag = -$shared_extension = +$shared_target= hpux-shared +$shared_cflag = -fPIC +$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) *** hpux10-cc $cc = cc @@ -1403,9 +1403,9 @@ $rc4_obj = $rmd160_obj = $rc5_obj = $dso_scheme = dl -$shared_target= -$shared_cflag = -$shared_extension = +$shared_target= hpux-shared +$shared_cflag = +Z +$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) *** hpux10-gcc $cc = gcc @@ -1424,9 +1424,9 @@ $rc4_obj = $rmd160_obj = $rc5_obj = $dso_scheme = dl -$shared_target= -$shared_cflag = -$shared_extension = +$shared_target= hpux-shared +$shared_cflag = -fPIC +$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) *** hpux64-parisc-cc $cc = cc @@ -1445,9 +1445,9 @@ $rc4_obj = $rmd160_obj = $rc5_obj = $dso_scheme = dlfcn -$shared_target= -$shared_cflag = -$shared_extension = +$shared_target= hpux64-shared +$shared_cflag = +Z +$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) *** hpux64-parisc2-cc $cc = cc @@ -1466,9 +1466,9 @@ $rc4_obj = $rmd160_obj = $rc5_obj = $dso_scheme = dlfcn -$shared_target= -$shared_cflag = -$shared_extension = +$shared_target= hpux64-shared +$shared_cflag = +Z +$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) *** irix-cc $cc = cc diff --git a/apps/app_rand.c b/apps/app_rand.c index 1146f9f7f3..2126fd5aa1 100644 --- a/apps/app_rand.c +++ b/apps/app_rand.c @@ -142,18 +142,21 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn) } if (file == NULL || !RAND_load_file(file, -1)) { - if (RAND_status() == 0 && !dont_warn) + if (RAND_status() == 0) { - BIO_printf(bio_e,"unable to load 'random state'\n"); - BIO_printf(bio_e,"This means that the random number generator has not been seeded\n"); - BIO_printf(bio_e,"with much random data.\n"); - if (consider_randfile) /* explanation does not apply when a file is explicitly named */ + if (!dont_warn) { - BIO_printf(bio_e,"Consider setting the RANDFILE environment variable to point at a file that\n"); - BIO_printf(bio_e,"'random' data can be kept in (the file will be overwritten).\n"); + BIO_printf(bio_e,"unable to load 'random state'\n"); + BIO_printf(bio_e,"This means that the random number generator has not been seeded\n"); + BIO_printf(bio_e,"with much random data.\n"); + if (consider_randfile) /* explanation does not apply when a file is explicitly named */ + { + BIO_printf(bio_e,"Consider setting the RANDFILE environment variable to point at a file that\n"); + BIO_printf(bio_e,"'random' data can be kept in (the file will be overwritten).\n"); + } } + return 0; } - return 0; } seeded = 1; return 1; diff --git a/apps/ca-cert.srl b/apps/ca-cert.srl index eeee65ec41..2c7456e3eb 100644 --- a/apps/ca-cert.srl +++ b/apps/ca-cert.srl @@ -1 +1 @@ -05 +07 diff --git a/apps/pca-cert.srl b/apps/pca-cert.srl index 8a0f05e166..2c7456e3eb 100644 --- a/apps/pca-cert.srl +++ b/apps/pca-cert.srl @@ -1 +1 @@ -01 +07 diff --git a/apps/rsautl.c b/apps/rsautl.c index 2ef75649dd..95fce436bb 100644 --- a/apps/rsautl.c +++ b/apps/rsautl.c @@ -55,6 +55,9 @@ * Hudson (tjh@cryptsoft.com). * */ + +#ifndef NO_RSA + #include "apps.h" #include <string.h> #include <openssl/err.h> @@ -313,3 +316,4 @@ static void usage() BIO_printf(bio_err, "-hexdump hex dump output\n"); } +#endif diff --git a/apps/server.pem b/apps/server.pem index c57b32507d..56248e57a3 100644 --- a/apps/server.pem +++ b/apps/server.pem @@ -1,17 +1,17 @@ issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit) -subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit) +subject= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit) -----BEGIN CERTIFICATE----- -MIIB6TCCAVICAQQwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV +MIIB6TCCAVICAQYwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD -VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTgwNjI5MjM1MjQwWhcNMDAwNjI4 -MjM1MjQwWjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG +VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNMDAxMDE2MjIzMTAzWhcNMDMwMTE0 +MjIzMTAzWjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0IGNl cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8SMVIP Fe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8Ey2// -Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQCVvvfkGSe2GHgDFfmOua4Isjb9 -JVhImWMASiOClkZlMESDJjsszg/6+d/W+8TrbObhazpl95FivXBVucbj9dudh7AO -IZu1h1MAPlyknc9Ud816vz3FejB4qqUoaXjnlkrIgEbr/un7jSS86WOe0hRhwHkJ -FUGcPZf9ND22Etc+AQ== +Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQCT0grFQeZaqYb5EYfk20XixZV4 +GmyAbXMftG1Eo7qGiMhYzRwGNWxEYojf5PZkYZXvSqZ/ZXHXa4g59jK/rJNnaVGM +k+xIX8mxQvlV0n5O9PIha5BX5teZnkHKgL8aKKLKW1BK7YTngsfSzzaeame5iKfz +itAE+OjGF+PFKbwX8Q== -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD diff --git a/certs/rsa-ssca.pem b/certs/rsa-ssca.pem deleted file mode 100644 index c9403212d1..0000000000 --- a/certs/rsa-ssca.pem +++ /dev/null @@ -1,19 +0,0 @@ -subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority -issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority -notBefore=941109235417Z -notAfter =991231235417Z ------BEGIN X509 CERTIFICATE----- - -MIICKTCCAZYCBQJBAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMSAw -HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJl -IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDkyMzU0MTda -Fw05OTEyMzEyMzU0MTdaMF8xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0 -YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJlIFNlcnZlciBDZXJ0aWZp -Y2F0aW9uIEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCSznrB -roM+WqqJg1esJQF2DK2ujiw3zus1eGRUA+WEQFHJv48I4oqCCNIWhjdV6bEhAq12 -aIGaBaJLyUslZiJWbIgHj/eBWW2EB2VwE3F2Ppt3TONQiVaYSLkdpykaEy5KEVmc -HhXVSVQsczppgrGXOZxtcGdI5d0t1sgeewIDAQABMA0GCSqGSIb3DQEBAgUAA34A -iNHReSHO4ovo+MF9NFM/YYPZtgs4F7boviGNjwC4i1N+RGceIr2XJ+CchcxK9oU7 -suK+ktPlDemvXA4MRpX/oRxePug2WHpzpgr4IhFrwwk4fia7c+8AvQKk8xQNMD9h -cHsg/jKjn7P0Z1LctO6EjJY2IN6BCINxIYoPnqk= ------END X509 CERTIFICATE----- @@ -168,7 +168,7 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in ;; NetBSD:*:*:*386*) - echo "`/usr/sbin/sysctl -n hw.model | sed 's,.*\(.\)86-class.*,i\186,'`-whatever-netbsd"; exit 0 + echo "`(/usr/sbin/sysctl -n hw.model || /sbin/sysctl -n hw.model) | sed 's,.*\(.\)86-class.*,i\186,'`-whatever-netbsd"; exit 0 ;; NetBSD:*) diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c index a62f551635..6a28c58f07 100644 --- a/crypto/bio/b_print.c +++ b/crypto/bio/b_print.c @@ -151,7 +151,7 @@ static void _dopr(char **sbuffer, char **buffer, /* some handy macros */ #define char_to_int(p) (p - '0') -#define MAX(p,q) ((p >= q) ? p : q) +#define OSSL_MAX(p,q) ((p >= q) ? p : q) static void _dopr( @@ -502,13 +502,13 @@ fmtint( convert[place] = 0; zpadlen = max - place; - spadlen = min - MAX(max, place) - (signvalue ? 1 : 0); + spadlen = min - OSSL_MAX(max, place) - (signvalue ? 1 : 0); if (zpadlen < 0) zpadlen = 0; if (spadlen < 0) spadlen = 0; if (flags & DP_F_ZERO) { - zpadlen = MAX(zpadlen, spadlen); + zpadlen = OSSL_MAX(zpadlen, spadlen); spadlen = 0; } if (flags & DP_F_MINUS) diff --git a/crypto/conf/conf.h b/crypto/conf/conf.h index cd40a0db21..ae7d05f3bc 100644 --- a/crypto/conf/conf.h +++ b/crypto/conf/conf.h @@ -90,10 +90,11 @@ struct conf_method_st int (MS_FAR *init)(CONF *conf); int (MS_FAR *destroy)(CONF *conf); int (MS_FAR *destroy_data)(CONF *conf); - int (MS_FAR *load)(CONF *conf, BIO *bp, long *eline); + int (MS_FAR *load_bio)(CONF *conf, BIO *bp, long *eline); int (MS_FAR *dump)(CONF *conf, BIO *bp); int (MS_FAR *is_number)(CONF *conf, char c); int (MS_FAR *to_int)(CONF *conf, char c); + int (MS_FAR *load)(CONF *conf, const char *name, long *eline); }; int CONF_set_default_method(CONF_METHOD *meth); @@ -136,10 +137,17 @@ int NCONF_load_fp(CONF *conf, FILE *fp,long *eline); int NCONF_load_bio(CONF *conf, BIO *bp,long *eline); STACK_OF(CONF_VALUE) *NCONF_get_section(CONF *conf,char *section); char *NCONF_get_string(CONF *conf,char *group,char *name); -long NCONF_get_number(CONF *conf,char *group,char *name); +int NCONF_get_number_e(CONF *conf,char *group,char *name,long *result); int NCONF_dump_fp(CONF *conf, FILE *out); int NCONF_dump_bio(CONF *conf, BIO *out); +#if 0 /* The following function has no error checking, + and should therefore be avoided */ +long NCONF_get_number(CONF *conf,char *group,char *name); +#else +#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r); +#endif + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes @@ -156,9 +164,12 @@ int NCONF_dump_bio(CONF *conf, BIO *out); #define CONF_F_NCONF_DUMP_BIO 105 #define CONF_F_NCONF_DUMP_FP 106 #define CONF_F_NCONF_GET_NUMBER 107 +#define CONF_F_NCONF_GET_NUMBER_E 112 #define CONF_F_NCONF_GET_SECTION 108 #define CONF_F_NCONF_GET_STRING 109 +#define CONF_F_NCONF_LOAD 113 #define CONF_F_NCONF_LOAD_BIO 110 +#define CONF_F_NCONF_LOAD_FP 114 #define CONF_F_NCONF_NEW 111 #define CONF_F_STR_COPY 101 @@ -169,6 +180,7 @@ int NCONF_dump_bio(CONF *conf, BIO *out); #define CONF_R_NO_CONF 105 #define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE 106 #define CONF_R_NO_SECTION 107 +#define CONF_R_NO_VALUE 108 #define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 103 #define CONF_R_VARIABLE_HAS_NO_VALUE 104 diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c index d05a778ff6..7abeeced07 100644 --- a/crypto/conf/conf_api.c +++ b/crypto/conf/conf_api.c @@ -153,6 +153,9 @@ char *_CONF_get_string(CONF *conf, char *section, char *name) return(Getenv(name)); } +#if 0 /* There's no way to provide error checking with this function, so + force implementors of the higher levels to get a string and read + the number themselves. */ long _CONF_get_number(CONF *conf, char *section, char *name) { char *str; @@ -169,6 +172,7 @@ long _CONF_get_number(CONF *conf, char *section, char *name) str++; } } +#endif int _CONF_new_data(CONF *conf) { diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index 773df32c68..6825d96455 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -81,7 +81,8 @@ static int def_init_default(CONF *conf); static int def_init_WIN32(CONF *conf); static int def_destroy(CONF *conf); static int def_destroy_data(CONF *conf); -static int def_load(CONF *conf, BIO *bp, long *eline); +static int def_load(CONF *conf, const char *name, long *eline); +static int def_load_bio(CONF *conf, BIO *bp, long *eline); static int def_dump(CONF *conf, BIO *bp); static int def_is_number(CONF *conf, char c); static int def_to_int(CONF *conf, char c); @@ -94,10 +95,11 @@ static CONF_METHOD default_method = { def_init_default, def_destroy, def_destroy_data, - def_load, + def_load_bio, def_dump, def_is_number, - def_to_int + def_to_int, + def_load }; static CONF_METHOD WIN32_method = { @@ -106,10 +108,11 @@ static CONF_METHOD WIN32_method = { def_init_WIN32, def_destroy, def_destroy_data, - def_load, + def_load_bio, def_dump, def_is_number, - def_to_int + def_to_int, + def_load }; CONF_METHOD *NCONF_default() @@ -177,7 +180,29 @@ static int def_destroy_data(CONF *conf) return 1; } -static int def_load(CONF *conf, BIO *in, long *line) +static int def_load(CONF *conf, const char *name, long *line) + { + int ret; + BIO *in=NULL; + +#ifdef VMS + in=BIO_new_file(name, "r"); +#else + in=BIO_new_file(name, "rb"); +#endif + if (in == NULL) + { + CONFerr(CONF_F_CONF_LOAD,ERR_R_SYS_LIB); + return 0; + } + + ret = def_load_bio(conf, in, line); + BIO_free(in); + + return ret; + } + +static int def_load_bio(CONF *conf, BIO *in, long *line) { #define BUFSIZE 512 char btmp[16]; diff --git a/crypto/conf/conf_err.c b/crypto/conf/conf_err.c index 8c2bc6f1c4..89e220f3ff 100644 --- a/crypto/conf/conf_err.c +++ b/crypto/conf/conf_err.c @@ -73,9 +73,12 @@ static ERR_STRING_DATA CONF_str_functs[]= {ERR_PACK(0,CONF_F_NCONF_DUMP_BIO,0), "NCONF_dump_bio"}, {ERR_PACK(0,CONF_F_NCONF_DUMP_FP,0), "NCONF_dump_fp"}, {ERR_PACK(0,CONF_F_NCONF_GET_NUMBER,0), "NCONF_get_number"}, +{ERR_PACK(0,CONF_F_NCONF_GET_NUMBER_E,0), "NCONF_get_number_e"}, {ERR_PACK(0,CONF_F_NCONF_GET_SECTION,0), "NCONF_get_section"}, {ERR_PACK(0,CONF_F_NCONF_GET_STRING,0), "NCONF_get_string"}, +{ERR_PACK(0,CONF_F_NCONF_LOAD,0), "NCONF_load"}, {ERR_PACK(0,CONF_F_NCONF_LOAD_BIO,0), "NCONF_load_bio"}, +{ERR_PACK(0,CONF_F_NCONF_LOAD_FP,0), "NCONF_load_fp"}, {ERR_PACK(0,CONF_F_NCONF_NEW,0), "NCONF_new"}, {ERR_PACK(0,CONF_F_STR_COPY,0), "STR_COPY"}, {0,NULL} @@ -89,6 +92,7 @@ static ERR_STRING_DATA CONF_str_reasons[]= {CONF_R_NO_CONF ,"no conf"}, {CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE ,"no conf or environment variable"}, {CONF_R_NO_SECTION ,"no section"}, +{CONF_R_NO_VALUE ,"no value"}, {CONF_R_UNABLE_TO_CREATE_NEW_SECTION ,"unable to create new section"}, {CONF_R_VARIABLE_HAS_NO_VALUE ,"variable has no value"}, {0,NULL} diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c index 6a650f18e7..2005c87350 100644 --- a/crypto/conf/conf_lib.c +++ b/crypto/conf/conf_lib.c @@ -156,13 +156,21 @@ char *CONF_get_string(LHASH *conf,char *group,char *name) long CONF_get_number(LHASH *conf,char *group,char *name) { CONF ctmp; + int status; + long result = 0; if (default_CONF_method == NULL) default_CONF_method = NCONF_default(); default_CONF_method->init(&ctmp); ctmp.data = conf; - return NCONF_get_number(&ctmp, group, name); + status = NCONF_get_number_e(&ctmp, group, name, &result); + if (status == 0) + { + /* This function does not believe in errors... */ + ERR_get_error(); + } + return result; } void CONF_free(LHASH *conf) @@ -244,24 +252,13 @@ void NCONF_free_data(CONF *conf) int NCONF_load(CONF *conf, const char *file, long *eline) { - int ret; - BIO *in=NULL; - -#ifdef VMS - in=BIO_new_file(file, "r"); -#else - in=BIO_new_file(file, "rb"); -#endif - if (in == NULL) + if (conf == NULL) { - CONFerr(CONF_F_CONF_LOAD,ERR_R_SYS_LIB); + CONFerr(CONF_F_NCONF_LOAD,CONF_R_NO_CONF); return 0; } - ret = NCONF_load_bio(conf, in, eline); - BIO_free(in); - - return ret; + return conf->meth->load(conf, file, eline); } #ifndef NO_FP_API @@ -271,7 +268,7 @@ int NCONF_load_fp(CONF *conf, FILE *fp,long *eline) int ret; if(!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) { - CONFerr(CONF_F_CONF_LOAD_FP,ERR_R_BUF_LIB); + CONFerr(CONF_F_NCONF_LOAD_FP,ERR_R_BUF_LIB); return 0; } ret = NCONF_load_bio(conf, btmp, eline); @@ -288,7 +285,7 @@ int NCONF_load_bio(CONF *conf, BIO *bp,long *eline) return 0; } - return conf->meth->load(conf, bp, eline); + return conf->meth->load_bio(conf, bp, eline); } STACK_OF(CONF_VALUE) *NCONF_get_section(CONF *conf,char *section) @@ -322,25 +319,33 @@ char *NCONF_get_string(CONF *conf,char *group,char *name) CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE); return NULL; } - + CONFerr(CONF_F_NCONF_GET_STRING, + CONF_R_NO_VALUE); + return NULL; } -long NCONF_get_number(CONF *conf,char *group,char *name) +int NCONF_get_number_e(CONF *conf,char *group,char *name,long *result) { -#if 0 /* As with _CONF_get_string(), we rely on the possibility of finding - an environment variable with a suitable name. Unfortunately, there's - no way with the current API to see if we found one or not... - The meaning of this is that if a number is not found anywhere, it - will always default to 0. */ - if (conf == NULL) + char *str; + + if (result == NULL) { - CONFerr(CONF_F_NCONF_GET_NUMBER, - CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE); + CONFerr(CONF_F_NCONF_GET_NUMBER_E,ERR_R_PASSED_NULL_PARAMETER); return 0; } -#endif - - return _CONF_get_number(conf, group, name); + + str = NCONF_get_string(conf,group,name); + + if (str == NULL) + return 0; + + for (;conf->meth->is_number(conf, *str);) + { + *result = (*result)*10 + conf->meth->to_int(conf, *str); + str++; + } + + return 1; } #ifndef NO_FP_API @@ -369,3 +374,19 @@ int NCONF_dump_bio(CONF *conf, BIO *out) return conf->meth->dump(conf, out); } +/* This function should be avoided */ +#undef NCONF_get_number +long NCONF_get_number(CONF *conf,char *group,char *name) + { + int status; + long ret=0; + + status = NCONF_get_number_e(conf, group, name, &ret); + if (status == 0) + { + /* This function does not believe in errors... */ + ERR_get_error(); + } + return ret; + } + diff --git a/crypto/dso/README b/crypto/dso/README index 6ba03c5631..d0bc9a89fb 100644 --- a/crypto/dso/README +++ b/crypto/dso/README @@ -1,16 +1,3 @@ -TODO ----- - -Find a way where name-translation can be done in a way that is -sensitive to particular methods (ie. generic code could still do -different path/filename substitutions on win32 to what it does on -*nix) but doesn't assume some canonical form. Already one case -exists where the "blah -> (libblah.so,blah.dll)" mapping doesn't -suffice. I suspect a callback with an enumerated (or string?) -parameter could be the way to go here ... DSO_ctrl the callback -into place and it can be invoked to handle name translation with -some clue to the calling code as to what kind of system it is. - NOTES ----- @@ -21,4 +8,15 @@ according to their man page, prefer developers to move to that. I'll leave Richard's changes there as I guess dso_dl is needed for HPUX10.20. +There is now a callback scheme in place where filename conversion can +(a) be turned off altogether through the use of the + DSO_FLAG_NO_NAME_TRANSLATION flag, +(b) be handled by default using the default DSO_METHOD's converter +(c) overriden per-DSO by setting the override callback +(d) a mix of (b) and (c) - eg. implement an override callback that; + (i) checks if we're win32 (if(strstr(dso->meth->name, "win32")....) + and if so, convert "blah" into "blah32.dll" (the default is + otherwise to make it "blah.dll"). + (ii) default to the normal behaviour - we're not on win32, eg. + finish with (return dso->meth->dso_name_converter(dso,NULL)). diff --git a/crypto/dso/dso.h b/crypto/dso/dso.h index 2770e3b763..8c495b1b24 100644 --- a/crypto/dso/dso.h +++ b/crypto/dso/dso.h @@ -70,31 +70,51 @@ extern "C" { #define DSO_CTRL_SET_FLAGS 2 #define DSO_CTRL_OR_FLAGS 3 -/* These flags control the translation of file-names from canonical to - * native. Eg. in the CryptoSwift support, the "dl" and "dlfcn" - * methods will translate "swift" -> "libswift.so" whereas the "win32" - * method will translate "swift" -> "swift.dll". NB: Until I can figure - * out how to be more "conventional" with this, the methods will only - * honour this flag if it looks like it was passed a file without any - * path and if the filename is small enough. - */ -#define DSO_FLAG_NAME_TRANSLATION 0x01 +/* By default, DSO_load() will translate the provided filename into a form + * typical for the platform (more specifically the DSO_METHOD) using the + * dso_name_converter function of the method. Eg. win32 will transform "blah" + * into "blah.dll", and dlfcn will transform it into "libblah.so". The + * behaviour can be overriden by setting the name_converter callback in the DSO + * object (using DSO_set_name_converter()). This callback could even utilise + * the DSO_METHOD's converter too if it only wants to override behaviour for + * one or two possible DSO methods. However, the following flag can be set in a + * DSO to prevent *any* native name-translation at all - eg. if the caller has + * prompted the user for a path to a driver library so the filename should be + * interpreted as-is. */ +#define DSO_FLAG_NO_NAME_TRANSLATION 0x01 +/* An extra flag to give if only the extension should be added as + * translation. This is obviously only of importance on Unix and + * other operating systems where the translation also may prefix + * the name with something, like 'lib', and ignored everywhere else. + * This flag is also ignored if DSO_FLAG_NO_NAME_TRANSLATION is used + * at the same time. */ +#define DSO_FLAG_NAME_TRANSLATION_EXT_ONLY 0x02 /* The following flag controls the translation of symbol names to upper * case. This is currently only being implemented for OpenVMS. */ -#define DSO_FLAG_UPCASE_SYMBOL 0x02 +#define DSO_FLAG_UPCASE_SYMBOL 0x10 typedef void (*DSO_FUNC_TYPE)(void); typedef struct dso_st DSO; +/* The function prototype used for method functions (or caller-provided + * callbacks) that transform filenames. They are passed a DSO structure pointer + * (or NULL if they are to be used independantly of a DSO object) and a + * filename to transform. They should either return NULL (if there is an error + * condition) or a newly allocated string containing the transformed form that + * the caller will need to free with OPENSSL_free() when done. */ +typedef char* (*DSO_NAME_CONVERTER_FUNC)(DSO *, const char *); + typedef struct dso_meth_st { const char *name; - /* Loads a shared library */ - int (*dso_load)(DSO *dso, const char *filename); + /* Loads a shared library, NB: new DSO_METHODs must ensure that a + * successful load populates the loaded_filename field, and likewise a + * successful unload OPENSSL_frees and NULLs it out. */ + int (*dso_load)(DSO *dso); /* Unloads a shared library */ int (*dso_unload)(DSO *dso); /* Binds a variable */ @@ -117,6 +137,9 @@ typedef struct dso_meth_st /* The generic (yuck) "ctrl()" function. NB: Negative return * values (rather than zero) indicate errors. */ long (*dso_ctrl)(DSO *dso, int cmd, long larg, void *parg); + /* The default DSO_METHOD-specific function for converting filenames to + * a canonical native form. */ + DSO_NAME_CONVERTER_FUNC dso_name_converter; /* [De]Initialisation handlers. */ int (*init)(DSO *dso); @@ -140,6 +163,23 @@ struct dso_st /* For use by applications etc ... use this for your bits'n'pieces, * don't touch meth_data! */ CRYPTO_EX_DATA ex_data; + /* If this callback function pointer is set to non-NULL, then it will + * be used on DSO_load() in place of meth->dso_name_converter. NB: This + * should normally set using DSO_set_name_converter(). */ + DSO_NAME_CONVERTER_FUNC name_converter; + /* This is populated with (a copy of) the platform-independant + * filename used for this DSO. */ + char *filename; + /* This is populated with (a copy of) the translated filename by which + * the DSO was actually loaded. It is NULL iff the DSO is not currently + * loaded. NB: This is here because the filename translation process + * may involve a callback being invoked more than once not only to + * convert to a platform-specific form, but also to try different + * filenames in the process of trying to perform a load. As such, this + * variable can be used to indicate (a) whether this DSO structure + * corresponds to a loaded library or not, and (b) the filename with + * which it was actually loaded. */ + char *loaded_filename; }; @@ -150,7 +190,35 @@ int DSO_flags(DSO *dso); int DSO_up(DSO *dso); long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg); -void DSO_set_default_method(DSO_METHOD *meth); +/* This function sets the DSO's name_converter callback. If it is non-NULL, + * then it will be used instead of the associated DSO_METHOD's function. If + * oldcb is non-NULL then it is set to the function pointer value being + * replaced. Return value is non-zero for success. */ +int DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb, + DSO_NAME_CONVERTER_FUNC *oldcb); +/* These functions can be used to get/set the platform-independant filename + * used for a DSO. NB: set will fail if the DSO is already loaded. */ +const char *DSO_get_filename(DSO *dso); +int DSO_set_filename(DSO *dso, const char *filename); +/* This function will invoke the DSO's name_converter callback to translate a + * filename, or if the callback isn't set it will instead use the DSO_METHOD's + * converter. If "filename" is NULL, the "filename" in the DSO itself will be + * used. If the DSO_FLAG_NO_NAME_TRANSLATION flag is set, then the filename is + * simply duplicated. NB: This function is usually called from within a + * DSO_METHOD during the processing of a DSO_load() call, and is exposed so that + * caller-created DSO_METHODs can do the same thing. A non-NULL return value + * will need to be OPENSSL_free()'d. */ +char *DSO_convert_filename(DSO *dso, const char *filename); +/* If the DSO is currently loaded, this returns the filename that it was loaded + * under, otherwise it returns NULL. So it is also useful as a test as to + * whether the DSO is currently loaded. NB: This will not necessarily return + * the same value as DSO_convert_filename(dso, dso->filename), because the + * DSO_METHOD's load function may have tried a variety of filenames (with + * and/or without the aid of the converters) before settling on the one it + * actually loaded. */ +const char *DSO_get_loaded_filename(DSO *dso); + +void DSO_set_default_method(DSO_METHOD *meth); DSO_METHOD *DSO_get_default_method(void); DSO_METHOD *DSO_get_method(DSO *dso); DSO_METHOD *DSO_set_method(DSO *dso, DSO_METHOD *meth); @@ -207,17 +275,24 @@ void ERR_load_DSO_strings(void); #define DSO_F_DLFCN_BIND_FUNC 100 #define DSO_F_DLFCN_BIND_VAR 101 #define DSO_F_DLFCN_LOAD 102 +#define DSO_F_DLFCN_NAME_CONVERTER 123 #define DSO_F_DLFCN_UNLOAD 103 #define DSO_F_DL_BIND_FUNC 104 #define DSO_F_DL_BIND_VAR 105 #define DSO_F_DL_LOAD 106 +#define DSO_F_DL_NAME_CONVERTER 124 #define DSO_F_DL_UNLOAD 107 #define DSO_F_DSO_BIND_FUNC 108 #define DSO_F_DSO_BIND_VAR 109 +#define DSO_F_DSO_CONVERT_FILENAME 126 #define DSO_F_DSO_CTRL 110 #define DSO_F_DSO_FREE 111 +#define DSO_F_DSO_GET_FILENAME 127 +#define DSO_F_DSO_GET_LOADED_FILENAME 128 #define DSO_F_DSO_LOAD 112 #define DSO_F_DSO_NEW_METHOD 113 +#define DSO_F_DSO_SET_FILENAME 129 +#define DSO_F_DSO_SET_NAME_CONVERTER 122 #define DSO_F_DSO_UP 114 #define DSO_F_VMS_BIND_VAR 115 #define DSO_F_VMS_LOAD 116 @@ -225,14 +300,19 @@ void ERR_load_DSO_strings(void); #define DSO_F_WIN32_BIND_FUNC 118 #define DSO_F_WIN32_BIND_VAR 119 #define DSO_F_WIN32_LOAD 120 +#define DSO_F_WIN32_NAME_CONVERTER 125 #define DSO_F_WIN32_UNLOAD 121 /* Reason codes. */ #define DSO_R_CTRL_FAILED 100 +#define DSO_R_DSO_ALREADY_LOADED 110 #define DSO_R_FILENAME_TOO_BIG 101 #define DSO_R_FINISH_FAILED 102 #define DSO_R_LOAD_FAILED 103 +#define DSO_R_NAME_TRANSLATION_FAILED 109 +#define DSO_R_NO_FILENAME 111 #define DSO_R_NULL_HANDLE 104 +#define DSO_R_SET_FILENAME_FAILED 112 #define DSO_R_STACK_ERROR 105 #define DSO_R_SYM_FAILURE 106 #define DSO_R_UNLOAD_FAILED 107 diff --git a/crypto/dso/dso_dl.c b/crypto/dso/dso_dl.c index 7a6770ef6d..c38d8863e5 100644 --- a/crypto/dso/dso_dl.c +++ b/crypto/dso/dso_dl.c @@ -72,7 +72,7 @@ DSO_METHOD *DSO_METHOD_dl(void) /* Part of the hack in "dl_load" ... */ #define DSO_MAX_TRANSLATED_SIZE 256 -static int dl_load(DSO *dso, const char *filename); +static int dl_load(DSO *dso); static int dl_unload(DSO *dso); static void *dl_bind_var(DSO *dso, const char *symname); static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname); @@ -83,6 +83,7 @@ static int dl_init(DSO *dso); static int dl_finish(DSO *dso); static int dl_ctrl(DSO *dso, int cmd, long larg, void *parg); #endif +static char *dl_name_converter(DSO *dso, const char *filename); static DSO_METHOD dso_meth_dl = { "OpenSSL 'dl' shared library method", @@ -96,6 +97,7 @@ static DSO_METHOD dso_meth_dl = { NULL, /* unbind_func */ #endif NULL, /* ctrl */ + dl_name_converter, NULL, /* init */ NULL /* finish */ }; @@ -111,35 +113,41 @@ DSO_METHOD *DSO_METHOD_dl(void) * type so the cast is safe. */ -static int dl_load(DSO *dso, const char *filename) +static int dl_load(DSO *dso) { - shl_t ptr; - char translated[DSO_MAX_TRANSLATED_SIZE]; - int len; + shl_t ptr = NULL; + /* We don't do any fancy retries or anything, just take the method's + * (or DSO's if it has the callback set) best translation of the + * platform-independant filename and try once with that. */ + char *filename= DSO_convert_filename(dso, NULL); - /* The same comment as in dlfcn_load applies here. bleurgh. */ - len = strlen(filename); - if((dso->flags & DSO_FLAG_NAME_TRANSLATION) && - (len + 6 < DSO_MAX_TRANSLATED_SIZE) && - (strstr(filename, "/") == NULL)) + if(filename == NULL) { - sprintf(translated, "lib%s.so", filename); - ptr = shl_load(translated, BIND_IMMEDIATE, NULL); + DSOerr(DSO_F_DL_LOAD,DSO_R_NO_FILENAME); + goto err; } - else - ptr = shl_load(filename, BIND_IMMEDIATE, NULL); + ptr = shl_load(filename, BIND_IMMEDIATE, NULL); if(ptr == NULL) { DSOerr(DSO_F_DL_LOAD,DSO_R_LOAD_FAILED); - return(0); + goto err; } if(!sk_push(dso->meth_data, (char *)ptr)) { DSOerr(DSO_F_DL_LOAD,DSO_R_STACK_ERROR); - shl_unload(ptr); - return(0); + goto err; } + /* Success, stick the converted filename we've loaded under into the DSO + * (it also serves as the indicator that we are currently loaded). */ + dso->loaded_filename = filename; return(1); +err: + /* Cleanup! */ + if(filename != NULL) + OPENSSL_free(filename); + if(ptr != NULL) + shl_unload(ptr); + return(0); } static int dl_unload(DSO *dso) @@ -187,7 +195,7 @@ static void *dl_bind_var(DSO *dso, const char *symname) DSOerr(DSO_F_DL_BIND_VAR,DSO_R_NULL_HANDLE); return(NULL); } - if (shl_findsym(ptr, symname, TYPE_UNDEFINED, &sym) < 0) + if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0) { DSOerr(DSO_F_DL_BIND_VAR,DSO_R_SYM_FAILURE); return(NULL); @@ -216,7 +224,7 @@ static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname) DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_NULL_HANDLE); return(NULL); } - if (shl_findsym(ptr, symname, TYPE_UNDEFINED, &sym) < 0) + if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0) { DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_SYM_FAILURE); return(NULL); @@ -224,4 +232,47 @@ static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname) return((DSO_FUNC_TYPE)sym); } +/* This function is identical to the one in dso_dlfcn.c, but as it is highly + * unlikely that both the "dl" *and* "dlfcn" variants are being compiled at the + * same time, there's no great duplicating the code. Figuring out an elegant + * way to share one copy of the code would be more difficult and would not + * leave the implementations independant. */ +#if defined(__hpux) +static const char extension[] = ".sl"; +#else +static const char extension[] = ".so"; +#endif +static char *dl_name_converter(DSO *dso, const char *filename) + { + char *translated; + int len, rsize, transform; + + len = strlen(filename); + rsize = len + 1; + transform = (strstr(filename, "/") == NULL); + { + /* We will convert this to "%s.s?" or "lib%s.s?" */ + rsize += strlen(extension);/* The length of ".s?" */ + if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) + rsize += 3; /* The length of "lib" */ + } + translated = OPENSSL_malloc(rsize); + if(translated == NULL) + { + DSOerr(DSO_F_DL_NAME_CONVERTER, + DSO_R_NAME_TRANSLATION_FAILED); + return(NULL); + } + if(transform) + { + if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) + sprintf(translated, "lib%s%s", filename, extension); + else + sprintf(translated, "%s%s", filename, extension); + } + else + sprintf(translated, "%s", filename); + return(translated); + } + #endif /* DSO_DL */ diff --git a/crypto/dso/dso_dlfcn.c b/crypto/dso/dso_dlfcn.c index 07bbf37456..22e5059dd8 100644 --- a/crypto/dso/dso_dlfcn.c +++ b/crypto/dso/dso_dlfcn.c @@ -74,7 +74,7 @@ DSO_METHOD *DSO_METHOD_dlfcn(void) /* Part of the hack in "dlfcn_load" ... */ #define DSO_MAX_TRANSLATED_SIZE 256 -static int dlfcn_load(DSO *dso, const char *filename); +static int dlfcn_load(DSO *dso); static int dlfcn_unload(DSO *dso); static void *dlfcn_bind_var(DSO *dso, const char *symname); static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname); @@ -84,6 +84,7 @@ static int dlfcn_init(DSO *dso); static int dlfcn_finish(DSO *dso); static long dlfcn_ctrl(DSO *dso, int cmd, long larg, void *parg); #endif +static char *dlfcn_name_converter(DSO *dso, const char *filename); static DSO_METHOD dso_meth_dlfcn = { "OpenSSL 'dlfcn' shared library method", @@ -97,6 +98,7 @@ static DSO_METHOD dso_meth_dlfcn = { NULL, /* unbind_func */ #endif NULL, /* ctrl */ + dlfcn_name_converter, NULL, /* init */ NULL /* finish */ }; @@ -130,41 +132,39 @@ DSO_METHOD *DSO_METHOD_dlfcn(void) * (i) the handle (void*) returned from dlopen(). */ -static int dlfcn_load(DSO *dso, const char *filename) +static int dlfcn_load(DSO *dso) { - void *ptr; - char translated[DSO_MAX_TRANSLATED_SIZE]; - int len; + void *ptr = NULL; + /* See applicable comments in dso_dl.c */ + char *filename = DSO_convert_filename(dso, NULL); - /* NB: This is a hideous hack, but I'm not yet sure what - * to replace it with. This attempts to convert any filename, - * that looks like it has no path information, into a - * translated form, e. "blah" -> "libblah.so" */ - len = strlen(filename); - if((dso->flags & DSO_FLAG_NAME_TRANSLATION) && - (len + 6 < DSO_MAX_TRANSLATED_SIZE) && - (strstr(filename, "/") == NULL)) - { - sprintf(translated, "lib%s.so", filename); - ptr = dlopen(translated, DLOPEN_FLAG); - } - else + if(filename == NULL) { - ptr = dlopen(filename, DLOPEN_FLAG); + DSOerr(DSO_F_DLFCN_LOAD,DSO_R_NO_FILENAME); + goto err; } + ptr = dlopen(filename, DLOPEN_FLAG); if(ptr == NULL) { DSOerr(DSO_F_DLFCN_LOAD,DSO_R_LOAD_FAILED); - return(0); + goto err; } if(!sk_push(dso->meth_data, (char *)ptr)) { DSOerr(DSO_F_DLFCN_LOAD,DSO_R_STACK_ERROR); - dlclose(ptr); - return(0); + goto err; } + /* Success */ + dso->loaded_filename = filename; return(1); - } +err: + /* Cleanup! */ + if(filename != NULL) + OPENSSL_free(filename); + if(ptr != NULL) + dlclose(ptr); + return(0); +} static int dlfcn_unload(DSO *dso) { @@ -249,4 +249,38 @@ static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname) return(sym); } +static char *dlfcn_name_converter(DSO *dso, const char *filename) + { + char *translated; + int len, rsize, transform; + + len = strlen(filename); + rsize = len + 1; + transform = (strstr(filename, "/") == NULL); + if(transform) + { + /* We will convert this to "%s.so" or "lib%s.so" */ + rsize += 3; /* The length of ".so" */ + if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) + rsize += 3; /* The length of "lib" */ + } + translated = OPENSSL_malloc(rsize); + if(translated == NULL) + { + DSOerr(DSO_F_DLFCN_NAME_CONVERTER, + DSO_R_NAME_TRANSLATION_FAILED); + return(NULL); + } + if(transform) + { + if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) + sprintf(translated, "lib%s.so", filename); + else + sprintf(translated, "%s.so", filename); + } + else + sprintf(translated, "%s", filename); + return(translated); + } + #endif /* DSO_DLFCN */ diff --git a/crypto/dso/dso_err.c b/crypto/dso/dso_err.c index a9b758d1c9..0d7134646e 100644 --- a/crypto/dso/dso_err.c +++ b/crypto/dso/dso_err.c @@ -69,17 +69,24 @@ static ERR_STRING_DATA DSO_str_functs[]= {ERR_PACK(0,DSO_F_DLFCN_BIND_FUNC,0), "DLFCN_BIND_FUNC"}, {ERR_PACK(0,DSO_F_DLFCN_BIND_VAR,0), "DLFCN_BIND_VAR"}, {ERR_PACK(0,DSO_F_DLFCN_LOAD,0), "DLFCN_LOAD"}, +{ERR_PACK(0,DSO_F_DLFCN_NAME_CONVERTER,0), "DLFCN_NAME_CONVERTER"}, {ERR_PACK(0,DSO_F_DLFCN_UNLOAD,0), "DLFCN_UNLOAD"}, {ERR_PACK(0,DSO_F_DL_BIND_FUNC,0), "DL_BIND_FUNC"}, {ERR_PACK(0,DSO_F_DL_BIND_VAR,0), "DL_BIND_VAR"}, {ERR_PACK(0,DSO_F_DL_LOAD,0), "DL_LOAD"}, +{ERR_PACK(0,DSO_F_DL_NAME_CONVERTER,0), "DL_NAME_CONVERTER"}, {ERR_PACK(0,DSO_F_DL_UNLOAD,0), "DL_UNLOAD"}, {ERR_PACK(0,DSO_F_DSO_BIND_FUNC,0), "DSO_bind_func"}, {ERR_PACK(0,DSO_F_DSO_BIND_VAR,0), "DSO_bind_var"}, +{ERR_PACK(0,DSO_F_DSO_CONVERT_FILENAME,0), "DSO_convert_filename"}, {ERR_PACK(0,DSO_F_DSO_CTRL,0), "DSO_ctrl"}, {ERR_PACK(0,DSO_F_DSO_FREE,0), "DSO_free"}, +{ERR_PACK(0,DSO_F_DSO_GET_FILENAME,0), "DSO_get_filename"}, +{ERR_PACK(0,DSO_F_DSO_GET_LOADED_FILENAME,0), "DSO_get_loaded_filename"}, {ERR_PACK(0,DSO_F_DSO_LOAD,0), "DSO_load"}, {ERR_PACK(0,DSO_F_DSO_NEW_METHOD,0), "DSO_new_method"}, +{ERR_PACK(0,DSO_F_DSO_SET_FILENAME,0), "DSO_set_filename"}, +{ERR_PACK(0,DSO_F_DSO_SET_NAME_CONVERTER,0), "DSO_set_name_converter"}, {ERR_PACK(0,DSO_F_DSO_UP,0), "DSO_up"}, {ERR_PACK(0,DSO_F_VMS_BIND_VAR,0), "VMS_BIND_VAR"}, {ERR_PACK(0,DSO_F_VMS_LOAD,0), "VMS_LOAD"}, @@ -87,6 +94,7 @@ static ERR_STRING_DATA DSO_str_functs[]= {ERR_PACK(0,DSO_F_WIN32_BIND_FUNC,0), "WIN32_BIND_FUNC"}, {ERR_PACK(0,DSO_F_WIN32_BIND_VAR,0), "WIN32_BIND_VAR"}, {ERR_PACK(0,DSO_F_WIN32_LOAD,0), "WIN32_LOAD"}, +{ERR_PACK(0,DSO_F_WIN32_NAME_CONVERTER,0), "WIN32_NAME_CONVERTER"}, {ERR_PACK(0,DSO_F_WIN32_UNLOAD,0), "WIN32_UNLOAD"}, {0,NULL} }; @@ -94,10 +102,14 @@ static ERR_STRING_DATA DSO_str_functs[]= static ERR_STRING_DATA DSO_str_reasons[]= { {DSO_R_CTRL_FAILED ,"control command failed"}, +{DSO_R_DSO_ALREADY_LOADED ,"dso already loaded"}, {DSO_R_FILENAME_TOO_BIG ,"filename too big"}, {DSO_R_FINISH_FAILED ,"cleanup method function failed"}, {DSO_R_LOAD_FAILED ,"could not load the shared library"}, +{DSO_R_NAME_TRANSLATION_FAILED ,"name translation failed"}, +{DSO_R_NO_FILENAME ,"no filename"}, {DSO_R_NULL_HANDLE ,"a null shared library handle was used"}, +{DSO_R_SET_FILENAME_FAILED ,"set filename failed"}, {DSO_R_STACK_ERROR ,"the meth_data stack is corrupt"}, {DSO_R_SYM_FAILURE ,"could not bind to the requested symbol name"}, {DSO_R_UNLOAD_FAILED ,"could not unload the shared library"}, diff --git a/crypto/dso/dso_lib.c b/crypto/dso/dso_lib.c index fc3d76034a..0202978fd8 100644 --- a/crypto/dso/dso_lib.c +++ b/crypto/dso/dso_lib.c @@ -164,6 +164,10 @@ int DSO_free(DSO *dso) } sk_free(dso->meth_data); + if(dso->filename != NULL) + OPENSSL_free(dso->filename); + if(dso->loaded_filename != NULL) + OPENSSL_free(dso->loaded_filename); OPENSSL_free(dso); return(1); @@ -192,48 +196,61 @@ DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags) DSO *ret; int allocated = 0; - if(filename == NULL) - { - DSOerr(DSO_F_DSO_LOAD,ERR_R_PASSED_NULL_PARAMETER); - return(NULL); - } if(dso == NULL) { ret = DSO_new_method(meth); if(ret == NULL) { DSOerr(DSO_F_DSO_LOAD,ERR_R_MALLOC_FAILURE); - return(NULL); + goto err; } allocated = 1; } else ret = dso; + /* Don't load if we're currently already loaded */ + if(dso->filename != NULL) + { + DSOerr(DSO_F_DSO_LOAD,DSO_R_DSO_ALREADY_LOADED); + goto err; + } + /* filename can only be NULL if we were passed a dso that already has + * one set. */ + if(filename != NULL) + if(!DSO_set_filename(dso, filename)) + { + DSOerr(DSO_F_DSO_LOAD,DSO_R_SET_FILENAME_FAILED); + goto err; + } + filename = dso->filename; + if(filename == NULL) + { + DSOerr(DSO_F_DSO_LOAD,DSO_R_NO_FILENAME); + goto err; + } /* Bleurgh ... have to check for negative return values for * errors. <grimace> */ if(DSO_ctrl(ret, DSO_CTRL_SET_FLAGS, flags, NULL) < 0) { DSOerr(DSO_F_DSO_LOAD,DSO_R_CTRL_FAILED); - if(allocated) - DSO_free(ret); - return(NULL); + goto err; } if(ret->meth->dso_load == NULL) { DSOerr(DSO_F_DSO_LOAD,DSO_R_UNSUPPORTED); - if(allocated) - DSO_free(ret); - return(NULL); + goto err; } - if(!ret->meth->dso_load(ret, filename)) + if(!ret->meth->dso_load(ret)) { DSOerr(DSO_F_DSO_LOAD,DSO_R_LOAD_FAILED); - if(allocated) - DSO_free(ret); - return(NULL); + goto err; } /* Load succeeded */ return(ret); +err: + if(allocated) + DSO_free(ret); + return(NULL); } void *DSO_bind_var(DSO *dso, const char *symname) @@ -320,3 +337,104 @@ long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg) } return(dso->meth->dso_ctrl(dso,cmd,larg,parg)); } + +int DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb, + DSO_NAME_CONVERTER_FUNC *oldcb) + { + if(dso == NULL) + { + DSOerr(DSO_F_DSO_SET_NAME_CONVERTER, + ERR_R_PASSED_NULL_PARAMETER); + return(0); + } + if(oldcb) + *oldcb = dso->name_converter; + dso->name_converter = cb; + return(1); + } + +const char *DSO_get_filename(DSO *dso) + { + if(dso == NULL) + { + DSOerr(DSO_F_DSO_GET_FILENAME,ERR_R_PASSED_NULL_PARAMETER); + return(NULL); + } + return(dso->filename); + } + +int DSO_set_filename(DSO *dso, const char *filename) + { + char *copied; + + if((dso == NULL) || (filename == NULL)) + { + DSOerr(DSO_F_DSO_SET_FILENAME,ERR_R_PASSED_NULL_PARAMETER); + return(0); + } + if(dso->loaded_filename) + { + DSOerr(DSO_F_DSO_SET_FILENAME,DSO_R_DSO_ALREADY_LOADED); + return(0); + } + /* We'll duplicate filename */ + copied = OPENSSL_malloc(strlen(filename) + 1); + if(copied == NULL) + { + DSOerr(DSO_F_DSO_SET_FILENAME,ERR_R_MALLOC_FAILURE); + return(0); + } + strcpy(copied, filename); + if(dso->filename) + OPENSSL_free(dso->filename); + dso->filename = copied; + return(1); + } + +char *DSO_convert_filename(DSO *dso, const char *filename) + { + char *result = NULL; + + if(dso == NULL) + { + DSOerr(DSO_F_DSO_CONVERT_FILENAME,ERR_R_PASSED_NULL_PARAMETER); + return(NULL); + } + if(filename == NULL) + filename = dso->filename; + if(filename == NULL) + { + DSOerr(DSO_F_DSO_CONVERT_FILENAME,DSO_R_NO_FILENAME); + return(NULL); + } + if((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) + { + if(dso->name_converter != NULL) + result = dso->name_converter(dso, filename); + else if(dso->meth->dso_name_converter != NULL) + result = dso->meth->dso_name_converter(dso, filename); + } + if(result == NULL) + { + result = OPENSSL_malloc(strlen(filename) + 1); + if(result == NULL) + { + DSOerr(DSO_F_DSO_CONVERT_FILENAME, + ERR_R_MALLOC_FAILURE); + return(NULL); + } + strcpy(result, filename); + } + return(result); + } + +const char *DSO_get_loaded_filename(DSO *dso) + { + if(dso == NULL) + { + DSOerr(DSO_F_DSO_GET_LOADED_FILENAME, + ERR_R_PASSED_NULL_PARAMETER); + return(NULL); + } + return(dso->loaded_filename); + } diff --git a/crypto/dso/dso_vms.c b/crypto/dso/dso_vms.c index 948f7a12bd..bd284535f1 100644 --- a/crypto/dso/dso_vms.c +++ b/crypto/dso/dso_vms.c @@ -78,7 +78,7 @@ DSO_METHOD *DSO_METHOD_vms(void) #else #pragma message disable DOLLARID -static int vms_load(DSO *dso, const char *filename); +static int vms_load(DSO *dso); static int vms_unload(DSO *dso); static void *vms_bind_var(DSO *dso, const char *symname); static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname); @@ -89,6 +89,7 @@ static int vms_init(DSO *dso); static int vms_finish(DSO *dso); static long vms_ctrl(DSO *dso, int cmd, long larg, void *parg); #endif +static char *vms_name_converter(DSO *dso); static DSO_METHOD dso_meth_vms = { "OpenSSL 'VMS' shared library method", @@ -102,6 +103,7 @@ static DSO_METHOD dso_meth_vms = { NULL, /* unbind_func */ #endif NULL, /* ctrl */ + vms_name_converter, NULL, /* init */ NULL /* finish */ }; @@ -129,8 +131,9 @@ DSO_METHOD *DSO_METHOD_vms(void) return(&dso_meth_vms); } -static int vms_load(DSO *dso, const char *filename) +static int vms_load(DSO *dso) { +#if 0 DSO_VMS_INTERNAL *p; const char *sp1, *sp2; /* Search result */ @@ -208,6 +211,12 @@ static int vms_load(DSO *dso, const char *filename) return(0); } return(1); +#else + /* See the comments lower down in the vms_name_converter + * "implementation" :-) */ + please_break_compilation(); + return(bother_richard); +#endif } /* Note that this doesn't actually unload the shared image, as there is no @@ -344,4 +353,26 @@ static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname) return sym; } +static char *vms_name_converter(DSO *dso) + { + /* Implementation note: on VMS is it preferable to do real conversions + * here, or to actually have it performed in-line with the bind calls + * (given that VMS never actually does a load except implicitly within + * the bind functions). Another note: normally (eg. dlfcn), the + * DSO_load call will either load, put the loaded filename into the DSO + * (which marks it effectively as "read-only"), and return success - or + * it will fail. VMS needs to work out what to do - otherwise DSO_load + * will always succeed, but leave the DSO looking unloaded (because the + * loaded_filename will be NULL still) and then real loading (and + * setting of loaded_filename) will only happen during the first bind + * call (which should have error checking anyway to prevent you calling + * it on an "unloaded" DSO - thus giving VMS *serious* grief). Richard, + * what do you think? Is it worth having DSO_load() try to find and pin + * itself to a library file (and populate loaded_filename) even though + * it's unecessary to actually do a load prior to the first bind call? + * I leave it to you ... :-) */ + deliberately_break_compilation_here(); + return(1); + } + #endif /* VMS */ diff --git a/crypto/dso/dso_win32.c b/crypto/dso/dso_win32.c index 412693dda6..e7d0a2be28 100644 --- a/crypto/dso/dso_win32.c +++ b/crypto/dso/dso_win32.c @@ -71,7 +71,7 @@ DSO_METHOD *DSO_METHOD_win32(void) /* Part of the hack in "win32_load" ... */ #define DSO_MAX_TRANSLATED_SIZE 256 -static int win32_load(DSO *dso, const char *filename); +static int win32_load(DSO *dso); static int win32_unload(DSO *dso); static void *win32_bind_var(DSO *dso, const char *symname); static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname); @@ -82,6 +82,7 @@ static int win32_init(DSO *dso); static int win32_finish(DSO *dso); static long win32_ctrl(DSO *dso, int cmd, long larg, void *parg); #endif +static char *win32_name_converter(DSO *dso, const char *filename); static DSO_METHOD dso_meth_win32 = { "OpenSSL 'win32' shared library method", @@ -95,6 +96,7 @@ static DSO_METHOD dso_meth_win32 = { NULL, /* unbind_func */ #endif NULL, /* ctrl */ + win32_name_converter, NULL, /* init */ NULL /* finish */ }; @@ -109,50 +111,47 @@ DSO_METHOD *DSO_METHOD_win32(void) * LoadLibrary(), and copied. */ -static int win32_load(DSO *dso, const char *filename) +static int win32_load(DSO *dso) { - HINSTANCE h, *p; - char translated[DSO_MAX_TRANSLATED_SIZE]; - int len; - - /* NB: This is a hideous hack, but I'm not yet sure what - * to replace it with. This attempts to convert any filename, - * that looks like it has no path information, into a - * translated form, e. "blah" -> "blah.dll" ... I'm more - * comfortable putting hacks into win32 code though ;-) */ - len = strlen(filename); - if((dso->flags & DSO_FLAG_NAME_TRANSLATION) && - (len + 4 < DSO_MAX_TRANSLATED_SIZE) && - (strstr(filename, "/") == NULL) && - (strstr(filename, "\\") == NULL) && - (strstr(filename, ":") == NULL)) + HINSTANCE h = NULL, *p = NULL; + /* See applicable comments from dso_dl.c */ + char *filename = DSO_convert_filename(dso, NULL); + + if(filename == NULL) { - sprintf(translated, "%s.dll", filename); - h = LoadLibrary(translated); + DSOerr(DSO_F_WIN32_LOAD,DSO_R_NO_FILENAME); + goto err; } - else - h = LoadLibrary(filename); + h = LoadLibrary(filename); if(h == NULL) { DSOerr(DSO_F_WIN32_LOAD,DSO_R_LOAD_FAILED); - return(0); + goto err; } p = (HINSTANCE *)OPENSSL_malloc(sizeof(HINSTANCE)); if(p == NULL) { DSOerr(DSO_F_WIN32_LOAD,ERR_R_MALLOC_FAILURE); - FreeLibrary(h); - return(0); + goto err; } *p = h; if(!sk_push(dso->meth_data, (char *)p)) { DSOerr(DSO_F_WIN32_LOAD,DSO_R_STACK_ERROR); - FreeLibrary(h); - OPENSSL_free(p); - return(0); + goto err; } + /* Success */ + dso->loaded_filename = filename; return(1); +err: + /* Cleanup !*/ + if(filename != NULL) + OPENSSL_free(filename); + if(p != NULL) + OPENSSL_free(p); + if(h != NULL) + FreeLibrary(h); + return(0); } static int win32_unload(DSO *dso) @@ -246,4 +245,32 @@ static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname) return((DSO_FUNC_TYPE)sym); } +static char *win32_name_converter(DSO *dso, const char *filename) + { + char *translated; + int len, transform; + + len = strlen(filename); + transform = ((strstr(filename, "/") == NULL) && + (strstr(filename, "\\") == NULL) && + (strstr(filename, ":") == NULL)); + if(transform) + /* We will convert this to "%s.dll" */ + translated = OPENSSL_malloc(len + 5); + else + /* We will simply duplicate filename */ + translated = OPENSSL_malloc(len + 1); + if(translated == NULL) + { + DSOerr(DSO_F_WIN32_NAME_CONVERTER, + DSO_R_NAME_TRANSLATION_FAILED); + return(NULL); + } + if(transform) + sprintf(translated, "%s.dll", filename); + else + sprintf(translated, "%s", filename); + return(translated); + } + #endif /* WIN32 */ diff --git a/crypto/engine/hw_atalla.c b/crypto/engine/hw_atalla.c index 3bb992a193..e536420480 100644 --- a/crypto/engine/hw_atalla.c +++ b/crypto/engine/hw_atalla.c @@ -236,8 +236,7 @@ static int atalla_init() * drivers really use - for now a symbollic link needs to be * created on the host system from libatasi.so to atasi.so on * unix variants. */ - atalla_dso = DSO_load(NULL, ATALLA_LIBNAME, NULL, - DSO_FLAG_NAME_TRANSLATION); + atalla_dso = DSO_load(NULL, ATALLA_LIBNAME, NULL, 0); if(atalla_dso == NULL) { ENGINEerr(ENGINE_F_ATALLA_INIT,ENGINE_R_DSO_FAILURE); diff --git a/crypto/engine/hw_cswift.c b/crypto/engine/hw_cswift.c index 77608b8983..5747973c74 100644 --- a/crypto/engine/hw_cswift.c +++ b/crypto/engine/hw_cswift.c @@ -264,8 +264,7 @@ static int cswift_init() goto err; } /* Attempt to load libswift.so/swift.dll/whatever. */ - cswift_dso = DSO_load(NULL, CSWIFT_LIBNAME, NULL, - DSO_FLAG_NAME_TRANSLATION); + cswift_dso = DSO_load(NULL, CSWIFT_LIBNAME, NULL, 0); if(cswift_dso == NULL) { ENGINEerr(ENGINE_F_CSWIFT_INIT,ENGINE_R_DSO_FAILURE); diff --git a/crypto/engine/hw_ncipher.c b/crypto/engine/hw_ncipher.c index 6e65720a18..f6b06e468f 100644 --- a/crypto/engine/hw_ncipher.c +++ b/crypto/engine/hw_ncipher.c @@ -393,8 +393,7 @@ static int hwcrhk_init() goto err; } /* Attempt to load libnfhwcrhk.so/nfhwcrhk.dll/whatever. */ - hwcrhk_dso = DSO_load(NULL, HWCRHK_LIBNAME, NULL, - DSO_FLAG_NAME_TRANSLATION); + hwcrhk_dso = DSO_load(NULL, HWCRHK_LIBNAME, NULL, 0); if(hwcrhk_dso == NULL) { ENGINEerr(ENGINE_F_HWCRHK_INIT,ENGINE_R_DSO_FAILURE); diff --git a/crypto/engine/hw_nuron.c b/crypto/engine/hw_nuron.c index 8e7e3cf18c..d8a3e3f1fa 100644 --- a/crypto/engine/hw_nuron.c +++ b/crypto/engine/hw_nuron.c @@ -68,8 +68,10 @@ #ifndef NO_HW #ifndef NO_HW_NURON -static int (*pfnModExp)(BIGNUM *r,BIGNUM *a,const BIGNUM *p,const BIGNUM *m); -void *pvDSOHandle; +typedef int tfnModExp(BIGNUM *r,BIGNUM *a,const BIGNUM *p,const BIGNUM *m); +static tfnModExp *pfnModExp = NULL; + +static DSO *pvDSOHandle = NULL; static int nuron_init() { @@ -79,15 +81,15 @@ static int nuron_init() return 0; } - pvDSOHandle=dlopen("nuronssl.so",RTLD_NOW); + pvDSOHandle=DSO_load(NULL,"nuronssl",NULL, + DSO_FLAG_NAME_TRANSLATION_EXT_ONLY); if(!pvDSOHandle) { ENGINEerr(ENGINE_F_NURON_INIT,ENGINE_R_DSO_NOT_FOUND); return 0; } - pfnModExp=(int (*)(BIGNUM *r,BIGNUM *a,const BIGNUM *p, - const BIGNUM *m))dlsym(pvDSOHandle,"nuron_mod_exp"); + pfnModExp=(tfnModExp *)DSO_bind_func(pvDSOHandle,"nuron_mod_exp"); if(!pfnModExp) { ENGINEerr(ENGINE_F_NURON_INIT,ENGINE_R_DSO_FUNCTION_NOT_FOUND); diff --git a/crypto/evp/e_rd.c b/crypto/evp/e_rd.c index e51d9bc1ec..78122edc7a 100644 --- a/crypto/evp/e_rd.c +++ b/crypto/evp/e_rd.c @@ -55,8 +55,8 @@ static EVP_CIPHER rd_cipher[3][3]; -static anSizes[]={16,24,32}; -static anNIDs[3][3]= +static int anSizes[]={16,24,32}; +static int anNIDs[3][3]= { { NID_rijndael_ecb_k128_b128,NID_rijndael_ecb_k192_b128,NID_rijndael_ecb_k256_b128 }, { NID_rijndael_ecb_k128_b192,NID_rijndael_ecb_k192_b192,NID_rijndael_ecb_k256_b192 }, diff --git a/crypto/ex_data.c b/crypto/ex_data.c index 1ee88da2a8..739e543d78 100644 --- a/crypto/ex_data.c +++ b/crypto/ex_data.c @@ -101,7 +101,7 @@ int CRYPTO_get_ex_new_index(int idx, STACK_OF(CRYPTO_EX_DATA_FUNCS) **skp, long ret=idx; err: MemCheck_on(); - return(idx); + return(ret); } int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val) diff --git a/crypto/sha/asm/sha1-586.pl b/crypto/sha/asm/sha1-586.pl index 09df993ecd..fe51fd0794 100644 --- a/crypto/sha/asm/sha1-586.pl +++ b/crypto/sha/asm/sha1-586.pl @@ -317,7 +317,7 @@ sub BODY_60_79 sub sha1_block_host { - local($name)=@_; + local($name, $sclabel)=@_; &function_begin_B($name,""); @@ -352,7 +352,7 @@ sub sha1_block_host &mov(&swtmp($i+0),$A); &mov(&swtmp($i+1),$B); } - &jmp(&label("shortcut")); + &jmp($sclabel); &function_end_B($name); } @@ -529,10 +529,12 @@ sub sha1_block_data &pop("esi"); &ret(); - # it has to reside within sha1_block_asm_host_order body - # because it calls &jmp(&label("shortcut")); - &sha1_block_host("sha1_block_asm_host_order"); + # keep a note of shortcut label so it can be used outside + # block. + my $sclabel = &label("shortcut"); &function_end_B($name); + # Putting this here avoids problems with MASM in debugging mode + &sha1_block_host("sha1_block_asm_host_order", $sclabel); } diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c index cac64a6f40..448bd7e69c 100644 --- a/crypto/x509/by_dir.c +++ b/crypto/x509/by_dir.c @@ -327,7 +327,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, * it out again */ CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE); j = sk_X509_OBJECT_find(xl->store_ctx->objs,&stmp); - if(j != -1) tmp=sk_X509_OBJECT_value(xl->store_ctx->objs,i); + if(j != -1) tmp=sk_X509_OBJECT_value(xl->store_ctx->objs,j); else tmp = NULL; CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE); diff --git a/demos/ssl/cli.cpp b/demos/ssl/cli.cpp index daea2bd9c7..49cba5da0c 100644 --- a/demos/ssl/cli.cpp +++ b/demos/ssl/cli.cpp @@ -79,12 +79,12 @@ void main () str = X509_NAME_oneline (X509_get_subject_name (server_cert),0,0); CHK_NULL(str); printf ("\t subject: %s\n", str); - Free (str); + OPENSSL_free (str); str = X509_NAME_oneline (X509_get_issuer_name (server_cert),0,0); CHK_NULL(str); printf ("\t issuer: %s\n", str); - Free (str); + OPENSSL_free (str); /* We could do all sorts of certificate verification stuff here before deallocating the certificate. */ diff --git a/demos/ssl/inetdsrv.cpp b/demos/ssl/inetdsrv.cpp index 5b09227210..efd70d2771 100644 --- a/demos/ssl/inetdsrv.cpp +++ b/demos/ssl/inetdsrv.cpp @@ -65,12 +65,12 @@ void main () str = X509_NAME_oneline (X509_get_subject_name (client_cert)); CHK_NULL(str); fprintf (log, "\t subject: %s\n", str); - Free (str); + OPENSSL_free (str); str = X509_NAME_oneline (X509_get_issuer_name (client_cert)); CHK_NULL(str); fprintf (log, "\t issuer: %s\n", str); - Free (str); + OPENSSL_free (str); /* We could do all sorts of certificate verification stuff here before deallocating the certificate. */ diff --git a/demos/ssl/serv.cpp b/demos/ssl/serv.cpp index aec610d018..b142c758d2 100644 --- a/demos/ssl/serv.cpp +++ b/demos/ssl/serv.cpp @@ -121,12 +121,12 @@ void main () str = X509_NAME_oneline (X509_get_subject_name (client_cert), 0, 0); CHK_NULL(str); printf ("\t subject: %s\n", str); - Free (str); + OPENSSL_free (str); str = X509_NAME_oneline (X509_get_issuer_name (client_cert), 0, 0); CHK_NULL(str); printf ("\t issuer: %s\n", str); - Free (str); + OPENSSL_free (str); /* We could do all sorts of certificate verification stuff here before deallocating the certificate. */ diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod index 3a5bf46e28..fcb52226dd 100644 --- a/doc/apps/s_server.pod +++ b/doc/apps/s_server.pod @@ -7,7 +7,7 @@ s_server - SSL/TLS server program =head1 SYNOPSIS -B<openssl> B<s_client> +B<openssl> B<s_server> [B<-accept port>] [B<-context id>] [B<-verify depth>] diff --git a/doc/crypto/BIO_s_accept.pod b/doc/crypto/BIO_s_accept.pod index b2b8e911e8..55e4b730b9 100644 --- a/doc/crypto/BIO_s_accept.pod +++ b/doc/crypto/BIO_s_accept.pod @@ -10,31 +10,31 @@ BIO_get_bind_mode, BIO_do_accept - accept BIO #include <openssl/bio.h> - BIO_METHOD * BIO_s_accept(void); + BIO_METHOD *BIO_s_accept(void); - #define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name) - #define BIO_get_accept_port(b) BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0) + long BIO_set_accept_port(BIO *b, char *name); + char *BIO_get_accept_port(BIO *b); BIO *BIO_new_accept(char *host_port); - #define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?"a":NULL) - #define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(char *)bio) + long BIO_set_nbio_accept(BIO *b, int n); + long BIO_set_accept_bios(BIO *b, char *bio); - #define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL) - #define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL) + long BIO_set_bind_mode(BIO *b, long mode); + long BIO_get_bind_mode(BIO *b, long dummy); #define BIO_BIND_NORMAL 0 #define BIO_BIND_REUSEADDR_IF_UNUSED 1 #define BIO_BIND_REUSEADDR 2 - #define BIO_do_accept(b) BIO_do_handshake(b) + int BIO_do_accept(BIO *b); =head1 DESCRIPTION BIO_s_accept() returns the accept BIO method. This is a wrapper round the platform's TCP/IP socket accept routines. -Using accept BIOs TCP/IP connections can be accepted and data +Using accept BIOs, TCP/IP connections can be accepted and data transferred using only BIO routines. In this way any platform specific operations are hidden by the BIO abstraction. @@ -130,13 +130,17 @@ however because the accept BIO will still accept additional incoming connections. This can be resolved by using BIO_pop() (see above) and freeing up the accept BIO after the initial connection. -If the underlying accept socket is non blocking and BIO_do_accept() is +If the underlying accept socket is non-blocking and BIO_do_accept() is called to await an incoming connection it is possible for BIO_should_io_special() with the reason BIO_RR_ACCEPT. If this happens then it is an indication that an accept attempt would block: the application should take appropriate action to wait until the underlying socket has accepted a connection and retry the call. +BIO_set_accept_port(), BIO_get_accept_port(), BIO_set_nbio_accept(), +BIO_set_accept_bios(), BIO_set_bind_mode(), BIO_get_bind_mode() and +BIO_do_accept() are macros. + =head1 RETURN VALUES TBA diff --git a/doc/crypto/BIO_s_connect.pod b/doc/crypto/BIO_s_connect.pod index fe1aa679d4..bcf7d8dcac 100644 --- a/doc/crypto/BIO_s_connect.pod +++ b/doc/crypto/BIO_s_connect.pod @@ -13,25 +13,27 @@ BIO_set_nbio, BIO_do_connect - connect BIO BIO_METHOD * BIO_s_connect(void); - #define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0,(char *)name) - #define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port) - #define BIO_set_conn_ip(b,ip) BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)ip) - #define BIO_set_conn_int_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,3,(char *)port) - #define BIO_get_conn_hostname(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0) - #define BIO_get_conn_port(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1) - #define BIO_get_conn_ip(b,ip) BIO_ptr_ctrl(b,BIO_C_SET_CONNECT,2) - #define BIO_get_conn_int_port(b,port) BIO_int_ctrl(b,BIO_C_SET_CONNECT,3,port) + BIO *BIO_new_connect(char *name); - #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) + long BIO_set_conn_hostname(BIO *b, char *name); + long BIO_set_conn_port(BIO *b, char *port); + long BIO_set_conn_ip(BIO *b, char *ip); + long BIO_set_conn_int_port(BIO *b, char *port); + char *BIO_get_conn_hostname(BIO *b); + char *BIO_get_conn_port(BIO *b); + char *BIO_get_conn_ip(BIO *b, dummy); + long BIO_get_conn_int_port(BIO *b, int port); - #define BIO_do_connect(b) BIO_do_handshake(b) + long BIO_set_nbio(BIO *b, long n); + + int BIO_do_connect(BIO *b); =head1 DESCRIPTION BIO_s_connect() returns the connect BIO method. This is a wrapper round the platform's TCP/IP socket connection routines. -Using connect BIOs TCP/IP connections can be made and data +Using connect BIOs, TCP/IP connections can be made and data transferred using only BIO routines. In this way any platform specific operations are hidden by the BIO abstraction. @@ -54,7 +56,7 @@ BIO_get_fd() places the underlying socket in B<c> if it is not NULL, it also returns the socket . If B<c> is not NULL it should be of type (int *). -BIO_set_conn_hostname() uses the string B<name> to set the hostname +BIO_set_conn_hostname() uses the string B<name> to set the hostname. The hostname can be an IP address. The hostname can also include the port in the form hostname:port . It is also acceptable to use the form "hostname/any/other/path" or "hostname:port/any/other/path". @@ -87,6 +89,9 @@ is set. Blocking I/O is the default. The call to BIO_set_nbio() should be made before the connection is established because non blocking I/O is set during the connect process. +BIO_new_connect() combines BIO_new() and BIO_set_conn_hostname() into +a single call: that is it creates a new connect BIO with B<name>. + BIO_do_connect() attempts to connect the supplied BIO. It returns 1 if the connection was established successfully. A zero or negative value is returned if the connection could not be established, the @@ -123,6 +128,11 @@ then this is an indication that a connection attempt would block, the application should then take appropriate action to wait until the underlying socket has connected and retry the call. +BIO_set_conn_hostname(), BIO_set_conn_port(), BIO_set_conn_ip(), +BIO_set_conn_int_port(), BIO_get_conn_hostname(), BIO_get_conn_port(), +BIO_get_conn_ip(), BIO_get_conn_int_port(), BIO_set_nbio() and +BIO_do_connect() are macros. + =head1 RETURN VALUES BIO_s_connect() returns the connect BIO method. diff --git a/doc/crypto/BIO_s_socket.pod b/doc/crypto/BIO_s_socket.pod index 253185185c..1c8d3a9110 100644 --- a/doc/crypto/BIO_s_socket.pod +++ b/doc/crypto/BIO_s_socket.pod @@ -8,10 +8,10 @@ BIO_s_socket, BIO_new_socket - socket BIO #include <openssl/bio.h> - BIO_METHOD * BIO_s_socket(void); + BIO_METHOD *BIO_s_socket(void); - #define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd) - #define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c) + long BIO_set_fd(BIO *b, int fd, long close_flag); + long BIO_get_fd(BIO *b, int *c); BIO *BIO_new_socket(int sock, int close_flag); @@ -27,10 +27,10 @@ If the close flag is set then the socket is shut down and closed when the BIO is freed. BIO_set_fd() sets the socket of BIO B<b> to B<fd> and the close -flag to B<c>. +flag to B<close_flag>. BIO_get_fd() places the socket in B<c> if it is not NULL, it also -returns the socket . If B<c> is not NULL it should be of type (int *). +returns the socket. If B<c> is not NULL it should be of type (int *). BIO_new_socket() returns a socket BIO using B<sock> and B<close_flag>. @@ -44,6 +44,8 @@ platforms sockets are not file descriptors and use distinct I/O routines, Windows is one such platform. Any code mixing the two will not work on all platforms. +BIO_set_fd() and BIO_get_fd() are macros. + =head1 RETURN VALUES BIO_s_socket() returns the socket BIO method. diff --git a/doc/ssl/SSL_CTX_new.pod b/doc/ssl/SSL_CTX_new.pod index e166c692c3..8b16ea3c90 100644 --- a/doc/ssl/SSL_CTX_new.pod +++ b/doc/ssl/SSL_CTX_new.pod @@ -33,9 +33,9 @@ understand SSLv2 client hello messages. =item SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void) A TLS/SSL connection established with these methods will only understand the -SSLv3 and TLSv1 protocol. A client will send out SSLv3 client hello messages -and will indicate that it also understands TLSv1. A server will only understand -SSLv3 and TLSv1 client hello messages. This especially means, that it will +SSLv3 protocol. A client will send out SSLv3 client hello messages +and will indicate that it only understands SSLv3. A server will only understand +SSLv3 client hello messages. This especially means, that it will not understand SSLv2 client hello messages which are widely used for compatibility reasons, see SSLv23_*_method(). @@ -46,7 +46,8 @@ TLSv1 protocol. A client will send out TLSv1 client hello messages and will indicate that it only understands TLSv1. A server will only understand TLSv1 client hello messages. This especially means, that it will not understand SSLv2 client hello messages which are widely used for -compatibility reasons, see SSLv23_*_method(). +compatibility reasons, see SSLv23_*_method(). It will also not understand +SSLv3 client hello messages. =item SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void) diff --git a/doc/ssl/SSL_CTX_set_verify.pod b/doc/ssl/SSL_CTX_set_verify.pod index f405a6a5c3..9d7b7a9070 100644 --- a/doc/ssl/SSL_CTX_set_verify.pod +++ b/doc/ssl/SSL_CTX_set_verify.pod @@ -187,7 +187,7 @@ certificates. * SSL_CTX_set_verify_depth() is by purpose set to "limit+1" so * that whenever the "depth>verify_depth" condition is met, we * have violated the limit and want to log this error condition. - * We must do it here, because the CHAIN_TO_LONG error would not + * We must do it here, because the CHAIN_TOO_LONG error would not * be found explicitly; only errors introduced by cutting off the * additional certificates would be logged. */ diff --git a/doc/ssl/SSL_connect.pod b/doc/ssl/SSL_connect.pod index 0316f8df1c..00813ecfff 100644 --- a/doc/ssl/SSL_connect.pod +++ b/doc/ssl/SSL_connect.pod @@ -64,6 +64,6 @@ to find out the reason. =head1 SEE ALSO L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_accept(3)|SSL_accept(3)>, -L<SSL_shutdown(3)|SSL_shutdown(3)>, L<ssl(3)|ssl(3)> , L<bio(3)|bio(3)> +L<SSL_shutdown(3)|SSL_shutdown(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)> =cut diff --git a/doc/ssl/SSL_write.pod b/doc/ssl/SSL_write.pod index 7ce625ac21..01e3d2c596 100644 --- a/doc/ssl/SSL_write.pod +++ b/doc/ssl/SSL_write.pod @@ -31,7 +31,7 @@ when the underlying BIO could not satisfy the needs of SSL_write() to continue the operation. In this case a call to SSL_get_error() with the return value of SSL_write() will yield B<SSL_ERROR_WANT_READ> or B<SSL_ERROR_WANT_WRITE>. As at any time a re-negotiation is possible, a -call to SSL_write() can also cause write operations! The calling process +call to SSL_write() can also cause read operations! The calling process then must repeat the call after taking appropriate action to satisfy the needs of SSL_write(). The action depends on the underlying BIO. When using a non-blocking socket, nothing is to be done, but select() can be used to check diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod index 557378d723..87f698fba9 100644 --- a/doc/ssl/ssl.pod +++ b/doc/ssl/ssl.pod @@ -13,6 +13,69 @@ The OpenSSL B<ssl> library implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols. It provides a rich API which is documented here. +At first the library must be initialized; see +L<SSL_library_init(3)|SSL_library_init(3)>. + +Then an B<SSL_CTX> object is created as a framework to establish +TLS/SSL enabled connections (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>). +Various options regarding certificates, algorithms etc. can be set +in this object. + +When a network connection has been created, it can be assigned to an +B<SSL> object. After the B<SSL> object has been created using +L<SSL_new(3)|SSL_new(3)>, L<SSL_set_fd(3)|SSL_set_fd(3)> or +L<SSL_set_bio(3)|SSL_set_bio(3)> can be used to associate the network +connection with the object. + +Then the TLS/SSL handshake is performed using +L<SSL_accept(3)|SSL_accept(3)> or L<SSL_connect(3)|SSL_connect(3)> +respectively. +L<SSL_read(3)|SSL_read(3)> and L<SSL_write(3)|SSL_write(3)> are used +to read and write data on the TLS/SSL connection. +L<SSL_shutdown(3)|SSL_shutdown(3)> can be used to shut down the +TLS/SSL connection. + +=head1 DATA STRUCTURES + +Currently the OpenSSL B<ssl> library functions deals with the following data +structures: + +=over 4 + +=item B<SSL_METHOD> (SSL Method) + +That's a dispatch structure describing the internal B<ssl> library +methods/functions which implement the various protocol versions (SSLv1, SSLv2 +and TLSv1). It's needed to create an B<SSL_CTX>. + +=item B<SSL_CIPHER> (SSL Cipher) + +This structure holds the algorithm information for a particular cipher which +are a core part of the SSL/TLS protocol. The available ciphers are configured +on a B<SSL_CTX> basis and the actually used ones are then part of the +B<SSL_SESSION>. + +=item B<SSL_CTX> (SSL Context) + +That's the global context structure which is created by a server or client +once per program life-time and which holds mainly default values for the +B<SSL> structures which are later created for the connections. + +=item B<SSL_SESSION> (SSL Session) + +This is a structure containing the current TLS/SSL session details for a +connection: B<SSL_CIPHER>s, client and server certificates, keys, etc. + +=item B<SSL> (SSL Connection) + +That's the main SSL/TLS structure which is created by a server or client per +established connection. This actually is the core structure in the SSL API. +Under run-time the application usually deals with this structure which has +links to mostly all other structures. + +=back + + =head1 HEADER FILES Currently the OpenSSL B<ssl> library provides the following C header files @@ -55,46 +118,6 @@ it's already included by ssl.h>. =back -=head1 DATA STRUCTURES - -Currently the OpenSSL B<ssl> library functions deals with the following data -structures: - -=over 4 - -=item B<SSL_METHOD> (SSL Method) - -That's a dispatch structure describing the internal B<ssl> library -methods/functions which implement the various protocol versions (SSLv1, SSLv2 -and TLSv1). It's needed to create an B<SSL_CTX>. - -=item B<SSL_CIPHER> (SSL Cipher) - -This structure holds the algorithm information for a particular cipher which -are a core part of the SSL/TLS protocol. The available ciphers are configured -on a B<SSL_CTX> basis and the actually used ones are then part of the -B<SSL_SESSION>. - -=item B<SSL_CTX> (SSL Context) - -That's the global context structure which is created by a server or client -once per program life-time and which holds mainly default values for the -B<SSL> structures which are later created for the connections. - -=item B<SSL_SESSION> (SSL Session) - -This is a structure containing the current TLS/SSL session details for a -connection: B<SSL_CIPHER>s, client and server certificates, keys, etc. - -=item B<SSL> (SSL Connection) - -That's the main SSL/TLS structure which is created by a server or client per -established connection. This actually is the core structure in the SSL API. -Under run-time the application usually deals with this structure which has -links to mostly all other structures. - -=back - =head1 API FUNCTIONS Currently the OpenSSL B<ssl> library exports 214 API functions. diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 2ef8a50785..4763f2a6d7 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -1278,7 +1278,7 @@ static void free_tmp_rsa(void) * $ openssl dhparam -C -noout -dsaparam 1024 * (The third function has been renamed to avoid name conflicts.) */ -DH *get_dh512() +static DH *get_dh512() { static unsigned char dh512_p[]={ 0xCB,0xC8,0xE1,0x86,0xD0,0x1F,0x94,0x17,0xA6,0x99,0xF0,0xC6, @@ -1301,7 +1301,7 @@ DH *get_dh512() return(dh); } -DH *get_dh1024() +static DH *get_dh1024() { static unsigned char dh1024_p[]={ 0xF8,0x81,0x89,0x7D,0x14,0x24,0xC5,0xD1,0xE6,0xF7,0xBF,0x3A, @@ -1329,7 +1329,7 @@ DH *get_dh1024() return(dh); } -DH *get_dh1024dsa() +static DH *get_dh1024dsa() { static unsigned char dh1024_p[]={ 0xC8,0x00,0xF7,0x08,0x07,0x89,0x4D,0x90,0x53,0xF3,0xD5,0x00, diff --git a/util/libeay.num b/util/libeay.num index 3b036ae31f..4594b755d1 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -1873,61 +1873,62 @@ BIO_f_linebuffer 2463 EXIST:VMS:FUNCTION: X509_print_ex 2464 EXIST::FUNCTION: X509_print_ex_fp 2465 EXIST::FUNCTION:FP_API EVP_rijndael_ecb 2466 EXIST::FUNCTION: -ERR_load_ENGINE_strings 2467 EXIST::FUNCTION: -ENGINE_set_DSA 2468 EXIST::FUNCTION: -ENGINE_get_finish_function 2469 EXIST::FUNCTION: -ENGINE_get_default_RSA 2470 EXIST::FUNCTION: -ENGINE_get_BN_mod_exp 2471 EXIST::FUNCTION: -DSA_get_default_openssl_method 2472 EXIST::FUNCTION:DSA -ENGINE_set_DH 2473 EXIST::FUNCTION: -ENGINE_set_default_BN_mod_exp_crt 2474 EXIST:!VMS:FUNCTION: -ENGINE_set_def_BN_mod_exp_crt 2474 EXIST:VMS:FUNCTION: -ENGINE_init 2475 EXIST::FUNCTION: -DH_get_default_openssl_method 2476 EXIST::FUNCTION:DH -RSA_set_default_openssl_method 2477 EXIST::FUNCTION:RSA -ENGINE_finish 2478 EXIST::FUNCTION: -ENGINE_load_public_key 2479 EXIST::FUNCTION: -ENGINE_get_DH 2480 EXIST::FUNCTION: -ENGINE_ctrl 2481 EXIST::FUNCTION: -ENGINE_get_init_function 2482 EXIST::FUNCTION: -ENGINE_set_init_function 2483 EXIST::FUNCTION: -ENGINE_set_default_DSA 2484 EXIST::FUNCTION: -ENGINE_get_name 2485 EXIST::FUNCTION: -ENGINE_get_last 2486 EXIST::FUNCTION: -ENGINE_get_prev 2487 EXIST::FUNCTION: -ENGINE_get_default_DH 2488 EXIST::FUNCTION: -ENGINE_get_RSA 2489 EXIST::FUNCTION: -ENGINE_set_default 2490 EXIST::FUNCTION: -ENGINE_get_RAND 2491 EXIST::FUNCTION: -ENGINE_get_first 2492 EXIST::FUNCTION: -ENGINE_by_id 2493 EXIST::FUNCTION: -ENGINE_set_finish_function 2494 EXIST::FUNCTION: -ENGINE_get_default_BN_mod_exp_crt 2495 EXIST:!VMS:FUNCTION: -ENGINE_get_def_BN_mod_exp_crt 2495 EXIST:VMS:FUNCTION: -RSA_get_default_openssl_method 2496 EXIST::FUNCTION:RSA -ENGINE_set_RSA 2497 EXIST::FUNCTION: -ENGINE_load_private_key 2498 EXIST::FUNCTION: -ENGINE_set_default_RAND 2499 EXIST::FUNCTION: -ENGINE_set_BN_mod_exp 2500 EXIST::FUNCTION: -ENGINE_remove 2501 EXIST::FUNCTION: -ENGINE_free 2502 EXIST::FUNCTION: -ENGINE_get_BN_mod_exp_crt 2503 EXIST::FUNCTION: -ENGINE_get_next 2504 EXIST::FUNCTION: -ENGINE_set_name 2505 EXIST::FUNCTION: -ENGINE_get_default_DSA 2506 EXIST::FUNCTION: -ENGINE_set_default_BN_mod_exp 2507 EXIST::FUNCTION: -ENGINE_set_default_RSA 2508 EXIST::FUNCTION: -ENGINE_get_default_RAND 2509 EXIST::FUNCTION: -ENGINE_get_default_BN_mod_exp 2510 EXIST::FUNCTION: -ENGINE_set_RAND 2511 EXIST::FUNCTION: -ENGINE_set_id 2512 EXIST::FUNCTION: -ENGINE_set_BN_mod_exp_crt 2513 EXIST::FUNCTION: -ENGINE_set_default_DH 2514 EXIST::FUNCTION: -ENGINE_new 2515 EXIST::FUNCTION: -ENGINE_get_id 2516 EXIST::FUNCTION: -DSA_set_default_openssl_method 2517 EXIST::FUNCTION:DSA -ENGINE_add 2518 EXIST::FUNCTION: -DH_set_default_openssl_method 2519 EXIST::FUNCTION:DH -ENGINE_get_DSA 2520 EXIST::FUNCTION: -ENGINE_get_ctrl_function 2521 EXIST::FUNCTION: -ENGINE_set_ctrl_function 2522 EXIST::FUNCTION: +NCONF_get_number_e 2467 EXIST::FUNCTION: +ERR_load_ENGINE_strings 2468 EXIST::FUNCTION: +ENGINE_set_DSA 2469 EXIST::FUNCTION: +ENGINE_get_finish_function 2470 EXIST::FUNCTION: +ENGINE_get_default_RSA 2471 EXIST::FUNCTION: +ENGINE_get_BN_mod_exp 2472 EXIST::FUNCTION: +DSA_get_default_openssl_method 2473 EXIST::FUNCTION:DSA +ENGINE_set_DH 2474 EXIST::FUNCTION: +ENGINE_set_default_BN_mod_exp_crt 2475 EXIST:!VMS:FUNCTION: +ENGINE_set_def_BN_mod_exp_crt 2475 EXIST:VMS:FUNCTION: +ENGINE_init 2476 EXIST::FUNCTION: +DH_get_default_openssl_method 2477 EXIST::FUNCTION:DH +RSA_set_default_openssl_method 2478 EXIST::FUNCTION:RSA +ENGINE_finish 2479 EXIST::FUNCTION: +ENGINE_load_public_key 2480 EXIST::FUNCTION: +ENGINE_get_DH 2481 EXIST::FUNCTION: +ENGINE_ctrl 2482 EXIST::FUNCTION: +ENGINE_get_init_function 2483 EXIST::FUNCTION: +ENGINE_set_init_function 2484 EXIST::FUNCTION: +ENGINE_set_default_DSA 2485 EXIST::FUNCTION: +ENGINE_get_name 2486 EXIST::FUNCTION: +ENGINE_get_last 2487 EXIST::FUNCTION: +ENGINE_get_prev 2488 EXIST::FUNCTION: +ENGINE_get_default_DH 2489 EXIST::FUNCTION: +ENGINE_get_RSA 2490 EXIST::FUNCTION: +ENGINE_set_default 2491 EXIST::FUNCTION: +ENGINE_get_RAND 2492 EXIST::FUNCTION: +ENGINE_get_first 2493 EXIST::FUNCTION: +ENGINE_by_id 2494 EXIST::FUNCTION: +ENGINE_set_finish_function 2495 EXIST::FUNCTION: +ENGINE_get_default_BN_mod_exp_crt 2496 EXIST:!VMS:FUNCTION: +ENGINE_get_def_BN_mod_exp_crt 2496 EXIST:VMS:FUNCTION: +RSA_get_default_openssl_method 2497 EXIST::FUNCTION:RSA +ENGINE_set_RSA 2498 EXIST::FUNCTION: +ENGINE_load_private_key 2499 EXIST::FUNCTION: +ENGINE_set_default_RAND 2500 EXIST::FUNCTION: +ENGINE_set_BN_mod_exp 2501 EXIST::FUNCTION: +ENGINE_remove 2502 EXIST::FUNCTION: +ENGINE_free 2503 EXIST::FUNCTION: +ENGINE_get_BN_mod_exp_crt 2504 EXIST::FUNCTION: +ENGINE_get_next 2505 EXIST::FUNCTION: +ENGINE_set_name 2506 EXIST::FUNCTION: +ENGINE_get_default_DSA 2507 EXIST::FUNCTION: +ENGINE_set_default_BN_mod_exp 2508 EXIST::FUNCTION: +ENGINE_set_default_RSA 2509 EXIST::FUNCTION: +ENGINE_get_default_RAND 2510 EXIST::FUNCTION: +ENGINE_get_default_BN_mod_exp 2511 EXIST::FUNCTION: +ENGINE_set_RAND 2512 EXIST::FUNCTION: +ENGINE_set_id 2513 EXIST::FUNCTION: +ENGINE_set_BN_mod_exp_crt 2514 EXIST::FUNCTION: +ENGINE_set_default_DH 2515 EXIST::FUNCTION: +ENGINE_new 2516 EXIST::FUNCTION: +ENGINE_get_id 2517 EXIST::FUNCTION: +DSA_set_default_openssl_method 2518 EXIST::FUNCTION:DSA +ENGINE_add 2519 EXIST::FUNCTION: +DH_set_default_openssl_method 2520 EXIST::FUNCTION:DH +ENGINE_get_DSA 2521 EXIST::FUNCTION: +ENGINE_get_ctrl_function 2522 EXIST::FUNCTION: +ENGINE_set_ctrl_function 2523 EXIST::FUNCTION: |