Index: app/kmod/30-ppc32/kmod-x32-pkg-description.in
===================================================================
--- app/kmod/30-ppc32/kmod-x32-pkg-description.in (revision 419)
+++ app/kmod/30-ppc32/kmod-x32-pkg-description.in (nonexistent)
@@ -1,19 +0,0 @@
-# HOW TO EDIT THIS FILE:
-# The "handy ruler" below makes it easier to edit a package description. Line
-# up the first '|' above the ':' following the base package name, and the '|'
-# on the right side marks the last column you can put a character in. You must
-# make exactly 11 lines for the formatting to be correct. It's also
-# customary to leave one space after the ':'.
-
- |-----handy-ruler------------------------------------------------------|
-kmod-x32: kmod-x32 @VERSION@ (kernel module library)
-kmod-x32:
-kmod-x32: kmod is a set of tools to handle common tasks with Linux kernel
-kmod-x32: modules like insert, remove, list, check properties, resolve
-kmod-x32: dependencies and aliases. The aim is to be compatible with the
-kmod-x32: tools, configurations and indexes from the module-init-tools project.
-kmod-x32:
-kmod-x32: These tools are designed on top of libkmod, a library that is
-kmod-x32: shipped with kmod.
-kmod-x32:
-kmod-x32:
Index: app/kmod/30-ppc32/kmod-x32-pkg-install.sh
===================================================================
--- app/kmod/30-ppc32/kmod-x32-pkg-install.sh (revision 419)
+++ app/kmod/30-ppc32/kmod-x32-pkg-install.sh (nonexistent)
@@ -1,39 +0,0 @@
-#!/bin/sh
-
-# arg 1: the new package version
-pre_install() {
- /bin/true
-}
-
-# arg 1: the new package version
-post_install() {
- /bin/true
-}
-
-# arg 1: the new package version
-# arg 2: the old package version
-pre_update() {
- /bin/true
-}
-
-# arg 1: the new package version
-# arg 2: the old package version
-post_update() {
- post_install
-}
-
-# arg 1: the old package version
-pre_remove() {
- /bin/true
-}
-
-# arg 1: the old package version
-post_remove() {
- /bin/true
-}
-
-
-operation=$1
-shift
-
-$operation $*
Property changes on: app/kmod/30-ppc32/kmod-x32-pkg-install.sh
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: app/kmod/30-ppc32/Makefile
===================================================================
--- app/kmod/30-ppc32/Makefile (revision 419)
+++ app/kmod/30-ppc32/Makefile (nonexistent)
@@ -1,209 +0,0 @@
-
-COMPONENT_TARGETS = $(HARDWARE_S824L)
-COMPONENT_TARGETS += $(HARDWARE_VESNIN)
-COMPONENT_TARGETS += $(HARDWARE_TL2WK2)
-COMPONENT_TARGETS += $(HARDWARE_TL2SV2)
-
-NEED_ABS_PATH = true
-COMPONENT_IS_3PP = true
-
-CREATE_PPC32_PACKAGE = true
-
-
-include ../../../build-system/constants.mk
-
-
-SOURCE_REQUIRES = sources/packages/a/kmod
-
-REQUIRES = app/kmod/30
-REQUIRES += libs/zstd/1.5.6-ppc32
-REQUIRES += net/openssl/1.1.1r-ppc32
-
-# ======= __END_OF_REQUIRES__ =======
-
-
-version = 30
-tar_xz_archive = $(SRC_PACKAGE_PATH)/packages/a/kmod/kmod-$(version).tar.xz
-SRC_ARCHIVE = $(tar_xz_archive)
-SRC_DIR = $(TARGET_BUILD_DIR)/kmod-$(version)
-src_dir_name = kmod-$(version)
-src_done = $(TARGET_BUILD_DIR)/.source_done
-
-PATCHES = PATCHES
-
-build_dir = $(TARGET_BUILD_DIR)/build
-build_target = $(TARGET_BUILD_DIR)/.build_done
-install_target = $(TARGET_BUILD_DIR)/.install_done
-
-
-####### Targets
-
-PKG_GROUP = app
-
-#
-# *PKG_NAME & *PKG_VERSION shouldn't be a reference to value.
-#
-KMOD_32_PKG_NAME = kmod-x32
-KMOD_32_PKG_VERSION = 30
-KMOD_32_PKG_ARCH = $(PKGARCH)
-KMOD_32_PKG_DISTRO_NAME = $(DISTRO_NAME)
-KMOD_32_PKG_DISTRO_VERSION = $(DISTRO_VERSION)
-KMOD_32_PKG_GROUP = $(PKG_GROUP)
-### |---handy-ruler-------------------------------|
-KMOD_32_PKG_SHORT_DESCRIPTION = kernel module library
-KMOD_32_PKG_URL = $(BUG_URL)
-KMOD_32_PKG_LICENSE = GPLv2
-KMOD_32_PKG_DESCRIPTION_FILE = $(TARGET_BUILD_DIR)/$(KMOD_32_PKG_NAME)-pkg-description
-KMOD_32_PKG_DESCRIPTION_FILE_IN = $(KMOD_32_PKG_NAME)-pkg-description.in
-KMOD_32_PKG_INSTALL_SCRIPT = $(KMOD_32_PKG_NAME)-pkg-install.sh
-
-KMOD_32_PKG = $(CURDIR)/$(TARGET_BUILD_DIR)/$(KMOD_32_PKG_NAME)-package
-
-pkg_basename = $(KMOD_32_PKG_NAME)-$(KMOD_32_PKG_VERSION)-$(KMOD_32_PKG_ARCH)-$(KMOD_32_PKG_DISTRO_NAME)-$(KMOD_32_PKG_DISTRO_VERSION)
-
-pkg_archive = $(TARGET_BUILD_DIR)/$(PKG_GROUP)/$(pkg_basename).$(pkg_arch_suffix)
-pkg_certificate = $(call cert-name,$(pkg_archive))
-pkg_signature = $(call sign-name,$(pkg_archive))
-pkg_description = $(call desc-name,$(pkg_archive))
-products = $(call pkg-files,$(pkg_archive))
-
-BUILD_TARGETS = $(build_target)
-BUILD_TARGETS += $(install_target)
-
-PRODUCT_TARGETS = $(products)
-
-ROOTFS_TARGETS = $(pkg_archive)
-
-
-include ../../../build-system/core.mk
-
-
-env_sysroot = DESTDIR=$(KMOD_32_PKG)
-
-
-extra_configure_switches = --libdir=/lib$(MULTILIB_PPC32_SUFFIX)
-extra_configure_switches += --docdir=/usr/share/doc/$(src_dir_name)
-extra_configure_switches += --mandir=/usr/share/man
-extra_configure_switches += --disable-dependency-tracking
-extra_configure_switches += --sysconfdir=/etc
-extra_configure_switches += --localstatedir=/var
-extra_configure_switches += --bindir=/sbin
-extra_configure_switches += --sbindir=/sbin
-extra_configure_switches += --with-openssl
-extra_configure_switches += --with-zlib
-extra_configure_switches += --with-zstd
-extra_configure_switches += --with-xz
-
-
-TARGET_RPATH = /lib$(MULTILIB_PPC32_SUFFIX):/usr/lib$(MULTILIB_PPC32_SUFFIX)
-
-
-####### Dependencies
-
-$(src_done): $(SRC_ARCHIVE) $(PATCHES_DEP)
- $(UNPACK_SRC_ARCHIVE)
- $(APPLY_PATCHES)
- @touch $@
-
-$(build_target): $(src_done)
- @mkdir -p $(build_dir)
- @cd $(build_dir) && \
- $(BUILD_ENVIRONMENT) ../$(src_dir_name)/configure \
- --prefix=/usr \
- --build=$(BUILD) \
- --host=$(TARGET32) \
- $(extra_configure_switches)
- @cd $(build_dir) && $(BUILD_ENVIRONMENT) $(MAKE)
- @touch $@
-
-$(install_target): $(build_target)
- @mkdir -p $(KMOD_32_PKG)
- @cd $(build_dir) && $(BUILD_ENVIRONMENT) $(MAKE) -j1 install $(env_sysroot)
- @rm -rf $(KMOD_32_PKG)/sbin
- @rm -rf $(KMOD_32_PKG)/usr/include
- @rm -rf $(KMOD_32_PKG)/usr/share
- @mkdir -p $(KMOD_32_PKG)/usr/lib$(MULTILIB_PPC32_SUFFIX)
- @mv $(KMOD_32_PKG)/lib$(MULTILIB_PPC32_SUFFIX)/pkgconfig $(KMOD_32_PKG)/usr/lib$(MULTILIB_PPC32_SUFFIX)
- @mv $(KMOD_32_PKG)/lib$(MULTILIB_PPC32_SUFFIX)/{*.so,*.la} $(KMOD_32_PKG)/usr/lib$(MULTILIB_PPC32_SUFFIX)
- @cp -a $(KMOD_32_PKG)/lib$(MULTILIB_PPC32_SUFFIX)/libkmod.so.2 $(KMOD_32_PKG)/usr/lib$(MULTILIB_PPC32_SUFFIX)
- @( cd $(KMOD_32_PKG)/usr/lib$(MULTILIB_PPC32_SUFFIX) ; \
- ln -sf ../../lib$(MULTILIB_PPC32_SUFFIX)/libkmod.so.2.4.0 libkmod.so.2.4.0 ; \
- sed -i "s,libdir='/lib,libdir='/usr/lib,g" libkmod.la ; \
- sed -i "s,libdir=/lib,libdir=/usr/lib,g" pkgconfig/libkmod.pc ; \
- )
- # ======= remove toolchain path from target libtool *.la files =======
- @( cd $(KMOD_32_PKG)/usr/lib$(MULTILIB_PPC32_SUFFIX) ; \
- sed -i "s,$(TARGET_DEST_DIR),,g" libkmod.la ; \
- sed -i "s,-L/usr/local/lib ,,g" libkmod.la ; \
- )
- # ======= remove -L/lib, -L/usr/lib options from target libtool *.la files =======
- @( cd $(KMOD_32_PKG)/usr/lib$(MULTILIB_PPC32_SUFFIX) ; \
- sed -i "s,-L/usr/lib ,,g" libkmod.la ; \
- sed -i "s,-L/lib ,,g" libkmod.la ; \
- )
- # ======= remove toolchain path from target pkg-config *.pc files =======
- @( cd $(KMOD_32_PKG)/usr/lib$(MULTILIB_PPC32_SUFFIX)/pkgconfig ; \
- sed -i "s,$(TARGET_DEST_DIR),,g" libkmod.pc ; \
- sed -i "s,-L/usr/local/lib,-L/usr/lib$(MULTILIB_PPC32_SUFFIX),g" libkmod.pc ; \
- )
- # ======= Install the same to $(TARGET_DEST_DIR) =======
- $(call install-into-devenv, $(KMOD_32_PKG))
- # ======= tune libtool *.la search path to the target destination for development =======
- @( cd $(TARGET_DEST_DIR)/usr/lib$(MULTILIB_PPC32_SUFFIX) ; \
- sed -i "s,/usr,$(TARGET_DEST_DIR)/usr,g" libkmod.la ; \
- sed -i "s,L/lib,L$(TARGET_DEST_DIR)/lib,g" libkmod.la ; \
- )
- # ======= tune pkg-config *.pc search path to the target destination for development =======
- @( cd $(TARGET_DEST_DIR)/usr/lib$(MULTILIB_PPC32_SUFFIX)/pkgconfig ; \
- sed -i "s,/usr,$(TARGET_DEST_DIR)/usr,g" libkmod.pc ; \
- )
- # ======= Strip binaries =======
- @( cd $(KMOD_32_PKG); \
- find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs $(STRIP) --strip-unneeded 2> /dev/null ; \
- find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs $(STRIP) --strip-unneeded 2> /dev/null ; \
- )
-ifneq ($(PATCHELF),)
- # ======= Set RPATH/RUNPATH for target binaries =======
- @( cd $(KMOD_32_PKG) ; \
- for file in `find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs echo` ; do \
- rpath=`$(PATCHELF) --print-rpath $$file 2> /dev/null` ; \
- if echo "$$rpath" | grep -q "$(TARGET_DEST_DIR)" ; then \
- $(PATCHELF) --set-rpath $(TARGET_RPATH) $$file 1> /dev/null 2> /dev/null ; \
- fi ; \
- done ; \
- )
- # ======= Set RPATH/RUNPATH for target shared objects =======
- @( cd $(KMOD_32_PKG) ; \
- for file in `find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs echo` ; do \
- rpath=`$(PATCHELF) --print-rpath $$file 2> /dev/null` ; \
- if echo "$$rpath" | grep -q "$(TARGET_DEST_DIR)" ; then \
- $(PATCHELF) --set-rpath $(TARGET_RPATH) $$file 1> /dev/null 2> /dev/null ; \
- fi ; \
- done ; \
- )
-endif
- @touch $@
-
-$(KMOD_32_PKG_DESCRIPTION_FILE): $(KMOD_32_PKG_DESCRIPTION_FILE_IN)
- @cat $< | $(SED) -e "s/@VERSION@/$(version)/g" > $@
-
-$(pkg_certificate) : $(pkg_archive) ;
-$(pkg_signature) : $(pkg_archive) ;
-$(pkg_description) : $(pkg_archive) ;
-
-$(pkg_archive): $(install_target) $(KMOD_32_PKG_DESCRIPTION_FILE) $(KMOD_32_PKG_INSTALL_SCRIPT)
- @cp $(KMOD_32_PKG_DESCRIPTION_FILE) $(KMOD_32_PKG)/.DESCRIPTION
- @cp $(KMOD_32_PKG_INSTALL_SCRIPT) $(KMOD_32_PKG)/.INSTALL
- @$(BUILD_PKG_REQUIRES) $(KMOD_32_PKG)/.REQUIRES
- @echo "pkgname=$(KMOD_32_PKG_NAME)" > $(KMOD_32_PKG)/.PKGINFO ; \
- echo "pkgver=$(KMOD_32_PKG_VERSION)" >> $(KMOD_32_PKG)/.PKGINFO ; \
- echo "arch=$(KMOD_32_PKG_ARCH)" >> $(KMOD_32_PKG)/.PKGINFO ; \
- echo "distroname=$(KMOD_32_PKG_DISTRO_NAME)" >> $(KMOD_32_PKG)/.PKGINFO ; \
- echo "distrover=$(KMOD_32_PKG_DISTRO_VERSION)" >> $(KMOD_32_PKG)/.PKGINFO ; \
- echo "group=$(KMOD_32_PKG_GROUP)" >> $(KMOD_32_PKG)/.PKGINFO ; \
- echo "short_description=\"$(KMOD_32_PKG_SHORT_DESCRIPTION)\"" >> $(KMOD_32_PKG)/.PKGINFO ; \
- echo "url=$(KMOD_32_PKG_URL)" >> $(KMOD_32_PKG)/.PKGINFO ; \
- echo "license=$(KMOD_32_PKG_LICENSE)" >> $(KMOD_32_PKG)/.PKGINFO
- @$(PSEUDO) sh -c "cd $(KMOD_32_PKG) && \
- chown -R root:root . && \
- $(MAKE_PACKAGE) -J --linkadd=yes $(GNUPG_OPTIONS) -m -d .. ."
Index: app/kmod/30-ppc32
===================================================================
--- app/kmod/30-ppc32 (revision 419)
+++ app/kmod/30-ppc32 (nonexistent)
Property changes on: app/kmod/30-ppc32
___________________________________________________________________
Deleted: svn:ignore
## -1,74 +0,0 ##
-
-# install dir
-dist
-
-# Target build dirs
-.a1x-newlib
-.a2x-newlib
-.at91sam7s-newlib
-
-.build-machine
-
-.a1x-glibc
-.a2x-glibc
-.h3-glibc
-.h5-glibc
-.i586-glibc
-.i686-glibc
-.imx6-glibc
-.jz47xx-glibc
-.makefile
-.am335x-glibc
-.omap543x-glibc
-.p5600-glibc
-.power8-glibc
-.power8le-glibc
-.power9-glibc
-.power9le-glibc
-.m1000-glibc
-.riscv64-glibc
-.rk328x-glibc
-.rk33xx-glibc
-.rk339x-glibc
-.rk358x-glibc
-.s8xx-glibc
-.s9xx-glibc
-.x86_64-glibc
-
-# Hidden files (each file)
-.makefile
-.dist
-.rootfs
-
-# src & hw requires
-.src_requires
-.src_requires_depend
-.requires
-.requires_depend
-
-# Tarballs
-*.gz
-*.bz2
-*.lz
-*.xz
-*.tgz
-*.txz
-
-# Signatures
-*.asc
-*.sig
-*.sign
-*.sha1sum
-
-# Patches
-*.patch
-
-# Descriptions
-*.dsc
-*.txt
-
-# Default linux config files
-*.defconfig
-
-# backup copies
-*~
Index: app/kmod/30-x86_32/kmod-x32-pkg-description.in
===================================================================
--- app/kmod/30-x86_32/kmod-x32-pkg-description.in (revision 419)
+++ app/kmod/30-x86_32/kmod-x32-pkg-description.in (nonexistent)
@@ -1,19 +0,0 @@
-# HOW TO EDIT THIS FILE:
-# The "handy ruler" below makes it easier to edit a package description. Line
-# up the first '|' above the ':' following the base package name, and the '|'
-# on the right side marks the last column you can put a character in. You must
-# make exactly 11 lines for the formatting to be correct. It's also
-# customary to leave one space after the ':'.
-
- |-----handy-ruler------------------------------------------------------|
-kmod-x32: kmod-x32 @VERSION@ (kernel module library)
-kmod-x32:
-kmod-x32: kmod is a set of tools to handle common tasks with Linux kernel
-kmod-x32: modules like insert, remove, list, check properties, resolve
-kmod-x32: dependencies and aliases. The aim is to be compatible with the
-kmod-x32: tools, configurations and indexes from the module-init-tools project.
-kmod-x32:
-kmod-x32: These tools are designed on top of libkmod, a library that is
-kmod-x32: shipped with kmod.
-kmod-x32:
-kmod-x32:
Index: app/kmod/30-x86_32/kmod-x32-pkg-install.sh
===================================================================
--- app/kmod/30-x86_32/kmod-x32-pkg-install.sh (revision 419)
+++ app/kmod/30-x86_32/kmod-x32-pkg-install.sh (nonexistent)
@@ -1,39 +0,0 @@
-#!/bin/sh
-
-# arg 1: the new package version
-pre_install() {
- /bin/true
-}
-
-# arg 1: the new package version
-post_install() {
- /bin/true
-}
-
-# arg 1: the new package version
-# arg 2: the old package version
-pre_update() {
- /bin/true
-}
-
-# arg 1: the new package version
-# arg 2: the old package version
-post_update() {
- post_install
-}
-
-# arg 1: the old package version
-pre_remove() {
- /bin/true
-}
-
-# arg 1: the old package version
-post_remove() {
- /bin/true
-}
-
-
-operation=$1
-shift
-
-$operation $*
Property changes on: app/kmod/30-x86_32/kmod-x32-pkg-install.sh
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: app/kmod/30-x86_32/Makefile
===================================================================
--- app/kmod/30-x86_32/Makefile (revision 419)
+++ app/kmod/30-x86_32/Makefile (nonexistent)
@@ -1,206 +0,0 @@
-
-COMPONENT_TARGETS = $(HARDWARE_INTEL_PC64)
-
-NEED_ABS_PATH = true
-COMPONENT_IS_3PP = true
-
-CREATE_X86_32_PACKAGE = true
-
-
-include ../../../build-system/constants.mk
-
-
-SOURCE_REQUIRES = sources/packages/a/kmod
-
-REQUIRES = app/kmod/30
-REQUIRES += libs/zstd/1.5.6-x86_32
-REQUIRES += net/openssl/1.1.1r-x86_32
-
-# ======= __END_OF_REQUIRES__ =======
-
-
-version = 30
-tar_xz_archive = $(SRC_PACKAGE_PATH)/packages/a/kmod/kmod-$(version).tar.xz
-SRC_ARCHIVE = $(tar_xz_archive)
-SRC_DIR = $(TARGET_BUILD_DIR)/kmod-$(version)
-src_dir_name = kmod-$(version)
-src_done = $(TARGET_BUILD_DIR)/.source_done
-
-PATCHES = PATCHES
-
-build_dir = $(TARGET_BUILD_DIR)/build
-build_target = $(TARGET_BUILD_DIR)/.build_done
-install_target = $(TARGET_BUILD_DIR)/.install_done
-
-
-####### Targets
-
-PKG_GROUP = app
-
-#
-# *PKG_NAME & *PKG_VERSION shouldn't be a reference to value.
-#
-KMOD_32_PKG_NAME = kmod-x32
-KMOD_32_PKG_VERSION = 30
-KMOD_32_PKG_ARCH = $(PKGARCH)
-KMOD_32_PKG_DISTRO_NAME = $(DISTRO_NAME)
-KMOD_32_PKG_DISTRO_VERSION = $(DISTRO_VERSION)
-KMOD_32_PKG_GROUP = $(PKG_GROUP)
-### |---handy-ruler-------------------------------|
-KMOD_32_PKG_SHORT_DESCRIPTION = kernel module library
-KMOD_32_PKG_URL = $(BUG_URL)
-KMOD_32_PKG_LICENSE = GPLv2
-KMOD_32_PKG_DESCRIPTION_FILE = $(TARGET_BUILD_DIR)/$(KMOD_32_PKG_NAME)-pkg-description
-KMOD_32_PKG_DESCRIPTION_FILE_IN = $(KMOD_32_PKG_NAME)-pkg-description.in
-KMOD_32_PKG_INSTALL_SCRIPT = $(KMOD_32_PKG_NAME)-pkg-install.sh
-
-KMOD_32_PKG = $(CURDIR)/$(TARGET_BUILD_DIR)/$(KMOD_32_PKG_NAME)-package
-
-pkg_basename = $(KMOD_32_PKG_NAME)-$(KMOD_32_PKG_VERSION)-$(KMOD_32_PKG_ARCH)-$(KMOD_32_PKG_DISTRO_NAME)-$(KMOD_32_PKG_DISTRO_VERSION)
-
-pkg_archive = $(TARGET_BUILD_DIR)/$(PKG_GROUP)/$(pkg_basename).$(pkg_arch_suffix)
-pkg_certificate = $(call cert-name,$(pkg_archive))
-pkg_signature = $(call sign-name,$(pkg_archive))
-pkg_description = $(call desc-name,$(pkg_archive))
-products = $(call pkg-files,$(pkg_archive))
-
-BUILD_TARGETS = $(build_target)
-BUILD_TARGETS += $(install_target)
-
-PRODUCT_TARGETS = $(products)
-
-ROOTFS_TARGETS = $(pkg_archive)
-
-
-include ../../../build-system/core.mk
-
-
-env_sysroot = DESTDIR=$(KMOD_32_PKG)
-
-
-extra_configure_switches = --libdir=/lib$(MULTILIB_X86_32_SUFFIX)
-extra_configure_switches += --docdir=/usr/share/doc/$(src_dir_name)
-extra_configure_switches += --mandir=/usr/share/man
-extra_configure_switches += --disable-dependency-tracking
-extra_configure_switches += --sysconfdir=/etc
-extra_configure_switches += --localstatedir=/var
-extra_configure_switches += --bindir=/sbin
-extra_configure_switches += --sbindir=/sbin
-extra_configure_switches += --with-openssl
-extra_configure_switches += --with-zlib
-extra_configure_switches += --with-zstd
-extra_configure_switches += --with-xz
-
-
-TARGET_RPATH = /lib$(MULTILIB_X86_32_SUFFIX):/usr/lib$(MULTILIB_X86_32_SUFFIX)
-
-
-####### Dependencies
-
-$(src_done): $(SRC_ARCHIVE) $(PATCHES_DEP)
- $(UNPACK_SRC_ARCHIVE)
- $(APPLY_PATCHES)
- @touch $@
-
-$(build_target): $(src_done)
- @mkdir -p $(build_dir)
- @cd $(build_dir) && \
- $(BUILD_ENVIRONMENT) ../$(src_dir_name)/configure \
- --prefix=/usr \
- --build=$(BUILD) \
- --host=$(TARGET32) \
- $(extra_configure_switches)
- @cd $(build_dir) && $(BUILD_ENVIRONMENT) $(MAKE)
- @touch $@
-
-$(install_target): $(build_target)
- @mkdir -p $(KMOD_32_PKG)
- @cd $(build_dir) && $(BUILD_ENVIRONMENT) $(MAKE) -j1 install $(env_sysroot)
- @rm -rf $(KMOD_32_PKG)/sbin
- @rm -rf $(KMOD_32_PKG)/usr/include
- @rm -rf $(KMOD_32_PKG)/usr/share
- @mkdir -p $(KMOD_32_PKG)/usr/lib$(MULTILIB_X86_32_SUFFIX)
- @mv $(KMOD_32_PKG)/lib$(MULTILIB_X86_32_SUFFIX)/pkgconfig $(KMOD_32_PKG)/usr/lib$(MULTILIB_X86_32_SUFFIX)
- @mv $(KMOD_32_PKG)/lib$(MULTILIB_X86_32_SUFFIX)/{*.so,*.la} $(KMOD_32_PKG)/usr/lib$(MULTILIB_X86_32_SUFFIX)
- @cp -a $(KMOD_32_PKG)/lib$(MULTILIB_X86_32_SUFFIX)/libkmod.so.2 $(KMOD_32_PKG)/usr/lib$(MULTILIB_X86_32_SUFFIX)
- @( cd $(KMOD_32_PKG)/usr/lib$(MULTILIB_X86_32_SUFFIX) ; \
- ln -sf ../../lib$(MULTILIB_X86_32_SUFFIX)/libkmod.so.2.4.0 libkmod.so.2.4.0 ; \
- sed -i "s,libdir='/lib,libdir='/usr/lib,g" libkmod.la ; \
- sed -i "s,libdir=/lib,libdir=/usr/lib,g" pkgconfig/libkmod.pc ; \
- )
- # remove toolchain path from target libtool *.la files
- @( cd $(KMOD_32_PKG)/usr/lib$(MULTILIB_X86_32_SUFFIX) ; \
- sed -i "s,$(TARGET_DEST_DIR),,g" libkmod.la ; \
- sed -i "s,-L/usr/local/lib ,,g" libkmod.la ; \
- )
- # ======= remove -L/lib, -L/usr/lib options from target libtool *.la files =======
- @( cd $(KMOD_32_PKG)/usr/lib$(MULTILIB_X86_32_SUFFIX) ; \
- sed -i "s,-L/usr/lib ,,g" libkmod.la ; \
- sed -i "s,-L/lib ,,g" libkmod.la ; \
- )
- # ======= remove toolchain path from target pkg-config *.pc files =======
- @( cd $(KMOD_32_PKG)/usr/lib$(MULTILIB_X86_32_SUFFIX)/pkgconfig ; \
- sed -i "s,$(TARGET_DEST_DIR),,g" libkmod.pc ; \
- sed -i "s,-L/usr/local/lib,-L/usr/lib$(MULTILIB_X86_32_SUFFIX),g" libkmod.pc ; \
- )
- # ======= Install the same to $(TARGET_DEST_DIR) =======
- $(call install-into-devenv, $(KMOD_32_PKG))
- # ======= tune libtool *.la search path to the target destination for development =======
- @( cd $(TARGET_DEST_DIR)/usr/lib$(MULTILIB_X86_32_SUFFIX) ; \
- sed -i "s,/usr,$(TARGET_DEST_DIR)/usr,g" libkmod.la ; \
- sed -i "s,L/lib,L$(TARGET_DEST_DIR)/lib,g" libkmod.la ; \
- )
- # ======= tune pkg-config *.pc search path to the target destination for development =======
- @( cd $(TARGET_DEST_DIR)/usr/lib$(MULTILIB_X86_32_SUFFIX)/pkgconfig ; \
- sed -i "s,/usr,$(TARGET_DEST_DIR)/usr,g" libkmod.pc ; \
- )
- # ======= Strip binaries =======
- @( cd $(KMOD_32_PKG); \
- find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs $(STRIP) --strip-unneeded 2> /dev/null ; \
- find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs $(STRIP) --strip-unneeded 2> /dev/null ; \
- )
-ifneq ($(PATCHELF),)
- # ======= Set RPATH/RUNPATH for target binaries =======
- @( cd $(KMOD_32_PKG) ; \
- for file in `find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs echo` ; do \
- rpath=`$(PATCHELF) --print-rpath $$file 2> /dev/null` ; \
- if echo "$$rpath" | grep -q "$(TARGET_DEST_DIR)" ; then \
- $(PATCHELF) --set-rpath $(TARGET_RPATH) $$file 1> /dev/null 2> /dev/null ; \
- fi ; \
- done ; \
- )
- # ======= Set RPATH/RUNPATH for target shared objects =======
- @( cd $(KMOD_32_PKG) ; \
- for file in `find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs echo` ; do \
- rpath=`$(PATCHELF) --print-rpath $$file 2> /dev/null` ; \
- if echo "$$rpath" | grep -q "$(TARGET_DEST_DIR)" ; then \
- $(PATCHELF) --set-rpath $(TARGET_RPATH) $$file 1> /dev/null 2> /dev/null ; \
- fi ; \
- done ; \
- )
-endif
- @touch $@
-
-$(KMOD_32_PKG_DESCRIPTION_FILE): $(KMOD_32_PKG_DESCRIPTION_FILE_IN)
- @cat $< | $(SED) -e "s/@VERSION@/$(version)/g" > $@
-
-$(pkg_certificate) : $(pkg_archive) ;
-$(pkg_signature) : $(pkg_archive) ;
-$(pkg_description) : $(pkg_archive) ;
-
-$(pkg_archive): $(install_target) $(KMOD_32_PKG_DESCRIPTION_FILE) $(KMOD_32_PKG_INSTALL_SCRIPT)
- @cp $(KMOD_32_PKG_DESCRIPTION_FILE) $(KMOD_32_PKG)/.DESCRIPTION
- @cp $(KMOD_32_PKG_INSTALL_SCRIPT) $(KMOD_32_PKG)/.INSTALL
- @$(BUILD_PKG_REQUIRES) $(KMOD_32_PKG)/.REQUIRES
- @echo "pkgname=$(KMOD_32_PKG_NAME)" > $(KMOD_32_PKG)/.PKGINFO ; \
- echo "pkgver=$(KMOD_32_PKG_VERSION)" >> $(KMOD_32_PKG)/.PKGINFO ; \
- echo "arch=$(KMOD_32_PKG_ARCH)" >> $(KMOD_32_PKG)/.PKGINFO ; \
- echo "distroname=$(KMOD_32_PKG_DISTRO_NAME)" >> $(KMOD_32_PKG)/.PKGINFO ; \
- echo "distrover=$(KMOD_32_PKG_DISTRO_VERSION)" >> $(KMOD_32_PKG)/.PKGINFO ; \
- echo "group=$(KMOD_32_PKG_GROUP)" >> $(KMOD_32_PKG)/.PKGINFO ; \
- echo "short_description=\"$(KMOD_32_PKG_SHORT_DESCRIPTION)\"" >> $(KMOD_32_PKG)/.PKGINFO ; \
- echo "url=$(KMOD_32_PKG_URL)" >> $(KMOD_32_PKG)/.PKGINFO ; \
- echo "license=$(KMOD_32_PKG_LICENSE)" >> $(KMOD_32_PKG)/.PKGINFO
- @$(PSEUDO) sh -c "cd $(KMOD_32_PKG) && \
- chown -R root:root . && \
- $(MAKE_PACKAGE) -J --linkadd=yes $(GNUPG_OPTIONS) -m -d .. ."
Index: app/kmod/30-x86_32
===================================================================
--- app/kmod/30-x86_32 (revision 419)
+++ app/kmod/30-x86_32 (nonexistent)
Property changes on: app/kmod/30-x86_32
___________________________________________________________________
Deleted: svn:ignore
## -1,74 +0,0 ##
-
-# install dir
-dist
-
-# Target build dirs
-.a1x-newlib
-.a2x-newlib
-.at91sam7s-newlib
-
-.build-machine
-
-.a1x-glibc
-.a2x-glibc
-.h3-glibc
-.h5-glibc
-.i586-glibc
-.i686-glibc
-.imx6-glibc
-.jz47xx-glibc
-.makefile
-.am335x-glibc
-.omap543x-glibc
-.p5600-glibc
-.power8-glibc
-.power8le-glibc
-.power9-glibc
-.power9le-glibc
-.m1000-glibc
-.riscv64-glibc
-.rk328x-glibc
-.rk33xx-glibc
-.rk339x-glibc
-.rk358x-glibc
-.s8xx-glibc
-.s9xx-glibc
-.x86_64-glibc
-
-# Hidden files (each file)
-.makefile
-.dist
-.rootfs
-
-# src & hw requires
-.src_requires
-.src_requires_depend
-.requires
-.requires_depend
-
-# Tarballs
-*.gz
-*.bz2
-*.lz
-*.xz
-*.tgz
-*.txz
-
-# Signatures
-*.asc
-*.sig
-*.sign
-*.sha1sum
-
-# Patches
-*.patch
-
-# Descriptions
-*.dsc
-*.txt
-
-# Default linux config files
-*.defconfig
-
-# backup copies
-*~
Index: app/kmod/30/kmod-pkg-description.in
===================================================================
--- app/kmod/30/kmod-pkg-description.in (revision 419)
+++ app/kmod/30/kmod-pkg-description.in (nonexistent)
@@ -1,19 +0,0 @@
-# HOW TO EDIT THIS FILE:
-# The "handy ruler" below makes it easier to edit a package description. Line
-# up the first '|' above the ':' following the base package name, and the '|'
-# on the right side marks the last column you can put a character in. You must
-# make exactly 11 lines for the formatting to be correct. It's also
-# customary to leave one space after the ':'.
-
- |-----handy-ruler------------------------------------------------------|
-kmod: kmod @VERSION@ (kernel module tools and library)
-kmod:
-kmod: kmod is a set of tools to handle common tasks with Linux kernel
-kmod: modules like insert, remove, list, check properties, resolve
-kmod: dependencies and aliases. The aim is to be compatible with the
-kmod: tools, configurations and indexes from the module-init-tools project.
-kmod:
-kmod: These tools are designed on top of libkmod, a library that is
-kmod: shipped with kmod.
-kmod:
-kmod:
Index: app/kmod/30/kmod-pkg-install.sh
===================================================================
--- app/kmod/30/kmod-pkg-install.sh (revision 419)
+++ app/kmod/30/kmod-pkg-install.sh (nonexistent)
@@ -1,39 +0,0 @@
-#!/bin/sh
-
-# arg 1: the new package version
-pre_install() {
- /bin/true
-}
-
-# arg 1: the new package version
-post_install() {
- /bin/true
-}
-
-# arg 1: the new package version
-# arg 2: the old package version
-pre_update() {
- /bin/true
-}
-
-# arg 1: the new package version
-# arg 2: the old package version
-post_update() {
- post_install
-}
-
-# arg 1: the old package version
-pre_remove() {
- /bin/true
-}
-
-# arg 1: the old package version
-post_remove() {
- /bin/true
-}
-
-
-operation=$1
-shift
-
-$operation $*
Property changes on: app/kmod/30/kmod-pkg-install.sh
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: app/kmod/30/Makefile
===================================================================
--- app/kmod/30/Makefile (revision 419)
+++ app/kmod/30/Makefile (nonexistent)
@@ -1,283 +0,0 @@
-
-COMPONENT_TARGETS = $(HARDWARE_INTEL_PC32)
-COMPONENT_TARGETS += $(HARDWARE_INTEL_PC64)
-COMPONENT_TARGETS += $(HARDWARE_EBOX_3350DX2)
-COMPONENT_TARGETS += $(HARDWARE_CB1X)
-COMPONENT_TARGETS += $(HARDWARE_CB2X)
-COMPONENT_TARGETS += $(HARDWARE_CB3X)
-COMPONENT_TARGETS += $(HARDWARE_ORANGE_PP2E)
-COMPONENT_TARGETS += $(HARDWARE_NANOPI_NEO)
-COMPONENT_TARGETS += $(HARDWARE_ORANGE_PP)
-COMPONENT_TARGETS += $(HARDWARE_ORANGE_PL2)
-COMPONENT_TARGETS += $(HARDWARE_ORANGE_PI5)
-COMPONENT_TARGETS += $(HARDWARE_ORANGE_PI5B)
-COMPONENT_TARGETS += $(HARDWARE_ORANGE_PI5P)
-COMPONENT_TARGETS += $(HARDWARE_ROCK_5B)
-COMPONENT_TARGETS += $(HARDWARE_WECHIP_TX6)
-COMPONENT_TARGETS += $(HARDWARE_REPKA_PI3)
-COMPONENT_TARGETS += $(HARDWARE_FFRK3288)
-COMPONENT_TARGETS += $(HARDWARE_POIN2)
-COMPONENT_TARGETS += $(HARDWARE_RK3328_CC)
-COMPONENT_TARGETS += $(HARDWARE_KHADAS_EDGE)
-COMPONENT_TARGETS += $(HARDWARE_LEEZ_P710)
-COMPONENT_TARGETS += $(HARDWARE_M201)
-COMPONENT_TARGETS += $(HARDWARE_MXV)
-COMPONENT_TARGETS += $(HARDWARE_P201)
-COMPONENT_TARGETS += $(HARDWARE_NEXBOX_A95X)
-COMPONENT_TARGETS += $(HARDWARE_ODROID_C2)
-COMPONENT_TARGETS += $(HARDWARE_P212)
-COMPONENT_TARGETS += $(HARDWARE_KHADAS_VIM)
-COMPONENT_TARGETS += $(HARDWARE_Q201)
-COMPONENT_TARGETS += $(HARDWARE_ENYBOX_X2)
-COMPONENT_TARGETS += $(HARDWARE_KHADAS_VIM2)
-COMPONENT_TARGETS += $(HARDWARE_NIT6Q)
-COMPONENT_TARGETS += $(HARDWARE_OKMX6DL_C)
-COMPONENT_TARGETS += $(HARDWARE_OKMX6Q_C)
-COMPONENT_TARGETS += $(HARDWARE_BONE_BLACK)
-COMPONENT_TARGETS += $(HARDWARE_OMAP5UEVM)
-COMPONENT_TARGETS += $(HARDWARE_DRA7XXEVM)
-COMPONENT_TARGETS += $(HARDWARE_CI20)
-COMPONENT_TARGETS += $(HARDWARE_BAIKAL_T1)
-COMPONENT_TARGETS += $(HARDWARE_BAIKAL_M1)
-COMPONENT_TARGETS += $(HARDWARE_S824L)
-COMPONENT_TARGETS += $(HARDWARE_VESNIN)
-COMPONENT_TARGETS += $(HARDWARE_S824L_LSB)
-COMPONENT_TARGETS += $(HARDWARE_VESNIN_LSB)
-COMPONENT_TARGETS += $(HARDWARE_TL2WK2)
-COMPONENT_TARGETS += $(HARDWARE_TL2SV2)
-COMPONENT_TARGETS += $(HARDWARE_TL2WK2_LSB)
-COMPONENT_TARGETS += $(HARDWARE_TL2SV2_LSB)
-COMPONENT_TARGETS += $(HARDWARE_VISIONFIVE2)
-COMPONENT_TARGETS += $(HARDWARE_SIFIVE_U740)
-
-
-NEED_ABS_PATH = true
-COMPONENT_IS_3PP = true
-
-
-include ../../../build-system/constants.mk
-
-
-SOURCE_REQUIRES = sources/packages/a/kmod
-
-REQUIRES = libs/zstd/1.5.6
-REQUIRES += net/openssl/1.1.1r
-
-# ======= __END_OF_REQUIRES__ =======
-
-
-version = 30
-tar_xz_archive = $(SRC_PACKAGE_PATH)/packages/a/kmod/kmod-$(version).tar.xz
-SRC_ARCHIVE = $(tar_xz_archive)
-SRC_DIR = $(TARGET_BUILD_DIR)/kmod-$(version)
-src_dir_name = kmod-$(version)
-src_done = $(TARGET_BUILD_DIR)/.source_done
-
-PATCHES = PATCHES
-
-build_dir = $(TARGET_BUILD_DIR)/build
-build_target = $(TARGET_BUILD_DIR)/.build_done
-install_target = $(TARGET_BUILD_DIR)/.install_done
-
-
-####### Targets
-
-PKG_GROUP = app
-
-#
-# *PKG_NAME & *PKG_VERSION shouldn't be a reference to value.
-#
-KMOD_PKG_NAME = kmod
-KMOD_PKG_VERSION = 30
-KMOD_PKG_ARCH = $(PKGARCH)
-KMOD_PKG_DISTRO_NAME = $(DISTRO_NAME)
-KMOD_PKG_DISTRO_VERSION = $(DISTRO_VERSION)
-KMOD_PKG_GROUP = $(PKG_GROUP)
-### |---handy-ruler-------------------------------|
-KMOD_PKG_SHORT_DESCRIPTION = kernel module tools and library
-KMOD_PKG_URL = $(BUG_URL)
-KMOD_PKG_LICENSE = GPLv2
-KMOD_PKG_DESCRIPTION_FILE = $(TARGET_BUILD_DIR)/$(KMOD_PKG_NAME)-pkg-description
-KMOD_PKG_DESCRIPTION_FILE_IN = $(KMOD_PKG_NAME)-pkg-description.in
-KMOD_PKG_INSTALL_SCRIPT = $(KMOD_PKG_NAME)-pkg-install.sh
-
-KMOD_PKG = $(CURDIR)/$(TARGET_BUILD_DIR)/$(KMOD_PKG_NAME)-package
-
-pkg_basename = $(KMOD_PKG_NAME)-$(KMOD_PKG_VERSION)-$(KMOD_PKG_ARCH)-$(KMOD_PKG_DISTRO_NAME)-$(KMOD_PKG_DISTRO_VERSION)
-
-pkg_archive = $(TARGET_BUILD_DIR)/$(PKG_GROUP)/$(pkg_basename).$(pkg_arch_suffix)
-pkg_certificate = $(call cert-name,$(pkg_archive))
-pkg_signature = $(call sign-name,$(pkg_archive))
-pkg_description = $(call desc-name,$(pkg_archive))
-products = $(call pkg-files,$(pkg_archive))
-
-BUILD_TARGETS = $(build_target)
-BUILD_TARGETS += $(install_target)
-
-PRODUCT_TARGETS = $(products)
-
-ROOTFS_TARGETS = $(pkg_archive)
-
-
-include ../../../build-system/core.mk
-
-
-env_sysroot = DESTDIR=$(KMOD_PKG)
-
-
-extra_configure_switches = --libdir=/lib$(LIBSUFFIX)
-extra_configure_switches += --docdir=/usr/share/doc/$(src_dir_name)
-extra_configure_switches += --mandir=/usr/share/man
-extra_configure_switches += --disable-dependency-tracking
-extra_configure_switches += --sysconfdir=/etc
-extra_configure_switches += --localstatedir=/var
-extra_configure_switches += --bindir=/sbin
-extra_configure_switches += --sbindir=/sbin
-extra_configure_switches += --with-openssl
-extra_configure_switches += --with-zlib
-extra_configure_switches += --with-zstd
-extra_configure_switches += --with-xz
-
-
-TARGET_RPATH = /lib$(LIBSUFFIX):/usr/lib$(LIBSUFFIX)
-
-
-####### Dependencies
-
-$(src_done): $(SRC_ARCHIVE) $(PATCHES_DEP)
- $(UNPACK_SRC_ARCHIVE)
- $(APPLY_PATCHES)
- @touch $@
-
-$(build_target): $(src_done)
- @mkdir -p $(build_dir)
- @cd $(build_dir) && \
- $(BUILD_ENVIRONMENT) ../$(src_dir_name)/configure \
- --prefix=/usr \
- --build=$(BUILD) \
- --host=$(TARGET) \
- $(extra_configure_switches)
- @cd $(build_dir) && $(BUILD_ENVIRONMENT) $(MAKE)
- @touch $@
-
-$(install_target): $(build_target)
- @mkdir -p $(KMOD_PKG)
- @cd $(build_dir) && $(BUILD_ENVIRONMENT) $(MAKE) -j1 install $(env_sysroot)
- @( cd $(KMOD_PKG)/sbin ; \
- for file in depmod insmod lsmod modinfo modprobe rmmod ; do \
- ln -sf kmod $$file ; \
- done \
- )
- @mkdir -p $(KMOD_PKG)/bin
- @( cd $(KMOD_PKG)/bin ; ln -sf /sbin/lsmod . )
- @mkdir -p $(KMOD_PKG)/etc/modprobe.d
- @mkdir -p $(KMOD_PKG)/usr/lib$(LIBSUFFIX)
- @mv $(KMOD_PKG)/lib$(LIBSUFFIX)/pkgconfig $(KMOD_PKG)/usr/lib$(LIBSUFFIX)
- @mv $(KMOD_PKG)/lib$(LIBSUFFIX)/{*.so,*.la} $(KMOD_PKG)/usr/lib$(LIBSUFFIX)
- @cp -a $(KMOD_PKG)/lib$(LIBSUFFIX)/libkmod.so.2 $(KMOD_PKG)/usr/lib$(LIBSUFFIX)
- @( cd $(KMOD_PKG)/usr/lib$(LIBSUFFIX) ; \
- ln -sf ../../lib$(LIBSUFFIX)/libkmod.so.2.4.0 libkmod.so.2.4.0 ; \
- sed -i "s,libdir='/lib',libdir='/usr/lib',g" libkmod.la ; \
- sed -i "s,libdir=/lib,libdir=/usr/lib,g" pkgconfig/libkmod.pc ; \
- )
- # ======= Install Documentation =======
- @( cd $(KMOD_PKG)/usr/share/man/man5 ; \
- rm -f modules.dep.bin.5 ; ln -sf modules.dep.5 modules.dep.bin.5 ; \
- )
- @if [ -d $(KMOD_PKG)/usr/share/man ]; then \
- ( cd $(KMOD_PKG)/usr/share/man ; \
- for manpagedir in `find . -type d -name "man*"` ; do \
- ( cd $$manpagedir ; \
- for eachpage in `find . -type l -maxdepth 1` ; do \
- ln -s `readlink $$eachpage`.gz $$eachpage.gz ; \
- rm $$eachpage ; \
- done ; \
- gzip -9 *.? ; \
- ) \
- done \
- ) \
- fi
- @mkdir -p $(KMOD_PKG)/usr/doc/$(src_dir_name)
- @cp -a $(SRC_DIR)/COPYING* \
- $(KMOD_PKG)/usr/doc/$(src_dir_name)
- @mkdir -p $(KMOD_PKG)/usr/share/doc/$(src_dir_name)
- @cp -a $(SRC_DIR)/COPYING* $(SRC_DIR)/NEWS $(SRC_DIR)/README* $(SRC_DIR)/TODO \
- $(KMOD_PKG)/usr/share/doc/$(src_dir_name)
- @( cd $(SRC_DIR) ; \
- if [ -r ChangeLog ]; then \
- DOCSDIR=`echo $(KMOD_PKG)/usr/share/doc/$(src_dir_name)` ; \
- cat ChangeLog | head -n 1000 > $$DOCSDIR/ChangeLog ; \
- touch -r ChangeLog $$DOCSDIR/ChangeLog ; \
- fi \
- )
- # ======= remove toolchain path from target libtool *.la files =======
- @( cd $(KMOD_PKG)/usr/lib$(LIBSUFFIX) ; \
- sed -i "s,$(TARGET_DEST_DIR),,g" libkmod.la ; \
- sed -i "s,-L/usr/local/lib ,,g" libkmod.la ; \
- )
- # ======= remove toolchain path from target pkg-config *.pc files =======
- @( cd $(KMOD_PKG)/usr/lib$(LIBSUFFIX)/pkgconfig ; \
- sed -i "s,$(TARGET_DEST_DIR),,g" libkmod.pc ; \
- sed -i "s,-L/usr/local/lib,-L/usr/lib,g" libkmod.pc ; \
- )
- # ======= Install the same to $(TARGET_DEST_DIR) =======
- $(call install-into-devenv, $(KMOD_PKG))
- # ======= tune libtool *.la search path to the target destination for development =======
- @( cd $(TARGET_DEST_DIR)/usr/lib$(LIBSUFFIX) ; \
- sed -i "s,/usr,$(TARGET_DEST_DIR)/usr,g" libkmod.la ; \
- sed -i "s,L/lib,L$(TARGET_DEST_DIR)/lib,g" libkmod.la \
- )
- # ======= tune pkg-config *.pc search path to the target destination for development =======
- @( cd $(TARGET_DEST_DIR)/usr/lib$(LIBSUFFIX)/pkgconfig ; \
- sed -i "s,/usr,$(TARGET_DEST_DIR)/usr,g" libkmod.pc ; \
- )
- # ======= Strip binaries =======
- @( cd $(KMOD_PKG); \
- find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs $(STRIP) --strip-unneeded 2> /dev/null ; \
- find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs $(STRIP) --strip-unneeded 2> /dev/null ; \
- )
-ifneq ($(PATCHELF),)
- # ======= Set RPATH/RUNPATH for target binaries =======
- @( cd $(KMOD_PKG) ; \
- for file in `find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs echo` ; do \
- rpath=`$(PATCHELF) --print-rpath $$file 2> /dev/null` ; \
- if echo "$$rpath" | grep -q "$(TARGET_DEST_DIR)" ; then \
- $(PATCHELF) --set-rpath $(TARGET_RPATH) $$file 1> /dev/null 2> /dev/null ; \
- fi ; \
- done ; \
- )
- # ======= Set RPATH/RUNPATH for target shared objects =======
- @( cd $(KMOD_PKG) ; \
- for file in `find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs echo` ; do \
- rpath=`$(PATCHELF) --print-rpath $$file 2> /dev/null` ; \
- if echo "$$rpath" | grep -q "$(TARGET_DEST_DIR)" ; then \
- $(PATCHELF) --set-rpath $(TARGET_RPATH) $$file 1> /dev/null 2> /dev/null ; \
- fi ; \
- done ; \
- )
-endif
- @touch $@
-
-$(KMOD_PKG_DESCRIPTION_FILE): $(KMOD_PKG_DESCRIPTION_FILE_IN)
- @cat $< | $(SED) -e "s/@VERSION@/$(version)/g" > $@
-
-$(pkg_certificate) : $(pkg_archive) ;
-$(pkg_signature) : $(pkg_archive) ;
-$(pkg_description) : $(pkg_archive) ;
-
-$(pkg_archive): $(install_target) $(KMOD_PKG_DESCRIPTION_FILE) $(KMOD_PKG_INSTALL_SCRIPT)
- @cp $(KMOD_PKG_DESCRIPTION_FILE) $(KMOD_PKG)/.DESCRIPTION
- @cp $(KMOD_PKG_INSTALL_SCRIPT) $(KMOD_PKG)/.INSTALL
- @$(BUILD_PKG_REQUIRES) $(KMOD_PKG)/.REQUIRES
- @echo "pkgname=$(KMOD_PKG_NAME)" > $(KMOD_PKG)/.PKGINFO ; \
- echo "pkgver=$(KMOD_PKG_VERSION)" >> $(KMOD_PKG)/.PKGINFO ; \
- echo "arch=$(KMOD_PKG_ARCH)" >> $(KMOD_PKG)/.PKGINFO ; \
- echo "distroname=$(KMOD_PKG_DISTRO_NAME)" >> $(KMOD_PKG)/.PKGINFO ; \
- echo "distrover=$(KMOD_PKG_DISTRO_VERSION)" >> $(KMOD_PKG)/.PKGINFO ; \
- echo "group=$(KMOD_PKG_GROUP)" >> $(KMOD_PKG)/.PKGINFO ; \
- echo "short_description=\"$(KMOD_PKG_SHORT_DESCRIPTION)\"" >> $(KMOD_PKG)/.PKGINFO ; \
- echo "url=$(KMOD_PKG_URL)" >> $(KMOD_PKG)/.PKGINFO ; \
- echo "license=$(KMOD_PKG_LICENSE)" >> $(KMOD_PKG)/.PKGINFO
- @$(PSEUDO) sh -c "cd $(KMOD_PKG) && \
- chown -R root:root . && \
- $(MAKE_PACKAGE) -J --linkadd=yes $(GNUPG_OPTIONS) -m -d .. ."
Index: app/kmod/30
===================================================================
--- app/kmod/30 (revision 419)
+++ app/kmod/30 (nonexistent)
Property changes on: app/kmod/30
___________________________________________________________________
Deleted: svn:ignore
## -1,74 +0,0 ##
-
-# install dir
-dist
-
-# Target build dirs
-.a1x-newlib
-.a2x-newlib
-.at91sam7s-newlib
-
-.build-machine
-
-.a1x-glibc
-.a2x-glibc
-.h3-glibc
-.h5-glibc
-.i586-glibc
-.i686-glibc
-.imx6-glibc
-.jz47xx-glibc
-.makefile
-.am335x-glibc
-.omap543x-glibc
-.p5600-glibc
-.power8-glibc
-.power8le-glibc
-.power9-glibc
-.power9le-glibc
-.m1000-glibc
-.riscv64-glibc
-.rk328x-glibc
-.rk33xx-glibc
-.rk339x-glibc
-.rk358x-glibc
-.s8xx-glibc
-.s9xx-glibc
-.x86_64-glibc
-
-# Hidden files (each file)
-.makefile
-.dist
-.rootfs
-
-# src & hw requires
-.src_requires
-.src_requires_depend
-.requires
-.requires_depend
-
-# Tarballs
-*.gz
-*.bz2
-*.lz
-*.xz
-*.tgz
-*.txz
-
-# Signatures
-*.asc
-*.sig
-*.sign
-*.sha1sum
-
-# Patches
-*.patch
-
-# Descriptions
-*.dsc
-*.txt
-
-# Default linux config files
-*.defconfig
-
-# backup copies
-*~
Index: app/kmod/33/Makefile
===================================================================
--- app/kmod/33/Makefile (nonexistent)
+++ app/kmod/33/Makefile (revision 420)
@@ -0,0 +1,284 @@
+
+COMPONENT_TARGETS = $(HARDWARE_INTEL_PC32)
+COMPONENT_TARGETS += $(HARDWARE_INTEL_PC64)
+COMPONENT_TARGETS += $(HARDWARE_EBOX_3350DX2)
+COMPONENT_TARGETS += $(HARDWARE_CB1X)
+COMPONENT_TARGETS += $(HARDWARE_CB2X)
+COMPONENT_TARGETS += $(HARDWARE_CB3X)
+COMPONENT_TARGETS += $(HARDWARE_ORANGE_PP2E)
+COMPONENT_TARGETS += $(HARDWARE_NANOPI_NEO)
+COMPONENT_TARGETS += $(HARDWARE_ORANGE_PP)
+COMPONENT_TARGETS += $(HARDWARE_ORANGE_PL2)
+COMPONENT_TARGETS += $(HARDWARE_ORANGE_PI5)
+COMPONENT_TARGETS += $(HARDWARE_ORANGE_PI5B)
+COMPONENT_TARGETS += $(HARDWARE_ORANGE_PI5P)
+COMPONENT_TARGETS += $(HARDWARE_ROCK_5B)
+COMPONENT_TARGETS += $(HARDWARE_WECHIP_TX6)
+COMPONENT_TARGETS += $(HARDWARE_REPKA_PI3)
+COMPONENT_TARGETS += $(HARDWARE_FFRK3288)
+COMPONENT_TARGETS += $(HARDWARE_POIN2)
+COMPONENT_TARGETS += $(HARDWARE_RK3328_CC)
+COMPONENT_TARGETS += $(HARDWARE_KHADAS_EDGE)
+COMPONENT_TARGETS += $(HARDWARE_LEEZ_P710)
+COMPONENT_TARGETS += $(HARDWARE_M201)
+COMPONENT_TARGETS += $(HARDWARE_MXV)
+COMPONENT_TARGETS += $(HARDWARE_P201)
+COMPONENT_TARGETS += $(HARDWARE_NEXBOX_A95X)
+COMPONENT_TARGETS += $(HARDWARE_ODROID_C2)
+COMPONENT_TARGETS += $(HARDWARE_P212)
+COMPONENT_TARGETS += $(HARDWARE_KHADAS_VIM)
+COMPONENT_TARGETS += $(HARDWARE_Q201)
+COMPONENT_TARGETS += $(HARDWARE_ENYBOX_X2)
+COMPONENT_TARGETS += $(HARDWARE_KHADAS_VIM2)
+COMPONENT_TARGETS += $(HARDWARE_NIT6Q)
+COMPONENT_TARGETS += $(HARDWARE_OKMX6DL_C)
+COMPONENT_TARGETS += $(HARDWARE_OKMX6Q_C)
+COMPONENT_TARGETS += $(HARDWARE_BONE_BLACK)
+COMPONENT_TARGETS += $(HARDWARE_OMAP5UEVM)
+COMPONENT_TARGETS += $(HARDWARE_DRA7XXEVM)
+COMPONENT_TARGETS += $(HARDWARE_CI20)
+COMPONENT_TARGETS += $(HARDWARE_BAIKAL_T1)
+COMPONENT_TARGETS += $(HARDWARE_BAIKAL_M1)
+COMPONENT_TARGETS += $(HARDWARE_S824L)
+COMPONENT_TARGETS += $(HARDWARE_VESNIN)
+COMPONENT_TARGETS += $(HARDWARE_S824L_LSB)
+COMPONENT_TARGETS += $(HARDWARE_VESNIN_LSB)
+COMPONENT_TARGETS += $(HARDWARE_TL2WK2)
+COMPONENT_TARGETS += $(HARDWARE_TL2SV2)
+COMPONENT_TARGETS += $(HARDWARE_TL2WK2_LSB)
+COMPONENT_TARGETS += $(HARDWARE_TL2SV2_LSB)
+COMPONENT_TARGETS += $(HARDWARE_VISIONFIVE2)
+COMPONENT_TARGETS += $(HARDWARE_SIFIVE_U740)
+
+
+NEED_ABS_PATH = true
+COMPONENT_IS_3PP = true
+
+
+include ../../../build-system/constants.mk
+
+
+SOURCE_REQUIRES = sources/packages/a/kmod
+
+REQUIRES = libs/zstd/1.5.6
+REQUIRES += net/openssl/3.4.0
+
+# ======= __END_OF_REQUIRES__ =======
+
+
+version = 33
+tar_xz_archive = $(SRC_PACKAGE_PATH)/packages/a/kmod/kmod-$(version).tar.xz
+SRC_ARCHIVE = $(tar_xz_archive)
+SRC_DIR = $(TARGET_BUILD_DIR)/kmod-$(version)
+src_dir_name = kmod-$(version)
+src_done = $(TARGET_BUILD_DIR)/.source_done
+
+PATCHES = PATCHES
+
+build_dir = $(TARGET_BUILD_DIR)/build
+build_target = $(TARGET_BUILD_DIR)/.build_done
+install_target = $(TARGET_BUILD_DIR)/.install_done
+
+
+####### Targets
+
+PKG_GROUP = app
+
+#
+# *PKG_NAME & *PKG_VERSION shouldn't be a reference to value.
+#
+KMOD_PKG_NAME = kmod
+KMOD_PKG_VERSION = 33
+KMOD_PKG_ARCH = $(PKGARCH)
+KMOD_PKG_DISTRO_NAME = $(DISTRO_NAME)
+KMOD_PKG_DISTRO_VERSION = $(DISTRO_VERSION)
+KMOD_PKG_GROUP = $(PKG_GROUP)
+### |---handy-ruler-------------------------------|
+KMOD_PKG_SHORT_DESCRIPTION = kernel module tools and library
+KMOD_PKG_URL = $(BUG_URL)
+KMOD_PKG_LICENSE = GPLv2
+KMOD_PKG_DESCRIPTION_FILE = $(TARGET_BUILD_DIR)/$(KMOD_PKG_NAME)-pkg-description
+KMOD_PKG_DESCRIPTION_FILE_IN = $(KMOD_PKG_NAME)-pkg-description.in
+KMOD_PKG_INSTALL_SCRIPT = $(KMOD_PKG_NAME)-pkg-install.sh
+
+KMOD_PKG = $(CURDIR)/$(TARGET_BUILD_DIR)/$(KMOD_PKG_NAME)-package
+
+pkg_basename = $(KMOD_PKG_NAME)-$(KMOD_PKG_VERSION)-$(KMOD_PKG_ARCH)-$(KMOD_PKG_DISTRO_NAME)-$(KMOD_PKG_DISTRO_VERSION)
+
+pkg_archive = $(TARGET_BUILD_DIR)/$(PKG_GROUP)/$(pkg_basename).$(pkg_arch_suffix)
+pkg_certificate = $(call cert-name,$(pkg_archive))
+pkg_signature = $(call sign-name,$(pkg_archive))
+pkg_description = $(call desc-name,$(pkg_archive))
+products = $(call pkg-files,$(pkg_archive))
+
+BUILD_TARGETS = $(build_target)
+BUILD_TARGETS += $(install_target)
+
+PRODUCT_TARGETS = $(products)
+
+ROOTFS_TARGETS = $(pkg_archive)
+
+
+include ../../../build-system/core.mk
+
+
+env_sysroot = DESTDIR=$(KMOD_PKG)
+
+
+extra_configure_switches = --libdir=/lib$(LIBSUFFIX)
+extra_configure_switches += --docdir=/usr/share/doc/$(src_dir_name)
+extra_configure_switches += --mandir=/usr/share/man
+extra_configure_switches += --disable-dependency-tracking
+extra_configure_switches += --sysconfdir=/etc
+extra_configure_switches += --localstatedir=/var
+extra_configure_switches += --bindir=/sbin
+extra_configure_switches += --sbindir=/sbin
+extra_configure_switches += --with-openssl
+extra_configure_switches += --with-zlib
+extra_configure_switches += --with-zstd
+extra_configure_switches += --with-xz
+
+
+TARGET_RPATH = /lib$(LIBSUFFIX):/usr/lib$(LIBSUFFIX)
+
+
+####### Dependencies
+
+$(src_done): $(SRC_ARCHIVE) $(PATCHES_DEP)
+ $(UNPACK_SRC_ARCHIVE)
+ $(APPLY_PATCHES)
+ @touch $@
+
+$(build_target): $(src_done)
+ @mkdir -p $(build_dir)
+ @cd $(build_dir) && \
+ $(BUILD_ENVIRONMENT) ../$(src_dir_name)/configure \
+ --prefix=/usr \
+ --build=$(BUILD) \
+ --host=$(TARGET) \
+ $(extra_configure_switches)
+ @cd $(build_dir) && $(BUILD_ENVIRONMENT) $(MAKE)
+ @touch $@
+
+$(install_target): $(build_target)
+ @mkdir -p $(KMOD_PKG)
+ @cd $(build_dir) && $(BUILD_ENVIRONMENT) $(MAKE) -j1 install $(env_sysroot)
+ exit 1
+ @( cd $(KMOD_PKG)/sbin ; \
+ for file in depmod insmod lsmod modinfo modprobe rmmod ; do \
+ ln -sf kmod $$file ; \
+ done \
+ )
+ @mkdir -p $(KMOD_PKG)/bin
+ @( cd $(KMOD_PKG)/bin ; ln -sf /sbin/lsmod . )
+ @mkdir -p $(KMOD_PKG)/etc/modprobe.d
+ @mkdir -p $(KMOD_PKG)/usr/lib$(LIBSUFFIX)
+ @mv $(KMOD_PKG)/lib$(LIBSUFFIX)/pkgconfig $(KMOD_PKG)/usr/lib$(LIBSUFFIX)
+ @mv $(KMOD_PKG)/lib$(LIBSUFFIX)/{*.so,*.la} $(KMOD_PKG)/usr/lib$(LIBSUFFIX)
+ @cp -a $(KMOD_PKG)/lib$(LIBSUFFIX)/libkmod.so.2 $(KMOD_PKG)/usr/lib$(LIBSUFFIX)
+ @( cd $(KMOD_PKG)/usr/lib$(LIBSUFFIX) ; \
+ ln -sf ../../lib$(LIBSUFFIX)/libkmod.so.2.4.0 libkmod.so.2.4.0 ; \
+ sed -i "s,libdir='/lib',libdir='/usr/lib',g" libkmod.la ; \
+ sed -i "s,libdir=/lib,libdir=/usr/lib,g" pkgconfig/libkmod.pc ; \
+ )
+ # ======= Install Documentation =======
+ @( cd $(KMOD_PKG)/usr/share/man/man5 ; \
+ rm -f modules.dep.bin.5 ; ln -sf modules.dep.5 modules.dep.bin.5 ; \
+ )
+ @if [ -d $(KMOD_PKG)/usr/share/man ]; then \
+ ( cd $(KMOD_PKG)/usr/share/man ; \
+ for manpagedir in `find . -type d -name "man*"` ; do \
+ ( cd $$manpagedir ; \
+ for eachpage in `find . -type l -maxdepth 1` ; do \
+ ln -s `readlink $$eachpage`.gz $$eachpage.gz ; \
+ rm $$eachpage ; \
+ done ; \
+ gzip -9 *.? ; \
+ ) \
+ done \
+ ) \
+ fi
+ @mkdir -p $(KMOD_PKG)/usr/doc/$(src_dir_name)
+ @cp -a $(SRC_DIR)/COPYING* \
+ $(KMOD_PKG)/usr/doc/$(src_dir_name)
+ @mkdir -p $(KMOD_PKG)/usr/share/doc/$(src_dir_name)
+ @cp -a $(SRC_DIR)/COPYING* $(SRC_DIR)/NEWS $(SRC_DIR)/README* $(SRC_DIR)/TODO \
+ $(KMOD_PKG)/usr/share/doc/$(src_dir_name)
+ @( cd $(SRC_DIR) ; \
+ if [ -r ChangeLog ]; then \
+ DOCSDIR=`echo $(KMOD_PKG)/usr/share/doc/$(src_dir_name)` ; \
+ cat ChangeLog | head -n 1000 > $$DOCSDIR/ChangeLog ; \
+ touch -r ChangeLog $$DOCSDIR/ChangeLog ; \
+ fi \
+ )
+ # ======= remove toolchain path from target libtool *.la files =======
+ @( cd $(KMOD_PKG)/usr/lib$(LIBSUFFIX) ; \
+ sed -i "s,$(TARGET_DEST_DIR),,g" libkmod.la ; \
+ sed -i "s,-L/usr/local/lib ,,g" libkmod.la ; \
+ )
+ # ======= remove toolchain path from target pkg-config *.pc files =======
+ @( cd $(KMOD_PKG)/usr/lib$(LIBSUFFIX)/pkgconfig ; \
+ sed -i "s,$(TARGET_DEST_DIR),,g" libkmod.pc ; \
+ sed -i "s,-L/usr/local/lib,-L/usr/lib,g" libkmod.pc ; \
+ )
+ # ======= Install the same to $(TARGET_DEST_DIR) =======
+ $(call install-into-devenv, $(KMOD_PKG))
+ # ======= tune libtool *.la search path to the target destination for development =======
+ @( cd $(TARGET_DEST_DIR)/usr/lib$(LIBSUFFIX) ; \
+ sed -i "s,/usr,$(TARGET_DEST_DIR)/usr,g" libkmod.la ; \
+ sed -i "s,L/lib,L$(TARGET_DEST_DIR)/lib,g" libkmod.la \
+ )
+ # ======= tune pkg-config *.pc search path to the target destination for development =======
+ @( cd $(TARGET_DEST_DIR)/usr/lib$(LIBSUFFIX)/pkgconfig ; \
+ sed -i "s,/usr,$(TARGET_DEST_DIR)/usr,g" libkmod.pc ; \
+ )
+ # ======= Strip binaries =======
+ @( cd $(KMOD_PKG); \
+ find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs $(STRIP) --strip-unneeded 2> /dev/null ; \
+ find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs $(STRIP) --strip-unneeded 2> /dev/null ; \
+ )
+ifneq ($(PATCHELF),)
+ # ======= Set RPATH/RUNPATH for target binaries =======
+ @( cd $(KMOD_PKG) ; \
+ for file in `find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs echo` ; do \
+ rpath=`$(PATCHELF) --print-rpath $$file 2> /dev/null` ; \
+ if echo "$$rpath" | grep -q "$(TARGET_DEST_DIR)" ; then \
+ $(PATCHELF) --set-rpath $(TARGET_RPATH) $$file 1> /dev/null 2> /dev/null ; \
+ fi ; \
+ done ; \
+ )
+ # ======= Set RPATH/RUNPATH for target shared objects =======
+ @( cd $(KMOD_PKG) ; \
+ for file in `find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs echo` ; do \
+ rpath=`$(PATCHELF) --print-rpath $$file 2> /dev/null` ; \
+ if echo "$$rpath" | grep -q "$(TARGET_DEST_DIR)" ; then \
+ $(PATCHELF) --set-rpath $(TARGET_RPATH) $$file 1> /dev/null 2> /dev/null ; \
+ fi ; \
+ done ; \
+ )
+endif
+ @touch $@
+
+$(KMOD_PKG_DESCRIPTION_FILE): $(KMOD_PKG_DESCRIPTION_FILE_IN)
+ @cat $< | $(SED) -e "s/@VERSION@/$(version)/g" > $@
+
+$(pkg_certificate) : $(pkg_archive) ;
+$(pkg_signature) : $(pkg_archive) ;
+$(pkg_description) : $(pkg_archive) ;
+
+$(pkg_archive): $(install_target) $(KMOD_PKG_DESCRIPTION_FILE) $(KMOD_PKG_INSTALL_SCRIPT)
+ @cp $(KMOD_PKG_DESCRIPTION_FILE) $(KMOD_PKG)/.DESCRIPTION
+ @cp $(KMOD_PKG_INSTALL_SCRIPT) $(KMOD_PKG)/.INSTALL
+ @$(BUILD_PKG_REQUIRES) $(KMOD_PKG)/.REQUIRES
+ @echo "pkgname=$(KMOD_PKG_NAME)" > $(KMOD_PKG)/.PKGINFO ; \
+ echo "pkgver=$(KMOD_PKG_VERSION)" >> $(KMOD_PKG)/.PKGINFO ; \
+ echo "arch=$(KMOD_PKG_ARCH)" >> $(KMOD_PKG)/.PKGINFO ; \
+ echo "distroname=$(KMOD_PKG_DISTRO_NAME)" >> $(KMOD_PKG)/.PKGINFO ; \
+ echo "distrover=$(KMOD_PKG_DISTRO_VERSION)" >> $(KMOD_PKG)/.PKGINFO ; \
+ echo "group=$(KMOD_PKG_GROUP)" >> $(KMOD_PKG)/.PKGINFO ; \
+ echo "short_description=\"$(KMOD_PKG_SHORT_DESCRIPTION)\"" >> $(KMOD_PKG)/.PKGINFO ; \
+ echo "url=$(KMOD_PKG_URL)" >> $(KMOD_PKG)/.PKGINFO ; \
+ echo "license=$(KMOD_PKG_LICENSE)" >> $(KMOD_PKG)/.PKGINFO
+ @$(PSEUDO) sh -c "cd $(KMOD_PKG) && \
+ chown -R root:root . && \
+ $(MAKE_PACKAGE) -J --linkadd=yes $(GNUPG_OPTIONS) -m -d .. ."
Index: app/kmod/33/PATCHES
===================================================================
Index: app/kmod/33/kmod-pkg-description.in
===================================================================
--- app/kmod/33/kmod-pkg-description.in (nonexistent)
+++ app/kmod/33/kmod-pkg-description.in (revision 420)
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description. Line
+# up the first '|' above the ':' following the base package name, and the '|'
+# on the right side marks the last column you can put a character in. You must
+# make exactly 11 lines for the formatting to be correct. It's also
+# customary to leave one space after the ':'.
+
+ |-----handy-ruler------------------------------------------------------|
+kmod: kmod @VERSION@ (kernel module tools and library)
+kmod:
+kmod: kmod is a set of tools to handle common tasks with Linux kernel
+kmod: modules like insert, remove, list, check properties, resolve
+kmod: dependencies and aliases. The aim is to be compatible with the
+kmod: tools, configurations and indexes from the module-init-tools project.
+kmod:
+kmod: These tools are designed on top of libkmod, a library that is
+kmod: shipped with kmod.
+kmod:
+kmod:
Index: app/kmod/33/kmod-pkg-install.sh
===================================================================
--- app/kmod/33/kmod-pkg-install.sh (nonexistent)
+++ app/kmod/33/kmod-pkg-install.sh (revision 420)
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+# arg 1: the new package version
+pre_install() {
+ /bin/true
+}
+
+# arg 1: the new package version
+post_install() {
+ /bin/true
+}
+
+# arg 1: the new package version
+# arg 2: the old package version
+pre_update() {
+ /bin/true
+}
+
+# arg 1: the new package version
+# arg 2: the old package version
+post_update() {
+ post_install
+}
+
+# arg 1: the old package version
+pre_remove() {
+ /bin/true
+}
+
+# arg 1: the old package version
+post_remove() {
+ /bin/true
+}
+
+
+operation=$1
+shift
+
+$operation $*
Property changes on: app/kmod/33/kmod-pkg-install.sh
___________________________________________________________________
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
Index: app/kmod/33
===================================================================
--- app/kmod/33 (nonexistent)
+++ app/kmod/33 (revision 420)
Property changes on: app/kmod/33
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,74 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.rk358x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: app/kmod/33-ppc32/Makefile
===================================================================
--- app/kmod/33-ppc32/Makefile (nonexistent)
+++ app/kmod/33-ppc32/Makefile (revision 420)
@@ -0,0 +1,209 @@
+
+COMPONENT_TARGETS = $(HARDWARE_S824L)
+COMPONENT_TARGETS += $(HARDWARE_VESNIN)
+COMPONENT_TARGETS += $(HARDWARE_TL2WK2)
+COMPONENT_TARGETS += $(HARDWARE_TL2SV2)
+
+NEED_ABS_PATH = true
+COMPONENT_IS_3PP = true
+
+CREATE_PPC32_PACKAGE = true
+
+
+include ../../../build-system/constants.mk
+
+
+SOURCE_REQUIRES = sources/packages/a/kmod
+
+REQUIRES = app/kmod/33
+REQUIRES += libs/zstd/1.5.6-ppc32
+REQUIRES += net/openssl/3.4.0-ppc32
+
+# ======= __END_OF_REQUIRES__ =======
+
+
+version = 33
+tar_xz_archive = $(SRC_PACKAGE_PATH)/packages/a/kmod/kmod-$(version).tar.xz
+SRC_ARCHIVE = $(tar_xz_archive)
+SRC_DIR = $(TARGET_BUILD_DIR)/kmod-$(version)
+src_dir_name = kmod-$(version)
+src_done = $(TARGET_BUILD_DIR)/.source_done
+
+PATCHES = PATCHES
+
+build_dir = $(TARGET_BUILD_DIR)/build
+build_target = $(TARGET_BUILD_DIR)/.build_done
+install_target = $(TARGET_BUILD_DIR)/.install_done
+
+
+####### Targets
+
+PKG_GROUP = app
+
+#
+# *PKG_NAME & *PKG_VERSION shouldn't be a reference to value.
+#
+KMOD_32_PKG_NAME = kmod-x32
+KMOD_32_PKG_VERSION = 33
+KMOD_32_PKG_ARCH = $(PKGARCH)
+KMOD_32_PKG_DISTRO_NAME = $(DISTRO_NAME)
+KMOD_32_PKG_DISTRO_VERSION = $(DISTRO_VERSION)
+KMOD_32_PKG_GROUP = $(PKG_GROUP)
+### |---handy-ruler-------------------------------|
+KMOD_32_PKG_SHORT_DESCRIPTION = kernel module library
+KMOD_32_PKG_URL = $(BUG_URL)
+KMOD_32_PKG_LICENSE = GPLv2
+KMOD_32_PKG_DESCRIPTION_FILE = $(TARGET_BUILD_DIR)/$(KMOD_32_PKG_NAME)-pkg-description
+KMOD_32_PKG_DESCRIPTION_FILE_IN = $(KMOD_32_PKG_NAME)-pkg-description.in
+KMOD_32_PKG_INSTALL_SCRIPT = $(KMOD_32_PKG_NAME)-pkg-install.sh
+
+KMOD_32_PKG = $(CURDIR)/$(TARGET_BUILD_DIR)/$(KMOD_32_PKG_NAME)-package
+
+pkg_basename = $(KMOD_32_PKG_NAME)-$(KMOD_32_PKG_VERSION)-$(KMOD_32_PKG_ARCH)-$(KMOD_32_PKG_DISTRO_NAME)-$(KMOD_32_PKG_DISTRO_VERSION)
+
+pkg_archive = $(TARGET_BUILD_DIR)/$(PKG_GROUP)/$(pkg_basename).$(pkg_arch_suffix)
+pkg_certificate = $(call cert-name,$(pkg_archive))
+pkg_signature = $(call sign-name,$(pkg_archive))
+pkg_description = $(call desc-name,$(pkg_archive))
+products = $(call pkg-files,$(pkg_archive))
+
+BUILD_TARGETS = $(build_target)
+BUILD_TARGETS += $(install_target)
+
+PRODUCT_TARGETS = $(products)
+
+ROOTFS_TARGETS = $(pkg_archive)
+
+
+include ../../../build-system/core.mk
+
+
+env_sysroot = DESTDIR=$(KMOD_32_PKG)
+
+
+extra_configure_switches = --libdir=/lib$(MULTILIB_PPC32_SUFFIX)
+extra_configure_switches += --docdir=/usr/share/doc/$(src_dir_name)
+extra_configure_switches += --mandir=/usr/share/man
+extra_configure_switches += --disable-dependency-tracking
+extra_configure_switches += --sysconfdir=/etc
+extra_configure_switches += --localstatedir=/var
+extra_configure_switches += --bindir=/sbin
+extra_configure_switches += --sbindir=/sbin
+extra_configure_switches += --with-openssl
+extra_configure_switches += --with-zlib
+extra_configure_switches += --with-zstd
+extra_configure_switches += --with-xz
+
+
+TARGET_RPATH = /lib$(MULTILIB_PPC32_SUFFIX):/usr/lib$(MULTILIB_PPC32_SUFFIX)
+
+
+####### Dependencies
+
+$(src_done): $(SRC_ARCHIVE) $(PATCHES_DEP)
+ $(UNPACK_SRC_ARCHIVE)
+ $(APPLY_PATCHES)
+ @touch $@
+
+$(build_target): $(src_done)
+ @mkdir -p $(build_dir)
+ @cd $(build_dir) && \
+ $(BUILD_ENVIRONMENT) ../$(src_dir_name)/configure \
+ --prefix=/usr \
+ --build=$(BUILD) \
+ --host=$(TARGET32) \
+ $(extra_configure_switches)
+ @cd $(build_dir) && $(BUILD_ENVIRONMENT) $(MAKE)
+ @touch $@
+
+$(install_target): $(build_target)
+ @mkdir -p $(KMOD_32_PKG)
+ @cd $(build_dir) && $(BUILD_ENVIRONMENT) $(MAKE) -j1 install $(env_sysroot)
+ @rm -rf $(KMOD_32_PKG)/sbin
+ @rm -rf $(KMOD_32_PKG)/usr/include
+ @rm -rf $(KMOD_32_PKG)/usr/share
+ @mkdir -p $(KMOD_32_PKG)/usr/lib$(MULTILIB_PPC32_SUFFIX)
+ @mv $(KMOD_32_PKG)/lib$(MULTILIB_PPC32_SUFFIX)/pkgconfig $(KMOD_32_PKG)/usr/lib$(MULTILIB_PPC32_SUFFIX)
+ @mv $(KMOD_32_PKG)/lib$(MULTILIB_PPC32_SUFFIX)/{*.so,*.la} $(KMOD_32_PKG)/usr/lib$(MULTILIB_PPC32_SUFFIX)
+ @cp -a $(KMOD_32_PKG)/lib$(MULTILIB_PPC32_SUFFIX)/libkmod.so.2 $(KMOD_32_PKG)/usr/lib$(MULTILIB_PPC32_SUFFIX)
+ @( cd $(KMOD_32_PKG)/usr/lib$(MULTILIB_PPC32_SUFFIX) ; \
+ ln -sf ../../lib$(MULTILIB_PPC32_SUFFIX)/libkmod.so.2.4.0 libkmod.so.2.4.0 ; \
+ sed -i "s,libdir='/lib,libdir='/usr/lib,g" libkmod.la ; \
+ sed -i "s,libdir=/lib,libdir=/usr/lib,g" pkgconfig/libkmod.pc ; \
+ )
+ # ======= remove toolchain path from target libtool *.la files =======
+ @( cd $(KMOD_32_PKG)/usr/lib$(MULTILIB_PPC32_SUFFIX) ; \
+ sed -i "s,$(TARGET_DEST_DIR),,g" libkmod.la ; \
+ sed -i "s,-L/usr/local/lib ,,g" libkmod.la ; \
+ )
+ # ======= remove -L/lib, -L/usr/lib options from target libtool *.la files =======
+ @( cd $(KMOD_32_PKG)/usr/lib$(MULTILIB_PPC32_SUFFIX) ; \
+ sed -i "s,-L/usr/lib ,,g" libkmod.la ; \
+ sed -i "s,-L/lib ,,g" libkmod.la ; \
+ )
+ # ======= remove toolchain path from target pkg-config *.pc files =======
+ @( cd $(KMOD_32_PKG)/usr/lib$(MULTILIB_PPC32_SUFFIX)/pkgconfig ; \
+ sed -i "s,$(TARGET_DEST_DIR),,g" libkmod.pc ; \
+ sed -i "s,-L/usr/local/lib,-L/usr/lib$(MULTILIB_PPC32_SUFFIX),g" libkmod.pc ; \
+ )
+ # ======= Install the same to $(TARGET_DEST_DIR) =======
+ $(call install-into-devenv, $(KMOD_32_PKG))
+ # ======= tune libtool *.la search path to the target destination for development =======
+ @( cd $(TARGET_DEST_DIR)/usr/lib$(MULTILIB_PPC32_SUFFIX) ; \
+ sed -i "s,/usr,$(TARGET_DEST_DIR)/usr,g" libkmod.la ; \
+ sed -i "s,L/lib,L$(TARGET_DEST_DIR)/lib,g" libkmod.la ; \
+ )
+ # ======= tune pkg-config *.pc search path to the target destination for development =======
+ @( cd $(TARGET_DEST_DIR)/usr/lib$(MULTILIB_PPC32_SUFFIX)/pkgconfig ; \
+ sed -i "s,/usr,$(TARGET_DEST_DIR)/usr,g" libkmod.pc ; \
+ )
+ # ======= Strip binaries =======
+ @( cd $(KMOD_32_PKG); \
+ find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs $(STRIP) --strip-unneeded 2> /dev/null ; \
+ find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs $(STRIP) --strip-unneeded 2> /dev/null ; \
+ )
+ifneq ($(PATCHELF),)
+ # ======= Set RPATH/RUNPATH for target binaries =======
+ @( cd $(KMOD_32_PKG) ; \
+ for file in `find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs echo` ; do \
+ rpath=`$(PATCHELF) --print-rpath $$file 2> /dev/null` ; \
+ if echo "$$rpath" | grep -q "$(TARGET_DEST_DIR)" ; then \
+ $(PATCHELF) --set-rpath $(TARGET_RPATH) $$file 1> /dev/null 2> /dev/null ; \
+ fi ; \
+ done ; \
+ )
+ # ======= Set RPATH/RUNPATH for target shared objects =======
+ @( cd $(KMOD_32_PKG) ; \
+ for file in `find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs echo` ; do \
+ rpath=`$(PATCHELF) --print-rpath $$file 2> /dev/null` ; \
+ if echo "$$rpath" | grep -q "$(TARGET_DEST_DIR)" ; then \
+ $(PATCHELF) --set-rpath $(TARGET_RPATH) $$file 1> /dev/null 2> /dev/null ; \
+ fi ; \
+ done ; \
+ )
+endif
+ @touch $@
+
+$(KMOD_32_PKG_DESCRIPTION_FILE): $(KMOD_32_PKG_DESCRIPTION_FILE_IN)
+ @cat $< | $(SED) -e "s/@VERSION@/$(version)/g" > $@
+
+$(pkg_certificate) : $(pkg_archive) ;
+$(pkg_signature) : $(pkg_archive) ;
+$(pkg_description) : $(pkg_archive) ;
+
+$(pkg_archive): $(install_target) $(KMOD_32_PKG_DESCRIPTION_FILE) $(KMOD_32_PKG_INSTALL_SCRIPT)
+ @cp $(KMOD_32_PKG_DESCRIPTION_FILE) $(KMOD_32_PKG)/.DESCRIPTION
+ @cp $(KMOD_32_PKG_INSTALL_SCRIPT) $(KMOD_32_PKG)/.INSTALL
+ @$(BUILD_PKG_REQUIRES) $(KMOD_32_PKG)/.REQUIRES
+ @echo "pkgname=$(KMOD_32_PKG_NAME)" > $(KMOD_32_PKG)/.PKGINFO ; \
+ echo "pkgver=$(KMOD_32_PKG_VERSION)" >> $(KMOD_32_PKG)/.PKGINFO ; \
+ echo "arch=$(KMOD_32_PKG_ARCH)" >> $(KMOD_32_PKG)/.PKGINFO ; \
+ echo "distroname=$(KMOD_32_PKG_DISTRO_NAME)" >> $(KMOD_32_PKG)/.PKGINFO ; \
+ echo "distrover=$(KMOD_32_PKG_DISTRO_VERSION)" >> $(KMOD_32_PKG)/.PKGINFO ; \
+ echo "group=$(KMOD_32_PKG_GROUP)" >> $(KMOD_32_PKG)/.PKGINFO ; \
+ echo "short_description=\"$(KMOD_32_PKG_SHORT_DESCRIPTION)\"" >> $(KMOD_32_PKG)/.PKGINFO ; \
+ echo "url=$(KMOD_32_PKG_URL)" >> $(KMOD_32_PKG)/.PKGINFO ; \
+ echo "license=$(KMOD_32_PKG_LICENSE)" >> $(KMOD_32_PKG)/.PKGINFO
+ @$(PSEUDO) sh -c "cd $(KMOD_32_PKG) && \
+ chown -R root:root . && \
+ $(MAKE_PACKAGE) -J --linkadd=yes $(GNUPG_OPTIONS) -m -d .. ."
Index: app/kmod/33-ppc32/PATCHES
===================================================================
Index: app/kmod/33-ppc32/kmod-x32-pkg-description.in
===================================================================
--- app/kmod/33-ppc32/kmod-x32-pkg-description.in (nonexistent)
+++ app/kmod/33-ppc32/kmod-x32-pkg-description.in (revision 420)
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description. Line
+# up the first '|' above the ':' following the base package name, and the '|'
+# on the right side marks the last column you can put a character in. You must
+# make exactly 11 lines for the formatting to be correct. It's also
+# customary to leave one space after the ':'.
+
+ |-----handy-ruler------------------------------------------------------|
+kmod-x32: kmod-x32 @VERSION@ (kernel module library)
+kmod-x32:
+kmod-x32: kmod is a set of tools to handle common tasks with Linux kernel
+kmod-x32: modules like insert, remove, list, check properties, resolve
+kmod-x32: dependencies and aliases. The aim is to be compatible with the
+kmod-x32: tools, configurations and indexes from the module-init-tools project.
+kmod-x32:
+kmod-x32: These tools are designed on top of libkmod, a library that is
+kmod-x32: shipped with kmod.
+kmod-x32:
+kmod-x32:
Index: app/kmod/33-ppc32/kmod-x32-pkg-install.sh
===================================================================
--- app/kmod/33-ppc32/kmod-x32-pkg-install.sh (nonexistent)
+++ app/kmod/33-ppc32/kmod-x32-pkg-install.sh (revision 420)
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+# arg 1: the new package version
+pre_install() {
+ /bin/true
+}
+
+# arg 1: the new package version
+post_install() {
+ /bin/true
+}
+
+# arg 1: the new package version
+# arg 2: the old package version
+pre_update() {
+ /bin/true
+}
+
+# arg 1: the new package version
+# arg 2: the old package version
+post_update() {
+ post_install
+}
+
+# arg 1: the old package version
+pre_remove() {
+ /bin/true
+}
+
+# arg 1: the old package version
+post_remove() {
+ /bin/true
+}
+
+
+operation=$1
+shift
+
+$operation $*
Property changes on: app/kmod/33-ppc32/kmod-x32-pkg-install.sh
___________________________________________________________________
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
Index: app/kmod/33-ppc32
===================================================================
--- app/kmod/33-ppc32 (nonexistent)
+++ app/kmod/33-ppc32 (revision 420)
Property changes on: app/kmod/33-ppc32
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,74 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.rk358x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: app/kmod/33-x86_32/Makefile
===================================================================
--- app/kmod/33-x86_32/Makefile (nonexistent)
+++ app/kmod/33-x86_32/Makefile (revision 420)
@@ -0,0 +1,206 @@
+
+COMPONENT_TARGETS = $(HARDWARE_INTEL_PC64)
+
+NEED_ABS_PATH = true
+COMPONENT_IS_3PP = true
+
+CREATE_X86_32_PACKAGE = true
+
+
+include ../../../build-system/constants.mk
+
+
+SOURCE_REQUIRES = sources/packages/a/kmod
+
+REQUIRES = app/kmod/33
+REQUIRES += libs/zstd/1.5.6-x86_32
+REQUIRES += net/openssl/3.4.0-x86_32
+
+# ======= __END_OF_REQUIRES__ =======
+
+
+version = 33
+tar_xz_archive = $(SRC_PACKAGE_PATH)/packages/a/kmod/kmod-$(version).tar.xz
+SRC_ARCHIVE = $(tar_xz_archive)
+SRC_DIR = $(TARGET_BUILD_DIR)/kmod-$(version)
+src_dir_name = kmod-$(version)
+src_done = $(TARGET_BUILD_DIR)/.source_done
+
+PATCHES = PATCHES
+
+build_dir = $(TARGET_BUILD_DIR)/build
+build_target = $(TARGET_BUILD_DIR)/.build_done
+install_target = $(TARGET_BUILD_DIR)/.install_done
+
+
+####### Targets
+
+PKG_GROUP = app
+
+#
+# *PKG_NAME & *PKG_VERSION shouldn't be a reference to value.
+#
+KMOD_32_PKG_NAME = kmod-x32
+KMOD_32_PKG_VERSION = 33
+KMOD_32_PKG_ARCH = $(PKGARCH)
+KMOD_32_PKG_DISTRO_NAME = $(DISTRO_NAME)
+KMOD_32_PKG_DISTRO_VERSION = $(DISTRO_VERSION)
+KMOD_32_PKG_GROUP = $(PKG_GROUP)
+### |---handy-ruler-------------------------------|
+KMOD_32_PKG_SHORT_DESCRIPTION = kernel module library
+KMOD_32_PKG_URL = $(BUG_URL)
+KMOD_32_PKG_LICENSE = GPLv2
+KMOD_32_PKG_DESCRIPTION_FILE = $(TARGET_BUILD_DIR)/$(KMOD_32_PKG_NAME)-pkg-description
+KMOD_32_PKG_DESCRIPTION_FILE_IN = $(KMOD_32_PKG_NAME)-pkg-description.in
+KMOD_32_PKG_INSTALL_SCRIPT = $(KMOD_32_PKG_NAME)-pkg-install.sh
+
+KMOD_32_PKG = $(CURDIR)/$(TARGET_BUILD_DIR)/$(KMOD_32_PKG_NAME)-package
+
+pkg_basename = $(KMOD_32_PKG_NAME)-$(KMOD_32_PKG_VERSION)-$(KMOD_32_PKG_ARCH)-$(KMOD_32_PKG_DISTRO_NAME)-$(KMOD_32_PKG_DISTRO_VERSION)
+
+pkg_archive = $(TARGET_BUILD_DIR)/$(PKG_GROUP)/$(pkg_basename).$(pkg_arch_suffix)
+pkg_certificate = $(call cert-name,$(pkg_archive))
+pkg_signature = $(call sign-name,$(pkg_archive))
+pkg_description = $(call desc-name,$(pkg_archive))
+products = $(call pkg-files,$(pkg_archive))
+
+BUILD_TARGETS = $(build_target)
+BUILD_TARGETS += $(install_target)
+
+PRODUCT_TARGETS = $(products)
+
+ROOTFS_TARGETS = $(pkg_archive)
+
+
+include ../../../build-system/core.mk
+
+
+env_sysroot = DESTDIR=$(KMOD_32_PKG)
+
+
+extra_configure_switches = --libdir=/lib$(MULTILIB_X86_32_SUFFIX)
+extra_configure_switches += --docdir=/usr/share/doc/$(src_dir_name)
+extra_configure_switches += --mandir=/usr/share/man
+extra_configure_switches += --disable-dependency-tracking
+extra_configure_switches += --sysconfdir=/etc
+extra_configure_switches += --localstatedir=/var
+extra_configure_switches += --bindir=/sbin
+extra_configure_switches += --sbindir=/sbin
+extra_configure_switches += --with-openssl
+extra_configure_switches += --with-zlib
+extra_configure_switches += --with-zstd
+extra_configure_switches += --with-xz
+
+
+TARGET_RPATH = /lib$(MULTILIB_X86_32_SUFFIX):/usr/lib$(MULTILIB_X86_32_SUFFIX)
+
+
+####### Dependencies
+
+$(src_done): $(SRC_ARCHIVE) $(PATCHES_DEP)
+ $(UNPACK_SRC_ARCHIVE)
+ $(APPLY_PATCHES)
+ @touch $@
+
+$(build_target): $(src_done)
+ @mkdir -p $(build_dir)
+ @cd $(build_dir) && \
+ $(BUILD_ENVIRONMENT) ../$(src_dir_name)/configure \
+ --prefix=/usr \
+ --build=$(BUILD) \
+ --host=$(TARGET32) \
+ $(extra_configure_switches)
+ @cd $(build_dir) && $(BUILD_ENVIRONMENT) $(MAKE)
+ @touch $@
+
+$(install_target): $(build_target)
+ @mkdir -p $(KMOD_32_PKG)
+ @cd $(build_dir) && $(BUILD_ENVIRONMENT) $(MAKE) -j1 install $(env_sysroot)
+ @rm -rf $(KMOD_32_PKG)/sbin
+ @rm -rf $(KMOD_32_PKG)/usr/include
+ @rm -rf $(KMOD_32_PKG)/usr/share
+ @mkdir -p $(KMOD_32_PKG)/usr/lib$(MULTILIB_X86_32_SUFFIX)
+ @mv $(KMOD_32_PKG)/lib$(MULTILIB_X86_32_SUFFIX)/pkgconfig $(KMOD_32_PKG)/usr/lib$(MULTILIB_X86_32_SUFFIX)
+ @mv $(KMOD_32_PKG)/lib$(MULTILIB_X86_32_SUFFIX)/{*.so,*.la} $(KMOD_32_PKG)/usr/lib$(MULTILIB_X86_32_SUFFIX)
+ @cp -a $(KMOD_32_PKG)/lib$(MULTILIB_X86_32_SUFFIX)/libkmod.so.2 $(KMOD_32_PKG)/usr/lib$(MULTILIB_X86_32_SUFFIX)
+ @( cd $(KMOD_32_PKG)/usr/lib$(MULTILIB_X86_32_SUFFIX) ; \
+ ln -sf ../../lib$(MULTILIB_X86_32_SUFFIX)/libkmod.so.2.4.0 libkmod.so.2.4.0 ; \
+ sed -i "s,libdir='/lib,libdir='/usr/lib,g" libkmod.la ; \
+ sed -i "s,libdir=/lib,libdir=/usr/lib,g" pkgconfig/libkmod.pc ; \
+ )
+ # remove toolchain path from target libtool *.la files
+ @( cd $(KMOD_32_PKG)/usr/lib$(MULTILIB_X86_32_SUFFIX) ; \
+ sed -i "s,$(TARGET_DEST_DIR),,g" libkmod.la ; \
+ sed -i "s,-L/usr/local/lib ,,g" libkmod.la ; \
+ )
+ # ======= remove -L/lib, -L/usr/lib options from target libtool *.la files =======
+ @( cd $(KMOD_32_PKG)/usr/lib$(MULTILIB_X86_32_SUFFIX) ; \
+ sed -i "s,-L/usr/lib ,,g" libkmod.la ; \
+ sed -i "s,-L/lib ,,g" libkmod.la ; \
+ )
+ # ======= remove toolchain path from target pkg-config *.pc files =======
+ @( cd $(KMOD_32_PKG)/usr/lib$(MULTILIB_X86_32_SUFFIX)/pkgconfig ; \
+ sed -i "s,$(TARGET_DEST_DIR),,g" libkmod.pc ; \
+ sed -i "s,-L/usr/local/lib,-L/usr/lib$(MULTILIB_X86_32_SUFFIX),g" libkmod.pc ; \
+ )
+ # ======= Install the same to $(TARGET_DEST_DIR) =======
+ $(call install-into-devenv, $(KMOD_32_PKG))
+ # ======= tune libtool *.la search path to the target destination for development =======
+ @( cd $(TARGET_DEST_DIR)/usr/lib$(MULTILIB_X86_32_SUFFIX) ; \
+ sed -i "s,/usr,$(TARGET_DEST_DIR)/usr,g" libkmod.la ; \
+ sed -i "s,L/lib,L$(TARGET_DEST_DIR)/lib,g" libkmod.la ; \
+ )
+ # ======= tune pkg-config *.pc search path to the target destination for development =======
+ @( cd $(TARGET_DEST_DIR)/usr/lib$(MULTILIB_X86_32_SUFFIX)/pkgconfig ; \
+ sed -i "s,/usr,$(TARGET_DEST_DIR)/usr,g" libkmod.pc ; \
+ )
+ # ======= Strip binaries =======
+ @( cd $(KMOD_32_PKG); \
+ find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs $(STRIP) --strip-unneeded 2> /dev/null ; \
+ find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs $(STRIP) --strip-unneeded 2> /dev/null ; \
+ )
+ifneq ($(PATCHELF),)
+ # ======= Set RPATH/RUNPATH for target binaries =======
+ @( cd $(KMOD_32_PKG) ; \
+ for file in `find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs echo` ; do \
+ rpath=`$(PATCHELF) --print-rpath $$file 2> /dev/null` ; \
+ if echo "$$rpath" | grep -q "$(TARGET_DEST_DIR)" ; then \
+ $(PATCHELF) --set-rpath $(TARGET_RPATH) $$file 1> /dev/null 2> /dev/null ; \
+ fi ; \
+ done ; \
+ )
+ # ======= Set RPATH/RUNPATH for target shared objects =======
+ @( cd $(KMOD_32_PKG) ; \
+ for file in `find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs echo` ; do \
+ rpath=`$(PATCHELF) --print-rpath $$file 2> /dev/null` ; \
+ if echo "$$rpath" | grep -q "$(TARGET_DEST_DIR)" ; then \
+ $(PATCHELF) --set-rpath $(TARGET_RPATH) $$file 1> /dev/null 2> /dev/null ; \
+ fi ; \
+ done ; \
+ )
+endif
+ @touch $@
+
+$(KMOD_32_PKG_DESCRIPTION_FILE): $(KMOD_32_PKG_DESCRIPTION_FILE_IN)
+ @cat $< | $(SED) -e "s/@VERSION@/$(version)/g" > $@
+
+$(pkg_certificate) : $(pkg_archive) ;
+$(pkg_signature) : $(pkg_archive) ;
+$(pkg_description) : $(pkg_archive) ;
+
+$(pkg_archive): $(install_target) $(KMOD_32_PKG_DESCRIPTION_FILE) $(KMOD_32_PKG_INSTALL_SCRIPT)
+ @cp $(KMOD_32_PKG_DESCRIPTION_FILE) $(KMOD_32_PKG)/.DESCRIPTION
+ @cp $(KMOD_32_PKG_INSTALL_SCRIPT) $(KMOD_32_PKG)/.INSTALL
+ @$(BUILD_PKG_REQUIRES) $(KMOD_32_PKG)/.REQUIRES
+ @echo "pkgname=$(KMOD_32_PKG_NAME)" > $(KMOD_32_PKG)/.PKGINFO ; \
+ echo "pkgver=$(KMOD_32_PKG_VERSION)" >> $(KMOD_32_PKG)/.PKGINFO ; \
+ echo "arch=$(KMOD_32_PKG_ARCH)" >> $(KMOD_32_PKG)/.PKGINFO ; \
+ echo "distroname=$(KMOD_32_PKG_DISTRO_NAME)" >> $(KMOD_32_PKG)/.PKGINFO ; \
+ echo "distrover=$(KMOD_32_PKG_DISTRO_VERSION)" >> $(KMOD_32_PKG)/.PKGINFO ; \
+ echo "group=$(KMOD_32_PKG_GROUP)" >> $(KMOD_32_PKG)/.PKGINFO ; \
+ echo "short_description=\"$(KMOD_32_PKG_SHORT_DESCRIPTION)\"" >> $(KMOD_32_PKG)/.PKGINFO ; \
+ echo "url=$(KMOD_32_PKG_URL)" >> $(KMOD_32_PKG)/.PKGINFO ; \
+ echo "license=$(KMOD_32_PKG_LICENSE)" >> $(KMOD_32_PKG)/.PKGINFO
+ @$(PSEUDO) sh -c "cd $(KMOD_32_PKG) && \
+ chown -R root:root . && \
+ $(MAKE_PACKAGE) -J --linkadd=yes $(GNUPG_OPTIONS) -m -d .. ."
Index: app/kmod/33-x86_32/PATCHES
===================================================================
Index: app/kmod/33-x86_32/kmod-x32-pkg-description.in
===================================================================
--- app/kmod/33-x86_32/kmod-x32-pkg-description.in (nonexistent)
+++ app/kmod/33-x86_32/kmod-x32-pkg-description.in (revision 420)
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description. Line
+# up the first '|' above the ':' following the base package name, and the '|'
+# on the right side marks the last column you can put a character in. You must
+# make exactly 11 lines for the formatting to be correct. It's also
+# customary to leave one space after the ':'.
+
+ |-----handy-ruler------------------------------------------------------|
+kmod-x32: kmod-x32 @VERSION@ (kernel module library)
+kmod-x32:
+kmod-x32: kmod is a set of tools to handle common tasks with Linux kernel
+kmod-x32: modules like insert, remove, list, check properties, resolve
+kmod-x32: dependencies and aliases. The aim is to be compatible with the
+kmod-x32: tools, configurations and indexes from the module-init-tools project.
+kmod-x32:
+kmod-x32: These tools are designed on top of libkmod, a library that is
+kmod-x32: shipped with kmod.
+kmod-x32:
+kmod-x32:
Index: app/kmod/33-x86_32/kmod-x32-pkg-install.sh
===================================================================
--- app/kmod/33-x86_32/kmod-x32-pkg-install.sh (nonexistent)
+++ app/kmod/33-x86_32/kmod-x32-pkg-install.sh (revision 420)
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+# arg 1: the new package version
+pre_install() {
+ /bin/true
+}
+
+# arg 1: the new package version
+post_install() {
+ /bin/true
+}
+
+# arg 1: the new package version
+# arg 2: the old package version
+pre_update() {
+ /bin/true
+}
+
+# arg 1: the new package version
+# arg 2: the old package version
+post_update() {
+ post_install
+}
+
+# arg 1: the old package version
+pre_remove() {
+ /bin/true
+}
+
+# arg 1: the old package version
+post_remove() {
+ /bin/true
+}
+
+
+operation=$1
+shift
+
+$operation $*
Property changes on: app/kmod/33-x86_32/kmod-x32-pkg-install.sh
___________________________________________________________________
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
Index: app/kmod/33-x86_32
===================================================================
--- app/kmod/33-x86_32 (nonexistent)
+++ app/kmod/33-x86_32 (revision 420)
Property changes on: app/kmod/33-x86_32
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,74 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.rk358x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: net/openssl10/1.0.2u/openssl10-pkg-install.sh
===================================================================
--- net/openssl10/1.0.2u/openssl10-pkg-install.sh (revision 419)
+++ net/openssl10/1.0.2u/openssl10-pkg-install.sh (nonexistent)
@@ -1,53 +0,0 @@
-#!/bin/sh
-
-# Preserve new files
-install_file() {
- NEW="$1"
- OLD="`dirname $NEW`/`basename $NEW .new`"
- # If there's no file by that name, mv it over:
- if [ ! -r $OLD ]; then
- mv $NEW $OLD
- elif [ "`cat $OLD | md5sum`" = "`cat $NEW | md5sum`" ]; then # toss the redundant copy
- rm $NEW
- fi
- # Otherwise, we leave the .new copy for the admin to consider...
-}
-
-
-# arg 1: the new package version
-pre_install() {
- /bin/true
-}
-
-# arg 1: the new package version
-post_install() {
- /bin/true
-}
-
-# arg 1: the new package version
-# arg 2: the old package version
-pre_update() {
- /bin/true
-}
-
-# arg 1: the new package version
-# arg 2: the old package version
-post_update() {
- post_install
-}
-
-# arg 1: the old package version
-pre_remove() {
- /bin/true
-}
-
-# arg 1: the old package version
-post_remove() {
- /bin/true
-}
-
-
-operation=$1
-shift
-
-$operation $*
Property changes on: net/openssl10/1.0.2u/openssl10-pkg-install.sh
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: net/openssl10/1.0.2u/PATCHES
===================================================================
--- net/openssl10/1.0.2u/PATCHES (revision 419)
+++ net/openssl10/1.0.2u/PATCHES (nonexistent)
@@ -1,3 +0,0 @@
-
-../../../sources/packages/n/openssl10/patches/openssl-1.0.2u-versioned-symbols.patch -p0
-../../../sources/packages/n/openssl10/patches/openssl-1.0.2u-shlib.patch -p0
Index: net/openssl10/1.0.2u/PATCHES.mips32-O2
===================================================================
--- net/openssl10/1.0.2u/PATCHES.mips32-O2 (revision 419)
+++ net/openssl10/1.0.2u/PATCHES.mips32-O2 (nonexistent)
@@ -1,2 +0,0 @@
-
-../../../sources/packages/n/openssl10/patches/openssl-1.0.2u-mips-O2.patch -p0
Index: net/openssl10/1.0.2u/openssl10-pkg-description.in
===================================================================
--- net/openssl10/1.0.2u/openssl10-pkg-description.in (revision 419)
+++ net/openssl10/1.0.2u/openssl10-pkg-description.in (nonexistent)
@@ -1,19 +0,0 @@
-# HOW TO EDIT THIS FILE:
-# The "handy ruler" below makes it easier to edit a package description. Line
-# up the first '|' above the ':' following the base package name, and the '|'
-# on the right side marks the last column you can put a character in. You must
-# make exactly 11 lines for the formatting to be correct. It's also
-# customary to leave one space after the ':'.
-
- |-----handy-ruler------------------------------------------------------|
-openssl10: openssl10 @VERSION@ (Secure Sockets Layer toolkit 1.0.x)
-openssl10:
-openssl10: The OpenSSL certificate management tool and the shared libraries
-openssl10: that provide various encryption and decryption algorithms and
-openssl10: protocols.
-openssl10: This product includes software developed by the OpenSSL Project for
-openssl10: use in the OpenSSL Toolkit (http://www.openssl.org). This product
-openssl10: includes cryptographic software written by Eric Young
-openssl10: (eay@cryptsoft.com). This product includes software written by Tim
-openssl10: Hudson (tjh@cryptsoft.com).
-openssl10:
Index: net/openssl10/1.0.2u/Makefile
===================================================================
--- net/openssl10/1.0.2u/Makefile (revision 419)
+++ net/openssl10/1.0.2u/Makefile (nonexistent)
@@ -1,304 +0,0 @@
-
-COMPONENT_TARGETS = $(HARDWARE_INTEL_PC32)
-COMPONENT_TARGETS += $(HARDWARE_INTEL_PC64)
-COMPONENT_TARGETS += $(HARDWARE_EBOX_3350DX2)
-COMPONENT_TARGETS += $(HARDWARE_CB1X)
-COMPONENT_TARGETS += $(HARDWARE_CB2X)
-COMPONENT_TARGETS += $(HARDWARE_CB3X)
-COMPONENT_TARGETS += $(HARDWARE_ORANGE_PP2E)
-COMPONENT_TARGETS += $(HARDWARE_NANOPI_NEO)
-COMPONENT_TARGETS += $(HARDWARE_ORANGE_PP)
-COMPONENT_TARGETS += $(HARDWARE_ORANGE_PL2)
-COMPONENT_TARGETS += $(HARDWARE_ORANGE_PI5)
-COMPONENT_TARGETS += $(HARDWARE_ORANGE_PI5B)
-COMPONENT_TARGETS += $(HARDWARE_ORANGE_PI5P)
-COMPONENT_TARGETS += $(HARDWARE_ROCK_5B)
-COMPONENT_TARGETS += $(HARDWARE_WECHIP_TX6)
-COMPONENT_TARGETS += $(HARDWARE_REPKA_PI3)
-COMPONENT_TARGETS += $(HARDWARE_FFRK3288)
-COMPONENT_TARGETS += $(HARDWARE_POIN2)
-COMPONENT_TARGETS += $(HARDWARE_RK3328_CC)
-COMPONENT_TARGETS += $(HARDWARE_KHADAS_EDGE)
-COMPONENT_TARGETS += $(HARDWARE_LEEZ_P710)
-COMPONENT_TARGETS += $(HARDWARE_M201)
-COMPONENT_TARGETS += $(HARDWARE_MXV)
-COMPONENT_TARGETS += $(HARDWARE_P201)
-COMPONENT_TARGETS += $(HARDWARE_NEXBOX_A95X)
-COMPONENT_TARGETS += $(HARDWARE_ODROID_C2)
-COMPONENT_TARGETS += $(HARDWARE_P212)
-COMPONENT_TARGETS += $(HARDWARE_KHADAS_VIM)
-COMPONENT_TARGETS += $(HARDWARE_Q201)
-COMPONENT_TARGETS += $(HARDWARE_ENYBOX_X2)
-COMPONENT_TARGETS += $(HARDWARE_KHADAS_VIM2)
-COMPONENT_TARGETS += $(HARDWARE_NIT6Q)
-COMPONENT_TARGETS += $(HARDWARE_OKMX6DL_C)
-COMPONENT_TARGETS += $(HARDWARE_OKMX6Q_C)
-COMPONENT_TARGETS += $(HARDWARE_BONE_BLACK)
-COMPONENT_TARGETS += $(HARDWARE_OMAP5UEVM)
-COMPONENT_TARGETS += $(HARDWARE_DRA7XXEVM)
-COMPONENT_TARGETS += $(HARDWARE_CI20)
-COMPONENT_TARGETS += $(HARDWARE_BAIKAL_T1)
-COMPONENT_TARGETS += $(HARDWARE_BAIKAL_M1)
-COMPONENT_TARGETS += $(HARDWARE_S824L)
-COMPONENT_TARGETS += $(HARDWARE_VESNIN)
-COMPONENT_TARGETS += $(HARDWARE_S824L_LSB)
-COMPONENT_TARGETS += $(HARDWARE_VESNIN_LSB)
-COMPONENT_TARGETS += $(HARDWARE_TL2WK2)
-COMPONENT_TARGETS += $(HARDWARE_TL2SV2)
-COMPONENT_TARGETS += $(HARDWARE_TL2WK2_LSB)
-COMPONENT_TARGETS += $(HARDWARE_TL2SV2_LSB)
-COMPONENT_TARGETS += $(HARDWARE_VISIONFIVE2)
-COMPONENT_TARGETS += $(HARDWARE_SIFIVE_U740)
-
-
-NEED_ABS_PATH = true
-COMPONENT_IS_3PP = true
-
-NOT_PARALLEL = true
-
-
-include ../../../build-system/constants.mk
-
-
-SOURCE_REQUIRES = sources/packages/n/openssl10
-
-ifeq ($(__USE_BUILT_GCC_LIBS__),yes)
-REQUIRES = dev/gcc/14.2.0
-else
-REQUIRES = libs/zlib/1.3.1
-REQUIRES += libs/gmp/6.3.0
-endif
-
-# ======= __END_OF_REQUIRES__ =======
-
-
-version = 1.0.2u
-tar_gz_archive = $(SRC_PACKAGE_PATH)/packages/n/openssl10/openssl-$(version).tar.gz
-SRC_ARCHIVE = $(tar_gz_archive)
-SRC_DIR = $(TARGET_BUILD_DIR)/openssl-$(version)
-src_dir_name = openssl-$(version)
-src_done = $(TARGET_BUILD_DIR)/.source_done
-
-PATCHES = PATCHES
-
-ifneq ($(filter $(TOOLCHAIN),$(TOOLCHAIN_JZ47XX_GLIBC) $(TOOLCHAIN_P5600_GLIBC)),)
-OPT_PATCHES = PATCHES.mips32-O2
-endif
-
-build_target = $(TARGET_BUILD_DIR)/.build_done
-install_target = $(TARGET_BUILD_DIR)/.install_done
-
-cron_script = $(CURDIR)/cron/certwatch
-
-
-####### Targets
-
-PKG_GROUP = net
-
-#
-# *PKG_NAME & *PKG_VERSION shouldn't be a reference to value.
-#
-OPENSSL_PKG_NAME = openssl10
-OPENSSL_PKG_VERSION = 1.0.2u
-OPENSSL_PKG_ARCH = $(PKGARCH)
-OPENSSL_PKG_DISTRO_NAME = $(DISTRO_NAME)
-OPENSSL_PKG_DISTRO_VERSION = $(DISTRO_VERSION)
-OPENSSL_PKG_GROUP = $(PKG_GROUP)
-### |---handy-ruler-------------------------------|
-OPENSSL_PKG_SHORT_DESCRIPTION = Secure Sockets Layer toolkit 1.0.x
-OPENSSL_PKG_URL = $(BUG_URL)
-OPENSSL_PKG_LICENSE = GPLv2
-OPENSSL_PKG_DESCRIPTION_FILE = $(TARGET_BUILD_DIR)/$(OPENSSL_PKG_NAME)-pkg-description
-OPENSSL_PKG_DESCRIPTION_FILE_IN = $(OPENSSL_PKG_NAME)-pkg-description.in
-OPENSSL_PKG_INSTALL_SCRIPT = $(OPENSSL_PKG_NAME)-pkg-install.sh
-
-OPENSSL_PKG = $(CURDIR)/$(TARGET_BUILD_DIR)/$(OPENSSL_PKG_NAME)-package
-
-pkg_basename = $(OPENSSL_PKG_NAME)-$(OPENSSL_PKG_VERSION)-$(OPENSSL_PKG_ARCH)-$(OPENSSL_PKG_DISTRO_NAME)-$(OPENSSL_PKG_DISTRO_VERSION)
-
-pkg_archive = $(TARGET_BUILD_DIR)/$(PKG_GROUP)/$(pkg_basename).$(pkg_arch_suffix)
-pkg_certificate = $(call cert-name,$(pkg_archive))
-pkg_signature = $(call sign-name,$(pkg_archive))
-pkg_description = $(call desc-name,$(pkg_archive))
-products = $(call pkg-files,$(pkg_archive))
-
-BUILD_TARGETS = $(build_target)
-BUILD_TARGETS += $(install_target)
-
-PRODUCT_TARGETS = $(products)
-
-ROOTFS_TARGETS = $(pkg_archive)
-
-
-include ../../../build-system/core.mk
-
-
-env_sysroot = INSTALL_PREFIX=$(OPENSSL_PKG)
-
-
-# These are the known patent issues with OpenSSL:
-# name | expires
-# -------+------------------------------------
-# MDC-2: | 4,908,861 2007-03-13, not included
-# IDEA: | 5,214,703 2010-05-25, not included
-# RC5: | 5,724,428 2015-03-03, not included
-#
-# Although all of the above are expired, it's still
-# probably not a good idea to include them as there
-# are better algorithms to use.
-#
-extra_configure_switches = --libdir=lib$(LIBSUFFIX)/openssl-1.0
-extra_configure_switches += --openssldir=/etc/ssl
-extra_configure_switches += no-mdc2
-extra_configure_switches += no-idea
-extra_configure_switches += no-rc5
-extra_configure_switches += no-sse2
-extra_configure_switches += no-ssl2
-extra_configure_switches += no-weak-ssl-ciphers
-extra_configure_switches += zlib-dynamic
-extra_configure_switches += shared
-
-
-ifneq ($(filter $(TOOLCHAIN),$(TOOLCHAIN_I586_GLIBC)),)
-arch = i586
-endif
-ifneq ($(filter $(TOOLCHAIN),$(TOOLCHAIN_I686_GLIBC)),)
-arch = i686
-endif
-ifneq ($(filter $(TOOLCHAIN),$(TOOLCHAIN_X86_64_GLIBC)),)
-arch = x86_64
-openssl_environment = KERNEL_BITS=64
-endif
-ifneq ($(filter $(TOOLCHAIN),$(TOOLCHAIN_A1X_GLIBC) $(TOOLCHAIN_A2X_GLIBC) \
- $(TOOLCHAIN_H3_GLIBC) $(TOOLCHAIN_RK328X_GLIBC) \
- $(TOOLCHAIN_S8XX_GLIBC) $(TOOLCHAIN_IMX6_GLIBC) \
- $(TOOLCHAIN_AM335X_GLIBC) $(TOOLCHAIN_OMAP543X_GLIBC)),)
-arch = arm
-endif
-ifneq ($(filter $(TOOLCHAIN),$(TOOLCHAIN_H5_GLIBC) $(TOOLCHAIN_RK33XX_GLIBC) \
- $(TOOLCHAIN_RK339X_GLIBC) $(TOOLCHAIN_RK358X_GLIBC) \
- $(TOOLCHAIN_S9XX_GLIBC) \
- $(TOOLCHAIN_A311X_GLIBC) $(TOOLCHAIN_M1000_GLIBC)),)
-arch = aarch64
-openssl_environment = KERNEL_BITS=64
-endif
-ifneq ($(filter $(TOOLCHAIN),$(TOOLCHAIN_JZ47XX_GLIBC) $(TOOLCHAIN_P5600_GLIBC)),)
-arch = mips32
-endif
-ifneq ($(filter $(TOOLCHAIN),$(TOOLCHAIN_POWER8_GLIBC) $(TOOLCHAIN_POWER9_GLIBC)),)
-arch = ppc64
-openssl_environment = KERNEL_BITS=64
-endif
-ifneq ($(filter $(TOOLCHAIN),$(TOOLCHAIN_POWER8LE_GLIBC) $(TOOLCHAIN_POWER9LE_GLIBC)),)
-arch = ppc64le
-openssl_environment = KERNEL_BITS=64
-endif
-ifneq ($(filter $(TOOLCHAIN),$(TOOLCHAIN_RISCV64_GLIBC)),)
-arch = generic64
-openssl_environment = KERNEL_BITS=64
-endif
-
-openssl_environment += MACHINE=$(arch) SYSTEM=Linux
-
-
-####### Dependencies
-
-$(src_done): $(SRC_ARCHIVE) $(PATCHES_DEP)
- $(UNPACK_SRC_ARCHIVE)
- $(APPLY_PATCHES)
- $(call apply-opt-patches, $(SRC_DIR))
- @( cd $(SRC_DIR) ; \
- find . -name "*.pod" -exec sed -i "s/^\=item \([0-9]\)\(\ \|\.\|$$\)/\=item C<\1>/g" {} \; \
- )
-ifneq ($(filter $(TOOLCHAIN),$(TOOLCHAIN_I586_GLIBC)),)
- @( cd $(SRC_DIR) ; \
- sed -i "/linux-elf/s/fomit-frame-pointer/fomit-frame-pointer -march=i586 -mtune=i586/g" Configure ; \
- )
-endif
-ifneq ($(filter $(TOOLCHAIN),$(TOOLCHAIN_I686_GLIBC)),)
- @( cd $(SRC_DIR) ; \
- sed -i "/linux-elf/s/fomit-frame-pointer/fomit-frame-pointer -march=i686 -mtune=i686/g" Configure ; \
- )
-endif
- @touch $@
-
-$(build_target): $(src_done)
- @cd $(SRC_DIR) && \
- $(BUILD_ENVIRONMENT) $(openssl_environment) ./config \
- --prefix=/usr \
- $(extra_configure_switches) \
- $(ARCH_FLAGS) \
- $(HW_FLAGS)
- # ======= workaround for crypto/evp/... =======
- @( cd $(SRC_DIR)/include/openssl ; \
- ln -sf ../../crypto/idea/idea.h idea.h ; \
- ln -sf ../../crypto/mdc2/mdc2.h mdc2.h ; \
- ln -sf ../../crypto/rc5/rc5.h rc5.h ; \
- )
- @cd $(SRC_DIR) && $(BUILD_ENVIRONMENT) $(MAKE) -j1
- @touch $@
-
-$(install_target): $(build_target)
- @mkdir -p $(OPENSSL_PKG)
- @cd $(SRC_DIR) && $(BUILD_ENVIRONMENT) $(MAKE) -j1 MANDIR=/usr/share/man install $(env_sysroot)
-ifneq ($(__ENABLE_STATIC__),yes)
- @rm -f $(OPENSSL_PKG)/usr/lib$(LIBSUFFIX)/openssl-1.0/*.a
-endif
- @rm -rf $(OPENSSL_PKG)/etc
- @rm -rf $(OPENSSL_PKG)/usr/share
- @mkdir -p $(OPENSSL_PKG)/usr/include/openssl-1.0
- @mv $(OPENSSL_PKG)/usr/include/openssl $(OPENSSL_PKG)/usr/include/openssl-1.0/openssl
- @mv $(OPENSSL_PKG)/usr/bin/openssl $(OPENSSL_PKG)/usr/bin/openssl-1.0
- @rm -f $(OPENSSL_PKG)/usr/bin/c_rehash
- @sed -e 's,/include$$,/include/openssl-1.0,' -i $(OPENSSL_PKG)/usr/lib$(LIBSUFFIX)/openssl-1.0/pkgconfig/*.pc
- @mkdir -p $(OPENSSL_PKG)/lib$(LIBSUFFIX)/openssl-1.0
- @( cd $(OPENSSL_PKG)/usr/lib$(LIBSUFFIX)/openssl-1.0 ; \
- chmod +w lib*.so.?.?.? ; \
- mv lib*.so.?.?.? ../../../lib$(LIBSUFFIX)/openssl-1.0 ; \
- ln -sf ../../../lib$(LIBSUFFIX)/openssl-1.0/lib*.so.?.?.? . ; \
- ln -sf libcrypto.so.?.?.? libcrypto.so.1 ; \
- ln -sf libssl.so.?.?.? libssl.so.1 ; \
- cp -a lib*.so.? ../../../lib$(LIBSUFFIX)/openssl-1.0 ; \
- )
- @chmod +w $(OPENSSL_PKG)/usr/lib$(LIBSUFFIX)/openssl-1.0/engines/*.so
- # ======= Install the same to $(TARGET_DEST_DIR) =======
- $(call install-into-devenv, $(OPENSSL_PKG))
- # ======= tune pkg-config *.pc search path to the target destination for development =======
- @( cd $(TARGET_DEST_DIR)/usr/lib$(LIBSUFFIX)/openssl-1.0/pkgconfig ; \
- sed -i "s,/usr,$(TARGET_DEST_DIR)/usr,g" libcrypto.pc libssl.pc openssl.pc \
- )
- # ======= Strip binaries =======
- @( cd $(OPENSSL_PKG) ; \
- find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs $(STRIP) --strip-unneeded 2> /dev/null ; \
- find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs $(STRIP) --strip-unneeded 2> /dev/null ; \
- )
-ifeq ($(__ENABLE_STATIC__),yes)
- @( cd $(OPENSSL_PKG) ; \
- find . | xargs file | grep "current ar archive" | cut -f 1 -d : | xargs $(STRIP) -g 2> /dev/null ; \
- )
-endif
- @touch $@
-
-$(OPENSSL_PKG_DESCRIPTION_FILE): $(OPENSSL_PKG_DESCRIPTION_FILE_IN)
- @cat $< | $(SED) -e "s/@VERSION@/$(version)/g" > $@
-
-$(pkg_certificate) : $(pkg_archive) ;
-$(pkg_signature) : $(pkg_archive) ;
-$(pkg_description) : $(pkg_archive) ;
-
-$(pkg_archive): $(install_target) $(OPENSSL_PKG_DESCRIPTION_FILE) $(OPENSSL_PKG_INSTALL_SCRIPT)
- @cp $(OPENSSL_PKG_DESCRIPTION_FILE) $(OPENSSL_PKG)/.DESCRIPTION
- @cp $(OPENSSL_PKG_INSTALL_SCRIPT) $(OPENSSL_PKG)/.INSTALL
- @$(BUILD_PKG_REQUIRES) $(OPENSSL_PKG)/.REQUIRES
- @echo "pkgname=$(OPENSSL_PKG_NAME)" > $(OPENSSL_PKG)/.PKGINFO ; \
- echo "pkgver=$(OPENSSL_PKG_VERSION)" >> $(OPENSSL_PKG)/.PKGINFO ; \
- echo "arch=$(OPENSSL_PKG_ARCH)" >> $(OPENSSL_PKG)/.PKGINFO ; \
- echo "distroname=$(OPENSSL_PKG_DISTRO_NAME)" >> $(OPENSSL_PKG)/.PKGINFO ; \
- echo "distrover=$(OPENSSL_PKG_DISTRO_VERSION)" >> $(OPENSSL_PKG)/.PKGINFO ; \
- echo "group=$(OPENSSL_PKG_GROUP)" >> $(OPENSSL_PKG)/.PKGINFO ; \
- echo "short_description=\"$(OPENSSL_PKG_SHORT_DESCRIPTION)\"" >> $(OPENSSL_PKG)/.PKGINFO ; \
- echo "url=$(OPENSSL_PKG_URL)" >> $(OPENSSL_PKG)/.PKGINFO ; \
- echo "license=$(OPENSSL_PKG_LICENSE)" >> $(OPENSSL_PKG)/.PKGINFO
- @$(PSEUDO) sh -c "cd $(OPENSSL_PKG) && \
- chown -R root:root . && \
- $(MAKE_PACKAGE) -J --linkadd=yes $(GNUPG_OPTIONS) -m -d .. ."
Index: net/openssl10/1.0.2u
===================================================================
--- net/openssl10/1.0.2u (revision 419)
+++ net/openssl10/1.0.2u (nonexistent)
Property changes on: net/openssl10/1.0.2u
___________________________________________________________________
Deleted: svn:ignore
## -1,74 +0,0 ##
-
-# install dir
-dist
-
-# Target build dirs
-.a1x-newlib
-.a2x-newlib
-.at91sam7s-newlib
-
-.build-machine
-
-.a1x-glibc
-.a2x-glibc
-.h3-glibc
-.h5-glibc
-.i586-glibc
-.i686-glibc
-.imx6-glibc
-.jz47xx-glibc
-.makefile
-.am335x-glibc
-.omap543x-glibc
-.p5600-glibc
-.power8-glibc
-.power8le-glibc
-.power9-glibc
-.power9le-glibc
-.m1000-glibc
-.riscv64-glibc
-.rk328x-glibc
-.rk33xx-glibc
-.rk339x-glibc
-.rk358x-glibc
-.s8xx-glibc
-.s9xx-glibc
-.x86_64-glibc
-
-# Hidden files (each file)
-.makefile
-.dist
-.rootfs
-
-# src & hw requires
-.src_requires
-.src_requires_depend
-.requires
-.requires_depend
-
-# Tarballs
-*.gz
-*.bz2
-*.lz
-*.xz
-*.tgz
-*.txz
-
-# Signatures
-*.asc
-*.sig
-*.sign
-*.sha1sum
-
-# Patches
-*.patch
-
-# Descriptions
-*.dsc
-*.txt
-
-# Default linux config files
-*.defconfig
-
-# backup copies
-*~
Index: net/openssl10/1.0.2u-ppc32/openssl10-x32-pkg-install.sh
===================================================================
--- net/openssl10/1.0.2u-ppc32/openssl10-x32-pkg-install.sh (revision 419)
+++ net/openssl10/1.0.2u-ppc32/openssl10-x32-pkg-install.sh (nonexistent)
@@ -1,39 +0,0 @@
-#!/bin/sh
-
-# arg 1: the new package version
-pre_install() {
- /bin/true
-}
-
-# arg 1: the new package version
-post_install() {
- /bin/true
-}
-
-# arg 1: the new package version
-# arg 2: the old package version
-pre_update() {
- /bin/true
-}
-
-# arg 1: the new package version
-# arg 2: the old package version
-post_update() {
- post_install
-}
-
-# arg 1: the old package version
-pre_remove() {
- /bin/true
-}
-
-# arg 1: the old package version
-post_remove() {
- /bin/true
-}
-
-
-operation=$1
-shift
-
-$operation $*
Property changes on: net/openssl10/1.0.2u-ppc32/openssl10-x32-pkg-install.sh
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: net/openssl10/1.0.2u-ppc32/PATCHES
===================================================================
--- net/openssl10/1.0.2u-ppc32/PATCHES (revision 419)
+++ net/openssl10/1.0.2u-ppc32/PATCHES (nonexistent)
@@ -1,3 +0,0 @@
-
-../../../sources/packages/n/openssl10/patches/openssl-1.0.2u-versioned-symbols.patch -p0
-../../../sources/packages/n/openssl10/patches/openssl-1.0.2u-shlib.patch -p0
Index: net/openssl10/1.0.2u-ppc32/openssl10-x32-pkg-description.in
===================================================================
--- net/openssl10/1.0.2u-ppc32/openssl10-x32-pkg-description.in (revision 419)
+++ net/openssl10/1.0.2u-ppc32/openssl10-x32-pkg-description.in (nonexistent)
@@ -1,19 +0,0 @@
-# HOW TO EDIT THIS FILE:
-# The "handy ruler" below makes it easier to edit a package description. Line
-# up the first '|' above the ':' following the base package name, and the '|'
-# on the right side marks the last column you can put a character in. You must
-# make exactly 11 lines for the formatting to be correct. It's also
-# customary to leave one space after the ':'.
-
- |-----handy-ruler------------------------------------------------------|
-openssl10-x32: openssl10-x32 @VERSION@ (Secure Sockets Layer toolkit 1.0.x)
-openssl10-x32:
-openssl10-x32: The OpenSSL certificate management tool and the shared libraries
-openssl10-x32: that provide various encryption and decryption algorithms and
-openssl10-x32: protocols.
-openssl10-x32: This product includes software developed by the OpenSSL Project for
-openssl10-x32: use in the OpenSSL Toolkit (http://www.openssl.org). This product
-openssl10-x32: includes cryptographic software written by Eric Young
-openssl10-x32: (eay@cryptsoft.com). This product includes software written by Tim
-openssl10-x32: Hudson (tjh@cryptsoft.com).
-openssl10-x32:
Index: net/openssl10/1.0.2u-ppc32/Makefile
===================================================================
--- net/openssl10/1.0.2u-ppc32/Makefile (revision 419)
+++ net/openssl10/1.0.2u-ppc32/Makefile (nonexistent)
@@ -1,188 +0,0 @@
-
-COMPONENT_TARGETS = $(HARDWARE_S824L)
-COMPONENT_TARGETS += $(HARDWARE_VESNIN)
-COMPONENT_TARGETS += $(HARDWARE_TL2WK2)
-COMPONENT_TARGETS += $(HARDWARE_TL2SV2)
-
-NEED_ABS_PATH = true
-COMPONENT_IS_3PP = true
-
-NOT_PARALLEL = true
-
-CREATE_PPC32_PACKAGE = true
-
-
-include ../../../build-system/constants.mk
-
-
-SOURCE_REQUIRES = sources/packages/n/openssl10
-
-REQUIRES = net/openssl10/1.0.2u
-REQUIRES += libs/zlib/1.3.1-ppc32
-REQUIRES += libs/gmp/6.3.0-ppc32
-
-# ======= __END_OF_REQUIRES__ =======
-
-
-version = 1.0.2u
-tar_gz_archive = $(SRC_PACKAGE_PATH)/packages/n/openssl10/openssl-$(version).tar.gz
-SRC_ARCHIVE = $(tar_gz_archive)
-SRC_DIR = $(TARGET_BUILD_DIR)/openssl-$(version)
-src_dir_name = openssl-$(version)
-src_done = $(TARGET_BUILD_DIR)/.source_done
-
-PATCHES = PATCHES
-
-build_dir = $(TARGET_BUILD_DIR)/build
-build_target = $(TARGET_BUILD_DIR)/.build_done
-install_target = $(TARGET_BUILD_DIR)/.install_done
-
-
-####### Targets
-
-PKG_GROUP = net
-#
-# *PKG_NAME & *PKG_VERSION shouldn't be a reference to value.
-#
-OPENSSL32_PKG_NAME = openssl10-x32
-OPENSSL32_PKG_VERSION = 1.0.2u
-OPENSSL32_PKG_ARCH = $(PKGARCH)
-OPENSSL32_PKG_DISTRO_NAME = $(DISTRO_NAME)
-OPENSSL32_PKG_DISTRO_VERSION = $(DISTRO_VERSION)
-OPENSSL32_PKG_GROUP = $(PKG_GROUP)
-### |---handy-ruler-------------------------------|
-OPENSSL32_PKG_SHORT_DESCRIPTION = Secure Sockets Layer toolkit 1.0.x
-OPENSSL32_PKG_URL = $(BUG_URL)
-OPENSSL32_PKG_LICENSE = GPLv2
-OPENSSL32_PKG_DESCRIPTION_FILE = $(TARGET_BUILD_DIR)/$(OPENSSL32_PKG_NAME)-pkg-description
-OPENSSL32_PKG_DESCRIPTION_FILE_IN = $(OPENSSL32_PKG_NAME)-pkg-description.in
-OPENSSL32_PKG_INSTALL_SCRIPT = $(OPENSSL32_PKG_NAME)-pkg-install.sh
-
-OPENSSL32_PKG = $(CURDIR)/$(TARGET_BUILD_DIR)/$(OPENSSL32_PKG_NAME)-package
-
-pkg_basename = $(OPENSSL32_PKG_NAME)-$(OPENSSL32_PKG_VERSION)-$(OPENSSL32_PKG_ARCH)-$(OPENSSL32_PKG_DISTRO_NAME)-$(OPENSSL32_PKG_DISTRO_VERSION)
-
-pkg_archive = $(TARGET_BUILD_DIR)/$(PKG_GROUP)/$(pkg_basename).$(pkg_arch_suffix)
-pkg_certificate = $(call cert-name,$(pkg_archive))
-pkg_signature = $(call sign-name,$(pkg_archive))
-pkg_description = $(call desc-name,$(pkg_archive))
-products = $(call pkg-files,$(pkg_archive))
-
-BUILD_TARGETS = $(build_target)
-BUILD_TARGETS += $(install_target)
-
-PRODUCT_TARGETS = $(products)
-
-ROOTFS_TARGETS = $(pkg_archive)
-
-
-include ../../../build-system/core.mk
-
-
-env_sysroot = INSTALL_PREFIX=$(OPENSSL32_PKG)
-
-
-extra_configure_switches = --libdir=lib$(MULTILIB_PPC32_SUFFIX)/openssl-1.0
-extra_configure_switches += --openssldir=/etc/ssl
-extra_configure_switches += no-mdc2
-extra_configure_switches += no-idea
-extra_configure_switches += no-rc5
-extra_configure_switches += no-sse2
-extra_configure_switches += no-ssl2
-extra_configure_switches += no-weak-ssl-ciphers
-extra_configure_switches += zlib-dynamic
-extra_configure_switches += shared
-
-openssl_environment = KERNEL_BITS=32 MACHINE=ppc64 SYSTEM=Linux
-
-####### Dependencies
-
-$(src_done): $(SRC_ARCHIVE) $(PATCHES_DEP)
- $(UNPACK_SRC_ARCHIVE)
- $(APPLY_PATCHES)
- @( cd $(SRC_DIR) ; \
- find . -name "*.pod" -exec sed -i "s/^\=item \([0-9]\)\(\ \|\.\|$$\)/\=item C<\1>/g" {} \; \
- )
- @touch $@
-
-$(build_target): $(src_done)
- @cd $(SRC_DIR) && $(BUILD_ENVIRONMENT) $(openssl_environment) ./config \
- --prefix=/usr \
- $(extra_configure_switches) \
- $(ARCH_FLAGS) \
- $(HW_FLAGS)
- # ======= workaround for crypto/evp/... =======
- @( cd $(SRC_DIR)/include/openssl ; \
- ln -sf ../../crypto/idea/idea.h idea.h ; \
- ln -sf ../../crypto/mdc2/mdc2.h mdc2.h ; \
- ln -sf ../../crypto/rc5/rc5.h rc5.h ; \
- )
- @cd $(SRC_DIR) && $(BUILD_ENVIRONMENT) $(MAKE) -j1
- @touch $@
-
-$(install_target): $(build_target)
- @mkdir -p $(OPENSSL32_PKG)
- @cd $(SRC_DIR) && $(BUILD_ENVIRONMENT) $(MAKE) -j1 MANDIR=/usr/share/man install $(env_sysroot)
-ifneq ($(__ENABLE_STATIC__),yes)
- @rm -f $(OPENSSL32_PKG)/usr/lib$(MULTILIB_PPC32_SUFFIX)/openssl-1.0/*.a
-endif
- @mkdir -p $(OPENSSL32_PKG)/usr/bin/32
- @( cd $(OPENSSL32_PKG)/usr/bin ; \
- rm -f c_rehash ; \
- mv openssl 32/openssl-1.0 ; \
- )
- @sed -e 's,/include$$,/include/openssl-1.0,' -i $(OPENSSL32_PKG)/usr/lib$(MULTILIB_PPC32_SUFFIX)/openssl-1.0/pkgconfig/*.pc
- @mkdir -p $(OPENSSL32_PKG)/lib$(MULTILIB_PPC32_SUFFIX)/openssl-1.0
- @( cd $(OPENSSL32_PKG)/usr/lib$(MULTILIB_PPC32_SUFFIX)/openssl-1.0 ; \
- chmod +w lib*.so.?.?.? ; \
- mv lib*.so.?.?.? ../../../lib$(MULTILIB_PPC32_SUFFIX)/openssl-1.0 ; \
- ln -sf ../../../lib$(MULTILIB_PPC32_SUFFIX)/openssl-1.0/lib*.so.?.?.? . ; \
- ln -sf libcrypto.so.?.?.? libcrypto.so.1 ; \
- ln -sf libssl.so.?.?.? libssl.so.1 ; \
- cp -a lib*.so.? ../../../lib$(MULTILIB_PPC32_SUFFIX)/openssl-1.0 ; \
- )
- @chmod +w $(OPENSSL32_PKG)/usr/lib$(MULTILIB_PPC32_SUFFIX)/openssl-1.0/engines/*.so
- @rm -rf $(OPENSSL32_PKG)/etc
- @rm -rf $(OPENSSL32_PKG)/usr/include
- @rm -rf $(OPENSSL32_PKG)/usr/share
- # ======= Install the same to $(TARGET_DEST_DIR) =======
- $(call install-into-devenv, $(OPENSSL32_PKG))
- # ======= tune pkg-config *.pc search path to the target destination for development =======
- @( cd $(TARGET_DEST_DIR)/usr/lib$(MULTILIB_PPC32_SUFFIX)/openssl-1.0/pkgconfig ; \
- sed -i "s,/usr,$(TARGET_DEST_DIR)/usr,g" libcrypto.pc libssl.pc openssl.pc \
- )
- # ======= Strip binaries =======
- @( cd $(OPENSSL32_PKG) ; \
- find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs $(STRIP) --strip-unneeded 2> /dev/null ; \
- find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs $(STRIP) --strip-unneeded 2> /dev/null ; \
- )
-ifeq ($(__ENABLE_STATIC__),yes)
- @( cd $(OPENSSL32_PKG) ; \
- find . | xargs file | grep "current ar archive" | cut -f 1 -d : | xargs $(STRIP) -g 2> /dev/null ; \
- )
-endif
- @touch $@
-
-$(OPENSSL32_PKG_DESCRIPTION_FILE): $(OPENSSL32_PKG_DESCRIPTION_FILE_IN)
- @cat $< | $(SED) -e "s/@VERSION@/$(version)/g" > $@
-
-$(pkg_certificate) : $(pkg_archive) ;
-$(pkg_signature) : $(pkg_archive) ;
-$(pkg_description) : $(pkg_archive) ;
-
-$(pkg_archive): $(install_target) $(OPENSSL32_PKG_DESCRIPTION_FILE) $(OPENSSL32_PKG_INSTALL_SCRIPT)
- @cp $(OPENSSL32_PKG_DESCRIPTION_FILE) $(OPENSSL32_PKG)/.DESCRIPTION
- @cp $(OPENSSL32_PKG_INSTALL_SCRIPT) $(OPENSSL32_PKG)/.INSTALL
- @$(BUILD_PKG_REQUIRES) $(OPENSSL32_PKG)/.REQUIRES
- @echo "pkgname=$(OPENSSL32_PKG_NAME)" > $(OPENSSL32_PKG)/.PKGINFO ; \
- echo "pkgver=$(OPENSSL32_PKG_VERSION)" >> $(OPENSSL32_PKG)/.PKGINFO ; \
- echo "arch=$(OPENSSL32_PKG_ARCH)" >> $(OPENSSL32_PKG)/.PKGINFO ; \
- echo "distroname=$(OPENSSL32_PKG_DISTRO_NAME)" >> $(OPENSSL32_PKG)/.PKGINFO ; \
- echo "distrover=$(OPENSSL32_PKG_DISTRO_VERSION)" >> $(OPENSSL32_PKG)/.PKGINFO ; \
- echo "group=$(OPENSSL32_PKG_GROUP)" >> $(OPENSSL32_PKG)/.PKGINFO ; \
- echo "short_description=\"$(OPENSSL32_PKG_SHORT_DESCRIPTION)\"" >> $(OPENSSL32_PKG)/.PKGINFO ; \
- echo "url=$(OPENSSL32_PKG_URL)" >> $(OPENSSL32_PKG)/.PKGINFO ; \
- echo "license=$(OPENSSL32_PKG_LICENSE)" >> $(OPENSSL32_PKG)/.PKGINFO
- @$(PSEUDO) sh -c "cd $(OPENSSL32_PKG) && \
- chown -R root:root . && \
- $(MAKE_PACKAGE) -J --linkadd=yes $(GNUPG_OPTIONS) -m -d .. ."
Index: net/openssl10/1.0.2u-ppc32
===================================================================
--- net/openssl10/1.0.2u-ppc32 (revision 419)
+++ net/openssl10/1.0.2u-ppc32 (nonexistent)
Property changes on: net/openssl10/1.0.2u-ppc32
___________________________________________________________________
Deleted: svn:ignore
## -1,74 +0,0 ##
-
-# install dir
-dist
-
-# Target build dirs
-.a1x-newlib
-.a2x-newlib
-.at91sam7s-newlib
-
-.build-machine
-
-.a1x-glibc
-.a2x-glibc
-.h3-glibc
-.h5-glibc
-.i586-glibc
-.i686-glibc
-.imx6-glibc
-.jz47xx-glibc
-.makefile
-.am335x-glibc
-.omap543x-glibc
-.p5600-glibc
-.power8-glibc
-.power8le-glibc
-.power9-glibc
-.power9le-glibc
-.m1000-glibc
-.riscv64-glibc
-.rk328x-glibc
-.rk33xx-glibc
-.rk339x-glibc
-.rk358x-glibc
-.s8xx-glibc
-.s9xx-glibc
-.x86_64-glibc
-
-# Hidden files (each file)
-.makefile
-.dist
-.rootfs
-
-# src & hw requires
-.src_requires
-.src_requires_depend
-.requires
-.requires_depend
-
-# Tarballs
-*.gz
-*.bz2
-*.lz
-*.xz
-*.tgz
-*.txz
-
-# Signatures
-*.asc
-*.sig
-*.sign
-*.sha1sum
-
-# Patches
-*.patch
-
-# Descriptions
-*.dsc
-*.txt
-
-# Default linux config files
-*.defconfig
-
-# backup copies
-*~
Index: net/openssl10/1.0.2u-x86_32/openssl10-x32-pkg-install.sh
===================================================================
--- net/openssl10/1.0.2u-x86_32/openssl10-x32-pkg-install.sh (revision 419)
+++ net/openssl10/1.0.2u-x86_32/openssl10-x32-pkg-install.sh (nonexistent)
@@ -1,39 +0,0 @@
-#!/bin/sh
-
-# arg 1: the new package version
-pre_install() {
- /bin/true
-}
-
-# arg 1: the new package version
-post_install() {
- /bin/true
-}
-
-# arg 1: the new package version
-# arg 2: the old package version
-pre_update() {
- /bin/true
-}
-
-# arg 1: the new package version
-# arg 2: the old package version
-post_update() {
- post_install
-}
-
-# arg 1: the old package version
-pre_remove() {
- /bin/true
-}
-
-# arg 1: the old package version
-post_remove() {
- /bin/true
-}
-
-
-operation=$1
-shift
-
-$operation $*
Property changes on: net/openssl10/1.0.2u-x86_32/openssl10-x32-pkg-install.sh
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: net/openssl10/1.0.2u-x86_32/PATCHES
===================================================================
--- net/openssl10/1.0.2u-x86_32/PATCHES (revision 419)
+++ net/openssl10/1.0.2u-x86_32/PATCHES (nonexistent)
@@ -1,3 +0,0 @@
-
-../../../sources/packages/n/openssl10/patches/openssl-1.0.2u-versioned-symbols.patch -p0
-../../../sources/packages/n/openssl10/patches/openssl-1.0.2u-shlib.patch -p0
Index: net/openssl10/1.0.2u-x86_32/openssl10-x32-pkg-description.in
===================================================================
--- net/openssl10/1.0.2u-x86_32/openssl10-x32-pkg-description.in (revision 419)
+++ net/openssl10/1.0.2u-x86_32/openssl10-x32-pkg-description.in (nonexistent)
@@ -1,19 +0,0 @@
-# HOW TO EDIT THIS FILE:
-# The "handy ruler" below makes it easier to edit a package description. Line
-# up the first '|' above the ':' following the base package name, and the '|'
-# on the right side marks the last column you can put a character in. You must
-# make exactly 11 lines for the formatting to be correct. It's also
-# customary to leave one space after the ':'.
-
- |-----handy-ruler------------------------------------------------------|
-openssl10-x32: openssl10-x32 @VERSION@ (Secure Sockets Layer toolkit 1.0.x)
-openssl10-x32:
-openssl10-x32: The OpenSSL certificate management tool and the shared libraries
-openssl10-x32: that provide various encryption and decryption algorithms and
-openssl10-x32: protocols.
-openssl10-x32: This product includes software developed by the OpenSSL Project for
-openssl10-x32: use in the OpenSSL Toolkit (http://www.openssl.org). This product
-openssl10-x32: includes cryptographic software written by Eric Young
-openssl10-x32: (eay@cryptsoft.com). This product includes software written by Tim
-openssl10-x32: Hudson (tjh@cryptsoft.com).
-openssl10-x32:
Index: net/openssl10/1.0.2u-x86_32/Makefile
===================================================================
--- net/openssl10/1.0.2u-x86_32/Makefile (revision 419)
+++ net/openssl10/1.0.2u-x86_32/Makefile (nonexistent)
@@ -1,188 +0,0 @@
-
-COMPONENT_TARGETS = $(HARDWARE_INTEL_PC64)
-
-NEED_ABS_PATH = true
-COMPONENT_IS_3PP = true
-
-NOT_PARALLEL = true
-
-CREATE_X86_32_PACKAGE = true
-
-
-include ../../../build-system/constants.mk
-
-
-SOURCE_REQUIRES = sources/packages/n/openssl10
-
-REQUIRES = net/openssl10/1.0.2u
-REQUIRES += libs/zlib/1.3.1-x86_32
-REQUIRES += libs/gmp/6.3.0-x86_32
-
-# ======= __END_OF_REQUIRES__ =======
-
-
-version = 1.0.2u
-tar_gz_archive = $(SRC_PACKAGE_PATH)/packages/n/openssl10/openssl-$(version).tar.gz
-SRC_ARCHIVE = $(tar_gz_archive)
-SRC_DIR = $(TARGET_BUILD_DIR)/openssl-$(version)
-src_dir_name = openssl-$(version)
-src_done = $(TARGET_BUILD_DIR)/.source_done
-
-PATCHES = PATCHES
-
-build_dir = $(TARGET_BUILD_DIR)/build
-build_target = $(TARGET_BUILD_DIR)/.build_done
-install_target = $(TARGET_BUILD_DIR)/.install_done
-
-
-####### Targets
-
-PKG_GROUP = net
-#
-# *PKG_NAME & *PKG_VERSION shouldn't be a reference to value.
-#
-OPENSSL32_PKG_NAME = openssl10-x32
-OPENSSL32_PKG_VERSION = 1.0.2u
-OPENSSL32_PKG_ARCH = $(PKGARCH)
-OPENSSL32_PKG_DISTRO_NAME = $(DISTRO_NAME)
-OPENSSL32_PKG_DISTRO_VERSION = $(DISTRO_VERSION)
-OPENSSL32_PKG_GROUP = $(PKG_GROUP)
-### |---handy-ruler-------------------------------|
-OPENSSL32_PKG_SHORT_DESCRIPTION = Secure Sockets Layer toolkit 1.0.x
-OPENSSL32_PKG_URL = $(BUG_URL)
-OPENSSL32_PKG_LICENSE = GPLv2
-OPENSSL32_PKG_DESCRIPTION_FILE = $(TARGET_BUILD_DIR)/$(OPENSSL32_PKG_NAME)-pkg-description
-OPENSSL32_PKG_DESCRIPTION_FILE_IN = $(OPENSSL32_PKG_NAME)-pkg-description.in
-OPENSSL32_PKG_INSTALL_SCRIPT = $(OPENSSL32_PKG_NAME)-pkg-install.sh
-
-OPENSSL32_PKG = $(CURDIR)/$(TARGET_BUILD_DIR)/$(OPENSSL32_PKG_NAME)-package
-
-pkg_basename = $(OPENSSL32_PKG_NAME)-$(OPENSSL32_PKG_VERSION)-$(OPENSSL32_PKG_ARCH)-$(OPENSSL32_PKG_DISTRO_NAME)-$(OPENSSL32_PKG_DISTRO_VERSION)
-
-pkg_archive = $(TARGET_BUILD_DIR)/$(PKG_GROUP)/$(pkg_basename).$(pkg_arch_suffix)
-pkg_certificate = $(call cert-name,$(pkg_archive))
-pkg_signature = $(call sign-name,$(pkg_archive))
-pkg_description = $(call desc-name,$(pkg_archive))
-products = $(call pkg-files,$(pkg_archive))
-
-BUILD_TARGETS = $(build_target)
-BUILD_TARGETS += $(install_target)
-
-PRODUCT_TARGETS = $(products)
-
-ROOTFS_TARGETS = $(pkg_archive)
-
-
-include ../../../build-system/core.mk
-
-
-env_sysroot = INSTALL_PREFIX=$(OPENSSL32_PKG)
-
-
-extra_configure_switches = --libdir=lib$(MULTILIB_X86_32_SUFFIX)/openssl-1.0
-extra_configure_switches += --openssldir=/etc/ssl
-extra_configure_switches += no-mdc2
-extra_configure_switches += no-idea
-extra_configure_switches += no-rc5
-extra_configure_switches += no-sse2
-extra_configure_switches += no-ssl2
-extra_configure_switches += no-weak-ssl-ciphers
-extra_configure_switches += zlib-dynamic
-extra_configure_switches += shared
-
-openssl_environment = MACHINE=i686 SYSTEM=Linux
-
-####### Dependencies
-
-$(src_done): $(SRC_ARCHIVE) $(PATCHES_DEP)
- $(UNPACK_SRC_ARCHIVE)
- $(APPLY_PATCHES)
- @( cd $(SRC_DIR) ; \
- find . -name "*.pod" -exec sed -i "s/^\=item \([0-9]\)\(\ \|\.\|$$\)/\=item C<\1>/g" {} \; \
- )
- @( cd $(SRC_DIR) ; \
- sed -i "/linux-elf/s/fomit-frame-pointer/fomit-frame-pointer -march=i686 -mtune=i686/g" Configure ; \
- )
- @touch $@
-
-$(build_target): $(src_done)
- @cd $(SRC_DIR) && $(BUILD_ENVIRONMENT) $(openssl_environment) ./config \
- --prefix=/usr \
- $(extra_configure_switches) \
- $(ARCH_FLAGS) \
- $(HW_FLAGS)
- # ======= workaround for crypto/evp/... =======
- @( cd $(SRC_DIR)/include/openssl ; \
- ln -sf ../../crypto/idea/idea.h idea.h ; \
- ln -sf ../../crypto/mdc2/mdc2.h mdc2.h ; \
- ln -sf ../../crypto/rc5/rc5.h rc5.h ; \
- )
- @cd $(SRC_DIR) && $(BUILD_ENVIRONMENT) $(MAKE) -j1
- @touch $@
-
-$(install_target): $(build_target)
- @mkdir -p $(OPENSSL32_PKG)
- @cd $(SRC_DIR) && $(BUILD_ENVIRONMENT) $(MAKE) -j1 MANDIR=/usr/share/man install $(env_sysroot)
-ifneq ($(__ENABLE_STATIC__),yes)
- @rm -f $(OPENSSL32_PKG)/usr/lib$(MULTILIB_X86_32_SUFFIX)/openssl-1.0/*.a
-endif
- @mkdir -p $(OPENSSL32_PKG)/usr/bin/32
- @( cd $(OPENSSL32_PKG)/usr/bin ; \
- rm -f c_rehash ; \
- mv openssl 32/openssl-1.0 ; \
- )
- @sed -e 's,/include$$,/include/openssl-1.0,' -i $(OPENSSL32_PKG)/usr/lib$(MULTILIB_X86_32_SUFFIX)/openssl-1.0/pkgconfig/*.pc
- @mkdir -p $(OPENSSL32_PKG)/lib$(MULTILIB_X86_32_SUFFIX)/openssl-1.0
- @( cd $(OPENSSL32_PKG)/usr/lib$(MULTILIB_X86_32_SUFFIX)/openssl-1.0 ; \
- chmod +w lib*.so.?.?.? ; \
- mv lib*.so.?.?.? ../../../lib$(MULTILIB_X86_32_SUFFIX)/openssl-1.0 ; \
- ln -sf ../../../lib$(MULTILIB_X86_32_SUFFIX)/openssl-1.0/lib*.so.?.?.? . ; \
- ln -sf libcrypto.so.?.?.? libcrypto.so.1 ; \
- ln -sf libssl.so.?.?.? libssl.so.1 ; \
- cp -a lib*.so.? ../../../lib$(MULTILIB_X86_32_SUFFIX)/openssl-1.0 ; \
- )
- @chmod +w $(OPENSSL32_PKG)/usr/lib$(MULTILIB_X86_32_SUFFIX)/openssl-1.0/engines/*.so
- @rm -rf $(OPENSSL32_PKG)/etc
- @rm -rf $(OPENSSL32_PKG)/usr/include
- @rm -rf $(OPENSSL32_PKG)/usr/share
- # ======= Install the same to $(TARGET_DEST_DIR) =======
- $(call install-into-devenv, $(OPENSSL32_PKG))
- # ======= tune pkg-config *.pc search path to the target destination for development =======
- @( cd $(TARGET_DEST_DIR)/usr/lib$(MULTILIB_X86_32_SUFFIX)/openssl-1.0/pkgconfig ; \
- sed -i "s,/usr,$(TARGET_DEST_DIR)/usr,g" libcrypto.pc libssl.pc openssl.pc \
- )
- # ======= Strip binaries =======
- @( cd $(OPENSSL32_PKG) ; \
- find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs $(STRIP) --strip-unneeded 2> /dev/null ; \
- find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs $(STRIP) --strip-unneeded 2> /dev/null ; \
- )
-ifeq ($(__ENABLE_STATIC__),yes)
- @( cd $(OPENSSL32_PKG) ; \
- find . | xargs file | grep "current ar archive" | cut -f 1 -d : | xargs $(STRIP) -g 2> /dev/null ; \
- )
-endif
- @touch $@
-
-$(OPENSSL32_PKG_DESCRIPTION_FILE): $(OPENSSL32_PKG_DESCRIPTION_FILE_IN)
- @cat $< | $(SED) -e "s/@VERSION@/$(version)/g" > $@
-
-$(pkg_certificate) : $(pkg_archive) ;
-$(pkg_signature) : $(pkg_archive) ;
-$(pkg_description) : $(pkg_archive) ;
-
-$(pkg_archive): $(install_target) $(OPENSSL32_PKG_DESCRIPTION_FILE) $(OPENSSL32_PKG_INSTALL_SCRIPT)
- @cp $(OPENSSL32_PKG_DESCRIPTION_FILE) $(OPENSSL32_PKG)/.DESCRIPTION
- @cp $(OPENSSL32_PKG_INSTALL_SCRIPT) $(OPENSSL32_PKG)/.INSTALL
- @$(BUILD_PKG_REQUIRES) $(OPENSSL32_PKG)/.REQUIRES
- @echo "pkgname=$(OPENSSL32_PKG_NAME)" > $(OPENSSL32_PKG)/.PKGINFO ; \
- echo "pkgver=$(OPENSSL32_PKG_VERSION)" >> $(OPENSSL32_PKG)/.PKGINFO ; \
- echo "arch=$(OPENSSL32_PKG_ARCH)" >> $(OPENSSL32_PKG)/.PKGINFO ; \
- echo "distroname=$(OPENSSL32_PKG_DISTRO_NAME)" >> $(OPENSSL32_PKG)/.PKGINFO ; \
- echo "distrover=$(OPENSSL32_PKG_DISTRO_VERSION)" >> $(OPENSSL32_PKG)/.PKGINFO ; \
- echo "group=$(OPENSSL32_PKG_GROUP)" >> $(OPENSSL32_PKG)/.PKGINFO ; \
- echo "short_description=\"$(OPENSSL32_PKG_SHORT_DESCRIPTION)\"" >> $(OPENSSL32_PKG)/.PKGINFO ; \
- echo "url=$(OPENSSL32_PKG_URL)" >> $(OPENSSL32_PKG)/.PKGINFO ; \
- echo "license=$(OPENSSL32_PKG_LICENSE)" >> $(OPENSSL32_PKG)/.PKGINFO
- @$(PSEUDO) sh -c "cd $(OPENSSL32_PKG) && \
- chown -R root:root . && \
- $(MAKE_PACKAGE) -J --linkadd=yes $(GNUPG_OPTIONS) -m -d .. ."
Index: net/openssl10/1.0.2u-x86_32
===================================================================
--- net/openssl10/1.0.2u-x86_32 (revision 419)
+++ net/openssl10/1.0.2u-x86_32 (nonexistent)
Property changes on: net/openssl10/1.0.2u-x86_32
___________________________________________________________________
Deleted: svn:ignore
## -1,74 +0,0 ##
-
-# install dir
-dist
-
-# Target build dirs
-.a1x-newlib
-.a2x-newlib
-.at91sam7s-newlib
-
-.build-machine
-
-.a1x-glibc
-.a2x-glibc
-.h3-glibc
-.h5-glibc
-.i586-glibc
-.i686-glibc
-.imx6-glibc
-.jz47xx-glibc
-.makefile
-.am335x-glibc
-.omap543x-glibc
-.p5600-glibc
-.power8-glibc
-.power8le-glibc
-.power9-glibc
-.power9le-glibc
-.m1000-glibc
-.riscv64-glibc
-.rk328x-glibc
-.rk33xx-glibc
-.rk339x-glibc
-.rk358x-glibc
-.s8xx-glibc
-.s9xx-glibc
-.x86_64-glibc
-
-# Hidden files (each file)
-.makefile
-.dist
-.rootfs
-
-# src & hw requires
-.src_requires
-.src_requires_depend
-.requires
-.requires_depend
-
-# Tarballs
-*.gz
-*.bz2
-*.lz
-*.xz
-*.tgz
-*.txz
-
-# Signatures
-*.asc
-*.sig
-*.sign
-*.sha1sum
-
-# Patches
-*.patch
-
-# Descriptions
-*.dsc
-*.txt
-
-# Default linux config files
-*.defconfig
-
-# backup copies
-*~
Index: net/openssl10
===================================================================
--- net/openssl10 (revision 419)
+++ net/openssl10 (nonexistent)
Property changes on: net/openssl10
___________________________________________________________________
Deleted: svn:ignore
## -1,73 +0,0 ##
-
-# install dir
-dist
-
-# Target build dirs
-.a1x-newlib
-.a2x-newlib
-.at91sam7s-newlib
-
-.build-machine
-
-.a1x-glibc
-.a2x-glibc
-.h3-glibc
-.h5-glibc
-.i586-glibc
-.i686-glibc
-.imx6-glibc
-.jz47xx-glibc
-.makefile
-.am335x-glibc
-.omap543x-glibc
-.p5600-glibc
-.power8-glibc
-.power8le-glibc
-.power9-glibc
-.power9le-glibc
-.m1000-glibc
-.riscv64-glibc
-.rk328x-glibc
-.rk33xx-glibc
-.rk339x-glibc
-.s8xx-glibc
-.s9xx-glibc
-.x86_64-glibc
-
-# Hidden files (each file)
-.makefile
-.dist
-.rootfs
-
-# src & hw requires
-.src_requires
-.src_requires_depend
-.requires
-.requires_depend
-
-# Tarballs
-*.gz
-*.bz2
-*.lz
-*.xz
-*.tgz
-*.txz
-
-# Signatures
-*.asc
-*.sig
-*.sign
-*.sha1sum
-
-# Patches
-*.patch
-
-# Descriptions
-*.dsc
-*.txt
-
-# Default linux config files
-*.defconfig
-
-# backup copies
-*~
Index: net/openssl/1.1.1r-ppc32/openssl-x32-pkg-install.sh
===================================================================
--- net/openssl/1.1.1r-ppc32/openssl-x32-pkg-install.sh (revision 419)
+++ net/openssl/1.1.1r-ppc32/openssl-x32-pkg-install.sh (nonexistent)
@@ -1,39 +0,0 @@
-#!/bin/sh
-
-# arg 1: the new package version
-pre_install() {
- /bin/true
-}
-
-# arg 1: the new package version
-post_install() {
- /bin/true
-}
-
-# arg 1: the new package version
-# arg 2: the old package version
-pre_update() {
- /bin/true
-}
-
-# arg 1: the new package version
-# arg 2: the old package version
-post_update() {
- post_install
-}
-
-# arg 1: the old package version
-pre_remove() {
- /bin/true
-}
-
-# arg 1: the old package version
-post_remove() {
- /bin/true
-}
-
-
-operation=$1
-shift
-
-$operation $*
Property changes on: net/openssl/1.1.1r-ppc32/openssl-x32-pkg-install.sh
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: net/openssl/1.1.1r-ppc32/openssl-x32-pkg-description.in
===================================================================
--- net/openssl/1.1.1r-ppc32/openssl-x32-pkg-description.in (revision 419)
+++ net/openssl/1.1.1r-ppc32/openssl-x32-pkg-description.in (nonexistent)
@@ -1,19 +0,0 @@
-# HOW TO EDIT THIS FILE:
-# The "handy ruler" below makes it easier to edit a package description. Line
-# up the first '|' above the ':' following the base package name, and the '|'
-# on the right side marks the last column you can put a character in. You must
-# make exactly 11 lines for the formatting to be correct. It's also
-# customary to leave one space after the ':'.
-
- |-----handy-ruler------------------------------------------------------|
-openssl-x32: openssl-x32 @VERSION@ (Secure Sockets Layer toolkit)
-openssl-x32:
-openssl-x32: The OpenSSL certificate management tool and the shared libraries
-openssl-x32: that provide various encryption and decryption algorithms and
-openssl-x32: protocols.
-openssl-x32: This product includes software developed by the OpenSSL Project for
-openssl-x32: use in the OpenSSL Toolkit (http://www.openssl.org). This product
-openssl-x32: includes cryptographic software written by Eric Young
-openssl-x32: (eay@cryptsoft.com). This product includes software written by Tim
-openssl-x32: Hudson (tjh@cryptsoft.com).
-openssl-x32:
Index: net/openssl/1.1.1r-ppc32/Makefile
===================================================================
--- net/openssl/1.1.1r-ppc32/Makefile (revision 419)
+++ net/openssl/1.1.1r-ppc32/Makefile (nonexistent)
@@ -1,190 +0,0 @@
-
-COMPONENT_TARGETS = $(HARDWARE_S824L)
-COMPONENT_TARGETS += $(HARDWARE_VESNIN)
-COMPONENT_TARGETS += $(HARDWARE_TL2WK2)
-COMPONENT_TARGETS += $(HARDWARE_TL2SV2)
-
-NEED_ABS_PATH = true
-COMPONENT_IS_3PP = true
-
-CREATE_PPC32_PACKAGE = true
-
-
-include ../../../build-system/constants.mk
-
-
-SOURCE_REQUIRES = sources/packages/n/openssl
-
-REQUIRES = net/openssl/1.1.1r
-REQUIRES += libs/zlib/1.3.1-ppc32
-REQUIRES += libs/gmp/6.3.0-ppc32
-
-# ======= __END_OF_REQUIRES__ =======
-
-
-version = 1.1.1r
-tar_xz_archive = $(SRC_PACKAGE_PATH)/packages/n/openssl/openssl-$(version).tar.xz
-SRC_ARCHIVE = $(tar_xz_archive)
-SRC_DIR = $(TARGET_BUILD_DIR)/openssl-$(version)
-src_dir_name = openssl-$(version)
-src_done = $(TARGET_BUILD_DIR)/.source_done
-
-PATCHES = PATCHES
-
-build_dir = $(TARGET_BUILD_DIR)/build
-build_target = $(TARGET_BUILD_DIR)/.build_done
-install_target = $(TARGET_BUILD_DIR)/.install_done
-
-
-####### Targets
-
-PKG_GROUP = net
-#
-# *PKG_NAME & *PKG_VERSION shouldn't be a reference to value.
-#
-OPENSSL32_PKG_NAME = openssl-x32
-OPENSSL32_PKG_VERSION = 1.1.1r
-OPENSSL32_PKG_ARCH = $(PKGARCH)
-OPENSSL32_PKG_DISTRO_NAME = $(DISTRO_NAME)
-OPENSSL32_PKG_DISTRO_VERSION = $(DISTRO_VERSION)
-OPENSSL32_PKG_GROUP = $(PKG_GROUP)
-### |---handy-ruler-------------------------------|
-OPENSSL32_PKG_SHORT_DESCRIPTION = Secure Sockets Layer toolkit
-OPENSSL32_PKG_URL = $(BUG_URL)
-OPENSSL32_PKG_LICENSE = GPLv2
-OPENSSL32_PKG_DESCRIPTION_FILE = $(TARGET_BUILD_DIR)/$(OPENSSL32_PKG_NAME)-pkg-description
-OPENSSL32_PKG_DESCRIPTION_FILE_IN = $(OPENSSL32_PKG_NAME)-pkg-description.in
-OPENSSL32_PKG_INSTALL_SCRIPT = $(OPENSSL32_PKG_NAME)-pkg-install.sh
-
-OPENSSL32_PKG = $(CURDIR)/$(TARGET_BUILD_DIR)/$(OPENSSL32_PKG_NAME)-package
-
-pkg_basename = $(OPENSSL32_PKG_NAME)-$(OPENSSL32_PKG_VERSION)-$(OPENSSL32_PKG_ARCH)-$(OPENSSL32_PKG_DISTRO_NAME)-$(OPENSSL32_PKG_DISTRO_VERSION)
-
-pkg_archive = $(TARGET_BUILD_DIR)/$(PKG_GROUP)/$(pkg_basename).$(pkg_arch_suffix)
-pkg_certificate = $(call cert-name,$(pkg_archive))
-pkg_signature = $(call sign-name,$(pkg_archive))
-pkg_description = $(call desc-name,$(pkg_archive))
-products = $(call pkg-files,$(pkg_archive))
-
-BUILD_TARGETS = $(build_target)
-BUILD_TARGETS += $(install_target)
-
-PRODUCT_TARGETS = $(products)
-
-ROOTFS_TARGETS = $(pkg_archive)
-
-
-include ../../../build-system/core.mk
-
-
-env_sysroot = DESTDIR=$(OPENSSL32_PKG)
-
-
-extra_configure_switches = --libdir=lib$(MULTILIB_PPC32_SUFFIX)
-extra_configure_switches += --openssldir=/etc/ssl
-extra_configure_switches += no-mdc2
-extra_configure_switches += no-ec2m
-extra_configure_switches += no-idea
-extra_configure_switches += no-sse2
-extra_configure_switches += enable-camellia
-extra_configure_switches += enable-seed
-extra_configure_switches += enable-rfc3779
-extra_configure_switches += enable-cms
-extra_configure_switches += enable-md2
-extra_configure_switches += enable-rc5
-extra_configure_switches += enable-ssl3
-extra_configure_switches += enable-ssl3-method
-extra_configure_switches += no-weak-ssl-ciphers
-extra_configure_switches += zlib
-extra_configure_switches += shared
-
-openssl_environment = KERNEL_BITS=32 MACHINE=ppc64 SYSTEM=Linux
-openssl_environment += LDFLAGS=-Wl,-rpath=/lib$(MULTILIB_PPC32_SUFFIX):/usr/lib$(MULTILIB_PPC32_SUFFIX)
-
-
-####### Dependencies
-
-$(src_done): $(SRC_ARCHIVE) $(PATCHES_DEP)
- $(UNPACK_SRC_ARCHIVE)
- $(APPLY_PATCHES)
- @( cd $(SRC_DIR) ; \
- find . -name "*.pod" -exec sed -i "s/^\=item \([0-9]\)\(\ \|\.\|$$\)/\=item C<\1>/g" {} \; \
- )
- @( cd $(SRC_DIR) ; \
- sed -i "/linux-elf/s/fomit-frame-pointer/fomit-frame-pointer -march=i686 -mtune=i686/g" Configure ; \
- )
- @touch $@
-
-$(build_target): $(src_done)
- @cd $(SRC_DIR) && $(BUILD_ENVIRONMENT) $(openssl_environment) ./config \
- --prefix=/usr \
- $(extra_configure_switches) \
- $(ARCH_FLAGS) \
- $(HW_FLAGS)
- @cd $(SRC_DIR) && $(BUILD_ENVIRONMENT) $(MAKE)
- @touch $@
-
-$(install_target): $(build_target)
- @mkdir -p $(OPENSSL32_PKG)
- @cd $(SRC_DIR) && $(BUILD_ENVIRONMENT) $(MAKE) -j1 MANDIR=/usr/share/man install $(env_sysroot)
-ifneq ($(__ENABLE_STATIC__),yes)
- @rm -f $(OPENSSL32_PKG)/usr/lib$(MULTILIB_PPC32_SUFFIX)/*.a
-endif
- @mkdir -p $(OPENSSL32_PKG)/usr/bin/32
- @( cd $(OPENSSL32_PKG)/usr/bin ; \
- rm -f c_rehash ; \
- find . -type f | xargs mv -t 32 ; \
- )
- @mkdir -p $(OPENSSL32_PKG)/lib$(MULTILIB_PPC32_SUFFIX)
- @( cd $(OPENSSL32_PKG)/usr/lib$(MULTILIB_PPC32_SUFFIX) ; \
- chmod +w lib*.so.?.? ; \
- mv lib*.so.?.? ../../lib$(MULTILIB_PPC32_SUFFIX) ; \
- ln -sf ../../lib$(MULTILIB_PPC32_SUFFIX)/lib*.so.?.? . ; \
- ln -sf libcrypto.so.?.? libcrypto.so.1 ; \
- ln -sf libssl.so.?.? libssl.so.1 ; \
- cp -a lib*.so.? ../../lib$(MULTILIB_PPC32_SUFFIX) ; \
- )
- @rm -rf $(OPENSSL32_PKG)/etc
- @rm -rf $(OPENSSL32_PKG)/usr/include
- @rm -rf $(OPENSSL32_PKG)/usr/share
- # ======= Install the same to $(TARGET_DEST_DIR) =======
- $(call install-into-devenv, $(OPENSSL32_PKG))
- # ======= tune pkg-config *.pc search path to the target destination for development =======
- @( cd $(TARGET_DEST_DIR)/usr/lib$(MULTILIB_PPC32_SUFFIX)/pkgconfig ; \
- sed -i "s,/usr,$(TARGET_DEST_DIR)/usr,g" libcrypto.pc libssl.pc openssl.pc \
- )
- # ======= Strip binaries =======
- @( cd $(OPENSSL32_PKG) ; \
- find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs $(STRIP) --strip-unneeded 2> /dev/null ; \
- find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs $(STRIP) --strip-unneeded 2> /dev/null ; \
- )
-ifeq ($(__ENABLE_STATIC__),yes)
- @( cd $(OPENSSL32_PKG) ; \
- find . | xargs file | grep "current ar archive" | cut -f 1 -d : | xargs $(STRIP) -g 2> /dev/null ; \
- )
-endif
- @touch $@
-
-$(OPENSSL32_PKG_DESCRIPTION_FILE): $(OPENSSL32_PKG_DESCRIPTION_FILE_IN)
- @cat $< | $(SED) -e "s/@VERSION@/$(version)/g" > $@
-
-$(pkg_certificate) : $(pkg_archive) ;
-$(pkg_signature) : $(pkg_archive) ;
-$(pkg_description) : $(pkg_archive) ;
-
-$(pkg_archive): $(install_target) $(OPENSSL32_PKG_DESCRIPTION_FILE) $(OPENSSL32_PKG_INSTALL_SCRIPT)
- @cp $(OPENSSL32_PKG_DESCRIPTION_FILE) $(OPENSSL32_PKG)/.DESCRIPTION
- @cp $(OPENSSL32_PKG_INSTALL_SCRIPT) $(OPENSSL32_PKG)/.INSTALL
- @$(BUILD_PKG_REQUIRES) $(OPENSSL32_PKG)/.REQUIRES
- @echo "pkgname=$(OPENSSL32_PKG_NAME)" > $(OPENSSL32_PKG)/.PKGINFO ; \
- echo "pkgver=$(OPENSSL32_PKG_VERSION)" >> $(OPENSSL32_PKG)/.PKGINFO ; \
- echo "arch=$(OPENSSL32_PKG_ARCH)" >> $(OPENSSL32_PKG)/.PKGINFO ; \
- echo "distroname=$(OPENSSL32_PKG_DISTRO_NAME)" >> $(OPENSSL32_PKG)/.PKGINFO ; \
- echo "distrover=$(OPENSSL32_PKG_DISTRO_VERSION)" >> $(OPENSSL32_PKG)/.PKGINFO ; \
- echo "group=$(OPENSSL32_PKG_GROUP)" >> $(OPENSSL32_PKG)/.PKGINFO ; \
- echo "short_description=\"$(OPENSSL32_PKG_SHORT_DESCRIPTION)\"" >> $(OPENSSL32_PKG)/.PKGINFO ; \
- echo "url=$(OPENSSL32_PKG_URL)" >> $(OPENSSL32_PKG)/.PKGINFO ; \
- echo "license=$(OPENSSL32_PKG_LICENSE)" >> $(OPENSSL32_PKG)/.PKGINFO
- @$(PSEUDO) sh -c "cd $(OPENSSL32_PKG) && \
- chown -R root:root . && \
- $(MAKE_PACKAGE) -J --linkadd=yes $(GNUPG_OPTIONS) -m -d .. ."
Index: net/openssl/1.1.1r-ppc32
===================================================================
--- net/openssl/1.1.1r-ppc32 (revision 419)
+++ net/openssl/1.1.1r-ppc32 (nonexistent)
Property changes on: net/openssl/1.1.1r-ppc32
___________________________________________________________________
Deleted: svn:ignore
## -1,74 +0,0 ##
-
-# install dir
-dist
-
-# Target build dirs
-.a1x-newlib
-.a2x-newlib
-.at91sam7s-newlib
-
-.build-machine
-
-.a1x-glibc
-.a2x-glibc
-.h3-glibc
-.h5-glibc
-.i586-glibc
-.i686-glibc
-.imx6-glibc
-.jz47xx-glibc
-.makefile
-.am335x-glibc
-.omap543x-glibc
-.p5600-glibc
-.power8-glibc
-.power8le-glibc
-.power9-glibc
-.power9le-glibc
-.m1000-glibc
-.riscv64-glibc
-.rk328x-glibc
-.rk33xx-glibc
-.rk339x-glibc
-.rk358x-glibc
-.s8xx-glibc
-.s9xx-glibc
-.x86_64-glibc
-
-# Hidden files (each file)
-.makefile
-.dist
-.rootfs
-
-# src & hw requires
-.src_requires
-.src_requires_depend
-.requires
-.requires_depend
-
-# Tarballs
-*.gz
-*.bz2
-*.lz
-*.xz
-*.tgz
-*.txz
-
-# Signatures
-*.asc
-*.sig
-*.sign
-*.sha1sum
-
-# Patches
-*.patch
-
-# Descriptions
-*.dsc
-*.txt
-
-# Default linux config files
-*.defconfig
-
-# backup copies
-*~
Index: net/openssl/1.1.1r-x86_32/openssl-x32-pkg-install.sh
===================================================================
--- net/openssl/1.1.1r-x86_32/openssl-x32-pkg-install.sh (revision 419)
+++ net/openssl/1.1.1r-x86_32/openssl-x32-pkg-install.sh (nonexistent)
@@ -1,39 +0,0 @@
-#!/bin/sh
-
-# arg 1: the new package version
-pre_install() {
- /bin/true
-}
-
-# arg 1: the new package version
-post_install() {
- /bin/true
-}
-
-# arg 1: the new package version
-# arg 2: the old package version
-pre_update() {
- /bin/true
-}
-
-# arg 1: the new package version
-# arg 2: the old package version
-post_update() {
- post_install
-}
-
-# arg 1: the old package version
-pre_remove() {
- /bin/true
-}
-
-# arg 1: the old package version
-post_remove() {
- /bin/true
-}
-
-
-operation=$1
-shift
-
-$operation $*
Property changes on: net/openssl/1.1.1r-x86_32/openssl-x32-pkg-install.sh
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: net/openssl/1.1.1r-x86_32/openssl-x32-pkg-description.in
===================================================================
--- net/openssl/1.1.1r-x86_32/openssl-x32-pkg-description.in (revision 419)
+++ net/openssl/1.1.1r-x86_32/openssl-x32-pkg-description.in (nonexistent)
@@ -1,19 +0,0 @@
-# HOW TO EDIT THIS FILE:
-# The "handy ruler" below makes it easier to edit a package description. Line
-# up the first '|' above the ':' following the base package name, and the '|'
-# on the right side marks the last column you can put a character in. You must
-# make exactly 11 lines for the formatting to be correct. It's also
-# customary to leave one space after the ':'.
-
- |-----handy-ruler------------------------------------------------------|
-openssl-x32: openssl-x32 @VERSION@ (Secure Sockets Layer toolkit)
-openssl-x32:
-openssl-x32: The OpenSSL certificate management tool and the shared libraries
-openssl-x32: that provide various encryption and decryption algorithms and
-openssl-x32: protocols.
-openssl-x32: This product includes software developed by the OpenSSL Project for
-openssl-x32: use in the OpenSSL Toolkit (http://www.openssl.org). This product
-openssl-x32: includes cryptographic software written by Eric Young
-openssl-x32: (eay@cryptsoft.com). This product includes software written by Tim
-openssl-x32: Hudson (tjh@cryptsoft.com).
-openssl-x32:
Index: net/openssl/1.1.1r-x86_32/Makefile
===================================================================
--- net/openssl/1.1.1r-x86_32/Makefile (revision 419)
+++ net/openssl/1.1.1r-x86_32/Makefile (nonexistent)
@@ -1,184 +0,0 @@
-
-COMPONENT_TARGETS = $(HARDWARE_INTEL_PC64)
-
-NEED_ABS_PATH = true
-COMPONENT_IS_3PP = true
-
-CREATE_X86_32_PACKAGE = true
-
-
-include ../../../build-system/constants.mk
-
-
-SOURCE_REQUIRES = sources/packages/n/openssl
-
-REQUIRES = net/openssl/1.1.1r
-REQUIRES += libs/zlib/1.3.1-x86_32
-REQUIRES += libs/gmp/6.3.0-x86_32
-
-# ======= __END_OF_REQUIRES__ =======
-
-
-version = 1.1.1r
-tar_xz_archive = $(SRC_PACKAGE_PATH)/packages/n/openssl/openssl-$(version).tar.xz
-SRC_ARCHIVE = $(tar_xz_archive)
-SRC_DIR = $(TARGET_BUILD_DIR)/openssl-$(version)
-src_dir_name = openssl-$(version)
-src_done = $(TARGET_BUILD_DIR)/.source_done
-
-PATCHES = PATCHES
-
-build_dir = $(TARGET_BUILD_DIR)/build
-build_target = $(TARGET_BUILD_DIR)/.build_done
-install_target = $(TARGET_BUILD_DIR)/.install_done
-
-
-####### Targets
-
-PKG_GROUP = net
-#
-# *PKG_NAME & *PKG_VERSION shouldn't be a reference to value.
-#
-OPENSSL32_PKG_NAME = openssl-x32
-OPENSSL32_PKG_VERSION = 1.1.1r
-OPENSSL32_PKG_ARCH = $(PKGARCH)
-OPENSSL32_PKG_DISTRO_NAME = $(DISTRO_NAME)
-OPENSSL32_PKG_DISTRO_VERSION = $(DISTRO_VERSION)
-OPENSSL32_PKG_GROUP = $(PKG_GROUP)
-### |---handy-ruler-------------------------------|
-OPENSSL32_PKG_SHORT_DESCRIPTION = Secure Sockets Layer toolkit
-OPENSSL32_PKG_URL = $(BUG_URL)
-OPENSSL32_PKG_LICENSE = GPLv2
-OPENSSL32_PKG_DESCRIPTION_FILE = $(TARGET_BUILD_DIR)/$(OPENSSL32_PKG_NAME)-pkg-description
-OPENSSL32_PKG_DESCRIPTION_FILE_IN = $(OPENSSL32_PKG_NAME)-pkg-description.in
-OPENSSL32_PKG_INSTALL_SCRIPT = $(OPENSSL32_PKG_NAME)-pkg-install.sh
-
-OPENSSL32_PKG = $(CURDIR)/$(TARGET_BUILD_DIR)/$(OPENSSL32_PKG_NAME)-package
-
-pkg_basename = $(OPENSSL32_PKG_NAME)-$(OPENSSL32_PKG_VERSION)-$(OPENSSL32_PKG_ARCH)-$(OPENSSL32_PKG_DISTRO_NAME)-$(OPENSSL32_PKG_DISTRO_VERSION)
-
-pkg_archive = $(TARGET_BUILD_DIR)/$(PKG_GROUP)/$(pkg_basename).$(pkg_arch_suffix)
-pkg_certificate = $(call cert-name,$(pkg_archive))
-pkg_signature = $(call sign-name,$(pkg_archive))
-pkg_description = $(call desc-name,$(pkg_archive))
-products = $(call pkg-files,$(pkg_archive))
-
-BUILD_TARGETS = $(build_target)
-BUILD_TARGETS += $(install_target)
-
-PRODUCT_TARGETS = $(products)
-
-ROOTFS_TARGETS = $(pkg_archive)
-
-
-include ../../../build-system/core.mk
-
-
-env_sysroot = DESTDIR=$(OPENSSL32_PKG)
-
-
-extra_configure_switches = --libdir=lib$(MULTILIB_X86_32_SUFFIX)
-extra_configure_switches += --openssldir=/etc/ssl
-extra_configure_switches += no-mdc2
-extra_configure_switches += no-ec2m
-extra_configure_switches += no-idea
-extra_configure_switches += no-sse2
-extra_configure_switches += enable-camellia
-extra_configure_switches += enable-seed
-extra_configure_switches += enable-rfc3779
-extra_configure_switches += enable-cms
-extra_configure_switches += enable-md2
-extra_configure_switches += enable-rc5
-extra_configure_switches += enable-ssl3
-extra_configure_switches += enable-ssl3-method
-extra_configure_switches += no-weak-ssl-ciphers
-extra_configure_switches += zlib
-extra_configure_switches += shared
-
-openssl_environment = MACHINE=i686 SYSTEM=Linux
-openssl_environment += LDFLAGS=-Wl,-rpath=/lib$(MULTILIB_X86_32_SUFFIX):/usr/lib$(MULTILIB_X86_32_SUFFIX)
-
-
-####### Dependencies
-
-$(src_done): $(SRC_ARCHIVE) $(PATCHES_DEP)
- $(UNPACK_SRC_ARCHIVE)
- $(APPLY_PATCHES)
- @( cd $(SRC_DIR) ; \
- find . -name "*.pod" -exec sed -i "s/^\=item \([0-9]\)\(\ \|\.\|$$\)/\=item C<\1>/g" {} \; \
- )
- @touch $@
-
-$(build_target): $(src_done)
- @cd $(SRC_DIR) && $(BUILD_ENVIRONMENT) $(openssl_environment) ./config \
- --prefix=/usr \
- $(extra_configure_switches) \
- $(ARCH_FLAGS) \
- $(HW_FLAGS)
- @cd $(SRC_DIR) && $(BUILD_ENVIRONMENT) $(MAKE)
- @touch $@
-
-$(install_target): $(build_target)
- @mkdir -p $(OPENSSL32_PKG)
- @cd $(SRC_DIR) && $(BUILD_ENVIRONMENT) $(MAKE) -j1 MANDIR=/usr/share/man install $(env_sysroot)
-ifneq ($(__ENABLE_STATIC__),yes)
- @rm -f $(OPENSSL32_PKG)/usr/lib$(MULTILIB_X86_32_SUFFIX)/*.a
-endif
- @mkdir -p $(OPENSSL32_PKG)/usr/bin/32
- @( cd $(OPENSSL32_PKG)/usr/bin ; \
- rm -f c_rehash ; \
- find . -type f | xargs mv -t 32 ; \
- )
- @mkdir -p $(OPENSSL32_PKG)/lib$(MULTILIB_X86_32_SUFFIX)
- @( cd $(OPENSSL32_PKG)/usr/lib$(MULTILIB_X86_32_SUFFIX) ; \
- chmod +w lib*.so.?.? ; \
- mv lib*.so.?.? ../../lib$(MULTILIB_X86_32_SUFFIX) ; \
- ln -sf ../../lib$(MULTILIB_X86_32_SUFFIX)/lib*.so.?.? . ; \
- ln -sf libcrypto.so.?.? libcrypto.so.1 ; \
- ln -sf libssl.so.?.? libssl.so.1 ; \
- cp -a lib*.so.? ../../lib$(MULTILIB_X86_32_SUFFIX) ; \
- )
- @rm -rf $(OPENSSL32_PKG)/etc
- @rm -rf $(OPENSSL32_PKG)/usr/include
- @rm -rf $(OPENSSL32_PKG)/usr/share
- # ======= Install the same to $(TARGET_DEST_DIR) =======
- $(call install-into-devenv, $(OPENSSL32_PKG))
- # ======= tune pkg-config *.pc search path to the target destination for development =======
- @( cd $(TARGET_DEST_DIR)/usr/lib$(MULTILIB_X86_32_SUFFIX)/pkgconfig ; \
- sed -i "s,/usr,$(TARGET_DEST_DIR)/usr,g" libcrypto.pc libssl.pc openssl.pc \
- )
- # ======= Strip binaries =======
- @( cd $(OPENSSL32_PKG) ; \
- find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs $(STRIP) --strip-unneeded 2> /dev/null ; \
- find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs $(STRIP) --strip-unneeded 2> /dev/null ; \
- )
-ifeq ($(__ENABLE_STATIC__),yes)
- @( cd $(OPENSSL32_PKG) ; \
- find . | xargs file | grep "current ar archive" | cut -f 1 -d : | xargs $(STRIP) -g 2> /dev/null ; \
- )
-endif
- @touch $@
-
-$(OPENSSL32_PKG_DESCRIPTION_FILE): $(OPENSSL32_PKG_DESCRIPTION_FILE_IN)
- @cat $< | $(SED) -e "s/@VERSION@/$(version)/g" > $@
-
-$(pkg_certificate) : $(pkg_archive) ;
-$(pkg_signature) : $(pkg_archive) ;
-$(pkg_description) : $(pkg_archive) ;
-
-$(pkg_archive): $(install_target) $(OPENSSL32_PKG_DESCRIPTION_FILE) $(OPENSSL32_PKG_INSTALL_SCRIPT)
- @cp $(OPENSSL32_PKG_DESCRIPTION_FILE) $(OPENSSL32_PKG)/.DESCRIPTION
- @cp $(OPENSSL32_PKG_INSTALL_SCRIPT) $(OPENSSL32_PKG)/.INSTALL
- @$(BUILD_PKG_REQUIRES) $(OPENSSL32_PKG)/.REQUIRES
- @echo "pkgname=$(OPENSSL32_PKG_NAME)" > $(OPENSSL32_PKG)/.PKGINFO ; \
- echo "pkgver=$(OPENSSL32_PKG_VERSION)" >> $(OPENSSL32_PKG)/.PKGINFO ; \
- echo "arch=$(OPENSSL32_PKG_ARCH)" >> $(OPENSSL32_PKG)/.PKGINFO ; \
- echo "distroname=$(OPENSSL32_PKG_DISTRO_NAME)" >> $(OPENSSL32_PKG)/.PKGINFO ; \
- echo "distrover=$(OPENSSL32_PKG_DISTRO_VERSION)" >> $(OPENSSL32_PKG)/.PKGINFO ; \
- echo "group=$(OPENSSL32_PKG_GROUP)" >> $(OPENSSL32_PKG)/.PKGINFO ; \
- echo "short_description=\"$(OPENSSL32_PKG_SHORT_DESCRIPTION)\"" >> $(OPENSSL32_PKG)/.PKGINFO ; \
- echo "url=$(OPENSSL32_PKG_URL)" >> $(OPENSSL32_PKG)/.PKGINFO ; \
- echo "license=$(OPENSSL32_PKG_LICENSE)" >> $(OPENSSL32_PKG)/.PKGINFO
- @$(PSEUDO) sh -c "cd $(OPENSSL32_PKG) && \
- chown -R root:root . && \
- $(MAKE_PACKAGE) -J --linkadd=yes $(GNUPG_OPTIONS) -m -d .. ."
Index: net/openssl/1.1.1r-x86_32
===================================================================
--- net/openssl/1.1.1r-x86_32 (revision 419)
+++ net/openssl/1.1.1r-x86_32 (nonexistent)
Property changes on: net/openssl/1.1.1r-x86_32
___________________________________________________________________
Deleted: svn:ignore
## -1,74 +0,0 ##
-
-# install dir
-dist
-
-# Target build dirs
-.a1x-newlib
-.a2x-newlib
-.at91sam7s-newlib
-
-.build-machine
-
-.a1x-glibc
-.a2x-glibc
-.h3-glibc
-.h5-glibc
-.i586-glibc
-.i686-glibc
-.imx6-glibc
-.jz47xx-glibc
-.makefile
-.am335x-glibc
-.omap543x-glibc
-.p5600-glibc
-.power8-glibc
-.power8le-glibc
-.power9-glibc
-.power9le-glibc
-.m1000-glibc
-.riscv64-glibc
-.rk328x-glibc
-.rk33xx-glibc
-.rk339x-glibc
-.rk358x-glibc
-.s8xx-glibc
-.s9xx-glibc
-.x86_64-glibc
-
-# Hidden files (each file)
-.makefile
-.dist
-.rootfs
-
-# src & hw requires
-.src_requires
-.src_requires_depend
-.requires
-.requires_depend
-
-# Tarballs
-*.gz
-*.bz2
-*.lz
-*.xz
-*.tgz
-*.txz
-
-# Signatures
-*.asc
-*.sig
-*.sign
-*.sha1sum
-
-# Patches
-*.patch
-
-# Descriptions
-*.dsc
-*.txt
-
-# Default linux config files
-*.defconfig
-
-# backup copies
-*~
Index: net/openssl/1.1.1r/openssl-pkg-install.sh
===================================================================
--- net/openssl/1.1.1r/openssl-pkg-install.sh (revision 419)
+++ net/openssl/1.1.1r/openssl-pkg-install.sh (nonexistent)
@@ -1,67 +0,0 @@
-#!/bin/sh
-
-# Preserve new files
-install_file() {
- NEW="$1"
- OLD="`dirname $NEW`/`basename $NEW .new`"
- # If there's no file by that name, mv it over:
- if [ ! -r $OLD ]; then
- mv $NEW $OLD
- elif [ "`cat $OLD | md5sum`" = "`cat $NEW | md5sum`" ]; then # toss the redundant copy
- rm $NEW
- fi
- # Otherwise, we leave the .new copy for the admin to consider...
-}
-
-
-# arg 1: the new package version
-pre_install() {
- /bin/true
-}
-
-# arg 1: the new package version
-post_install() {
- # If there is a known buggy certwatch script with no local modifications, just replace it:
- if [ "$(md5sum etc/cron.daily/certwatch 2> /dev/null)" = "f4cf63e557820781f40c4cac67a44d77 etc/cron.daily/certwatch" ]; then
- cat etc/cron.daily/certwatch.new > etc/cron.daily/certwatch
- touch -r etc/cron.daily/certwatch.new etc/cron.daily/certwatch
- fi
-
- install_file etc/ssl/openssl.cnf.new
- install_file etc/cron.daily/certwatch.new
-
- # Rehash certificates if the package is upgraded on a running system:
- # Note that we have to be sure that we are on the working system
- # on the target hardware ("proc/sys/kernel/osrelease" - relative path).
- if [ -r proc/sys/kernel/osrelease -a -x /usr/bin/c_rehash ]; then
- /usr/bin/c_rehash 1> /dev/null 2> /dev/null
- fi
-}
-
-# arg 1: the new package version
-# arg 2: the old package version
-pre_update() {
- /bin/true
-}
-
-# arg 1: the new package version
-# arg 2: the old package version
-post_update() {
- post_install
-}
-
-# arg 1: the old package version
-pre_remove() {
- /bin/true
-}
-
-# arg 1: the old package version
-post_remove() {
- /bin/true
-}
-
-
-operation=$1
-shift
-
-$operation $*
Property changes on: net/openssl/1.1.1r/openssl-pkg-install.sh
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: net/openssl/1.1.1r/cron/certwatch
===================================================================
--- net/openssl/1.1.1r/cron/certwatch (revision 419)
+++ net/openssl/1.1.1r/cron/certwatch (nonexistent)
@@ -1,129 +0,0 @@
-#!/bin/sh
-#
-# Will check all certificates stored in $CERTDIR for their expiration date,
-# and will display (if optional "stdout" argument is given), or mail a warning
-# message to $MAILADDR (if script is executed without any parameter
-# - unattended mode suitable for cron execution) for each particular certificate
-# that is about to expire in time less to, or equal to $DAYS after this script
-# has been executed, or if it has already expired.
-# This stupid script (C) 2006,2007 Jan Rafaj
-
-########################## CONFIGURATION SECTION BEGIN #########################
-# Note: all settings are mandatory
-# Warning will be sent if a certificate expires in time <= days given here
-DAYS=7
-# E-mail address where to send warnings
-MAILADDR=root
-# Directory with certificates to check
-CERTDIR=/etc/ssl/certs
-# Directory where to keep state files if this script isnt executed with "stdout"
-STATEDIR=/var/run
-########################### CONFIGURATION SECTION END ##########################
-
-PATH=/bin:/usr/bin:/sbin:/usr/sbin
-DAY_IN_SECS=$((60*60*24))
-DATE_CURRENT=$(date '+%s')
-
-usage()
-{
- echo "Usage: $0 [stdout]"
- echo
- echo "Detailed description and configuration is embedded within the script."
- exit 0
-}
-
-message()
-{
- cat << EOF
- WARNING: certificate $certfile
- is about to expire in time equal to or less than $DAYS days from now on,
- or has already expired - it might be a good idea to obtain/create new one.
-
-EOF
-}
-
-message_mail()
-{
- message
- cat << EOF
- NOTE: This message is being sent only once.
-
- A lock-file
- $STATEDIR/certwatch-mailwarning-sent-$certfilebase
- has been created, which will prevent this script from mailing you again
- upon its subsequent executions by crond. You dont need to care about it;
- the file will be auto-deleted as soon as you'll prolong your certificate.
-EOF
-}
-
-unset stdout
-case $# in
- 0) ;;
- 1) if [ "$1" = "-h" -o "$1" == "--help" ]; then
- usage
- elif [ "$1" = "stdout" ]; then
- stdout=1
- else
- usage
- fi
- ;;
- *) usage ;;
-esac
-
-for dir in $STATEDIR $CERTDIR ; do
- if [ ! -d $dir ]; then
- echo "ERROR: directory $dir does not exist"
- exit 1
- fi
-done
-for binary in basename date find grep mail openssl touch ; do
- if [ ! \( -x /usr/bin/$binary -o -x /bin/$binary \) ]; then
- echo "ERROR: /usr/bin/$binary not found"
- exit 1
- fi
-done
-
-find $CERTDIR -type f -maxdepth 1 | while read certfile ; do
- if [ "$certfile" != "/etc/ssl/certs/ca-certificates.crt" ]; then
- certfilebase="$(basename "$certfile")"
- inform=PEM
- echo "$certfile" | grep -q -i '\.net$'
- if [ $? -eq 0 ]; then
- # This is based purely on filename extension, so may give false results.
- # But lets assume noone uses NET format certs today, ok?
- continue
- fi
- echo "$certfile" | grep -q -i '\.der$'
- if [ $? -eq 0 -o "$(file "$certfile" | egrep '(ASCII|PEM)')" == "" ]; then
- inform=DER
- fi
- # We wont use '-checkend' since it is not properly documented (as of
- # OpenSSL 0.9.8e).
- DATE_CERT_EXPIRES=$(openssl x509 -in "$certfile" -inform $inform -noout -enddate | sed 's/^notAfter=//')
- DATE_CERT_EXPIRES=$(date -d"$DATE_CERT_EXPIRES" +%s)
- if [ $(($DATE_CERT_EXPIRES - $DATE_CURRENT)) -le $(($DAYS * $DAY_IN_SECS)) ]
- then
- if [ $stdout ]; then
- message
- else
- if [ ! -f $STATEDIR/certwatch-mailwarning-sent-"$certfilebase" ]; then
- subject="$0: certificate $certfile expiration warning"
- message_mail | mail -r "certwatch@$HOSTNAME" \
- -s "$subject" \
- $MAILADDR 2>/dev/null
- # echo "Mail about expiring certificate $certfile sent to $MAILADDR."
- # echo "If you need to send it again, please remove lock-file"
- # echo "$STATEDIR/certwatch-mailwarning-sent-$certfilebase ."
- # echo
- fi
- touch $STATEDIR/certwatch-mailwarning-sent-"$certfilebase"
- fi
- else
- if [ ! $stdout ]; then
- if [ -f $STATEDIR/certwatch-mailwarning-sent-"$certfilebase" ]; then
- rm $STATEDIR/certwatch-mailwarning-sent-"$certfilebase"
- fi
- fi
- fi
- fi
-done
Index: net/openssl/1.1.1r/cron
===================================================================
--- net/openssl/1.1.1r/cron (revision 419)
+++ net/openssl/1.1.1r/cron (nonexistent)
Property changes on: net/openssl/1.1.1r/cron
___________________________________________________________________
Deleted: svn:ignore
## -1,73 +0,0 ##
-
-# install dir
-dist
-
-# Target build dirs
-.a1x-newlib
-.a2x-newlib
-.at91sam7s-newlib
-
-.build-machine
-
-.a1x-glibc
-.a2x-glibc
-.h3-glibc
-.h5-glibc
-.i586-glibc
-.i686-glibc
-.imx6-glibc
-.jz47xx-glibc
-.makefile
-.am335x-glibc
-.omap543x-glibc
-.p5600-glibc
-.power8-glibc
-.power8le-glibc
-.power9-glibc
-.power9le-glibc
-.m1000-glibc
-.riscv64-glibc
-.rk328x-glibc
-.rk33xx-glibc
-.rk339x-glibc
-.s8xx-glibc
-.s9xx-glibc
-.x86_64-glibc
-
-# Hidden files (each file)
-.makefile
-.dist
-.rootfs
-
-# src & hw requires
-.src_requires
-.src_requires_depend
-.requires
-.requires_depend
-
-# Tarballs
-*.gz
-*.bz2
-*.lz
-*.xz
-*.tgz
-*.txz
-
-# Signatures
-*.asc
-*.sig
-*.sign
-*.sha1sum
-
-# Patches
-*.patch
-
-# Descriptions
-*.dsc
-*.txt
-
-# Default linux config files
-*.defconfig
-
-# backup copies
-*~
Index: net/openssl/1.1.1r/openssl-pkg-description.in
===================================================================
--- net/openssl/1.1.1r/openssl-pkg-description.in (revision 419)
+++ net/openssl/1.1.1r/openssl-pkg-description.in (nonexistent)
@@ -1,19 +0,0 @@
-# HOW TO EDIT THIS FILE:
-# The "handy ruler" below makes it easier to edit a package description. Line
-# up the first '|' above the ':' following the base package name, and the '|'
-# on the right side marks the last column you can put a character in. You must
-# make exactly 11 lines for the formatting to be correct. It's also
-# customary to leave one space after the ':'.
-
- |-----handy-ruler------------------------------------------------------|
-openssl: openssl @VERSION@ (Secure Sockets Layer toolkit)
-openssl:
-openssl: The OpenSSL certificate management tool and the shared libraries
-openssl: that provide various encryption and decryption algorithms and
-openssl: protocols.
-openssl: This product includes software developed by the OpenSSL Project for
-openssl: use in the OpenSSL Toolkit (http://www.openssl.org). This product
-openssl: includes cryptographic software written by Eric Young
-openssl: (eay@cryptsoft.com). This product includes software written by Tim
-openssl: Hudson (tjh@cryptsoft.com).
-openssl:
Index: net/openssl/1.1.1r/Makefile
===================================================================
--- net/openssl/1.1.1r/Makefile (revision 419)
+++ net/openssl/1.1.1r/Makefile (nonexistent)
@@ -1,330 +0,0 @@
-
-COMPONENT_TARGETS = $(HARDWARE_INTEL_PC32)
-COMPONENT_TARGETS += $(HARDWARE_INTEL_PC64)
-COMPONENT_TARGETS += $(HARDWARE_EBOX_3350DX2)
-COMPONENT_TARGETS += $(HARDWARE_CB1X)
-COMPONENT_TARGETS += $(HARDWARE_CB2X)
-COMPONENT_TARGETS += $(HARDWARE_CB3X)
-COMPONENT_TARGETS += $(HARDWARE_ORANGE_PP2E)
-COMPONENT_TARGETS += $(HARDWARE_NANOPI_NEO)
-COMPONENT_TARGETS += $(HARDWARE_ORANGE_PP)
-COMPONENT_TARGETS += $(HARDWARE_ORANGE_PL2)
-COMPONENT_TARGETS += $(HARDWARE_ORANGE_PI5)
-COMPONENT_TARGETS += $(HARDWARE_ORANGE_PI5B)
-COMPONENT_TARGETS += $(HARDWARE_ORANGE_PI5P)
-COMPONENT_TARGETS += $(HARDWARE_ROCK_5B)
-COMPONENT_TARGETS += $(HARDWARE_WECHIP_TX6)
-COMPONENT_TARGETS += $(HARDWARE_REPKA_PI3)
-COMPONENT_TARGETS += $(HARDWARE_FFRK3288)
-COMPONENT_TARGETS += $(HARDWARE_POIN2)
-COMPONENT_TARGETS += $(HARDWARE_RK3328_CC)
-COMPONENT_TARGETS += $(HARDWARE_KHADAS_EDGE)
-COMPONENT_TARGETS += $(HARDWARE_LEEZ_P710)
-COMPONENT_TARGETS += $(HARDWARE_M201)
-COMPONENT_TARGETS += $(HARDWARE_MXV)
-COMPONENT_TARGETS += $(HARDWARE_P201)
-COMPONENT_TARGETS += $(HARDWARE_NEXBOX_A95X)
-COMPONENT_TARGETS += $(HARDWARE_ODROID_C2)
-COMPONENT_TARGETS += $(HARDWARE_P212)
-COMPONENT_TARGETS += $(HARDWARE_KHADAS_VIM)
-COMPONENT_TARGETS += $(HARDWARE_Q201)
-COMPONENT_TARGETS += $(HARDWARE_ENYBOX_X2)
-COMPONENT_TARGETS += $(HARDWARE_KHADAS_VIM2)
-COMPONENT_TARGETS += $(HARDWARE_NIT6Q)
-COMPONENT_TARGETS += $(HARDWARE_OKMX6DL_C)
-COMPONENT_TARGETS += $(HARDWARE_OKMX6Q_C)
-COMPONENT_TARGETS += $(HARDWARE_BONE_BLACK)
-COMPONENT_TARGETS += $(HARDWARE_OMAP5UEVM)
-COMPONENT_TARGETS += $(HARDWARE_DRA7XXEVM)
-COMPONENT_TARGETS += $(HARDWARE_CI20)
-COMPONENT_TARGETS += $(HARDWARE_BAIKAL_T1)
-COMPONENT_TARGETS += $(HARDWARE_BAIKAL_M1)
-COMPONENT_TARGETS += $(HARDWARE_S824L)
-COMPONENT_TARGETS += $(HARDWARE_VESNIN)
-COMPONENT_TARGETS += $(HARDWARE_S824L_LSB)
-COMPONENT_TARGETS += $(HARDWARE_VESNIN_LSB)
-COMPONENT_TARGETS += $(HARDWARE_TL2WK2)
-COMPONENT_TARGETS += $(HARDWARE_TL2SV2)
-COMPONENT_TARGETS += $(HARDWARE_TL2WK2_LSB)
-COMPONENT_TARGETS += $(HARDWARE_TL2SV2_LSB)
-COMPONENT_TARGETS += $(HARDWARE_VISIONFIVE2)
-COMPONENT_TARGETS += $(HARDWARE_SIFIVE_U740)
-
-
-NEED_ABS_PATH = true
-COMPONENT_IS_3PP = true
-
-
-include ../../../build-system/constants.mk
-
-
-SOURCE_REQUIRES = sources/packages/n/openssl
-
-ifeq ($(__USE_BUILT_GCC_LIBS__),yes)
-REQUIRES = dev/gcc/14.2.0
-else
-REQUIRES = libs/zlib/1.3.1
-REQUIRES += libs/gmp/6.3.0
-endif
-
-# ======= __END_OF_REQUIRES__ =======
-
-
-version = 1.1.1r
-tar_xz_archive = $(SRC_PACKAGE_PATH)/packages/n/openssl/openssl-$(version).tar.xz
-SRC_ARCHIVE = $(tar_xz_archive)
-SRC_DIR = $(TARGET_BUILD_DIR)/openssl-$(version)
-src_dir_name = openssl-$(version)
-src_done = $(TARGET_BUILD_DIR)/.source_done
-
-PATCHES = PATCHES
-
-build_target = $(TARGET_BUILD_DIR)/.build_done
-install_target = $(TARGET_BUILD_DIR)/.install_done
-
-cron_script = $(CURDIR)/cron/certwatch
-
-
-####### Targets
-
-PKG_GROUP = net
-
-#
-# *PKG_NAME & *PKG_VERSION shouldn't be a reference to value.
-#
-OPENSSL_PKG_NAME = openssl
-OPENSSL_PKG_VERSION = 1.1.1r
-OPENSSL_PKG_ARCH = $(PKGARCH)
-OPENSSL_PKG_DISTRO_NAME = $(DISTRO_NAME)
-OPENSSL_PKG_DISTRO_VERSION = $(DISTRO_VERSION)
-OPENSSL_PKG_GROUP = $(PKG_GROUP)
-### |---handy-ruler-------------------------------|
-OPENSSL_PKG_SHORT_DESCRIPTION = Secure Sockets Layer toolkit
-OPENSSL_PKG_URL = $(BUG_URL)
-OPENSSL_PKG_LICENSE = GPLv2
-OPENSSL_PKG_DESCRIPTION_FILE = $(TARGET_BUILD_DIR)/$(OPENSSL_PKG_NAME)-pkg-description
-OPENSSL_PKG_DESCRIPTION_FILE_IN = $(OPENSSL_PKG_NAME)-pkg-description.in
-OPENSSL_PKG_INSTALL_SCRIPT = $(OPENSSL_PKG_NAME)-pkg-install.sh
-
-OPENSSL_PKG = $(CURDIR)/$(TARGET_BUILD_DIR)/$(OPENSSL_PKG_NAME)-package
-
-pkg_basename = $(OPENSSL_PKG_NAME)-$(OPENSSL_PKG_VERSION)-$(OPENSSL_PKG_ARCH)-$(OPENSSL_PKG_DISTRO_NAME)-$(OPENSSL_PKG_DISTRO_VERSION)
-
-pkg_archive = $(TARGET_BUILD_DIR)/$(PKG_GROUP)/$(pkg_basename).$(pkg_arch_suffix)
-pkg_certificate = $(call cert-name,$(pkg_archive))
-pkg_signature = $(call sign-name,$(pkg_archive))
-pkg_description = $(call desc-name,$(pkg_archive))
-products = $(call pkg-files,$(pkg_archive))
-
-BUILD_TARGETS = $(build_target)
-BUILD_TARGETS += $(install_target)
-
-PRODUCT_TARGETS = $(products)
-
-ROOTFS_TARGETS = $(pkg_archive)
-
-
-include ../../../build-system/core.mk
-
-
-env_sysroot = DESTDIR=$(OPENSSL_PKG)
-
-
-# These are the known patent issues with OpenSSL:
-# name | expires
-# -------+------------------------------------
-# MDC-2: | 4,908,861 2007-03-13, not included
-# IDEA: | 5,214,703 2010-05-25, not included
-#
-# Although all of the above are expired, it's still
-# probably not a good idea to include them as there
-# are better algorithms to use.
-#
-extra_configure_switches = --libdir=lib$(LIBSUFFIX)
-extra_configure_switches += --openssldir=/etc/ssl
-extra_configure_switches += no-mdc2
-extra_configure_switches += no-ec2m
-extra_configure_switches += no-idea
-extra_configure_switches += no-sse2
-extra_configure_switches += enable-camellia
-extra_configure_switches += enable-seed
-extra_configure_switches += enable-rfc3779
-extra_configure_switches += enable-cms
-extra_configure_switches += enable-md2
-extra_configure_switches += enable-rc5
-extra_configure_switches += enable-ssl3
-extra_configure_switches += enable-ssl3-method
-extra_configure_switches += no-weak-ssl-ciphers
-extra_configure_switches += zlib
-extra_configure_switches += shared
-
-
-ifneq ($(filter $(TOOLCHAIN),$(TOOLCHAIN_I586_GLIBC)),)
-arch = i586
-endif
-ifneq ($(filter $(TOOLCHAIN),$(TOOLCHAIN_I686_GLIBC)),)
-arch = i686
-endif
-ifneq ($(filter $(TOOLCHAIN),$(TOOLCHAIN_X86_64_GLIBC)),)
-arch = x86_64
-openssl_environment = KERNEL_BITS=64
-endif
-ifneq ($(filter $(TOOLCHAIN),$(TOOLCHAIN_A1X_GLIBC) $(TOOLCHAIN_A2X_GLIBC) \
- $(TOOLCHAIN_H3_GLIBC) $(TOOLCHAIN_RK328X_GLIBC) \
- $(TOOLCHAIN_S8XX_GLIBC) $(TOOLCHAIN_IMX6_GLIBC) \
- $(TOOLCHAIN_AM335X_GLIBC) $(TOOLCHAIN_OMAP543X_GLIBC)),)
-arch = arm
-endif
-ifneq ($(filter $(TOOLCHAIN),$(TOOLCHAIN_H5_GLIBC) $(TOOLCHAIN_RK33XX_GLIBC) \
- $(TOOLCHAIN_RK339X_GLIBC) $(TOOLCHAIN_RK358X_GLIBC) \
- $(TOOLCHAIN_S9XX_GLIBC) \
- $(TOOLCHAIN_A311X_GLIBC) $(TOOLCHAIN_M1000_GLIBC)),)
-arch = aarch64
-openssl_environment = KERNEL_BITS=64
-endif
-ifneq ($(filter $(TOOLCHAIN),$(TOOLCHAIN_JZ47XX_GLIBC) $(TOOLCHAIN_P5600_GLIBC)),)
-arch = mips32
-endif
-ifneq ($(filter $(TOOLCHAIN),$(TOOLCHAIN_POWER8_GLIBC) $(TOOLCHAIN_POWER9_GLIBC)),)
-arch = ppc64
-openssl_environment = KERNEL_BITS=64
-endif
-ifneq ($(filter $(TOOLCHAIN),$(TOOLCHAIN_POWER8LE_GLIBC) $(TOOLCHAIN_POWER9LE_GLIBC)),)
-arch = ppc64le
-openssl_environment = KERNEL_BITS=64
-endif
-ifneq ($(filter $(TOOLCHAIN),$(TOOLCHAIN_RISCV64_GLIBC)),)
-arch = generic64
-openssl_environment = KERNEL_BITS=64
-endif
-
-openssl_environment += MACHINE=$(arch) SYSTEM=Linux
-
-
-####### Dependencies
-
-$(src_done): $(SRC_ARCHIVE) $(PATCHES_DEP)
- $(UNPACK_SRC_ARCHIVE)
- $(APPLY_PATCHES)
- @( cd $(SRC_DIR) ; \
- find . -name "*.pod" -exec sed -i "s/^\=item \([0-9]\)\(\ \|\.\|$$\)/\=item C<\1>/g" {} \; \
- )
- @touch $@
-
-$(build_target): $(src_done)
- @cd $(SRC_DIR) && \
- $(BUILD_ENVIRONMENT) $(openssl_environment) ./config \
- --prefix=/usr \
- $(extra_configure_switches) \
- $(ARCH_FLAGS) \
- $(HW_FLAGS)
- @cd $(SRC_DIR) && $(BUILD_ENVIRONMENT) $(MAKE)
- @touch $@
-
-$(install_target): $(build_target)
- @mkdir -p $(OPENSSL_PKG)
- @cd $(SRC_DIR) && $(BUILD_ENVIRONMENT) $(MAKE) -j1 MANDIR=/usr/share/man install $(env_sysroot)
-ifneq ($(__ENABLE_STATIC__),yes)
- @rm -f $(OPENSSL_PKG)/usr/lib$(LIBSUFFIX)/*.a
-endif
- @mv $(OPENSSL_PKG)/etc/ssl/openssl.cnf $(OPENSSL_PKG)/etc/ssl/openssl.cnf.new
- @rm $(OPENSSL_PKG)/etc/ssl/openssl.cnf.dist
- @rm $(OPENSSL_PKG)/etc/ssl/ct_log_list.cnf.dist
- # ======= Add a cron script to warn root if a certificate is going to expire soon:
- @mkdir -p $(OPENSSL_PKG)/etc/cron.daily
- @cat $(cron_script) > $(OPENSSL_PKG)/etc/cron.daily/certwatch.new
- @chmod 755 $(OPENSSL_PKG)/etc/cron.daily/certwatch.new
- @mkdir -p $(OPENSSL_PKG)/lib$(LIBSUFFIX)
- @( cd $(OPENSSL_PKG)/usr/lib$(LIBSUFFIX) ; \
- chmod +w lib*.so.?.? ; \
- mv lib*.so.?.? ../../lib$(LIBSUFFIX) ; \
- ln -sf ../../lib$(LIBSUFFIX)/lib*.so.?.? . ; \
- ln -sf libcrypto.so.?.? libcrypto.so.1 ; \
- ln -sf libssl.so.?.? libssl.so.1 ; \
- cp -a lib*.so.? ../../lib$(LIBSUFFIX) ; \
- )
- # ======= Fix manpage name collisions =======
- @( cd $(OPENSSL_PKG)/usr/share/man/man1 ; \
- mv passwd.1 ssl_passwd.1 ; \
- for file in *.1 ; do \
- if [ -L $$file ]; then \
- if [ "$$(readlink $$file)" = "passwd.1" ]; then \
- rm -f $$file ; \
- ln -sf ssl_passwd.1 $$file ; \
- fi ; \
- fi ; \
- done \
- )
- # ======= Install Documentation =======
- @if [ -d $(OPENSSL_PKG)/usr/share/man ]; then \
- ( cd $(OPENSSL_PKG)/usr/share/man ; \
- for manpagedir in `find . -type d -name "man*"` ; do \
- ( cd $$manpagedir ; \
- for eachpage in `find . -type l -maxdepth 1` ; do \
- ln -s `readlink $$eachpage`.gz $$eachpage.gz ; \
- rm $$eachpage ; \
- done ; \
- gzip -9 *.? ; \
- ) \
- done \
- ) \
- fi
- @mkdir -p $(OPENSSL_PKG)/usr/doc/$(src_dir_name)
- @cp -a $(SRC_DIR)/AUTHORS $(SRC_DIR)/LICENSE \
- $(OPENSSL_PKG)/usr/doc/$(src_dir_name)
- @( cd $(OPENSSL_PKG)/usr/share/doc ; \
- mv openssl $(src_dir_name) ; \
- )
- @( cd $(SRC_DIR) ; \
- cp -a ACKNOWLEDGEMENTS AUTHORS CONTRIBUTING FAQ INSTALL LICENSE NEWS \
- README README.ENGINE doc/HOWTO doc/*.txt \
- $(OPENSSL_PKG)/usr/share/doc/$(src_dir_name) ; \
- )
- @( cd $(SRC_DIR) ; \
- if [ -r CHANGES ]; then \
- DOCSDIR=`echo $(OPENSSL_PKG)/usr/share/doc/$(src_dir_name)` ; \
- cat CHANGES | head -n 1000 > $$DOCSDIR/CHANGES ; \
- touch -r CHANGES $$DOCSDIR/CHANGES ; \
- fi \
- )
- # ======= Install the same to $(TARGET_DEST_DIR) =======
- $(call install-into-devenv, $(OPENSSL_PKG))
- # ======= tune pkg-config *.pc search path to the target destination for development =======
- @( cd $(TARGET_DEST_DIR)/usr/lib$(LIBSUFFIX)/pkgconfig ; \
- sed -i "s,/usr,$(TARGET_DEST_DIR)/usr,g" libcrypto.pc libssl.pc openssl.pc \
- )
- # ======= Strip binaries =======
- @( cd $(OPENSSL_PKG) ; \
- find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs $(STRIP) --strip-unneeded 2> /dev/null ; \
- find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs $(STRIP) --strip-unneeded 2> /dev/null ; \
- )
-ifeq ($(__ENABLE_STATIC__),yes)
- @( cd $(OPENSSL_PKG) ; \
- find . | xargs file | grep "current ar archive" | cut -f 1 -d : | xargs $(STRIP) -g 2> /dev/null ; \
- )
-endif
- @touch $@
-
-$(OPENSSL_PKG_DESCRIPTION_FILE): $(OPENSSL_PKG_DESCRIPTION_FILE_IN)
- @cat $< | $(SED) -e "s/@VERSION@/$(version)/g" > $@
-
-$(pkg_certificate) : $(pkg_archive) ;
-$(pkg_signature) : $(pkg_archive) ;
-$(pkg_description) : $(pkg_archive) ;
-
-$(pkg_archive): $(install_target) $(OPENSSL_PKG_DESCRIPTION_FILE) $(OPENSSL_PKG_INSTALL_SCRIPT)
- @cp $(OPENSSL_PKG_DESCRIPTION_FILE) $(OPENSSL_PKG)/.DESCRIPTION
- @cp $(OPENSSL_PKG_INSTALL_SCRIPT) $(OPENSSL_PKG)/.INSTALL
- @$(BUILD_PKG_REQUIRES) $(OPENSSL_PKG)/.REQUIRES
- @echo "pkgname=$(OPENSSL_PKG_NAME)" > $(OPENSSL_PKG)/.PKGINFO ; \
- echo "pkgver=$(OPENSSL_PKG_VERSION)" >> $(OPENSSL_PKG)/.PKGINFO ; \
- echo "arch=$(OPENSSL_PKG_ARCH)" >> $(OPENSSL_PKG)/.PKGINFO ; \
- echo "distroname=$(OPENSSL_PKG_DISTRO_NAME)" >> $(OPENSSL_PKG)/.PKGINFO ; \
- echo "distrover=$(OPENSSL_PKG_DISTRO_VERSION)" >> $(OPENSSL_PKG)/.PKGINFO ; \
- echo "group=$(OPENSSL_PKG_GROUP)" >> $(OPENSSL_PKG)/.PKGINFO ; \
- echo "short_description=\"$(OPENSSL_PKG_SHORT_DESCRIPTION)\"" >> $(OPENSSL_PKG)/.PKGINFO ; \
- echo "url=$(OPENSSL_PKG_URL)" >> $(OPENSSL_PKG)/.PKGINFO ; \
- echo "license=$(OPENSSL_PKG_LICENSE)" >> $(OPENSSL_PKG)/.PKGINFO
- @$(PSEUDO) sh -c "cd $(OPENSSL_PKG) && \
- chown -R root:root . && \
- $(MAKE_PACKAGE) -J --linkadd=yes $(GNUPG_OPTIONS) -m -d .. ."
Index: net/openssl/1.1.1r
===================================================================
--- net/openssl/1.1.1r (revision 419)
+++ net/openssl/1.1.1r (nonexistent)
Property changes on: net/openssl/1.1.1r
___________________________________________________________________
Deleted: svn:ignore
## -1,74 +0,0 ##
-
-# install dir
-dist
-
-# Target build dirs
-.a1x-newlib
-.a2x-newlib
-.at91sam7s-newlib
-
-.build-machine
-
-.a1x-glibc
-.a2x-glibc
-.h3-glibc
-.h5-glibc
-.i586-glibc
-.i686-glibc
-.imx6-glibc
-.jz47xx-glibc
-.makefile
-.am335x-glibc
-.omap543x-glibc
-.p5600-glibc
-.power8-glibc
-.power8le-glibc
-.power9-glibc
-.power9le-glibc
-.m1000-glibc
-.riscv64-glibc
-.rk328x-glibc
-.rk33xx-glibc
-.rk339x-glibc
-.rk358x-glibc
-.s8xx-glibc
-.s9xx-glibc
-.x86_64-glibc
-
-# Hidden files (each file)
-.makefile
-.dist
-.rootfs
-
-# src & hw requires
-.src_requires
-.src_requires_depend
-.requires
-.requires_depend
-
-# Tarballs
-*.gz
-*.bz2
-*.lz
-*.xz
-*.tgz
-*.txz
-
-# Signatures
-*.asc
-*.sig
-*.sign
-*.sha1sum
-
-# Patches
-*.patch
-
-# Descriptions
-*.dsc
-*.txt
-
-# Default linux config files
-*.defconfig
-
-# backup copies
-*~
Index: net/openssl/3.4.0/Makefile
===================================================================
--- net/openssl/3.4.0/Makefile (nonexistent)
+++ net/openssl/3.4.0/Makefile (revision 420)
@@ -0,0 +1,323 @@
+
+COMPONENT_TARGETS = $(HARDWARE_INTEL_PC32)
+COMPONENT_TARGETS += $(HARDWARE_INTEL_PC64)
+COMPONENT_TARGETS += $(HARDWARE_EBOX_3350DX2)
+COMPONENT_TARGETS += $(HARDWARE_CB1X)
+COMPONENT_TARGETS += $(HARDWARE_CB2X)
+COMPONENT_TARGETS += $(HARDWARE_CB3X)
+COMPONENT_TARGETS += $(HARDWARE_ORANGE_PP2E)
+COMPONENT_TARGETS += $(HARDWARE_NANOPI_NEO)
+COMPONENT_TARGETS += $(HARDWARE_ORANGE_PP)
+COMPONENT_TARGETS += $(HARDWARE_ORANGE_PL2)
+COMPONENT_TARGETS += $(HARDWARE_ORANGE_PI5)
+COMPONENT_TARGETS += $(HARDWARE_ORANGE_PI5B)
+COMPONENT_TARGETS += $(HARDWARE_ORANGE_PI5P)
+COMPONENT_TARGETS += $(HARDWARE_ROCK_5B)
+COMPONENT_TARGETS += $(HARDWARE_WECHIP_TX6)
+COMPONENT_TARGETS += $(HARDWARE_REPKA_PI3)
+COMPONENT_TARGETS += $(HARDWARE_FFRK3288)
+COMPONENT_TARGETS += $(HARDWARE_POIN2)
+COMPONENT_TARGETS += $(HARDWARE_RK3328_CC)
+COMPONENT_TARGETS += $(HARDWARE_KHADAS_EDGE)
+COMPONENT_TARGETS += $(HARDWARE_LEEZ_P710)
+COMPONENT_TARGETS += $(HARDWARE_M201)
+COMPONENT_TARGETS += $(HARDWARE_MXV)
+COMPONENT_TARGETS += $(HARDWARE_P201)
+COMPONENT_TARGETS += $(HARDWARE_NEXBOX_A95X)
+COMPONENT_TARGETS += $(HARDWARE_ODROID_C2)
+COMPONENT_TARGETS += $(HARDWARE_P212)
+COMPONENT_TARGETS += $(HARDWARE_KHADAS_VIM)
+COMPONENT_TARGETS += $(HARDWARE_Q201)
+COMPONENT_TARGETS += $(HARDWARE_ENYBOX_X2)
+COMPONENT_TARGETS += $(HARDWARE_KHADAS_VIM2)
+COMPONENT_TARGETS += $(HARDWARE_NIT6Q)
+COMPONENT_TARGETS += $(HARDWARE_OKMX6DL_C)
+COMPONENT_TARGETS += $(HARDWARE_OKMX6Q_C)
+COMPONENT_TARGETS += $(HARDWARE_BONE_BLACK)
+COMPONENT_TARGETS += $(HARDWARE_OMAP5UEVM)
+COMPONENT_TARGETS += $(HARDWARE_DRA7XXEVM)
+COMPONENT_TARGETS += $(HARDWARE_CI20)
+COMPONENT_TARGETS += $(HARDWARE_BAIKAL_T1)
+COMPONENT_TARGETS += $(HARDWARE_BAIKAL_M1)
+COMPONENT_TARGETS += $(HARDWARE_S824L)
+COMPONENT_TARGETS += $(HARDWARE_VESNIN)
+COMPONENT_TARGETS += $(HARDWARE_S824L_LSB)
+COMPONENT_TARGETS += $(HARDWARE_VESNIN_LSB)
+COMPONENT_TARGETS += $(HARDWARE_TL2WK2)
+COMPONENT_TARGETS += $(HARDWARE_TL2SV2)
+COMPONENT_TARGETS += $(HARDWARE_TL2WK2_LSB)
+COMPONENT_TARGETS += $(HARDWARE_TL2SV2_LSB)
+COMPONENT_TARGETS += $(HARDWARE_VISIONFIVE2)
+COMPONENT_TARGETS += $(HARDWARE_SIFIVE_U740)
+
+
+NEED_ABS_PATH = true
+COMPONENT_IS_3PP = true
+
+
+include ../../../build-system/constants.mk
+
+
+SOURCE_REQUIRES = sources/packages/n/openssl
+
+ifeq ($(__USE_BUILT_GCC_LIBS__),yes)
+REQUIRES = dev/gcc/14.2.0
+else
+REQUIRES = libs/zlib/1.3.1
+REQUIRES += libs/gmp/6.3.0
+endif
+
+# ======= __END_OF_REQUIRES__ =======
+
+
+version = 3.4.0
+tar_xz_archive = $(SRC_PACKAGE_PATH)/packages/n/openssl/openssl-$(version).tar.xz
+SRC_ARCHIVE = $(tar_xz_archive)
+SRC_DIR = $(TARGET_BUILD_DIR)/openssl-$(version)
+src_dir_name = openssl-$(version)
+src_done = $(TARGET_BUILD_DIR)/.source_done
+
+PATCHES = PATCHES
+
+build_target = $(TARGET_BUILD_DIR)/.build_done
+install_target = $(TARGET_BUILD_DIR)/.install_done
+
+cron_script = $(CURDIR)/cron/certwatch
+
+
+####### Targets
+
+PKG_GROUP = net
+
+#
+# *PKG_NAME & *PKG_VERSION shouldn't be a reference to value.
+#
+OPENSSL_PKG_NAME = openssl
+OPENSSL_PKG_VERSION = 3.4.0
+OPENSSL_PKG_ARCH = $(PKGARCH)
+OPENSSL_PKG_DISTRO_NAME = $(DISTRO_NAME)
+OPENSSL_PKG_DISTRO_VERSION = $(DISTRO_VERSION)
+OPENSSL_PKG_GROUP = $(PKG_GROUP)
+### |---handy-ruler-------------------------------|
+OPENSSL_PKG_SHORT_DESCRIPTION = Secure Sockets Layer toolkit
+OPENSSL_PKG_URL = $(BUG_URL)
+OPENSSL_PKG_LICENSE = Apache-v2.0
+OPENSSL_PKG_DESCRIPTION_FILE = $(TARGET_BUILD_DIR)/$(OPENSSL_PKG_NAME)-pkg-description
+OPENSSL_PKG_DESCRIPTION_FILE_IN = $(OPENSSL_PKG_NAME)-pkg-description.in
+OPENSSL_PKG_INSTALL_SCRIPT = $(OPENSSL_PKG_NAME)-pkg-install.sh
+
+OPENSSL_PKG = $(CURDIR)/$(TARGET_BUILD_DIR)/$(OPENSSL_PKG_NAME)-package
+
+pkg_basename = $(OPENSSL_PKG_NAME)-$(OPENSSL_PKG_VERSION)-$(OPENSSL_PKG_ARCH)-$(OPENSSL_PKG_DISTRO_NAME)-$(OPENSSL_PKG_DISTRO_VERSION)
+
+pkg_archive = $(TARGET_BUILD_DIR)/$(PKG_GROUP)/$(pkg_basename).$(pkg_arch_suffix)
+pkg_certificate = $(call cert-name,$(pkg_archive))
+pkg_signature = $(call sign-name,$(pkg_archive))
+pkg_description = $(call desc-name,$(pkg_archive))
+products = $(call pkg-files,$(pkg_archive))
+
+BUILD_TARGETS = $(build_target)
+BUILD_TARGETS += $(install_target)
+
+PRODUCT_TARGETS = $(products)
+
+ROOTFS_TARGETS = $(pkg_archive)
+
+
+include ../../../build-system/core.mk
+
+
+env_sysroot = DESTDIR=$(OPENSSL_PKG)
+
+
+# These are the known patent issues with OpenSSL:
+# name | expires
+# -------+------------------------------------
+# MDC-2: | 4,908,861 2007-03-13, not included
+# IDEA: | 5,214,703 2010-05-25, not included
+#
+# Although all of the above are expired, it's still
+# probably not a good idea to include them as there
+# are better algorithms to use.
+#
+extra_configure_switches = --libdir=lib$(LIBSUFFIX)
+extra_configure_switches += --openssldir=/etc/ssl
+extra_configure_switches += no-mdc2
+extra_configure_switches += no-ec2m
+extra_configure_switches += no-sm2
+extra_configure_switches += no-sm4
+extra_configure_switches += no-sse2
+extra_configure_switches += no-weak-ssl-ciphers
+extra_configure_switches += enable-camellia
+extra_configure_switches += enable-seed
+extra_configure_switches += enable-rfc3779
+extra_configure_switches += enable-cms
+extra_configure_switches += enable-md2
+extra_configure_switches += enable-rc5
+extra_configure_switches += enable-ssl3
+extra_configure_switches += enable-ssl3-method
+extra_configure_switches += zlib
+extra_configure_switches += shared
+
+
+ifneq ($(filter $(TOOLCHAIN),$(TOOLCHAIN_I586_GLIBC)),)
+arch = x86
+bits =
+endif
+ifneq ($(filter $(TOOLCHAIN),$(TOOLCHAIN_I686_GLIBC)),)
+arch = x86
+bits =
+endif
+ifneq ($(filter $(TOOLCHAIN),$(TOOLCHAIN_X86_64_GLIBC)),)
+arch = x86_64
+bits =
+endif
+ifneq ($(filter $(TOOLCHAIN),$(TOOLCHAIN_A1X_GLIBC) $(TOOLCHAIN_A2X_GLIBC) \
+ $(TOOLCHAIN_H3_GLIBC) $(TOOLCHAIN_RK328X_GLIBC) \
+ $(TOOLCHAIN_S8XX_GLIBC) $(TOOLCHAIN_IMX6_GLIBC) \
+ $(TOOLCHAIN_AM335X_GLIBC) $(TOOLCHAIN_OMAP543X_GLIBC)),)
+arch = generic32
+bits =
+endif
+ifneq ($(filter $(TOOLCHAIN),$(TOOLCHAIN_H5_GLIBC) $(TOOLCHAIN_RK33XX_GLIBC) \
+ $(TOOLCHAIN_RK339X_GLIBC) $(TOOLCHAIN_RK358X_GLIBC) \
+ $(TOOLCHAIN_S9XX_GLIBC) \
+ $(TOOLCHAIN_A311X_GLIBC) $(TOOLCHAIN_M1000_GLIBC)),)
+arch = aarch64
+bits =
+endif
+ifneq ($(filter $(TOOLCHAIN),$(TOOLCHAIN_JZ47XX_GLIBC) $(TOOLCHAIN_P5600_GLIBC)),)
+arch = mips32
+bits =
+endif
+ifneq ($(filter $(TOOLCHAIN),$(TOOLCHAIN_POWER8_GLIBC) $(TOOLCHAIN_POWER9_GLIBC)),)
+arch = ppc64
+bits =
+endif
+ifneq ($(filter $(TOOLCHAIN),$(TOOLCHAIN_POWER8LE_GLIBC) $(TOOLCHAIN_POWER9LE_GLIBC)),)
+arch = ppc64le
+bits =
+endif
+ifneq ($(filter $(TOOLCHAIN),$(TOOLCHAIN_RISCV64_GLIBC)),)
+arch = riscv64
+bits = 64
+endif
+
+
+LDFLAGS += -Wl,-rpath,/lib$(LIBSUFFIX):/usr/lib$(LIBSUFFIX)
+
+
+####### Dependencies
+
+$(src_done): $(SRC_ARCHIVE) $(PATCHES_DEP)
+ $(UNPACK_SRC_ARCHIVE)
+ $(APPLY_PATCHES)
+ @( cd $(SRC_DIR) ; \
+ find . -name "*.pod" -exec sed -i "s/^\=item \([0-9]\)\(\ \|\.\|$$\)/\=item C<\1>/g" {} \; \
+ )
+ @touch $@
+
+#$(BUILD_ENVIRONMENT) $(openssl_environment)
+
+$(build_target): $(src_done)
+ @cd $(SRC_DIR) && \
+ ./Configure linux$(bits)-$(arch) --cross-compile-prefix=$(CROSS_PREFIX) \
+ --prefix=/usr \
+ $(extra_configure_switches) \
+ $(CFLAGS)
+ @cd $(SRC_DIR) && $(MAKE) $(BUILD_ENVIRONMENT)
+ @touch $@
+
+$(install_target): $(build_target)
+ @mkdir -p $(OPENSSL_PKG)
+ @cd $(SRC_DIR) && $(BUILD_ENVIRONMENT) $(MAKE) -j1 MANDIR=/usr/share/man install $(env_sysroot)
+ifneq ($(__ENABLE_STATIC__),yes)
+ @rm -f $(OPENSSL_PKG)/usr/lib$(LIBSUFFIX)/*.a
+endif
+ @mv $(OPENSSL_PKG)/etc/ssl/openssl.cnf $(OPENSSL_PKG)/etc/ssl/openssl.cnf.new
+ @rm $(OPENSSL_PKG)/etc/ssl/openssl.cnf.dist
+ @rm $(OPENSSL_PKG)/etc/ssl/ct_log_list.cnf.dist
+ # ======= Add a cron script to warn root if a certificate is going to expire soon:
+ @mkdir -p $(OPENSSL_PKG)/etc/cron.daily
+ @cat $(cron_script) > $(OPENSSL_PKG)/etc/cron.daily/certwatch.new
+ @chmod 755 $(OPENSSL_PKG)/etc/cron.daily/certwatch.new
+ @mkdir -p $(OPENSSL_PKG)/lib$(LIBSUFFIX)
+ @( cd $(OPENSSL_PKG)/usr/lib$(LIBSUFFIX) ; \
+ chmod +w lib*.so.? ; \
+ mv lib*.so.? ../../lib$(LIBSUFFIX) ; \
+ ln -sf ../../lib$(LIBSUFFIX)/lib*.so.? . ; \
+ cp -a lib*.so ../../lib$(LIBSUFFIX) ; \
+ )
+ @sed -e 's,/include $$,/include,' -i $(OPENSSL_PKG)/usr/lib$(LIBSUFFIX)/pkgconfig/*.pc
+ # ======= Install Documentation =======
+ @if [ -d $(OPENSSL_PKG)/usr/share/man ]; then \
+ ( cd $(OPENSSL_PKG)/usr/share/man ; \
+ for manpagedir in `find . -type d -name "man*"` ; do \
+ ( cd $$manpagedir ; \
+ for eachpage in `find . -type l -maxdepth 1` ; do \
+ ln -s `readlink $$eachpage`.gz $$eachpage.gz ; \
+ rm $$eachpage ; \
+ done ; \
+ gzip -9 *.?ossl ; \
+ ) \
+ done \
+ ) \
+ fi
+ @rm -rf $(OPENSSL_PKG)/usr/share/doc
+ @mkdir -p $(OPENSSL_PKG)/usr/doc/$(src_dir_name)
+ @cp -a $(SRC_DIR)/AUTHORS* $(SRC_DIR)/LICENSE* \
+ $(OPENSSL_PKG)/usr/doc/$(src_dir_name)
+ @mkdir -p $(OPENSSL_PKG)/usr/share/doc/$(src_dir_name)
+ @( cd $(SRC_DIR) ; \
+ cp -a ACKNOWLEDGEMENTS* AUTHORS* CONTRIBUTING* INSTALL* LICENSE* NEWS* \
+ NOTES* README* doc/{HOWTO,designs,images} doc/*.txt \
+ $(OPENSSL_PKG)/usr/share/doc/$(src_dir_name) ; \
+ )
+ @( cd $(SRC_DIR) ; \
+ if [ -r CHANGES.md ]; then \
+ DOCSDIR=`echo $(OPENSSL_PKG)/usr/share/doc/$(src_dir_name)` ; \
+ cat CHANGES.md | head -n 1000 > $$DOCSDIR/CHANGES.md ; \
+ touch -r CHANGES.md $$DOCSDIR/CHANGES.md ; \
+ fi \
+ )
+ # ======= Install the same to $(TARGET_DEST_DIR) =======
+ $(call install-into-devenv, $(OPENSSL_PKG))
+ # ======= Tune pkg-config *.pc search path to the target destination for development =======
+ @( cd $(TARGET_DEST_DIR)/usr/lib$(LIBSUFFIX)/pkgconfig ; \
+ sed -i "s,/usr,$(TARGET_DEST_DIR)/usr,g" libcrypto.pc libssl.pc openssl.pc \
+ )
+ # ======= Strip binaries =======
+ @( cd $(OPENSSL_PKG) ; \
+ find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs $(STRIP) --strip-unneeded 2> /dev/null ; \
+ find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs $(STRIP) --strip-unneeded 2> /dev/null ; \
+ )
+ifeq ($(__ENABLE_STATIC__),yes)
+ @( cd $(OPENSSL_PKG) ; \
+ find . | xargs file | grep "current ar archive" | cut -f 1 -d : | xargs $(STRIP) -g 2> /dev/null ; \
+ )
+endif
+ @touch $@
+
+$(OPENSSL_PKG_DESCRIPTION_FILE): $(OPENSSL_PKG_DESCRIPTION_FILE_IN)
+ @cat $< | $(SED) -e "s/@VERSION@/$(version)/g" > $@
+
+$(pkg_certificate) : $(pkg_archive) ;
+$(pkg_signature) : $(pkg_archive) ;
+$(pkg_description) : $(pkg_archive) ;
+
+$(pkg_archive): $(install_target) $(OPENSSL_PKG_DESCRIPTION_FILE) $(OPENSSL_PKG_INSTALL_SCRIPT)
+ @cp $(OPENSSL_PKG_DESCRIPTION_FILE) $(OPENSSL_PKG)/.DESCRIPTION
+ @cp $(OPENSSL_PKG_INSTALL_SCRIPT) $(OPENSSL_PKG)/.INSTALL
+ @$(BUILD_PKG_REQUIRES) $(OPENSSL_PKG)/.REQUIRES
+ @echo "pkgname=$(OPENSSL_PKG_NAME)" > $(OPENSSL_PKG)/.PKGINFO ; \
+ echo "pkgver=$(OPENSSL_PKG_VERSION)" >> $(OPENSSL_PKG)/.PKGINFO ; \
+ echo "arch=$(OPENSSL_PKG_ARCH)" >> $(OPENSSL_PKG)/.PKGINFO ; \
+ echo "distroname=$(OPENSSL_PKG_DISTRO_NAME)" >> $(OPENSSL_PKG)/.PKGINFO ; \
+ echo "distrover=$(OPENSSL_PKG_DISTRO_VERSION)" >> $(OPENSSL_PKG)/.PKGINFO ; \
+ echo "group=$(OPENSSL_PKG_GROUP)" >> $(OPENSSL_PKG)/.PKGINFO ; \
+ echo "short_description=\"$(OPENSSL_PKG_SHORT_DESCRIPTION)\"" >> $(OPENSSL_PKG)/.PKGINFO ; \
+ echo "url=$(OPENSSL_PKG_URL)" >> $(OPENSSL_PKG)/.PKGINFO ; \
+ echo "license=$(OPENSSL_PKG_LICENSE)" >> $(OPENSSL_PKG)/.PKGINFO
+ @$(PSEUDO) sh -c "cd $(OPENSSL_PKG) && \
+ chown -R root:root . && \
+ $(MAKE_PACKAGE) -J --linkadd=yes $(GNUPG_OPTIONS) -m -d .. ."
Index: net/openssl/3.4.0/PATCHES
===================================================================
--- net/openssl/3.4.0/PATCHES (nonexistent)
+++ net/openssl/3.4.0/PATCHES (revision 420)
@@ -0,0 +1,2 @@
+
+../../../sources/packages/n/openssl/patches/openssl-3.4.0-legacy-provider.patch -p0
Index: net/openssl/3.4.0/cron/certwatch
===================================================================
--- net/openssl/3.4.0/cron/certwatch (nonexistent)
+++ net/openssl/3.4.0/cron/certwatch (revision 420)
@@ -0,0 +1,129 @@
+#!/bin/sh
+#
+# Will check all certificates stored in $CERTDIR for their expiration date,
+# and will display (if optional "stdout" argument is given), or mail a warning
+# message to $MAILADDR (if script is executed without any parameter
+# - unattended mode suitable for cron execution) for each particular certificate
+# that is about to expire in time less to, or equal to $DAYS after this script
+# has been executed, or if it has already expired.
+# This stupid script (C) 2006,2007 Jan Rafaj
+
+########################## CONFIGURATION SECTION BEGIN #########################
+# Note: all settings are mandatory
+# Warning will be sent if a certificate expires in time <= days given here
+DAYS=7
+# E-mail address where to send warnings
+MAILADDR=root
+# Directory with certificates to check
+CERTDIR=/etc/ssl/certs
+# Directory where to keep state files if this script isnt executed with "stdout"
+STATEDIR=/var/run
+########################### CONFIGURATION SECTION END ##########################
+
+PATH=/bin:/usr/bin:/sbin:/usr/sbin
+DAY_IN_SECS=$((60*60*24))
+DATE_CURRENT=$(date '+%s')
+
+usage()
+{
+ echo "Usage: $0 [stdout]"
+ echo
+ echo "Detailed description and configuration is embedded within the script."
+ exit 0
+}
+
+message()
+{
+ cat << EOF
+ WARNING: certificate $certfile
+ is about to expire in time equal to or less than $DAYS days from now on,
+ or has already expired - it might be a good idea to obtain/create new one.
+
+EOF
+}
+
+message_mail()
+{
+ message
+ cat << EOF
+ NOTE: This message is being sent only once.
+
+ A lock-file
+ $STATEDIR/certwatch-mailwarning-sent-$certfilebase
+ has been created, which will prevent this script from mailing you again
+ upon its subsequent executions by crond. You dont need to care about it;
+ the file will be auto-deleted as soon as you'll prolong your certificate.
+EOF
+}
+
+unset stdout
+case $# in
+ 0) ;;
+ 1) if [ "$1" = "-h" -o "$1" == "--help" ]; then
+ usage
+ elif [ "$1" = "stdout" ]; then
+ stdout=1
+ else
+ usage
+ fi
+ ;;
+ *) usage ;;
+esac
+
+for dir in $STATEDIR $CERTDIR ; do
+ if [ ! -d $dir ]; then
+ echo "ERROR: directory $dir does not exist"
+ exit 1
+ fi
+done
+for binary in basename date find grep mail openssl touch ; do
+ if [ ! \( -x /usr/bin/$binary -o -x /bin/$binary \) ]; then
+ echo "ERROR: /usr/bin/$binary not found"
+ exit 1
+ fi
+done
+
+find $CERTDIR -type f -maxdepth 1 | while read certfile ; do
+ if [ "$certfile" != "/etc/ssl/certs/ca-certificates.crt" ]; then
+ certfilebase="$(basename "$certfile")"
+ inform=PEM
+ echo "$certfile" | grep -q -i '\.net$'
+ if [ $? -eq 0 ]; then
+ # This is based purely on filename extension, so may give false results.
+ # But lets assume noone uses NET format certs today, ok?
+ continue
+ fi
+ echo "$certfile" | grep -q -i '\.der$'
+ if [ $? -eq 0 -o "$(file "$certfile" | egrep '(ASCII|PEM)')" == "" ]; then
+ inform=DER
+ fi
+ # We wont use '-checkend' since it is not properly documented (as of
+ # OpenSSL 0.9.8e).
+ DATE_CERT_EXPIRES=$(openssl x509 -in "$certfile" -inform $inform -noout -enddate | sed 's/^notAfter=//')
+ DATE_CERT_EXPIRES=$(date -d"$DATE_CERT_EXPIRES" +%s)
+ if [ $(($DATE_CERT_EXPIRES - $DATE_CURRENT)) -le $(($DAYS * $DAY_IN_SECS)) ]
+ then
+ if [ $stdout ]; then
+ message
+ else
+ if [ ! -f $STATEDIR/certwatch-mailwarning-sent-"$certfilebase" ]; then
+ subject="$0: certificate $certfile expiration warning"
+ message_mail | mail -r "certwatch@$HOSTNAME" \
+ -s "$subject" \
+ $MAILADDR 2>/dev/null
+ # echo "Mail about expiring certificate $certfile sent to $MAILADDR."
+ # echo "If you need to send it again, please remove lock-file"
+ # echo "$STATEDIR/certwatch-mailwarning-sent-$certfilebase ."
+ # echo
+ fi
+ touch $STATEDIR/certwatch-mailwarning-sent-"$certfilebase"
+ fi
+ else
+ if [ ! $stdout ]; then
+ if [ -f $STATEDIR/certwatch-mailwarning-sent-"$certfilebase" ]; then
+ rm $STATEDIR/certwatch-mailwarning-sent-"$certfilebase"
+ fi
+ fi
+ fi
+ fi
+done
Index: net/openssl/3.4.0/openssl-pkg-description.in
===================================================================
--- net/openssl/3.4.0/openssl-pkg-description.in (nonexistent)
+++ net/openssl/3.4.0/openssl-pkg-description.in (revision 420)
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description. Line
+# up the first '|' above the ':' following the base package name, and the '|'
+# on the right side marks the last column you can put a character in. You must
+# make exactly 11 lines for the formatting to be correct. It's also
+# customary to leave one space after the ':'.
+
+ |-----handy-ruler------------------------------------------------------|
+openssl: openssl @VERSION@ (Secure Sockets Layer toolkit)
+openssl:
+openssl: The OpenSSL certificate management tool and the shared libraries
+openssl: that provide various encryption and decryption algorithms and
+openssl: protocols.
+openssl: This product includes software developed by the OpenSSL Project for
+openssl: use in the OpenSSL Toolkit (http://www.openssl.org). This product
+openssl: includes cryptographic software written by Eric Young
+openssl: (eay@cryptsoft.com). This product includes software written by Tim
+openssl: Hudson (tjh@cryptsoft.com).
+openssl:
Index: net/openssl/3.4.0/openssl-pkg-install.sh
===================================================================
--- net/openssl/3.4.0/openssl-pkg-install.sh (nonexistent)
+++ net/openssl/3.4.0/openssl-pkg-install.sh (revision 420)
@@ -0,0 +1,67 @@
+#!/bin/sh
+
+# Preserve new files
+install_file() {
+ NEW="$1"
+ OLD="`dirname $NEW`/`basename $NEW .new`"
+ # If there's no file by that name, mv it over:
+ if [ ! -r $OLD ]; then
+ mv $NEW $OLD
+ elif [ "`cat $OLD | md5sum`" = "`cat $NEW | md5sum`" ]; then # toss the redundant copy
+ rm $NEW
+ fi
+ # Otherwise, we leave the .new copy for the admin to consider...
+}
+
+
+# arg 1: the new package version
+pre_install() {
+ /bin/true
+}
+
+# arg 1: the new package version
+post_install() {
+ # If there is a known buggy certwatch script with no local modifications, just replace it:
+ if [ "$(md5sum etc/cron.daily/certwatch 2> /dev/null)" = "f4cf63e557820781f40c4cac67a44d77 etc/cron.daily/certwatch" ]; then
+ cat etc/cron.daily/certwatch.new > etc/cron.daily/certwatch
+ touch -r etc/cron.daily/certwatch.new etc/cron.daily/certwatch
+ fi
+
+ install_file etc/ssl/openssl.cnf.new
+ install_file etc/cron.daily/certwatch.new
+
+ # Rehash certificates if the package is upgraded on a running system:
+ # Note that we have to be sure that we are on the working system
+ # on the target hardware ("proc/sys/kernel/osrelease" - relative path).
+ if [ -r proc/sys/kernel/osrelease -a -x /usr/bin/c_rehash ]; then
+ /usr/bin/c_rehash 1> /dev/null 2> /dev/null
+ fi
+}
+
+# arg 1: the new package version
+# arg 2: the old package version
+pre_update() {
+ /bin/true
+}
+
+# arg 1: the new package version
+# arg 2: the old package version
+post_update() {
+ post_install
+}
+
+# arg 1: the old package version
+pre_remove() {
+ /bin/true
+}
+
+# arg 1: the old package version
+post_remove() {
+ /bin/true
+}
+
+
+operation=$1
+shift
+
+$operation $*
Property changes on: net/openssl/3.4.0/openssl-pkg-install.sh
___________________________________________________________________
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
Index: net/openssl/3.4.0
===================================================================
--- net/openssl/3.4.0 (nonexistent)
+++ net/openssl/3.4.0 (revision 420)
Property changes on: net/openssl/3.4.0
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,74 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.rk358x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: net/openssl/3.4.0-ppc32/Makefile
===================================================================
--- net/openssl/3.4.0-ppc32/Makefile (nonexistent)
+++ net/openssl/3.4.0-ppc32/Makefile (revision 420)
@@ -0,0 +1,187 @@
+
+COMPONENT_TARGETS = $(HARDWARE_S824L)
+COMPONENT_TARGETS += $(HARDWARE_VESNIN)
+COMPONENT_TARGETS += $(HARDWARE_TL2WK2)
+COMPONENT_TARGETS += $(HARDWARE_TL2SV2)
+
+NEED_ABS_PATH = true
+COMPONENT_IS_3PP = true
+
+CREATE_PPC32_PACKAGE = true
+
+
+include ../../../build-system/constants.mk
+
+
+SOURCE_REQUIRES = sources/packages/n/openssl
+
+REQUIRES = net/openssl/3.4.0
+REQUIRES += libs/zlib/1.3.1-ppc32
+REQUIRES += libs/gmp/6.3.0-ppc32
+
+# ======= __END_OF_REQUIRES__ =======
+
+
+version = 3.4.0
+tar_xz_archive = $(SRC_PACKAGE_PATH)/packages/n/openssl/openssl-$(version).tar.xz
+SRC_ARCHIVE = $(tar_xz_archive)
+SRC_DIR = $(TARGET_BUILD_DIR)/openssl-$(version)
+src_dir_name = openssl-$(version)
+src_done = $(TARGET_BUILD_DIR)/.source_done
+
+PATCHES = PATCHES
+
+build_target = $(TARGET_BUILD_DIR)/.build_done
+install_target = $(TARGET_BUILD_DIR)/.install_done
+
+
+####### Targets
+
+PKG_GROUP = net
+#
+# *PKG_NAME & *PKG_VERSION shouldn't be a reference to value.
+#
+OPENSSL32_PKG_NAME = openssl-x32
+OPENSSL32_PKG_VERSION = 3.4.0
+OPENSSL32_PKG_ARCH = $(PKGARCH)
+OPENSSL32_PKG_DISTRO_NAME = $(DISTRO_NAME)
+OPENSSL32_PKG_DISTRO_VERSION = $(DISTRO_VERSION)
+OPENSSL32_PKG_GROUP = $(PKG_GROUP)
+### |---handy-ruler-------------------------------|
+OPENSSL32_PKG_SHORT_DESCRIPTION = Secure Sockets Layer toolkit
+OPENSSL32_PKG_URL = $(BUG_URL)
+OPENSSL32_PKG_LICENSE = Apache-v2.0
+OPENSSL32_PKG_DESCRIPTION_FILE = $(TARGET_BUILD_DIR)/$(OPENSSL32_PKG_NAME)-pkg-description
+OPENSSL32_PKG_DESCRIPTION_FILE_IN = $(OPENSSL32_PKG_NAME)-pkg-description.in
+OPENSSL32_PKG_INSTALL_SCRIPT = $(OPENSSL32_PKG_NAME)-pkg-install.sh
+
+OPENSSL32_PKG = $(CURDIR)/$(TARGET_BUILD_DIR)/$(OPENSSL32_PKG_NAME)-package
+
+pkg_basename = $(OPENSSL32_PKG_NAME)-$(OPENSSL32_PKG_VERSION)-$(OPENSSL32_PKG_ARCH)-$(OPENSSL32_PKG_DISTRO_NAME)-$(OPENSSL32_PKG_DISTRO_VERSION)
+
+pkg_archive = $(TARGET_BUILD_DIR)/$(PKG_GROUP)/$(pkg_basename).$(pkg_arch_suffix)
+pkg_certificate = $(call cert-name,$(pkg_archive))
+pkg_signature = $(call sign-name,$(pkg_archive))
+pkg_description = $(call desc-name,$(pkg_archive))
+products = $(call pkg-files,$(pkg_archive))
+
+BUILD_TARGETS = $(build_target)
+BUILD_TARGETS += $(install_target)
+
+PRODUCT_TARGETS = $(products)
+
+ROOTFS_TARGETS = $(pkg_archive)
+
+
+include ../../../build-system/core.mk
+
+
+env_sysroot = DESTDIR=$(OPENSSL32_PKG)
+
+
+extra_configure_switches = --libdir=lib$(MULTILIB_PPC32_SUFFIX)
+extra_configure_switches += --openssldir=/etc/ssl
+extra_configure_switches += no-mdc2
+extra_configure_switches += no-ec2m
+extra_configure_switches += no-sm2
+extra_configure_switches += no-sm4
+extra_configure_switches += no-sse2
+extra_configure_switches += no-weak-ssl-ciphers
+extra_configure_switches += enable-camellia
+extra_configure_switches += enable-seed
+extra_configure_switches += enable-rfc3779
+extra_configure_switches += enable-cms
+extra_configure_switches += enable-md2
+extra_configure_switches += enable-rc5
+extra_configure_switches += enable-ssl3
+extra_configure_switches += enable-ssl3-method
+extra_configure_switches += zlib
+extra_configure_switches += shared
+
+openssl_environment = KERNEL_BITS=32 MACHINE=ppc64 SYSTEM=Linux
+
+LDFLAGS += -Wl,-rpath=/lib$(MULTILIB_PPC32_SUFFIX):/usr/lib$(MULTILIB_PPC32_SUFFIX)
+
+
+####### Dependencies
+
+$(src_done): $(SRC_ARCHIVE) $(PATCHES_DEP)
+ $(UNPACK_SRC_ARCHIVE)
+ $(APPLY_PATCHES)
+ @( cd $(SRC_DIR) ; \
+ find . -name "*.pod" -exec sed -i "s/^\=item \([0-9]\)\(\ \|\.\|$$\)/\=item C<\1>/g" {} \; \
+ )
+ @touch $@
+
+$(build_target): $(src_done)
+ @cd $(SRC_DIR) && \
+ ./Configure linux-ppc --cross-compile-prefix=$(CROSS_PREFIX) \
+ --prefix=/usr \
+ $(extra_configure_switches) \
+ $(CFLAGS)
+ @cd $(SRC_DIR) && $(MAKE) $(BUILD_ENVIRONMENT)
+ @touch $@
+
+$(install_target): $(build_target)
+ @mkdir -p $(OPENSSL32_PKG)
+ @cd $(SRC_DIR) && $(BUILD_ENVIRONMENT) $(MAKE) -j1 MANDIR=/usr/share/man install $(env_sysroot)
+ifneq ($(__ENABLE_STATIC__),yes)
+ @rm -f $(OPENSSL32_PKG)/usr/lib$(MULTILIB_PPC32_SUFFIX)/*.a
+endif
+ @mkdir -p $(OPENSSL32_PKG)/usr/bin/32
+ @( cd $(OPENSSL32_PKG)/usr/bin ; \
+ rm -f c_rehash ; \
+ find . -type f | xargs mv -t 32 ; \
+ )
+ @mkdir -p $(OPENSSL32_PKG)/lib$(MULTILIB_PPC32_SUFFIX)
+ @( cd $(OPENSSL32_PKG)/usr/lib$(MULTILIB_PPC32_SUFFIX) ; \
+ chmod +w lib*.so.? ; \
+ mv lib*.so.? ../../lib$(MULTILIB_PPC32_SUFFIX) ; \
+ ln -sf ../../lib$(MULTILIB_PPC32_SUFFIX)/lib*.so.? . ; \
+ cp -a lib*.so ../../lib$(MULTILIB_PPC32_SUFFIX) ; \
+ )
+ @sed -e 's,/include $$,/include,' -i $(OPENSSL32_PKG)/usr/lib$(MULTILIB_PPC32_SUFFIX)/pkgconfig/*.pc
+ @rm -rf $(OPENSSL32_PKG)/etc
+ @rm -rf $(OPENSSL32_PKG)/usr/include
+ @rm -rf $(OPENSSL32_PKG)/usr/share
+ # ======= Install the same to $(TARGET_DEST_DIR) =======
+ $(call install-into-devenv, $(OPENSSL32_PKG))
+ # ======= tune pkg-config *.pc search path to the target destination for development =======
+ @( cd $(TARGET_DEST_DIR)/usr/lib$(MULTILIB_PPC32_SUFFIX)/pkgconfig ; \
+ sed -i "s,/usr,$(TARGET_DEST_DIR)/usr,g" libcrypto.pc libssl.pc openssl.pc \
+ )
+ # ======= Strip binaries =======
+ @( cd $(OPENSSL32_PKG) ; \
+ find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs $(STRIP) --strip-unneeded 2> /dev/null ; \
+ find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs $(STRIP) --strip-unneeded 2> /dev/null ; \
+ )
+ifeq ($(__ENABLE_STATIC__),yes)
+ @( cd $(OPENSSL32_PKG) ; \
+ find . | xargs file | grep "current ar archive" | cut -f 1 -d : | xargs $(STRIP) -g 2> /dev/null ; \
+ )
+endif
+ @touch $@
+
+$(OPENSSL32_PKG_DESCRIPTION_FILE): $(OPENSSL32_PKG_DESCRIPTION_FILE_IN)
+ @cat $< | $(SED) -e "s/@VERSION@/$(version)/g" > $@
+
+$(pkg_certificate) : $(pkg_archive) ;
+$(pkg_signature) : $(pkg_archive) ;
+$(pkg_description) : $(pkg_archive) ;
+
+$(pkg_archive): $(install_target) $(OPENSSL32_PKG_DESCRIPTION_FILE) $(OPENSSL32_PKG_INSTALL_SCRIPT)
+ @cp $(OPENSSL32_PKG_DESCRIPTION_FILE) $(OPENSSL32_PKG)/.DESCRIPTION
+ @cp $(OPENSSL32_PKG_INSTALL_SCRIPT) $(OPENSSL32_PKG)/.INSTALL
+ @$(BUILD_PKG_REQUIRES) $(OPENSSL32_PKG)/.REQUIRES
+ @echo "pkgname=$(OPENSSL32_PKG_NAME)" > $(OPENSSL32_PKG)/.PKGINFO ; \
+ echo "pkgver=$(OPENSSL32_PKG_VERSION)" >> $(OPENSSL32_PKG)/.PKGINFO ; \
+ echo "arch=$(OPENSSL32_PKG_ARCH)" >> $(OPENSSL32_PKG)/.PKGINFO ; \
+ echo "distroname=$(OPENSSL32_PKG_DISTRO_NAME)" >> $(OPENSSL32_PKG)/.PKGINFO ; \
+ echo "distrover=$(OPENSSL32_PKG_DISTRO_VERSION)" >> $(OPENSSL32_PKG)/.PKGINFO ; \
+ echo "group=$(OPENSSL32_PKG_GROUP)" >> $(OPENSSL32_PKG)/.PKGINFO ; \
+ echo "short_description=\"$(OPENSSL32_PKG_SHORT_DESCRIPTION)\"" >> $(OPENSSL32_PKG)/.PKGINFO ; \
+ echo "url=$(OPENSSL32_PKG_URL)" >> $(OPENSSL32_PKG)/.PKGINFO ; \
+ echo "license=$(OPENSSL32_PKG_LICENSE)" >> $(OPENSSL32_PKG)/.PKGINFO
+ @$(PSEUDO) sh -c "cd $(OPENSSL32_PKG) && \
+ chown -R root:root . && \
+ $(MAKE_PACKAGE) -J --linkadd=yes $(GNUPG_OPTIONS) -m -d .. ."
Index: net/openssl/3.4.0-ppc32/PATCHES
===================================================================
--- net/openssl/3.4.0-ppc32/PATCHES (nonexistent)
+++ net/openssl/3.4.0-ppc32/PATCHES (revision 420)
@@ -0,0 +1,2 @@
+
+../../../sources/packages/n/openssl/patches/openssl-3.4.0-legacy-provider.patch -p0
Index: net/openssl/3.4.0-ppc32/openssl-x32-pkg-description.in
===================================================================
--- net/openssl/3.4.0-ppc32/openssl-x32-pkg-description.in (nonexistent)
+++ net/openssl/3.4.0-ppc32/openssl-x32-pkg-description.in (revision 420)
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description. Line
+# up the first '|' above the ':' following the base package name, and the '|'
+# on the right side marks the last column you can put a character in. You must
+# make exactly 11 lines for the formatting to be correct. It's also
+# customary to leave one space after the ':'.
+
+ |-----handy-ruler------------------------------------------------------|
+openssl-x32: openssl-x32 @VERSION@ (Secure Sockets Layer toolkit)
+openssl-x32:
+openssl-x32: The OpenSSL certificate management tool and the shared libraries
+openssl-x32: that provide various encryption and decryption algorithms and
+openssl-x32: protocols.
+openssl-x32: This product includes software developed by the OpenSSL Project for
+openssl-x32: use in the OpenSSL Toolkit (http://www.openssl.org). This product
+openssl-x32: includes cryptographic software written by Eric Young
+openssl-x32: (eay@cryptsoft.com). This product includes software written by Tim
+openssl-x32: Hudson (tjh@cryptsoft.com).
+openssl-x32:
Index: net/openssl/3.4.0-ppc32/openssl-x32-pkg-install.sh
===================================================================
--- net/openssl/3.4.0-ppc32/openssl-x32-pkg-install.sh (nonexistent)
+++ net/openssl/3.4.0-ppc32/openssl-x32-pkg-install.sh (revision 420)
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+# arg 1: the new package version
+pre_install() {
+ /bin/true
+}
+
+# arg 1: the new package version
+post_install() {
+ /bin/true
+}
+
+# arg 1: the new package version
+# arg 2: the old package version
+pre_update() {
+ /bin/true
+}
+
+# arg 1: the new package version
+# arg 2: the old package version
+post_update() {
+ post_install
+}
+
+# arg 1: the old package version
+pre_remove() {
+ /bin/true
+}
+
+# arg 1: the old package version
+post_remove() {
+ /bin/true
+}
+
+
+operation=$1
+shift
+
+$operation $*
Property changes on: net/openssl/3.4.0-ppc32/openssl-x32-pkg-install.sh
___________________________________________________________________
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
Index: net/openssl/3.4.0-ppc32
===================================================================
--- net/openssl/3.4.0-ppc32 (nonexistent)
+++ net/openssl/3.4.0-ppc32 (revision 420)
Property changes on: net/openssl/3.4.0-ppc32
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,74 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.rk358x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: net/openssl/3.4.0-x86_32/Makefile
===================================================================
--- net/openssl/3.4.0-x86_32/Makefile (nonexistent)
+++ net/openssl/3.4.0-x86_32/Makefile (revision 420)
@@ -0,0 +1,183 @@
+
+COMPONENT_TARGETS = $(HARDWARE_INTEL_PC64)
+
+NEED_ABS_PATH = true
+COMPONENT_IS_3PP = true
+
+CREATE_X86_32_PACKAGE = true
+
+
+include ../../../build-system/constants.mk
+
+
+SOURCE_REQUIRES = sources/packages/n/openssl
+
+REQUIRES = net/openssl/3.4.0
+REQUIRES += libs/zlib/1.3.1-x86_32
+REQUIRES += libs/gmp/6.3.0-x86_32
+
+# ======= __END_OF_REQUIRES__ =======
+
+
+version = 3.4.0
+tar_xz_archive = $(SRC_PACKAGE_PATH)/packages/n/openssl/openssl-$(version).tar.xz
+SRC_ARCHIVE = $(tar_xz_archive)
+SRC_DIR = $(TARGET_BUILD_DIR)/openssl-$(version)
+src_dir_name = openssl-$(version)
+src_done = $(TARGET_BUILD_DIR)/.source_done
+
+PATCHES = PATCHES
+
+build_target = $(TARGET_BUILD_DIR)/.build_done
+install_target = $(TARGET_BUILD_DIR)/.install_done
+
+
+####### Targets
+
+PKG_GROUP = net
+#
+# *PKG_NAME & *PKG_VERSION shouldn't be a reference to value.
+#
+OPENSSL32_PKG_NAME = openssl-x32
+OPENSSL32_PKG_VERSION = 3.4.0
+OPENSSL32_PKG_ARCH = $(PKGARCH)
+OPENSSL32_PKG_DISTRO_NAME = $(DISTRO_NAME)
+OPENSSL32_PKG_DISTRO_VERSION = $(DISTRO_VERSION)
+OPENSSL32_PKG_GROUP = $(PKG_GROUP)
+### |---handy-ruler-------------------------------|
+OPENSSL32_PKG_SHORT_DESCRIPTION = Secure Sockets Layer toolkit
+OPENSSL32_PKG_URL = $(BUG_URL)
+OPENSSL32_PKG_LICENSE = Apache-v2.0
+OPENSSL32_PKG_DESCRIPTION_FILE = $(TARGET_BUILD_DIR)/$(OPENSSL32_PKG_NAME)-pkg-description
+OPENSSL32_PKG_DESCRIPTION_FILE_IN = $(OPENSSL32_PKG_NAME)-pkg-description.in
+OPENSSL32_PKG_INSTALL_SCRIPT = $(OPENSSL32_PKG_NAME)-pkg-install.sh
+
+OPENSSL32_PKG = $(CURDIR)/$(TARGET_BUILD_DIR)/$(OPENSSL32_PKG_NAME)-package
+
+pkg_basename = $(OPENSSL32_PKG_NAME)-$(OPENSSL32_PKG_VERSION)-$(OPENSSL32_PKG_ARCH)-$(OPENSSL32_PKG_DISTRO_NAME)-$(OPENSSL32_PKG_DISTRO_VERSION)
+
+pkg_archive = $(TARGET_BUILD_DIR)/$(PKG_GROUP)/$(pkg_basename).$(pkg_arch_suffix)
+pkg_certificate = $(call cert-name,$(pkg_archive))
+pkg_signature = $(call sign-name,$(pkg_archive))
+pkg_description = $(call desc-name,$(pkg_archive))
+products = $(call pkg-files,$(pkg_archive))
+
+BUILD_TARGETS = $(build_target)
+BUILD_TARGETS += $(install_target)
+
+PRODUCT_TARGETS = $(products)
+
+ROOTFS_TARGETS = $(pkg_archive)
+
+
+include ../../../build-system/core.mk
+
+
+env_sysroot = DESTDIR=$(OPENSSL32_PKG)
+
+
+extra_configure_switches = --libdir=lib$(MULTILIB_X86_32_SUFFIX)
+extra_configure_switches += --openssldir=/etc/ssl
+extra_configure_switches += no-mdc2
+extra_configure_switches += no-ec2m
+extra_configure_switches += no-sm2
+extra_configure_switches += no-sm4
+extra_configure_switches += no-sse2
+extra_configure_switches += no-weak-ssl-ciphers
+extra_configure_switches += enable-camellia
+extra_configure_switches += enable-seed
+extra_configure_switches += enable-rfc3779
+extra_configure_switches += enable-cms
+extra_configure_switches += enable-md2
+extra_configure_switches += enable-rc5
+extra_configure_switches += enable-ssl3
+extra_configure_switches += enable-ssl3-method
+extra_configure_switches += zlib
+extra_configure_switches += shared
+
+
+LDFLAGS += -Wl,-rpath=/lib$(MULTILIB_X86_32_SUFFIX):/usr/lib$(MULTILIB_X86_32_SUFFIX)
+
+
+####### Dependencies
+
+$(src_done): $(SRC_ARCHIVE) $(PATCHES_DEP)
+ $(UNPACK_SRC_ARCHIVE)
+ $(APPLY_PATCHES)
+ @( cd $(SRC_DIR) ; \
+ find . -name "*.pod" -exec sed -i "s/^\=item \([0-9]\)\(\ \|\.\|$$\)/\=item C<\1>/g" {} \; \
+ )
+ @touch $@
+
+$(build_target): $(src_done)
+ @cd $(SRC_DIR) && \
+ ./Configure linux-x86 --cross-compile-prefix=$(CROSS_PREFIX) \
+ --prefix=/usr \
+ $(extra_configure_switches) \
+ $(CFLAGS)
+ @cd $(SRC_DIR) && $(MAKE) $(BUILD_ENVIRONMENT)
+ @touch $@
+
+$(install_target): $(build_target)
+ @mkdir -p $(OPENSSL32_PKG)
+ @cd $(SRC_DIR) && $(BUILD_ENVIRONMENT) $(MAKE) -j1 MANDIR=/usr/share/man install $(env_sysroot)
+ifneq ($(__ENABLE_STATIC__),yes)
+ @rm -f $(OPENSSL32_PKG)/usr/lib$(MULTILIB_X86_32_SUFFIX)/*.a
+endif
+ @mkdir -p $(OPENSSL32_PKG)/usr/bin/32
+ @( cd $(OPENSSL32_PKG)/usr/bin ; \
+ rm -f c_rehash ; \
+ find . -type f | xargs mv -t 32 ; \
+ )
+ @mkdir -p $(OPENSSL32_PKG)/lib$(MULTILIB_X86_32_SUFFIX)
+ @( cd $(OPENSSL32_PKG)/usr/lib$(MULTILIB_X86_32_SUFFIX) ; \
+ chmod +w lib*.so.? ; \
+ mv lib*.so.? ../../lib$(MULTILIB_X86_32_SUFFIX) ; \
+ ln -sf ../../lib$(MULTILIB_X86_32_SUFFIX)/lib*.so.? . ; \
+ cp -a lib*.so ../../lib$(MULTILIB_X86_32_SUFFIX) ; \
+ )
+ @sed -e 's,/include $$,/include,' -i $(OPENSSL32_PKG)/usr/lib$(MULTILIB_X86_32_SUFFIX)/pkgconfig/*.pc
+ @rm -rf $(OPENSSL32_PKG)/etc
+ @rm -rf $(OPENSSL32_PKG)/usr/include
+ @rm -rf $(OPENSSL32_PKG)/usr/share
+ # ======= Install the same to $(TARGET_DEST_DIR) =======
+ $(call install-into-devenv, $(OPENSSL32_PKG))
+ # ======= tune pkg-config *.pc search path to the target destination for development =======
+ @( cd $(TARGET_DEST_DIR)/usr/lib$(MULTILIB_X86_32_SUFFIX)/pkgconfig ; \
+ sed -i "s,/usr,$(TARGET_DEST_DIR)/usr,g" libcrypto.pc libssl.pc openssl.pc \
+ )
+ # ======= Strip binaries =======
+ @( cd $(OPENSSL32_PKG) ; \
+ find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs $(STRIP) --strip-unneeded 2> /dev/null ; \
+ find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs $(STRIP) --strip-unneeded 2> /dev/null ; \
+ )
+ifeq ($(__ENABLE_STATIC__),yes)
+ @( cd $(OPENSSL32_PKG) ; \
+ find . | xargs file | grep "current ar archive" | cut -f 1 -d : | xargs $(STRIP) -g 2> /dev/null ; \
+ )
+endif
+ @touch $@
+
+$(OPENSSL32_PKG_DESCRIPTION_FILE): $(OPENSSL32_PKG_DESCRIPTION_FILE_IN)
+ @cat $< | $(SED) -e "s/@VERSION@/$(version)/g" > $@
+
+$(pkg_certificate) : $(pkg_archive) ;
+$(pkg_signature) : $(pkg_archive) ;
+$(pkg_description) : $(pkg_archive) ;
+
+$(pkg_archive): $(install_target) $(OPENSSL32_PKG_DESCRIPTION_FILE) $(OPENSSL32_PKG_INSTALL_SCRIPT)
+ @cp $(OPENSSL32_PKG_DESCRIPTION_FILE) $(OPENSSL32_PKG)/.DESCRIPTION
+ @cp $(OPENSSL32_PKG_INSTALL_SCRIPT) $(OPENSSL32_PKG)/.INSTALL
+ @$(BUILD_PKG_REQUIRES) $(OPENSSL32_PKG)/.REQUIRES
+ @echo "pkgname=$(OPENSSL32_PKG_NAME)" > $(OPENSSL32_PKG)/.PKGINFO ; \
+ echo "pkgver=$(OPENSSL32_PKG_VERSION)" >> $(OPENSSL32_PKG)/.PKGINFO ; \
+ echo "arch=$(OPENSSL32_PKG_ARCH)" >> $(OPENSSL32_PKG)/.PKGINFO ; \
+ echo "distroname=$(OPENSSL32_PKG_DISTRO_NAME)" >> $(OPENSSL32_PKG)/.PKGINFO ; \
+ echo "distrover=$(OPENSSL32_PKG_DISTRO_VERSION)" >> $(OPENSSL32_PKG)/.PKGINFO ; \
+ echo "group=$(OPENSSL32_PKG_GROUP)" >> $(OPENSSL32_PKG)/.PKGINFO ; \
+ echo "short_description=\"$(OPENSSL32_PKG_SHORT_DESCRIPTION)\"" >> $(OPENSSL32_PKG)/.PKGINFO ; \
+ echo "url=$(OPENSSL32_PKG_URL)" >> $(OPENSSL32_PKG)/.PKGINFO ; \
+ echo "license=$(OPENSSL32_PKG_LICENSE)" >> $(OPENSSL32_PKG)/.PKGINFO
+ @$(PSEUDO) sh -c "cd $(OPENSSL32_PKG) && \
+ chown -R root:root . && \
+ $(MAKE_PACKAGE) -J --linkadd=yes $(GNUPG_OPTIONS) -m -d .. ."
Index: net/openssl/3.4.0-x86_32/PATCHES
===================================================================
--- net/openssl/3.4.0-x86_32/PATCHES (nonexistent)
+++ net/openssl/3.4.0-x86_32/PATCHES (revision 420)
@@ -0,0 +1,2 @@
+
+../../../sources/packages/n/openssl/patches/openssl-3.4.0-legacy-provider.patch -p0
Index: net/openssl/3.4.0-x86_32/openssl-x32-pkg-description.in
===================================================================
--- net/openssl/3.4.0-x86_32/openssl-x32-pkg-description.in (nonexistent)
+++ net/openssl/3.4.0-x86_32/openssl-x32-pkg-description.in (revision 420)
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description. Line
+# up the first '|' above the ':' following the base package name, and the '|'
+# on the right side marks the last column you can put a character in. You must
+# make exactly 11 lines for the formatting to be correct. It's also
+# customary to leave one space after the ':'.
+
+ |-----handy-ruler------------------------------------------------------|
+openssl-x32: openssl-x32 @VERSION@ (Secure Sockets Layer toolkit)
+openssl-x32:
+openssl-x32: The OpenSSL certificate management tool and the shared libraries
+openssl-x32: that provide various encryption and decryption algorithms and
+openssl-x32: protocols.
+openssl-x32: This product includes software developed by the OpenSSL Project for
+openssl-x32: use in the OpenSSL Toolkit (http://www.openssl.org). This product
+openssl-x32: includes cryptographic software written by Eric Young
+openssl-x32: (eay@cryptsoft.com). This product includes software written by Tim
+openssl-x32: Hudson (tjh@cryptsoft.com).
+openssl-x32:
Index: net/openssl/3.4.0-x86_32/openssl-x32-pkg-install.sh
===================================================================
--- net/openssl/3.4.0-x86_32/openssl-x32-pkg-install.sh (nonexistent)
+++ net/openssl/3.4.0-x86_32/openssl-x32-pkg-install.sh (revision 420)
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+# arg 1: the new package version
+pre_install() {
+ /bin/true
+}
+
+# arg 1: the new package version
+post_install() {
+ /bin/true
+}
+
+# arg 1: the new package version
+# arg 2: the old package version
+pre_update() {
+ /bin/true
+}
+
+# arg 1: the new package version
+# arg 2: the old package version
+post_update() {
+ post_install
+}
+
+# arg 1: the old package version
+pre_remove() {
+ /bin/true
+}
+
+# arg 1: the old package version
+post_remove() {
+ /bin/true
+}
+
+
+operation=$1
+shift
+
+$operation $*
Property changes on: net/openssl/3.4.0-x86_32/openssl-x32-pkg-install.sh
___________________________________________________________________
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
Index: net/openssl/3.4.0-x86_32
===================================================================
--- net/openssl/3.4.0-x86_32 (nonexistent)
+++ net/openssl/3.4.0-x86_32 (revision 420)
Property changes on: net/openssl/3.4.0-x86_32
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,74 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.rk358x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: net/openssl
===================================================================
--- net/openssl (revision 419)
+++ net/openssl (revision 420)
Property changes on: net/openssl
___________________________________________________________________
Deleted: svn:ignore
## -1,73 +0,0 ##
-
-# install dir
-dist
-
-# Target build dirs
-.a1x-newlib
-.a2x-newlib
-.at91sam7s-newlib
-
-.build-machine
-
-.a1x-glibc
-.a2x-glibc
-.h3-glibc
-.h5-glibc
-.i586-glibc
-.i686-glibc
-.imx6-glibc
-.jz47xx-glibc
-.makefile
-.am335x-glibc
-.omap543x-glibc
-.p5600-glibc
-.power8-glibc
-.power8le-glibc
-.power9-glibc
-.power9le-glibc
-.m1000-glibc
-.riscv64-glibc
-.rk328x-glibc
-.rk33xx-glibc
-.rk339x-glibc
-.s8xx-glibc
-.s9xx-glibc
-.x86_64-glibc
-
-# Hidden files (each file)
-.makefile
-.dist
-.rootfs
-
-# src & hw requires
-.src_requires
-.src_requires_depend
-.requires
-.requires_depend
-
-# Tarballs
-*.gz
-*.bz2
-*.lz
-*.xz
-*.tgz
-*.txz
-
-# Signatures
-*.asc
-*.sig
-*.sign
-*.sha1sum
-
-# Patches
-*.patch
-
-# Descriptions
-*.dsc
-*.txt
-
-# Default linux config files
-*.defconfig
-
-# backup copies
-*~
Index: net/openssl11/1.1.1w/Makefile
===================================================================
--- net/openssl11/1.1.1w/Makefile (nonexistent)
+++ net/openssl11/1.1.1w/Makefile (revision 420)
@@ -0,0 +1,308 @@
+
+COMPONENT_TARGETS = $(HARDWARE_INTEL_PC32)
+COMPONENT_TARGETS += $(HARDWARE_INTEL_PC64)
+COMPONENT_TARGETS += $(HARDWARE_EBOX_3350DX2)
+COMPONENT_TARGETS += $(HARDWARE_CB1X)
+COMPONENT_TARGETS += $(HARDWARE_CB2X)
+COMPONENT_TARGETS += $(HARDWARE_CB3X)
+COMPONENT_TARGETS += $(HARDWARE_ORANGE_PP2E)
+COMPONENT_TARGETS += $(HARDWARE_NANOPI_NEO)
+COMPONENT_TARGETS += $(HARDWARE_ORANGE_PP)
+COMPONENT_TARGETS += $(HARDWARE_ORANGE_PL2)
+COMPONENT_TARGETS += $(HARDWARE_ORANGE_PI5)
+COMPONENT_TARGETS += $(HARDWARE_ORANGE_PI5B)
+COMPONENT_TARGETS += $(HARDWARE_ORANGE_PI5P)
+COMPONENT_TARGETS += $(HARDWARE_ROCK_5B)
+COMPONENT_TARGETS += $(HARDWARE_WECHIP_TX6)
+COMPONENT_TARGETS += $(HARDWARE_REPKA_PI3)
+COMPONENT_TARGETS += $(HARDWARE_FFRK3288)
+COMPONENT_TARGETS += $(HARDWARE_POIN2)
+COMPONENT_TARGETS += $(HARDWARE_RK3328_CC)
+COMPONENT_TARGETS += $(HARDWARE_KHADAS_EDGE)
+COMPONENT_TARGETS += $(HARDWARE_LEEZ_P710)
+COMPONENT_TARGETS += $(HARDWARE_M201)
+COMPONENT_TARGETS += $(HARDWARE_MXV)
+COMPONENT_TARGETS += $(HARDWARE_P201)
+COMPONENT_TARGETS += $(HARDWARE_NEXBOX_A95X)
+COMPONENT_TARGETS += $(HARDWARE_ODROID_C2)
+COMPONENT_TARGETS += $(HARDWARE_P212)
+COMPONENT_TARGETS += $(HARDWARE_KHADAS_VIM)
+COMPONENT_TARGETS += $(HARDWARE_Q201)
+COMPONENT_TARGETS += $(HARDWARE_ENYBOX_X2)
+COMPONENT_TARGETS += $(HARDWARE_KHADAS_VIM2)
+COMPONENT_TARGETS += $(HARDWARE_NIT6Q)
+COMPONENT_TARGETS += $(HARDWARE_OKMX6DL_C)
+COMPONENT_TARGETS += $(HARDWARE_OKMX6Q_C)
+COMPONENT_TARGETS += $(HARDWARE_BONE_BLACK)
+COMPONENT_TARGETS += $(HARDWARE_OMAP5UEVM)
+COMPONENT_TARGETS += $(HARDWARE_DRA7XXEVM)
+COMPONENT_TARGETS += $(HARDWARE_CI20)
+COMPONENT_TARGETS += $(HARDWARE_BAIKAL_T1)
+COMPONENT_TARGETS += $(HARDWARE_BAIKAL_M1)
+COMPONENT_TARGETS += $(HARDWARE_S824L)
+COMPONENT_TARGETS += $(HARDWARE_VESNIN)
+COMPONENT_TARGETS += $(HARDWARE_S824L_LSB)
+COMPONENT_TARGETS += $(HARDWARE_VESNIN_LSB)
+COMPONENT_TARGETS += $(HARDWARE_TL2WK2)
+COMPONENT_TARGETS += $(HARDWARE_TL2SV2)
+COMPONENT_TARGETS += $(HARDWARE_TL2WK2_LSB)
+COMPONENT_TARGETS += $(HARDWARE_TL2SV2_LSB)
+COMPONENT_TARGETS += $(HARDWARE_VISIONFIVE2)
+COMPONENT_TARGETS += $(HARDWARE_SIFIVE_U740)
+
+
+NEED_ABS_PATH = true
+COMPONENT_IS_3PP = true
+
+
+include ../../../build-system/constants.mk
+
+
+SOURCE_REQUIRES = sources/packages/n/openssl11
+
+ifeq ($(__USE_BUILT_GCC_LIBS__),yes)
+REQUIRES = dev/gcc/14.2.0
+else
+REQUIRES = libs/zlib/1.3.1
+REQUIRES += libs/gmp/6.3.0
+endif
+
+# ======= __END_OF_REQUIRES__ =======
+
+
+version = 1.1.1w
+tar_xz_archive = $(SRC_PACKAGE_PATH)/packages/n/openssl11/openssl-$(version).tar.xz
+SRC_ARCHIVE = $(tar_xz_archive)
+SRC_DIR = $(TARGET_BUILD_DIR)/openssl-$(version)
+src_dir_name = openssl-$(version)
+src_done = $(TARGET_BUILD_DIR)/.source_done
+doc_dir_name = openssl-$(version)
+
+PATCHES = PATCHES
+
+build_target = $(TARGET_BUILD_DIR)/.build_done
+install_target = $(TARGET_BUILD_DIR)/.install_done
+
+
+####### Targets
+
+PKG_GROUP = net
+
+#
+# *PKG_NAME & *PKG_VERSION shouldn't be a reference to value.
+#
+OPENSSL_PKG_NAME = openssl11
+OPENSSL_PKG_VERSION = 1.1.1w
+OPENSSL_PKG_ARCH = $(PKGARCH)
+OPENSSL_PKG_DISTRO_NAME = $(DISTRO_NAME)
+OPENSSL_PKG_DISTRO_VERSION = $(DISTRO_VERSION)
+OPENSSL_PKG_GROUP = $(PKG_GROUP)
+### |---handy-ruler-------------------------------|
+OPENSSL_PKG_SHORT_DESCRIPTION = Secure Sockets Layer toolkit 1.1.x
+OPENSSL_PKG_URL = $(BUG_URL)
+OPENSSL_PKG_LICENSE = GPLv2
+OPENSSL_PKG_DESCRIPTION_FILE = $(TARGET_BUILD_DIR)/$(OPENSSL_PKG_NAME)-pkg-description
+OPENSSL_PKG_DESCRIPTION_FILE_IN = $(OPENSSL_PKG_NAME)-pkg-description.in
+OPENSSL_PKG_INSTALL_SCRIPT = $(OPENSSL_PKG_NAME)-pkg-install.sh
+
+OPENSSL_PKG = $(CURDIR)/$(TARGET_BUILD_DIR)/$(OPENSSL_PKG_NAME)-package
+
+pkg_basename = $(OPENSSL_PKG_NAME)-$(OPENSSL_PKG_VERSION)-$(OPENSSL_PKG_ARCH)-$(OPENSSL_PKG_DISTRO_NAME)-$(OPENSSL_PKG_DISTRO_VERSION)
+
+pkg_archive = $(TARGET_BUILD_DIR)/$(PKG_GROUP)/$(pkg_basename).$(pkg_arch_suffix)
+pkg_certificate = $(call cert-name,$(pkg_archive))
+pkg_signature = $(call sign-name,$(pkg_archive))
+pkg_description = $(call desc-name,$(pkg_archive))
+products = $(call pkg-files,$(pkg_archive))
+
+BUILD_TARGETS = $(build_target)
+BUILD_TARGETS += $(install_target)
+
+PRODUCT_TARGETS = $(products)
+
+ROOTFS_TARGETS = $(pkg_archive)
+
+
+include ../../../build-system/core.mk
+
+
+env_sysroot = DESTDIR=$(OPENSSL_PKG)
+
+
+# These are the known patent issues with OpenSSL:
+# name | expires
+# -------+------------------------------------
+# MDC-2: | 4,908,861 2007-03-13, not included
+# IDEA: | 5,214,703 2010-05-25, not included
+#
+# Although all of the above are expired, it's still
+# probably not a good idea to include them as there
+# are better algorithms to use.
+#
+extra_configure_switches = --libdir=lib$(LIBSUFFIX)/openssl-1.1
+extra_configure_switches += --openssldir=/etc/ssl
+extra_configure_switches += no-mdc2
+extra_configure_switches += no-ec2m
+extra_configure_switches += no-idea
+extra_configure_switches += no-sse2
+extra_configure_switches += enable-camellia
+extra_configure_switches += enable-seed
+extra_configure_switches += enable-rfc3779
+extra_configure_switches += enable-cms
+extra_configure_switches += enable-md2
+extra_configure_switches += enable-rc5
+extra_configure_switches += enable-ssl3
+extra_configure_switches += enable-ssl3-method
+extra_configure_switches += no-weak-ssl-ciphers
+extra_configure_switches += zlib
+extra_configure_switches += shared
+
+
+ifneq ($(filter $(TOOLCHAIN),$(TOOLCHAIN_I586_GLIBC)),)
+arch = i586
+endif
+ifneq ($(filter $(TOOLCHAIN),$(TOOLCHAIN_I686_GLIBC)),)
+arch = i686
+endif
+ifneq ($(filter $(TOOLCHAIN),$(TOOLCHAIN_X86_64_GLIBC)),)
+arch = x86_64
+openssl_environment = KERNEL_BITS=64
+endif
+ifneq ($(filter $(TOOLCHAIN),$(TOOLCHAIN_A1X_GLIBC) $(TOOLCHAIN_A2X_GLIBC) \
+ $(TOOLCHAIN_H3_GLIBC) $(TOOLCHAIN_RK328X_GLIBC) \
+ $(TOOLCHAIN_S8XX_GLIBC) $(TOOLCHAIN_IMX6_GLIBC) \
+ $(TOOLCHAIN_AM335X_GLIBC) $(TOOLCHAIN_OMAP543X_GLIBC)),)
+arch = arm
+endif
+ifneq ($(filter $(TOOLCHAIN),$(TOOLCHAIN_H5_GLIBC) $(TOOLCHAIN_RK33XX_GLIBC) \
+ $(TOOLCHAIN_RK339X_GLIBC) $(TOOLCHAIN_RK358X_GLIBC) \
+ $(TOOLCHAIN_S9XX_GLIBC) \
+ $(TOOLCHAIN_A311X_GLIBC) $(TOOLCHAIN_M1000_GLIBC)),)
+arch = aarch64
+openssl_environment = KERNEL_BITS=64
+endif
+ifneq ($(filter $(TOOLCHAIN),$(TOOLCHAIN_JZ47XX_GLIBC) $(TOOLCHAIN_P5600_GLIBC)),)
+arch = mips32
+endif
+ifneq ($(filter $(TOOLCHAIN),$(TOOLCHAIN_POWER8_GLIBC) $(TOOLCHAIN_POWER9_GLIBC)),)
+arch = ppc64
+openssl_environment = KERNEL_BITS=64
+endif
+ifneq ($(filter $(TOOLCHAIN),$(TOOLCHAIN_POWER8LE_GLIBC) $(TOOLCHAIN_POWER9LE_GLIBC)),)
+arch = ppc64le
+openssl_environment = KERNEL_BITS=64
+endif
+ifneq ($(filter $(TOOLCHAIN),$(TOOLCHAIN_RISCV64_GLIBC)),)
+arch = generic64
+openssl_environment = KERNEL_BITS=64
+endif
+
+openssl_environment += MACHINE=$(arch) SYSTEM=Linux
+
+LDFLAGS += -Wl,-rpath,/lib$(LIBSUFFIX):/usr/lib$(LIBSUFFIX):/usr/lib$(LIBSUFFIX)/openssl-1.1
+
+
+####### Dependencies
+
+$(src_done): $(SRC_ARCHIVE) $(PATCHES_DEP)
+ $(UNPACK_SRC_ARCHIVE)
+ $(APPLY_PATCHES)
+ @( cd $(SRC_DIR) ; \
+ find . -name "*.pod" -exec sed -i "s/^\=item \([0-9]\)\(\ \|\.\|$$\)/\=item C<\1>/g" {} \; \
+ )
+ @touch $@
+
+$(build_target): $(src_done)
+ @cd $(SRC_DIR) && \
+ $(BUILD_ENVIRONMENT) $(openssl_environment) ./config \
+ --prefix=/usr \
+ $(extra_configure_switches) \
+ $(ARCH_FLAGS) \
+ $(HW_FLAGS)
+ @cd $(SRC_DIR) && $(BUILD_ENVIRONMENT) $(MAKE)
+ @touch $@
+
+$(install_target): $(build_target)
+ @mkdir -p $(OPENSSL_PKG)
+ @cd $(SRC_DIR) && $(BUILD_ENVIRONMENT) $(MAKE) -j1 MANDIR=/usr/share/man install $(env_sysroot)
+ifneq ($(__ENABLE_STATIC__),yes)
+ @rm -f $(OPENSSL_PKG)/usr/lib$(LIBSUFFIX)/openssl-1.1/*.a
+endif
+ # ======= Move libraries: =======
+ @mkdir -p $(OPENSSL_PKG)/lib$(LIBSUFFIX)
+ @( cd $(OPENSSL_PKG)/usr/lib$(LIBSUFFIX)/openssl-1.1 ; \
+ chmod +w lib*.so.?.? ; \
+ mv lib*.so.?.? ../../../lib$(LIBSUFFIX) ; \
+ ln -sf ../../../lib$(LIBSUFFIX)/lib*.so.?.? . ; \
+ ln -sf libcrypto.so.?.? libcrypto.so.1 ; \
+ ln -sf libssl.so.?.? libssl.so.1 ; \
+ cp -a lib*.so.? ../../../lib$(LIBSUFFIX) ; \
+ )
+ # ======= Move include files: =======
+ @mkdir -p $(OPENSSL_PKG)/usr/include/openssl-1.1
+ @mv $(OPENSSL_PKG)/usr/include/openssl $(OPENSSL_PKG)/usr/include/openssl-1.1/openssl
+ @sed -e 's,/include$$,/include/openssl-1.1,' -i $(OPENSSL_PKG)/usr/lib$(LIBSUFFIX)/openssl-1.1/pkgconfig/*.pc
+ # ======= Rename openssl binary: =======
+ @mv $(OPENSSL_PKG)/usr/bin/openssl $(OPENSSL_PKG)/usr/bin/openssl-1.1
+ # ======= Remove not needed package things: =======
+ @rm -f $(OPENSSL_PKG)/usr/bin/c_rehash
+ @rm -rf $(OPENSSL_PKG)/etc
+ @rm -rf $(OPENSSL_PKG)/usr/share
+ # ======= Install Documentation =======
+ @mkdir -p $(OPENSSL_PKG)/usr/doc/$(doc_dir_name)
+ @cp -a $(SRC_DIR)/AUTHORS $(SRC_DIR)/LICENSE \
+ $(OPENSSL_PKG)/usr/doc/$(doc_dir_name)
+ @mkdir -p $(OPENSSL_PKG)/usr/share/doc/$(doc_dir_name)
+ @( cd $(SRC_DIR) ; \
+ cp -a ACKNOWLEDGEMENTS AUTHORS CONTRIBUTING FAQ INSTALL LICENSE NEWS \
+ README README.ENGINE doc/HOWTO doc/*.txt \
+ $(OPENSSL_PKG)/usr/share/doc/$(doc_dir_name) ; \
+ )
+ @( cd $(SRC_DIR) ; \
+ if [ -r CHANGES ]; then \
+ DOCSDIR=`echo $(OPENSSL_PKG)/usr/share/doc/$(doc_dir_name)` ; \
+ cat CHANGES | head -n 1000 > $$DOCSDIR/CHANGES ; \
+ touch -r CHANGES $$DOCSDIR/CHANGES ; \
+ fi \
+ )
+ # ======= Install the same to $(TARGET_DEST_DIR) =======
+ $(call install-into-devenv, $(OPENSSL_PKG))
+ # ======= Tune pkg-config *.pc search path to the target destination for development =======
+ @( cd $(TARGET_DEST_DIR)/usr/lib$(LIBSUFFIX)/openssl-1.1/pkgconfig ; \
+ sed -i "s,/usr,$(TARGET_DEST_DIR)/usr,g" libcrypto.pc libssl.pc openssl.pc \
+ )
+ # ======= Strip binaries =======
+ @( cd $(OPENSSL_PKG) ; \
+ find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs $(STRIP) --strip-unneeded 2> /dev/null ; \
+ find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs $(STRIP) --strip-unneeded 2> /dev/null ; \
+ )
+ifeq ($(__ENABLE_STATIC__),yes)
+ @( cd $(OPENSSL_PKG) ; \
+ find . | xargs file | grep "current ar archive" | cut -f 1 -d : | xargs $(STRIP) -g 2> /dev/null ; \
+ )
+endif
+ @touch $@
+
+$(OPENSSL_PKG_DESCRIPTION_FILE): $(OPENSSL_PKG_DESCRIPTION_FILE_IN)
+ @cat $< | $(SED) -e "s/@VERSION@/$(version)/g" > $@
+
+$(pkg_certificate) : $(pkg_archive) ;
+$(pkg_signature) : $(pkg_archive) ;
+$(pkg_description) : $(pkg_archive) ;
+
+$(pkg_archive): $(install_target) $(OPENSSL_PKG_DESCRIPTION_FILE) $(OPENSSL_PKG_INSTALL_SCRIPT)
+ @cp $(OPENSSL_PKG_DESCRIPTION_FILE) $(OPENSSL_PKG)/.DESCRIPTION
+ @cp $(OPENSSL_PKG_INSTALL_SCRIPT) $(OPENSSL_PKG)/.INSTALL
+ @$(BUILD_PKG_REQUIRES) $(OPENSSL_PKG)/.REQUIRES
+ @echo "pkgname=$(OPENSSL_PKG_NAME)" > $(OPENSSL_PKG)/.PKGINFO ; \
+ echo "pkgver=$(OPENSSL_PKG_VERSION)" >> $(OPENSSL_PKG)/.PKGINFO ; \
+ echo "arch=$(OPENSSL_PKG_ARCH)" >> $(OPENSSL_PKG)/.PKGINFO ; \
+ echo "distroname=$(OPENSSL_PKG_DISTRO_NAME)" >> $(OPENSSL_PKG)/.PKGINFO ; \
+ echo "distrover=$(OPENSSL_PKG_DISTRO_VERSION)" >> $(OPENSSL_PKG)/.PKGINFO ; \
+ echo "group=$(OPENSSL_PKG_GROUP)" >> $(OPENSSL_PKG)/.PKGINFO ; \
+ echo "short_description=\"$(OPENSSL_PKG_SHORT_DESCRIPTION)\"" >> $(OPENSSL_PKG)/.PKGINFO ; \
+ echo "url=$(OPENSSL_PKG_URL)" >> $(OPENSSL_PKG)/.PKGINFO ; \
+ echo "license=$(OPENSSL_PKG_LICENSE)" >> $(OPENSSL_PKG)/.PKGINFO
+ @$(PSEUDO) sh -c "cd $(OPENSSL_PKG) && \
+ chown -R root:root . && \
+ $(MAKE_PACKAGE) -J --linkadd=yes $(GNUPG_OPTIONS) -m -d .. ."
Index: net/openssl11/1.1.1w/PATCHES
===================================================================
--- net/openssl11/1.1.1w/PATCHES (nonexistent)
+++ net/openssl11/1.1.1w/PATCHES (revision 420)
@@ -0,0 +1,2 @@
+
+../../../sources/packages/n/openssl11/patches/openssl-1.1.1w-CVE-2024-5535.patch -p0
Index: net/openssl11/1.1.1w/cron/certwatch
===================================================================
--- net/openssl11/1.1.1w/cron/certwatch (nonexistent)
+++ net/openssl11/1.1.1w/cron/certwatch (revision 420)
@@ -0,0 +1,129 @@
+#!/bin/sh
+#
+# Will check all certificates stored in $CERTDIR for their expiration date,
+# and will display (if optional "stdout" argument is given), or mail a warning
+# message to $MAILADDR (if script is executed without any parameter
+# - unattended mode suitable for cron execution) for each particular certificate
+# that is about to expire in time less to, or equal to $DAYS after this script
+# has been executed, or if it has already expired.
+# This stupid script (C) 2006,2007 Jan Rafaj
+
+########################## CONFIGURATION SECTION BEGIN #########################
+# Note: all settings are mandatory
+# Warning will be sent if a certificate expires in time <= days given here
+DAYS=7
+# E-mail address where to send warnings
+MAILADDR=root
+# Directory with certificates to check
+CERTDIR=/etc/ssl/certs
+# Directory where to keep state files if this script isnt executed with "stdout"
+STATEDIR=/var/run
+########################### CONFIGURATION SECTION END ##########################
+
+PATH=/bin:/usr/bin:/sbin:/usr/sbin
+DAY_IN_SECS=$((60*60*24))
+DATE_CURRENT=$(date '+%s')
+
+usage()
+{
+ echo "Usage: $0 [stdout]"
+ echo
+ echo "Detailed description and configuration is embedded within the script."
+ exit 0
+}
+
+message()
+{
+ cat << EOF
+ WARNING: certificate $certfile
+ is about to expire in time equal to or less than $DAYS days from now on,
+ or has already expired - it might be a good idea to obtain/create new one.
+
+EOF
+}
+
+message_mail()
+{
+ message
+ cat << EOF
+ NOTE: This message is being sent only once.
+
+ A lock-file
+ $STATEDIR/certwatch-mailwarning-sent-$certfilebase
+ has been created, which will prevent this script from mailing you again
+ upon its subsequent executions by crond. You dont need to care about it;
+ the file will be auto-deleted as soon as you'll prolong your certificate.
+EOF
+}
+
+unset stdout
+case $# in
+ 0) ;;
+ 1) if [ "$1" = "-h" -o "$1" == "--help" ]; then
+ usage
+ elif [ "$1" = "stdout" ]; then
+ stdout=1
+ else
+ usage
+ fi
+ ;;
+ *) usage ;;
+esac
+
+for dir in $STATEDIR $CERTDIR ; do
+ if [ ! -d $dir ]; then
+ echo "ERROR: directory $dir does not exist"
+ exit 1
+ fi
+done
+for binary in basename date find grep mail openssl touch ; do
+ if [ ! \( -x /usr/bin/$binary -o -x /bin/$binary \) ]; then
+ echo "ERROR: /usr/bin/$binary not found"
+ exit 1
+ fi
+done
+
+find $CERTDIR -type f -maxdepth 1 | while read certfile ; do
+ if [ "$certfile" != "/etc/ssl/certs/ca-certificates.crt" ]; then
+ certfilebase="$(basename "$certfile")"
+ inform=PEM
+ echo "$certfile" | grep -q -i '\.net$'
+ if [ $? -eq 0 ]; then
+ # This is based purely on filename extension, so may give false results.
+ # But lets assume noone uses NET format certs today, ok?
+ continue
+ fi
+ echo "$certfile" | grep -q -i '\.der$'
+ if [ $? -eq 0 -o "$(file "$certfile" | egrep '(ASCII|PEM)')" == "" ]; then
+ inform=DER
+ fi
+ # We wont use '-checkend' since it is not properly documented (as of
+ # OpenSSL 0.9.8e).
+ DATE_CERT_EXPIRES=$(openssl x509 -in "$certfile" -inform $inform -noout -enddate | sed 's/^notAfter=//')
+ DATE_CERT_EXPIRES=$(date -d"$DATE_CERT_EXPIRES" +%s)
+ if [ $(($DATE_CERT_EXPIRES - $DATE_CURRENT)) -le $(($DAYS * $DAY_IN_SECS)) ]
+ then
+ if [ $stdout ]; then
+ message
+ else
+ if [ ! -f $STATEDIR/certwatch-mailwarning-sent-"$certfilebase" ]; then
+ subject="$0: certificate $certfile expiration warning"
+ message_mail | mail -r "certwatch@$HOSTNAME" \
+ -s "$subject" \
+ $MAILADDR 2>/dev/null
+ # echo "Mail about expiring certificate $certfile sent to $MAILADDR."
+ # echo "If you need to send it again, please remove lock-file"
+ # echo "$STATEDIR/certwatch-mailwarning-sent-$certfilebase ."
+ # echo
+ fi
+ touch $STATEDIR/certwatch-mailwarning-sent-"$certfilebase"
+ fi
+ else
+ if [ ! $stdout ]; then
+ if [ -f $STATEDIR/certwatch-mailwarning-sent-"$certfilebase" ]; then
+ rm $STATEDIR/certwatch-mailwarning-sent-"$certfilebase"
+ fi
+ fi
+ fi
+ fi
+done
Index: net/openssl11/1.1.1w/cron
===================================================================
--- net/openssl11/1.1.1w/cron (nonexistent)
+++ net/openssl11/1.1.1w/cron (revision 420)
Property changes on: net/openssl11/1.1.1w/cron
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,73 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: net/openssl11/1.1.1w/openssl11-pkg-description.in
===================================================================
--- net/openssl11/1.1.1w/openssl11-pkg-description.in (nonexistent)
+++ net/openssl11/1.1.1w/openssl11-pkg-description.in (revision 420)
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description. Line
+# up the first '|' above the ':' following the base package name, and the '|'
+# on the right side marks the last column you can put a character in. You must
+# make exactly 11 lines for the formatting to be correct. It's also
+# customary to leave one space after the ':'.
+
+ |-----handy-ruler------------------------------------------------------|
+openssl11: openssl11 @VERSION@ (Secure Sockets Layer toolkit 1.1.x)
+openssl11:
+openssl11: The OpenSSL certificate management tool and the shared libraries
+openssl11: that provide various encryption and decryption algorithms and
+openssl11: protocols.
+openssl11: This product includes software developed by the OpenSSL Project for
+openssl11: use in the OpenSSL Toolkit (http://www.openssl.org). This product
+openssl11: includes cryptographic software written by Eric Young
+openssl11: (eay@cryptsoft.com). This product includes software written by Tim
+openssl11: Hudson (tjh@cryptsoft.com).
+openssl11:
Index: net/openssl11/1.1.1w/openssl11-pkg-install.sh
===================================================================
--- net/openssl11/1.1.1w/openssl11-pkg-install.sh (nonexistent)
+++ net/openssl11/1.1.1w/openssl11-pkg-install.sh (revision 420)
@@ -0,0 +1,53 @@
+#!/bin/sh
+
+# Preserve new files
+install_file() {
+ NEW="$1"
+ OLD="`dirname $NEW`/`basename $NEW .new`"
+ # If there's no file by that name, mv it over:
+ if [ ! -r $OLD ]; then
+ mv $NEW $OLD
+ elif [ "`cat $OLD | md5sum`" = "`cat $NEW | md5sum`" ]; then # toss the redundant copy
+ rm $NEW
+ fi
+ # Otherwise, we leave the .new copy for the admin to consider...
+}
+
+
+# arg 1: the new package version
+pre_install() {
+ /bin/true
+}
+
+# arg 1: the new package version
+post_install() {
+ /bin/true
+}
+
+# arg 1: the new package version
+# arg 2: the old package version
+pre_update() {
+ /bin/true
+}
+
+# arg 1: the new package version
+# arg 2: the old package version
+post_update() {
+ post_install
+}
+
+# arg 1: the old package version
+pre_remove() {
+ /bin/true
+}
+
+# arg 1: the old package version
+post_remove() {
+ /bin/true
+}
+
+
+operation=$1
+shift
+
+$operation $*
Property changes on: net/openssl11/1.1.1w/openssl11-pkg-install.sh
___________________________________________________________________
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
Index: net/openssl11/1.1.1w
===================================================================
--- net/openssl11/1.1.1w (nonexistent)
+++ net/openssl11/1.1.1w (revision 420)
Property changes on: net/openssl11/1.1.1w
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,74 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.rk358x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: net/openssl11/1.1.1w-ppc32/Makefile
===================================================================
--- net/openssl11/1.1.1w-ppc32/Makefile (nonexistent)
+++ net/openssl11/1.1.1w-ppc32/Makefile (revision 420)
@@ -0,0 +1,191 @@
+
+COMPONENT_TARGETS = $(HARDWARE_S824L)
+COMPONENT_TARGETS += $(HARDWARE_VESNIN)
+COMPONENT_TARGETS += $(HARDWARE_TL2WK2)
+COMPONENT_TARGETS += $(HARDWARE_TL2SV2)
+
+NEED_ABS_PATH = true
+COMPONENT_IS_3PP = true
+
+CREATE_PPC32_PACKAGE = true
+
+
+include ../../../build-system/constants.mk
+
+
+SOURCE_REQUIRES = sources/packages/n/openssl11
+
+REQUIRES = net/openssl11/1.1.1w
+REQUIRES += libs/zlib/1.3.1-ppc32
+REQUIRES += libs/gmp/6.3.0-ppc32
+
+# ======= __END_OF_REQUIRES__ =======
+
+
+version = 1.1.1w
+tar_xz_archive = $(SRC_PACKAGE_PATH)/packages/n/openssl11/openssl-$(version).tar.xz
+SRC_ARCHIVE = $(tar_xz_archive)
+SRC_DIR = $(TARGET_BUILD_DIR)/openssl-$(version)
+src_dir_name = openssl-$(version)
+src_done = $(TARGET_BUILD_DIR)/.source_done
+
+PATCHES = PATCHES
+
+build_target = $(TARGET_BUILD_DIR)/.build_done
+install_target = $(TARGET_BUILD_DIR)/.install_done
+
+
+####### Targets
+
+PKG_GROUP = net
+#
+# *PKG_NAME & *PKG_VERSION shouldn't be a reference to value.
+#
+OPENSSL32_PKG_NAME = openssl11-x32
+OPENSSL32_PKG_VERSION = 1.1.1w
+OPENSSL32_PKG_ARCH = $(PKGARCH)
+OPENSSL32_PKG_DISTRO_NAME = $(DISTRO_NAME)
+OPENSSL32_PKG_DISTRO_VERSION = $(DISTRO_VERSION)
+OPENSSL32_PKG_GROUP = $(PKG_GROUP)
+### |---handy-ruler-------------------------------|
+OPENSSL32_PKG_SHORT_DESCRIPTION = Secure Sockets Layer toolkit 1.1.x
+OPENSSL32_PKG_URL = $(BUG_URL)
+OPENSSL32_PKG_LICENSE = GPLv2
+OPENSSL32_PKG_DESCRIPTION_FILE = $(TARGET_BUILD_DIR)/$(OPENSSL32_PKG_NAME)-pkg-description
+OPENSSL32_PKG_DESCRIPTION_FILE_IN = $(OPENSSL32_PKG_NAME)-pkg-description.in
+OPENSSL32_PKG_INSTALL_SCRIPT = $(OPENSSL32_PKG_NAME)-pkg-install.sh
+
+OPENSSL32_PKG = $(CURDIR)/$(TARGET_BUILD_DIR)/$(OPENSSL32_PKG_NAME)-package
+
+pkg_basename = $(OPENSSL32_PKG_NAME)-$(OPENSSL32_PKG_VERSION)-$(OPENSSL32_PKG_ARCH)-$(OPENSSL32_PKG_DISTRO_NAME)-$(OPENSSL32_PKG_DISTRO_VERSION)
+
+pkg_archive = $(TARGET_BUILD_DIR)/$(PKG_GROUP)/$(pkg_basename).$(pkg_arch_suffix)
+pkg_certificate = $(call cert-name,$(pkg_archive))
+pkg_signature = $(call sign-name,$(pkg_archive))
+pkg_description = $(call desc-name,$(pkg_archive))
+products = $(call pkg-files,$(pkg_archive))
+
+BUILD_TARGETS = $(build_target)
+BUILD_TARGETS += $(install_target)
+
+PRODUCT_TARGETS = $(products)
+
+ROOTFS_TARGETS = $(pkg_archive)
+
+
+include ../../../build-system/core.mk
+
+
+env_sysroot = DESTDIR=$(OPENSSL32_PKG)
+
+
+extra_configure_switches = --libdir=lib$(MULTILIB_PPC32_SUFFIX)/openssl-1.1
+extra_configure_switches += --openssldir=/etc/ssl
+extra_configure_switches += no-mdc2
+extra_configure_switches += no-ec2m
+extra_configure_switches += no-idea
+extra_configure_switches += no-sse2
+extra_configure_switches += enable-camellia
+extra_configure_switches += enable-seed
+extra_configure_switches += enable-rfc3779
+extra_configure_switches += enable-cms
+extra_configure_switches += enable-md2
+extra_configure_switches += enable-rc5
+extra_configure_switches += enable-ssl3
+extra_configure_switches += enable-ssl3-method
+extra_configure_switches += no-weak-ssl-ciphers
+extra_configure_switches += zlib
+extra_configure_switches += shared
+
+openssl_environment = KERNEL_BITS=32 MACHINE=ppc64 SYSTEM=Linux
+
+LDFLAGS += -Wl,-rpath,/lib$(MULTILIB_PPC32_SUFFIX):/usr/lib$(MULTILIB_PPC32_SUFFIX):/usr/lib$(MULTILIB_PPC32_SUFFIX)/openssl-1.1
+
+
+####### Dependencies
+
+$(src_done): $(SRC_ARCHIVE) $(PATCHES_DEP)
+ $(UNPACK_SRC_ARCHIVE)
+ $(APPLY_PATCHES)
+ @( cd $(SRC_DIR) ; \
+ find . -name "*.pod" -exec sed -i "s/^\=item \([0-9]\)\(\ \|\.\|$$\)/\=item C<\1>/g" {} \; \
+ )
+ @touch $@
+
+$(build_target): $(src_done)
+ @cd $(SRC_DIR) && $(BUILD_ENVIRONMENT) $(openssl_environment) ./config \
+ --prefix=/usr \
+ $(extra_configure_switches) \
+ $(ARCH_FLAGS) \
+ $(HW_FLAGS)
+ @cd $(SRC_DIR) && $(BUILD_ENVIRONMENT) $(MAKE)
+ @touch $@
+
+$(install_target): $(build_target)
+ @mkdir -p $(OPENSSL32_PKG)
+ @cd $(SRC_DIR) && $(BUILD_ENVIRONMENT) $(MAKE) -j1 MANDIR=/usr/share/man install $(env_sysroot)
+ifneq ($(__ENABLE_STATIC__),yes)
+ @rm -f $(OPENSSL32_PKG)/usr/lib$(MULTILIB_PPC32_SUFFIX)/openssl-1.1/*.a
+endif
+ @mkdir -p $(OPENSSL32_PKG)/usr/bin/32
+ @( cd $(OPENSSL32_PKG)/usr/bin ; \
+ rm -f c_rehash ; \
+ find . -type f | xargs mv -t 32 ; \
+ )
+ @mkdir -p $(OPENSSL32_PKG)/lib$(MULTILIB_PPC32_SUFFIX)
+ @( cd $(OPENSSL32_PKG)/usr/lib$(MULTILIB_PPC32_SUFFIX)/openssl-1.1 ; \
+ chmod +w lib*.so.?.? ; \
+ mv lib*.so.?.? ../../../lib$(MULTILIB_PPC32_SUFFIX) ; \
+ ln -sf ../../../lib$(MULTILIB_PPC32_SUFFIX)/lib*.so.?.? . ; \
+ ln -sf libcrypto.so.?.? libcrypto.so.1 ; \
+ ln -sf libssl.so.?.? libssl.so.1 ; \
+ cp -a lib*.so.? ../../../lib$(MULTILIB_PPC32_SUFFIX) ; \
+ )
+ @rm -rf $(OPENSSL32_PKG)/etc
+ @rm -rf $(OPENSSL32_PKG)/usr/include
+ @rm -rf $(OPENSSL32_PKG)/usr/share
+ # ======= Move include files: =======
+ @sed -e 's,/include$$,/include/openssl-1.1,' -i $(OPENSSL32_PKG)/usr/lib$(MULTILIB_PPC32_SUFFIX)/openssl-1.1/pkgconfig/*.pc
+ # ======= Rename openssl binary: =======
+ @mv $(OPENSSL32_PKG)/usr/bin/32/openssl $(OPENSSL32_PKG)/usr/bin/32/openssl-1.1
+ # ======= Install the same to $(TARGET_DEST_DIR) =======
+ $(call install-into-devenv, $(OPENSSL32_PKG))
+ # ======= tune pkg-config *.pc search path to the target destination for development =======
+ @( cd $(TARGET_DEST_DIR)/usr/lib$(MULTILIB_PPC32_SUFFIX)/openssl-1.1/pkgconfig ; \
+ sed -i "s,/usr,$(TARGET_DEST_DIR)/usr,g" libcrypto.pc libssl.pc openssl.pc \
+ )
+ # ======= Strip binaries =======
+ @( cd $(OPENSSL32_PKG) ; \
+ find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs $(STRIP) --strip-unneeded 2> /dev/null ; \
+ find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs $(STRIP) --strip-unneeded 2> /dev/null ; \
+ )
+ifeq ($(__ENABLE_STATIC__),yes)
+ @( cd $(OPENSSL32_PKG) ; \
+ find . | xargs file | grep "current ar archive" | cut -f 1 -d : | xargs $(STRIP) -g 2> /dev/null ; \
+ )
+endif
+ @touch $@
+
+$(OPENSSL32_PKG_DESCRIPTION_FILE): $(OPENSSL32_PKG_DESCRIPTION_FILE_IN)
+ @cat $< | $(SED) -e "s/@VERSION@/$(version)/g" > $@
+
+$(pkg_certificate) : $(pkg_archive) ;
+$(pkg_signature) : $(pkg_archive) ;
+$(pkg_description) : $(pkg_archive) ;
+
+$(pkg_archive): $(install_target) $(OPENSSL32_PKG_DESCRIPTION_FILE) $(OPENSSL32_PKG_INSTALL_SCRIPT)
+ @cp $(OPENSSL32_PKG_DESCRIPTION_FILE) $(OPENSSL32_PKG)/.DESCRIPTION
+ @cp $(OPENSSL32_PKG_INSTALL_SCRIPT) $(OPENSSL32_PKG)/.INSTALL
+ @$(BUILD_PKG_REQUIRES) $(OPENSSL32_PKG)/.REQUIRES
+ @echo "pkgname=$(OPENSSL32_PKG_NAME)" > $(OPENSSL32_PKG)/.PKGINFO ; \
+ echo "pkgver=$(OPENSSL32_PKG_VERSION)" >> $(OPENSSL32_PKG)/.PKGINFO ; \
+ echo "arch=$(OPENSSL32_PKG_ARCH)" >> $(OPENSSL32_PKG)/.PKGINFO ; \
+ echo "distroname=$(OPENSSL32_PKG_DISTRO_NAME)" >> $(OPENSSL32_PKG)/.PKGINFO ; \
+ echo "distrover=$(OPENSSL32_PKG_DISTRO_VERSION)" >> $(OPENSSL32_PKG)/.PKGINFO ; \
+ echo "group=$(OPENSSL32_PKG_GROUP)" >> $(OPENSSL32_PKG)/.PKGINFO ; \
+ echo "short_description=\"$(OPENSSL32_PKG_SHORT_DESCRIPTION)\"" >> $(OPENSSL32_PKG)/.PKGINFO ; \
+ echo "url=$(OPENSSL32_PKG_URL)" >> $(OPENSSL32_PKG)/.PKGINFO ; \
+ echo "license=$(OPENSSL32_PKG_LICENSE)" >> $(OPENSSL32_PKG)/.PKGINFO
+ @$(PSEUDO) sh -c "cd $(OPENSSL32_PKG) && \
+ chown -R root:root . && \
+ $(MAKE_PACKAGE) -J --linkadd=yes $(GNUPG_OPTIONS) -m -d .. ."
Index: net/openssl11/1.1.1w-ppc32/PATCHES
===================================================================
--- net/openssl11/1.1.1w-ppc32/PATCHES (nonexistent)
+++ net/openssl11/1.1.1w-ppc32/PATCHES (revision 420)
@@ -0,0 +1,2 @@
+
+../../../sources/packages/n/openssl11/patches/openssl-1.1.1w-CVE-2024-5535.patch -p0
Index: net/openssl11/1.1.1w-ppc32/openssl11-x32-pkg-description.in
===================================================================
--- net/openssl11/1.1.1w-ppc32/openssl11-x32-pkg-description.in (nonexistent)
+++ net/openssl11/1.1.1w-ppc32/openssl11-x32-pkg-description.in (revision 420)
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description. Line
+# up the first '|' above the ':' following the base package name, and the '|'
+# on the right side marks the last column you can put a character in. You must
+# make exactly 11 lines for the formatting to be correct. It's also
+# customary to leave one space after the ':'.
+
+ |-----handy-ruler------------------------------------------------------|
+openssl11-x32: openssl11-x32 @VERSION@ (Secure Sockets Layer toolkit 1.1.x)
+openssl11-x32:
+openssl11-x32: The OpenSSL certificate management tool and the shared libraries
+openssl11-x32: that provide various encryption and decryption algorithms and
+openssl11-x32: protocols.
+openssl11-x32: This product includes software developed by the OpenSSL Project for
+openssl11-x32: use in the OpenSSL Toolkit (http://www.openssl.org). This product
+openssl11-x32: includes cryptographic software written by Eric Young
+openssl11-x32: (eay@cryptsoft.com). This product includes software written by Tim
+openssl11-x32: Hudson (tjh@cryptsoft.com).
+openssl11-x32:
Index: net/openssl11/1.1.1w-ppc32/openssl11-x32-pkg-install.sh
===================================================================
--- net/openssl11/1.1.1w-ppc32/openssl11-x32-pkg-install.sh (nonexistent)
+++ net/openssl11/1.1.1w-ppc32/openssl11-x32-pkg-install.sh (revision 420)
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+# arg 1: the new package version
+pre_install() {
+ /bin/true
+}
+
+# arg 1: the new package version
+post_install() {
+ /bin/true
+}
+
+# arg 1: the new package version
+# arg 2: the old package version
+pre_update() {
+ /bin/true
+}
+
+# arg 1: the new package version
+# arg 2: the old package version
+post_update() {
+ post_install
+}
+
+# arg 1: the old package version
+pre_remove() {
+ /bin/true
+}
+
+# arg 1: the old package version
+post_remove() {
+ /bin/true
+}
+
+
+operation=$1
+shift
+
+$operation $*
Property changes on: net/openssl11/1.1.1w-ppc32/openssl11-x32-pkg-install.sh
___________________________________________________________________
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
Index: net/openssl11/1.1.1w-ppc32
===================================================================
--- net/openssl11/1.1.1w-ppc32 (nonexistent)
+++ net/openssl11/1.1.1w-ppc32 (revision 420)
Property changes on: net/openssl11/1.1.1w-ppc32
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,74 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.rk358x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: net/openssl11/1.1.1w-x86_32/Makefile
===================================================================
--- net/openssl11/1.1.1w-x86_32/Makefile (nonexistent)
+++ net/openssl11/1.1.1w-x86_32/Makefile (revision 420)
@@ -0,0 +1,191 @@
+
+COMPONENT_TARGETS = $(HARDWARE_INTEL_PC64)
+
+NEED_ABS_PATH = true
+COMPONENT_IS_3PP = true
+
+CREATE_X86_32_PACKAGE = true
+
+
+include ../../../build-system/constants.mk
+
+
+SOURCE_REQUIRES = sources/packages/n/openssl11
+
+REQUIRES = net/openssl11/1.1.1w
+REQUIRES += libs/zlib/1.3.1-x86_32
+REQUIRES += libs/gmp/6.3.0-x86_32
+
+# ======= __END_OF_REQUIRES__ =======
+
+
+version = 1.1.1w
+tar_xz_archive = $(SRC_PACKAGE_PATH)/packages/n/openssl11/openssl-$(version).tar.xz
+SRC_ARCHIVE = $(tar_xz_archive)
+SRC_DIR = $(TARGET_BUILD_DIR)/openssl-$(version)
+src_dir_name = openssl-$(version)
+src_done = $(TARGET_BUILD_DIR)/.source_done
+
+PATCHES = PATCHES
+
+build_target = $(TARGET_BUILD_DIR)/.build_done
+install_target = $(TARGET_BUILD_DIR)/.install_done
+
+
+####### Targets
+
+PKG_GROUP = net
+#
+# *PKG_NAME & *PKG_VERSION shouldn't be a reference to value.
+#
+OPENSSL32_PKG_NAME = openssl11-x32
+OPENSSL32_PKG_VERSION = 1.1.1w
+OPENSSL32_PKG_ARCH = $(PKGARCH)
+OPENSSL32_PKG_DISTRO_NAME = $(DISTRO_NAME)
+OPENSSL32_PKG_DISTRO_VERSION = $(DISTRO_VERSION)
+OPENSSL32_PKG_GROUP = $(PKG_GROUP)
+### |---handy-ruler-------------------------------|
+OPENSSL32_PKG_SHORT_DESCRIPTION = Secure Sockets Layer toolkit 1.1.x
+OPENSSL32_PKG_URL = $(BUG_URL)
+OPENSSL32_PKG_LICENSE = GPLv2
+OPENSSL32_PKG_DESCRIPTION_FILE = $(TARGET_BUILD_DIR)/$(OPENSSL32_PKG_NAME)-pkg-description
+OPENSSL32_PKG_DESCRIPTION_FILE_IN = $(OPENSSL32_PKG_NAME)-pkg-description.in
+OPENSSL32_PKG_INSTALL_SCRIPT = $(OPENSSL32_PKG_NAME)-pkg-install.sh
+
+OPENSSL32_PKG = $(CURDIR)/$(TARGET_BUILD_DIR)/$(OPENSSL32_PKG_NAME)-package
+
+pkg_basename = $(OPENSSL32_PKG_NAME)-$(OPENSSL32_PKG_VERSION)-$(OPENSSL32_PKG_ARCH)-$(OPENSSL32_PKG_DISTRO_NAME)-$(OPENSSL32_PKG_DISTRO_VERSION)
+
+pkg_archive = $(TARGET_BUILD_DIR)/$(PKG_GROUP)/$(pkg_basename).$(pkg_arch_suffix)
+pkg_certificate = $(call cert-name,$(pkg_archive))
+pkg_signature = $(call sign-name,$(pkg_archive))
+pkg_description = $(call desc-name,$(pkg_archive))
+products = $(call pkg-files,$(pkg_archive))
+
+BUILD_TARGETS = $(build_target)
+BUILD_TARGETS += $(install_target)
+
+PRODUCT_TARGETS = $(products)
+
+ROOTFS_TARGETS = $(pkg_archive)
+
+
+include ../../../build-system/core.mk
+
+
+env_sysroot = DESTDIR=$(OPENSSL32_PKG)
+
+
+extra_configure_switches = --libdir=lib$(MULTILIB_X86_32_SUFFIX)/openssl-1.1
+extra_configure_switches += --openssldir=/etc/ssl
+extra_configure_switches += no-mdc2
+extra_configure_switches += no-ec2m
+extra_configure_switches += no-idea
+extra_configure_switches += no-sse2
+extra_configure_switches += enable-camellia
+extra_configure_switches += enable-seed
+extra_configure_switches += enable-rfc3779
+extra_configure_switches += enable-cms
+extra_configure_switches += enable-md2
+extra_configure_switches += enable-rc5
+extra_configure_switches += enable-ssl3
+extra_configure_switches += enable-ssl3-method
+extra_configure_switches += no-weak-ssl-ciphers
+extra_configure_switches += zlib
+extra_configure_switches += shared
+
+openssl_environment = MACHINE=i686 SYSTEM=Linux
+
+LDFLAGS += -Wl,-rpath,/lib$(MULTILIB_X86_32_SUFFIX):/usr/lib$(MULTILIB_X86_32_SUFFIX):/usr/lib$(MULTILIB_X86_32_SUFFIX)/openssl-1.1
+
+
+####### Dependencies
+
+$(src_done): $(SRC_ARCHIVE) $(PATCHES_DEP)
+ $(UNPACK_SRC_ARCHIVE)
+ $(APPLY_PATCHES)
+ @( cd $(SRC_DIR) ; \
+ find . -name "*.pod" -exec sed -i "s/^\=item \([0-9]\)\(\ \|\.\|$$\)/\=item C<\1>/g" {} \; \
+ )
+ @( cd $(SRC_DIR) ; \
+ sed -i "/linux-elf/s/fomit-frame-pointer/fomit-frame-pointer -march=i686 -mtune=i686/g" Configure ; \
+ )
+ @touch $@
+
+$(build_target): $(src_done)
+ @cd $(SRC_DIR) && $(BUILD_ENVIRONMENT) $(openssl_environment) ./config \
+ --prefix=/usr \
+ $(extra_configure_switches) \
+ $(ARCH_FLAGS) \
+ $(HW_FLAGS)
+ @cd $(SRC_DIR) && $(BUILD_ENVIRONMENT) $(MAKE)
+ @touch $@
+
+$(install_target): $(build_target)
+ @mkdir -p $(OPENSSL32_PKG)
+ @cd $(SRC_DIR) && $(BUILD_ENVIRONMENT) $(MAKE) -j1 MANDIR=/usr/share/man install $(env_sysroot)
+ifneq ($(__ENABLE_STATIC__),yes)
+ @rm -f $(OPENSSL32_PKG)/usr/lib$(MULTILIB_X86_32_SUFFIX)/openssl-1.1/*.a
+endif
+ @mkdir -p $(OPENSSL32_PKG)/usr/bin/32
+ @( cd $(OPENSSL32_PKG)/usr/bin ; \
+ rm -f c_rehash ; \
+ find . -type f | xargs mv -t 32 ; \
+ )
+ @mkdir -p $(OPENSSL32_PKG)/lib$(MULTILIB_X86_32_SUFFIX)
+ @( cd $(OPENSSL32_PKG)/usr/lib$(MULTILIB_X86_32_SUFFIX)/openssl-1.1 ; \
+ chmod +w lib*.so.?.? ; \
+ mv lib*.so.?.? ../../../lib$(MULTILIB_X86_32_SUFFIX) ; \
+ ln -sf ../../../lib$(MULTILIB_X86_32_SUFFIX)/lib*.so.?.? . ; \
+ ln -sf libcrypto.so.?.? libcrypto.so.1 ; \
+ ln -sf libssl.so.?.? libssl.so.1 ; \
+ cp -a lib*.so.? ../../../lib$(MULTILIB_X86_32_SUFFIX) ; \
+ )
+ @rm -rf $(OPENSSL32_PKG)/etc
+ @rm -rf $(OPENSSL32_PKG)/usr/include
+ @rm -rf $(OPENSSL32_PKG)/usr/share
+ # ======= Move include files: =======
+ @sed -e 's,/include$$,/include/openssl-1.1,' -i $(OPENSSL32_PKG)/usr/lib$(MULTILIB_X86_32_SUFFIX)/openssl-1.1/pkgconfig/*.pc
+ # ======= Rename openssl binary: =======
+ @mv $(OPENSSL32_PKG)/usr/bin/32/openssl $(OPENSSL32_PKG)/usr/bin/32/openssl-1.1
+ # ======= Install the same to $(TARGET_DEST_DIR) =======
+ $(call install-into-devenv, $(OPENSSL32_PKG))
+ # ======= tune pkg-config *.pc search path to the target destination for development =======
+ @( cd $(TARGET_DEST_DIR)/usr/lib$(MULTILIB_X86_32_SUFFIX)/openssl-1.1/pkgconfig ; \
+ sed -i "s,/usr,$(TARGET_DEST_DIR)/usr,g" libcrypto.pc libssl.pc openssl.pc \
+ )
+ # ======= Strip binaries =======
+ @( cd $(OPENSSL32_PKG) ; \
+ find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs $(STRIP) --strip-unneeded 2> /dev/null ; \
+ find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs $(STRIP) --strip-unneeded 2> /dev/null ; \
+ )
+ifeq ($(__ENABLE_STATIC__),yes)
+ @( cd $(OPENSSL32_PKG) ; \
+ find . | xargs file | grep "current ar archive" | cut -f 1 -d : | xargs $(STRIP) -g 2> /dev/null ; \
+ )
+endif
+ @touch $@
+
+$(OPENSSL32_PKG_DESCRIPTION_FILE): $(OPENSSL32_PKG_DESCRIPTION_FILE_IN)
+ @cat $< | $(SED) -e "s/@VERSION@/$(version)/g" > $@
+
+$(pkg_certificate) : $(pkg_archive) ;
+$(pkg_signature) : $(pkg_archive) ;
+$(pkg_description) : $(pkg_archive) ;
+
+$(pkg_archive): $(install_target) $(OPENSSL32_PKG_DESCRIPTION_FILE) $(OPENSSL32_PKG_INSTALL_SCRIPT)
+ @cp $(OPENSSL32_PKG_DESCRIPTION_FILE) $(OPENSSL32_PKG)/.DESCRIPTION
+ @cp $(OPENSSL32_PKG_INSTALL_SCRIPT) $(OPENSSL32_PKG)/.INSTALL
+ @$(BUILD_PKG_REQUIRES) $(OPENSSL32_PKG)/.REQUIRES
+ @echo "pkgname=$(OPENSSL32_PKG_NAME)" > $(OPENSSL32_PKG)/.PKGINFO ; \
+ echo "pkgver=$(OPENSSL32_PKG_VERSION)" >> $(OPENSSL32_PKG)/.PKGINFO ; \
+ echo "arch=$(OPENSSL32_PKG_ARCH)" >> $(OPENSSL32_PKG)/.PKGINFO ; \
+ echo "distroname=$(OPENSSL32_PKG_DISTRO_NAME)" >> $(OPENSSL32_PKG)/.PKGINFO ; \
+ echo "distrover=$(OPENSSL32_PKG_DISTRO_VERSION)" >> $(OPENSSL32_PKG)/.PKGINFO ; \
+ echo "group=$(OPENSSL32_PKG_GROUP)" >> $(OPENSSL32_PKG)/.PKGINFO ; \
+ echo "short_description=\"$(OPENSSL32_PKG_SHORT_DESCRIPTION)\"" >> $(OPENSSL32_PKG)/.PKGINFO ; \
+ echo "url=$(OPENSSL32_PKG_URL)" >> $(OPENSSL32_PKG)/.PKGINFO ; \
+ echo "license=$(OPENSSL32_PKG_LICENSE)" >> $(OPENSSL32_PKG)/.PKGINFO
+ @$(PSEUDO) sh -c "cd $(OPENSSL32_PKG) && \
+ chown -R root:root . && \
+ $(MAKE_PACKAGE) -J --linkadd=yes $(GNUPG_OPTIONS) -m -d .. ."
Index: net/openssl11/1.1.1w-x86_32/PATCHES
===================================================================
--- net/openssl11/1.1.1w-x86_32/PATCHES (nonexistent)
+++ net/openssl11/1.1.1w-x86_32/PATCHES (revision 420)
@@ -0,0 +1,2 @@
+
+../../../sources/packages/n/openssl11/patches/openssl-1.1.1w-CVE-2024-5535.patch -p0
Index: net/openssl11/1.1.1w-x86_32/openssl11-x32-pkg-description.in
===================================================================
--- net/openssl11/1.1.1w-x86_32/openssl11-x32-pkg-description.in (nonexistent)
+++ net/openssl11/1.1.1w-x86_32/openssl11-x32-pkg-description.in (revision 420)
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description. Line
+# up the first '|' above the ':' following the base package name, and the '|'
+# on the right side marks the last column you can put a character in. You must
+# make exactly 11 lines for the formatting to be correct. It's also
+# customary to leave one space after the ':'.
+
+ |-----handy-ruler------------------------------------------------------|
+openssl11-x32: openssl11-x32 @VERSION@ (Secure Sockets Layer toolkit 1.1.x)
+openssl11-x32:
+openssl11-x32: The OpenSSL certificate management tool and the shared libraries
+openssl11-x32: that provide various encryption and decryption algorithms and
+openssl11-x32: protocols.
+openssl11-x32: This product includes software developed by the OpenSSL Project for
+openssl11-x32: use in the OpenSSL Toolkit (http://www.openssl.org). This product
+openssl11-x32: includes cryptographic software written by Eric Young
+openssl11-x32: (eay@cryptsoft.com). This product includes software written by Tim
+openssl11-x32: Hudson (tjh@cryptsoft.com).
+openssl11-x32:
Index: net/openssl11/1.1.1w-x86_32/openssl11-x32-pkg-install.sh
===================================================================
--- net/openssl11/1.1.1w-x86_32/openssl11-x32-pkg-install.sh (nonexistent)
+++ net/openssl11/1.1.1w-x86_32/openssl11-x32-pkg-install.sh (revision 420)
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+# arg 1: the new package version
+pre_install() {
+ /bin/true
+}
+
+# arg 1: the new package version
+post_install() {
+ /bin/true
+}
+
+# arg 1: the new package version
+# arg 2: the old package version
+pre_update() {
+ /bin/true
+}
+
+# arg 1: the new package version
+# arg 2: the old package version
+post_update() {
+ post_install
+}
+
+# arg 1: the old package version
+pre_remove() {
+ /bin/true
+}
+
+# arg 1: the old package version
+post_remove() {
+ /bin/true
+}
+
+
+operation=$1
+shift
+
+$operation $*
Property changes on: net/openssl11/1.1.1w-x86_32/openssl11-x32-pkg-install.sh
___________________________________________________________________
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
Index: net/openssl11/1.1.1w-x86_32
===================================================================
--- net/openssl11/1.1.1w-x86_32 (nonexistent)
+++ net/openssl11/1.1.1w-x86_32 (revision 420)
Property changes on: net/openssl11/1.1.1w-x86_32
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,74 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.rk358x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: net/openssl11
===================================================================
--- net/openssl11 (nonexistent)
+++ net/openssl11 (revision 420)
Property changes on: net/openssl11
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,73 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: products/base/Makefile
===================================================================
--- products/base/Makefile (revision 419)
+++ products/base/Makefile (revision 420)
@@ -145,12 +145,12 @@
# │ └── dev/gcc/14.2.0 │ │
# │ │ │
# ├── app/xz/5.6.3 ─────┬───────────────┘ │
-# │ ├── app/xz/5.6.3-ppc32 └── app/kmod/30 │
-# │ └── app/xz/5.6.3-x86_32 ├── app/kmod/30-ppc32 │
-# │ └── app/kmod/30-x86_32 │
-# ├── libs/libffi/3.4.4 │
-# │ ├── libs/libffi/3.4.4-ppc32 │
-# │ └── libs/libffi/3.4.4-x86_32 │
+# │ ├── app/xz/5.6.3-ppc32 └── app/kmod/33 │
+# │ └── app/xz/5.6.3-x86_32 ├── app/kmod/33-ppc32 │
+# │ └── app/kmod/33-x86_32 │
+# ├── libs/libffi/3.4.6 │
+# │ ├── libs/libffi/3.4.6-ppc32 │
+# │ └── libs/libffi/3.4.6-x86_32 │
# │ │
# ├── libs/lzo/2.10 │
# │ ├── libs/lzo/2.10-ppc32 │
@@ -165,14 +165,14 @@
# │ └── libs/zstd/1.5.6-x86_32 │
# │ │
# ├── app/bzip2/1.0.8 ──────────────┬────────────────────────────────┤
-# │ ├── app/bzip2/1.0.8-ppc32 ├── libs/pcre/8.44 │
-# │ └── app/bzip2/1.0.8-x86_32 │ ├── libs/pcre/8.44-ppc32 │
-# │ │ └── libs/pcre/8.44-x86_32 │
-# ├── app/gzip/1.10 │ │
-# │ └── libs/pcre2/10.36 │
-# ├── libs/elfutils/0.187 ├── libs/pcre2/10.36-ppc32 │
-# │ ├── libs/elfutils/0.187-ppc32 └── libs/pcre2/10.36-x86_32 │
-# │ └── libs/elfutils/0.187-x86_32 │
+# │ ├── app/bzip2/1.0.8-ppc32 ├── libs/pcre/8.45 │
+# │ └── app/bzip2/1.0.8-x86_32 │ ├── libs/pcre/8.45-ppc32 │
+# │ │ └── libs/pcre/8.45-x86_32 │
+# ├── app/gzip/1.13 │ │
+# │ └── libs/pcre2/10.37 │
+# ├── libs/elfutils/0.192 ├── libs/pcre2/10.37-ppc32 │
+# │ ├── libs/elfutils/0.192-ppc32 └── libs/pcre2/10.37-x86_32 │
+# │ └── libs/elfutils/0.192-x86_32 │
# │ │
# ├── app/inputattach/1.8.1 │
# │ ├── app/inputattach/1.8.1-ppc32 │
@@ -182,9 +182,9 @@
# │ ├── app/gpm/1.20.7-ppc32 │
# │ ├── app/gpm/1.20.7-x86_32 │
# │ │ │
-# │ └── libs/ncurses/6.3 ────── libs/readline/8.2 ──┘
-# │ ├── libs/ncurses/6.3-ppc32 ├── libs/readline/8.2-ppc32
-# │ └── libs/ncurses/6.3-x86_32 └── libs/readline/8.2-x86_32
+# │ └── libs/ncurses/6.5 ────── libs/readline/8.2 ──┘
+# │ ├── libs/ncurses/6.5-ppc32 ├── libs/readline/8.2-ppc32
+# │ └── libs/ncurses/6.5-x86_32 └── libs/readline/8.2-x86_32
# │
# ...
#
@@ -192,7 +192,7 @@
# ...
# │ ...
# │ │
-# │ ├── app/gettext/0.21
+# │ ├── app/gettext/0.23
# │ ...
# ...
#
@@ -302,13 +302,13 @@
# │ │ ├── libs/zlib/1.3.1-ppc32
# │ │ └── libs/zlib/1.3.1-x86_32
# │ │
-# │ ├── net/openssl10/1.0.2u ■
-# │ │ ├── net/openssl10/1.0.2u-ppc32
-# │ │ └── net/openssl10/1.0.2u-x86_32
+# │ ├── net/openssl11/1.1.1w ■
+# │ │ ├── net/openssl11/1.1.1w-ppc32
+# │ │ └── net/openssl11/1.1.1w-x86_32
# │ │
-# │ ├── net/openssl/1.1.1r
-# │ │ ├── net/openssl/1.1.1r-ppc32
-# │ │ ├── net/openssl/1.1.1r-x86_32
+# │ ├── net/openssl/3.4.0
+# │ │ ├── net/openssl/3.4.0-ppc32
+# │ │ ├── net/openssl/3.4.0-x86_32
# │ │ │
# │ │ ├── libs/libevent/2.1.12 ■
# │ │ │ ├── libs/libevent/2.1.12-ppc32
@@ -332,7 +332,7 @@
# │ ├── dev/python2/2.7.18 ├── libs/libffi/3.4.4
# │ │ ├── dev/python2/2.7.18-ppc32 ├── libs/readline/8.2
# │ │ └── dev/python2/2.7.18-x86_32 ├── libs/expat/2.5.0
-# │ │ └── net/openssl/1.1.1r
+# │ │ └── net/openssl/3.4.0
# │ │
# │ ├───────────────────────────────────┬── libs/gdbm/1.23
# │ │ └── app/sqlite/3.39.4.0
@@ -347,7 +347,7 @@
# │ ...
# │ ├───────────────────────────────────┬── libs/ncurses/6.3
# │ │ ├── dev/flex/2.6.4
-# │ ├── app/bsd-games/2.17 ■ └── net/openssl/1.1.1r
+# │ ├── app/bsd-games/2.17 ■ └── net/openssl/3.4.0
# │ │
# │ ...
# │
Index: sources/packages/a/kmod/Makefile
===================================================================
--- sources/packages/a/kmod/Makefile (revision 419)
+++ sources/packages/a/kmod/Makefile (revision 420)
@@ -7,7 +7,7 @@
url = $(DOWNLOAD_SERVER)/sources/packages/a/kmod
-versions = 30
+versions = 33
pkgname = kmod
suffix = tar.xz
Index: sources/packages/n/openssl10/create-1.0.2u-shlib-patch/file.list
===================================================================
--- sources/packages/n/openssl10/create-1.0.2u-shlib-patch/file.list (revision 419)
+++ sources/packages/n/openssl10/create-1.0.2u-shlib-patch/file.list (nonexistent)
@@ -1,2 +0,0 @@
-openssl-1.0.2u/Makefile
-openssl-1.0.2u/Makefile.org
Index: sources/packages/n/openssl10/create-1.0.2u-shlib-patch/openssl-1.0.2u-new/Makefile.org
===================================================================
--- sources/packages/n/openssl10/create-1.0.2u-shlib-patch/openssl-1.0.2u-new/Makefile.org (revision 419)
+++ sources/packages/n/openssl10/create-1.0.2u-shlib-patch/openssl-1.0.2u-new/Makefile.org (nonexistent)
@@ -1,689 +0,0 @@
-##
-## Makefile for OpenSSL
-##
-
-VERSION=
-MAJOR=
-MINOR=
-SHLIB_VERSION_NUMBER=
-SHLIB_VERSION_HISTORY=
-SHLIB_MAJOR=
-SHLIB_MINOR=
-SHLIB_EXT=
-PLATFORM=dist
-OPTIONS=
-CONFIGURE_ARGS=
-SHLIB_TARGET=
-
-# HERE indicates where this Makefile lives. This can be used to indicate
-# where sub-Makefiles are expected to be. Currently has very limited usage,
-# and should probably not be bothered with at all.
-HERE=.
-
-# INSTALL_PREFIX is for package builders so that they can configure
-# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
-# Normally it is left empty.
-INSTALL_PREFIX=
-INSTALLTOP=/usr/local/ssl
-
-# Do not edit this manually. Use Configure --openssldir=DIR do change this!
-OPENSSLDIR=/usr/local/ssl
-
-# NO_IDEA - Define to build without the IDEA algorithm
-# NO_RC4 - Define to build without the RC4 algorithm
-# NO_RC2 - Define to build without the RC2 algorithm
-# THREADS - Define when building with threads, you will probably also need any
-# system defines as well, i.e. _REENTERANT for Solaris 2.[34]
-# TERMIO - Define the termio terminal subsystem, needed if sgtty is missing.
-# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
-# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
-# DEVRANDOM - Give this the value of the 'random device' if your OS supports
-# one. 32 bytes will be read from this when the random
-# number generator is initalised.
-# SSL_FORBID_ENULL - define if you want the server to be not able to use the
-# NULL encryption ciphers.
-#
-# LOCK_DEBUG - turns on lots of lock debug output :-)
-# REF_CHECK - turn on some xyz_free() assertions.
-# REF_PRINT - prints some stuff on structure free.
-# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff
-# MFUNC - Make all Malloc/Free/Realloc calls call
-# CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
-# call application defined callbacks via CRYPTO_set_mem_functions()
-# MD5_ASM needs to be defined to use the x86 assembler for MD5
-# SHA1_ASM needs to be defined to use the x86 assembler for SHA1
-# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160
-# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8. It must
-# equal 4.
-# PKCS1_CHECK - pkcs1 tests.
-
-CC= cc
-CFLAG= -O
-DEPFLAG=
-PEX_LIBS=
-EX_LIBS=
-EXE_EXT=
-ARFLAGS=
-AR=ar $(ARFLAGS) r
-RANLIB= ranlib
-RC= windres
-NM= nm
-PERL= perl
-TAR= tar
-TARFLAGS= --no-recursion
-MAKEDEPPROG=makedepend
-LIBDIR=lib
-
-# We let the C compiler driver to take care of .s files. This is done in
-# order to be excused from maintaining a separate set of architecture
-# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
-# gcc, then the driver will automatically translate it to -xarch=v8plus
-# and pass it down to assembler.
-AS=$(CC) -c
-ASFLAG=$(CFLAG)
-
-# For x86 assembler: Set PROCESSOR to 386 if you want to support
-# the 80386.
-PROCESSOR=
-
-# CPUID module collects small commonly used assembler snippets
-CPUID_OBJ=
-BN_ASM= bn_asm.o
-EC_ASM=
-DES_ENC= des_enc.o fcrypt_b.o
-AES_ENC= aes_core.o aes_cbc.o
-BF_ENC= bf_enc.o
-CAST_ENC= c_enc.o
-RC4_ENC= rc4_enc.o
-RC5_ENC= rc5_enc.o
-MD5_ASM_OBJ=
-SHA1_ASM_OBJ=
-RMD160_ASM_OBJ=
-WP_ASM_OBJ=
-CMLL_ENC=
-MODES_ASM_OBJ=
-ENGINES_ASM_OBJ=
-PERLASM_SCHEME=
-
-# KRB5 stuff
-KRB5_INCLUDES=
-LIBKRB5=
-
-# Zlib stuff
-ZLIB_INCLUDE=
-LIBZLIB=
-
-# TOP level FIPS install directory.
-FIPSDIR=
-
-# This is the location of fipscanister.o and friends.
-# The FIPS module build will place it $(INSTALLTOP)/lib
-# but since $(INSTALLTOP) can only take the default value
-# when the module is built it will be in /usr/local/ssl/lib
-# $(INSTALLTOP) for this build may be different so hard
-# code the path.
-
-FIPSLIBDIR=
-
-# The location of the library which contains fipscanister.o
-# normally it will be libcrypto unless fipsdso is set in which
-# case it will be libfips. If not compiling in FIPS mode at all
-# this is empty making it a useful test for a FIPS compile.
-
-FIPSCANLIB=
-
-# Shared library base address. Currently only used on Windows.
-#
-
-BASEADDR=
-
-DIRS= crypto ssl engines apps test tools
-ENGDIRS= ccgost
-SHLIBDIRS= crypto ssl
-
-# dirs in crypto to build
-SDIRS= \
- objects \
- md2 md4 md5 sha mdc2 hmac ripemd whrlpool \
- des aes rc2 rc4 rc5 idea bf cast camellia seed modes \
- bn ec rsa dsa ecdsa dh ecdh dso engine \
- buffer bio stack lhash rand err \
- evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
- cms pqueue ts jpake srp store cmac
-# keep in mind that the above list is adjusted by ./Configure
-# according to no-xxx arguments...
-
-# tests to perform. "alltests" is a special word indicating that all tests
-# should be performed.
-TESTS = alltests
-
-MAKEFILE= Makefile
-
-MANDIR=$(OPENSSLDIR)/man
-MAN1=1
-MAN3=3
-MANSUFFIX=
-HTMLSUFFIX=html
-HTMLDIR=$(OPENSSLDIR)/html
-SHELL=/bin/sh
-
-TOP= .
-ONEDIRS=out tmp
-EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS
-WDIRS= windows
-LIBS= libcrypto.a libssl.a
-SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
-SHARED_SSL=libssl$(SHLIB_EXT)
-SHARED_LIBS=
-SHARED_LIBS_LINK_EXTS=
-SHARED_LDFLAGS=
-
-GENERAL= Makefile
-BASENAME= openssl
-NAME= $(BASENAME)-$(VERSION)
-TARFILE= ../$(NAME).tar
-EXHEADER= e_os2.h
-HEADER= e_os.h
-
-all: Makefile build_all
-
-# as we stick to -e, CLEARENV ensures that local variables in lower
-# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
-# shell, which [annoyingly enough] terminates unset with error if VAR
-# is not present:-( TOP= && unset TOP is tribute to HP-UX /bin/sh,
-# which terminates unset with error if no variable was present:-(
-CLEARENV= TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS} \
- $${INCLUDE+INCLUDE} $${INCLUDES+INCLUDES} \
- $${DIR+DIR} $${DIRS+DIRS} $${SRC+SRC} \
- $${LIBSRC+LIBSRC} $${LIBOBJ+LIBOBJ} $${ALL+ALL} \
- $${EXHEADER+EXHEADER} $${HEADER+HEADER} \
- $${GENERAL+GENERAL} $${CFLAGS+CFLAGS} \
- $${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS} \
- $${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} $${SCRIPTS+SCRIPTS} \
- $${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \
- $${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS} \
- $${APPS+APPS}
-
-# LC_ALL=C ensures that error [and other] messages are delivered in
-# same language for uniform treatment.
-BUILDENV= LC_ALL=C PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)'\
- CC='$(CC)' CFLAG='$(CFLAG)' \
- AS='$(CC)' ASFLAG='$(CFLAG) -c' \
- AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)' \
- RC='$(RC)' \
- CROSS_COMPILE='$(CROSS_COMPILE)' \
- PERL='$(PERL)' ENGDIRS='$(ENGDIRS)' \
- SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/$(LIBDIR)' \
- INSTALL_PREFIX='$(INSTALL_PREFIX)' \
- INSTALLTOP='$(INSTALLTOP)' OPENSSLDIR='$(OPENSSLDIR)' \
- LIBDIR='$(LIBDIR)' \
- MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD $(MAKEDEPPROG)' \
- DEPFLAG='-DOPENSSL_NO_DEPRECATED $(DEPFLAG)' \
- MAKEDEPPROG='$(MAKEDEPPROG)' \
- SHARED_LDFLAGS='$(SHARED_LDFLAGS)' \
- KRB5_INCLUDES='$(KRB5_INCLUDES)' LIBKRB5='$(LIBKRB5)' \
- ZLIB_INCLUDE='$(ZLIB_INCLUDE)' LIBZLIB='$(LIBZLIB)' \
- EXE_EXT='$(EXE_EXT)' SHARED_LIBS='$(SHARED_LIBS)' \
- SHLIB_EXT='$(SHLIB_EXT)' SHLIB_TARGET='$(SHLIB_TARGET)' \
- PEX_LIBS='$(PEX_LIBS)' EX_LIBS='$(EX_LIBS)' \
- CPUID_OBJ='$(CPUID_OBJ)' BN_ASM='$(BN_ASM)' \
- EC_ASM='$(EC_ASM)' DES_ENC='$(DES_ENC)' \
- AES_ENC='$(AES_ENC)' CMLL_ENC='$(CMLL_ENC)' \
- BF_ENC='$(BF_ENC)' CAST_ENC='$(CAST_ENC)' \
- RC4_ENC='$(RC4_ENC)' RC5_ENC='$(RC5_ENC)' \
- SHA1_ASM_OBJ='$(SHA1_ASM_OBJ)' \
- MD5_ASM_OBJ='$(MD5_ASM_OBJ)' \
- RMD160_ASM_OBJ='$(RMD160_ASM_OBJ)' \
- WP_ASM_OBJ='$(WP_ASM_OBJ)' \
- MODES_ASM_OBJ='$(MODES_ASM_OBJ)' \
- ENGINES_ASM_OBJ='$(ENGINES_ASM_OBJ)' \
- PERLASM_SCHEME='$(PERLASM_SCHEME)' \
- FIPSLIBDIR='${FIPSLIBDIR}' \
- FIPSDIR='${FIPSDIR}' \
- FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \
- THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
-# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
-# which in turn eliminates ambiguities in variable treatment with -e.
-
-# BUILD_CMD is a generic macro to build a given target in a given
-# subdirectory. The target must be given through the shell variable
-# `target' and the subdirectory to build in must be given through `dir'.
-# This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or
-# BUILD_ONE_CMD instead.
-#
-# BUILD_ONE_CMD is a macro to build a given target in a given
-# subdirectory if that subdirectory is part of $(DIRS). It requires
-# exactly the same shell variables as BUILD_CMD.
-#
-# RECURSIVE_BUILD_CMD is a macro to build a given target in all
-# subdirectories defined in $(DIRS). It requires that the target
-# is given through the shell variable `target'.
-BUILD_CMD= if [ -d "$$dir" ]; then \
- ( cd $$dir && echo "making $$target in $$dir..." && \
- $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \
- ) || exit 1; \
- fi
-RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done
-BUILD_ONE_CMD=\
- if expr " $(DIRS) " : ".* $$dir " >/dev/null 2>&1; then \
- $(BUILD_CMD); \
- fi
-
-reflect:
- @[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
-
-sub_all: build_all
-
-build_all: build_libs build_apps build_tests build_tools
-
-build_libs: build_libcrypto build_libssl openssl.pc
-
-build_libcrypto: build_crypto build_engines libcrypto.pc
-build_libssl: build_ssl libssl.pc
-
-build_crypto:
- @dir=crypto; target=all; $(BUILD_ONE_CMD)
-build_ssl: build_crypto
- @dir=ssl; target=all; $(BUILD_ONE_CMD)
-build_engines: build_crypto
- @dir=engines; target=all; $(BUILD_ONE_CMD)
-build_apps: build_libs
- @dir=apps; target=all; $(BUILD_ONE_CMD)
-build_tests: build_libs
- @dir=test; target=all; $(BUILD_ONE_CMD)
-build_tools: build_libs
- @dir=tools; target=all; $(BUILD_ONE_CMD)
-
-all_testapps: build_libs build_testapps
-build_testapps:
- @dir=crypto; target=testapps; $(BUILD_ONE_CMD)
-
-fips_premain_dso$(EXE_EXT): libcrypto.a
- [ -z "$(FIPSCANLIB)" ] || $(CC) $(CFLAG) -Iinclude \
- -DFINGERPRINT_PREMAIN_DSO_LOAD -o $@ \
- $(FIPSLIBDIR)fips_premain.c $(FIPSLIBDIR)fipscanister.o \
- libcrypto.a $(EX_LIBS)
-
-libcrypto$(SHLIB_EXT): libcrypto.a fips_premain_dso$(EXE_EXT)
- @if [ "$(SHLIB_TARGET)" != "" ]; then \
- if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \
- FIPSLD_LIBCRYPTO=libcrypto.a ; \
- FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \
- export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \
- fi; \
- $(MAKE) -e SHLIBDIRS=crypto build-shared; \
- else \
- echo "There's no support for shared libraries on this platform" >&2; \
- exit 1; \
- fi
-
-libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
- @if [ "$(SHLIB_TARGET)" != "" ]; then \
- $(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
- else \
- echo "There's no support for shared libraries on this platform" >&2; \
- exit 1; \
- fi
-
-clean-shared:
- @set -e; for i in $(SHLIBDIRS); do \
- if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
- tmp="$(SHARED_LIBS_LINK_EXTS)"; \
- for j in $${tmp:-x}; do \
- ( set -x; rm -f lib$$i$$j ); \
- done; \
- fi; \
- ( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
- if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
- ( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
- fi; \
- done
-
-link-shared:
- @ set -e; for i in $(SHLIBDIRS); do \
- $(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
- LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
- LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
- symlink.$(SHLIB_TARGET); \
- libs="$$libs -l$$i"; \
- done
-
-build-shared: do_$(SHLIB_TARGET) link-shared
-
-do_$(SHLIB_TARGET):
- @ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \
- if [ "$$i" = "ssl" -a -n "$(LIBKRB5)" ]; then \
- libs="$(LIBKRB5) $$libs"; \
- fi; \
- $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
- LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
- LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
- LIBDEPS="$$libs $(EX_LIBS)" \
- link_a.$(SHLIB_TARGET); \
- libs="-l$$i $$libs"; \
- done
-
-libcrypto.pc: Makefile
- @ ( echo 'prefix=$(INSTALLTOP)'; \
- echo 'exec_prefix=$${prefix}'; \
- echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
- echo 'includedir=$${prefix}/include'; \
- echo 'enginesdir=$${libdir}/engines'; \
- echo ''; \
- echo 'Name: OpenSSL-libcrypto'; \
- echo 'Description: OpenSSL cryptography library'; \
- echo 'Version: '$(VERSION); \
- echo 'Requires: '; \
- echo 'Libs: -L$${libdir} -lcrypto'; \
- echo 'Libs.private: $(EX_LIBS)'; \
- echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc
-
-libssl.pc: Makefile
- @ ( echo 'prefix=$(INSTALLTOP)'; \
- echo 'exec_prefix=$${prefix}'; \
- echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
- echo 'includedir=$${prefix}/include'; \
- echo ''; \
- echo 'Name: OpenSSL-libssl'; \
- echo 'Description: Secure Sockets Layer and cryptography libraries'; \
- echo 'Version: '$(VERSION); \
- echo 'Requires.private: libcrypto'; \
- echo 'Libs: -L$${libdir} -lssl'; \
- echo 'Libs.private: $(EX_LIBS)'; \
- echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
-
-openssl.pc: Makefile
- @ ( echo 'prefix=$(INSTALLTOP)'; \
- echo 'exec_prefix=$${prefix}'; \
- echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
- echo 'includedir=$${prefix}/include'; \
- echo ''; \
- echo 'Name: OpenSSL'; \
- echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
- echo 'Version: '$(VERSION); \
- echo 'Requires: libssl libcrypto' ) > openssl.pc
-
-Makefile: Makefile.org Configure config
- @echo "Makefile is older than Makefile.org, Configure or config."
- @echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
- @false
-
-libclean:
- rm -f *.map *.so *.so.* *.dylib *.dll engines/*.so engines/*.dll engines/*.dylib *.a engines/*.a */lib */*/lib
-
-clean: libclean
- rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c
- @set -e; target=clean; $(RECURSIVE_BUILD_CMD)
- rm -f $(LIBS)
- rm -f openssl.pc libssl.pc libcrypto.pc
- rm -f speed.* .pure
- rm -f $(TARFILE)
- @set -e; for i in $(ONEDIRS) ;\
- do \
- rm -fr $$i/*; \
- done
-
-distclean: clean
- -$(RM) `find . -name .git -prune -o -type l -print`
- $(RM) apps/CA.pl
- $(RM) test/evptests.txt test/newkey.pem test/testkey.pem test/testreq.pem
- $(RM) tools/c_rehash
- $(RM) crypto/opensslconf.h
- $(RM) Makefile Makefile.bak
-
-makefile.one: files
- $(PERL) util/mk1mf.pl >makefile.one; \
- sh util/do_ms.sh
-
-files:
- $(PERL) $(TOP)/util/files.pl Makefile > $(TOP)/MINFO
- @set -e; target=files; $(RECURSIVE_BUILD_CMD)
-
-links:
- @$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
- @$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
- @set -e; target=links; $(RECURSIVE_BUILD_CMD)
-
-gentests:
- @(cd test && echo "generating dummy tests (if needed)..." && \
- $(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on generate );
-
-dclean:
- rm -rf *.bak include/openssl certs/.0
- @set -e; target=dclean; $(RECURSIVE_BUILD_CMD)
-
-rehash: rehash.time
-rehash.time: certs apps
- @if [ -z "$(CROSS_COMPILE)" ]; then \
- (OPENSSL="`pwd`/util/opensslwrap.sh"; \
- [ -x "apps/openssl.exe" ] && OPENSSL="apps/openssl.exe" || :; \
- OPENSSL_DEBUG_MEMORY=on; \
- export OPENSSL OPENSSL_DEBUG_MEMORY; \
- $(PERL) tools/c_rehash certs/demo) && \
- touch rehash.time; \
- else :; fi
-
-test: tests
-
-tests: rehash
- @(cd test && echo "testing..." && \
- $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf tests );
- OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a
-
-report:
- @$(PERL) util/selftest.pl
-
-update: errors stacks util/libeay.num util/ssleay.num TABLE
- @set -e; target=update; $(RECURSIVE_BUILD_CMD)
-
-depend:
- @set -e; target=depend; $(RECURSIVE_BUILD_CMD)
-
-lint:
- @set -e; target=lint; $(RECURSIVE_BUILD_CMD)
-
-tags:
- rm -f TAGS
- find . -name '[^.]*.[ch]' | xargs etags -a
-
-errors:
- $(PERL) util/ck_errf.pl -strict */*.c */*/*.c
- $(PERL) util/mkerr.pl -recurse -write
- (cd engines; $(MAKE) PERL=$(PERL) errors)
-
-stacks:
- $(PERL) util/mkstack.pl -write
-
-util/libeay.num::
- $(PERL) util/mkdef.pl crypto update
-
-util/ssleay.num::
- $(PERL) util/mkdef.pl ssl update
-
-TABLE: Configure
- (echo 'Output of `Configure TABLE'"':"; \
- $(PERL) Configure TABLE) > TABLE
-
-# Build distribution tar-file. As the list of files returned by "find" is
-# pretty long, on several platforms a "too many arguments" error or similar
-# would occur. Therefore the list of files is temporarily stored into a file
-# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
-# tar does not support the --files-from option.
-TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \
- --owner 0 --group 0 \
- --transform 's|^|$(NAME)/|' \
- -cvf -
-
-$(TARFILE).list:
- find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \
- \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \
- \( \! -name '*test' -o -name bctest -o -name pod2mantest \) \
- \! -name '.#*' \! -name '*.bak' \! -name '*~' \! -type l \
- | sort > $(TARFILE).list
-
-tar: $(TARFILE).list
- find . -type d -print | xargs chmod 755
- find . -type f -print | xargs chmod a+r
- find . -type f -perm -0100 -print | xargs chmod a+x
- $(TAR_COMMAND) | gzip --best > $(TARFILE).gz
- rm -f $(TARFILE).list
- ls -l $(TARFILE).gz
-
-tar-snap: $(TARFILE).list
- $(TAR_COMMAND) > $(TARFILE)
- rm -f $(TARFILE).list
- ls -l $(TARFILE)
-
-dist:
- $(PERL) Configure dist
- @$(MAKE) SDIRS='$(SDIRS)' clean
- @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
-
-install: all install_docs install_sw
-
-install_sw:
- @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
- $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
- $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
- $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \
- $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
- $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
- $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
- $(INSTALL_PREFIX)$(OPENSSLDIR)/private
- @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
- do \
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done;
- @set -e; target=install; $(RECURSIVE_BUILD_CMD)
- @set -e; liblist="$(LIBS)"; for i in $$liblist ;\
- do \
- if [ -f "$$i" ]; then \
- ( echo installing $$i; \
- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
- $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \
- fi; \
- done;
- @set -e; if [ -n "$(SHARED_LIBS)" ]; then \
- tmp="$(SHARED_LIBS)"; \
- for i in $${tmp:-x}; \
- do \
- if [ -f "$$i" -o -f "$$i.a" ]; then \
- ( echo installing $$i; \
- if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
- c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
- cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
- chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
- else \
- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
- fi ); \
- if expr $(PLATFORM) : 'mingw' > /dev/null; then \
- ( case $$i in \
- *crypto*) i=libeay32.dll;; \
- *ssl*) i=ssleay32.dll;; \
- esac; \
- echo installing $$i; \
- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
- chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
- fi; \
- fi; \
- done; \
- ( here="`pwd`"; \
- cd $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR); \
- $(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \
- if [ "$(INSTALLTOP)" != "/usr" ]; then \
- echo 'OpenSSL shared libraries have been installed in:'; \
- echo ' $(INSTALLTOP)'; \
- echo ''; \
- sed -e '1,/^$$/d' doc/openssl-shared.txt; \
- fi; \
- fi
- cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc
- cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc
- cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc
-
-install_html_docs:
- here="`pwd`"; \
- filecase=; \
- case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*|darwin*-*-cc) \
- filecase=-i; \
- esac; \
- for subdir in apps crypto ssl; do \
- mkdir -p $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \
- for i in doc/$$subdir/*.pod; do \
- fn=`basename $$i .pod`; \
- echo "installing html/$$fn.$(HTMLSUFFIX)"; \
- cat $$i \
- | sed -r 's/L<([^)]*)(\([0-9]\))?\|([^)]*)(\([0-9]\))?>/L<\1|\3>/g' \
- | pod2html --podroot=doc --htmlroot=.. --podpath=apps:crypto:ssl \
- | sed -r 's/<!DOCTYPE.*//g' \
- > $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir/$$fn.$(HTMLSUFFIX); \
- $(PERL) util/extract-names.pl < $$i | \
- grep -v $$filecase "^$$fn\$$" | \
- (cd $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \
- while read n; do \
- PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$(HTMLSUFFIX) "$$n".$(HTMLSUFFIX); \
- done); \
- done; \
- done
-
-install_docs:
- @$(PERL) $(TOP)/util/mkdir-p.pl \
- $(INSTALL_PREFIX)$(MANDIR)/man1 \
- $(INSTALL_PREFIX)$(MANDIR)/man3 \
- $(INSTALL_PREFIX)$(MANDIR)/man5 \
- $(INSTALL_PREFIX)$(MANDIR)/man7
- @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
- here="`pwd`"; \
- filecase=; \
- case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*|darwin*-*-cc) \
- filecase=-i; \
- esac; \
- set -e; for i in doc/apps/*.pod; do \
- fn=`basename $$i .pod`; \
- sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
- echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
- (cd `$(PERL) util/dirname.pl $$i`; \
- sh -c "$$pod2man \
- --section=$$sec --center=OpenSSL \
- --release=$(VERSION) `basename $$i`") \
- > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
- $(PERL) util/extract-names.pl < $$i | \
- (grep -v $$filecase "^$$fn\$$"; true) | \
- (grep -v "[ ]"; true) | \
- (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
- while read n; do \
- PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
- done); \
- done; \
- set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \
- fn=`basename $$i .pod`; \
- sec=`$(PERL) util/extract-section.pl 3 < $$i`; \
- echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
- (cd `$(PERL) util/dirname.pl $$i`; \
- sh -c "$$pod2man \
- --section=$$sec --center=OpenSSL \
- --release=$(VERSION) `basename $$i`") \
- > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
- $(PERL) util/extract-names.pl < $$i | \
- (grep -v $$filecase "^$$fn\$$"; true) | \
- (grep -v "[ ]"; true) | \
- (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
- while read n; do \
- PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
- done); \
- done
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
Index: sources/packages/n/openssl10/create-1.0.2u-shlib-patch/openssl-1.0.2u-new/Makefile
===================================================================
--- sources/packages/n/openssl10/create-1.0.2u-shlib-patch/openssl-1.0.2u-new/Makefile (revision 419)
+++ sources/packages/n/openssl10/create-1.0.2u-shlib-patch/openssl-1.0.2u-new/Makefile (nonexistent)
@@ -1,691 +0,0 @@
-### Generated automatically from Makefile.org by Configure.
-
-##
-## Makefile for OpenSSL
-##
-
-VERSION=1.0.2u
-MAJOR=1
-MINOR=0.2
-SHLIB_VERSION_NUMBER=1.0.0
-SHLIB_VERSION_HISTORY=
-SHLIB_MAJOR=1
-SHLIB_MINOR=0.0
-SHLIB_EXT=.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-PLATFORM=linux-x86_64
-OPTIONS=-Wa,--noexecstack no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-libunbound no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-ssl-trace no-ssl2 no-store no-unit-test no-weak-ssl-ciphers no-zlib no-zlib-dynamic static-engine
-CONFIGURE_ARGS=linux-x86_64 -Wa,--noexecstack
-SHLIB_TARGET=linux-shared
-
-# HERE indicates where this Makefile lives. This can be used to indicate
-# where sub-Makefiles are expected to be. Currently has very limited usage,
-# and should probably not be bothered with at all.
-HERE=.
-
-# INSTALL_PREFIX is for package builders so that they can configure
-# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
-# Normally it is left empty.
-INSTALL_PREFIX=
-INSTALLTOP=/usr/local/ssl
-
-# Do not edit this manually. Use Configure --openssldir=DIR do change this!
-OPENSSLDIR=/usr/local/ssl
-
-# NO_IDEA - Define to build without the IDEA algorithm
-# NO_RC4 - Define to build without the RC4 algorithm
-# NO_RC2 - Define to build without the RC2 algorithm
-# THREADS - Define when building with threads, you will probably also need any
-# system defines as well, i.e. _REENTERANT for Solaris 2.[34]
-# TERMIO - Define the termio terminal subsystem, needed if sgtty is missing.
-# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
-# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
-# DEVRANDOM - Give this the value of the 'random device' if your OS supports
-# one. 32 bytes will be read from this when the random
-# number generator is initalised.
-# SSL_FORBID_ENULL - define if you want the server to be not able to use the
-# NULL encryption ciphers.
-#
-# LOCK_DEBUG - turns on lots of lock debug output :-)
-# REF_CHECK - turn on some xyz_free() assertions.
-# REF_PRINT - prints some stuff on structure free.
-# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff
-# MFUNC - Make all Malloc/Free/Realloc calls call
-# CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
-# call application defined callbacks via CRYPTO_set_mem_functions()
-# MD5_ASM needs to be defined to use the x86 assembler for MD5
-# SHA1_ASM needs to be defined to use the x86 assembler for SHA1
-# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160
-# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8. It must
-# equal 4.
-# PKCS1_CHECK - pkcs1 tests.
-
-CC= gcc
-CFLAG= -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
-DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_LIBUNBOUND -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS
-PEX_LIBS=
-EX_LIBS= -ldl
-EXE_EXT=
-ARFLAGS=
-AR= ar $(ARFLAGS) r
-RANLIB= /usr/bin/ranlib
-RC= windres
-NM= nm
-PERL= /usr/bin/perl
-TAR= tar
-TARFLAGS= --no-recursion
-MAKEDEPPROG= gcc
-LIBDIR=lib
-
-# We let the C compiler driver to take care of .s files. This is done in
-# order to be excused from maintaining a separate set of architecture
-# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
-# gcc, then the driver will automatically translate it to -xarch=v8plus
-# and pass it down to assembler.
-AS=$(CC) -c
-ASFLAG=$(CFLAG)
-
-# For x86 assembler: Set PROCESSOR to 386 if you want to support
-# the 80386.
-PROCESSOR=
-
-# CPUID module collects small commonly used assembler snippets
-CPUID_OBJ= x86_64cpuid.o
-BN_ASM= x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o
-EC_ASM= ecp_nistz256.o ecp_nistz256-x86_64.o
-DES_ENC= des_enc.o fcrypt_b.o
-AES_ENC= aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o
-BF_ENC= bf_enc.o
-CAST_ENC= c_enc.o
-RC4_ENC= rc4-x86_64.o rc4-md5-x86_64.o
-RC5_ENC= rc5_enc.o
-MD5_ASM_OBJ= md5-x86_64.o
-SHA1_ASM_OBJ= sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o
-RMD160_ASM_OBJ=
-WP_ASM_OBJ= wp-x86_64.o
-CMLL_ENC= cmll-x86_64.o cmll_misc.o
-MODES_ASM_OBJ= ghash-x86_64.o aesni-gcm-x86_64.o
-ENGINES_ASM_OBJ=
-PERLASM_SCHEME= elf
-
-# KRB5 stuff
-KRB5_INCLUDES=
-LIBKRB5=
-
-# Zlib stuff
-ZLIB_INCLUDE=
-LIBZLIB=
-
-# TOP level FIPS install directory.
-FIPSDIR=/usr/local/ssl/fips-2.0
-
-# This is the location of fipscanister.o and friends.
-# The FIPS module build will place it $(INSTALLTOP)/lib
-# but since $(INSTALLTOP) can only take the default value
-# when the module is built it will be in /usr/local/ssl/lib
-# $(INSTALLTOP) for this build may be different so hard
-# code the path.
-
-FIPSLIBDIR=
-
-# The location of the library which contains fipscanister.o
-# normally it will be libcrypto unless fipsdso is set in which
-# case it will be libfips. If not compiling in FIPS mode at all
-# this is empty making it a useful test for a FIPS compile.
-
-FIPSCANLIB=
-
-# Shared library base address. Currently only used on Windows.
-#
-
-BASEADDR=0xFB00000
-
-DIRS= crypto ssl engines apps test tools
-ENGDIRS= ccgost
-SHLIBDIRS= crypto ssl
-
-# dirs in crypto to build
-SDIRS= \
- objects \
- md4 md5 sha mdc2 hmac ripemd whrlpool \
- des aes rc2 rc4 idea bf cast camellia seed modes \
- bn ec rsa dsa ecdsa dh ecdh dso engine \
- buffer bio stack lhash rand err \
- evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
- cms pqueue ts srp cmac
-# keep in mind that the above list is adjusted by ./Configure
-# according to no-xxx arguments...
-
-# tests to perform. "alltests" is a special word indicating that all tests
-# should be performed.
-TESTS = alltests
-
-MAKEFILE= Makefile
-
-MANDIR=$(OPENSSLDIR)/man
-MAN1=1
-MAN3=3
-MANSUFFIX=
-HTMLSUFFIX=html
-HTMLDIR=$(OPENSSLDIR)/html
-SHELL=/bin/sh
-
-TOP= .
-ONEDIRS=out tmp
-EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS
-WDIRS= windows
-LIBS= libcrypto.a libssl.a
-SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
-SHARED_SSL=libssl$(SHLIB_EXT)
-SHARED_LIBS=
-SHARED_LIBS_LINK_EXTS=.so.$(SHLIB_MAJOR) .so
-SHARED_LDFLAGS=-m64
-
-GENERAL= Makefile
-BASENAME= openssl
-NAME= $(BASENAME)-$(VERSION)
-TARFILE= ../$(NAME).tar
-EXHEADER= e_os2.h
-HEADER= e_os.h
-
-all: Makefile build_all
-
-# as we stick to -e, CLEARENV ensures that local variables in lower
-# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
-# shell, which [annoyingly enough] terminates unset with error if VAR
-# is not present:-( TOP= && unset TOP is tribute to HP-UX /bin/sh,
-# which terminates unset with error if no variable was present:-(
-CLEARENV= TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS} \
- $${INCLUDE+INCLUDE} $${INCLUDES+INCLUDES} \
- $${DIR+DIR} $${DIRS+DIRS} $${SRC+SRC} \
- $${LIBSRC+LIBSRC} $${LIBOBJ+LIBOBJ} $${ALL+ALL} \
- $${EXHEADER+EXHEADER} $${HEADER+HEADER} \
- $${GENERAL+GENERAL} $${CFLAGS+CFLAGS} \
- $${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS} \
- $${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} $${SCRIPTS+SCRIPTS} \
- $${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \
- $${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS} \
- $${APPS+APPS}
-
-# LC_ALL=C ensures that error [and other] messages are delivered in
-# same language for uniform treatment.
-BUILDENV= LC_ALL=C PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)'\
- CC='$(CC)' CFLAG='$(CFLAG)' \
- AS='$(CC)' ASFLAG='$(CFLAG) -c' \
- AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)' \
- RC='$(RC)' \
- CROSS_COMPILE='$(CROSS_COMPILE)' \
- PERL='$(PERL)' ENGDIRS='$(ENGDIRS)' \
- SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/$(LIBDIR)' \
- INSTALL_PREFIX='$(INSTALL_PREFIX)' \
- INSTALLTOP='$(INSTALLTOP)' OPENSSLDIR='$(OPENSSLDIR)' \
- LIBDIR='$(LIBDIR)' \
- MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD $(MAKEDEPPROG)' \
- DEPFLAG='-DOPENSSL_NO_DEPRECATED $(DEPFLAG)' \
- MAKEDEPPROG='$(MAKEDEPPROG)' \
- SHARED_LDFLAGS='$(SHARED_LDFLAGS)' \
- KRB5_INCLUDES='$(KRB5_INCLUDES)' LIBKRB5='$(LIBKRB5)' \
- ZLIB_INCLUDE='$(ZLIB_INCLUDE)' LIBZLIB='$(LIBZLIB)' \
- EXE_EXT='$(EXE_EXT)' SHARED_LIBS='$(SHARED_LIBS)' \
- SHLIB_EXT='$(SHLIB_EXT)' SHLIB_TARGET='$(SHLIB_TARGET)' \
- PEX_LIBS='$(PEX_LIBS)' EX_LIBS='$(EX_LIBS)' \
- CPUID_OBJ='$(CPUID_OBJ)' BN_ASM='$(BN_ASM)' \
- EC_ASM='$(EC_ASM)' DES_ENC='$(DES_ENC)' \
- AES_ENC='$(AES_ENC)' CMLL_ENC='$(CMLL_ENC)' \
- BF_ENC='$(BF_ENC)' CAST_ENC='$(CAST_ENC)' \
- RC4_ENC='$(RC4_ENC)' RC5_ENC='$(RC5_ENC)' \
- SHA1_ASM_OBJ='$(SHA1_ASM_OBJ)' \
- MD5_ASM_OBJ='$(MD5_ASM_OBJ)' \
- RMD160_ASM_OBJ='$(RMD160_ASM_OBJ)' \
- WP_ASM_OBJ='$(WP_ASM_OBJ)' \
- MODES_ASM_OBJ='$(MODES_ASM_OBJ)' \
- ENGINES_ASM_OBJ='$(ENGINES_ASM_OBJ)' \
- PERLASM_SCHEME='$(PERLASM_SCHEME)' \
- FIPSLIBDIR='${FIPSLIBDIR}' \
- FIPSDIR='${FIPSDIR}' \
- FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \
- THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
-# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
-# which in turn eliminates ambiguities in variable treatment with -e.
-
-# BUILD_CMD is a generic macro to build a given target in a given
-# subdirectory. The target must be given through the shell variable
-# `target' and the subdirectory to build in must be given through `dir'.
-# This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or
-# BUILD_ONE_CMD instead.
-#
-# BUILD_ONE_CMD is a macro to build a given target in a given
-# subdirectory if that subdirectory is part of $(DIRS). It requires
-# exactly the same shell variables as BUILD_CMD.
-#
-# RECURSIVE_BUILD_CMD is a macro to build a given target in all
-# subdirectories defined in $(DIRS). It requires that the target
-# is given through the shell variable `target'.
-BUILD_CMD= if [ -d "$$dir" ]; then \
- ( cd $$dir && echo "making $$target in $$dir..." && \
- $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \
- ) || exit 1; \
- fi
-RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done
-BUILD_ONE_CMD=\
- if expr " $(DIRS) " : ".* $$dir " >/dev/null 2>&1; then \
- $(BUILD_CMD); \
- fi
-
-reflect:
- @[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
-
-sub_all: build_all
-
-build_all: build_libs build_apps build_tests build_tools
-
-build_libs: build_libcrypto build_libssl openssl.pc
-
-build_libcrypto: build_crypto build_engines libcrypto.pc
-build_libssl: build_ssl libssl.pc
-
-build_crypto:
- @dir=crypto; target=all; $(BUILD_ONE_CMD)
-build_ssl: build_crypto
- @dir=ssl; target=all; $(BUILD_ONE_CMD)
-build_engines: build_crypto
- @dir=engines; target=all; $(BUILD_ONE_CMD)
-build_apps: build_libs
- @dir=apps; target=all; $(BUILD_ONE_CMD)
-build_tests: build_libs
- @dir=test; target=all; $(BUILD_ONE_CMD)
-build_tools: build_libs
- @dir=tools; target=all; $(BUILD_ONE_CMD)
-
-all_testapps: build_libs build_testapps
-build_testapps:
- @dir=crypto; target=testapps; $(BUILD_ONE_CMD)
-
-fips_premain_dso$(EXE_EXT): libcrypto.a
- [ -z "$(FIPSCANLIB)" ] || $(CC) $(CFLAG) -Iinclude \
- -DFINGERPRINT_PREMAIN_DSO_LOAD -o $@ \
- $(FIPSLIBDIR)fips_premain.c $(FIPSLIBDIR)fipscanister.o \
- libcrypto.a $(EX_LIBS)
-
-libcrypto$(SHLIB_EXT): libcrypto.a fips_premain_dso$(EXE_EXT)
- @if [ "$(SHLIB_TARGET)" != "" ]; then \
- if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \
- FIPSLD_LIBCRYPTO=libcrypto.a ; \
- FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \
- export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \
- fi; \
- $(MAKE) -e SHLIBDIRS=crypto build-shared; \
- else \
- echo "There's no support for shared libraries on this platform" >&2; \
- exit 1; \
- fi
-
-libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
- @if [ "$(SHLIB_TARGET)" != "" ]; then \
- $(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
- else \
- echo "There's no support for shared libraries on this platform" >&2; \
- exit 1; \
- fi
-
-clean-shared:
- @set -e; for i in $(SHLIBDIRS); do \
- if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
- tmp="$(SHARED_LIBS_LINK_EXTS)"; \
- for j in $${tmp:-x}; do \
- ( set -x; rm -f lib$$i$$j ); \
- done; \
- fi; \
- ( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
- if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
- ( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
- fi; \
- done
-
-link-shared:
- @ set -e; for i in $(SHLIBDIRS); do \
- $(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
- LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
- LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
- symlink.$(SHLIB_TARGET); \
- libs="$$libs -l$$i"; \
- done
-
-build-shared: do_$(SHLIB_TARGET) link-shared
-
-do_$(SHLIB_TARGET):
- @ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \
- if [ "$$i" = "ssl" -a -n "$(LIBKRB5)" ]; then \
- libs="$(LIBKRB5) $$libs"; \
- fi; \
- $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
- LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
- LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
- LIBDEPS="$$libs $(EX_LIBS)" \
- link_a.$(SHLIB_TARGET); \
- libs="-l$$i $$libs"; \
- done
-
-libcrypto.pc: Makefile
- @ ( echo 'prefix=$(INSTALLTOP)'; \
- echo 'exec_prefix=$${prefix}'; \
- echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
- echo 'includedir=$${prefix}/include'; \
- echo 'enginesdir=$${libdir}/engines'; \
- echo ''; \
- echo 'Name: OpenSSL-libcrypto'; \
- echo 'Description: OpenSSL cryptography library'; \
- echo 'Version: '$(VERSION); \
- echo 'Requires: '; \
- echo 'Libs: -L$${libdir} -lcrypto'; \
- echo 'Libs.private: $(EX_LIBS)'; \
- echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc
-
-libssl.pc: Makefile
- @ ( echo 'prefix=$(INSTALLTOP)'; \
- echo 'exec_prefix=$${prefix}'; \
- echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
- echo 'includedir=$${prefix}/include'; \
- echo ''; \
- echo 'Name: OpenSSL-libssl'; \
- echo 'Description: Secure Sockets Layer and cryptography libraries'; \
- echo 'Version: '$(VERSION); \
- echo 'Requires.private: libcrypto'; \
- echo 'Libs: -L$${libdir} -lssl'; \
- echo 'Libs.private: $(EX_LIBS)'; \
- echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
-
-openssl.pc: Makefile
- @ ( echo 'prefix=$(INSTALLTOP)'; \
- echo 'exec_prefix=$${prefix}'; \
- echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
- echo 'includedir=$${prefix}/include'; \
- echo ''; \
- echo 'Name: OpenSSL'; \
- echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
- echo 'Version: '$(VERSION); \
- echo 'Requires: libssl libcrypto' ) > openssl.pc
-
-Makefile: Makefile.org Configure config
- @echo "Makefile is older than Makefile.org, Configure or config."
- @echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
- @false
-
-libclean:
- rm -f *.map *.so *.so.* *.dylib *.dll engines/*.so engines/*.dll engines/*.dylib *.a engines/*.a */lib */*/lib
-
-clean: libclean
- rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c
- @set -e; target=clean; $(RECURSIVE_BUILD_CMD)
- rm -f $(LIBS)
- rm -f openssl.pc libssl.pc libcrypto.pc
- rm -f speed.* .pure
- rm -f $(TARFILE)
- @set -e; for i in $(ONEDIRS) ;\
- do \
- rm -fr $$i/*; \
- done
-
-distclean: clean
- -$(RM) `find . -name .git -prune -o -type l -print`
- $(RM) apps/CA.pl
- $(RM) test/evptests.txt test/newkey.pem test/testkey.pem test/testreq.pem
- $(RM) tools/c_rehash
- $(RM) crypto/opensslconf.h
- $(RM) Makefile Makefile.bak
-
-makefile.one: files
- $(PERL) util/mk1mf.pl >makefile.one; \
- sh util/do_ms.sh
-
-files:
- $(PERL) $(TOP)/util/files.pl Makefile > $(TOP)/MINFO
- @set -e; target=files; $(RECURSIVE_BUILD_CMD)
-
-links:
- @$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
- @$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
- @set -e; target=links; $(RECURSIVE_BUILD_CMD)
-
-gentests:
- @(cd test && echo "generating dummy tests (if needed)..." && \
- $(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on generate );
-
-dclean:
- rm -rf *.bak include/openssl certs/.0
- @set -e; target=dclean; $(RECURSIVE_BUILD_CMD)
-
-rehash: rehash.time
-rehash.time: certs apps
- @if [ -z "$(CROSS_COMPILE)" ]; then \
- (OPENSSL="`pwd`/util/opensslwrap.sh"; \
- [ -x "apps/openssl.exe" ] && OPENSSL="apps/openssl.exe" || :; \
- OPENSSL_DEBUG_MEMORY=on; \
- export OPENSSL OPENSSL_DEBUG_MEMORY; \
- $(PERL) tools/c_rehash certs/demo) && \
- touch rehash.time; \
- else :; fi
-
-test: tests
-
-tests: rehash
- @(cd test && echo "testing..." && \
- $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf tests );
- OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a
-
-report:
- @$(PERL) util/selftest.pl
-
-update: errors stacks util/libeay.num util/ssleay.num TABLE
- @set -e; target=update; $(RECURSIVE_BUILD_CMD)
-
-depend:
- @set -e; target=depend; $(RECURSIVE_BUILD_CMD)
-
-lint:
- @set -e; target=lint; $(RECURSIVE_BUILD_CMD)
-
-tags:
- rm -f TAGS
- find . -name '[^.]*.[ch]' | xargs etags -a
-
-errors:
- $(PERL) util/ck_errf.pl -strict */*.c */*/*.c
- $(PERL) util/mkerr.pl -recurse -write
- (cd engines; $(MAKE) PERL=$(PERL) errors)
-
-stacks:
- $(PERL) util/mkstack.pl -write
-
-util/libeay.num::
- $(PERL) util/mkdef.pl crypto update
-
-util/ssleay.num::
- $(PERL) util/mkdef.pl ssl update
-
-TABLE: Configure
- (echo 'Output of `Configure TABLE'"':"; \
- $(PERL) Configure TABLE) > TABLE
-
-# Build distribution tar-file. As the list of files returned by "find" is
-# pretty long, on several platforms a "too many arguments" error or similar
-# would occur. Therefore the list of files is temporarily stored into a file
-# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
-# tar does not support the --files-from option.
-TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \
- --owner 0 --group 0 \
- --transform 's|^|$(NAME)/|' \
- -cvf -
-
-$(TARFILE).list:
- find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \
- \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \
- \( \! -name '*test' -o -name bctest -o -name pod2mantest \) \
- \! -name '.#*' \! -name '*.bak' \! -name '*~' \! -type l \
- | sort > $(TARFILE).list
-
-tar: $(TARFILE).list
- find . -type d -print | xargs chmod 755
- find . -type f -print | xargs chmod a+r
- find . -type f -perm -0100 -print | xargs chmod a+x
- $(TAR_COMMAND) | gzip --best > $(TARFILE).gz
- rm -f $(TARFILE).list
- ls -l $(TARFILE).gz
-
-tar-snap: $(TARFILE).list
- $(TAR_COMMAND) > $(TARFILE)
- rm -f $(TARFILE).list
- ls -l $(TARFILE)
-
-dist:
- $(PERL) Configure dist
- @$(MAKE) SDIRS='$(SDIRS)' clean
- @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
-
-install: all install_docs install_sw
-
-install_sw:
- @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
- $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
- $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
- $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \
- $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
- $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
- $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
- $(INSTALL_PREFIX)$(OPENSSLDIR)/private
- @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
- do \
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done;
- @set -e; target=install; $(RECURSIVE_BUILD_CMD)
- @set -e; liblist="$(LIBS)"; for i in $$liblist ;\
- do \
- if [ -f "$$i" ]; then \
- ( echo installing $$i; \
- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
- $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \
- fi; \
- done;
- @set -e; if [ -n "$(SHARED_LIBS)" ]; then \
- tmp="$(SHARED_LIBS)"; \
- for i in $${tmp:-x}; \
- do \
- if [ -f "$$i" -o -f "$$i.a" ]; then \
- ( echo installing $$i; \
- if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
- c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
- cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
- chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
- else \
- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
- fi ); \
- if expr $(PLATFORM) : 'mingw' > /dev/null; then \
- ( case $$i in \
- *crypto*) i=libeay32.dll;; \
- *ssl*) i=ssleay32.dll;; \
- esac; \
- echo installing $$i; \
- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
- chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
- fi; \
- fi; \
- done; \
- ( here="`pwd`"; \
- cd $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR); \
- $(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \
- if [ "$(INSTALLTOP)" != "/usr" ]; then \
- echo 'OpenSSL shared libraries have been installed in:'; \
- echo ' $(INSTALLTOP)'; \
- echo ''; \
- sed -e '1,/^$$/d' doc/openssl-shared.txt; \
- fi; \
- fi
- cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc
- cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc
- cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc
-
-install_html_docs:
- here="`pwd`"; \
- filecase=; \
- case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*|darwin*-*-cc) \
- filecase=-i; \
- esac; \
- for subdir in apps crypto ssl; do \
- mkdir -p $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \
- for i in doc/$$subdir/*.pod; do \
- fn=`basename $$i .pod`; \
- echo "installing html/$$fn.$(HTMLSUFFIX)"; \
- cat $$i \
- | sed -r 's/L<([^)]*)(\([0-9]\))?\|([^)]*)(\([0-9]\))?>/L<\1|\3>/g' \
- | pod2html --podroot=doc --htmlroot=.. --podpath=apps:crypto:ssl \
- | sed -r 's/<!DOCTYPE.*//g' \
- > $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir/$$fn.$(HTMLSUFFIX); \
- $(PERL) util/extract-names.pl < $$i | \
- grep -v $$filecase "^$$fn\$$" | \
- (cd $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \
- while read n; do \
- PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$(HTMLSUFFIX) "$$n".$(HTMLSUFFIX); \
- done); \
- done; \
- done
-
-install_docs:
- @$(PERL) $(TOP)/util/mkdir-p.pl \
- $(INSTALL_PREFIX)$(MANDIR)/man1 \
- $(INSTALL_PREFIX)$(MANDIR)/man3 \
- $(INSTALL_PREFIX)$(MANDIR)/man5 \
- $(INSTALL_PREFIX)$(MANDIR)/man7
- @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
- here="`pwd`"; \
- filecase=; \
- case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*|darwin*-*-cc) \
- filecase=-i; \
- esac; \
- set -e; for i in doc/apps/*.pod; do \
- fn=`basename $$i .pod`; \
- sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
- echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
- (cd `$(PERL) util/dirname.pl $$i`; \
- sh -c "$$pod2man \
- --section=$$sec --center=OpenSSL \
- --release=$(VERSION) `basename $$i`") \
- > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
- $(PERL) util/extract-names.pl < $$i | \
- (grep -v $$filecase "^$$fn\$$"; true) | \
- (grep -v "[ ]"; true) | \
- (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
- while read n; do \
- PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
- done); \
- done; \
- set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \
- fn=`basename $$i .pod`; \
- sec=`$(PERL) util/extract-section.pl 3 < $$i`; \
- echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
- (cd `$(PERL) util/dirname.pl $$i`; \
- sh -c "$$pod2man \
- --section=$$sec --center=OpenSSL \
- --release=$(VERSION) `basename $$i`") \
- > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
- $(PERL) util/extract-names.pl < $$i | \
- (grep -v $$filecase "^$$fn\$$"; true) | \
- (grep -v "[ ]"; true) | \
- (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
- while read n; do \
- PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
- done); \
- done
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
Index: sources/packages/n/openssl10/create-1.0.2u-shlib-patch/openssl-1.0.2u-new
===================================================================
--- sources/packages/n/openssl10/create-1.0.2u-shlib-patch/openssl-1.0.2u-new (revision 419)
+++ sources/packages/n/openssl10/create-1.0.2u-shlib-patch/openssl-1.0.2u-new (nonexistent)
Property changes on: sources/packages/n/openssl10/create-1.0.2u-shlib-patch/openssl-1.0.2u-new
___________________________________________________________________
Deleted: svn:ignore
## -1,73 +0,0 ##
-
-# install dir
-dist
-
-# Target build dirs
-.a1x-newlib
-.a2x-newlib
-.at91sam7s-newlib
-
-.build-machine
-
-.a1x-glibc
-.a2x-glibc
-.h3-glibc
-.h5-glibc
-.i586-glibc
-.i686-glibc
-.imx6-glibc
-.jz47xx-glibc
-.makefile
-.am335x-glibc
-.omap543x-glibc
-.p5600-glibc
-.power8-glibc
-.power8le-glibc
-.power9-glibc
-.power9le-glibc
-.m1000-glibc
-.riscv64-glibc
-.rk328x-glibc
-.rk33xx-glibc
-.rk339x-glibc
-.s8xx-glibc
-.s9xx-glibc
-.x86_64-glibc
-
-# Hidden files (each file)
-.makefile
-.dist
-.rootfs
-
-# src & hw requires
-.src_requires
-.src_requires_depend
-.requires
-.requires_depend
-
-# Tarballs
-*.gz
-*.bz2
-*.lz
-*.xz
-*.tgz
-*.txz
-
-# Signatures
-*.asc
-*.sig
-*.sign
-*.sha1sum
-
-# Patches
-*.patch
-
-# Descriptions
-*.dsc
-*.txt
-
-# Default linux config files
-*.defconfig
-
-# backup copies
-*~
Index: sources/packages/n/openssl10/create-1.0.2u-shlib-patch/create.patch.sh
===================================================================
--- sources/packages/n/openssl10/create-1.0.2u-shlib-patch/create.patch.sh (revision 419)
+++ sources/packages/n/openssl10/create-1.0.2u-shlib-patch/create.patch.sh (nonexistent)
@@ -1,15 +0,0 @@
-#!/bin/sh
-
-VERSION=1.0.2u
-
-tar --files-from=file.list -xzvf ../openssl-$VERSION.tar.gz
-mv openssl-$VERSION openssl-$VERSION-orig
-
-cp -rf ./openssl-$VERSION-new ./openssl-$VERSION
-
-diff --unified -Nr openssl-$VERSION-orig openssl-$VERSION > openssl-$VERSION-shlib.patch
-
-mv openssl-$VERSION-shlib.patch ../patches
-
-rm -rf ./openssl-$VERSION
-rm -rf ./openssl-$VERSION-orig
Property changes on: sources/packages/n/openssl10/create-1.0.2u-shlib-patch/create.patch.sh
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: sources/packages/n/openssl10/create-1.0.2u-shlib-patch
===================================================================
--- sources/packages/n/openssl10/create-1.0.2u-shlib-patch (revision 419)
+++ sources/packages/n/openssl10/create-1.0.2u-shlib-patch (nonexistent)
Property changes on: sources/packages/n/openssl10/create-1.0.2u-shlib-patch
___________________________________________________________________
Deleted: svn:ignore
## -1,73 +0,0 ##
-
-# install dir
-dist
-
-# Target build dirs
-.a1x-newlib
-.a2x-newlib
-.at91sam7s-newlib
-
-.build-machine
-
-.a1x-glibc
-.a2x-glibc
-.h3-glibc
-.h5-glibc
-.i586-glibc
-.i686-glibc
-.imx6-glibc
-.jz47xx-glibc
-.makefile
-.am335x-glibc
-.omap543x-glibc
-.p5600-glibc
-.power8-glibc
-.power8le-glibc
-.power9-glibc
-.power9le-glibc
-.m1000-glibc
-.riscv64-glibc
-.rk328x-glibc
-.rk33xx-glibc
-.rk339x-glibc
-.s8xx-glibc
-.s9xx-glibc
-.x86_64-glibc
-
-# Hidden files (each file)
-.makefile
-.dist
-.rootfs
-
-# src & hw requires
-.src_requires
-.src_requires_depend
-.requires
-.requires_depend
-
-# Tarballs
-*.gz
-*.bz2
-*.lz
-*.xz
-*.tgz
-*.txz
-
-# Signatures
-*.asc
-*.sig
-*.sign
-*.sha1sum
-
-# Patches
-*.patch
-
-# Descriptions
-*.dsc
-*.txt
-
-# Default linux config files
-*.defconfig
-
-# backup copies
-*~
Index: sources/packages/n/openssl10/patches/README
===================================================================
--- sources/packages/n/openssl10/patches/README (revision 419)
+++ sources/packages/n/openssl10/patches/README (nonexistent)
@@ -1,6 +0,0 @@
-
-/* begin *
-
- openssl-1.0.2u-versioned-symbols.patch - should be applied before openssl-1.0.2u-mips-O2.patch
-
- * end */
Index: sources/packages/n/openssl10/patches
===================================================================
--- sources/packages/n/openssl10/patches (revision 419)
+++ sources/packages/n/openssl10/patches (nonexistent)
Property changes on: sources/packages/n/openssl10/patches
___________________________________________________________________
Deleted: svn:ignore
## -1,73 +0,0 ##
-
-# install dir
-dist
-
-# Target build dirs
-.a1x-newlib
-.a2x-newlib
-.at91sam7s-newlib
-
-.build-machine
-
-.a1x-glibc
-.a2x-glibc
-.h3-glibc
-.h5-glibc
-.i586-glibc
-.i686-glibc
-.imx6-glibc
-.jz47xx-glibc
-.makefile
-.am335x-glibc
-.omap543x-glibc
-.p5600-glibc
-.power8-glibc
-.power8le-glibc
-.power9-glibc
-.power9le-glibc
-.m1000-glibc
-.riscv64-glibc
-.rk328x-glibc
-.rk33xx-glibc
-.rk339x-glibc
-.s8xx-glibc
-.s9xx-glibc
-.x86_64-glibc
-
-# Hidden files (each file)
-.makefile
-.dist
-.rootfs
-
-# src & hw requires
-.src_requires
-.src_requires_depend
-.requires
-.requires_depend
-
-# Tarballs
-*.gz
-*.bz2
-*.lz
-*.xz
-*.tgz
-*.txz
-
-# Signatures
-*.asc
-*.sig
-*.sign
-*.sha1sum
-
-# Patches
-*.patch
-
-# Descriptions
-*.dsc
-*.txt
-
-# Default linux config files
-*.defconfig
-
-# backup copies
-*~
Index: sources/packages/n/openssl10/create-1.0.2u-pod-patch/file.list
===================================================================
--- sources/packages/n/openssl10/create-1.0.2u-pod-patch/file.list (revision 419)
+++ sources/packages/n/openssl10/create-1.0.2u-pod-patch/file.list (nonexistent)
@@ -1,2 +0,0 @@
-openssl-1.0.2u/doc/apps/ts.pod
-openssl-1.0.2u/doc/crypto/rand.pod
Index: sources/packages/n/openssl10/create-1.0.2u-pod-patch/openssl-1.0.2u-new/doc/crypto/rand.pod
===================================================================
--- sources/packages/n/openssl10/create-1.0.2u-pod-patch/openssl-1.0.2u-new/doc/crypto/rand.pod (revision 419)
+++ sources/packages/n/openssl10/create-1.0.2u-pod-patch/openssl-1.0.2u-new/doc/crypto/rand.pod (nonexistent)
@@ -1,175 +0,0 @@
-=pod
-
-=head1 NAME
-
-rand - pseudo-random number generator
-
-=head1 SYNOPSIS
-
- #include <openssl/rand.h>
-
- int RAND_set_rand_engine(ENGINE *engine);
-
- int RAND_bytes(unsigned char *buf, int num);
- int RAND_pseudo_bytes(unsigned char *buf, int num);
-
- void RAND_seed(const void *buf, int num);
- void RAND_add(const void *buf, int num, double entropy);
- int RAND_status(void);
-
- int RAND_load_file(const char *file, long max_bytes);
- int RAND_write_file(const char *file);
- const char *RAND_file_name(char *file, size_t num);
-
- int RAND_egd(const char *path);
-
- void RAND_set_rand_method(const RAND_METHOD *meth);
- const RAND_METHOD *RAND_get_rand_method(void);
- RAND_METHOD *RAND_SSLeay(void);
-
- void RAND_cleanup(void);
-
- /* For Win32 only */
- void RAND_screen(void);
- int RAND_event(UINT, WPARAM, LPARAM);
-
-=head1 DESCRIPTION
-
-Since the introduction of the ENGINE API, the recommended way of controlling
-default implementations is by using the ENGINE API functions. The default
-B<RAND_METHOD>, as set by RAND_set_rand_method() and returned by
-RAND_get_rand_method(), is only used if no ENGINE has been set as the default
-"rand" implementation. Hence, these two functions are no longer the recommended
-way to control defaults.
-
-If an alternative B<RAND_METHOD> implementation is being used (either set
-directly or as provided by an ENGINE module), then it is entirely responsible
-for the generation and management of a cryptographically secure PRNG stream. The
-mechanisms described below relate solely to the software PRNG implementation
-built in to OpenSSL and used by default.
-
-These functions implement a cryptographically secure pseudo-random
-number generator (PRNG). It is used by other library functions for
-example to generate random keys, and applications can use it when they
-need randomness.
-
-A cryptographic PRNG must be seeded with unpredictable data such as
-mouse movements or keys pressed at random by the user. This is
-described in L<RAND_add(3)|RAND_add(3)>. Its state can be saved in a seed file
-(see L<RAND_load_file(3)|RAND_load_file(3)>) to avoid having to go through the
-seeding process whenever the application is started.
-
-L<RAND_bytes(3)|RAND_bytes(3)> describes how to obtain random data from the
-PRNG.
-
-=head1 INTERNALS
-
-The RAND_SSLeay() method implements a PRNG based on a cryptographic
-hash function.
-
-The following description of its design is based on the SSLeay
-documentation:
-
-First up I will state the things I believe I need for a good RNG.
-
-=over 4
-
-=item C<1>
-
-A good hashing algorithm to mix things up and to convert the RNG 'state'
-to random numbers.
-
-=item C<2>
-
-An initial source of random 'state'.
-
-=item C<3>
-
-The state should be very large. If the RNG is being used to generate
-4096 bit RSA keys, 2 2048 bit random strings are required (at a minimum).
-If your RNG state only has 128 bits, you are obviously limiting the
-search space to 128 bits, not 2048. I'm probably getting a little
-carried away on this last point but it does indicate that it may not be
-a bad idea to keep quite a lot of RNG state. It should be easier to
-break a cipher than guess the RNG seed data.
-
-=item C<4>
-
-Any RNG seed data should influence all subsequent random numbers
-generated. This implies that any random seed data entered will have
-an influence on all subsequent random numbers generated.
-
-=item C<5>
-
-When using data to seed the RNG state, the data used should not be
-extractable from the RNG state. I believe this should be a
-requirement because one possible source of 'secret' semi random
-data would be a private key or a password. This data must
-not be disclosed by either subsequent random numbers or a
-'core' dump left by a program crash.
-
-=item C<6>
-
-Given the same initial 'state', 2 systems should deviate in their RNG state
-(and hence the random numbers generated) over time if at all possible.
-
-=item C<7>
-
-Given the random number output stream, it should not be possible to determine
-the RNG state or the next random number.
-
-=back
-
-The algorithm is as follows.
-
-There is global state made up of a 1023 byte buffer (the 'state'), a
-working hash value ('md'), and a counter ('count').
-
-Whenever seed data is added, it is inserted into the 'state' as
-follows.
-
-The input is chopped up into units of 20 bytes (or less for
-the last block). Each of these blocks is run through the hash
-function as follows: The data passed to the hash function
-is the current 'md', the same number of bytes from the 'state'
-(the location determined by in incremented looping index) as
-the current 'block', the new key data 'block', and 'count'
-(which is incremented after each use).
-The result of this is kept in 'md' and also xored into the
-'state' at the same locations that were used as input into the
-hash function. I
-believe this system addresses points 1 (hash function; currently
-SHA-1), 3 (the 'state'), 4 (via the 'md'), 5 (by the use of a hash
-function and xor).
-
-When bytes are extracted from the RNG, the following process is used.
-For each group of 10 bytes (or less), we do the following:
-
-Input into the hash function the local 'md' (which is initialized from
-the global 'md' before any bytes are generated), the bytes that are to
-be overwritten by the random bytes, and bytes from the 'state'
-(incrementing looping index). From this digest output (which is kept
-in 'md'), the top (up to) 10 bytes are returned to the caller and the
-bottom 10 bytes are xored into the 'state'.
-
-Finally, after we have finished 'num' random bytes for the caller,
-'count' (which is incremented) and the local and global 'md' are fed
-into the hash function and the results are kept in the global 'md'.
-
-I believe the above addressed points 1 (use of SHA-1), 6 (by hashing
-into the 'state' the 'old' data from the caller that is about to be
-overwritten) and 7 (by not using the 10 bytes given to the caller to
-update the 'state', but they are used to update 'md').
-
-So of the points raised, only 2 is not addressed (but see
-L<RAND_add(3)|RAND_add(3)>).
-
-=head1 SEE ALSO
-
-L<BN_rand(3)|BN_rand(3)>, L<RAND_add(3)|RAND_add(3)>,
-L<RAND_load_file(3)|RAND_load_file(3)>, L<RAND_egd(3)|RAND_egd(3)>,
-L<RAND_bytes(3)|RAND_bytes(3)>,
-L<RAND_set_rand_method(3)|RAND_set_rand_method(3)>,
-L<RAND_cleanup(3)|RAND_cleanup(3)>
-
-=cut
Index: sources/packages/n/openssl10/create-1.0.2u-pod-patch/openssl-1.0.2u-new/doc/crypto
===================================================================
--- sources/packages/n/openssl10/create-1.0.2u-pod-patch/openssl-1.0.2u-new/doc/crypto (revision 419)
+++ sources/packages/n/openssl10/create-1.0.2u-pod-patch/openssl-1.0.2u-new/doc/crypto (nonexistent)
Property changes on: sources/packages/n/openssl10/create-1.0.2u-pod-patch/openssl-1.0.2u-new/doc/crypto
___________________________________________________________________
Deleted: svn:ignore
## -1,73 +0,0 ##
-
-# install dir
-dist
-
-# Target build dirs
-.a1x-newlib
-.a2x-newlib
-.at91sam7s-newlib
-
-.build-machine
-
-.a1x-glibc
-.a2x-glibc
-.h3-glibc
-.h5-glibc
-.i586-glibc
-.i686-glibc
-.imx6-glibc
-.jz47xx-glibc
-.makefile
-.am335x-glibc
-.omap543x-glibc
-.p5600-glibc
-.power8-glibc
-.power8le-glibc
-.power9-glibc
-.power9le-glibc
-.m1000-glibc
-.riscv64-glibc
-.rk328x-glibc
-.rk33xx-glibc
-.rk339x-glibc
-.s8xx-glibc
-.s9xx-glibc
-.x86_64-glibc
-
-# Hidden files (each file)
-.makefile
-.dist
-.rootfs
-
-# src & hw requires
-.src_requires
-.src_requires_depend
-.requires
-.requires_depend
-
-# Tarballs
-*.gz
-*.bz2
-*.lz
-*.xz
-*.tgz
-*.txz
-
-# Signatures
-*.asc
-*.sig
-*.sign
-*.sha1sum
-
-# Patches
-*.patch
-
-# Descriptions
-*.dsc
-*.txt
-
-# Default linux config files
-*.defconfig
-
-# backup copies
-*~
Index: sources/packages/n/openssl10/create-1.0.2u-pod-patch/openssl-1.0.2u-new/doc/apps/ts.pod
===================================================================
--- sources/packages/n/openssl10/create-1.0.2u-pod-patch/openssl-1.0.2u-new/doc/apps/ts.pod (revision 419)
+++ sources/packages/n/openssl10/create-1.0.2u-pod-patch/openssl-1.0.2u-new/doc/apps/ts.pod (nonexistent)
@@ -1,595 +0,0 @@
-=pod
-
-=head1 NAME
-
-openssl-ts,
-ts - Time Stamping Authority tool (client/server)
-
-=head1 SYNOPSIS
-
-B<openssl> B<ts>
-B<-query>
-[B<-rand> file:file...]
-[B<-config> configfile]
-[B<-data> file_to_hash]
-[B<-digest> digest_bytes]
-[B<-md2>|B<-md4>|B<-md5>|B<-sha>|B<-sha1>|B<-mdc2>|B<-ripemd160>|B<...>]
-[B<-policy> object_id]
-[B<-no_nonce>]
-[B<-cert>]
-[B<-in> request.tsq]
-[B<-out> request.tsq]
-[B<-text>]
-
-B<openssl> B<ts>
-B<-reply>
-[B<-config> configfile]
-[B<-section> tsa_section]
-[B<-queryfile> request.tsq]
-[B<-passin> password_src]
-[B<-signer> tsa_cert.pem]
-[B<-inkey> private.pem]
-[B<-chain> certs_file.pem]
-[B<-policy> object_id]
-[B<-in> response.tsr]
-[B<-token_in>]
-[B<-out> response.tsr]
-[B<-token_out>]
-[B<-text>]
-[B<-engine> id]
-
-B<openssl> B<ts>
-B<-verify>
-[B<-data> file_to_hash]
-[B<-digest> digest_bytes]
-[B<-queryfile> request.tsq]
-[B<-in> response.tsr]
-[B<-token_in>]
-[B<-CApath> trusted_cert_path]
-[B<-CAfile> trusted_certs.pem]
-[B<-untrusted> cert_file.pem]
-
-=head1 DESCRIPTION
-
-The B<ts> command is a basic Time Stamping Authority (TSA) client and server
-application as specified in RFC 3161 (Time-Stamp Protocol, TSP). A
-TSA can be part of a PKI deployment and its role is to provide long
-term proof of the existence of a certain datum before a particular
-time. Here is a brief description of the protocol:
-
-=over 4
-
-=item C<1>
-
-The TSA client computes a one-way hash value for a data file and sends
-the hash to the TSA.
-
-=item C<2>
-
-The TSA attaches the current date and time to the received hash value,
-signs them and sends the time stamp token back to the client. By
-creating this token the TSA certifies the existence of the original
-data file at the time of response generation.
-
-=item C<3>
-
-The TSA client receives the time stamp token and verifies the
-signature on it. It also checks if the token contains the same hash
-value that it had sent to the TSA.
-
-=back
-
-There is one DER encoded protocol data unit defined for transporting a time
-stamp request to the TSA and one for sending the time stamp response
-back to the client. The B<ts> command has three main functions:
-creating a time stamp request based on a data file,
-creating a time stamp response based on a request, verifying if a
-response corresponds to a particular request or a data file.
-
-There is no support for sending the requests/responses automatically
-over HTTP or TCP yet as suggested in RFC 3161. The users must send the
-requests either by ftp or e-mail.
-
-=head1 OPTIONS
-
-=head2 Time Stamp Request generation
-
-The B<-query> switch can be used for creating and printing a time stamp
-request with the following options:
-
-=over 4
-
-=item B<-rand> file:file...
-
-The files containing random data for seeding the random number
-generator. Multiple files can be specified, the separator is B<;> for
-MS-Windows, B<,> for VMS and B<:> for all other platforms. (Optional)
-
-=item B<-config> configfile
-
-The configuration file to use, this option overrides the
-B<OPENSSL_CONF> environment variable. Only the OID section
-of the config file is used with the B<-query> command. (Optional)
-
-=item B<-data> file_to_hash
-
-The data file for which the time stamp request needs to be
-created. stdin is the default if neither the B<-data> nor the B<-digest>
-parameter is specified. (Optional)
-
-=item B<-digest> digest_bytes
-
-It is possible to specify the message imprint explicitly without the data
-file. The imprint must be specified in a hexadecimal format, two characters
-per byte, the bytes optionally separated by colons (e.g. 1A:F6:01:... or
-1AF601...). The number of bytes must match the message digest algorithm
-in use. (Optional)
-
-=item B<-md2>|B<-md4>|B<-md5>|B<-sha>|B<-sha1>|B<-mdc2>|B<-ripemd160>|B<...>
-
-The message digest to apply to the data file, it supports all the message
-digest algorithms that are supported by the openssl B<dgst> command.
-The default is SHA-1. (Optional)
-
-=item B<-policy> object_id
-
-The policy that the client expects the TSA to use for creating the
-time stamp token. Either the dotted OID notation or OID names defined
-in the config file can be used. If no policy is requested the TSA will
-use its own default policy. (Optional)
-
-=item B<-no_nonce>
-
-No nonce is specified in the request if this option is
-given. Otherwise a 64 bit long pseudo-random none is
-included in the request. It is recommended to use nonce to
-protect against replay-attacks. (Optional)
-
-=item B<-cert>
-
-The TSA is expected to include its signing certificate in the
-response. (Optional)
-
-=item B<-in> request.tsq
-
-This option specifies a previously created time stamp request in DER
-format that will be printed into the output file. Useful when you need
-to examine the content of a request in human-readable
-
-format. (Optional)
-
-=item B<-out> request.tsq
-
-Name of the output file to which the request will be written. Default
-is stdout. (Optional)
-
-=item B<-text>
-
-If this option is specified the output is human-readable text format
-instead of DER. (Optional)
-
-=back
-
-=head2 Time Stamp Response generation
-
-A time stamp response (TimeStampResp) consists of a response status
-and the time stamp token itself (ContentInfo), if the token generation was
-successful. The B<-reply> command is for creating a time stamp
-response or time stamp token based on a request and printing the
-response/token in human-readable format. If B<-token_out> is not
-specified the output is always a time stamp response (TimeStampResp),
-otherwise it is a time stamp token (ContentInfo).
-
-=over 4
-
-=item B<-config> configfile
-
-The configuration file to use, this option overrides the
-B<OPENSSL_CONF> environment variable. See B<CONFIGURATION FILE
-OPTIONS> for configurable variables. (Optional)
-
-=item B<-section> tsa_section
-
-The name of the config file section conatining the settings for the
-response generation. If not specified the default TSA section is
-used, see B<CONFIGURATION FILE OPTIONS> for details. (Optional)
-
-=item B<-queryfile> request.tsq
-
-The name of the file containing a DER encoded time stamp request. (Optional)
-
-=item B<-passin> password_src
-
-Specifies the password source for the private key of the TSA. See
-B<PASS PHRASE ARGUMENTS> in L<openssl(1)|openssl(1)>. (Optional)
-
-=item B<-signer> tsa_cert.pem
-
-The signer certificate of the TSA in PEM format. The TSA signing
-certificate must have exactly one extended key usage assigned to it:
-timeStamping. The extended key usage must also be critical, otherwise
-the certificate is going to be refused. Overrides the B<signer_cert>
-variable of the config file. (Optional)
-
-=item B<-inkey> private.pem
-
-The signer private key of the TSA in PEM format. Overrides the
-B<signer_key> config file option. (Optional)
-
-=item B<-chain> certs_file.pem
-
-The collection of certificates in PEM format that will all
-be included in the response in addition to the signer certificate if
-the B<-cert> option was used for the request. This file is supposed to
-contain the certificate chain for the signer certificate from its
-issuer upwards. The B<-reply> command does not build a certificate
-chain automatically. (Optional)
-
-=item B<-policy> object_id
-
-The default policy to use for the response unless the client
-explicitly requires a particular TSA policy. The OID can be specified
-either in dotted notation or with its name. Overrides the
-B<default_policy> config file option. (Optional)
-
-=item B<-in> response.tsr
-
-Specifies a previously created time stamp response or time stamp token
-(if B<-token_in> is also specified) in DER format that will be written
-to the output file. This option does not require a request, it is
-useful e.g. when you need to examine the content of a response or
-token or you want to extract the time stamp token from a response. If
-the input is a token and the output is a time stamp response a default
-'granted' status info is added to the token. (Optional)
-
-=item B<-token_in>
-
-This flag can be used together with the B<-in> option and indicates
-that the input is a DER encoded time stamp token (ContentInfo) instead
-of a time stamp response (TimeStampResp). (Optional)
-
-=item B<-out> response.tsr
-
-The response is written to this file. The format and content of the
-file depends on other options (see B<-text>, B<-token_out>). The default is
-stdout. (Optional)
-
-=item B<-token_out>
-
-The output is a time stamp token (ContentInfo) instead of time stamp
-response (TimeStampResp). (Optional)
-
-=item B<-text>
-
-If this option is specified the output is human-readable text format
-instead of DER. (Optional)
-
-=item B<-engine> id
-
-Specifying an engine (by its unique B<id> string) will cause B<ts>
-to attempt to obtain a functional reference to the specified engine,
-thus initialising it if needed. The engine will then be set as the default
-for all available algorithms. Default is builtin. (Optional)
-
-=back
-
-=head2 Time Stamp Response verification
-
-The B<-verify> command is for verifying if a time stamp response or time
-stamp token is valid and matches a particular time stamp request or
-data file. The B<-verify> command does not use the configuration file.
-
-=over 4
-
-=item B<-data> file_to_hash
-
-The response or token must be verified against file_to_hash. The file
-is hashed with the message digest algorithm specified in the token.
-The B<-digest> and B<-queryfile> options must not be specified with this one.
-(Optional)
-
-=item B<-digest> digest_bytes
-
-The response or token must be verified against the message digest specified
-with this option. The number of bytes must match the message digest algorithm
-specified in the token. The B<-data> and B<-queryfile> options must not be
-specified with this one. (Optional)
-
-=item B<-queryfile> request.tsq
-
-The original time stamp request in DER format. The B<-data> and B<-digest>
-options must not be specified with this one. (Optional)
-
-=item B<-in> response.tsr
-
-The time stamp response that needs to be verified in DER format. (Mandatory)
-
-=item B<-token_in>
-
-This flag can be used together with the B<-in> option and indicates
-that the input is a DER encoded time stamp token (ContentInfo) instead
-of a time stamp response (TimeStampResp). (Optional)
-
-=item B<-CApath> trusted_cert_path
-
-The name of the directory containing the trused CA certificates of the
-client. See the similar option of L<verify(1)|verify(1)> for additional
-details. Either this option or B<-CAfile> must be specified. (Optional)
-
-
-=item B<-CAfile> trusted_certs.pem
-
-The name of the file containing a set of trusted self-signed CA
-certificates in PEM format. See the similar option of
-L<verify(1)|verify(1)> for additional details. Either this option
-or B<-CApath> must be specified.
-(Optional)
-
-=item B<-untrusted> cert_file.pem
-
-Set of additional untrusted certificates in PEM format which may be
-needed when building the certificate chain for the TSA's signing
-certificate. This file must contain the TSA signing certificate and
-all intermediate CA certificates unless the response includes them.
-(Optional)
-
-=back
-
-=head1 CONFIGURATION FILE OPTIONS
-
-The B<-query> and B<-reply> commands make use of a configuration file
-defined by the B<OPENSSL_CONF> environment variable. See L<config(5)|config(5)>
-for a general description of the syntax of the config file. The
-B<-query> command uses only the symbolic OID names section
-and it can work without it. However, the B<-reply> command needs the
-config file for its operation.
-
-When there is a command line switch equivalent of a variable the
-switch always overrides the settings in the config file.
-
-=over 4
-
-=item B<tsa> section, B<default_tsa>
-
-This is the main section and it specifies the name of another section
-that contains all the options for the B<-reply> command. This default
-section can be overridden with the B<-section> command line switch. (Optional)
-
-=item B<oid_file>
-
-See L<ca(1)|ca(1)> for description. (Optional)
-
-=item B<oid_section>
-
-See L<ca(1)|ca(1)> for description. (Optional)
-
-=item B<RANDFILE>
-
-See L<ca(1)|ca(1)> for description. (Optional)
-
-=item B<serial>
-
-The name of the file containing the hexadecimal serial number of the
-last time stamp response created. This number is incremented by 1 for
-each response. If the file does not exist at the time of response
-generation a new file is created with serial number 1. (Mandatory)
-
-=item B<crypto_device>
-
-Specifies the OpenSSL engine that will be set as the default for
-all available algorithms. The default value is builtin, you can specify
-any other engines supported by OpenSSL (e.g. use chil for the NCipher HSM).
-(Optional)
-
-=item B<signer_cert>
-
-TSA signing certificate in PEM format. The same as the B<-signer>
-command line option. (Optional)
-
-=item B<certs>
-
-A file containing a set of PEM encoded certificates that need to be
-included in the response. The same as the B<-chain> command line
-option. (Optional)
-
-=item B<signer_key>
-
-The private key of the TSA in PEM format. The same as the B<-inkey>
-command line option. (Optional)
-
-=item B<default_policy>
-
-The default policy to use when the request does not mandate any
-policy. The same as the B<-policy> command line option. (Optional)
-
-=item B<other_policies>
-
-Comma separated list of policies that are also acceptable by the TSA
-and used only if the request explicitly specifies one of them. (Optional)
-
-=item B<digests>
-
-The list of message digest algorithms that the TSA accepts. At least
-one algorithm must be specified. (Mandatory)
-
-=item B<accuracy>
-
-The accuracy of the time source of the TSA in seconds, milliseconds
-and microseconds. E.g. secs:1, millisecs:500, microsecs:100. If any of
-the components is missing zero is assumed for that field. (Optional)
-
-=item B<clock_precision_digits>
-
-Specifies the maximum number of digits, which represent the fraction of
-seconds, that need to be included in the time field. The trailing zeroes
-must be removed from the time, so there might actually be fewer digits,
-or no fraction of seconds at all. Supported only on UNIX platforms.
-The maximum value is 6, default is 0.
-(Optional)
-
-=item B<ordering>
-
-If this option is yes the responses generated by this TSA can always
-be ordered, even if the time difference between two responses is less
-than the sum of their accuracies. Default is no. (Optional)
-
-=item B<tsa_name>
-
-Set this option to yes if the subject name of the TSA must be included in
-the TSA name field of the response. Default is no. (Optional)
-
-=item B<ess_cert_id_chain>
-
-The SignedData objects created by the TSA always contain the
-certificate identifier of the signing certificate in a signed
-attribute (see RFC 2634, Enhanced Security Services). If this option
-is set to yes and either the B<certs> variable or the B<-chain> option
-is specified then the certificate identifiers of the chain will also
-be included in the SigningCertificate signed attribute. If this
-variable is set to no, only the signing certificate identifier is
-included. Default is no. (Optional)
-
-=back
-
-=head1 ENVIRONMENT VARIABLES
-
-B<OPENSSL_CONF> contains the path of the configuration file and can be
-overridden by the B<-config> command line option.
-
-=head1 EXAMPLES
-
-All the examples below presume that B<OPENSSL_CONF> is set to a proper
-configuration file, e.g. the example configuration file
-openssl/apps/openssl.cnf will do.
-
-=head2 Time Stamp Request
-
-To create a time stamp request for design1.txt with SHA-1
-without nonce and policy and no certificate is required in the response:
-
- openssl ts -query -data design1.txt -no_nonce \
- -out design1.tsq
-
-To create a similar time stamp request with specifying the message imprint
-explicitly:
-
- openssl ts -query -digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \
- -no_nonce -out design1.tsq
-
-To print the content of the previous request in human readable format:
-
- openssl ts -query -in design1.tsq -text
-
-To create a time stamp request which includes the MD-5 digest
-of design2.txt, requests the signer certificate and nonce,
-specifies a policy id (assuming the tsa_policy1 name is defined in the
-OID section of the config file):
-
- openssl ts -query -data design2.txt -md5 \
- -policy tsa_policy1 -cert -out design2.tsq
-
-=head2 Time Stamp Response
-
-Before generating a response a signing certificate must be created for
-the TSA that contains the B<timeStamping> critical extended key usage extension
-without any other key usage extensions. You can add the
-'extendedKeyUsage = critical,timeStamping' line to the user certificate section
-of the config file to generate a proper certificate. See L<req(1)|req(1)>,
-L<ca(1)|ca(1)>, L<x509(1)|x509(1)> for instructions. The examples
-below assume that cacert.pem contains the certificate of the CA,
-tsacert.pem is the signing certificate issued by cacert.pem and
-tsakey.pem is the private key of the TSA.
-
-To create a time stamp response for a request:
-
- openssl ts -reply -queryfile design1.tsq -inkey tsakey.pem \
- -signer tsacert.pem -out design1.tsr
-
-If you want to use the settings in the config file you could just write:
-
- openssl ts -reply -queryfile design1.tsq -out design1.tsr
-
-To print a time stamp reply to stdout in human readable format:
-
- openssl ts -reply -in design1.tsr -text
-
-To create a time stamp token instead of time stamp response:
-
- openssl ts -reply -queryfile design1.tsq -out design1_token.der -token_out
-
-To print a time stamp token to stdout in human readable format:
-
- openssl ts -reply -in design1_token.der -token_in -text -token_out
-
-To extract the time stamp token from a response:
-
- openssl ts -reply -in design1.tsr -out design1_token.der -token_out
-
-To add 'granted' status info to a time stamp token thereby creating a
-valid response:
-
- openssl ts -reply -in design1_token.der -token_in -out design1.tsr
-
-=head2 Time Stamp Verification
-
-To verify a time stamp reply against a request:
-
- openssl ts -verify -queryfile design1.tsq -in design1.tsr \
- -CAfile cacert.pem -untrusted tsacert.pem
-
-To verify a time stamp reply that includes the certificate chain:
-
- openssl ts -verify -queryfile design2.tsq -in design2.tsr \
- -CAfile cacert.pem
-
-To verify a time stamp token against the original data file:
- openssl ts -verify -data design2.txt -in design2.tsr \
- -CAfile cacert.pem
-
-To verify a time stamp token against a message imprint:
- openssl ts -verify -digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \
- -in design2.tsr -CAfile cacert.pem
-
-You could also look at the 'test' directory for more examples.
-
-=head1 BUGS
-
-If you find any bugs or you have suggestions please write to
-Zoltan Glozik <zglozik@opentsa.org>. Known issues:
-
-=over 4
-
-=item * No support for time stamps over SMTP, though it is quite easy
-to implement an automatic e-mail based TSA with L<procmail(1)|procmail(1)>
-and L<perl(1)|perl(1)>. HTTP server support is provided in the form of
-a separate apache module. HTTP client support is provided by
-L<tsget(1)|tsget(1)>. Pure TCP/IP protocol is not supported.
-
-=item * The file containing the last serial number of the TSA is not
-locked when being read or written. This is a problem if more than one
-instance of L<openssl(1)|openssl(1)> is trying to create a time stamp
-response at the same time. This is not an issue when using the apache
-server module, it does proper locking.
-
-=item * Look for the FIXME word in the source files.
-
-=item * The source code should really be reviewed by somebody else, too.
-
-=item * More testing is needed, I have done only some basic tests (see
-test/testtsa).
-
-=back
-
-=cut
-
-=head1 AUTHOR
-
-Zoltan Glozik <zglozik@opentsa.org>, OpenTSA project (http://www.opentsa.org)
-
-=head1 SEE ALSO
-
-L<tsget(1)|tsget(1)>, L<openssl(1)|openssl(1)>, L<req(1)|req(1)>,
-L<x509(1)|x509(1)>, L<ca(1)|ca(1)>, L<genrsa(1)|genrsa(1)>,
-L<config(5)|config(5)>
-
-=cut
Index: sources/packages/n/openssl10/create-1.0.2u-pod-patch/openssl-1.0.2u-new/doc/apps
===================================================================
--- sources/packages/n/openssl10/create-1.0.2u-pod-patch/openssl-1.0.2u-new/doc/apps (revision 419)
+++ sources/packages/n/openssl10/create-1.0.2u-pod-patch/openssl-1.0.2u-new/doc/apps (nonexistent)
Property changes on: sources/packages/n/openssl10/create-1.0.2u-pod-patch/openssl-1.0.2u-new/doc/apps
___________________________________________________________________
Deleted: svn:ignore
## -1,73 +0,0 ##
-
-# install dir
-dist
-
-# Target build dirs
-.a1x-newlib
-.a2x-newlib
-.at91sam7s-newlib
-
-.build-machine
-
-.a1x-glibc
-.a2x-glibc
-.h3-glibc
-.h5-glibc
-.i586-glibc
-.i686-glibc
-.imx6-glibc
-.jz47xx-glibc
-.makefile
-.am335x-glibc
-.omap543x-glibc
-.p5600-glibc
-.power8-glibc
-.power8le-glibc
-.power9-glibc
-.power9le-glibc
-.m1000-glibc
-.riscv64-glibc
-.rk328x-glibc
-.rk33xx-glibc
-.rk339x-glibc
-.s8xx-glibc
-.s9xx-glibc
-.x86_64-glibc
-
-# Hidden files (each file)
-.makefile
-.dist
-.rootfs
-
-# src & hw requires
-.src_requires
-.src_requires_depend
-.requires
-.requires_depend
-
-# Tarballs
-*.gz
-*.bz2
-*.lz
-*.xz
-*.tgz
-*.txz
-
-# Signatures
-*.asc
-*.sig
-*.sign
-*.sha1sum
-
-# Patches
-*.patch
-
-# Descriptions
-*.dsc
-*.txt
-
-# Default linux config files
-*.defconfig
-
-# backup copies
-*~
Index: sources/packages/n/openssl10/create-1.0.2u-pod-patch/openssl-1.0.2u-new/doc
===================================================================
--- sources/packages/n/openssl10/create-1.0.2u-pod-patch/openssl-1.0.2u-new/doc (revision 419)
+++ sources/packages/n/openssl10/create-1.0.2u-pod-patch/openssl-1.0.2u-new/doc (nonexistent)
Property changes on: sources/packages/n/openssl10/create-1.0.2u-pod-patch/openssl-1.0.2u-new/doc
___________________________________________________________________
Deleted: svn:ignore
## -1,73 +0,0 ##
-
-# install dir
-dist
-
-# Target build dirs
-.a1x-newlib
-.a2x-newlib
-.at91sam7s-newlib
-
-.build-machine
-
-.a1x-glibc
-.a2x-glibc
-.h3-glibc
-.h5-glibc
-.i586-glibc
-.i686-glibc
-.imx6-glibc
-.jz47xx-glibc
-.makefile
-.am335x-glibc
-.omap543x-glibc
-.p5600-glibc
-.power8-glibc
-.power8le-glibc
-.power9-glibc
-.power9le-glibc
-.m1000-glibc
-.riscv64-glibc
-.rk328x-glibc
-.rk33xx-glibc
-.rk339x-glibc
-.s8xx-glibc
-.s9xx-glibc
-.x86_64-glibc
-
-# Hidden files (each file)
-.makefile
-.dist
-.rootfs
-
-# src & hw requires
-.src_requires
-.src_requires_depend
-.requires
-.requires_depend
-
-# Tarballs
-*.gz
-*.bz2
-*.lz
-*.xz
-*.tgz
-*.txz
-
-# Signatures
-*.asc
-*.sig
-*.sign
-*.sha1sum
-
-# Patches
-*.patch
-
-# Descriptions
-*.dsc
-*.txt
-
-# Default linux config files
-*.defconfig
-
-# backup copies
-*~
Index: sources/packages/n/openssl10/create-1.0.2u-pod-patch/openssl-1.0.2u-new
===================================================================
--- sources/packages/n/openssl10/create-1.0.2u-pod-patch/openssl-1.0.2u-new (revision 419)
+++ sources/packages/n/openssl10/create-1.0.2u-pod-patch/openssl-1.0.2u-new (nonexistent)
Property changes on: sources/packages/n/openssl10/create-1.0.2u-pod-patch/openssl-1.0.2u-new
___________________________________________________________________
Deleted: svn:ignore
## -1,73 +0,0 ##
-
-# install dir
-dist
-
-# Target build dirs
-.a1x-newlib
-.a2x-newlib
-.at91sam7s-newlib
-
-.build-machine
-
-.a1x-glibc
-.a2x-glibc
-.h3-glibc
-.h5-glibc
-.i586-glibc
-.i686-glibc
-.imx6-glibc
-.jz47xx-glibc
-.makefile
-.am335x-glibc
-.omap543x-glibc
-.p5600-glibc
-.power8-glibc
-.power8le-glibc
-.power9-glibc
-.power9le-glibc
-.m1000-glibc
-.riscv64-glibc
-.rk328x-glibc
-.rk33xx-glibc
-.rk339x-glibc
-.s8xx-glibc
-.s9xx-glibc
-.x86_64-glibc
-
-# Hidden files (each file)
-.makefile
-.dist
-.rootfs
-
-# src & hw requires
-.src_requires
-.src_requires_depend
-.requires
-.requires_depend
-
-# Tarballs
-*.gz
-*.bz2
-*.lz
-*.xz
-*.tgz
-*.txz
-
-# Signatures
-*.asc
-*.sig
-*.sign
-*.sha1sum
-
-# Patches
-*.patch
-
-# Descriptions
-*.dsc
-*.txt
-
-# Default linux config files
-*.defconfig
-
-# backup copies
-*~
Index: sources/packages/n/openssl10/create-1.0.2u-pod-patch/create.patch.sh
===================================================================
--- sources/packages/n/openssl10/create-1.0.2u-pod-patch/create.patch.sh (revision 419)
+++ sources/packages/n/openssl10/create-1.0.2u-pod-patch/create.patch.sh (nonexistent)
@@ -1,15 +0,0 @@
-#!/bin/sh
-
-VERSION=1.0.2u
-
-tar --files-from=file.list -xzvf ../openssl-$VERSION.tar.gz
-mv openssl-$VERSION openssl-$VERSION-orig
-
-cp -rf ./openssl-$VERSION-new ./openssl-$VERSION
-
-diff --unified -Nr openssl-$VERSION-orig openssl-$VERSION > openssl-$VERSION-pod.patch
-
-mv openssl-$VERSION-pod.patch ../patches
-
-rm -rf ./openssl-$VERSION
-rm -rf ./openssl-$VERSION-orig
Property changes on: sources/packages/n/openssl10/create-1.0.2u-pod-patch/create.patch.sh
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: sources/packages/n/openssl10/create-1.0.2u-pod-patch
===================================================================
--- sources/packages/n/openssl10/create-1.0.2u-pod-patch (revision 419)
+++ sources/packages/n/openssl10/create-1.0.2u-pod-patch (nonexistent)
Property changes on: sources/packages/n/openssl10/create-1.0.2u-pod-patch
___________________________________________________________________
Deleted: svn:ignore
## -1,73 +0,0 ##
-
-# install dir
-dist
-
-# Target build dirs
-.a1x-newlib
-.a2x-newlib
-.at91sam7s-newlib
-
-.build-machine
-
-.a1x-glibc
-.a2x-glibc
-.h3-glibc
-.h5-glibc
-.i586-glibc
-.i686-glibc
-.imx6-glibc
-.jz47xx-glibc
-.makefile
-.am335x-glibc
-.omap543x-glibc
-.p5600-glibc
-.power8-glibc
-.power8le-glibc
-.power9-glibc
-.power9le-glibc
-.m1000-glibc
-.riscv64-glibc
-.rk328x-glibc
-.rk33xx-glibc
-.rk339x-glibc
-.s8xx-glibc
-.s9xx-glibc
-.x86_64-glibc
-
-# Hidden files (each file)
-.makefile
-.dist
-.rootfs
-
-# src & hw requires
-.src_requires
-.src_requires_depend
-.requires
-.requires_depend
-
-# Tarballs
-*.gz
-*.bz2
-*.lz
-*.xz
-*.tgz
-*.txz
-
-# Signatures
-*.asc
-*.sig
-*.sign
-*.sha1sum
-
-# Patches
-*.patch
-
-# Descriptions
-*.dsc
-*.txt
-
-# Default linux config files
-*.defconfig
-
-# backup copies
-*~
Index: sources/packages/n/openssl10/create-1.0.2u-versioned-symbols-patch/file.list
===================================================================
--- sources/packages/n/openssl10/create-1.0.2u-versioned-symbols-patch/file.list (revision 419)
+++ sources/packages/n/openssl10/create-1.0.2u-versioned-symbols-patch/file.list (nonexistent)
@@ -1 +0,0 @@
-openssl-1.0.2u/Configure
Index: sources/packages/n/openssl10/create-1.0.2u-versioned-symbols-patch/openssl-1.0.2u-new/Configure
===================================================================
--- sources/packages/n/openssl10/create-1.0.2u-versioned-symbols-patch/openssl-1.0.2u-new/Configure (revision 419)
+++ sources/packages/n/openssl10/create-1.0.2u-versioned-symbols-patch/openssl-1.0.2u-new/Configure (nonexistent)
@@ -1,2329 +0,0 @@
-:
-eval 'exec perl -S $0 ${1+"$@"}'
- if $running_under_some_shell;
-##
-## Configure -- OpenSSL source tree configuration script
-##
-
-require 5.000;
-use strict;
-use File::Compare;
-
-# see INSTALL for instructions.
-
-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
-
-# Options:
-#
-# --openssldir install OpenSSL in OPENSSLDIR (Default: DIR/ssl if the
-# --prefix option is given; /usr/local/ssl otherwise)
-# --prefix prefix for the OpenSSL include, lib and bin directories
-# (Default: the OPENSSLDIR directory)
-#
-# --install_prefix Additional prefix for package builders (empty by
-# default). This needn't be set in advance, you can
-# just as well use "make INSTALL_PREFIX=/whatever install".
-#
-# --with-krb5-dir Declare where Kerberos 5 lives. The libraries are expected
-# to live in the subdirectory lib/ and the header files in
-# include/. A value is required.
-# --with-krb5-lib Declare where the Kerberos 5 libraries live. A value is
-# required.
-# (Default: KRB5_DIR/lib)
-# --with-krb5-include Declare where the Kerberos 5 header files live. A
-# value is required.
-# (Default: KRB5_DIR/include)
-# --with-krb5-flavor Declare what flavor of Kerberos 5 is used. Currently
-# supported values are "MIT" and "Heimdal". A value is required.
-#
-# --test-sanity Make a number of sanity checks on the data in this file.
-# This is a debugging tool for OpenSSL developers.
-#
-# --cross-compile-prefix Add specified prefix to binutils components.
-#
-# no-hw-xxx do not compile support for specific crypto hardware.
-# Generic OpenSSL-style methods relating to this support
-# are always compiled but return NULL if the hardware
-# support isn't compiled.
-# no-hw do not compile support for any crypto hardware.
-# [no-]threads [don't] try to create a library that is suitable for
-# multithreaded applications (default is "threads" if we
-# know how to do it)
-# [no-]shared [don't] try to create shared libraries when supported.
-# no-asm do not use assembler
-# no-dso do not compile in any native shared-library methods. This
-# will ensure that all methods just return NULL.
-# no-krb5 do not compile in any KRB5 library or code.
-# [no-]zlib [don't] compile support for zlib compression.
-# zlib-dynamic Like "zlib", but the zlib library is expected to be a shared
-# library and will be loaded in run-time by the OpenSSL library.
-# sctp include SCTP support
-# enable-weak-ssl-ciphers
-# Enable EXPORT and LOW SSLv3 ciphers that are disabled by
-# default. Note, weak SSLv2 ciphers are unconditionally
-# disabled.
-# 386 generate 80386 code in assembly modules
-# no-sse2 disables IA-32 SSE2 code in assembly modules, the above
-# mentioned '386' option implies this one
-# no-<cipher> build without specified algorithm (rsa, idea, rc5, ...)
-# -<xxx> +<xxx> compiler options are passed through
-#
-# DEBUG_SAFESTACK use type-safe stacks to enforce type-safety on stack items
-# provided to stack calls. Generates unique stack functions for
-# each possible stack type.
-# DES_PTR use pointer lookup vs arrays in the DES in crypto/des/des_locl.h
-# DES_RISC1 use different DES_ENCRYPT macro that helps reduce register
-# dependancies but needs to more registers, good for RISC CPU's
-# DES_RISC2 A different RISC variant.
-# DES_UNROLL unroll the inner DES loop, sometimes helps, somtimes hinders.
-# DES_INT use 'int' instead of 'long' for DES_LONG in crypto/des/des.h
-# This is used on the DEC Alpha where long is 8 bytes
-# and int is 4
-# BN_LLONG use the type 'long long' in crypto/bn/bn.h
-# MD2_CHAR use 'char' instead of 'int' for MD2_INT in crypto/md2/md2.h
-# MD2_LONG use 'long' instead of 'int' for MD2_INT in crypto/md2/md2.h
-# IDEA_SHORT use 'short' instead of 'int' for IDEA_INT in crypto/idea/idea.h
-# IDEA_LONG use 'long' instead of 'int' for IDEA_INT in crypto/idea/idea.h
-# RC2_SHORT use 'short' instead of 'int' for RC2_INT in crypto/rc2/rc2.h
-# RC2_LONG use 'long' instead of 'int' for RC2_INT in crypto/rc2/rc2.h
-# RC4_CHAR use 'char' instead of 'int' for RC4_INT in crypto/rc4/rc4.h
-# RC4_LONG use 'long' instead of 'int' for RC4_INT in crypto/rc4/rc4.h
-# RC4_INDEX define RC4_INDEX in crypto/rc4/rc4_locl.h. This turns on
-# array lookups instead of pointer use.
-# RC4_CHUNK enables code that handles data aligned at long (natural CPU
-# word) boundary.
-# RC4_CHUNK_LL enables code that handles data aligned at long long boundary
-# (intended for 64-bit CPUs running 32-bit OS).
-# BF_PTR use 'pointer arithmatic' for Blowfish (unsafe on Alpha).
-# BF_PTR2 intel specific version (generic version is more efficient).
-#
-# Following are set automatically by this script
-#
-# MD5_ASM use some extra md5 assember,
-# SHA1_ASM use some extra sha1 assember, must define L_ENDIAN for x86
-# RMD160_ASM use some extra ripemd160 assember,
-# SHA256_ASM sha256_block is implemented in assembler
-# SHA512_ASM sha512_block is implemented in assembler
-# AES_ASM ASE_[en|de]crypt is implemented in assembler
-
-# Minimum warning options... any contributions to OpenSSL should at least get
-# past these.
-
-my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wundef -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED";
-
-# TODO(openssl-team): fix problems and investigate if (at least) the following
-# warnings can also be enabled:
-# -Wconditional-uninitialized, -Wswitch-enum, -Wunused-macros,
-# -Wmissing-field-initializers, -Wmissing-variable-declarations,
-# -Wincompatible-pointer-types-discards-qualifiers, -Wcast-align,
-# -Wunreachable-code -Wunused-parameter -Wlanguage-extension-token
-# -Wextended-offsetof
-my $clang_disabled_warnings = "-Wno-unknown-warning-option -Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof";
-
-# These are used in addition to $gcc_devteam_warn when the compiler is clang.
-# TODO(openssl-team): fix problems and investigate if (at least) the
-# following warnings can also be enabled: -Wconditional-uninitialized,
-# -Wswitch-enum, -Wunused-macros, -Wmissing-field-initializers,
-# -Wmissing-variable-declarations,
-# -Wincompatible-pointer-types-discards-qualifiers, -Wcast-align,
-# -Wunreachable-code -Wunused-parameter -Wlanguage-extension-token
-# -Wextended-offsetof
-my $clang_devteam_warn = "-Wno-unknown-warning-option -Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Qunused-arguments";
-
-# Warn that "make depend" should be run?
-my $warn_make_depend = 0;
-
-my $strict_warnings = 0;
-
-my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
-
-# MD2_CHAR slags pentium pros
-my $x86_gcc_opts="RC4_INDEX MD2_INT";
-
-# MODIFY THESE PARAMETERS IF YOU ARE GOING TO USE THE 'util/speed.sh SCRIPT
-# Don't worry about these normally
-
-my $tcc="cc";
-my $tflags="-fast -Xa";
-my $tbn_mul="";
-my $tlib="-lnsl -lsocket";
-#$bits1="SIXTEEN_BIT ";
-#$bits2="THIRTY_TWO_BIT ";
-my $bits1="THIRTY_TWO_BIT ";
-my $bits2="SIXTY_FOUR_BIT ";
-
-my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o x86-gf2m.o::des-586.o crypt586.o:aes-586.o vpaes-x86.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o:cmll-x86.o:ghash-x86.o:";
-
-my $x86_elf_asm="$x86_asm:elf";
-
-my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o:ecp_nistz256.o ecp_nistz256-x86_64.o::aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o::rc4-x86_64.o rc4-md5-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o aesni-gcm-x86_64.o:";
-my $ia64_asm="ia64cpuid.o:bn-ia64.o ia64-mont.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::ghash-ia64.o::void";
-my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o::des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o:aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o::md5-sparcv9.o:sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o::::::camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o:ghash-sparcv9.o::void";
-my $sparcv8_asm=":sparcv8.o::des_enc-sparc.o fcrypt_b.o:::::::::::::void";
-my $alpha_asm="alphacpuid.o:bn_asm.o alpha-mont.o::::::sha1-alpha.o:::::::ghash-alpha.o::void";
-my $mips64_asm=":bn-mips.o mips-mont.o:::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o sha512-mips.o::::::::";
-my $mips32_asm=$mips64_asm; $mips32_asm =~ s/\s*sha512\-mips\.o//;
-my $s390x_asm="s390xcap.o s390xcpuid.o:bn-s390x.o s390x-mont.o s390x-gf2m.o:::aes-s390x.o aes-ctr.o aes-xts.o:::sha1-s390x.o sha256-s390x.o sha512-s390x.o::rc4-s390x.o:::::ghash-s390x.o:";
-my $armv4_asm="armcap.o armv4cpuid.o:bn_asm.o armv4-mont.o armv4-gf2m.o:::aes_cbc.o aes-armv4.o bsaes-armv7.o aesv8-armx.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::ghash-armv4.o ghashv8-armx.o::void";
-my $aarch64_asm="armcap.o arm64cpuid.o mem_clr.o::::aes_core.o aes_cbc.o aesv8-armx.o:::sha1-armv8.o sha256-armv8.o sha512-armv8.o:::::::ghashv8-armx.o:";
-my $parisc11_asm="pariscid.o:bn_asm.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::32";
-my $parisc20_asm="pariscid.o:pa-risc2W.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::64";
-my $ppc64_asm="ppccpuid.o ppccap.o:bn-ppc.o ppc-mont.o ppc64-mont.o:::aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o:::sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o:::::::ghashp8-ppc.o:";
-my $ppc32_asm=$ppc64_asm;
-my $no_asm="::::::::::::::::void";
-
-# As for $BSDthreads. Idea is to maintain "collective" set of flags,
-# which would cover all BSD flavors. -pthread applies to them all,
-# but is treated differently. OpenBSD expands is as -D_POSIX_THREAD
-# -lc_r, which is sufficient. FreeBSD 4.x expands it as -lc_r,
-# which has to be accompanied by explicit -D_THREAD_SAFE and
-# sometimes -D_REENTRANT. FreeBSD 5.x expands it as -lc_r, which
-# seems to be sufficient?
-my $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT";
-
-#config-string $cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $cpuid_obj : $bn_obj : $ec_obj : $des_obj : $aes_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $wp_obj : $cmll_obj : $modes_obj : $engines_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib : $arflags : $multilib
-
-my %table=(
-# File 'TABLE' (created by 'make TABLE') contains the data from this list,
-# formatted for better readability.
-
-
-#"b", "${tcc}:${tflags}::${tlib}:${bits1}:${tbn_mul}::",
-#"bl-4c-2c", "${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR MD2_CHAR:${tbn_mul}::",
-#"bl-4c-ri", "${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR RC4_INDEX:${tbn_mul}::",
-#"b2-is-ri-dp", "${tcc}:${tflags}::${tlib}:${bits2}IDEA_SHORT RC4_INDEX DES_PTR:${tbn_mul}::",
-
-# Our development configs
-"purify", "purify gcc:-g -DPURIFY -Wall::(unknown)::-lsocket -lnsl::::",
-"debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::-lefence::::",
-"debug-ben", "gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DDEBUG_SAFESTACK -O2 -pipe::(unknown):::::",
-"debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
-"debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
-"debug-ben-debug", "gcc44:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O2 -pipe::(unknown)::::::",
-"debug-ben-debug-64", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-ben-macos", "cc:$gcc_devteam_warn -arch i386 -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -DL_ENDIAN -g3 -pipe::(unknown)::-Wl,-search_paths_first::::",
-"debug-ben-macos-gcc46", "gcc-mp-4.6:$gcc_devteam_warn -Wconversion -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -DL_ENDIAN -g3 -pipe::(unknown)::::::",
-"debug-ben-darwin64","cc:$gcc_devteam_warn -g -Wno-language-extension-token -Wno-extended-offsetof -arch x86_64 -O3 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-"debug-ben-debug-64-clang", "clang:$gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-ben-no-opt", "gcc: -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -DTERMIOS -Wall -g3::(unknown)::::::",
-"debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
-"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-bodo", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-geoff32","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-geoff64","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
-"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
-"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-ia32-aes", "gcc:-DAES_EXPERIMENTAL -DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:x86cpuid.o:bn-586.o co-586.o x86-mont.o::des-586.o crypt586.o:aes_x86core.o aes_cbc.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o::ghash-x86.o::elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"dist", "cc:-O::(unknown)::::::",
-
-# Basic configs that should work on any (32 and less bit) box
-"gcc", "gcc:-O3::(unknown):::BN_LLONG:::",
-"cc", "cc:-O::(unknown)::::::",
-
-####VOS Configurations
-"vos-gcc","gcc:-O3 -Wall -DOPENSSL_SYSNAME_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm}:::::.so:",
-"debug-vos-gcc","gcc:-O0 -g -Wall -DOPENSSL_SYSNAME_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm}:::::.so:",
-
-#### Solaris x86 with GNU C setups
-# -DOPENSSL_NO_INLINE_ASM switches off inline assembler. We have to do it
-# here because whenever GNU C instantiates an assembler template it
-# surrounds it with #APP #NO_APP comment pair which (at least Solaris
-# 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic"
-# error message.
-"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -march=pentium -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# -shared -static-libgcc might appear controversial, but modules taken
-# from static libgcc do not have relocations and linking them into our
-# shared objects doesn't have any negative side-effects. On the contrary,
-# doing so makes it possible to use gcc shared build with Sun C. Given
-# that gcc generates faster code [thanks to inline assembler], I would
-# actually recommend to consider using gcc shared build even with vendor
-# compiler:-)
-# <appro@fy.chalmers.se>
-"solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
-
-#### Solaris x86 with Sun C setups
-"solaris-x86-cc","cc:-fast -xarch=generic -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
-
-#### SPARC Solaris with GNU C setups
-"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv8-gcc","gcc:-mcpu=v8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc
-"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
-####
-"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=v8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-#### SPARC Solaris with Sun C setups
-# SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2.
-# SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8
-# SC5.0 note: Compiler common patch 107357-01 or later is required!
-"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
-####
-"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-#### SunOS configs, assuming sparc for the gcc one.
-#"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::",
-"sunos-gcc","gcc:-O3 -mcpu=v8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::",
-
-#### IRIX 5.x configs
-# -mips2 flag is added by ./config when appropriate.
-"irix-gcc","gcc:-O3 -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix-cc", "cc:-O2 -use_readonly_const -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-#### IRIX 6.x configs
-# Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
-# './Configure irix-cc -o32' manually.
-"irix-mips3-gcc","gcc:-mabi=n32 -O3 -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
-"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
-# N64 ABI builds.
-"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-
-#### Unified HP-UX ANSI C configs.
-# Special notes:
-# - Originally we were optimizing at +O4 level. It should be noted
-# that the only difference between +O3 and +O4 is global inter-
-# procedural analysis. As it has to be performed during the link
-# stage the compiler leaves behind certain pseudo-code in lib*.a
-# which might be release or even patch level specific. Generating
-# the machine code for and analyzing the *whole* program appears
-# to be *extremely* memory demanding while the performance gain is
-# actually questionable. The situation is intensified by the default
-# HP-UX data set size limit (infamous 'maxdsiz' tunable) of 64MB
-# which is way too low for +O4. In other words, doesn't +O3 make
-# more sense?
-# - Keep in mind that the HP compiler by default generates code
-# suitable for execution on the host you're currently compiling at.
-# If the toolkit is ment to be used on various PA-RISC processors
-# consider './config +DAportable'.
-# - +DD64 is chosen in favour of +DA2.0W because it's meant to be
-# compatible with *future* releases.
-# - If you run ./Configure hpux-parisc-[g]cc manually don't forget to
-# pass -D_REENTRANT on HP-UX 10 and later.
-# - -DMD32_XARRAY triggers workaround for compiler bug we ran into in
-# 32-bit message digests. (For the moment of this writing) HP C
-# doesn't seem to "digest" too many local variables (they make "him"
-# chew forever:-). For more details look-up MD32_XARRAY comment in
-# crypto/sha/sha_lcl.h.
-# <appro@fy.chalmers.se>
-#
-# Since there is mention of this in shlib/hpux10-cc.sh
-"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc1_1-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${parisc11_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa1.1",
-"hpux-parisc2-gcc","gcc:-march=2.0 -O3 -DB_ENDIAN -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL DES_RISC1:".eval{my $asm=$parisc20_asm;$asm=~s/2W\./2\./;$asm=~s/:64/:32/;$asm}.":dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_32",
-"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2W.o:::::::::::::::void:dlfcn:hpux-shared:-fpic:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_64",
-
-# More attempts at unified 10.X and 11.X targets for HP C compiler.
-#
-# Chris Ruemmler <ruemmler@cup.hp.com>
-# Kevin Steves <ks@hp.se>
-"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc1_1-cc","cc:+DA1.1 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${parisc11_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa1.1",
-"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:".eval{my $asm=$parisc20_asm;$asm=~s/2W\./2\./;$asm=~s/:64/:32/;$asm}.":dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_32",
-"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${parisc20_asm}:dlfcn:hpux-shared:+Z:+DD64 -b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_64",
-
-# HP/UX IA-64 targets
-"hpux-ia64-cc","cc:-Ae +DD32 +O2 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD32 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux32",
-# Frank Geurts <frank.geurts@nl.abnamro.com> has patiently assisted with
-# with debugging of the following config.
-"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD64 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux64",
-# GCC builds...
-"hpux-ia64-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux32",
-"hpux64-ia64-gcc","gcc:-mlp64 -O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-mlp64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux64",
-
-# Legacy HPUX 9.X configs...
-"hpux-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O2 -z::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-#### HP MPE/iX http://jazz.external.hp.com/src/openssl/
-"MPE/iX-gcc", "gcc:-DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):MPE:-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
-
-# DEC Alpha OSF/1/Tru64 targets.
-#
-# "What's in a name? That which we call a rose
-# By any other word would smell as sweet."
-#
-# - William Shakespeare, "Romeo & Juliet", Act II, scene II.
-#
-# For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version
-#
-"osf1-alpha-gcc", "gcc:-O3::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
-"osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
-"tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so",
-
-####
-#### Variety of LINUX:-)
-####
-# *-generic* is endian-neutral target, but ./config is free to
-# throw in -D[BL]_ENDIAN, whichever appropriate...
-"linux-generic32","gcc:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ppc", "gcc:-DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-#######################################################################
-# Note that -march is not among compiler options in below linux-armv4
-# target line. Not specifying one is intentional to give you choice to:
-#
-# a) rely on your compiler default by not specifying one;
-# b) specify your target platform explicitly for optimal performance,
-# e.g. -march=armv6 or -march=armv7-a;
-# c) build "universal" binary that targets *range* of platforms by
-# specifying minimum and maximum supported architecture;
-#
-# As for c) option. It actually makes no sense to specify maximum to be
-# less than ARMv7, because it's the least requirement for run-time
-# switch between platform-specific code paths. And without run-time
-# switch performance would be equivalent to one for minimum. Secondly,
-# there are some natural limitations that you'd have to accept and
-# respect. Most notably you can *not* build "universal" binary for
-# big-endian platform. This is because ARMv7 processor always picks
-# instructions in little-endian order. Another similar limitation is
-# that -mthumb can't "cross" -march=armv6t2 boundary, because that's
-# where it became Thumb-2. Well, this limitation is a bit artificial,
-# because it's not really impossible, but it's deemed too tricky to
-# support. And of course you have to be sure that your binutils are
-# actually up to the task of handling maximum target platform. With all
-# this in mind here is an example of how to configure "universal" build:
-#
-# ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8
-#
-"linux-armv4", "gcc: -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-aarch64","gcc: -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# Configure script adds minimally required -march for assembly support,
-# if no -march was specified at command line. mips32 and mips64 below
-# refer to contemporary MIPS Architecture specifications, MIPS32 and
-# MIPS64, rather than to kernel bitness.
-"linux-mips32", "gcc:-mabi=32 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-mips64", "gcc:-mabi=n32 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:n32:dlfcn:linux-shared:-fPIC:-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
-"linux64-mips64", "gcc:-mabi=64 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:64:dlfcn:linux-shared:-fPIC:-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-#### IA-32 targets...
-"linux-ia32-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-aout", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
-####
-"linux-generic64","gcc:-O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ppc64", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"linux-ppc64le","gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:$ppc64_asm:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::",
-"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-x86_64", "gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"linux-x86_64-clang", "clang: -m64 -DL_ENDIAN -O3 -Wall -Wextra $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"debug-linux-x86_64-clang", "clang: -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall -Wextra $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"linux-x86_64-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"linux-x32", "gcc:-mx32 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
-"linux64-s390x", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-#### So called "highgprs" target for z/Architecture CPUs
-# "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
-# /proc/cpuinfo. The idea is to preserve most significant bits of
-# general purpose registers not only upon 32-bit process context
-# switch, but even on asynchronous signal delivery to such process.
-# This makes it possible to deploy 64-bit instructions even in legacy
-# application context and achieve better [or should we say adequate]
-# performance. The build is binary compatible with linux-generic32,
-# and the idea is to be able to install the resulting libcrypto.so
-# alongside generic one, e.g. as /lib/highgprs/libcrypto.so.x.y, for
-# ldconfig and run-time linker to autodiscover. Unfortunately it
-# doesn't work just yet, because of couple of bugs in glibc
-# sysdeps/s390/dl-procinfo.c affecting ldconfig and ld.so.1...
-"linux32-s390x", "gcc:-m31 -Wa,-mzarch -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/highgprs",
-#### SPARC Linux setups
-# Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
-# assisted with debugging of following two configs.
-"linux-sparcv8","gcc:-mcpu=v8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# it's a real mess with -mcpu=ultrasparc option under Linux, but
-# -Wa,-Av8plus should do the trick no matter what.
-"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# GCC 3.1 is a requirement
-"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-#### Alpha Linux with GNU C and Compaq C setups
-# Special notes:
-# - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
-# ought to run './Configure linux-alpha+bwx-gcc' manually, do
-# complement the command line with -mcpu=ev56, -mcpu=ev6 or whatever
-# which is appropriate.
-# - If you use ccc keep in mind that -fast implies -arch host and the
-# compiler is free to issue instructions which gonna make elder CPU
-# choke. If you wish to build "blended" toolkit, add -arch generic
-# *after* -fast and invoke './Configure linux-alpha-ccc' manually.
-#
-# <appro@fy.chalmers.se>
-#
-"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
-"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
-
-# Android: linux-* but without pointers to headers and libs.
-"android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"android-armv7","gcc:-march=armv7-a -mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"android-mips","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"android64-aarch64","gcc:-mandroid -fPIC -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -Wall::-D_REENTRANT::-pie%-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-#### *BSD [do see comment about ${BSDthreads} above!]
-"BSD-generic32","gcc:-O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-x86", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-sparcv8", "gcc:-DB_ENDIAN -O3 -mcpu=v8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-"BSD-generic64","gcc:-O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# -DMD32_REG_T=int doesn't actually belong in sparc64 target, it
-# simply *happens* to work around a compiler bug in gcc 3.3.3,
-# triggered by RIPEMD160 code.
-"BSD-sparc64", "gcc:-DB_ENDIAN -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:${sparcv9_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-ia64", "gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-x86_64", "cc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-"bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-"nextstep", "cc:-O -Wall:<libc.h>:(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
-"nextstep3.3", "cc:-O3 -Wall:<libc.h>:(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
-
-# NCR MP-RAS UNIX ver 02.03.01
-"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown)::-lsocket -lnsl -lc89:${x86_gcc_des} ${x86_gcc_opts}:::",
-
-# QNX
-"qnx4", "cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:",
-"QNX6", "gcc:::::-lsocket::${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"QNX6-i386", "gcc:-DL_ENDIAN -O2 -Wall::::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-# BeOS
-"beos-x86-r5", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -mcpu=pentium -Wall::-D_REENTRANT:BEOS:-lbe -lnet:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:beos:beos-shared:-fPIC -DPIC:-shared:.so",
-"beos-x86-bone", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -mcpu=pentium -Wall::-D_REENTRANT:BEOS:-lbe -lbind -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:beos:beos-shared:-fPIC:-shared:.so",
-
-#### SCO/Caldera targets.
-#
-# Originally we had like unixware-*, unixware-*-pentium, unixware-*-p6, etc.
-# Now we only have blended unixware-* as it's the only one used by ./config.
-# If you want to optimize for particular microarchitecture, bypass ./config
-# and './Configure unixware-7 -Kpentium_pro' or whatever appropriate.
-# Note that not all targets include assembler support. Mostly because of
-# lack of motivation to support out-of-date platforms with out-of-date
-# compiler drivers and assemblers. Tim Rice <tim@multitalents.net> has
-# patiently assisted to debug most of it.
-#
-# UnixWare 2.0x fails destest with -O.
-"unixware-2.0","cc:-DFILIO_H -DNO_STRINGS_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
-"unixware-2.1","cc:-O -DFILIO_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
-"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}-1:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -march=pentium -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}-1:dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the SCO cc.
-"sco5-cc", "cc:-belf::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}-1:dlfcn:svr3-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}-1:dlfcn:svr3-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-#### IBM's AIX.
-"aix3-cc", "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::",
-"aix-gcc", "gcc:-O -DB_ENDIAN::-pthread:AIX::BN_LLONG RC4_CHAR:${ppc32_asm}:aix32:dlfcn:aix-shared::-shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X32",
-"aix64-gcc","gcc:-maix64 -O -DB_ENDIAN::-pthread:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:${ppc64_asm}:aix64:dlfcn:aix-shared::-maix64 -shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X64",
-# Below targets assume AIX 5. Idea is to effectively disregard $OBJECT_MODE
-# at build time. $OBJECT_MODE is respected at ./config stage!
-"aix-cc", "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::BN_LLONG RC4_CHAR:${ppc32_asm}:aix32:dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32",
-"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:${ppc64_asm}:aix64:dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64",
-
-#
-# Cray T90 and similar (SDSC)
-# It's Big-endian, but the algorithms work properly when B_ENDIAN is NOT
-# defined. The T90 ints and longs are 8 bytes long, and apparently the
-# B_ENDIAN code assumes 4 byte ints. Fortunately, the non-B_ENDIAN and
-# non L_ENDIAN code aligns the bytes in each word correctly.
-#
-# The BIT_FIELD_LIMITS define is to avoid two fatal compiler errors:
-#'Taking the address of a bit field is not allowed. '
-#'An expression with bit field exists as the operand of "sizeof" '
-# (written by Wayne Schroeder <schroede@SDSC.EDU>)
-#
-# j90 is considered the base machine type for unicos machines,
-# so this configuration is now called "cray-j90" ...
-"cray-j90", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown):CRAY::SIXTY_FOUR_BIT_LONG DES_INT:::",
-
-#
-# Cray T3E (Research Center Juelich, beckman@acl.lanl.gov)
-#
-# The BIT_FIELD_LIMITS define was written for the C90 (it seems). I added
-# another use. Basically, the problem is that the T3E uses some bit fields
-# for some st_addr stuff, and then sizeof and address-of fails
-# I could not use the ams/alpha.o option because the Cray assembler, 'cam'
-# did not like it.
-"cray-t3e", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown):CRAY::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:::",
-
-# DGUX, 88100.
-"dgux-R3-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown):::RC4_INDEX DES_UNROLL:::",
-"dgux-R4-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lnsl -lsocket:RC4_INDEX DES_UNROLL:::",
-"dgux-R4-x86-gcc", "gcc:-O3 -fomit-frame-pointer -DL_ENDIAN::(unknown)::-lnsl -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-
-# Sinix/ReliantUNIX RM400
-# NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g */
-"ReliantUNIX","cc:-KPIC -g -DTERMIOS -DB_ENDIAN::-Kthread:SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${no_asm}:dlfcn:reliantunix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"SINIX","cc:-O::(unknown):SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:RC4_INDEX RC4_CHAR:::",
-"SINIX-N","/usr/ucb/cc:-O2 -misaligned::(unknown)::-lucb:RC4_INDEX RC4_CHAR:::",
-
-# SIEMENS BS2000/OSD: an EBCDIC-based mainframe
-"BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DCHARSET_EBCDIC::(unknown)::-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
-
-# OS/390 Unix an EBCDIC-based Unix system on IBM mainframe
-# You need to compile using the c89.sh wrapper in the tools directory, because the
-# IBM compiler does not like the -L switch after any object modules.
-#
-"OS390-Unix","c89.sh:-O -DB_ENDIAN -DCHARSET_EBCDIC -DNO_SYS_PARAM_H -D_ALL_SOURCE::(unknown):::THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
-
-# Visual C targets
-#
-# Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64
-"VC-WIN64I","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o ia64-mont.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ghash-ia64.o::ias:win32",
-"VC-WIN64A","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:".eval{my $asm=$x86_64_asm;$asm=~s/x86_64-gcc\.o/bn_asm.o/;$asm}.":auto:win32",
-"debug-VC-WIN64I","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ghash-ia64.o::ias:win32",
-"debug-VC-WIN64A","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:".eval{my $asm=$x86_64_asm;$asm=~s/x86_64-gcc\.o/bn_asm.o/;$asm}.":auto:win32",
-# x86 Win32 target defaults to ANSI API, if you want UNICODE, complement
-# 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE'
-"VC-WIN32","cl:-W3 -WX -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_WINSOCK_DEPRECATED_NO_WARNINGS:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
-# Unified CE target
-"debug-VC-WIN32","cl:-W3 -WX -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_WINSOCK_DEPRECATED_NO_WARNINGS:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
-"VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32",
-
-# Borland C++ 4.5
-"BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN:${no_asm}:win32",
-
-# MinGW
-"mingw", "gcc:-mno-cygwin -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -fomit-frame-pointer -O3 -march=i486 -Wall::-D_MT:MINGW32:-lws2_32 -lgdi32 -lcrypt32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts} EXPORT_VAR_AS_FN:${x86_asm}:coff:win32:cygwin-shared:-D_WINDLL -DOPENSSL_USE_APPLINK:-mno-cygwin:.dll.a",
-# As for OPENSSL_USE_APPLINK. Applink makes it possible to use .dll
-# compiled with one compiler with application compiled with another
-# compiler. It's possible to engage Applink support in mingw64 build,
-# but it's not done, because till mingw64 supports structured exception
-# handling, one can't seriously consider its binaries for using with
-# non-mingw64 run-time environment. And as mingw64 is always consistent
-# with itself, Applink is never engaged and can as well be omitted.
-"mingw64", "gcc:-mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE::-D_MT:MINGW64:-lws2_32 -lgdi32 -lcrypt32:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${x86_64_asm}:mingw64:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll.a",
-
-# UWIN
-"UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32",
-
-# Cygwin
-"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:coff:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",
-"Cygwin-x86_64", "gcc:-DTERMIOS -DL_ENDIAN -O3 -Wall:::CYGWIN::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:mingw64:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",
-
-# NetWare from David Ward (dsward@novell.com)
-# requires either MetroWerks NLM development tools, or gcc / nlmconv
-# NetWare defaults socket bio to WinSock sockets. However,
-# the builds can be configured to use BSD sockets instead.
-# netware-clib => legacy CLib c-runtime support
-"netware-clib", "mwccnlm::::::${x86_gcc_opts}::",
-"netware-clib-bsdsock", "mwccnlm::::::${x86_gcc_opts}::",
-"netware-clib-gcc", "i586-netware-gcc:-nostdinc -I/ndk/nwsdk/include/nlm -I/ndk/ws295sdk/include -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYSNAME_NETWARE -O2 -Wall:::::${x86_gcc_opts}::",
-"netware-clib-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/nwsdk/include/nlm -DNETWARE_BSDSOCK -DNETDB_USE_INTERNET -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYSNAME_NETWARE -O2 -Wall:::::${x86_gcc_opts}::",
-# netware-libc => LibC/NKS support
-"netware-libc", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::",
-"netware-libc-bsdsock", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::",
-"netware-libc-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -I/ndk/libc/include/winsock -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::",
-"netware-libc-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -DNETWARE_BSDSOCK -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::",
-
-# DJGPP
-"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIO -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:",
-
-# Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
-"ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::",
-"ultrix-gcc","gcc:-O3 -DL_ENDIAN::(unknown):::BN_LLONG::::",
-# K&R C is no longer supported; you need gcc on old Ultrix installations
-##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN::(unknown):::::::",
-
-##### MacOS X (a.k.a. Rhapsody or Darwin) setup
-"rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX_RHAPSODY::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}::",
-"darwin-ppc-cc","cc:-arch ppc -O3 -DB_ENDIAN -Wa,-force_cpusubtype_ALL::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc32_asm}:osx32:dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-"darwin64-ppc-cc","cc:-arch ppc64 -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc64_asm}:osx64:dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-"darwin-i386-cc","cc:-arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:".eval{my $asm=$x86_asm;$asm=~s/cast\-586\.o//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-"debug-darwin-i386-cc","cc:-arch i386 -g3 -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:${x86_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-"darwin64-x86_64-cc","cc:-arch x86_64 -O3 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-"debug-darwin64-x86_64-cc","cc:-arch x86_64 -ggdb -g2 -O0 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-"debug-darwin-ppc-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc32_asm}:osx32:dlfcn:darwin-shared:-fPIC:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-# iPhoneOS/iOS
-"iphoneos-cross","llvm-gcc:-O3 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fomit-frame-pointer -fno-common::-D_REENTRANT:iOS:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-
-##### A/UX
-"aux3-gcc","gcc:-O2 -DTERMIO::(unknown):AUX:-lbsd:RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
-
-##### Sony NEWS-OS 4.x
-"newsos4-gcc","gcc:-O -DB_ENDIAN::(unknown):NEWS4:-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::",
-
-##### GNU Hurd
-"hurd-x86", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC",
-
-##### OS/2 EMX
-"OS2-EMX", "gcc::::::::",
-
-##### VxWorks for various targets
-"vxworks-ppc60x","ccppc:-D_REENTRANT -mrtp -mhard-float -mstrict-align -fno-implicit-fp -DPPC32_fp60x -O2 -fstrength-reduce -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/usr/h/wrn/coreip:::VXWORKS:-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/ppc/PPC32/common:::::",
-"vxworks-ppcgen","ccppc:-D_REENTRANT -mrtp -msoft-float -mstrict-align -O1 -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/usr/h/wrn/coreip:::VXWORKS:-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/ppc/PPC32/sfcommon:::::",
-"vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::",
-"vxworks-ppc750","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h \$(DEBUG_FLAG):::VXWORKS:-r:::::",
-"vxworks-ppc750-debug","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g:::VXWORKS:-r:::::",
-"vxworks-ppc860","ccppc:-nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::",
-"vxworks-simlinux","ccpentium:-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\" -DL_ENDIAN -DCPU=SIMLINUX -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I\$(WIND_BASE)/target/h -I\$(WIND_BASE)/target/h/wrn/coreip -DOPENSSL_NO_HW_PADLOCK:::VXWORKS:-r::${no_asm}::::::ranlibpentium:",
-"vxworks-mips","ccmips:-mrtp -mips2 -O -G 0 -B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\" -DCPU=MIPS32 -msoft-float -mno-branch-likely -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/h/wrn/coreip::-D_REENTRANT:VXWORKS:-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/mips/MIPSI32/sfcommon::${mips32_asm}:o32::::::ranlibmips:",
-
-##### Compaq Non-Stop Kernel (Tandem)
-"tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown):::THIRTY_TWO_BIT:::",
-
-# uClinux
-"uClinux-dist","$ENV{'CC'}:\$(CFLAGS)::-D_REENTRANT::\$(LDFLAGS) \$(LDLIBS):BN_LLONG:${no_asm}:$ENV{'LIBSSL_dlfcn'}:linux-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):$ENV{'RANLIB'}::",
-"uClinux-dist64","$ENV{'CC'}:\$(CFLAGS)::-D_REENTRANT::\$(LDFLAGS) \$(LDLIBS):SIXTY_FOUR_BIT_LONG:${no_asm}:$ENV{'LIBSSL_dlfcn'}:linux-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):$ENV{'RANLIB'}::",
-
-);
-
-my @MK1MF_Builds=qw(VC-WIN64I VC-WIN64A
- debug-VC-WIN64I debug-VC-WIN64A
- VC-NT VC-CE VC-WIN32 debug-VC-WIN32
- BC-32
- netware-clib netware-clib-bsdsock
- netware-libc netware-libc-bsdsock);
-
-my $idx = 0;
-my $idx_cc = $idx++;
-my $idx_cflags = $idx++;
-my $idx_unistd = $idx++;
-my $idx_thread_cflag = $idx++;
-my $idx_sys_id = $idx++;
-my $idx_lflags = $idx++;
-my $idx_bn_ops = $idx++;
-my $idx_cpuid_obj = $idx++;
-my $idx_bn_obj = $idx++;
-my $idx_ec_obj = $idx++;
-my $idx_des_obj = $idx++;
-my $idx_aes_obj = $idx++;
-my $idx_bf_obj = $idx++;
-my $idx_md5_obj = $idx++;
-my $idx_sha1_obj = $idx++;
-my $idx_cast_obj = $idx++;
-my $idx_rc4_obj = $idx++;
-my $idx_rmd160_obj = $idx++;
-my $idx_rc5_obj = $idx++;
-my $idx_wp_obj = $idx++;
-my $idx_cmll_obj = $idx++;
-my $idx_modes_obj = $idx++;
-my $idx_engines_obj = $idx++;
-my $idx_perlasm_scheme = $idx++;
-my $idx_dso_scheme = $idx++;
-my $idx_shared_target = $idx++;
-my $idx_shared_cflag = $idx++;
-my $idx_shared_ldflag = $idx++;
-my $idx_shared_extension = $idx++;
-my $idx_ranlib = $idx++;
-my $idx_arflags = $idx++;
-my $idx_multilib = $idx++;
-
-my $prefix="";
-my $libdir="";
-my $openssldir="";
-my $exe_ext="";
-my $install_prefix= "$ENV{'INSTALL_PREFIX'}";
-my $cross_compile_prefix="";
-my $fipsdir="/usr/local/ssl/fips-2.0";
-my $fipslibdir="";
-my $baseaddr="0xFB00000";
-my $no_threads=0;
-my $threads=0;
-my $no_shared=0; # but "no-shared" is default
-my $zlib=1; # but "no-zlib" is default
-my $no_krb5=0; # but "no-krb5" is implied unless "--with-krb5-..." is used
-my $no_rfc3779=1; # but "no-rfc3779" is default
-my $no_asm=0;
-my $no_dso=0;
-my $no_gmp=0;
-my @skip=();
-my $Makefile="Makefile";
-my $des_locl="crypto/des/des_locl.h";
-my $des ="crypto/des/des.h";
-my $bn ="crypto/bn/bn.h";
-my $md2 ="crypto/md2/md2.h";
-my $rc4 ="crypto/rc4/rc4.h";
-my $rc4_locl="crypto/rc4/rc4_locl.h";
-my $idea ="crypto/idea/idea.h";
-my $rc2 ="crypto/rc2/rc2.h";
-my $bf ="crypto/bf/bf_locl.h";
-my $bn_asm ="bn_asm.o";
-my $des_enc="des_enc.o fcrypt_b.o";
-my $aes_enc="aes_core.o aes_cbc.o";
-my $bf_enc ="bf_enc.o";
-my $cast_enc="c_enc.o";
-my $rc4_enc="rc4_enc.o rc4_skey.o";
-my $rc5_enc="rc5_enc.o";
-my $md5_obj="";
-my $sha1_obj="";
-my $rmd160_obj="";
-my $cmll_enc="camellia.o cmll_misc.o cmll_cbc.o";
-my $processor="";
-my $default_ranlib;
-my $perl;
-my $fips=0;
-
-if (exists $ENV{FIPSDIR})
- {
- $fipsdir = $ENV{FIPSDIR};
- $fipsdir =~ s/\/$//;
- }
-
-# All of the following is disabled by default (RC5 was enabled before 0.9.8):
-
-my %disabled = ( # "what" => "comment" [or special keyword "experimental"]
- "ec_nistp_64_gcc_128" => "default",
- "gmp" => "default",
- "jpake" => "experimental",
- "libunbound" => "experimental",
- "md2" => "default",
- "rc5" => "default",
- "rfc3779" => "default",
- "sctp" => "default",
- "shared" => "default",
- "ssl-trace" => "default",
- "ssl2" => "default",
- "store" => "experimental",
- "unit-test" => "default",
- "weak-ssl-ciphers" => "default",
- "zlib" => "default",
- "zlib-dynamic" => "default"
- );
-my @experimental = ();
-
-# This is what $depflags will look like with the above defaults
-# (we need this to see if we should advise the user to run "make depend"):
-my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_LIBUNBOUND -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS";
-
-# Explicit "no-..." options will be collected in %disabled along with the defaults.
-# To remove something from %disabled, use "enable-foo" (unless it's experimental).
-# For symmetry, "disable-foo" is a synonym for "no-foo".
-
-# For features called "experimental" here, a more explicit "experimental-foo" is needed to enable.
-# We will collect such requests in @experimental.
-# To avoid accidental use of experimental features, applications will have to use -DOPENSSL_EXPERIMENTAL_FOO.
-
-
-my $no_sse2=0;
-
-&usage if ($#ARGV < 0);
-
-my $flags;
-my $depflags;
-my $openssl_experimental_defines;
-my $openssl_algorithm_defines;
-my $openssl_thread_defines;
-my $openssl_sys_defines="";
-my $openssl_other_defines;
-my $libs;
-my $libkrb5="";
-my $target;
-my $options;
-my $symlink;
-my $make_depend=0;
-my %withargs=();
-
-my @argvcopy=@ARGV;
-my $argvstring="";
-my $argv_unprocessed=1;
-
-while($argv_unprocessed)
- {
- $flags="";
- $depflags="";
- $openssl_experimental_defines="";
- $openssl_algorithm_defines="";
- $openssl_thread_defines="";
- $openssl_sys_defines="";
- $openssl_other_defines="";
- $libs="";
- $target="";
- $options="";
- $symlink=1;
-
- $argv_unprocessed=0;
- $argvstring=join(' ',@argvcopy);
-
-PROCESS_ARGS:
- foreach (@argvcopy)
- {
- s /^-no-/no-/; # some people just can't read the instructions
-
- # rewrite some options in "enable-..." form
- s /^-?-?shared$/enable-shared/;
- s /^sctp$/enable-sctp/;
- s /^threads$/enable-threads/;
- s /^zlib$/enable-zlib/;
- s /^zlib-dynamic$/enable-zlib-dynamic/;
-
- if (/^no-(.+)$/ || /^disable-(.+)$/)
- {
- if (!($disabled{$1} eq "experimental"))
- {
- if ($1 eq "ssl")
- {
- $disabled{"ssl2"} = "option(ssl)";
- $disabled{"ssl3"} = "option(ssl)";
- }
- elsif ($1 eq "tls")
- {
- $disabled{"tls1"} = "option(tls)"
- }
- elsif ($1 eq "ssl3-method")
- {
- $disabled{"ssl3-method"} = "option(ssl)";
- $disabled{"ssl3"} = "option(ssl)";
- }
- else
- {
- $disabled{$1} = "option";
- }
- }
- }
- elsif (/^enable-(.+)$/ || /^experimental-(.+)$/)
- {
- my $algo = $1;
- if ($disabled{$algo} eq "experimental")
- {
- die "You are requesting an experimental feature; please say 'experimental-$algo' if you are sure\n"
- unless (/^experimental-/);
- push @experimental, $algo;
- }
- delete $disabled{$algo};
-
- $threads = 1 if ($algo eq "threads");
- }
- elsif (/^--test-sanity$/)
- {
- exit(&test_sanity());
- }
- elsif (/^--strict-warnings/)
- {
- $strict_warnings = 1;
- }
- elsif (/^reconfigure/ || /^reconf/)
- {
- if (open(IN,"<$Makefile"))
- {
- while (<IN>)
- {
- chomp;
- if (/^CONFIGURE_ARGS=(.*)/)
- {
- $argvstring=$1;
- @argvcopy=split(' ',$argvstring);
- die "Incorrect data to reconfigure, please do a normal configuration\n"
- if (grep(/^reconf/,@argvcopy));
- print "Reconfiguring with: $argvstring\n";
- $argv_unprocessed=1;
- close(IN);
- last PROCESS_ARGS;
- }
- }
- close(IN);
- }
- die "Insufficient data to reconfigure, please do a normal configuration\n";
- }
- elsif (/^386$/)
- { $processor=386; }
- elsif (/^fips$/)
- {
- $fips=1;
- }
- elsif (/^rsaref$/)
- {
- # No RSAref support any more since it's not needed.
- # The check for the option is there so scripts aren't
- # broken
- }
- elsif (/^[-+]/)
- {
- if (/^--prefix=(.*)$/)
- {
- $prefix=$1;
- }
- elsif (/^--libdir=(.*)$/)
- {
- $libdir=$1;
- }
- elsif (/^--openssldir=(.*)$/)
- {
- $openssldir=$1;
- }
- elsif (/^--install.prefix=(.*)$/)
- {
- $install_prefix=$1;
- }
- elsif (/^--with-krb5-(dir|lib|include|flavor)=(.*)$/)
- {
- $withargs{"krb5-".$1}=$2;
- }
- elsif (/^--with-zlib-lib=(.*)$/)
- {
- $withargs{"zlib-lib"}=$1;
- }
- elsif (/^--with-zlib-include=(.*)$/)
- {
- $withargs{"zlib-include"}="-I$1";
- }
- elsif (/^--with-fipsdir=(.*)$/)
- {
- $fipsdir="$1";
- }
- elsif (/^--with-fipslibdir=(.*)$/)
- {
- $fipslibdir="$1";
- }
- elsif (/^--with-baseaddr=(.*)$/)
- {
- $baseaddr="$1";
- }
- elsif (/^--cross-compile-prefix=(.*)$/)
- {
- $cross_compile_prefix=$1;
- }
- elsif (/^-[lL](.*)$/ or /^-Wl,/)
- {
- $libs.=$_." ";
- }
- else # common if (/^[-+]/), just pass down...
- {
- $_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei;
- $flags.=$_." ";
- }
- }
- elsif ($_ =~ /^([^:]+):(.+)$/)
- {
- eval "\$table{\$1} = \"$2\""; # allow $xxx constructs in the string
- $target=$1;
- }
- else
- {
- die "target already defined - $target (offending arg: $_)\n" if ($target ne "");
- $target=$_;
- }
-
- unless ($_ eq $target || /^no-/ || /^disable-/)
- {
- # "no-..." follows later after implied disactivations
- # have been derived. (Don't take this too seroiusly,
- # we really only write OPTIONS to the Makefile out of
- # nostalgia.)
-
- if ($options eq "")
- { $options = $_; }
- else
- { $options .= " ".$_; }
- }
- }
- }
-
-
-
-if ($processor eq "386")
- {
- $disabled{"sse2"} = "forced";
- }
-
-if (!defined($withargs{"krb5-flavor"}) || $withargs{"krb5-flavor"} eq "")
- {
- $disabled{"krb5"} = "krb5-flavor not specified";
- }
-
-if (!defined($disabled{"zlib-dynamic"}))
- {
- # "zlib-dynamic" was specifically enabled, so enable "zlib"
- delete $disabled{"zlib"};
- }
-
-if (defined($disabled{"rijndael"}))
- {
- $disabled{"aes"} = "forced";
- }
-if (defined($disabled{"des"}))
- {
- $disabled{"mdc2"} = "forced";
- }
-if (defined($disabled{"ec"}))
- {
- $disabled{"ecdsa"} = "forced";
- $disabled{"ecdh"} = "forced";
- }
-
-# SSL 2.0 requires MD5 and RSA
-if (defined($disabled{"md5"}) || defined($disabled{"rsa"}))
- {
- $disabled{"ssl2"} = "forced";
- }
-
-if ($fips && $fipslibdir eq "")
- {
- $fipslibdir = $fipsdir . "/lib/";
- }
-
-# RSAX ENGINE sets default non-FIPS RSA method.
-if ($fips)
- {
- $disabled{"rsax"} = "forced";
- }
-
-# SSL 3.0 and TLS requires MD5 and SHA and either RSA or DSA+DH
-if (defined($disabled{"md5"}) || defined($disabled{"sha"})
- || (defined($disabled{"rsa"})
- && (defined($disabled{"dsa"}) || defined($disabled{"dh"}))))
- {
- $disabled{"ssl3"} = "forced";
- $disabled{"tls1"} = "forced";
- }
-
-if (defined($disabled{"ec"}) || defined($disabled{"dsa"})
- || defined($disabled{"dh"}))
- {
- $disabled{"gost"} = "forced";
- }
-
-# SRP and HEARTBEATS require TLSEXT
-if (defined($disabled{"tlsext"}))
- {
- $disabled{"srp"} = "forced";
- $disabled{"heartbeats"} = "forced";
- }
-
-if ($target eq "TABLE") {
- foreach $target (sort keys %table) {
- print_table_entry($target);
- }
- exit 0;
-}
-
-if ($target eq "LIST") {
- foreach (sort keys %table) {
- print;
- print "\n";
- }
- exit 0;
-}
-
-if ($target =~ m/^CygWin32(-.*)$/) {
- $target = "Cygwin".$1;
-}
-
-print "Configuring for $target\n";
-
-&usage if (!defined($table{$target}));
-
-
-foreach (sort (keys %disabled))
- {
- $options .= " no-$_";
-
- printf " no-%-12s %-10s", $_, "[$disabled{$_}]";
-
- if (/^dso$/)
- { $no_dso = 1; }
- elsif (/^threads$/)
- { $no_threads = 1; }
- elsif (/^shared$/)
- { $no_shared = 1; }
- elsif (/^zlib$/)
- { $zlib = 0; }
- elsif (/^static-engine$/)
- { }
- elsif (/^zlib-dynamic$/)
- { }
- elsif (/^symlinks$/)
- { $symlink = 0; }
- elsif (/^sse2$/)
- { $no_sse2 = 1; }
- else
- {
- my ($ALGO, $algo);
- ($ALGO = $algo = $_) =~ tr/[\-a-z]/[_A-Z]/;
-
- if (/^asm$/ || /^err$/ || /^hw$/ || /^hw-/)
- {
- $openssl_other_defines .= "#define OPENSSL_NO_$ALGO\n";
- print " OPENSSL_NO_$ALGO";
-
- if (/^err$/) { $flags .= "-DOPENSSL_NO_ERR "; }
- elsif (/^asm$/) { $no_asm = 1; }
- }
- else
- {
- $openssl_algorithm_defines .= "#define OPENSSL_NO_$ALGO\n";
- print " OPENSSL_NO_$ALGO";
-
- if (/^krb5$/)
- { $no_krb5 = 1; }
- else
- {
- push @skip, $algo;
- # fix-up crypto/directory name(s)
- @skip[$#skip]="whrlpool" if $algo eq "whirlpool";
- print " (skip dir)";
-
- $depflags .= " -DOPENSSL_NO_$ALGO";
- }
- }
- if (/^comp$/) { $zlib = 0; }
- }
-
- print "\n";
- }
-
-my $exp_cflags = "";
-foreach (sort @experimental)
- {
- my $ALGO;
- ($ALGO = $_) =~ tr/[a-z]/[A-Z]/;
-
- # opensslconf.h will set OPENSSL_NO_... unless OPENSSL_EXPERIMENTAL_... is defined
- $openssl_experimental_defines .= "#define OPENSSL_NO_$ALGO\n";
- $exp_cflags .= " -DOPENSSL_EXPERIMENTAL_$ALGO";
- }
-
-my $IsMK1MF=scalar grep /^$target$/,@MK1MF_Builds;
-
-$exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target =~ /^mingw/);
-$exe_ext=".nlm" if ($target =~ /netware/);
-$exe_ext=".pm" if ($target =~ /vos/);
-$openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq "");
-$prefix=$openssldir if $prefix eq "";
-
-$default_ranlib= &which("ranlib") or $default_ranlib="true";
-$perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl")
- or $perl="perl";
-my $make = $ENV{'MAKE'} || "make";
-
-$cross_compile_prefix=$ENV{'CROSS_COMPILE'} if $cross_compile_prefix eq "";
-
-chop $openssldir if $openssldir =~ /\/$/;
-chop $prefix if $prefix =~ /.\/$/;
-
-$openssldir=$prefix . "/ssl" if $openssldir eq "";
-$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/;
-
-
-print "IsMK1MF=$IsMK1MF\n";
-
-my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
-my $cc = $fields[$idx_cc];
-# Allow environment CC to override compiler...
-if($ENV{CC}) {
- $cc = $ENV{CC};
-}
-
-my $cflags = $fields[$idx_cflags];
-my $unistd = $fields[$idx_unistd];
-my $thread_cflag = $fields[$idx_thread_cflag];
-my $sys_id = $fields[$idx_sys_id];
-my $lflags = $fields[$idx_lflags];
-my $bn_ops = $fields[$idx_bn_ops];
-my $cpuid_obj = $fields[$idx_cpuid_obj];
-my $bn_obj = $fields[$idx_bn_obj];
-my $ec_obj = $fields[$idx_ec_obj];
-my $des_obj = $fields[$idx_des_obj];
-my $aes_obj = $fields[$idx_aes_obj];
-my $bf_obj = $fields[$idx_bf_obj];
-my $md5_obj = $fields[$idx_md5_obj];
-my $sha1_obj = $fields[$idx_sha1_obj];
-my $cast_obj = $fields[$idx_cast_obj];
-my $rc4_obj = $fields[$idx_rc4_obj];
-my $rmd160_obj = $fields[$idx_rmd160_obj];
-my $rc5_obj = $fields[$idx_rc5_obj];
-my $wp_obj = $fields[$idx_wp_obj];
-my $cmll_obj = $fields[$idx_cmll_obj];
-my $modes_obj = $fields[$idx_modes_obj];
-my $engines_obj = $fields[$idx_engines_obj];
-my $perlasm_scheme = $fields[$idx_perlasm_scheme];
-my $dso_scheme = $fields[$idx_dso_scheme];
-my $shared_target = $fields[$idx_shared_target];
-my $shared_cflag = $fields[$idx_shared_cflag];
-my $shared_ldflag = $fields[$idx_shared_ldflag];
-my $shared_extension = $fields[$idx_shared_extension];
-my $ranlib = $ENV{'RANLIB'} || $fields[$idx_ranlib];
-my $ar = $ENV{'AR'} || "ar";
-my $arflags = $fields[$idx_arflags];
-my $windres = $ENV{'RC'} || $ENV{'WINDRES'} || "windres";
-my $multilib = $fields[$idx_multilib];
-
-# if $prefix/lib$multilib is not an existing directory, then
-# assume that it's not searched by linker automatically, in
-# which case adding $multilib suffix causes more grief than
-# we're ready to tolerate, so don't...
-$multilib="" if !-d "$prefix/lib$multilib";
-
-$libdir="lib$multilib" if $libdir eq "";
-
-$cflags = "$cflags$exp_cflags";
-
-# '%' in $lflags is used to split flags to "pre-" and post-flags
-my ($prelflags,$postlflags)=split('%',$lflags);
-if (defined($postlflags)) { $lflags=$postlflags; }
-else { $lflags=$prelflags; undef $prelflags; }
-
-if ($target =~ /^mingw/ && `$cross_compile_prefix$cc --target-help 2>&1` !~ m/\-mno\-cygwin/m)
- {
- $cflags =~ s/\-mno\-cygwin\s*//;
- $shared_ldflag =~ s/\-mno\-cygwin\s*//;
- }
-
-if ($target =~ /linux.*\-mips/ && !$no_asm && $flags !~ /\-m(ips|arch=)/) {
- # minimally required architecture flags for assembly modules
- $cflags="-mips2 $cflags" if ($target =~ /mips32/);
- $cflags="-mips3 $cflags" if ($target =~ /mips64/);
-}
-
-my $no_shared_warn=0;
-my $no_user_cflags=0;
-
-if ($flags ne "") { $cflags="$flags$cflags"; }
-else { $no_user_cflags=1; }
-
-# Kerberos settings. The flavor must be provided from outside, either through
-# the script "config" or manually.
-if (!$no_krb5)
- {
- my ($lresolv, $lpath, $lext);
- if ($withargs{"krb5-flavor"} =~ /^[Hh]eimdal$/)
- {
- die "Sorry, Heimdal is currently not supported\n";
- }
- ##### HACK to force use of Heimdal.
- ##### WARNING: Since we don't really have adequate support for Heimdal,
- ##### using this will break the build. You'll have to make
- ##### changes to the source, and if you do, please send
- ##### patches to openssl-dev@openssl.org
- if ($withargs{"krb5-flavor"} =~ /^force-[Hh]eimdal$/)
- {
- warn "Heimdal isn't really supported. Your build WILL break\n";
- warn "If you fix the problems, please send a patch to openssl-dev\@openssl.org\n";
- $withargs{"krb5-dir"} = "/usr/heimdal"
- if $withargs{"krb5-dir"} eq "";
- $withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}.
- "/lib -lgssapi -lkrb5 -lcom_err"
- if $withargs{"krb5-lib"} eq "" && !$IsMK1MF;
- $cflags="-DKRB5_HEIMDAL $cflags";
- }
- if ($withargs{"krb5-flavor"} =~ /^[Mm][Ii][Tt]/)
- {
- $withargs{"krb5-dir"} = "/usr/kerberos"
- if $withargs{"krb5-dir"} eq "";
- $withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}.
- "/lib -lgssapi_krb5 -lkrb5 -lcom_err -lk5crypto"
- if $withargs{"krb5-lib"} eq "" && !$IsMK1MF;
- $cflags="-DKRB5_MIT $cflags";
- $withargs{"krb5-flavor"} =~ s/^[Mm][Ii][Tt][._-]*//;
- if ($withargs{"krb5-flavor"} =~ /^1[._-]*[01]/)
- {
- $cflags="-DKRB5_MIT_OLD11 $cflags";
- }
- }
- LRESOLV:
- foreach $lpath ("/lib", "/usr/lib")
- {
- foreach $lext ("a", "so")
- {
- $lresolv = "$lpath/libresolv.$lext";
- last LRESOLV if (-r "$lresolv");
- $lresolv = "";
- }
- }
- $withargs{"krb5-lib"} .= " -lresolv"
- if ("$lresolv" ne "");
- $withargs{"krb5-include"} = "-I".$withargs{"krb5-dir"}."/include"
- if $withargs{"krb5-include"} eq "" &&
- $withargs{"krb5-dir"} ne "";
- }
-
-# The DSO code currently always implements all functions so that no
-# applications will have to worry about that from a compilation point
-# of view. However, the "method"s may return zero unless that platform
-# has support compiled in for them. Currently each method is enabled
-# by a define "DSO_<name>" ... we translate the "dso_scheme" config
-# string entry into using the following logic;
-my $dso_cflags;
-if (!$no_dso && $dso_scheme ne "")
- {
- $dso_scheme =~ tr/[a-z]/[A-Z]/;
- if ($dso_scheme eq "DLFCN")
- {
- $dso_cflags = "-DDSO_DLFCN -DHAVE_DLFCN_H";
- }
- elsif ($dso_scheme eq "DLFCN_NO_H")
- {
- $dso_cflags = "-DDSO_DLFCN";
- }
- else
- {
- $dso_cflags = "-DDSO_$dso_scheme";
- }
- $cflags = "$dso_cflags $cflags";
- }
-
-my $thread_cflags;
-my $thread_defines;
-if ($thread_cflag ne "(unknown)" && !$no_threads)
- {
- # If we know how to do it, support threads by default.
- $threads = 1;
- }
-if ($thread_cflag eq "(unknown)" && $threads)
- {
- # If the user asked for "threads", [s]he is also expected to
- # provide any system-dependent compiler options that are
- # necessary.
- if ($no_user_cflags)
- {
- print "You asked for multi-threading support, but didn't\n";
- print "provide any system-specific compiler options\n";
- exit(1);
- }
- $thread_cflags="-DOPENSSL_THREADS $cflags" ;
- $thread_defines .= "#define OPENSSL_THREADS\n";
- }
-else
- {
- $thread_cflags="-DOPENSSL_THREADS $thread_cflag $cflags";
- $thread_defines .= "#define OPENSSL_THREADS\n";
-# my $def;
-# foreach $def (split ' ',$thread_cflag)
-# {
-# if ($def =~ s/^-D// && $def !~ /^_/)
-# {
-# $thread_defines .= "#define $def\n";
-# }
-# }
- }
-
-$lflags="$libs$lflags" if ($libs ne "");
-
-if ($no_asm)
- {
- $cpuid_obj=$bn_obj=$ec_obj=
- $des_obj=$aes_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj=$cmll_obj=
- $modes_obj=$sha1_obj=$md5_obj=$rmd160_obj=$wp_obj=$engines_obj="";
- }
-
-if (!$no_shared)
- {
- $cast_obj=""; # CAST assembler is not PIC
- }
-
-if ($threads)
- {
- $cflags=$thread_cflags;
- $openssl_thread_defines .= $thread_defines;
- }
-
-if ($zlib)
- {
- $cflags = "-DZLIB $cflags";
- if (defined($disabled{"zlib-dynamic"}))
- {
- if (defined($withargs{"zlib-lib"}))
- {
- $lflags = "$lflags -L" . $withargs{"zlib-lib"} . " -lz";
- }
- else
- {
- $lflags = "$lflags -lz";
- }
- }
- else
- {
- $cflags = "-DZLIB_SHARED $cflags";
- }
- }
-
-# You will find shlib_mark1 and shlib_mark2 explained in Makefile.org
-my $shared_mark = "";
-if ($shared_target eq "")
- {
- $no_shared_warn = 1 if !$no_shared;
- $no_shared = 1;
- }
-if (!$no_shared)
- {
- if ($shared_cflag ne "")
- {
- $cflags = "$shared_cflag -DOPENSSL_PIC $cflags";
- }
- }
-
-if (!$IsMK1MF)
- {
- # add {no-}static-engine to options to allow mkdef.pl to work without extra arguments
- if ($no_shared)
- {
- $openssl_other_defines.="#define OPENSSL_NO_DYNAMIC_ENGINE\n";
- $options.=" static-engine";
- }
- else
- {
- $openssl_other_defines.="#define OPENSSL_NO_STATIC_ENGINE\n";
- $options.=" no-static-engine";
- }
- }
-
-$cpuid_obj.=" uplink.o uplink-x86.o" if ($cflags =~ /\-DOPENSSL_USE_APPLINK/);
-
-#
-# Platform fix-ups
-#
-if ($target =~ /\-icc$/) # Intel C compiler
- {
- my $iccver=0;
- if (open(FD,"$cc -V 2>&1 |"))
- {
- while(<FD>) { $iccver=$1 if (/Version ([0-9]+)\./); }
- close(FD);
- }
- if ($iccver>=8)
- {
- $cflags=~s/\-KPIC/-fPIC/;
- # Eliminate unnecessary dependency from libirc.a. This is
- # essential for shared library support, as otherwise
- # apps/openssl can end up in endless loop upon startup...
- $cflags.=" -Dmemcpy=__builtin_memcpy -Dmemset=__builtin_memset";
- }
- if ($iccver>=9)
- {
- $lflags.=" -i-static";
- $lflags=~s/\-no_cpprt/-no-cpprt/;
- }
- if ($iccver>=10)
- {
- $lflags=~s/\-i\-static/-static-intel/;
- }
- if ($iccver>=11)
- {
- $cflags.=" -no-intel-extensions"; # disable Cilk
- $lflags=~s/\-no\-cpprt/-no-cxxlib/;
- }
- }
-
-# Unlike other OSes (like Solaris, Linux, Tru64, IRIX) BSD run-time
-# linkers (tested OpenBSD, NetBSD and FreeBSD) "demand" RPATH set on
-# .so objects. Apparently application RPATH is not global and does
-# not apply to .so linked with other .so. Problem manifests itself
-# when libssl.so fails to load libcrypto.so. One can argue that we
-# should engrave this into Makefile.shared rules or into BSD-* config
-# lines above. Meanwhile let's try to be cautious and pass -rpath to
-# linker only when --prefix is not /usr.
-if ($target =~ /^BSD\-/)
- {
- $shared_ldflag.=" -Wl,-rpath,\$\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|);
- }
-
-if ($sys_id ne "")
- {
- #$cflags="-DOPENSSL_SYSNAME_$sys_id $cflags";
- $openssl_sys_defines="#define OPENSSL_SYSNAME_$sys_id\n";
- }
-
-if ($ranlib eq "")
- {
- $ranlib = $default_ranlib;
- }
-
-#my ($bn1)=split(/\s+/,$bn_obj);
-#$bn1 = "" unless defined $bn1;
-#$bn1=$bn_asm unless ($bn1 =~ /\.o$/);
-#$bn_obj="$bn1";
-
-$cpuid_obj="" if ($processor eq "386");
-
-$bn_obj = $bn_asm unless $bn_obj ne "";
-# bn-586 is the only one implementing bn_*_part_words
-$cflags.=" -DOPENSSL_BN_ASM_PART_WORDS" if ($bn_obj =~ /bn-586/);
-$cflags.=" -DOPENSSL_IA32_SSE2" if (!$no_sse2 && $bn_obj =~ /86/);
-
-$cflags.=" -DOPENSSL_BN_ASM_MONT" if ($bn_obj =~ /-mont/);
-$cflags.=" -DOPENSSL_BN_ASM_MONT5" if ($bn_obj =~ /-mont5/);
-$cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($bn_obj =~ /-gf2m/);
-
-if ($fips)
- {
- $openssl_other_defines.="#define OPENSSL_FIPS\n";
- $cflags .= " -I\$(FIPSDIR)/include";
- }
-
-$cpuid_obj="mem_clr.o" unless ($cpuid_obj =~ /\.o$/);
-$des_obj=$des_enc unless ($des_obj =~ /\.o$/);
-$bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/);
-$cast_obj=$cast_enc unless ($cast_obj =~ /\.o$/);
-$rc5_obj=$rc5_enc unless ($rc5_obj =~ /\.o$/);
-if ($rc4_obj =~ /\.o$/)
- {
- $cflags.=" -DRC4_ASM";
- }
-else
- {
- $rc4_obj=$rc4_enc;
- }
-if ($sha1_obj =~ /\.o$/)
- {
-# $sha1_obj=$sha1_enc;
- $cflags.=" -DSHA1_ASM" if ($sha1_obj =~ /sx86/ || $sha1_obj =~ /sha1/);
- $cflags.=" -DSHA256_ASM" if ($sha1_obj =~ /sha256/);
- $cflags.=" -DSHA512_ASM" if ($sha1_obj =~ /sha512/);
- if ($sha1_obj =~ /sse2/)
- { if ($no_sse2)
- { $sha1_obj =~ s/\S*sse2\S+//; }
- elsif ($cflags !~ /OPENSSL_IA32_SSE2/)
- { $cflags.=" -DOPENSSL_IA32_SSE2"; }
- }
- }
-if ($md5_obj =~ /\.o$/)
- {
-# $md5_obj=$md5_enc;
- $cflags.=" -DMD5_ASM";
- }
-if ($rmd160_obj =~ /\.o$/)
- {
-# $rmd160_obj=$rmd160_enc;
- $cflags.=" -DRMD160_ASM";
- }
-if ($aes_obj =~ /\.o$/)
- {
- $cflags.=" -DAES_ASM" if ($aes_obj =~ m/\baes\-/);;
- # aes-ctr.o is not a real file, only indication that assembler
- # module implements AES_ctr32_encrypt...
- $cflags.=" -DAES_CTR_ASM" if ($aes_obj =~ s/\s*aes\-ctr\.o//);
- # aes-xts.o indicates presense of AES_xts_[en|de]crypt...
- $cflags.=" -DAES_XTS_ASM" if ($aes_obj =~ s/\s*aes\-xts\.o//);
- $aes_obj =~ s/\s*(vpaes|aesni)\-x86\.o//g if ($no_sse2);
- $cflags.=" -DVPAES_ASM" if ($aes_obj =~ m/vpaes/);
- $cflags.=" -DBSAES_ASM" if ($aes_obj =~ m/bsaes/);
- }
-else {
- $aes_obj=$aes_enc;
- }
-$wp_obj="" if ($wp_obj =~ /mmx/ && $processor eq "386");
-if ($wp_obj =~ /\.o$/ && !$disabled{"whirlpool"})
- {
- $cflags.=" -DWHIRLPOOL_ASM";
- }
-else {
- $wp_obj="wp_block.o";
- }
-$cmll_obj=$cmll_enc unless ($cmll_obj =~ /.o$/);
-if ($modes_obj =~ /ghash\-/)
- {
- $cflags.=" -DGHASH_ASM";
- }
-if ($ec_obj =~ /ecp_nistz256/)
- {
- $cflags.=" -DECP_NISTZ256_ASM";
- }
-
-# "Stringify" the C flags string. This permits it to be made part of a string
-# and works as well on command lines.
-$cflags =~ s/([\\\"])/\\\1/g;
-
-my $version = "unknown";
-my $version_num = "unknown";
-my $major = "unknown";
-my $minor = "unknown";
-my $shlib_version_number = "unknown";
-my $shlib_version_history = "unknown";
-my $shlib_major = "unknown";
-my $shlib_minor = "unknown";
-
-open(IN,'<crypto/opensslv.h') || die "unable to read opensslv.h:$!\n";
-while (<IN>)
- {
- $version=$1 if /OPENSSL.VERSION.TEXT.*OpenSSL (\S+) /;
- $version_num=$1 if /OPENSSL.VERSION.NUMBER.*0x(\S+)/;
- $shlib_version_number=$1 if /SHLIB_VERSION_NUMBER *"([^"]+)"/;
- $shlib_version_history=$1 if /SHLIB_VERSION_HISTORY *"([^"]*)"/;
- }
-close(IN);
-if ($shlib_version_history ne "") { $shlib_version_history .= ":"; }
-
-if ($version =~ /(^[0-9]*)\.([0-9\.]*)/)
- {
- $major=$1;
- $minor=$2;
- }
-
-if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/)
- {
- $shlib_major=$1;
- $shlib_minor=$2;
- }
-
-my %predefined;
-
-# collect compiler pre-defines from gcc or gcc-alike...
-open(PIPE, "$cross_compile_prefix$cc -dM -E -x c /dev/null 2>&1 |");
-while (<PIPE>) {
- m/^#define\s+(\w+(?:\(\w+\))?)(?:\s+(.+))?/ or last;
- $predefined{$1} = defined($2) ? $2 : "";
-}
-close(PIPE);
-
-# Xcode did not handle $cc -M before clang support
-my $cc_as_makedepend = 0;
-if ($predefined{__GNUC__} >= 3 && !(defined($predefined{__APPLE_CC__})
- && !defined($predefined{__clang__}))) {
- $cc_as_makedepend = 1;
-}
-
-if ($strict_warnings)
- {
- my $wopt;
- die "ERROR --strict-warnings requires gcc or clang" unless defined($predefined{__GNUC__});
- foreach $wopt (split /\s+/, $gcc_devteam_warn)
- {
- $cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/)
- }
- if (defined($predefined{__clang__}))
- {
- foreach $wopt (split /\s+/, $clang_devteam_warn)
- {
- $cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/)
- }
- }
- }
-
-$shared_ldflag .= " -Wl,--version-script=openssl.ld";
-
-open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
-unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
-open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
-print OUT "### Generated automatically from Makefile.org by Configure.\n\n";
-my $sdirs=0;
-while (<IN>)
- {
- chomp;
- $sdirs = 1 if /^SDIRS=/;
- if ($sdirs) {
- my $dir;
- foreach $dir (@skip) {
- s/(\s)$dir /$1/;
- s/\s$dir$//;
- }
- }
- $sdirs = 0 unless /\\$/;
- s/engines // if (/^DIRS=/ && $disabled{"engine"});
- s/ccgost// if (/^ENGDIRS=/ && $disabled{"gost"});
- s/^VERSION=.*/VERSION=$version/;
- s/^MAJOR=.*/MAJOR=$major/;
- s/^MINOR=.*/MINOR=$minor/;
- s/^SHLIB_VERSION_NUMBER=.*/SHLIB_VERSION_NUMBER=$shlib_version_number/;
- s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/;
- s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/;
- s/^SHLIB_MINOR=.*/SHLIB_MINOR=$shlib_minor/;
- s/^SHLIB_EXT=.*/SHLIB_EXT=$shared_extension/;
- s/^INSTALLTOP=.*$/INSTALLTOP=$prefix/;
- s/^MULTILIB=.*$/MULTILIB=$multilib/;
- s/^OPENSSLDIR=.*$/OPENSSLDIR=$openssldir/;
- s/^LIBDIR=.*$/LIBDIR=$libdir/;
- s/^INSTALL_PREFIX=.*$/INSTALL_PREFIX=$install_prefix/;
- s/^PLATFORM=.*$/PLATFORM=$target/;
- s/^OPTIONS=.*$/OPTIONS=$options/;
- s/^CONFIGURE_ARGS=.*$/CONFIGURE_ARGS=$argvstring/;
- if ($cross_compile_prefix)
- {
- s/^CC=.*$/CROSS_COMPILE= $cross_compile_prefix\nCC= \$\(CROSS_COMPILE\)$cc/;
- s/^AR=\s*/AR= \$\(CROSS_COMPILE\)/;
- s/^NM=\s*/NM= \$\(CROSS_COMPILE\)/;
- s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/;
- s/^RC=\s*/RC= \$\(CROSS_COMPILE\)/;
- s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $cc_as_makedepend;
- }
- else {
- s/^CC=.*$/CC= $cc/;
- s/^AR=\s*ar/AR= $ar/;
- s/^RANLIB=.*/RANLIB= $ranlib/;
- s/^RC=.*/RC= $windres/;
- s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc_as_makedepend;
- }
- s/^CFLAG=.*$/CFLAG= $cflags/;
- s/^DEPFLAG=.*$/DEPFLAG=$depflags/;
- s/^PEX_LIBS=.*$/PEX_LIBS= $prelflags/;
- s/^EX_LIBS=.*$/EX_LIBS= $lflags/;
- s/^EXE_EXT=.*$/EXE_EXT= $exe_ext/;
- s/^CPUID_OBJ=.*$/CPUID_OBJ= $cpuid_obj/;
- s/^BN_ASM=.*$/BN_ASM= $bn_obj/;
- s/^EC_ASM=.*$/EC_ASM= $ec_obj/;
- s/^DES_ENC=.*$/DES_ENC= $des_obj/;
- s/^AES_ENC=.*$/AES_ENC= $aes_obj/;
- s/^BF_ENC=.*$/BF_ENC= $bf_obj/;
- s/^CAST_ENC=.*$/CAST_ENC= $cast_obj/;
- s/^RC4_ENC=.*$/RC4_ENC= $rc4_obj/;
- s/^RC5_ENC=.*$/RC5_ENC= $rc5_obj/;
- s/^MD5_ASM_OBJ=.*$/MD5_ASM_OBJ= $md5_obj/;
- s/^SHA1_ASM_OBJ=.*$/SHA1_ASM_OBJ= $sha1_obj/;
- s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/;
- s/^WP_ASM_OBJ=.*$/WP_ASM_OBJ= $wp_obj/;
- s/^CMLL_ENC=.*$/CMLL_ENC= $cmll_obj/;
- s/^MODES_ASM_OBJ.=*$/MODES_ASM_OBJ= $modes_obj/;
- s/^ENGINES_ASM_OBJ.=*$/ENGINES_ASM_OBJ= $engines_obj/;
- s/^PERLASM_SCHEME=.*$/PERLASM_SCHEME= $perlasm_scheme/;
- s/^PROCESSOR=.*/PROCESSOR= $processor/;
- s/^ARFLAGS=.*/ARFLAGS= $arflags/;
- s/^PERL=.*/PERL= $perl/;
- s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/;
- s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/;
- s/^LIBZLIB=.*/LIBZLIB=$withargs{"zlib-lib"}/;
- s/^ZLIB_INCLUDE=.*/ZLIB_INCLUDE=$withargs{"zlib-include"}/;
-
- s/^FIPSDIR=.*/FIPSDIR=$fipsdir/;
- s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/;
- s/^FIPSCANLIB=.*/FIPSCANLIB=libcrypto/ if $fips;
- s/^BASEADDR=.*/BASEADDR=$baseaddr/;
-
- s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
- s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
- s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
- if ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*$/)
- {
- my $sotmp = $1;
- s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp/;
- }
- elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.dylib$/)
- {
- s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.dylib/;
- }
- elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
- {
- my $sotmp = $1;
- s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/;
- }
- elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/)
- {
- s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.\$(SHLIB_MAJOR).dylib .dylib/;
- }
- s/^SHARED_LDFLAGS=.*/SHARED_LDFLAGS=$shared_ldflag/;
- print OUT $_."\n";
- }
-close(IN);
-close(OUT);
-if ((compare($Makefile, "$Makefile.new"))
- or file_newer('Configure', $Makefile)
- or file_newer('config', $Makefile)
- or file_newer('Makefile.org', $Makefile))
- {
- rename($Makefile,"$Makefile.bak") || die "unable to rename $Makefile\n" if -e $Makefile;
- rename("$Makefile.new",$Makefile) || die "unable to rename $Makefile.new\n";
- }
-else
- { unlink("$Makefile.new"); }
-
-print "CC =$cc\n";
-print "CFLAG =$cflags\n";
-print "EX_LIBS =$lflags\n";
-print "CPUID_OBJ =$cpuid_obj\n";
-print "BN_ASM =$bn_obj\n";
-print "EC_ASM =$ec_obj\n";
-print "DES_ENC =$des_obj\n";
-print "AES_ENC =$aes_obj\n";
-print "BF_ENC =$bf_obj\n";
-print "CAST_ENC =$cast_obj\n";
-print "RC4_ENC =$rc4_obj\n";
-print "RC5_ENC =$rc5_obj\n";
-print "MD5_OBJ_ASM =$md5_obj\n";
-print "SHA1_OBJ_ASM =$sha1_obj\n";
-print "RMD160_OBJ_ASM=$rmd160_obj\n";
-print "CMLL_ENC =$cmll_obj\n";
-print "MODES_OBJ =$modes_obj\n";
-print "ENGINES_OBJ =$engines_obj\n";
-print "PROCESSOR =$processor\n";
-print "RANLIB =$ranlib\n";
-print "ARFLAGS =$arflags\n";
-print "PERL =$perl\n";
-print "KRB5_INCLUDES =",$withargs{"krb5-include"},"\n"
- if $withargs{"krb5-include"} ne "";
-
-my $des_ptr=0;
-my $des_risc1=0;
-my $des_risc2=0;
-my $des_unroll=0;
-my $bn_ll=0;
-my $def_int=2;
-my $rc4_int=$def_int;
-my $md2_int=$def_int;
-my $idea_int=$def_int;
-my $rc2_int=$def_int;
-my $rc4_idx=0;
-my $rc4_chunk=0;
-my $bf_ptr=0;
-my @type=("char","short","int","long");
-my ($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0);
-my $export_var_as_fn=0;
-
-my $des_int;
-
-foreach (sort split(/\s+/,$bn_ops))
- {
- $des_ptr=1 if /DES_PTR/;
- $des_risc1=1 if /DES_RISC1/;
- $des_risc2=1 if /DES_RISC2/;
- $des_unroll=1 if /DES_UNROLL/;
- $des_int=1 if /DES_INT/;
- $bn_ll=1 if /BN_LLONG/;
- $rc4_int=0 if /RC4_CHAR/;
- $rc4_int=3 if /RC4_LONG/;
- $rc4_idx=1 if /RC4_INDEX/;
- $rc4_chunk=1 if /RC4_CHUNK/;
- $rc4_chunk=2 if /RC4_CHUNK_LL/;
- $md2_int=0 if /MD2_CHAR/;
- $md2_int=3 if /MD2_LONG/;
- $idea_int=1 if /IDEA_SHORT/;
- $idea_int=3 if /IDEA_LONG/;
- $rc2_int=1 if /RC2_SHORT/;
- $rc2_int=3 if /RC2_LONG/;
- $bf_ptr=1 if $_ eq "BF_PTR";
- $bf_ptr=2 if $_ eq "BF_PTR2";
- ($b64l,$b64,$b32,$b16,$b8)=(0,1,0,0,0) if /SIXTY_FOUR_BIT/;
- ($b64l,$b64,$b32,$b16,$b8)=(1,0,0,0,0) if /SIXTY_FOUR_BIT_LONG/;
- ($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0) if /THIRTY_TWO_BIT/;
- ($b64l,$b64,$b32,$b16,$b8)=(0,0,0,1,0) if /SIXTEEN_BIT/;
- ($b64l,$b64,$b32,$b16,$b8)=(0,0,0,0,1) if /EIGHT_BIT/;
- $export_var_as_fn=1 if /EXPORT_VAR_AS_FN/;
- }
-
-open(IN,'<crypto/opensslconf.h.in') || die "unable to read crypto/opensslconf.h.in:$!\n";
-unlink("crypto/opensslconf.h.new") || die "unable to remove old crypto/opensslconf.h.new:$!\n" if -e "crypto/opensslconf.h.new";
-open(OUT,'>crypto/opensslconf.h.new') || die "unable to create crypto/opensslconf.h.new:$!\n";
-print OUT "/* opensslconf.h */\n";
-print OUT "/* WARNING: Generated automatically from opensslconf.h.in by Configure. */\n\n";
-
-print OUT "#ifdef __cplusplus\n";
-print OUT "extern \"C\" {\n";
-print OUT "#endif\n";
-print OUT "/* OpenSSL was configured with the following options: */\n";
-my $openssl_algorithm_defines_trans = $openssl_algorithm_defines;
-$openssl_experimental_defines =~ s/^\s*#\s*define\s+OPENSSL_NO_(.*)/#ifndef OPENSSL_EXPERIMENTAL_$1\n# ifndef OPENSSL_NO_$1\n# define OPENSSL_NO_$1\n# endif\n#endif/mg;
-$openssl_algorithm_defines_trans =~ s/^\s*#\s*define\s+OPENSSL_(.*)/# if defined(OPENSSL_$1) \&\& !defined($1)\n# define $1\n# endif/mg;
-$openssl_algorithm_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
-$openssl_algorithm_defines = " /* no ciphers excluded */\n" if $openssl_algorithm_defines eq "";
-$openssl_thread_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
-$openssl_sys_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
-$openssl_other_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
-print OUT $openssl_sys_defines;
-print OUT "#ifndef OPENSSL_DOING_MAKEDEPEND\n\n";
-print OUT $openssl_experimental_defines;
-print OUT "\n";
-print OUT $openssl_algorithm_defines;
-print OUT "\n#endif /* OPENSSL_DOING_MAKEDEPEND */\n\n";
-print OUT $openssl_thread_defines;
-print OUT $openssl_other_defines,"\n";
-
-print OUT "/* The OPENSSL_NO_* macros are also defined as NO_* if the application\n";
-print OUT " asks for it. This is a transient feature that is provided for those\n";
-print OUT " who haven't had the time to do the appropriate changes in their\n";
-print OUT " applications. */\n";
-print OUT "#ifdef OPENSSL_ALGORITHM_DEFINES\n";
-print OUT $openssl_algorithm_defines_trans;
-print OUT "#endif\n\n";
-
-print OUT "#define OPENSSL_CPUID_OBJ\n\n" if ($cpuid_obj ne "mem_clr.o");
-
-while (<IN>)
- {
- if (/^#define\s+OPENSSLDIR/)
- {
- my $foo = $openssldir;
- $foo =~ s/\\/\\\\/g;
- print OUT "#define OPENSSLDIR \"$foo\"\n";
- }
- elsif (/^#define\s+ENGINESDIR/)
- {
- my $foo = "$prefix/$libdir/engines";
- $foo =~ s/\\/\\\\/g;
- print OUT "#define ENGINESDIR \"$foo\"\n";
- }
- elsif (/^#((define)|(undef))\s+OPENSSL_EXPORT_VAR_AS_FUNCTION/)
- { printf OUT "#undef OPENSSL_EXPORT_VAR_AS_FUNCTION\n"
- if $export_var_as_fn;
- printf OUT "#%s OPENSSL_EXPORT_VAR_AS_FUNCTION\n",
- ($export_var_as_fn)?"define":"undef"; }
- elsif (/^#define\s+OPENSSL_UNISTD/)
- {
- $unistd = "<unistd.h>" if $unistd eq "";
- print OUT "#define OPENSSL_UNISTD $unistd\n";
- }
- elsif (/^#((define)|(undef))\s+SIXTY_FOUR_BIT_LONG/)
- { printf OUT "#%s SIXTY_FOUR_BIT_LONG\n",($b64l)?"define":"undef"; }
- elsif (/^#((define)|(undef))\s+SIXTY_FOUR_BIT/)
- { printf OUT "#%s SIXTY_FOUR_BIT\n",($b64)?"define":"undef"; }
- elsif (/^#((define)|(undef))\s+THIRTY_TWO_BIT/)
- { printf OUT "#%s THIRTY_TWO_BIT\n",($b32)?"define":"undef"; }
- elsif (/^#((define)|(undef))\s+SIXTEEN_BIT/)
- { printf OUT "#%s SIXTEEN_BIT\n",($b16)?"define":"undef"; }
- elsif (/^#((define)|(undef))\s+EIGHT_BIT/)
- { printf OUT "#%s EIGHT_BIT\n",($b8)?"define":"undef"; }
- elsif (/^#((define)|(undef))\s+BN_LLONG\s*$/)
- { printf OUT "#%s BN_LLONG\n",($bn_ll)?"define":"undef"; }
- elsif (/^\#define\s+DES_LONG\s+.*/)
- { printf OUT "#define DES_LONG unsigned %s\n",
- ($des_int)?'int':'long'; }
- elsif (/^\#(define|undef)\s+DES_PTR/)
- { printf OUT "#%s DES_PTR\n",($des_ptr)?'define':'undef'; }
- elsif (/^\#(define|undef)\s+DES_RISC1/)
- { printf OUT "#%s DES_RISC1\n",($des_risc1)?'define':'undef'; }
- elsif (/^\#(define|undef)\s+DES_RISC2/)
- { printf OUT "#%s DES_RISC2\n",($des_risc2)?'define':'undef'; }
- elsif (/^\#(define|undef)\s+DES_UNROLL/)
- { printf OUT "#%s DES_UNROLL\n",($des_unroll)?'define':'undef'; }
- elsif (/^#define\s+RC4_INT\s/)
- { printf OUT "#define RC4_INT unsigned %s\n",$type[$rc4_int]; }
- elsif (/^#undef\s+RC4_CHUNK/)
- {
- printf OUT "#undef RC4_CHUNK\n" if $rc4_chunk==0;
- printf OUT "#define RC4_CHUNK unsigned long\n" if $rc4_chunk==1;
- printf OUT "#define RC4_CHUNK unsigned long long\n" if $rc4_chunk==2;
- }
- elsif (/^#((define)|(undef))\s+RC4_INDEX/)
- { printf OUT "#%s RC4_INDEX\n",($rc4_idx)?"define":"undef"; }
- elsif (/^#(define|undef)\s+I386_ONLY/)
- { printf OUT "#%s I386_ONLY\n", ($processor eq "386")?
- "define":"undef"; }
- elsif (/^#define\s+MD2_INT\s/)
- { printf OUT "#define MD2_INT unsigned %s\n",$type[$md2_int]; }
- elsif (/^#define\s+IDEA_INT\s/)
- {printf OUT "#define IDEA_INT unsigned %s\n",$type[$idea_int];}
- elsif (/^#define\s+RC2_INT\s/)
- {printf OUT "#define RC2_INT unsigned %s\n",$type[$rc2_int];}
- elsif (/^#(define|undef)\s+BF_PTR/)
- {
- printf OUT "#undef BF_PTR\n" if $bf_ptr == 0;
- printf OUT "#define BF_PTR\n" if $bf_ptr == 1;
- printf OUT "#define BF_PTR2\n" if $bf_ptr == 2;
- }
- else
- { print OUT $_; }
- }
-close(IN);
-print OUT "#ifdef __cplusplus\n";
-print OUT "}\n";
-print OUT "#endif\n";
-close(OUT);
-if (compare("crypto/opensslconf.h.new","crypto/opensslconf.h"))
- {
- rename("crypto/opensslconf.h","crypto/opensslconf.h.bak") || die "unable to rename crypto/opensslconf.h\n" if -e "crypto/opensslconf.h";
- rename("crypto/opensslconf.h.new","crypto/opensslconf.h") || die "unable to rename crypto/opensslconf.h.new\n";
- }
-else
- { unlink("crypto/opensslconf.h.new"); }
-
-# Fix the date
-
-print "SIXTY_FOUR_BIT_LONG mode\n" if $b64l;
-print "SIXTY_FOUR_BIT mode\n" if $b64;
-print "THIRTY_TWO_BIT mode\n" if $b32;
-print "SIXTEEN_BIT mode\n" if $b16;
-print "EIGHT_BIT mode\n" if $b8;
-print "DES_PTR used\n" if $des_ptr;
-print "DES_RISC1 used\n" if $des_risc1;
-print "DES_RISC2 used\n" if $des_risc2;
-print "DES_UNROLL used\n" if $des_unroll;
-print "DES_INT used\n" if $des_int;
-print "BN_LLONG mode\n" if $bn_ll;
-print "RC4 uses u$type[$rc4_int]\n" if $rc4_int != $def_int;
-print "RC4_INDEX mode\n" if $rc4_idx;
-print "RC4_CHUNK is undefined\n" if $rc4_chunk==0;
-print "RC4_CHUNK is unsigned long\n" if $rc4_chunk==1;
-print "RC4_CHUNK is unsigned long long\n" if $rc4_chunk==2;
-print "MD2 uses u$type[$md2_int]\n" if $md2_int != $def_int;
-print "IDEA uses u$type[$idea_int]\n" if $idea_int != $def_int;
-print "RC2 uses u$type[$rc2_int]\n" if $rc2_int != $def_int;
-print "BF_PTR used\n" if $bf_ptr == 1;
-print "BF_PTR2 used\n" if $bf_ptr == 2;
-
-if($IsMK1MF) {
- open (OUT,">crypto/buildinf.h") || die "Can't open buildinf.h";
- printf OUT <<EOF;
-#ifndef MK1MF_BUILD
- /* auto-generated by Configure for crypto/cversion.c:
- * for Unix builds, crypto/Makefile.ssl generates functional definitions;
- * Windows builds (and other mk1mf builds) compile cversion.c with
- * -DMK1MF_BUILD and use definitions added to this file by util/mk1mf.pl. */
- #error "Windows builds (PLATFORM=$target) use mk1mf.pl-created Makefiles"
-#endif
-EOF
- close(OUT);
-} else {
- my $make_command = "$make PERL=\'$perl\'";
- my @make_targets = ();
- push @make_targets, "links" if $symlink;
- push @make_targets, "depend" if $depflags ne $default_depflags && $make_depend;
- push @make_targets, "gentests" if $symlink;
- foreach my $make_target (@make_targets) {
- (system "$make_command $make_target") == 0 or exit $?;
- }
- if ( $perl =~ m@^/@) {
- &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";');
- &dofile("apps/CA.pl",$perl,'^#!/', '#!%s');
- } else {
- # No path for Perl known ...
- &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";');
- &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
- }
- if ($depflags ne $default_depflags && !$make_depend) {
- $warn_make_depend++;
- }
-}
-
-# create the ms/version32.rc file if needed
-if ($IsMK1MF && ($target !~ /^netware/)) {
- my ($v1, $v2, $v3, $v4);
- if ($version_num =~ /(^[0-9a-f]{1})([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) {
- $v1=hex $1;
- $v2=hex $2;
- $v3=hex $3;
- $v4=hex $4;
- }
- open (OUT,">ms/version32.rc") || die "Can't open ms/version32.rc";
- print OUT <<EOF;
-#include <winver.h>
-
-LANGUAGE 0x09,0x01
-
-1 VERSIONINFO
- FILEVERSION $v1,$v2,$v3,$v4
- PRODUCTVERSION $v1,$v2,$v3,$v4
- FILEFLAGSMASK 0x3fL
-#ifdef _DEBUG
- FILEFLAGS 0x01L
-#else
- FILEFLAGS 0x00L
-#endif
- FILEOS VOS__WINDOWS32
- FILETYPE VFT_DLL
- FILESUBTYPE 0x0L
-BEGIN
- BLOCK "StringFileInfo"
- BEGIN
- BLOCK "040904b0"
- BEGIN
- // Required:
- VALUE "CompanyName", "The OpenSSL Project, http://www.openssl.org/\\0"
- VALUE "FileDescription", "OpenSSL Shared Library\\0"
- VALUE "FileVersion", "$version\\0"
-#if defined(CRYPTO)
- VALUE "InternalName", "libeay32\\0"
- VALUE "OriginalFilename", "libeay32.dll\\0"
-#elif defined(SSL)
- VALUE "InternalName", "ssleay32\\0"
- VALUE "OriginalFilename", "ssleay32.dll\\0"
-#endif
- VALUE "ProductName", "The OpenSSL Toolkit\\0"
- VALUE "ProductVersion", "$version\\0"
- // Optional:
- //VALUE "Comments", "\\0"
- VALUE "LegalCopyright", "Copyright 1998-2005 The OpenSSL Project. Copyright 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0"
- //VALUE "LegalTrademarks", "\\0"
- //VALUE "PrivateBuild", "\\0"
- //VALUE "SpecialBuild", "\\0"
- END
- END
- BLOCK "VarFileInfo"
- BEGIN
- VALUE "Translation", 0x409, 0x4b0
- END
-END
-EOF
- close(OUT);
- }
-
-print <<EOF;
-
-Configured for $target.
-EOF
-
-print <<\EOF if (!$no_threads && !$threads);
-
-The library could not be configured for supporting multi-threaded
-applications as the compiler options required on this system are not known.
-See file INSTALL for details if you need multi-threading.
-EOF
-
-print <<\EOF if ($no_shared_warn);
-
-You gave the option 'shared', which is not supported on this platform, so
-we will pretend you gave the option 'no-shared'. If you know how to implement
-shared libraries, please let us know (but please first make sure you have
-tried with a current version of OpenSSL).
-EOF
-
-print <<EOF if ($warn_make_depend);
-
-*** Because of configuration changes, you MUST do the following before
-*** building:
-
- make depend
-EOF
-
-exit(0);
-
-sub usage
- {
- print STDERR $usage;
- print STDERR "\npick os/compiler from:\n";
- my $j=0;
- my $i;
- my $k=0;
- foreach $i (sort keys %table)
- {
- next if $i =~ /^debug/;
- $k += length($i) + 1;
- if ($k > 78)
- {
- print STDERR "\n";
- $k=length($i);
- }
- print STDERR $i . " ";
- }
- foreach $i (sort keys %table)
- {
- next if $i !~ /^debug/;
- $k += length($i) + 1;
- if ($k > 78)
- {
- print STDERR "\n";
- $k=length($i);
- }
- print STDERR $i . " ";
- }
- print STDERR "\n\nNOTE: If in doubt, on Unix-ish systems use './config'.\n";
- exit(1);
- }
-
-sub which
- {
- my($name)=@_;
- my $path;
- foreach $path (split /:/, $ENV{PATH})
- {
- if (-f "$path/$name$exe_ext" and -x _)
- {
- return "$path/$name$exe_ext" unless ($name eq "perl" and
- system("$path/$name$exe_ext -e " . '\'exit($]<5.0);\''));
- }
- }
- }
-
-sub dofile
- {
- my $f; my $p; my %m; my @a; my $k; my $ff;
- ($f,$p,%m)=@_;
-
- open(IN,"<$f.in") || open(IN,"<$f") || die "unable to open $f:$!\n";
- @a=<IN>;
- close(IN);
- foreach $k (keys %m)
- {
- grep(/$k/ && ($_=sprintf($m{$k}."\n",$p)),@a);
- }
- open(OUT,">$f.new") || die "unable to open $f.new:$!\n";
- print OUT @a;
- close(OUT);
- rename($f,"$f.bak") || die "unable to rename $f\n" if -e $f;
- rename("$f.new",$f) || die "unable to rename $f.new\n";
- }
-
-sub print_table_entry
- {
- my $target = shift;
-
- my ($cc, $cflags, $unistd, $thread_cflag, $sys_id, $lflags,
- $bn_ops, $cpuid_obj, $bn_obj, $ec_obj, $des_obj, $aes_obj, $bf_obj,
- $md5_obj, $sha1_obj, $cast_obj, $rc4_obj, $rmd160_obj,
- $rc5_obj, $wp_obj, $cmll_obj, $modes_obj, $engines_obj,
- $perlasm_scheme, $dso_scheme, $shared_target, $shared_cflag,
- $shared_ldflag, $shared_extension, $ranlib, $arflags, $multilib)=
- split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
-
- print <<EOF
-
-*** $target
-\$cc = $cc
-\$cflags = $cflags
-\$unistd = $unistd
-\$thread_cflag = $thread_cflag
-\$sys_id = $sys_id
-\$lflags = $lflags
-\$bn_ops = $bn_ops
-\$cpuid_obj = $cpuid_obj
-\$bn_obj = $bn_obj
-\$ec_obj = $ec_obj
-\$des_obj = $des_obj
-\$aes_obj = $aes_obj
-\$bf_obj = $bf_obj
-\$md5_obj = $md5_obj
-\$sha1_obj = $sha1_obj
-\$cast_obj = $cast_obj
-\$rc4_obj = $rc4_obj
-\$rmd160_obj = $rmd160_obj
-\$rc5_obj = $rc5_obj
-\$wp_obj = $wp_obj
-\$cmll_obj = $cmll_obj
-\$modes_obj = $modes_obj
-\$engines_obj = $engines_obj
-\$perlasm_scheme = $perlasm_scheme
-\$dso_scheme = $dso_scheme
-\$shared_target= $shared_target
-\$shared_cflag = $shared_cflag
-\$shared_ldflag = $shared_ldflag
-\$shared_extension = $shared_extension
-\$ranlib = $ranlib
-\$arflags = $arflags
-\$multilib = $multilib
-EOF
- }
-
-sub test_sanity
- {
- my $errorcnt = 0;
-
- print STDERR "=" x 70, "\n";
- print STDERR "=== SANITY TESTING!\n";
- print STDERR "=== No configuration will be done, all other arguments will be ignored!\n";
- print STDERR "=" x 70, "\n";
-
- foreach $target (sort keys %table)
- {
- @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
-
- if ($fields[$idx_dso_scheme-1] =~ /^(beos|dl|dlfcn|win32|vms)$/)
- {
- $errorcnt++;
- print STDERR "SANITY ERROR: '$target' has the dso_scheme [$idx_dso_scheme] values\n";
- print STDERR " in the previous field\n";
- }
- elsif ($fields[$idx_dso_scheme+1] =~ /^(beos|dl|dlfcn|win32|vms)$/)
- {
- $errorcnt++;
- print STDERR "SANITY ERROR: '$target' has the dso_scheme [$idx_dso_scheme] values\n";
- print STDERR " in the following field\n";
- }
- elsif ($fields[$idx_dso_scheme] !~ /^(beos|dl|dlfcn|win32|vms|)$/)
- {
- $errorcnt++;
- print STDERR "SANITY ERROR: '$target' has the dso_scheme [$idx_dso_scheme] field = ",$fields[$idx_dso_scheme],"\n";
- print STDERR " valid values are 'beos', 'dl', 'dlfcn', 'win32' and 'vms'\n";
- }
- }
- print STDERR "No sanity errors detected!\n" if $errorcnt == 0;
- return $errorcnt;
- }
-
-sub file_newer
- {
- my ($file1, $file2) = @_;
- return (stat($file1))[9] > (stat($file2))[9]
- }
Property changes on: sources/packages/n/openssl10/create-1.0.2u-versioned-symbols-patch/openssl-1.0.2u-new/Configure
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: sources/packages/n/openssl10/create-1.0.2u-versioned-symbols-patch/openssl-1.0.2u-new/openssl.ld
===================================================================
--- sources/packages/n/openssl10/create-1.0.2u-versioned-symbols-patch/openssl-1.0.2u-new/openssl.ld (revision 419)
+++ sources/packages/n/openssl10/create-1.0.2u-versioned-symbols-patch/openssl-1.0.2u-new/openssl.ld (nonexistent)
@@ -1,4620 +0,0 @@
-OPENSSL_1.0.0 {
- global:
- BIO_f_ssl;
- BIO_new_buffer_ssl_connect;
- BIO_new_ssl;
- BIO_new_ssl_connect;
- BIO_proxy_ssl_copy_session_id;
- BIO_ssl_copy_session_id;
- BIO_ssl_shutdown;
- d2i_SSL_SESSION;
- DTLSv1_client_method;
- DTLSv1_method;
- DTLSv1_server_method;
- ERR_load_SSL_strings;
- i2d_SSL_SESSION;
- kssl_build_principal_2;
- kssl_cget_tkt;
- kssl_check_authent;
- kssl_ctx_free;
- kssl_ctx_new;
- kssl_ctx_setkey;
- kssl_ctx_setprinc;
- kssl_ctx_setstring;
- kssl_ctx_show;
- kssl_err_set;
- kssl_krb5_free_data_contents;
- kssl_sget_tkt;
- kssl_skip_confound;
- kssl_validate_times;
- PEM_read_bio_SSL_SESSION;
- PEM_read_SSL_SESSION;
- PEM_write_bio_SSL_SESSION;
- PEM_write_SSL_SESSION;
- SSL_accept;
- SSL_add_client_CA;
- SSL_add_dir_cert_subjects_to_stack;
- SSL_add_dir_cert_subjs_to_stk;
- SSL_add_file_cert_subjects_to_stack;
- SSL_add_file_cert_subjs_to_stk;
- SSL_alert_desc_string;
- SSL_alert_desc_string_long;
- SSL_alert_type_string;
- SSL_alert_type_string_long;
- SSL_callback_ctrl;
- SSL_check_private_key;
- SSL_CIPHER_description;
- SSL_CIPHER_get_bits;
- SSL_CIPHER_get_name;
- SSL_CIPHER_get_version;
- SSL_clear;
- SSL_COMP_add_compression_method;
- SSL_COMP_get_compression_methods;
- SSL_COMP_get_compress_methods;
- SSL_COMP_get_name;
- SSL_connect;
- SSL_copy_session_id;
- SSL_ctrl;
- SSL_CTX_add_client_CA;
- SSL_CTX_add_session;
- SSL_CTX_callback_ctrl;
- SSL_CTX_check_private_key;
- SSL_CTX_ctrl;
- SSL_CTX_flush_sessions;
- SSL_CTX_free;
- SSL_CTX_get_cert_store;
- SSL_CTX_get_client_CA_list;
- SSL_CTX_get_client_cert_cb;
- SSL_CTX_get_ex_data;
- SSL_CTX_get_ex_new_index;
- SSL_CTX_get_info_callback;
- SSL_CTX_get_quiet_shutdown;
- SSL_CTX_get_timeout;
- SSL_CTX_get_verify_callback;
- SSL_CTX_get_verify_depth;
- SSL_CTX_get_verify_mode;
- SSL_CTX_load_verify_locations;
- SSL_CTX_new;
- SSL_CTX_remove_session;
- SSL_CTX_sess_get_get_cb;
- SSL_CTX_sess_get_new_cb;
- SSL_CTX_sess_get_remove_cb;
- SSL_CTX_sessions;
- SSL_CTX_sess_set_get_cb;
- SSL_CTX_sess_set_new_cb;
- SSL_CTX_sess_set_remove_cb;
- SSL_CTX_set1_param;
- SSL_CTX_set_cert_store;
- SSL_CTX_set_cert_verify_callback;
- SSL_CTX_set_cert_verify_cb;
- SSL_CTX_set_cipher_list;
- SSL_CTX_set_client_CA_list;
- SSL_CTX_set_client_cert_cb;
- SSL_CTX_set_client_cert_engine;
- SSL_CTX_set_cookie_generate_cb;
- SSL_CTX_set_cookie_verify_cb;
- SSL_CTX_set_default_passwd_cb;
- SSL_CTX_set_default_passwd_cb_userdata;
- SSL_CTX_set_default_verify_paths;
- SSL_CTX_set_def_passwd_cb_ud;
- SSL_CTX_set_def_verify_paths;
- SSL_CTX_set_ex_data;
- SSL_CTX_set_generate_session_id;
- SSL_CTX_set_info_callback;
- SSL_CTX_set_msg_callback;
- SSL_CTX_set_psk_client_callback;
- SSL_CTX_set_psk_server_callback;
- SSL_CTX_set_purpose;
- SSL_CTX_set_quiet_shutdown;
- SSL_CTX_set_session_id_context;
- SSL_CTX_set_ssl_version;
- SSL_CTX_set_timeout;
- SSL_CTX_set_tmp_dh_callback;
- SSL_CTX_set_tmp_ecdh_callback;
- SSL_CTX_set_tmp_rsa_callback;
- SSL_CTX_set_trust;
- SSL_CTX_set_verify;
- SSL_CTX_set_verify_depth;
- SSL_CTX_use_cert_chain_file;
- SSL_CTX_use_certificate;
- SSL_CTX_use_certificate_ASN1;
- SSL_CTX_use_certificate_chain_file;
- SSL_CTX_use_certificate_file;
- SSL_CTX_use_PrivateKey;
- SSL_CTX_use_PrivateKey_ASN1;
- SSL_CTX_use_PrivateKey_file;
- SSL_CTX_use_psk_identity_hint;
- SSL_CTX_use_RSAPrivateKey;
- SSL_CTX_use_RSAPrivateKey_ASN1;
- SSL_CTX_use_RSAPrivateKey_file;
- SSL_do_handshake;
- SSL_dup;
- SSL_dup_CA_list;
- SSLeay_add_ssl_algorithms;
- SSL_free;
- SSL_get1_session;
- SSL_get_certificate;
- SSL_get_cipher_list;
- SSL_get_ciphers;
- SSL_get_client_CA_list;
- SSL_get_current_cipher;
- SSL_get_current_compression;
- SSL_get_current_expansion;
- SSL_get_default_timeout;
- SSL_get_error;
- SSL_get_ex_data;
- SSL_get_ex_data_X509_STORE_CTX_idx;
- SSL_get_ex_d_X509_STORE_CTX_idx;
- SSL_get_ex_new_index;
- SSL_get_fd;
- SSL_get_finished;
- SSL_get_info_callback;
- SSL_get_peer_cert_chain;
- SSL_get_peer_certificate;
- SSL_get_peer_finished;
- SSL_get_privatekey;
- SSL_get_psk_identity;
- SSL_get_psk_identity_hint;
- SSL_get_quiet_shutdown;
- SSL_get_rbio;
- SSL_get_read_ahead;
- SSL_get_rfd;
- SSL_get_servername;
- SSL_get_servername_type;
- SSL_get_session;
- SSL_get_shared_ciphers;
- SSL_get_shutdown;
- SSL_get_SSL_CTX;
- SSL_get_ssl_method;
- SSL_get_verify_callback;
- SSL_get_verify_depth;
- SSL_get_verify_mode;
- SSL_get_verify_result;
- SSL_get_version;
- SSL_get_wbio;
- SSL_get_wfd;
- SSL_has_matching_session_id;
- SSL_library_init;
- SSL_load_client_CA_file;
- SSL_load_error_strings;
- SSL_new;
- SSL_peek;
- SSL_pending;
- SSL_read;
- SSL_renegotiate;
- SSL_renegotiate_pending;
- SSL_rstate_string;
- SSL_rstate_string_long;
- SSL_SESSION_cmp;
- SSL_SESSION_free;
- SSL_SESSION_get_ex_data;
- SSL_SESSION_get_ex_new_index;
- SSL_SESSION_get_id;
- SSL_SESSION_get_time;
- SSL_SESSION_get_timeout;
- SSL_SESSION_hash;
- SSL_SESSION_new;
- SSL_SESSION_print;
- SSL_SESSION_print_fp;
- SSL_SESSION_set_ex_data;
- SSL_SESSION_set_time;
- SSL_SESSION_set_timeout;
- SSL_set1_param;
- SSL_set_accept_state;
- SSL_set_bio;
- SSL_set_cipher_list;
- SSL_set_client_CA_list;
- SSL_set_connect_state;
- SSL_set_ex_data;
- SSL_set_fd;
- SSL_set_generate_session_id;
- SSL_set_info_callback;
- SSL_set_msg_callback;
- SSL_set_psk_client_callback;
- SSL_set_psk_server_callback;
- SSL_set_purpose;
- SSL_set_quiet_shutdown;
- SSL_set_read_ahead;
- SSL_set_rfd;
- SSL_set_session;
- SSL_set_session_id_context;
- SSL_set_session_secret_cb;
- SSL_set_session_ticket_ext;
- SSL_set_session_ticket_ext_cb;
- SSL_set_shutdown;
- SSL_set_SSL_CTX;
- SSL_set_ssl_method;
- SSL_set_tmp_dh_callback;
- SSL_set_tmp_ecdh_callback;
- SSL_set_tmp_rsa_callback;
- SSL_set_trust;
- SSL_set_verify;
- SSL_set_verify_depth;
- SSL_set_verify_result;
- SSL_set_wfd;
- SSL_shutdown;
- SSL_state;
- SSL_state_string;
- SSL_state_string_long;
- SSL_use_certificate;
- SSL_use_certificate_ASN1;
- SSL_use_certificate_file;
- SSL_use_PrivateKey;
- SSL_use_PrivateKey_ASN1;
- SSL_use_PrivateKey_file;
- SSL_use_psk_identity_hint;
- SSL_use_RSAPrivateKey;
- SSL_use_RSAPrivateKey_ASN1;
- SSL_use_RSAPrivateKey_file;
- SSLv23_client_method;
- SSLv23_method;
- SSLv23_server_method;
- SSLv2_client_method;
- SSLv2_method;
- SSLv2_server_method;
- SSLv3_client_method;
- SSLv3_method;
- SSLv3_server_method;
- SSL_version;
- SSL_want;
- SSL_write;
- TLSv1_client_method;
- TLSv1_method;
- TLSv1_server_method;
-
-
- SSLeay;
- SSLeay_version;
- ASN1_BIT_STRING_asn1_meth;
- ASN1_HEADER_free;
- ASN1_HEADER_new;
- ASN1_IA5STRING_asn1_meth;
- ASN1_INTEGER_get;
- ASN1_INTEGER_set;
- ASN1_INTEGER_to_BN;
- ASN1_OBJECT_create;
- ASN1_OBJECT_free;
- ASN1_OBJECT_new;
- ASN1_PRINTABLE_type;
- ASN1_STRING_cmp;
- ASN1_STRING_dup;
- ASN1_STRING_free;
- ASN1_STRING_new;
- ASN1_STRING_print;
- ASN1_STRING_set;
- ASN1_STRING_type_new;
- ASN1_TYPE_free;
- ASN1_TYPE_new;
- ASN1_UNIVERSALSTRING_to_string;
- ASN1_UTCTIME_check;
- ASN1_UTCTIME_print;
- ASN1_UTCTIME_set;
- ASN1_check_infinite_end;
- ASN1_d2i_bio;
- ASN1_d2i_fp;
- ASN1_digest;
- ASN1_dup;
- ASN1_get_object;
- ASN1_i2d_bio;
- ASN1_i2d_fp;
- ASN1_object_size;
- ASN1_parse;
- ASN1_put_object;
- ASN1_sign;
- ASN1_verify;
- BF_cbc_encrypt;
- BF_cfb64_encrypt;
- BF_ecb_encrypt;
- BF_encrypt;
- BF_ofb64_encrypt;
- BF_options;
- BF_set_key;
- BIO_CONNECT_free;
- BIO_CONNECT_new;
- BIO_accept;
- BIO_ctrl;
- BIO_int_ctrl;
- BIO_debug_callback;
- BIO_dump;
- BIO_dup_chain;
- BIO_f_base64;
- BIO_f_buffer;
- BIO_f_cipher;
- BIO_f_md;
- BIO_f_null;
- BIO_f_proxy_server;
- BIO_fd_non_fatal_error;
- BIO_fd_should_retry;
- BIO_find_type;
- BIO_free;
- BIO_free_all;
- BIO_get_accept_socket;
- BIO_get_filter_bio;
- BIO_get_host_ip;
- BIO_get_port;
- BIO_get_retry_BIO;
- BIO_get_retry_reason;
- BIO_gethostbyname;
- BIO_gets;
- BIO_new;
- BIO_new_accept;
- BIO_new_connect;
- BIO_new_fd;
- BIO_new_file;
- BIO_new_fp;
- BIO_new_socket;
- BIO_pop;
- BIO_printf;
- BIO_push;
- BIO_puts;
- BIO_read;
- BIO_s_accept;
- BIO_s_connect;
- BIO_s_fd;
- BIO_s_file;
- BIO_s_mem;
- BIO_s_null;
- BIO_s_proxy_client;
- BIO_s_socket;
- BIO_set;
- BIO_set_cipher;
- BIO_set_tcp_ndelay;
- BIO_sock_cleanup;
- BIO_sock_error;
- BIO_sock_init;
- BIO_sock_non_fatal_error;
- BIO_sock_should_retry;
- BIO_socket_ioctl;
- BIO_write;
- BN_CTX_free;
- BN_CTX_new;
- BN_MONT_CTX_free;
- BN_MONT_CTX_new;
- BN_MONT_CTX_set;
- BN_add;
- BN_add_word;
- BN_hex2bn;
- BN_bin2bn;
- BN_bn2hex;
- BN_bn2bin;
- BN_clear;
- BN_clear_bit;
- BN_clear_free;
- BN_cmp;
- BN_copy;
- BN_div;
- BN_div_word;
- BN_dup;
- BN_free;
- BN_from_montgomery;
- BN_gcd;
- BN_generate_prime;
- BN_get_word;
- BN_is_bit_set;
- BN_is_prime;
- BN_lshift;
- BN_lshift1;
- BN_mask_bits;
- BN_mod;
- BN_mod_exp;
- BN_mod_exp_mont;
- BN_mod_exp_simple;
- BN_mod_inverse;
- BN_mod_mul;
- BN_mod_mul_montgomery;
- BN_mod_word;
- BN_mul;
- BN_new;
- BN_num_bits;
- BN_num_bits_word;
- BN_options;
- BN_print;
- BN_print_fp;
- BN_rand;
- BN_reciprocal;
- BN_rshift;
- BN_rshift1;
- BN_set_bit;
- BN_set_word;
- BN_sqr;
- BN_sub;
- BN_to_ASN1_INTEGER;
- BN_ucmp;
- BN_value_one;
- BUF_MEM_free;
- BUF_MEM_grow;
- BUF_MEM_new;
- BUF_strdup;
- CONF_free;
- CONF_get_number;
- CONF_get_section;
- CONF_get_string;
- CONF_load;
- CRYPTO_add_lock;
- CRYPTO_dbg_free;
- CRYPTO_dbg_malloc;
- CRYPTO_dbg_realloc;
- CRYPTO_dbg_remalloc;
- CRYPTO_free;
- CRYPTO_get_add_lock_callback;
- CRYPTO_get_id_callback;
- CRYPTO_get_lock_name;
- CRYPTO_get_locking_callback;
- CRYPTO_get_mem_functions;
- CRYPTO_lock;
- CRYPTO_malloc;
- CRYPTO_mem_ctrl;
- CRYPTO_mem_leaks;
- CRYPTO_mem_leaks_cb;
- CRYPTO_mem_leaks_fp;
- CRYPTO_realloc;
- CRYPTO_remalloc;
- CRYPTO_set_add_lock_callback;
- CRYPTO_set_id_callback;
- CRYPTO_set_locking_callback;
- CRYPTO_set_mem_functions;
- CRYPTO_thread_id;
- DH_check;
- DH_compute_key;
- DH_free;
- DH_generate_key;
- DH_generate_parameters;
- DH_new;
- DH_size;
- DHparams_print;
- DHparams_print_fp;
- DSA_free;
- DSA_generate_key;
- DSA_generate_parameters;
- DSA_is_prime;
- DSA_new;
- DSA_print;
- DSA_print_fp;
- DSA_sign;
- DSA_sign_setup;
- DSA_size;
- DSA_verify;
- DSAparams_print;
- DSAparams_print_fp;
- ERR_clear_error;
- ERR_error_string;
- ERR_free_strings;
- ERR_func_error_string;
- ERR_get_err_state_table;
- ERR_get_error;
- ERR_get_error_line;
- ERR_get_state;
- ERR_get_string_table;
- ERR_lib_error_string;
- ERR_load_ASN1_strings;
- ERR_load_BIO_strings;
- ERR_load_BN_strings;
- ERR_load_BUF_strings;
- ERR_load_CONF_strings;
- ERR_load_DH_strings;
- ERR_load_DSA_strings;
- ERR_load_ERR_strings;
- ERR_load_EVP_strings;
- ERR_load_OBJ_strings;
- ERR_load_PEM_strings;
- ERR_load_PROXY_strings;
- ERR_load_RSA_strings;
- ERR_load_X509_strings;
- ERR_load_crypto_strings;
- ERR_load_strings;
- ERR_peek_error;
- ERR_peek_error_line;
- ERR_print_errors;
- ERR_print_errors_fp;
- ERR_put_error;
- ERR_reason_error_string;
- ERR_remove_state;
- EVP_BytesToKey;
- EVP_CIPHER_CTX_cleanup;
- EVP_CipherFinal;
- EVP_CipherInit;
- EVP_CipherUpdate;
- EVP_DecodeBlock;
- EVP_DecodeFinal;
- EVP_DecodeInit;
- EVP_DecodeUpdate;
- EVP_DecryptFinal;
- EVP_DecryptInit;
- EVP_DecryptUpdate;
- EVP_DigestFinal;
- EVP_DigestInit;
- EVP_DigestUpdate;
- EVP_EncodeBlock;
- EVP_EncodeFinal;
- EVP_EncodeInit;
- EVP_EncodeUpdate;
- EVP_EncryptFinal;
- EVP_EncryptInit;
- EVP_EncryptUpdate;
- EVP_OpenFinal;
- EVP_OpenInit;
- EVP_PKEY_assign;
- EVP_PKEY_copy_parameters;
- EVP_PKEY_free;
- EVP_PKEY_missing_parameters;
- EVP_PKEY_new;
- EVP_PKEY_save_parameters;
- EVP_PKEY_size;
- EVP_PKEY_type;
- EVP_SealFinal;
- EVP_SealInit;
- EVP_SignFinal;
- EVP_VerifyFinal;
- EVP_add_alias;
- EVP_add_cipher;
- EVP_add_digest;
- EVP_bf_cbc;
- EVP_bf_cfb64;
- EVP_bf_ecb;
- EVP_bf_ofb;
- EVP_cleanup;
- EVP_des_cbc;
- EVP_des_cfb64;
- EVP_des_ecb;
- EVP_des_ede;
- EVP_des_ede3;
- EVP_des_ede3_cbc;
- EVP_des_ede3_cfb64;
- EVP_des_ede3_ofb;
- EVP_des_ede_cbc;
- EVP_des_ede_cfb64;
- EVP_des_ede_ofb;
- EVP_des_ofb;
- EVP_desx_cbc;
- EVP_dss;
- EVP_dss1;
- EVP_enc_null;
- EVP_get_cipherbyname;
- EVP_get_digestbyname;
- EVP_get_pw_prompt;
- EVP_idea_cbc;
- EVP_idea_cfb64;
- EVP_idea_ecb;
- EVP_idea_ofb;
- EVP_md2;
- EVP_md5;
- EVP_md_null;
- EVP_rc2_cbc;
- EVP_rc2_cfb64;
- EVP_rc2_ecb;
- EVP_rc2_ofb;
- EVP_rc4;
- EVP_read_pw_string;
- EVP_set_pw_prompt;
- EVP_sha;
- EVP_sha1;
- MD2;
- MD2_Final;
- MD2_Init;
- MD2_Update;
- MD2_options;
- MD5;
- MD5_Final;
- MD5_Init;
- MD5_Update;
- MDC2;
- MDC2_Final;
- MDC2_Init;
- MDC2_Update;
- NETSCAPE_SPKAC_free;
- NETSCAPE_SPKAC_new;
- NETSCAPE_SPKI_free;
- NETSCAPE_SPKI_new;
- NETSCAPE_SPKI_sign;
- NETSCAPE_SPKI_verify;
- OBJ_add_object;
- OBJ_bsearch;
- OBJ_cleanup;
- OBJ_cmp;
- OBJ_create;
- OBJ_dup;
- OBJ_ln2nid;
- OBJ_new_nid;
- OBJ_nid2ln;
- OBJ_nid2obj;
- OBJ_nid2sn;
- OBJ_obj2nid;
- OBJ_sn2nid;
- OBJ_txt2nid;
- PEM_ASN1_read;
- PEM_ASN1_read_bio;
- PEM_ASN1_write;
- PEM_ASN1_write_bio;
- PEM_SealFinal;
- PEM_SealInit;
- PEM_SealUpdate;
- PEM_SignFinal;
- PEM_SignInit;
- PEM_SignUpdate;
- PEM_X509_INFO_read;
- PEM_X509_INFO_read_bio;
- PEM_X509_INFO_write_bio;
- PEM_dek_info;
- PEM_do_header;
- PEM_get_EVP_CIPHER_INFO;
- PEM_proc_type;
- PEM_read;
- PEM_read_DHparams;
- PEM_read_DSAPrivateKey;
- PEM_read_DSAparams;
- PEM_read_PKCS7;
- PEM_read_PrivateKey;
- PEM_read_RSAPrivateKey;
- PEM_read_X509;
- PEM_read_X509_CRL;
- PEM_read_X509_REQ;
- PEM_read_bio;
- PEM_read_bio_DHparams;
- PEM_read_bio_DSAPrivateKey;
- PEM_read_bio_DSAparams;
- PEM_read_bio_PKCS7;
- PEM_read_bio_PrivateKey;
- PEM_read_bio_RSAPrivateKey;
- PEM_read_bio_X509;
- PEM_read_bio_X509_CRL;
- PEM_read_bio_X509_REQ;
- PEM_write;
- PEM_write_DHparams;
- PEM_write_DSAPrivateKey;
- PEM_write_DSAparams;
- PEM_write_PKCS7;
- PEM_write_PrivateKey;
- PEM_write_RSAPrivateKey;
- PEM_write_X509;
- PEM_write_X509_CRL;
- PEM_write_X509_REQ;
- PEM_write_bio;
- PEM_write_bio_DHparams;
- PEM_write_bio_DSAPrivateKey;
- PEM_write_bio_DSAparams;
- PEM_write_bio_PKCS7;
- PEM_write_bio_PrivateKey;
- PEM_write_bio_RSAPrivateKey;
- PEM_write_bio_X509;
- PEM_write_bio_X509_CRL;
- PEM_write_bio_X509_REQ;
- PKCS7_DIGEST_free;
- PKCS7_DIGEST_new;
- PKCS7_ENCRYPT_free;
- PKCS7_ENCRYPT_new;
- PKCS7_ENC_CONTENT_free;
- PKCS7_ENC_CONTENT_new;
- PKCS7_ENVELOPE_free;
- PKCS7_ENVELOPE_new;
- PKCS7_ISSUER_AND_SERIAL_digest;
- PKCS7_ISSUER_AND_SERIAL_free;
- PKCS7_ISSUER_AND_SERIAL_new;
- PKCS7_RECIP_INFO_free;
- PKCS7_RECIP_INFO_new;
- PKCS7_SIGNED_free;
- PKCS7_SIGNED_new;
- PKCS7_SIGNER_INFO_free;
- PKCS7_SIGNER_INFO_new;
- PKCS7_SIGN_ENVELOPE_free;
- PKCS7_SIGN_ENVELOPE_new;
- PKCS7_dup;
- PKCS7_free;
- PKCS7_new;
- PROXY_ENTRY_add_noproxy;
- PROXY_ENTRY_clear_noproxy;
- PROXY_ENTRY_free;
- PROXY_ENTRY_get_noproxy;
- PROXY_ENTRY_new;
- PROXY_ENTRY_set_server;
- PROXY_add_noproxy;
- PROXY_add_server;
- PROXY_check_by_host;
- PROXY_check_url;
- PROXY_clear_noproxy;
- PROXY_free;
- PROXY_get_noproxy;
- PROXY_get_proxies;
- PROXY_get_proxy_entry;
- PROXY_load_conf;
- PROXY_new;
- PROXY_print;
- RAND_bytes;
- RAND_cleanup;
- RAND_file_name;
- RAND_load_file;
- RAND_screen;
- RAND_seed;
- RAND_write_file;
- RC2_cbc_encrypt;
- RC2_cfb64_encrypt;
- RC2_ecb_encrypt;
- RC2_encrypt;
- RC2_ofb64_encrypt;
- RC2_set_key;
- RC4;
- RC4_options;
- RC4_set_key;
- RSAPrivateKey_asn1_meth;
- RSAPrivateKey_dup;
- RSAPublicKey_dup;
- RSA_PKCS1_SSLeay;
- RSA_free;
- RSA_generate_key;
- RSA_new;
- RSA_new_method;
- RSA_print;
- RSA_print_fp;
- RSA_private_decrypt;
- RSA_private_encrypt;
- RSA_public_decrypt;
- RSA_public_encrypt;
- RSA_set_default_method;
- RSA_sign;
- RSA_sign_ASN1_OCTET_STRING;
- RSA_size;
- RSA_verify;
- RSA_verify_ASN1_OCTET_STRING;
- SHA;
- SHA1;
- SHA1_Final;
- SHA1_Init;
- SHA1_Update;
- SHA_Final;
- SHA_Init;
- SHA_Update;
- OpenSSL_add_all_algorithms;
- OpenSSL_add_all_ciphers;
- OpenSSL_add_all_digests;
- TXT_DB_create_index;
- TXT_DB_free;
- TXT_DB_get_by_index;
- TXT_DB_insert;
- TXT_DB_read;
- TXT_DB_write;
- X509_ALGOR_free;
- X509_ALGOR_new;
- X509_ATTRIBUTE_free;
- X509_ATTRIBUTE_new;
- X509_CINF_free;
- X509_CINF_new;
- X509_CRL_INFO_free;
- X509_CRL_INFO_new;
- X509_CRL_add_ext;
- X509_CRL_cmp;
- X509_CRL_delete_ext;
- X509_CRL_dup;
- X509_CRL_free;
- X509_CRL_get_ext;
- X509_CRL_get_ext_by_NID;
- X509_CRL_get_ext_by_OBJ;
- X509_CRL_get_ext_by_critical;
- X509_CRL_get_ext_count;
- X509_CRL_new;
- X509_CRL_sign;
- X509_CRL_verify;
- X509_EXTENSION_create_by_NID;
- X509_EXTENSION_create_by_OBJ;
- X509_EXTENSION_dup;
- X509_EXTENSION_free;
- X509_EXTENSION_get_critical;
- X509_EXTENSION_get_data;
- X509_EXTENSION_get_object;
- X509_EXTENSION_new;
- X509_EXTENSION_set_critical;
- X509_EXTENSION_set_data;
- X509_EXTENSION_set_object;
- X509_INFO_free;
- X509_INFO_new;
- X509_LOOKUP_by_alias;
- X509_LOOKUP_by_fingerprint;
- X509_LOOKUP_by_issuer_serial;
- X509_LOOKUP_by_subject;
- X509_LOOKUP_ctrl;
- X509_LOOKUP_file;
- X509_LOOKUP_free;
- X509_LOOKUP_hash_dir;
- X509_LOOKUP_init;
- X509_LOOKUP_new;
- X509_LOOKUP_shutdown;
- X509_NAME_ENTRY_create_by_NID;
- X509_NAME_ENTRY_create_by_OBJ;
- X509_NAME_ENTRY_dup;
- X509_NAME_ENTRY_free;
- X509_NAME_ENTRY_get_data;
- X509_NAME_ENTRY_get_object;
- X509_NAME_ENTRY_new;
- X509_NAME_ENTRY_set_data;
- X509_NAME_ENTRY_set_object;
- X509_NAME_add_entry;
- X509_NAME_cmp;
- X509_NAME_delete_entry;
- X509_NAME_digest;
- X509_NAME_dup;
- X509_NAME_entry_count;
- X509_NAME_free;
- X509_NAME_get_entry;
- X509_NAME_get_index_by_NID;
- X509_NAME_get_index_by_OBJ;
- X509_NAME_get_text_by_NID;
- X509_NAME_get_text_by_OBJ;
- X509_NAME_hash;
- X509_NAME_new;
- X509_NAME_oneline;
- X509_NAME_print;
- X509_NAME_set;
- X509_OBJECT_free_contents;
- X509_OBJECT_retrieve_by_subject;
- X509_OBJECT_up_ref_count;
- X509_PKEY_free;
- X509_PKEY_new;
- X509_PUBKEY_free;
- X509_PUBKEY_get;
- X509_PUBKEY_new;
- X509_PUBKEY_set;
- X509_REQ_INFO_free;
- X509_REQ_INFO_new;
- X509_REQ_dup;
- X509_REQ_free;
- X509_REQ_get_pubkey;
- X509_REQ_new;
- X509_REQ_print;
- X509_REQ_print_fp;
- X509_REQ_set_pubkey;
- X509_REQ_set_subject_name;
- X509_REQ_set_version;
- X509_REQ_sign;
- X509_REQ_to_X509;
- X509_REQ_verify;
- X509_REVOKED_add_ext;
- X509_REVOKED_delete_ext;
- X509_REVOKED_free;
- X509_REVOKED_get_ext;
- X509_REVOKED_get_ext_by_NID;
- X509_REVOKED_get_ext_by_OBJ;
- X509_REVOKED_get_ext_by_critical;
- X509_REVOKED_get_ext_by_critic;
- X509_REVOKED_get_ext_count;
- X509_REVOKED_new;
- X509_SIG_free;
- X509_SIG_new;
- X509_STORE_CTX_cleanup;
- X509_STORE_CTX_init;
- X509_STORE_add_cert;
- X509_STORE_add_lookup;
- X509_STORE_free;
- X509_STORE_get_by_subject;
- X509_STORE_load_locations;
- X509_STORE_new;
- X509_STORE_set_default_paths;
- X509_VAL_free;
- X509_VAL_new;
- X509_add_ext;
- X509_asn1_meth;
- X509_certificate_type;
- X509_check_private_key;
- X509_cmp_current_time;
- X509_delete_ext;
- X509_digest;
- X509_dup;
- X509_free;
- X509_get_default_cert_area;
- X509_get_default_cert_dir;
- X509_get_default_cert_dir_env;
- X509_get_default_cert_file;
- X509_get_default_cert_file_env;
- X509_get_default_private_dir;
- X509_get_ext;
- X509_get_ext_by_NID;
- X509_get_ext_by_OBJ;
- X509_get_ext_by_critical;
- X509_get_ext_count;
- X509_get_issuer_name;
- X509_get_pubkey;
- X509_get_pubkey_parameters;
- X509_get_serialNumber;
- X509_get_subject_name;
- X509_gmtime_adj;
- X509_issuer_and_serial_cmp;
- X509_issuer_and_serial_hash;
- X509_issuer_name_cmp;
- X509_issuer_name_hash;
- X509_load_cert_file;
- X509_new;
- X509_print;
- X509_print_fp;
- X509_set_issuer_name;
- X509_set_notAfter;
- X509_set_notBefore;
- X509_set_pubkey;
- X509_set_serialNumber;
- X509_set_subject_name;
- X509_set_version;
- X509_sign;
- X509_subject_name_cmp;
- X509_subject_name_hash;
- X509_to_X509_REQ;
- X509_verify;
- X509_verify_cert;
- X509_verify_cert_error_string;
- X509v3_add_ext;
- X509v3_add_extension;
- X509v3_add_netscape_extensions;
- X509v3_add_standard_extensions;
- X509v3_cleanup_extensions;
- X509v3_data_type_by_NID;
- X509v3_data_type_by_OBJ;
- X509v3_delete_ext;
- X509v3_get_ext;
- X509v3_get_ext_by_NID;
- X509v3_get_ext_by_OBJ;
- X509v3_get_ext_by_critical;
- X509v3_get_ext_count;
- X509v3_pack_string;
- X509v3_pack_type_by_NID;
- X509v3_pack_type_by_OBJ;
- X509v3_unpack_string;
- _des_crypt;
- a2d_ASN1_OBJECT;
- a2i_ASN1_INTEGER;
- a2i_ASN1_STRING;
- asn1_Finish;
- asn1_GetSequence;
- bn_div_words;
- bn_expand2;
- bn_mul_add_words;
- bn_mul_words;
- BN_uadd;
- BN_usub;
- bn_sqr_words;
- _ossl_old_crypt;
- d2i_ASN1_BIT_STRING;
- d2i_ASN1_BOOLEAN;
- d2i_ASN1_HEADER;
- d2i_ASN1_IA5STRING;
- d2i_ASN1_INTEGER;
- d2i_ASN1_OBJECT;
- d2i_ASN1_OCTET_STRING;
- d2i_ASN1_PRINTABLE;
- d2i_ASN1_PRINTABLESTRING;
- d2i_ASN1_SET;
- d2i_ASN1_T61STRING;
- d2i_ASN1_TYPE;
- d2i_ASN1_UTCTIME;
- d2i_ASN1_bytes;
- d2i_ASN1_type_bytes;
- d2i_DHparams;
- d2i_DSAPrivateKey;
- d2i_DSAPrivateKey_bio;
- d2i_DSAPrivateKey_fp;
- d2i_DSAPublicKey;
- d2i_DSAparams;
- d2i_NETSCAPE_SPKAC;
- d2i_NETSCAPE_SPKI;
- d2i_Netscape_RSA;
- d2i_PKCS7;
- d2i_PKCS7_DIGEST;
- d2i_PKCS7_ENCRYPT;
- d2i_PKCS7_ENC_CONTENT;
- d2i_PKCS7_ENVELOPE;
- d2i_PKCS7_ISSUER_AND_SERIAL;
- d2i_PKCS7_RECIP_INFO;
- d2i_PKCS7_SIGNED;
- d2i_PKCS7_SIGNER_INFO;
- d2i_PKCS7_SIGN_ENVELOPE;
- d2i_PKCS7_bio;
- d2i_PKCS7_fp;
- d2i_PrivateKey;
- d2i_PublicKey;
- d2i_RSAPrivateKey;
- d2i_RSAPrivateKey_bio;
- d2i_RSAPrivateKey_fp;
- d2i_RSAPublicKey;
- d2i_X509;
- d2i_X509_ALGOR;
- d2i_X509_ATTRIBUTE;
- d2i_X509_CINF;
- d2i_X509_CRL;
- d2i_X509_CRL_INFO;
- d2i_X509_CRL_bio;
- d2i_X509_CRL_fp;
- d2i_X509_EXTENSION;
- d2i_X509_NAME;
- d2i_X509_NAME_ENTRY;
- d2i_X509_PKEY;
- d2i_X509_PUBKEY;
- d2i_X509_REQ;
- d2i_X509_REQ_INFO;
- d2i_X509_REQ_bio;
- d2i_X509_REQ_fp;
- d2i_X509_REVOKED;
- d2i_X509_SIG;
- d2i_X509_VAL;
- d2i_X509_bio;
- d2i_X509_fp;
- DES_cbc_cksum;
- DES_cbc_encrypt;
- DES_cblock_print_file;
- DES_cfb64_encrypt;
- DES_cfb_encrypt;
- DES_decrypt3;
- DES_ecb3_encrypt;
- DES_ecb_encrypt;
- DES_ede3_cbc_encrypt;
- DES_ede3_cfb64_encrypt;
- DES_ede3_ofb64_encrypt;
- DES_enc_read;
- DES_enc_write;
- DES_encrypt1;
- DES_encrypt2;
- DES_encrypt3;
- DES_fcrypt;
- DES_is_weak_key;
- DES_key_sched;
- DES_ncbc_encrypt;
- DES_ofb64_encrypt;
- DES_ofb_encrypt;
- DES_options;
- DES_pcbc_encrypt;
- DES_quad_cksum;
- DES_random_key;
- _ossl_old_des_random_seed;
- _ossl_old_des_read_2passwords;
- _ossl_old_des_read_password;
- _ossl_old_des_read_pw;
- _ossl_old_des_read_pw_string;
- DES_set_key;
- DES_set_odd_parity;
- DES_string_to_2keys;
- DES_string_to_key;
- DES_xcbc_encrypt;
- DES_xwhite_in2out;
- fcrypt_body;
- i2a_ASN1_INTEGER;
- i2a_ASN1_OBJECT;
- i2a_ASN1_STRING;
- i2d_ASN1_BIT_STRING;
- i2d_ASN1_BOOLEAN;
- i2d_ASN1_HEADER;
- i2d_ASN1_IA5STRING;
- i2d_ASN1_INTEGER;
- i2d_ASN1_OBJECT;
- i2d_ASN1_OCTET_STRING;
- i2d_ASN1_PRINTABLE;
- i2d_ASN1_SET;
- i2d_ASN1_TYPE;
- i2d_ASN1_UTCTIME;
- i2d_ASN1_bytes;
- i2d_DHparams;
- i2d_DSAPrivateKey;
- i2d_DSAPrivateKey_bio;
- i2d_DSAPrivateKey_fp;
- i2d_DSAPublicKey;
- i2d_DSAparams;
- i2d_NETSCAPE_SPKAC;
- i2d_NETSCAPE_SPKI;
- i2d_Netscape_RSA;
- i2d_PKCS7;
- i2d_PKCS7_DIGEST;
- i2d_PKCS7_ENCRYPT;
- i2d_PKCS7_ENC_CONTENT;
- i2d_PKCS7_ENVELOPE;
- i2d_PKCS7_ISSUER_AND_SERIAL;
- i2d_PKCS7_RECIP_INFO;
- i2d_PKCS7_SIGNED;
- i2d_PKCS7_SIGNER_INFO;
- i2d_PKCS7_SIGN_ENVELOPE;
- i2d_PKCS7_bio;
- i2d_PKCS7_fp;
- i2d_PrivateKey;
- i2d_PublicKey;
- i2d_RSAPrivateKey;
- i2d_RSAPrivateKey_bio;
- i2d_RSAPrivateKey_fp;
- i2d_RSAPublicKey;
- i2d_X509;
- i2d_X509_ALGOR;
- i2d_X509_ATTRIBUTE;
- i2d_X509_CINF;
- i2d_X509_CRL;
- i2d_X509_CRL_INFO;
- i2d_X509_CRL_bio;
- i2d_X509_CRL_fp;
- i2d_X509_EXTENSION;
- i2d_X509_NAME;
- i2d_X509_NAME_ENTRY;
- i2d_X509_PKEY;
- i2d_X509_PUBKEY;
- i2d_X509_REQ;
- i2d_X509_REQ_INFO;
- i2d_X509_REQ_bio;
- i2d_X509_REQ_fp;
- i2d_X509_REVOKED;
- i2d_X509_SIG;
- i2d_X509_VAL;
- i2d_X509_bio;
- i2d_X509_fp;
- idea_cbc_encrypt;
- idea_cfb64_encrypt;
- idea_ecb_encrypt;
- idea_encrypt;
- idea_ofb64_encrypt;
- idea_options;
- idea_set_decrypt_key;
- idea_set_encrypt_key;
- lh_delete;
- lh_doall;
- lh_doall_arg;
- lh_free;
- lh_insert;
- lh_new;
- lh_node_stats;
- lh_node_stats_bio;
- lh_node_usage_stats;
- lh_node_usage_stats_bio;
- lh_retrieve;
- lh_stats;
- lh_stats_bio;
- lh_strhash;
- sk_delete;
- sk_delete_ptr;
- sk_dup;
- sk_find;
- sk_free;
- sk_insert;
- sk_new;
- sk_pop;
- sk_pop_free;
- sk_push;
- sk_set_cmp_func;
- sk_shift;
- sk_unshift;
- sk_zero;
- BIO_f_nbio_test;
- ASN1_TYPE_get;
- ASN1_TYPE_set;
- PKCS7_content_free;
- ERR_load_PKCS7_strings;
- X509_find_by_issuer_and_serial;
- X509_find_by_subject;
- PKCS7_ctrl;
- PKCS7_set_type;
- PKCS7_set_content;
- PKCS7_SIGNER_INFO_set;
- PKCS7_add_signer;
- PKCS7_add_certificate;
- PKCS7_add_crl;
- PKCS7_content_new;
- PKCS7_dataSign;
- PKCS7_dataVerify;
- PKCS7_dataInit;
- PKCS7_add_signature;
- PKCS7_cert_from_signer_info;
- PKCS7_get_signer_info;
- EVP_delete_alias;
- EVP_mdc2;
- PEM_read_bio_RSAPublicKey;
- PEM_write_bio_RSAPublicKey;
- d2i_RSAPublicKey_bio;
- i2d_RSAPublicKey_bio;
- PEM_read_RSAPublicKey;
- PEM_write_RSAPublicKey;
- d2i_RSAPublicKey_fp;
- i2d_RSAPublicKey_fp;
- BIO_copy_next_retry;
- RSA_flags;
- X509_STORE_add_crl;
- X509_load_crl_file;
- EVP_rc2_40_cbc;
- EVP_rc4_40;
- EVP_CIPHER_CTX_init;
- HMAC;
- HMAC_Init;
- HMAC_Update;
- HMAC_Final;
- ERR_get_next_error_library;
- EVP_PKEY_cmp_parameters;
- HMAC_cleanup;
- BIO_ptr_ctrl;
- BIO_new_file_internal;
- BIO_new_fp_internal;
- BIO_s_file_internal;
- BN_BLINDING_convert;
- BN_BLINDING_invert;
- BN_BLINDING_update;
- RSA_blinding_on;
- RSA_blinding_off;
- i2t_ASN1_OBJECT;
- BN_BLINDING_new;
- BN_BLINDING_free;
- EVP_cast5_cbc;
- EVP_cast5_cfb64;
- EVP_cast5_ecb;
- EVP_cast5_ofb;
- BF_decrypt;
- CAST_set_key;
- CAST_encrypt;
- CAST_decrypt;
- CAST_ecb_encrypt;
- CAST_cbc_encrypt;
- CAST_cfb64_encrypt;
- CAST_ofb64_encrypt;
- RC2_decrypt;
- OBJ_create_objects;
- BN_exp;
- BN_mul_word;
- BN_sub_word;
- BN_dec2bn;
- BN_bn2dec;
- BIO_ghbn_ctrl;
- CRYPTO_free_ex_data;
- CRYPTO_get_ex_data;
- CRYPTO_set_ex_data;
- ERR_load_CRYPTO_strings;
- ERR_load_CRYPTOlib_strings;
- EVP_PKEY_bits;
- MD5_Transform;
- SHA1_Transform;
- SHA_Transform;
- X509_STORE_CTX_get_chain;
- X509_STORE_CTX_get_current_cert;
- X509_STORE_CTX_get_error;
- X509_STORE_CTX_get_error_depth;
- X509_STORE_CTX_get_ex_data;
- X509_STORE_CTX_set_cert;
- X509_STORE_CTX_set_chain;
- X509_STORE_CTX_set_error;
- X509_STORE_CTX_set_ex_data;
- CRYPTO_dup_ex_data;
- CRYPTO_get_new_lockid;
- CRYPTO_new_ex_data;
- RSA_set_ex_data;
- RSA_get_ex_data;
- RSA_get_ex_new_index;
- RSA_padding_add_PKCS1_type_1;
- RSA_padding_add_PKCS1_type_2;
- RSA_padding_add_SSLv23;
- RSA_padding_add_none;
- RSA_padding_check_PKCS1_type_1;
- RSA_padding_check_PKCS1_type_2;
- RSA_padding_check_SSLv23;
- RSA_padding_check_none;
- bn_add_words;
- d2i_Netscape_RSA_2;
- CRYPTO_get_ex_new_index;
- RIPEMD160_Init;
- RIPEMD160_Update;
- RIPEMD160_Final;
- RIPEMD160;
- RIPEMD160_Transform;
- RC5_32_set_key;
- RC5_32_ecb_encrypt;
- RC5_32_encrypt;
- RC5_32_decrypt;
- RC5_32_cbc_encrypt;
- RC5_32_cfb64_encrypt;
- RC5_32_ofb64_encrypt;
- BN_bn2mpi;
- BN_mpi2bn;
- ASN1_BIT_STRING_get_bit;
- ASN1_BIT_STRING_set_bit;
- BIO_get_ex_data;
- BIO_get_ex_new_index;
- BIO_set_ex_data;
- X509v3_get_key_usage;
- X509v3_set_key_usage;
- a2i_X509v3_key_usage;
- i2a_X509v3_key_usage;
- EVP_PKEY_decrypt;
- EVP_PKEY_encrypt;
- PKCS7_RECIP_INFO_set;
- PKCS7_add_recipient;
- PKCS7_add_recipient_info;
- PKCS7_set_cipher;
- ASN1_TYPE_get_int_octetstring;
- ASN1_TYPE_get_octetstring;
- ASN1_TYPE_set_int_octetstring;
- ASN1_TYPE_set_octetstring;
- ASN1_UTCTIME_set_string;
- ERR_add_error_data;
- ERR_set_error_data;
- EVP_CIPHER_asn1_to_param;
- EVP_CIPHER_param_to_asn1;
- EVP_CIPHER_get_asn1_iv;
- EVP_CIPHER_set_asn1_iv;
- EVP_rc5_32_12_16_cbc;
- EVP_rc5_32_12_16_cfb64;
- EVP_rc5_32_12_16_ecb;
- EVP_rc5_32_12_16_ofb;
- asn1_add_error;
- d2i_ASN1_BMPSTRING;
- i2d_ASN1_BMPSTRING;
- BIO_f_ber;
- BN_init;
- COMP_CTX_new;
- COMP_CTX_free;
- COMP_CTX_compress_block;
- COMP_CTX_expand_block;
- X509_STORE_CTX_get_ex_new_index;
- OBJ_NAME_add;
- BIO_socket_nbio;
- EVP_rc2_64_cbc;
- OBJ_NAME_cleanup;
- OBJ_NAME_get;
- OBJ_NAME_init;
- OBJ_NAME_new_index;
- OBJ_NAME_remove;
- BN_MONT_CTX_copy;
- BIO_new_socks4a_connect;
- BIO_s_socks4a_connect;
- PROXY_set_connect_mode;
- RAND_SSLeay;
- RAND_set_rand_method;
- RSA_memory_lock;
- bn_sub_words;
- bn_mul_normal;
- bn_mul_comba8;
- bn_mul_comba4;
- bn_sqr_normal;
- bn_sqr_comba8;
- bn_sqr_comba4;
- bn_cmp_words;
- bn_mul_recursive;
- bn_mul_part_recursive;
- bn_sqr_recursive;
- bn_mul_low_normal;
- BN_RECP_CTX_init;
- BN_RECP_CTX_new;
- BN_RECP_CTX_free;
- BN_RECP_CTX_set;
- BN_mod_mul_reciprocal;
- BN_mod_exp_recp;
- BN_div_recp;
- BN_CTX_init;
- BN_MONT_CTX_init;
- RAND_get_rand_method;
- PKCS7_add_attribute;
- PKCS7_add_signed_attribute;
- PKCS7_digest_from_attributes;
- PKCS7_get_attribute;
- PKCS7_get_issuer_and_serial;
- PKCS7_get_signed_attribute;
- COMP_compress_block;
- COMP_expand_block;
- COMP_rle;
- COMP_zlib;
- ms_time_diff;
- ms_time_new;
- ms_time_free;
- ms_time_cmp;
- ms_time_get;
- PKCS7_set_attributes;
- PKCS7_set_signed_attributes;
- X509_ATTRIBUTE_create;
- X509_ATTRIBUTE_dup;
- ASN1_GENERALIZEDTIME_check;
- ASN1_GENERALIZEDTIME_print;
- ASN1_GENERALIZEDTIME_set;
- ASN1_GENERALIZEDTIME_set_string;
- ASN1_TIME_print;
- BASIC_CONSTRAINTS_free;
- BASIC_CONSTRAINTS_new;
- ERR_load_X509V3_strings;
- NETSCAPE_CERT_SEQUENCE_free;
- NETSCAPE_CERT_SEQUENCE_new;
- OBJ_txt2obj;
- PEM_read_NETSCAPE_CERT_SEQUENCE;
- PEM_read_NS_CERT_SEQ;
- PEM_read_bio_NETSCAPE_CERT_SEQUENCE;
- PEM_read_bio_NS_CERT_SEQ;
- PEM_write_NETSCAPE_CERT_SEQUENCE;
- PEM_write_NS_CERT_SEQ;
- PEM_write_bio_NETSCAPE_CERT_SEQUENCE;
- PEM_write_bio_NS_CERT_SEQ;
- X509V3_EXT_add;
- X509V3_EXT_add_alias;
- X509V3_EXT_add_conf;
- X509V3_EXT_cleanup;
- X509V3_EXT_conf;
- X509V3_EXT_conf_nid;
- X509V3_EXT_get;
- X509V3_EXT_get_nid;
- X509V3_EXT_print;
- X509V3_EXT_print_fp;
- X509V3_add_standard_extensions;
- X509V3_add_value;
- X509V3_add_value_bool;
- X509V3_add_value_int;
- X509V3_conf_free;
- X509V3_get_value_bool;
- X509V3_get_value_int;
- X509V3_parse_list;
- d2i_ASN1_GENERALIZEDTIME;
- d2i_ASN1_TIME;
- d2i_BASIC_CONSTRAINTS;
- d2i_NETSCAPE_CERT_SEQUENCE;
- d2i_ext_ku;
- ext_ku_free;
- ext_ku_new;
- i2d_ASN1_GENERALIZEDTIME;
- i2d_ASN1_TIME;
- i2d_BASIC_CONSTRAINTS;
- i2d_NETSCAPE_CERT_SEQUENCE;
- i2d_ext_ku;
- EVP_MD_CTX_copy;
- i2d_ASN1_ENUMERATED;
- d2i_ASN1_ENUMERATED;
- ASN1_ENUMERATED_set;
- ASN1_ENUMERATED_get;
- BN_to_ASN1_ENUMERATED;
- ASN1_ENUMERATED_to_BN;
- i2a_ASN1_ENUMERATED;
- a2i_ASN1_ENUMERATED;
- i2d_GENERAL_NAME;
- d2i_GENERAL_NAME;
- GENERAL_NAME_new;
- GENERAL_NAME_free;
- GENERAL_NAMES_new;
- GENERAL_NAMES_free;
- d2i_GENERAL_NAMES;
- i2d_GENERAL_NAMES;
- i2v_GENERAL_NAMES;
- i2s_ASN1_OCTET_STRING;
- s2i_ASN1_OCTET_STRING;
- X509V3_EXT_check_conf;
- hex_to_string;
- string_to_hex;
- DES_ede3_cbcm_encrypt;
- RSA_padding_add_PKCS1_OAEP;
- RSA_padding_check_PKCS1_OAEP;
- X509_CRL_print_fp;
- X509_CRL_print;
- i2v_GENERAL_NAME;
- v2i_GENERAL_NAME;
- i2d_PKEY_USAGE_PERIOD;
- d2i_PKEY_USAGE_PERIOD;
- PKEY_USAGE_PERIOD_new;
- PKEY_USAGE_PERIOD_free;
- v2i_GENERAL_NAMES;
- i2s_ASN1_INTEGER;
- X509V3_EXT_d2i;
- name_cmp;
- str_dup;
- i2s_ASN1_ENUMERATED;
- i2s_ASN1_ENUMERATED_TABLE;
- BIO_s_log;
- BIO_f_reliable;
- PKCS7_dataFinal;
- PKCS7_dataDecode;
- X509V3_EXT_CRL_add_conf;
- BN_set_params;
- BN_get_params;
- BIO_get_ex_num;
- BIO_set_ex_free_func;
- EVP_ripemd160;
- ASN1_TIME_set;
- i2d_AUTHORITY_KEYID;
- d2i_AUTHORITY_KEYID;
- AUTHORITY_KEYID_new;
- AUTHORITY_KEYID_free;
- ASN1_seq_unpack;
- ASN1_seq_pack;
- ASN1_unpack_string;
- ASN1_pack_string;
- PKCS12_pack_safebag;
- PKCS12_MAKE_KEYBAG;
- PKCS8_encrypt;
- PKCS12_MAKE_SHKEYBAG;
- PKCS12_pack_p7data;
- PKCS12_pack_p7encdata;
- PKCS12_add_localkeyid;
- PKCS12_add_friendlyname_asc;
- PKCS12_add_friendlyname_uni;
- PKCS12_get_friendlyname;
- PKCS12_pbe_crypt;
- PKCS12_decrypt_d2i;
- PKCS12_i2d_encrypt;
- PKCS12_init;
- PKCS12_key_gen_asc;
- PKCS12_key_gen_uni;
- PKCS12_gen_mac;
- PKCS12_verify_mac;
- PKCS12_set_mac;
- PKCS12_setup_mac;
- OPENSSL_asc2uni;
- OPENSSL_uni2asc;
- i2d_PKCS12_BAGS;
- PKCS12_BAGS_new;
- d2i_PKCS12_BAGS;
- PKCS12_BAGS_free;
- i2d_PKCS12;
- d2i_PKCS12;
- PKCS12_new;
- PKCS12_free;
- i2d_PKCS12_MAC_DATA;
- PKCS12_MAC_DATA_new;
- d2i_PKCS12_MAC_DATA;
- PKCS12_MAC_DATA_free;
- i2d_PKCS12_SAFEBAG;
- PKCS12_SAFEBAG_new;
- d2i_PKCS12_SAFEBAG;
- PKCS12_SAFEBAG_free;
- ERR_load_PKCS12_strings;
- PKCS12_PBE_add;
- PKCS8_add_keyusage;
- PKCS12_get_attr_gen;
- PKCS12_parse;
- PKCS12_create;
- i2d_PKCS12_bio;
- i2d_PKCS12_fp;
- d2i_PKCS12_bio;
- d2i_PKCS12_fp;
- i2d_PBEPARAM;
- PBEPARAM_new;
- d2i_PBEPARAM;
- PBEPARAM_free;
- i2d_PKCS8_PRIV_KEY_INFO;
- PKCS8_PRIV_KEY_INFO_new;
- d2i_PKCS8_PRIV_KEY_INFO;
- PKCS8_PRIV_KEY_INFO_free;
- EVP_PKCS82PKEY;
- EVP_PKEY2PKCS8;
- PKCS8_set_broken;
- EVP_PBE_ALGOR_CipherInit;
- EVP_PBE_alg_add;
- PKCS5_pbe_set;
- EVP_PBE_cleanup;
- i2d_SXNET;
- d2i_SXNET;
- SXNET_new;
- SXNET_free;
- i2d_SXNETID;
- d2i_SXNETID;
- SXNETID_new;
- SXNETID_free;
- DSA_SIG_new;
- DSA_SIG_free;
- DSA_do_sign;
- DSA_do_verify;
- d2i_DSA_SIG;
- i2d_DSA_SIG;
- i2d_ASN1_VISIBLESTRING;
- d2i_ASN1_VISIBLESTRING;
- i2d_ASN1_UTF8STRING;
- d2i_ASN1_UTF8STRING;
- i2d_DIRECTORYSTRING;
- d2i_DIRECTORYSTRING;
- i2d_DISPLAYTEXT;
- d2i_DISPLAYTEXT;
- d2i_ASN1_SET_OF_X509;
- i2d_ASN1_SET_OF_X509;
- i2d_PBKDF2PARAM;
- PBKDF2PARAM_new;
- d2i_PBKDF2PARAM;
- PBKDF2PARAM_free;
- i2d_PBE2PARAM;
- PBE2PARAM_new;
- d2i_PBE2PARAM;
- PBE2PARAM_free;
- d2i_ASN1_SET_OF_GENERAL_NAME;
- i2d_ASN1_SET_OF_GENERAL_NAME;
- d2i_ASN1_SET_OF_SXNETID;
- i2d_ASN1_SET_OF_SXNETID;
- d2i_ASN1_SET_OF_POLICYQUALINFO;
- i2d_ASN1_SET_OF_POLICYQUALINFO;
- d2i_ASN1_SET_OF_POLICYINFO;
- i2d_ASN1_SET_OF_POLICYINFO;
- SXNET_add_id_asc;
- SXNET_add_id_ulong;
- SXNET_add_id_INTEGER;
- SXNET_get_id_asc;
- SXNET_get_id_ulong;
- SXNET_get_id_INTEGER;
- X509V3_set_conf_lhash;
- i2d_CERTIFICATEPOLICIES;
- CERTIFICATEPOLICIES_new;
- CERTIFICATEPOLICIES_free;
- d2i_CERTIFICATEPOLICIES;
- i2d_POLICYINFO;
- POLICYINFO_new;
- d2i_POLICYINFO;
- POLICYINFO_free;
- i2d_POLICYQUALINFO;
- POLICYQUALINFO_new;
- d2i_POLICYQUALINFO;
- POLICYQUALINFO_free;
- i2d_USERNOTICE;
- USERNOTICE_new;
- d2i_USERNOTICE;
- USERNOTICE_free;
- i2d_NOTICEREF;
- NOTICEREF_new;
- d2i_NOTICEREF;
- NOTICEREF_free;
- X509V3_get_string;
- X509V3_get_section;
- X509V3_string_free;
- X509V3_section_free;
- X509V3_set_ctx;
- s2i_ASN1_INTEGER;
- CRYPTO_set_locked_mem_functions;
- CRYPTO_get_locked_mem_functions;
- CRYPTO_malloc_locked;
- CRYPTO_free_locked;
- BN_mod_exp2_mont;
- ERR_get_error_line_data;
- ERR_peek_error_line_data;
- PKCS12_PBE_keyivgen;
- X509_ALGOR_dup;
- d2i_ASN1_SET_OF_DIST_POINT;
- i2d_ASN1_SET_OF_DIST_POINT;
- i2d_CRL_DIST_POINTS;
- CRL_DIST_POINTS_new;
- CRL_DIST_POINTS_free;
- d2i_CRL_DIST_POINTS;
- i2d_DIST_POINT;
- DIST_POINT_new;
- d2i_DIST_POINT;
- DIST_POINT_free;
- i2d_DIST_POINT_NAME;
- DIST_POINT_NAME_new;
- DIST_POINT_NAME_free;
- d2i_DIST_POINT_NAME;
- X509V3_add_value_uchar;
- d2i_ASN1_SET_OF_X509_ATTRIBUTE;
- i2d_ASN1_SET_OF_ASN1_TYPE;
- d2i_ASN1_SET_OF_X509_EXTENSION;
- d2i_ASN1_SET_OF_X509_NAME_ENTRY;
- d2i_ASN1_SET_OF_ASN1_TYPE;
- i2d_ASN1_SET_OF_X509_ATTRIBUTE;
- i2d_ASN1_SET_OF_X509_EXTENSION;
- i2d_ASN1_SET_OF_X509_NAME_ENTRY;
- X509V3_EXT_i2d;
- X509V3_EXT_val_prn;
- X509V3_EXT_add_list;
- EVP_CIPHER_type;
- EVP_PBE_CipherInit;
- X509V3_add_value_bool_nf;
- d2i_ASN1_UINTEGER;
- sk_value;
- sk_num;
- sk_set;
- i2d_ASN1_SET_OF_X509_REVOKED;
- sk_sort;
- d2i_ASN1_SET_OF_X509_REVOKED;
- i2d_ASN1_SET_OF_X509_ALGOR;
- i2d_ASN1_SET_OF_X509_CRL;
- d2i_ASN1_SET_OF_X509_ALGOR;
- d2i_ASN1_SET_OF_X509_CRL;
- i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO;
- i2d_ASN1_SET_OF_PKCS7_RECIP_INFO;
- d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO;
- d2i_ASN1_SET_OF_PKCS7_RECIP_INFO;
- PKCS5_PBE_add;
- PEM_write_bio_PKCS8;
- i2d_PKCS8_fp;
- PEM_read_bio_PKCS8_PRIV_KEY_INFO;
- PEM_read_bio_P8_PRIV_KEY_INFO;
- d2i_PKCS8_bio;
- d2i_PKCS8_PRIV_KEY_INFO_fp;
- PEM_write_bio_PKCS8_PRIV_KEY_INFO;
- PEM_write_bio_P8_PRIV_KEY_INFO;
- PEM_read_PKCS8;
- d2i_PKCS8_PRIV_KEY_INFO_bio;
- d2i_PKCS8_fp;
- PEM_write_PKCS8;
- PEM_read_PKCS8_PRIV_KEY_INFO;
- PEM_read_P8_PRIV_KEY_INFO;
- PEM_read_bio_PKCS8;
- PEM_write_PKCS8_PRIV_KEY_INFO;
- PEM_write_P8_PRIV_KEY_INFO;
- PKCS5_PBE_keyivgen;
- i2d_PKCS8_bio;
- i2d_PKCS8_PRIV_KEY_INFO_fp;
- i2d_PKCS8_PRIV_KEY_INFO_bio;
- BIO_s_bio;
- PKCS5_pbe2_set;
- PKCS5_PBKDF2_HMAC_SHA1;
- PKCS5_v2_PBE_keyivgen;
- PEM_write_bio_PKCS8PrivateKey;
- PEM_write_PKCS8PrivateKey;
- BIO_ctrl_get_read_request;
- BIO_ctrl_pending;
- BIO_ctrl_wpending;
- BIO_new_bio_pair;
- BIO_ctrl_get_write_guarantee;
- CRYPTO_num_locks;
- CONF_load_bio;
- CONF_load_fp;
- i2d_ASN1_SET_OF_ASN1_OBJECT;
- d2i_ASN1_SET_OF_ASN1_OBJECT;
- PKCS7_signatureVerify;
- RSA_set_method;
- RSA_get_method;
- RSA_get_default_method;
- RSA_check_key;
- OBJ_obj2txt;
- DSA_dup_DH;
- X509_REQ_get_extensions;
- X509_REQ_set_extension_nids;
- BIO_nwrite;
- X509_REQ_extension_nid;
- BIO_nread;
- X509_REQ_get_extension_nids;
- BIO_nwrite0;
- X509_REQ_add_extensions_nid;
- BIO_nread0;
- X509_REQ_add_extensions;
- BIO_new_mem_buf;
- DH_set_ex_data;
- DH_set_method;
- DSA_OpenSSL;
- DH_get_ex_data;
- DH_get_ex_new_index;
- DSA_new_method;
- DH_new_method;
- DH_OpenSSL;
- DSA_get_ex_new_index;
- DH_get_default_method;
- DSA_set_ex_data;
- DH_set_default_method;
- DSA_get_ex_data;
- X509V3_EXT_REQ_add_conf;
- NETSCAPE_SPKI_print;
- NETSCAPE_SPKI_set_pubkey;
- NETSCAPE_SPKI_b64_encode;
- NETSCAPE_SPKI_get_pubkey;
- NETSCAPE_SPKI_b64_decode;
- UTF8_putc;
- UTF8_getc;
- RSA_null_method;
- ASN1_tag2str;
- BIO_ctrl_reset_read_request;
- DISPLAYTEXT_new;
- ASN1_GENERALIZEDTIME_free;
- X509_REVOKED_get_ext_d2i;
- X509_set_ex_data;
- X509_reject_set_bit_asc;
- X509_NAME_add_entry_by_txt;
- X509_NAME_add_entry_by_NID;
- X509_PURPOSE_get0;
- PEM_read_X509_AUX;
- d2i_AUTHORITY_INFO_ACCESS;
- PEM_write_PUBKEY;
- ACCESS_DESCRIPTION_new;
- X509_CERT_AUX_free;
- d2i_ACCESS_DESCRIPTION;
- X509_trust_clear;
- X509_TRUST_add;
- ASN1_VISIBLESTRING_new;
- X509_alias_set1;
- ASN1_PRINTABLESTRING_free;
- EVP_PKEY_get1_DSA;
- ASN1_BMPSTRING_new;
- ASN1_mbstring_copy;
- ASN1_UTF8STRING_new;
- DSA_get_default_method;
- i2d_ASN1_SET_OF_ACCESS_DESCRIPTION;
- ASN1_T61STRING_free;
- DSA_set_method;
- X509_get_ex_data;
- ASN1_STRING_type;
- X509_PURPOSE_get_by_sname;
- ASN1_TIME_free;
- ASN1_OCTET_STRING_cmp;
- ASN1_BIT_STRING_new;
- X509_get_ext_d2i;
- PEM_read_bio_X509_AUX;
- ASN1_STRING_set_default_mask_asc;
- ASN1_STRING_set_def_mask_asc;
- PEM_write_bio_RSA_PUBKEY;
- ASN1_INTEGER_cmp;
- d2i_RSA_PUBKEY_fp;
- X509_trust_set_bit_asc;
- PEM_write_bio_DSA_PUBKEY;
- X509_STORE_CTX_free;
- EVP_PKEY_set1_DSA;
- i2d_DSA_PUBKEY_fp;
- X509_load_cert_crl_file;
- ASN1_TIME_new;
- i2d_RSA_PUBKEY;
- X509_STORE_CTX_purpose_inherit;
- PEM_read_RSA_PUBKEY;
- d2i_X509_AUX;
- i2d_DSA_PUBKEY;
- X509_CERT_AUX_print;
- PEM_read_DSA_PUBKEY;
- i2d_RSA_PUBKEY_bio;
- ASN1_BIT_STRING_num_asc;
- i2d_PUBKEY;
- ASN1_UTCTIME_free;
- DSA_set_default_method;
- X509_PURPOSE_get_by_id;
- ACCESS_DESCRIPTION_free;
- PEM_read_bio_PUBKEY;
- ASN1_STRING_set_by_NID;
- X509_PURPOSE_get_id;
- DISPLAYTEXT_free;
- OTHERNAME_new;
- X509_CERT_AUX_new;
- X509_TRUST_cleanup;
- X509_NAME_add_entry_by_OBJ;
- X509_CRL_get_ext_d2i;
- X509_PURPOSE_get0_name;
- PEM_read_PUBKEY;
- i2d_DSA_PUBKEY_bio;
- i2d_OTHERNAME;
- ASN1_OCTET_STRING_free;
- ASN1_BIT_STRING_set_asc;
- X509_get_ex_new_index;
- ASN1_STRING_TABLE_cleanup;
- X509_TRUST_get_by_id;
- X509_PURPOSE_get_trust;
- ASN1_STRING_length;
- d2i_ASN1_SET_OF_ACCESS_DESCRIPTION;
- ASN1_PRINTABLESTRING_new;
- X509V3_get_d2i;
- ASN1_ENUMERATED_free;
- i2d_X509_CERT_AUX;
- X509_STORE_CTX_set_trust;
- ASN1_STRING_set_default_mask;
- X509_STORE_CTX_new;
- EVP_PKEY_get1_RSA;
- DIRECTORYSTRING_free;
- PEM_write_X509_AUX;
- ASN1_OCTET_STRING_set;
- d2i_DSA_PUBKEY_fp;
- d2i_RSA_PUBKEY;
- X509_TRUST_get0_name;
- X509_TRUST_get0;
- AUTHORITY_INFO_ACCESS_free;
- ASN1_IA5STRING_new;
- d2i_DSA_PUBKEY;
- X509_check_purpose;
- ASN1_ENUMERATED_new;
- d2i_RSA_PUBKEY_bio;
- d2i_PUBKEY;
- X509_TRUST_get_trust;
- X509_TRUST_get_flags;
- ASN1_BMPSTRING_free;
- ASN1_T61STRING_new;
- ASN1_UTCTIME_new;
- i2d_AUTHORITY_INFO_ACCESS;
- EVP_PKEY_set1_RSA;
- X509_STORE_CTX_set_purpose;
- ASN1_IA5STRING_free;
- PEM_write_bio_X509_AUX;
- X509_PURPOSE_get_count;
- CRYPTO_add_info;
- X509_NAME_ENTRY_create_by_txt;
- ASN1_STRING_get_default_mask;
- X509_alias_get0;
- ASN1_STRING_data;
- i2d_ACCESS_DESCRIPTION;
- X509_trust_set_bit;
- ASN1_BIT_STRING_free;
- PEM_read_bio_RSA_PUBKEY;
- X509_add1_reject_object;
- X509_check_trust;
- PEM_read_bio_DSA_PUBKEY;
- X509_PURPOSE_add;
- ASN1_STRING_TABLE_get;
- ASN1_UTF8STRING_free;
- d2i_DSA_PUBKEY_bio;
- PEM_write_RSA_PUBKEY;
- d2i_OTHERNAME;
- X509_reject_set_bit;
- PEM_write_DSA_PUBKEY;
- X509_PURPOSE_get0_sname;
- EVP_PKEY_set1_DH;
- ASN1_OCTET_STRING_dup;
- ASN1_BIT_STRING_set;
- X509_TRUST_get_count;
- ASN1_INTEGER_free;
- OTHERNAME_free;
- i2d_RSA_PUBKEY_fp;
- ASN1_INTEGER_dup;
- d2i_X509_CERT_AUX;
- PEM_write_bio_PUBKEY;
- ASN1_VISIBLESTRING_free;
- X509_PURPOSE_cleanup;
- ASN1_mbstring_ncopy;
- ASN1_GENERALIZEDTIME_new;
- EVP_PKEY_get1_DH;
- ASN1_OCTET_STRING_new;
- ASN1_INTEGER_new;
- i2d_X509_AUX;
- ASN1_BIT_STRING_name_print;
- X509_cmp;
- ASN1_STRING_length_set;
- DIRECTORYSTRING_new;
- X509_add1_trust_object;
- PKCS12_newpass;
- SMIME_write_PKCS7;
- SMIME_read_PKCS7;
- DES_set_key_checked;
- PKCS7_verify;
- PKCS7_encrypt;
- DES_set_key_unchecked;
- SMIME_crlf_copy;
- i2d_ASN1_PRINTABLESTRING;
- PKCS7_get0_signers;
- PKCS7_decrypt;
- SMIME_text;
- PKCS7_simple_smimecap;
- PKCS7_get_smimecap;
- PKCS7_sign;
- PKCS7_add_attrib_smimecap;
- CRYPTO_dbg_set_options;
- CRYPTO_remove_all_info;
- CRYPTO_get_mem_debug_functions;
- CRYPTO_is_mem_check_on;
- CRYPTO_set_mem_debug_functions;
- CRYPTO_pop_info;
- CRYPTO_push_info_;
- CRYPTO_set_mem_debug_options;
- PEM_write_PKCS8PrivateKey_nid;
- PEM_write_bio_PKCS8PrivateKey_nid;
- PEM_write_bio_PKCS8PrivKey_nid;
- d2i_PKCS8PrivateKey_bio;
- ASN1_NULL_free;
- d2i_ASN1_NULL;
- ASN1_NULL_new;
- i2d_PKCS8PrivateKey_bio;
- i2d_PKCS8PrivateKey_fp;
- i2d_ASN1_NULL;
- i2d_PKCS8PrivateKey_nid_fp;
- d2i_PKCS8PrivateKey_fp;
- i2d_PKCS8PrivateKey_nid_bio;
- i2d_PKCS8PrivateKeyInfo_fp;
- i2d_PKCS8PrivateKeyInfo_bio;
- PEM_cb;
- i2d_PrivateKey_fp;
- d2i_PrivateKey_bio;
- d2i_PrivateKey_fp;
- i2d_PrivateKey_bio;
- X509_reject_clear;
- X509_TRUST_set_default;
- d2i_AutoPrivateKey;
- X509_ATTRIBUTE_get0_type;
- X509_ATTRIBUTE_set1_data;
- X509at_get_attr;
- X509at_get_attr_count;
- X509_ATTRIBUTE_create_by_NID;
- X509_ATTRIBUTE_set1_object;
- X509_ATTRIBUTE_count;
- X509_ATTRIBUTE_create_by_OBJ;
- X509_ATTRIBUTE_get0_object;
- X509at_get_attr_by_NID;
- X509at_add1_attr;
- X509_ATTRIBUTE_get0_data;
- X509at_delete_attr;
- X509at_get_attr_by_OBJ;
- RAND_add;
- BIO_number_written;
- BIO_number_read;
- X509_STORE_CTX_get1_chain;
- ERR_load_RAND_strings;
- RAND_pseudo_bytes;
- X509_REQ_get_attr_by_NID;
- X509_REQ_get_attr;
- X509_REQ_add1_attr_by_NID;
- X509_REQ_get_attr_by_OBJ;
- X509at_add1_attr_by_NID;
- X509_REQ_add1_attr_by_OBJ;
- X509_REQ_get_attr_count;
- X509_REQ_add1_attr;
- X509_REQ_delete_attr;
- X509at_add1_attr_by_OBJ;
- X509_REQ_add1_attr_by_txt;
- X509_ATTRIBUTE_create_by_txt;
- X509at_add1_attr_by_txt;
- BN_pseudo_rand;
- BN_is_prime_fasttest;
- BN_CTX_end;
- BN_CTX_start;
- BN_CTX_get;
- EVP_PKEY2PKCS8_broken;
- ASN1_STRING_TABLE_add;
- CRYPTO_dbg_get_options;
- AUTHORITY_INFO_ACCESS_new;
- CRYPTO_get_mem_debug_options;
- DES_crypt;
- PEM_write_bio_X509_REQ_NEW;
- PEM_write_X509_REQ_NEW;
- BIO_callback_ctrl;
- RAND_egd;
- RAND_status;
- bn_dump1;
- DES_check_key_parity;
- lh_num_items;
- RAND_event;
- DSO_new;
- DSO_new_method;
- DSO_free;
- DSO_flags;
- DSO_up;
- DSO_set_default_method;
- DSO_get_default_method;
- DSO_get_method;
- DSO_set_method;
- DSO_load;
- DSO_bind_var;
- DSO_METHOD_null;
- DSO_METHOD_openssl;
- DSO_METHOD_dlfcn;
- DSO_METHOD_win32;
- ERR_load_DSO_strings;
- DSO_METHOD_dl;
- NCONF_load;
- NCONF_load_fp;
- NCONF_new;
- NCONF_get_string;
- NCONF_free;
- NCONF_get_number;
- CONF_dump_fp;
- NCONF_load_bio;
- NCONF_dump_fp;
- NCONF_get_section;
- NCONF_dump_bio;
- CONF_dump_bio;
- NCONF_free_data;
- CONF_set_default_method;
- ERR_error_string_n;
- BIO_snprintf;
- DSO_ctrl;
- i2d_ASN1_SET_OF_ASN1_INTEGER;
- i2d_ASN1_SET_OF_PKCS12_SAFEBAG;
- i2d_ASN1_SET_OF_PKCS7;
- BIO_vfree;
- d2i_ASN1_SET_OF_ASN1_INTEGER;
- d2i_ASN1_SET_OF_PKCS12_SAFEBAG;
- ASN1_UTCTIME_get;
- X509_REQ_digest;
- X509_CRL_digest;
- d2i_ASN1_SET_OF_PKCS7;
- EVP_CIPHER_CTX_set_key_length;
- EVP_CIPHER_CTX_ctrl;
- BN_mod_exp_mont_word;
- RAND_egd_bytes;
- X509_REQ_get1_email;
- X509_get1_email;
- X509_email_free;
- i2d_RSA_NET;
- d2i_RSA_NET_2;
- d2i_RSA_NET;
- DSO_bind_func;
- CRYPTO_get_new_dynlockid;
- sk_new_null;
- CRYPTO_set_dynlock_destroy_callback;
- CRYPTO_set_dynlock_destroy_cb;
- CRYPTO_destroy_dynlockid;
- CRYPTO_set_dynlock_size;
- CRYPTO_set_dynlock_create_callback;
- CRYPTO_set_dynlock_create_cb;
- CRYPTO_set_dynlock_lock_callback;
- CRYPTO_set_dynlock_lock_cb;
- CRYPTO_get_dynlock_lock_callback;
- CRYPTO_get_dynlock_lock_cb;
- CRYPTO_get_dynlock_destroy_callback;
- CRYPTO_get_dynlock_destroy_cb;
- CRYPTO_get_dynlock_value;
- CRYPTO_get_dynlock_create_callback;
- CRYPTO_get_dynlock_create_cb;
- c2i_ASN1_BIT_STRING;
- i2c_ASN1_BIT_STRING;
- RAND_poll;
- c2i_ASN1_INTEGER;
- i2c_ASN1_INTEGER;
- BIO_dump_indent;
- ASN1_parse_dump;
- c2i_ASN1_OBJECT;
- X509_NAME_print_ex_fp;
- ASN1_STRING_print_ex_fp;
- X509_NAME_print_ex;
- ASN1_STRING_print_ex;
- MD4;
- MD4_Transform;
- MD4_Final;
- MD4_Update;
- MD4_Init;
- EVP_md4;
- i2d_PUBKEY_bio;
- i2d_PUBKEY_fp;
- d2i_PUBKEY_bio;
- ASN1_STRING_to_UTF8;
- BIO_vprintf;
- BIO_vsnprintf;
- d2i_PUBKEY_fp;
- X509_cmp_time;
- X509_STORE_CTX_set_time;
- X509_STORE_CTX_get1_issuer;
- X509_OBJECT_retrieve_match;
- X509_OBJECT_idx_by_subject;
- X509_STORE_CTX_set_flags;
- X509_STORE_CTX_trusted_stack;
- X509_time_adj;
- X509_check_issued;
- ASN1_UTCTIME_cmp_time_t;
- DES_set_weak_key_flag;
- DES_check_key;
- DES_rw_mode;
- RSA_PKCS1_RSAref;
- X509_keyid_set1;
- BIO_next;
- DSO_METHOD_vms;
- BIO_f_linebuffer;
- BN_bntest_rand;
- OPENSSL_issetugid;
- BN_rand_range;
- ERR_load_ENGINE_strings;
- ENGINE_set_DSA;
- ENGINE_get_finish_function;
- ENGINE_get_default_RSA;
- ENGINE_get_BN_mod_exp;
- DSA_get_default_openssl_method;
- ENGINE_set_DH;
- ENGINE_set_def_BN_mod_exp_crt;
- ENGINE_set_default_BN_mod_exp_crt;
- ENGINE_init;
- DH_get_default_openssl_method;
- RSA_set_default_openssl_method;
- ENGINE_finish;
- ENGINE_load_public_key;
- ENGINE_get_DH;
- ENGINE_ctrl;
- ENGINE_get_init_function;
- ENGINE_set_init_function;
- ENGINE_set_default_DSA;
- ENGINE_get_name;
- ENGINE_get_last;
- ENGINE_get_prev;
- ENGINE_get_default_DH;
- ENGINE_get_RSA;
- ENGINE_set_default;
- ENGINE_get_RAND;
- ENGINE_get_first;
- ENGINE_by_id;
- ENGINE_set_finish_function;
- ENGINE_get_def_BN_mod_exp_crt;
- ENGINE_get_default_BN_mod_exp_crt;
- RSA_get_default_openssl_method;
- ENGINE_set_RSA;
- ENGINE_load_private_key;
- ENGINE_set_default_RAND;
- ENGINE_set_BN_mod_exp;
- ENGINE_remove;
- ENGINE_free;
- ENGINE_get_BN_mod_exp_crt;
- ENGINE_get_next;
- ENGINE_set_name;
- ENGINE_get_default_DSA;
- ENGINE_set_default_BN_mod_exp;
- ENGINE_set_default_RSA;
- ENGINE_get_default_RAND;
- ENGINE_get_default_BN_mod_exp;
- ENGINE_set_RAND;
- ENGINE_set_id;
- ENGINE_set_BN_mod_exp_crt;
- ENGINE_set_default_DH;
- ENGINE_new;
- ENGINE_get_id;
- DSA_set_default_openssl_method;
- ENGINE_add;
- DH_set_default_openssl_method;
- ENGINE_get_DSA;
- ENGINE_get_ctrl_function;
- ENGINE_set_ctrl_function;
- BN_pseudo_rand_range;
- X509_STORE_CTX_set_verify_cb;
- ERR_load_COMP_strings;
- PKCS12_item_decrypt_d2i;
- ASN1_UTF8STRING_it;
- ENGINE_unregister_ciphers;
- ENGINE_get_ciphers;
- d2i_OCSP_BASICRESP;
- KRB5_CHECKSUM_it;
- EC_POINT_add;
- ASN1_item_ex_i2d;
- OCSP_CERTID_it;
- d2i_OCSP_RESPBYTES;
- X509V3_add1_i2d;
- PKCS7_ENVELOPE_it;
- UI_add_input_boolean;
- ENGINE_unregister_RSA;
- X509V3_EXT_nconf;
- ASN1_GENERALSTRING_free;
- d2i_OCSP_CERTSTATUS;
- X509_REVOKED_set_serialNumber;
- X509_print_ex;
- OCSP_ONEREQ_get1_ext_d2i;
- ENGINE_register_all_RAND;
- ENGINE_load_dynamic;
- PBKDF2PARAM_it;
- EXTENDED_KEY_USAGE_new;
- EC_GROUP_clear_free;
- OCSP_sendreq_bio;
- ASN1_item_digest;
- OCSP_BASICRESP_delete_ext;
- OCSP_SIGNATURE_it;
- X509_CRL_it;
- OCSP_BASICRESP_add_ext;
- KRB5_ENCKEY_it;
- UI_method_set_closer;
- X509_STORE_set_purpose;
- i2d_ASN1_GENERALSTRING;
- OCSP_response_status;
- i2d_OCSP_SERVICELOC;
- ENGINE_get_digest_engine;
- EC_GROUP_set_curve_GFp;
- OCSP_REQUEST_get_ext_by_OBJ;
- _ossl_old_des_random_key;
- ASN1_T61STRING_it;
- EC_GROUP_method_of;
- i2d_KRB5_APREQ;
- _ossl_old_des_encrypt;
- ASN1_PRINTABLE_new;
- HMAC_Init_ex;
- d2i_KRB5_AUTHENT;
- OCSP_archive_cutoff_new;
- EC_POINT_set_Jprojective_coordinates_GFp;
- EC_POINT_set_Jproj_coords_GFp;
- _ossl_old_des_is_weak_key;
- OCSP_BASICRESP_get_ext_by_OBJ;
- EC_POINT_oct2point;
- OCSP_SINGLERESP_get_ext_count;
- UI_ctrl;
- _shadow_DES_rw_mode;
- asn1_do_adb;
- ASN1_template_i2d;
- ENGINE_register_DH;
- UI_construct_prompt;
- X509_STORE_set_trust;
- UI_dup_input_string;
- d2i_KRB5_APREQ;
- EVP_MD_CTX_copy_ex;
- OCSP_request_is_signed;
- i2d_OCSP_REQINFO;
- KRB5_ENCKEY_free;
- OCSP_resp_get0;
- GENERAL_NAME_it;
- ASN1_GENERALIZEDTIME_it;
- X509_STORE_set_flags;
- EC_POINT_set_compressed_coordinates_GFp;
- EC_POINT_set_compr_coords_GFp;
- OCSP_response_status_str;
- d2i_OCSP_REVOKEDINFO;
- OCSP_basic_add1_cert;
- ERR_get_implementation;
- EVP_CipherFinal_ex;
- OCSP_CERTSTATUS_new;
- CRYPTO_cleanup_all_ex_data;
- OCSP_resp_find;
- BN_nnmod;
- X509_CRL_sort;
- X509_REVOKED_set_revocationDate;
- ENGINE_register_RAND;
- OCSP_SERVICELOC_new;
- EC_POINT_set_affine_coordinates_GFp;
- EC_POINT_set_affine_coords_GFp;
- _ossl_old_des_options;
- SXNET_it;
- UI_dup_input_boolean;
- PKCS12_add_CSPName_asc;
- EC_POINT_is_at_infinity;
- ENGINE_load_cryptodev;
- DSO_convert_filename;
- POLICYQUALINFO_it;
- ENGINE_register_ciphers;
- BN_mod_lshift_quick;
- DSO_set_filename;
- ASN1_item_free;
- KRB5_TKTBODY_free;
- AUTHORITY_KEYID_it;
- KRB5_APREQBODY_new;
- X509V3_EXT_REQ_add_nconf;
- ENGINE_ctrl_cmd_string;
- i2d_OCSP_RESPDATA;
- EVP_MD_CTX_init;
- EXTENDED_KEY_USAGE_free;
- PKCS7_ATTR_SIGN_it;
- UI_add_error_string;
- KRB5_CHECKSUM_free;
- OCSP_REQUEST_get_ext;
- ENGINE_load_ubsec;
- ENGINE_register_all_digests;
- PKEY_USAGE_PERIOD_it;
- PKCS12_unpack_authsafes;
- ASN1_item_unpack;
- NETSCAPE_SPKAC_it;
- X509_REVOKED_it;
- ASN1_STRING_encode;
- EVP_aes_128_ecb;
- KRB5_AUTHENT_free;
- OCSP_BASICRESP_get_ext_by_critical;
- OCSP_BASICRESP_get_ext_by_crit;
- OCSP_cert_status_str;
- d2i_OCSP_REQUEST;
- UI_dup_info_string;
- _ossl_old_des_xwhite_in2out;
- PKCS12_it;
- OCSP_SINGLERESP_get_ext_by_critical;
- OCSP_SINGLERESP_get_ext_by_crit;
- OCSP_CERTSTATUS_free;
- _ossl_old_des_crypt;
- ASN1_item_i2d;
- EVP_DecryptFinal_ex;
- ENGINE_load_openssl;
- ENGINE_get_cmd_defns;
- ENGINE_set_load_privkey_function;
- ENGINE_set_load_privkey_fn;
- EVP_EncryptFinal_ex;
- ENGINE_set_default_digests;
- X509_get0_pubkey_bitstr;
- asn1_ex_i2c;
- ENGINE_register_RSA;
- ENGINE_unregister_DSA;
- _ossl_old_des_key_sched;
- X509_EXTENSION_it;
- i2d_KRB5_AUTHENT;
- SXNETID_it;
- d2i_OCSP_SINGLERESP;
- EDIPARTYNAME_new;
- PKCS12_certbag2x509;
- _ossl_old_des_ofb64_encrypt;
- d2i_EXTENDED_KEY_USAGE;
- ERR_print_errors_cb;
- ENGINE_set_ciphers;
- d2i_KRB5_APREQBODY;
- UI_method_get_flusher;
- X509_PUBKEY_it;
- _ossl_old_des_enc_read;
- PKCS7_ENCRYPT_it;
- i2d_OCSP_RESPONSE;
- EC_GROUP_get_cofactor;
- PKCS12_unpack_p7data;
- d2i_KRB5_AUTHDATA;
- OCSP_copy_nonce;
- KRB5_AUTHDATA_new;
- OCSP_RESPDATA_new;
- EC_GFp_mont_method;
- OCSP_REVOKEDINFO_free;
- UI_get_ex_data;
- KRB5_APREQBODY_free;
- EC_GROUP_get0_generator;
- UI_get_default_method;
- X509V3_set_nconf;
- PKCS12_item_i2d_encrypt;
- X509_add1_ext_i2d;
- PKCS7_SIGNER_INFO_it;
- KRB5_PRINCNAME_new;
- PKCS12_SAFEBAG_it;
- EC_GROUP_get_order;
- d2i_OCSP_RESPID;
- OCSP_request_verify;
- NCONF_get_number_e;
- _ossl_old_des_decrypt3;
- X509_signature_print;
- OCSP_SINGLERESP_free;
- ENGINE_load_builtin_engines;
- i2d_OCSP_ONEREQ;
- OCSP_REQUEST_add_ext;
- OCSP_RESPBYTES_new;
- EVP_MD_CTX_create;
- OCSP_resp_find_status;
- X509_ALGOR_it;
- ASN1_TIME_it;
- OCSP_request_set1_name;
- OCSP_ONEREQ_get_ext_count;
- UI_get0_result;
- PKCS12_AUTHSAFES_it;
- EVP_aes_256_ecb;
- PKCS12_pack_authsafes;
- ASN1_IA5STRING_it;
- UI_get_input_flags;
- EC_GROUP_set_generator;
- _ossl_old_des_string_to_2keys;
- OCSP_CERTID_free;
- X509_CERT_AUX_it;
- CERTIFICATEPOLICIES_it;
- _ossl_old_des_ede3_cbc_encrypt;
- RAND_set_rand_engine;
- DSO_get_loaded_filename;
- X509_ATTRIBUTE_it;
- OCSP_ONEREQ_get_ext_by_NID;
- PKCS12_decrypt_skey;
- KRB5_AUTHENT_it;
- UI_dup_error_string;
- RSAPublicKey_it;
- i2d_OCSP_REQUEST;
- PKCS12_x509crl2certbag;
- OCSP_SERVICELOC_it;
- ASN1_item_sign;
- X509_CRL_set_issuer_name;
- OBJ_NAME_do_all_sorted;
- i2d_OCSP_BASICRESP;
- i2d_OCSP_RESPBYTES;
- PKCS12_unpack_p7encdata;
- HMAC_CTX_init;
- ENGINE_get_digest;
- OCSP_RESPONSE_print;
- KRB5_TKTBODY_it;
- ACCESS_DESCRIPTION_it;
- PKCS7_ISSUER_AND_SERIAL_it;
- PBE2PARAM_it;
- PKCS12_certbag2x509crl;
- PKCS7_SIGNED_it;
- ENGINE_get_cipher;
- i2d_OCSP_CRLID;
- OCSP_SINGLERESP_new;
- ENGINE_cmd_is_executable;
- RSA_up_ref;
- ASN1_GENERALSTRING_it;
- ENGINE_register_DSA;
- X509V3_EXT_add_nconf_sk;
- ENGINE_set_load_pubkey_function;
- PKCS8_decrypt;
- PEM_bytes_read_bio;
- DIRECTORYSTRING_it;
- d2i_OCSP_CRLID;
- EC_POINT_is_on_curve;
- CRYPTO_set_locked_mem_ex_functions;
- CRYPTO_set_locked_mem_ex_funcs;
- d2i_KRB5_CHECKSUM;
- ASN1_item_dup;
- X509_it;
- BN_mod_add;
- KRB5_AUTHDATA_free;
- _ossl_old_des_cbc_cksum;
- ASN1_item_verify;
- CRYPTO_set_mem_ex_functions;
- EC_POINT_get_Jprojective_coordinates_GFp;
- EC_POINT_get_Jproj_coords_GFp;
- ZLONG_it;
- CRYPTO_get_locked_mem_ex_functions;
- CRYPTO_get_locked_mem_ex_funcs;
- ASN1_TIME_check;
- UI_get0_user_data;
- HMAC_CTX_cleanup;
- DSA_up_ref;
- _ossl_old_des_ede3_cfb64_encrypt;
- _ossl_odes_ede3_cfb64_encrypt;
- ASN1_BMPSTRING_it;
- ASN1_tag2bit;
- UI_method_set_flusher;
- X509_ocspid_print;
- KRB5_ENCDATA_it;
- ENGINE_get_load_pubkey_function;
- UI_add_user_data;
- OCSP_REQUEST_delete_ext;
- UI_get_method;
- OCSP_ONEREQ_free;
- ASN1_PRINTABLESTRING_it;
- X509_CRL_set_nextUpdate;
- OCSP_REQUEST_it;
- OCSP_BASICRESP_it;
- AES_ecb_encrypt;
- BN_mod_sqr;
- NETSCAPE_CERT_SEQUENCE_it;
- GENERAL_NAMES_it;
- AUTHORITY_INFO_ACCESS_it;
- ASN1_FBOOLEAN_it;
- UI_set_ex_data;
- _ossl_old_des_string_to_key;
- ENGINE_register_all_RSA;
- d2i_KRB5_PRINCNAME;
- OCSP_RESPBYTES_it;
- X509_CINF_it;
- ENGINE_unregister_digests;
- d2i_EDIPARTYNAME;
- d2i_OCSP_SERVICELOC;
- ENGINE_get_digests;
- _ossl_old_des_set_odd_parity;
- OCSP_RESPDATA_free;
- d2i_KRB5_TICKET;
- OTHERNAME_it;
- EVP_MD_CTX_cleanup;
- d2i_ASN1_GENERALSTRING;
- X509_CRL_set_version;
- BN_mod_sub;
- OCSP_SINGLERESP_get_ext_by_NID;
- ENGINE_get_ex_new_index;
- OCSP_REQUEST_free;
- OCSP_REQUEST_add1_ext_i2d;
- X509_VAL_it;
- EC_POINTs_make_affine;
- EC_POINT_mul;
- X509V3_EXT_add_nconf;
- X509_TRUST_set;
- X509_CRL_add1_ext_i2d;
- _ossl_old_des_fcrypt;
- DISPLAYTEXT_it;
- X509_CRL_set_lastUpdate;
- OCSP_BASICRESP_free;
- OCSP_BASICRESP_add1_ext_i2d;
- d2i_KRB5_AUTHENTBODY;
- CRYPTO_set_ex_data_implementation;
- CRYPTO_set_ex_data_impl;
- KRB5_ENCDATA_new;
- DSO_up_ref;
- OCSP_crl_reason_str;
- UI_get0_result_string;
- ASN1_GENERALSTRING_new;
- X509_SIG_it;
- ERR_set_implementation;
- ERR_load_EC_strings;
- UI_get0_action_string;
- OCSP_ONEREQ_get_ext;
- EC_POINT_method_of;
- i2d_KRB5_APREQBODY;
- _ossl_old_des_ecb3_encrypt;
- CRYPTO_get_mem_ex_functions;
- ENGINE_get_ex_data;
- UI_destroy_method;
- ASN1_item_i2d_bio;
- OCSP_ONEREQ_get_ext_by_OBJ;
- ASN1_primitive_new;
- ASN1_PRINTABLE_it;
- EVP_aes_192_ecb;
- OCSP_SIGNATURE_new;
- LONG_it;
- ASN1_VISIBLESTRING_it;
- OCSP_SINGLERESP_add1_ext_i2d;
- d2i_OCSP_CERTID;
- ASN1_item_d2i_fp;
- CRL_DIST_POINTS_it;
- GENERAL_NAME_print;
- OCSP_SINGLERESP_delete_ext;
- PKCS12_SAFEBAGS_it;
- d2i_OCSP_SIGNATURE;
- OCSP_request_add1_nonce;
- ENGINE_set_cmd_defns;
- OCSP_SERVICELOC_free;
- EC_GROUP_free;
- ASN1_BIT_STRING_it;
- X509_REQ_it;
- _ossl_old_des_cbc_encrypt;
- ERR_unload_strings;
- PKCS7_SIGN_ENVELOPE_it;
- EDIPARTYNAME_free;
- OCSP_REQINFO_free;
- EC_GROUP_new_curve_GFp;
- OCSP_REQUEST_get1_ext_d2i;
- PKCS12_item_pack_safebag;
- asn1_ex_c2i;
- ENGINE_register_digests;
- i2d_OCSP_REVOKEDINFO;
- asn1_enc_restore;
- UI_free;
- UI_new_method;
- EVP_EncryptInit_ex;
- X509_pubkey_digest;
- EC_POINT_invert;
- OCSP_basic_sign;
- i2d_OCSP_RESPID;
- OCSP_check_nonce;
- ENGINE_ctrl_cmd;
- d2i_KRB5_ENCKEY;
- OCSP_parse_url;
- OCSP_SINGLERESP_get_ext;
- OCSP_CRLID_free;
- OCSP_BASICRESP_get1_ext_d2i;
- RSAPrivateKey_it;
- ENGINE_register_all_DH;
- i2d_EDIPARTYNAME;
- EC_POINT_get_affine_coordinates_GFp;
- EC_POINT_get_affine_coords_GFp;
- OCSP_CRLID_new;
- ENGINE_get_flags;
- OCSP_ONEREQ_it;
- UI_process;
- ASN1_INTEGER_it;
- EVP_CipherInit_ex;
- UI_get_string_type;
- ENGINE_unregister_DH;
- ENGINE_register_all_DSA;
- OCSP_ONEREQ_get_ext_by_critical;
- bn_dup_expand;
- OCSP_cert_id_new;
- BASIC_CONSTRAINTS_it;
- BN_mod_add_quick;
- EC_POINT_new;
- EVP_MD_CTX_destroy;
- OCSP_RESPBYTES_free;
- EVP_aes_128_cbc;
- OCSP_SINGLERESP_get1_ext_d2i;
- EC_POINT_free;
- DH_up_ref;
- X509_NAME_ENTRY_it;
- UI_get_ex_new_index;
- BN_mod_sub_quick;
- OCSP_ONEREQ_add_ext;
- OCSP_request_sign;
- EVP_DigestFinal_ex;
- ENGINE_set_digests;
- OCSP_id_issuer_cmp;
- OBJ_NAME_do_all;
- EC_POINTs_mul;
- ENGINE_register_complete;
- X509V3_EXT_nconf_nid;
- ASN1_SEQUENCE_it;
- UI_set_default_method;
- RAND_query_egd_bytes;
- UI_method_get_writer;
- UI_OpenSSL;
- PEM_def_callback;
- ENGINE_cleanup;
- DIST_POINT_it;
- OCSP_SINGLERESP_it;
- d2i_KRB5_TKTBODY;
- EC_POINT_cmp;
- OCSP_REVOKEDINFO_new;
- i2d_OCSP_CERTSTATUS;
- OCSP_basic_add1_nonce;
- ASN1_item_ex_d2i;
- BN_mod_lshift1_quick;
- UI_set_method;
- OCSP_id_get0_info;
- BN_mod_sqrt;
- EC_GROUP_copy;
- KRB5_ENCDATA_free;
- _ossl_old_des_cfb_encrypt;
- OCSP_SINGLERESP_get_ext_by_OBJ;
- OCSP_cert_to_id;
- OCSP_RESPID_new;
- OCSP_RESPDATA_it;
- d2i_OCSP_RESPDATA;
- ENGINE_register_all_complete;
- OCSP_check_validity;
- PKCS12_BAGS_it;
- OCSP_url_svcloc_new;
- ASN1_template_free;
- OCSP_SINGLERESP_add_ext;
- KRB5_AUTHENTBODY_it;
- X509_supported_extension;
- i2d_KRB5_AUTHDATA;
- UI_method_get_opener;
- ENGINE_set_ex_data;
- OCSP_REQUEST_print;
- CBIGNUM_it;
- KRB5_TICKET_new;
- KRB5_APREQ_new;
- EC_GROUP_get_curve_GFp;
- KRB5_ENCKEY_new;
- ASN1_template_d2i;
- _ossl_old_des_quad_cksum;
- OCSP_single_get0_status;
- BN_swap;
- POLICYINFO_it;
- ENGINE_set_destroy_function;
- asn1_enc_free;
- OCSP_RESPID_it;
- EC_GROUP_new;
- EVP_aes_256_cbc;
- i2d_KRB5_PRINCNAME;
- _ossl_old_des_encrypt2;
- _ossl_old_des_encrypt3;
- PKCS8_PRIV_KEY_INFO_it;
- OCSP_REQINFO_it;
- PBEPARAM_it;
- KRB5_AUTHENTBODY_new;
- X509_CRL_add0_revoked;
- EDIPARTYNAME_it;
- NETSCAPE_SPKI_it;
- UI_get0_test_string;
- ENGINE_get_cipher_engine;
- ENGINE_register_all_ciphers;
- EC_POINT_copy;
- BN_kronecker;
- _ossl_old_des_ede3_ofb64_encrypt;
- _ossl_odes_ede3_ofb64_encrypt;
- UI_method_get_reader;
- OCSP_BASICRESP_get_ext_count;
- ASN1_ENUMERATED_it;
- UI_set_result;
- i2d_KRB5_TICKET;
- X509_print_ex_fp;
- EVP_CIPHER_CTX_set_padding;
- d2i_OCSP_RESPONSE;
- ASN1_UTCTIME_it;
- _ossl_old_des_enc_write;
- OCSP_RESPONSE_new;
- AES_set_encrypt_key;
- OCSP_resp_count;
- KRB5_CHECKSUM_new;
- ENGINE_load_cswift;
- OCSP_onereq_get0_id;
- ENGINE_set_default_ciphers;
- NOTICEREF_it;
- X509V3_EXT_CRL_add_nconf;
- OCSP_REVOKEDINFO_it;
- AES_encrypt;
- OCSP_REQUEST_new;
- ASN1_ANY_it;
- CRYPTO_ex_data_new_class;
- _ossl_old_des_ncbc_encrypt;
- i2d_KRB5_TKTBODY;
- EC_POINT_clear_free;
- AES_decrypt;
- asn1_enc_init;
- UI_get_result_maxsize;
- OCSP_CERTID_new;
- ENGINE_unregister_RAND;
- UI_method_get_closer;
- d2i_KRB5_ENCDATA;
- OCSP_request_onereq_count;
- OCSP_basic_verify;
- KRB5_AUTHENTBODY_free;
- ASN1_item_d2i;
- ASN1_primitive_free;
- i2d_EXTENDED_KEY_USAGE;
- i2d_OCSP_SIGNATURE;
- asn1_enc_save;
- ENGINE_load_nuron;
- _ossl_old_des_pcbc_encrypt;
- PKCS12_MAC_DATA_it;
- OCSP_accept_responses_new;
- asn1_do_lock;
- PKCS7_ATTR_VERIFY_it;
- KRB5_APREQBODY_it;
- i2d_OCSP_SINGLERESP;
- ASN1_item_ex_new;
- UI_add_verify_string;
- _ossl_old_des_set_key;
- KRB5_PRINCNAME_it;
- EVP_DecryptInit_ex;
- i2d_OCSP_CERTID;
- ASN1_item_d2i_bio;
- EC_POINT_dbl;
- asn1_get_choice_selector;
- i2d_KRB5_CHECKSUM;
- ENGINE_set_table_flags;
- AES_options;
- ENGINE_load_chil;
- OCSP_id_cmp;
- OCSP_BASICRESP_new;
- OCSP_REQUEST_get_ext_by_NID;
- KRB5_APREQ_it;
- ENGINE_get_destroy_function;
- CONF_set_nconf;
- ASN1_PRINTABLE_free;
- OCSP_BASICRESP_get_ext_by_NID;
- DIST_POINT_NAME_it;
- X509V3_extensions_print;
- _ossl_old_des_cfb64_encrypt;
- X509_REVOKED_add1_ext_i2d;
- _ossl_old_des_ofb_encrypt;
- KRB5_TKTBODY_new;
- ASN1_OCTET_STRING_it;
- ERR_load_UI_strings;
- i2d_KRB5_ENCKEY;
- ASN1_template_new;
- OCSP_SIGNATURE_free;
- ASN1_item_i2d_fp;
- KRB5_PRINCNAME_free;
- PKCS7_RECIP_INFO_it;
- EXTENDED_KEY_USAGE_it;
- EC_GFp_simple_method;
- EC_GROUP_precompute_mult;
- OCSP_request_onereq_get0;
- UI_method_set_writer;
- KRB5_AUTHENT_new;
- X509_CRL_INFO_it;
- DSO_set_name_converter;
- AES_set_decrypt_key;
- PKCS7_DIGEST_it;
- PKCS12_x5092certbag;
- EVP_DigestInit_ex;
- i2a_ACCESS_DESCRIPTION;
- OCSP_RESPONSE_it;
- PKCS7_ENC_CONTENT_it;
- OCSP_request_add0_id;
- EC_POINT_make_affine;
- DSO_get_filename;
- OCSP_CERTSTATUS_it;
- OCSP_request_add1_cert;
- UI_get0_output_string;
- UI_dup_verify_string;
- BN_mod_lshift;
- KRB5_AUTHDATA_it;
- asn1_set_choice_selector;
- OCSP_basic_add1_status;
- OCSP_RESPID_free;
- asn1_get_field_ptr;
- UI_add_input_string;
- OCSP_CRLID_it;
- i2d_KRB5_AUTHENTBODY;
- OCSP_REQUEST_get_ext_count;
- ENGINE_load_atalla;
- X509_NAME_it;
- USERNOTICE_it;
- OCSP_REQINFO_new;
- OCSP_BASICRESP_get_ext;
- CRYPTO_get_ex_data_implementation;
- CRYPTO_get_ex_data_impl;
- ASN1_item_pack;
- i2d_KRB5_ENCDATA;
- X509_PURPOSE_set;
- X509_REQ_INFO_it;
- UI_method_set_opener;
- ASN1_item_ex_free;
- ASN1_BOOLEAN_it;
- ENGINE_get_table_flags;
- UI_create_method;
- OCSP_ONEREQ_add1_ext_i2d;
- _shadow_DES_check_key;
- d2i_OCSP_REQINFO;
- UI_add_info_string;
- UI_get_result_minsize;
- ASN1_NULL_it;
- BN_mod_lshift1;
- d2i_OCSP_ONEREQ;
- OCSP_ONEREQ_new;
- KRB5_TICKET_it;
- EVP_aes_192_cbc;
- KRB5_TICKET_free;
- UI_new;
- OCSP_response_create;
- _ossl_old_des_xcbc_encrypt;
- PKCS7_it;
- OCSP_REQUEST_get_ext_by_critical;
- OCSP_REQUEST_get_ext_by_crit;
- ENGINE_set_flags;
- _ossl_old_des_ecb_encrypt;
- OCSP_response_get1_basic;
- EVP_Digest;
- OCSP_ONEREQ_delete_ext;
- ASN1_TBOOLEAN_it;
- ASN1_item_new;
- ASN1_TIME_to_generalizedtime;
- BIGNUM_it;
- AES_cbc_encrypt;
- ENGINE_get_load_privkey_function;
- ENGINE_get_load_privkey_fn;
- OCSP_RESPONSE_free;
- UI_method_set_reader;
- i2d_ASN1_T61STRING;
- EC_POINT_set_to_infinity;
- ERR_load_OCSP_strings;
- EC_POINT_point2oct;
- KRB5_APREQ_free;
- ASN1_OBJECT_it;
- OCSP_crlID_new;
- OCSP_crlID2_new;
- CONF_modules_load_file;
- CONF_imodule_set_usr_data;
- ENGINE_set_default_string;
- CONF_module_get_usr_data;
- ASN1_add_oid_module;
- CONF_modules_finish;
- OPENSSL_config;
- CONF_modules_unload;
- CONF_imodule_get_value;
- CONF_module_set_usr_data;
- CONF_parse_list;
- CONF_module_add;
- CONF_get1_default_config_file;
- CONF_imodule_get_flags;
- CONF_imodule_get_module;
- CONF_modules_load;
- CONF_imodule_get_name;
- ERR_peek_top_error;
- CONF_imodule_get_usr_data;
- CONF_imodule_set_flags;
- ENGINE_add_conf_module;
- ERR_peek_last_error_line;
- ERR_peek_last_error_line_data;
- ERR_peek_last_error;
- DES_read_2passwords;
- DES_read_password;
- UI_UTIL_read_pw;
- UI_UTIL_read_pw_string;
- ENGINE_load_aep;
- ENGINE_load_sureware;
- OPENSSL_add_all_algorithms_noconf;
- OPENSSL_add_all_algo_noconf;
- OPENSSL_add_all_algorithms_conf;
- OPENSSL_add_all_algo_conf;
- OPENSSL_load_builtin_modules;
- AES_ofb128_encrypt;
- AES_ctr128_encrypt;
- AES_cfb128_encrypt;
- ENGINE_load_4758cca;
- _ossl_096_des_random_seed;
- EVP_aes_256_ofb;
- EVP_aes_192_ofb;
- EVP_aes_128_cfb128;
- EVP_aes_256_cfb128;
- EVP_aes_128_ofb;
- EVP_aes_192_cfb128;
- CONF_modules_free;
- NCONF_default;
- OPENSSL_no_config;
- NCONF_WIN32;
- ASN1_UNIVERSALSTRING_new;
- EVP_des_ede_ecb;
- i2d_ASN1_UNIVERSALSTRING;
- ASN1_UNIVERSALSTRING_free;
- ASN1_UNIVERSALSTRING_it;
- d2i_ASN1_UNIVERSALSTRING;
- EVP_des_ede3_ecb;
- X509_REQ_print_ex;
- ENGINE_up_ref;
- BUF_MEM_grow_clean;
- CRYPTO_realloc_clean;
- BUF_strlcat;
- BIO_indent;
- BUF_strlcpy;
- OpenSSLDie;
- OPENSSL_cleanse;
- ENGINE_setup_bsd_cryptodev;
- ERR_release_err_state_table;
- EVP_aes_128_cfb8;
- FIPS_corrupt_rsa;
- FIPS_selftest_des;
- EVP_aes_128_cfb1;
- EVP_aes_192_cfb8;
- FIPS_mode_set;
- FIPS_selftest_dsa;
- EVP_aes_256_cfb8;
- FIPS_allow_md5;
- DES_ede3_cfb_encrypt;
- EVP_des_ede3_cfb8;
- FIPS_rand_seeded;
- AES_cfbr_encrypt_block;
- AES_cfb8_encrypt;
- FIPS_rand_seed;
- FIPS_corrupt_des;
- EVP_aes_192_cfb1;
- FIPS_selftest_aes;
- FIPS_set_prng_key;
- EVP_des_cfb8;
- FIPS_corrupt_dsa;
- FIPS_test_mode;
- FIPS_rand_method;
- EVP_aes_256_cfb1;
- ERR_load_FIPS_strings;
- FIPS_corrupt_aes;
- FIPS_selftest_sha1;
- FIPS_selftest_rsa;
- FIPS_corrupt_sha1;
- EVP_des_cfb1;
- FIPS_dsa_check;
- AES_cfb1_encrypt;
- EVP_des_ede3_cfb1;
- FIPS_rand_check;
- FIPS_md5_allowed;
- FIPS_mode;
- FIPS_selftest_failed;
- sk_is_sorted;
- X509_check_ca;
- HMAC_CTX_set_flags;
- d2i_PROXY_CERT_INFO_EXTENSION;
- PROXY_POLICY_it;
- i2d_PROXY_POLICY;
- i2d_PROXY_CERT_INFO_EXTENSION;
- d2i_PROXY_POLICY;
- PROXY_CERT_INFO_EXTENSION_new;
- PROXY_CERT_INFO_EXTENSION_free;
- PROXY_CERT_INFO_EXTENSION_it;
- PROXY_POLICY_free;
- PROXY_POLICY_new;
- BN_MONT_CTX_set_locked;
- FIPS_selftest_rng;
- EVP_sha384;
- EVP_sha512;
- EVP_sha224;
- EVP_sha256;
- FIPS_selftest_hmac;
- FIPS_corrupt_rng;
- BN_mod_exp_mont_consttime;
- RSA_X931_hash_id;
- RSA_padding_check_X931;
- RSA_verify_PKCS1_PSS;
- RSA_padding_add_X931;
- RSA_padding_add_PKCS1_PSS;
- PKCS1_MGF1;
- BN_X931_generate_Xpq;
- RSA_X931_generate_key;
- BN_X931_derive_prime;
- BN_X931_generate_prime;
- RSA_X931_derive;
- BIO_new_dgram;
- BN_get0_nist_prime_384;
- ERR_set_mark;
- X509_STORE_CTX_set0_crls;
- ENGINE_set_STORE;
- ENGINE_register_ECDSA;
- STORE_meth_set_list_start_fn;
- STORE_method_set_list_start_function;
- BN_BLINDING_invert_ex;
- NAME_CONSTRAINTS_free;
- STORE_ATTR_INFO_set_number;
- BN_BLINDING_get_thread_id;
- X509_STORE_CTX_set0_param;
- POLICY_MAPPING_it;
- STORE_parse_attrs_start;
- POLICY_CONSTRAINTS_free;
- EVP_PKEY_add1_attr_by_NID;
- BN_nist_mod_192;
- EC_GROUP_get_trinomial_basis;
- STORE_set_method;
- GENERAL_SUBTREE_free;
- NAME_CONSTRAINTS_it;
- ECDH_get_default_method;
- PKCS12_add_safe;
- EC_KEY_new_by_curve_name;
- STORE_meth_get_update_store_fn;
- STORE_method_get_update_store_function;
- ENGINE_register_ECDH;
- SHA512_Update;
- i2d_ECPrivateKey;
- BN_get0_nist_prime_192;
- STORE_modify_certificate;
- EC_POINT_set_affine_coordinates_GF2m;
- EC_POINT_set_affine_coords_GF2m;
- BN_GF2m_mod_exp_arr;
- STORE_ATTR_INFO_modify_number;
- X509_keyid_get0;
- ENGINE_load_gmp;
- pitem_new;
- BN_GF2m_mod_mul_arr;
- STORE_list_public_key_endp;
- o2i_ECPublicKey;
- EC_KEY_copy;
- BIO_dump_fp;
- X509_policy_node_get0_parent;
- EC_GROUP_check_discriminant;
- i2o_ECPublicKey;
- EC_KEY_precompute_mult;
- a2i_IPADDRESS;
- STORE_meth_set_initialise_fn;
- STORE_method_set_initialise_function;
- X509_STORE_CTX_set_depth;
- X509_VERIFY_PARAM_inherit;
- EC_POINT_point2bn;
- STORE_ATTR_INFO_set_dn;
- X509_policy_tree_get0_policies;
- EC_GROUP_new_curve_GF2m;
- STORE_destroy_method;
- ENGINE_unregister_STORE;
- EVP_PKEY_get1_EC_KEY;
- STORE_ATTR_INFO_get0_number;
- ENGINE_get_default_ECDH;
- EC_KEY_get_conv_form;
- ASN1_OCTET_STRING_NDEF_it;
- STORE_delete_public_key;
- STORE_get_public_key;
- STORE_modify_arbitrary;
- ENGINE_get_static_state;
- pqueue_iterator;
- ECDSA_SIG_new;
- OPENSSL_DIR_end;
- BN_GF2m_mod_sqr;
- EC_POINT_bn2point;
- X509_VERIFY_PARAM_set_depth;
- EC_KEY_set_asn1_flag;
- STORE_get_method;
- EC_KEY_get_key_method_data;
- ECDSA_sign_ex;
- STORE_parse_attrs_end;
- EC_GROUP_get_point_conversion_form;
- EC_GROUP_get_point_conv_form;
- STORE_method_set_store_function;
- STORE_ATTR_INFO_in;
- PEM_read_bio_ECPKParameters;
- EC_GROUP_get_pentanomial_basis;
- EVP_PKEY_add1_attr_by_txt;
- BN_BLINDING_set_flags;
- X509_VERIFY_PARAM_set1_policies;
- X509_VERIFY_PARAM_set1_name;
- X509_VERIFY_PARAM_set_purpose;
- STORE_get_number;
- ECDSA_sign_setup;
- BN_GF2m_mod_solve_quad_arr;
- EC_KEY_up_ref;
- POLICY_MAPPING_free;
- BN_GF2m_mod_div;
- X509_VERIFY_PARAM_set_flags;
- EC_KEY_free;
- STORE_meth_set_list_next_fn;
- STORE_method_set_list_next_function;
- PEM_write_bio_ECPrivateKey;
- d2i_EC_PUBKEY;
- STORE_meth_get_generate_fn;
- STORE_method_get_generate_function;
- STORE_meth_set_list_end_fn;
- STORE_method_set_list_end_function;
- pqueue_print;
- EC_GROUP_have_precompute_mult;
- EC_KEY_print_fp;
- BN_GF2m_mod_arr;
- PEM_write_bio_X509_CERT_PAIR;
- EVP_PKEY_cmp;
- X509_policy_level_node_count;
- STORE_new_engine;
- STORE_list_public_key_start;
- X509_VERIFY_PARAM_new;
- ECDH_get_ex_data;
- EVP_PKEY_get_attr;
- ECDSA_do_sign;
- ENGINE_unregister_ECDH;
- ECDH_OpenSSL;
- EC_KEY_set_conv_form;
- EC_POINT_dup;
- GENERAL_SUBTREE_new;
- STORE_list_crl_endp;
- EC_get_builtin_curves;
- X509_policy_node_get0_qualifiers;
- X509_pcy_node_get0_qualifiers;
- STORE_list_crl_end;
- EVP_PKEY_set1_EC_KEY;
- BN_GF2m_mod_sqrt_arr;
- i2d_ECPrivateKey_bio;
- ECPKParameters_print_fp;
- pqueue_find;
- ECDSA_SIG_free;
- PEM_write_bio_ECPKParameters;
- STORE_method_set_ctrl_function;
- STORE_list_public_key_end;
- EC_KEY_set_private_key;
- pqueue_peek;
- STORE_get_arbitrary;
- STORE_store_crl;
- X509_policy_node_get0_policy;
- PKCS12_add_safes;
- BN_BLINDING_convert_ex;
- X509_policy_tree_free;
- OPENSSL_ia32cap_loc;
- BN_GF2m_poly2arr;
- STORE_ctrl;
- STORE_ATTR_INFO_compare;
- BN_get0_nist_prime_224;
- i2d_ECParameters;
- i2d_ECPKParameters;
- BN_GENCB_call;
- d2i_ECPKParameters;
- STORE_meth_set_generate_fn;
- STORE_method_set_generate_function;
- ENGINE_set_ECDH;
- NAME_CONSTRAINTS_new;
- SHA256_Init;
- EC_KEY_get0_public_key;
- PEM_write_bio_EC_PUBKEY;
- STORE_ATTR_INFO_set_cstr;
- STORE_list_crl_next;
- STORE_ATTR_INFO_in_range;
- ECParameters_print;
- STORE_meth_set_delete_fn;
- STORE_method_set_delete_function;
- STORE_list_certificate_next;
- ASN1_generate_nconf;
- BUF_memdup;
- BN_GF2m_mod_mul;
- STORE_meth_get_list_next_fn;
- STORE_method_get_list_next_function;
- STORE_ATTR_INFO_get0_dn;
- STORE_list_private_key_next;
- EC_GROUP_set_seed;
- X509_VERIFY_PARAM_set_trust;
- STORE_ATTR_INFO_free;
- STORE_get_private_key;
- EVP_PKEY_get_attr_count;
- STORE_ATTR_INFO_new;
- EC_GROUP_get_curve_GF2m;
- STORE_meth_set_revoke_fn;
- STORE_method_set_revoke_function;
- STORE_store_number;
- BN_is_prime_ex;
- STORE_revoke_public_key;
- X509_STORE_CTX_get0_param;
- STORE_delete_arbitrary;
- PEM_read_X509_CERT_PAIR;
- X509_STORE_set_depth;
- ECDSA_get_ex_data;
- SHA224;
- BIO_dump_indent_fp;
- EC_KEY_set_group;
- BUF_strndup;
- STORE_list_certificate_start;
- BN_GF2m_mod;
- X509_REQ_check_private_key;
- EC_GROUP_get_seed_len;
- ERR_load_STORE_strings;
- PEM_read_bio_EC_PUBKEY;
- STORE_list_private_key_end;
- i2d_EC_PUBKEY;
- ECDSA_get_default_method;
- ASN1_put_eoc;
- X509_STORE_CTX_get_explicit_policy;
- X509_STORE_CTX_get_expl_policy;
- X509_VERIFY_PARAM_table_cleanup;
- STORE_modify_private_key;
- X509_VERIFY_PARAM_free;
- EC_METHOD_get_field_type;
- EC_GFp_nist_method;
- STORE_meth_set_modify_fn;
- STORE_method_set_modify_function;
- STORE_parse_attrs_next;
- ENGINE_load_padlock;
- EC_GROUP_set_curve_name;
- X509_CERT_PAIR_it;
- STORE_meth_get_revoke_fn;
- STORE_method_get_revoke_function;
- STORE_method_set_get_function;
- STORE_modify_number;
- STORE_method_get_store_function;
- STORE_store_private_key;
- BN_GF2m_mod_sqr_arr;
- RSA_setup_blinding;
- BIO_s_datagram;
- STORE_Memory;
- sk_find_ex;
- EC_GROUP_set_curve_GF2m;
- ENGINE_set_default_ECDSA;
- POLICY_CONSTRAINTS_new;
- BN_GF2m_mod_sqrt;
- ECDH_set_default_method;
- EC_KEY_generate_key;
- SHA384_Update;
- BN_GF2m_arr2poly;
- STORE_method_get_get_function;
- STORE_meth_set_cleanup_fn;
- STORE_method_set_cleanup_function;
- EC_GROUP_check;
- d2i_ECPrivateKey_bio;
- EC_KEY_insert_key_method_data;
- STORE_meth_get_lock_store_fn;
- STORE_method_get_lock_store_function;
- X509_VERIFY_PARAM_get_depth;
- SHA224_Final;
- STORE_meth_set_update_store_fn;
- STORE_method_set_update_store_function;
- SHA224_Update;
- d2i_ECPrivateKey;
- ASN1_item_ndef_i2d;
- STORE_delete_private_key;
- ERR_pop_to_mark;
- ENGINE_register_all_STORE;
- X509_policy_level_get0_node;
- i2d_PKCS7_NDEF;
- EC_GROUP_get_degree;
- ASN1_generate_v3;
- STORE_ATTR_INFO_modify_cstr;
- X509_policy_tree_level_count;
- BN_GF2m_add;
- EC_KEY_get0_group;
- STORE_generate_crl;
- STORE_store_public_key;
- X509_CERT_PAIR_free;
- STORE_revoke_private_key;
- BN_nist_mod_224;
- SHA512_Final;
- STORE_ATTR_INFO_modify_dn;
- STORE_meth_get_initialise_fn;
- STORE_method_get_initialise_function;
- STORE_delete_number;
- i2d_EC_PUBKEY_bio;
- BIO_dgram_non_fatal_error;
- EC_GROUP_get_asn1_flag;
- STORE_ATTR_INFO_in_ex;
- STORE_list_crl_start;
- ECDH_get_ex_new_index;
- STORE_meth_get_modify_fn;
- STORE_method_get_modify_function;
- v2i_ASN1_BIT_STRING;
- STORE_store_certificate;
- OBJ_bsearch_ex;
- X509_STORE_CTX_set_default;
- STORE_ATTR_INFO_set_sha1str;
- BN_GF2m_mod_inv;
- BN_GF2m_mod_exp;
- STORE_modify_public_key;
- STORE_meth_get_list_start_fn;
- STORE_method_get_list_start_function;
- EC_GROUP_get0_seed;
- STORE_store_arbitrary;
- STORE_meth_set_unlock_store_fn;
- STORE_method_set_unlock_store_function;
- BN_GF2m_mod_div_arr;
- ENGINE_set_ECDSA;
- STORE_create_method;
- ECPKParameters_print;
- EC_KEY_get0_private_key;
- PEM_write_EC_PUBKEY;
- X509_VERIFY_PARAM_set1;
- ECDH_set_method;
- v2i_GENERAL_NAME_ex;
- ECDH_set_ex_data;
- STORE_generate_key;
- BN_nist_mod_521;
- X509_policy_tree_get0_level;
- EC_GROUP_set_point_conversion_form;
- EC_GROUP_set_point_conv_form;
- PEM_read_EC_PUBKEY;
- i2d_ECDSA_SIG;
- ECDSA_OpenSSL;
- STORE_delete_crl;
- EC_KEY_get_enc_flags;
- ASN1_const_check_infinite_end;
- EVP_PKEY_delete_attr;
- ECDSA_set_default_method;
- EC_POINT_set_compressed_coordinates_GF2m;
- EC_POINT_set_compr_coords_GF2m;
- EC_GROUP_cmp;
- STORE_revoke_certificate;
- BN_get0_nist_prime_256;
- STORE_meth_get_delete_fn;
- STORE_method_get_delete_function;
- SHA224_Init;
- PEM_read_ECPrivateKey;
- SHA512_Init;
- STORE_parse_attrs_endp;
- BN_set_negative;
- ERR_load_ECDSA_strings;
- EC_GROUP_get_basis_type;
- STORE_list_public_key_next;
- i2v_ASN1_BIT_STRING;
- STORE_OBJECT_free;
- BN_nist_mod_384;
- i2d_X509_CERT_PAIR;
- PEM_write_ECPKParameters;
- ECDH_compute_key;
- STORE_ATTR_INFO_get0_sha1str;
- ENGINE_register_all_ECDH;
- pqueue_pop;
- STORE_ATTR_INFO_get0_cstr;
- POLICY_CONSTRAINTS_it;
- STORE_get_ex_new_index;
- EVP_PKEY_get_attr_by_OBJ;
- X509_VERIFY_PARAM_add0_policy;
- BN_GF2m_mod_solve_quad;
- SHA256;
- i2d_ECPrivateKey_fp;
- X509_policy_tree_get0_user_policies;
- X509_pcy_tree_get0_usr_policies;
- OPENSSL_DIR_read;
- ENGINE_register_all_ECDSA;
- X509_VERIFY_PARAM_lookup;
- EC_POINT_get_affine_coordinates_GF2m;
- EC_POINT_get_affine_coords_GF2m;
- EC_GROUP_dup;
- ENGINE_get_default_ECDSA;
- EC_KEY_new;
- SHA256_Transform;
- EC_KEY_set_enc_flags;
- ECDSA_verify;
- EC_POINT_point2hex;
- ENGINE_get_STORE;
- SHA512;
- STORE_get_certificate;
- ECDSA_do_sign_ex;
- ECDSA_do_verify;
- d2i_ECPrivateKey_fp;
- STORE_delete_certificate;
- SHA512_Transform;
- X509_STORE_set1_param;
- STORE_method_get_ctrl_function;
- STORE_free;
- PEM_write_ECPrivateKey;
- STORE_meth_get_unlock_store_fn;
- STORE_method_get_unlock_store_function;
- STORE_get_ex_data;
- EC_KEY_set_public_key;
- PEM_read_ECPKParameters;
- X509_CERT_PAIR_new;
- ENGINE_register_STORE;
- RSA_generate_key_ex;
- DSA_generate_parameters_ex;
- ECParameters_print_fp;
- X509V3_NAME_from_section;
- EVP_PKEY_add1_attr;
- STORE_modify_crl;
- STORE_list_private_key_start;
- POLICY_MAPPINGS_it;
- GENERAL_SUBTREE_it;
- EC_GROUP_get_curve_name;
- PEM_write_X509_CERT_PAIR;
- BIO_dump_indent_cb;
- d2i_X509_CERT_PAIR;
- STORE_list_private_key_endp;
- asn1_const_Finish;
- i2d_EC_PUBKEY_fp;
- BN_nist_mod_256;
- X509_VERIFY_PARAM_add0_table;
- pqueue_free;
- BN_BLINDING_create_param;
- ECDSA_size;
- d2i_EC_PUBKEY_bio;
- BN_get0_nist_prime_521;
- STORE_ATTR_INFO_modify_sha1str;
- BN_generate_prime_ex;
- EC_GROUP_new_by_curve_name;
- SHA256_Final;
- DH_generate_parameters_ex;
- PEM_read_bio_ECPrivateKey;
- STORE_meth_get_cleanup_fn;
- STORE_method_get_cleanup_function;
- ENGINE_get_ECDH;
- d2i_ECDSA_SIG;
- BN_is_prime_fasttest_ex;
- ECDSA_sign;
- X509_policy_check;
- EVP_PKEY_get_attr_by_NID;
- STORE_set_ex_data;
- ENGINE_get_ECDSA;
- EVP_ecdsa;
- BN_BLINDING_get_flags;
- PKCS12_add_cert;
- STORE_OBJECT_new;
- ERR_load_ECDH_strings;
- EC_KEY_dup;
- EVP_CIPHER_CTX_rand_key;
- ECDSA_set_method;
- a2i_IPADDRESS_NC;
- d2i_ECParameters;
- STORE_list_certificate_end;
- STORE_get_crl;
- X509_POLICY_NODE_print;
- SHA384_Init;
- EC_GF2m_simple_method;
- ECDSA_set_ex_data;
- SHA384_Final;
- PKCS7_set_digest;
- EC_KEY_print;
- STORE_meth_set_lock_store_fn;
- STORE_method_set_lock_store_function;
- ECDSA_get_ex_new_index;
- SHA384;
- POLICY_MAPPING_new;
- STORE_list_certificate_endp;
- X509_STORE_CTX_get0_policy_tree;
- EC_GROUP_set_asn1_flag;
- EC_KEY_check_key;
- d2i_EC_PUBKEY_fp;
- PKCS7_set0_type_other;
- PEM_read_bio_X509_CERT_PAIR;
- pqueue_next;
- STORE_meth_get_list_end_fn;
- STORE_method_get_list_end_function;
- EVP_PKEY_add1_attr_by_OBJ;
- X509_VERIFY_PARAM_set_time;
- pqueue_new;
- ENGINE_set_default_ECDH;
- STORE_new_method;
- PKCS12_add_key;
- DSO_merge;
- EC_POINT_hex2point;
- BIO_dump_cb;
- SHA256_Update;
- pqueue_insert;
- pitem_free;
- BN_GF2m_mod_inv_arr;
- ENGINE_unregister_ECDSA;
- BN_BLINDING_set_thread_id;
- get_rfc3526_prime_8192;
- X509_VERIFY_PARAM_clear_flags;
- get_rfc2409_prime_1024;
- DH_check_pub_key;
- get_rfc3526_prime_2048;
- get_rfc3526_prime_6144;
- get_rfc3526_prime_1536;
- get_rfc3526_prime_3072;
- get_rfc3526_prime_4096;
- get_rfc2409_prime_768;
- X509_VERIFY_PARAM_get_flags;
- EVP_CIPHER_CTX_new;
- EVP_CIPHER_CTX_free;
- Camellia_cbc_encrypt;
- Camellia_cfb128_encrypt;
- Camellia_cfb1_encrypt;
- Camellia_cfb8_encrypt;
- Camellia_ctr128_encrypt;
- Camellia_cfbr_encrypt_block;
- Camellia_decrypt;
- Camellia_ecb_encrypt;
- Camellia_encrypt;
- Camellia_ofb128_encrypt;
- Camellia_set_key;
- EVP_camellia_128_cbc;
- EVP_camellia_128_cfb128;
- EVP_camellia_128_cfb1;
- EVP_camellia_128_cfb8;
- EVP_camellia_128_ecb;
- EVP_camellia_128_ofb;
- EVP_camellia_192_cbc;
- EVP_camellia_192_cfb128;
- EVP_camellia_192_cfb1;
- EVP_camellia_192_cfb8;
- EVP_camellia_192_ecb;
- EVP_camellia_192_ofb;
- EVP_camellia_256_cbc;
- EVP_camellia_256_cfb128;
- EVP_camellia_256_cfb1;
- EVP_camellia_256_cfb8;
- EVP_camellia_256_ecb;
- EVP_camellia_256_ofb;
- a2i_ipadd;
- ASIdentifiers_free;
- i2d_ASIdOrRange;
- EVP_CIPHER_block_size;
- v3_asid_is_canonical;
- IPAddressChoice_free;
- EVP_CIPHER_CTX_set_app_data;
- BIO_set_callback_arg;
- v3_addr_add_prefix;
- IPAddressOrRange_it;
- BIO_set_flags;
- ASIdentifiers_it;
- v3_addr_get_range;
- BIO_method_type;
- v3_addr_inherits;
- IPAddressChoice_it;
- AES_ige_encrypt;
- v3_addr_add_range;
- EVP_CIPHER_CTX_nid;
- d2i_ASRange;
- v3_addr_add_inherit;
- v3_asid_add_id_or_range;
- v3_addr_validate_resource_set;
- EVP_CIPHER_iv_length;
- EVP_MD_type;
- v3_asid_canonize;
- IPAddressRange_free;
- v3_asid_add_inherit;
- EVP_CIPHER_CTX_key_length;
- IPAddressRange_new;
- ASIdOrRange_new;
- EVP_MD_size;
- EVP_MD_CTX_test_flags;
- BIO_clear_flags;
- i2d_ASRange;
- IPAddressRange_it;
- IPAddressChoice_new;
- ASIdentifierChoice_new;
- ASRange_free;
- EVP_MD_pkey_type;
- EVP_MD_CTX_clear_flags;
- IPAddressFamily_free;
- i2d_IPAddressFamily;
- IPAddressOrRange_new;
- EVP_CIPHER_flags;
- v3_asid_validate_resource_set;
- d2i_IPAddressRange;
- AES_bi_ige_encrypt;
- BIO_get_callback;
- IPAddressOrRange_free;
- v3_addr_subset;
- d2i_IPAddressFamily;
- v3_asid_subset;
- BIO_test_flags;
- i2d_ASIdentifierChoice;
- ASRange_it;
- d2i_ASIdentifiers;
- ASRange_new;
- d2i_IPAddressChoice;
- v3_addr_get_afi;
- EVP_CIPHER_key_length;
- EVP_Cipher;
- i2d_IPAddressOrRange;
- ASIdOrRange_it;
- EVP_CIPHER_nid;
- i2d_IPAddressChoice;
- EVP_CIPHER_CTX_block_size;
- ASIdentifiers_new;
- v3_addr_validate_path;
- IPAddressFamily_new;
- EVP_MD_CTX_set_flags;
- v3_addr_is_canonical;
- i2d_IPAddressRange;
- IPAddressFamily_it;
- v3_asid_inherits;
- EVP_CIPHER_CTX_cipher;
- EVP_CIPHER_CTX_get_app_data;
- EVP_MD_block_size;
- EVP_CIPHER_CTX_flags;
- v3_asid_validate_path;
- d2i_IPAddressOrRange;
- v3_addr_canonize;
- ASIdentifierChoice_it;
- EVP_MD_CTX_md;
- d2i_ASIdentifierChoice;
- BIO_method_name;
- EVP_CIPHER_CTX_iv_length;
- ASIdOrRange_free;
- ASIdentifierChoice_free;
- BIO_get_callback_arg;
- BIO_set_callback;
- d2i_ASIdOrRange;
- i2d_ASIdentifiers;
- SEED_decrypt;
- SEED_encrypt;
- SEED_cbc_encrypt;
- EVP_seed_ofb;
- SEED_cfb128_encrypt;
- SEED_ofb128_encrypt;
- EVP_seed_cbc;
- SEED_ecb_encrypt;
- EVP_seed_ecb;
- SEED_set_key;
- EVP_seed_cfb128;
- X509_EXTENSIONS_it;
- X509_get1_ocsp;
- OCSP_REQ_CTX_free;
- i2d_X509_EXTENSIONS;
- OCSP_sendreq_nbio;
- OCSP_sendreq_new;
- d2i_X509_EXTENSIONS;
- X509_ALGORS_it;
- X509_ALGOR_get0;
- X509_ALGOR_set0;
- AES_unwrap_key;
- AES_wrap_key;
- X509at_get0_data_by_OBJ;
- ASN1_TYPE_set1;
- ASN1_STRING_set0;
- i2d_X509_ALGORS;
- BIO_f_zlib;
- COMP_zlib_cleanup;
- d2i_X509_ALGORS;
- CMS_ReceiptRequest_free;
- PEM_write_CMS;
- CMS_add0_CertificateChoices;
- CMS_unsigned_add1_attr_by_OBJ;
- ERR_load_CMS_strings;
- CMS_sign_receipt;
- i2d_CMS_ContentInfo;
- CMS_signed_delete_attr;
- d2i_CMS_bio;
- CMS_unsigned_get_attr_by_NID;
- CMS_verify;
- SMIME_read_CMS;
- CMS_decrypt_set1_key;
- CMS_SignerInfo_get0_algs;
- CMS_add1_cert;
- CMS_set_detached;
- CMS_encrypt;
- CMS_EnvelopedData_create;
- CMS_uncompress;
- CMS_add0_crl;
- CMS_SignerInfo_verify_content;
- CMS_unsigned_get0_data_by_OBJ;
- PEM_write_bio_CMS;
- CMS_unsigned_get_attr;
- CMS_RecipientInfo_ktri_cert_cmp;
- CMS_RecipientInfo_ktri_get0_algs;
- CMS_RecipInfo_ktri_get0_algs;
- CMS_ContentInfo_free;
- CMS_final;
- CMS_add_simple_smimecap;
- CMS_SignerInfo_verify;
- CMS_data;
- CMS_ContentInfo_it;
- d2i_CMS_ReceiptRequest;
- CMS_compress;
- CMS_digest_create;
- CMS_SignerInfo_cert_cmp;
- CMS_SignerInfo_sign;
- CMS_data_create;
- i2d_CMS_bio;
- CMS_EncryptedData_set1_key;
- CMS_decrypt;
- int_smime_write_ASN1;
- CMS_unsigned_delete_attr;
- CMS_unsigned_get_attr_count;
- CMS_add_smimecap;
- PEM_read_CMS;
- CMS_signed_get_attr_by_OBJ;
- d2i_CMS_ContentInfo;
- CMS_add_standard_smimecap;
- CMS_ContentInfo_new;
- CMS_RecipientInfo_type;
- CMS_get0_type;
- CMS_is_detached;
- CMS_sign;
- CMS_signed_add1_attr;
- CMS_unsigned_get_attr_by_OBJ;
- SMIME_write_CMS;
- CMS_EncryptedData_decrypt;
- CMS_get0_RecipientInfos;
- CMS_add0_RevocationInfoChoice;
- CMS_decrypt_set1_pkey;
- CMS_SignerInfo_set1_signer_cert;
- CMS_get0_signers;
- CMS_ReceiptRequest_get0_values;
- CMS_signed_get0_data_by_OBJ;
- CMS_get0_SignerInfos;
- CMS_add0_cert;
- CMS_EncryptedData_encrypt;
- CMS_digest_verify;
- CMS_set1_signers_certs;
- CMS_signed_get_attr;
- CMS_RecipientInfo_set0_key;
- CMS_SignedData_init;
- CMS_RecipientInfo_kekri_get0_id;
- CMS_verify_receipt;
- CMS_ReceiptRequest_it;
- PEM_read_bio_CMS;
- CMS_get1_crls;
- CMS_add0_recipient_key;
- SMIME_read_ASN1;
- CMS_ReceiptRequest_new;
- CMS_get0_content;
- CMS_get1_ReceiptRequest;
- CMS_signed_add1_attr_by_OBJ;
- CMS_RecipientInfo_kekri_id_cmp;
- CMS_add1_ReceiptRequest;
- CMS_SignerInfo_get0_signer_id;
- CMS_unsigned_add1_attr_by_NID;
- CMS_unsigned_add1_attr;
- CMS_signed_get_attr_by_NID;
- CMS_get1_certs;
- CMS_signed_add1_attr_by_NID;
- CMS_unsigned_add1_attr_by_txt;
- CMS_dataFinal;
- CMS_RecipientInfo_ktri_get0_signer_id;
- CMS_RecipInfo_ktri_get0_sigr_id;
- i2d_CMS_ReceiptRequest;
- CMS_add1_recipient_cert;
- CMS_dataInit;
- CMS_signed_add1_attr_by_txt;
- CMS_RecipientInfo_decrypt;
- CMS_signed_get_attr_count;
- CMS_get0_eContentType;
- CMS_set1_eContentType;
- CMS_ReceiptRequest_create0;
- CMS_add1_signer;
- CMS_RecipientInfo_set0_pkey;
- ENGINE_set_load_ssl_client_cert_function;
- ENGINE_set_ld_ssl_clnt_cert_fn;
- ENGINE_get_ssl_client_cert_function;
- ENGINE_get_ssl_client_cert_fn;
- ENGINE_load_ssl_client_cert;
- ENGINE_load_capi;
- OPENSSL_isservice;
- FIPS_dsa_sig_decode;
- EVP_CIPHER_CTX_clear_flags;
- FIPS_rand_status;
- FIPS_rand_set_key;
- CRYPTO_set_mem_info_functions;
- RSA_X931_generate_key_ex;
- int_ERR_set_state_func;
- int_EVP_MD_set_engine_callbacks;
- int_CRYPTO_set_do_dynlock_callback;
- FIPS_rng_stick;
- EVP_CIPHER_CTX_set_flags;
- BN_X931_generate_prime_ex;
- FIPS_selftest_check;
- FIPS_rand_set_dt;
- CRYPTO_dbg_pop_info;
- FIPS_dsa_free;
- RSA_X931_derive_ex;
- FIPS_rsa_new;
- FIPS_rand_bytes;
- fips_cipher_test;
- EVP_CIPHER_CTX_test_flags;
- CRYPTO_malloc_debug_init;
- CRYPTO_dbg_push_info;
- FIPS_corrupt_rsa_keygen;
- FIPS_dh_new;
- FIPS_corrupt_dsa_keygen;
- FIPS_dh_free;
- fips_pkey_signature_test;
- EVP_add_alg_module;
- int_RAND_init_engine_callbacks;
- int_EVP_CIPHER_set_engine_callbacks;
- int_EVP_MD_init_engine_callbacks;
- FIPS_rand_test_mode;
- FIPS_rand_reset;
- FIPS_dsa_new;
- int_RAND_set_callbacks;
- BN_X931_derive_prime_ex;
- int_ERR_lib_init;
- int_EVP_CIPHER_init_engine_callbacks;
- FIPS_rsa_free;
- FIPS_dsa_sig_encode;
- CRYPTO_dbg_remove_all_info;
- OPENSSL_init;
- CRYPTO_strdup;
- JPAKE_STEP3A_process;
- JPAKE_STEP1_release;
- JPAKE_get_shared_key;
- JPAKE_STEP3B_init;
- JPAKE_STEP1_generate;
- JPAKE_STEP1_init;
- JPAKE_STEP3B_process;
- JPAKE_STEP2_generate;
- JPAKE_CTX_new;
- JPAKE_CTX_free;
- JPAKE_STEP3B_release;
- JPAKE_STEP3A_release;
- JPAKE_STEP2_process;
- JPAKE_STEP3B_generate;
- JPAKE_STEP1_process;
- JPAKE_STEP3A_generate;
- JPAKE_STEP2_release;
- JPAKE_STEP3A_init;
- ERR_load_JPAKE_strings;
- JPAKE_STEP2_init;
- pqueue_size;
- i2d_TS_ACCURACY;
- i2d_TS_MSG_IMPRINT_fp;
- i2d_TS_MSG_IMPRINT;
- EVP_PKEY_print_public;
- EVP_PKEY_CTX_new;
- i2d_TS_TST_INFO;
- EVP_PKEY_asn1_find;
- DSO_METHOD_beos;
- TS_CONF_load_cert;
- TS_REQ_get_ext;
- EVP_PKEY_sign_init;
- ASN1_item_print;
- TS_TST_INFO_set_nonce;
- TS_RESP_dup;
- ENGINE_register_pkey_meths;
- EVP_PKEY_asn1_add0;
- PKCS7_add0_attrib_signing_time;
- i2d_TS_TST_INFO_fp;
- BIO_asn1_get_prefix;
- TS_TST_INFO_set_time;
- EVP_PKEY_meth_set_decrypt;
- EVP_PKEY_set_type_str;
- EVP_PKEY_CTX_get_keygen_info;
- TS_REQ_set_policy_id;
- d2i_TS_RESP_fp;
- ENGINE_get_pkey_asn1_meth_engine;
- ENGINE_get_pkey_asn1_meth_eng;
- WHIRLPOOL_Init;
- TS_RESP_set_status_info;
- EVP_PKEY_keygen;
- EVP_DigestSignInit;
- TS_ACCURACY_set_millis;
- TS_REQ_dup;
- GENERAL_NAME_dup;
- ASN1_SEQUENCE_ANY_it;
- WHIRLPOOL;
- X509_STORE_get1_crls;
- ENGINE_get_pkey_asn1_meth;
- EVP_PKEY_asn1_new;
- BIO_new_NDEF;
- ENGINE_get_pkey_meth;
- TS_MSG_IMPRINT_set_algo;
- i2d_TS_TST_INFO_bio;
- TS_TST_INFO_set_ordering;
- TS_TST_INFO_get_ext_by_OBJ;
- CRYPTO_THREADID_set_pointer;
- TS_CONF_get_tsa_section;
- SMIME_write_ASN1;
- TS_RESP_CTX_set_signer_key;
- EVP_PKEY_encrypt_old;
- EVP_PKEY_encrypt_init;
- CRYPTO_THREADID_cpy;
- ASN1_PCTX_get_cert_flags;
- i2d_ESS_SIGNING_CERT;
- TS_CONF_load_key;
- i2d_ASN1_SEQUENCE_ANY;
- d2i_TS_MSG_IMPRINT_bio;
- EVP_PKEY_asn1_set_public;
- b2i_PublicKey_bio;
- BIO_asn1_set_prefix;
- EVP_PKEY_new_mac_key;
- BIO_new_CMS;
- CRYPTO_THREADID_cmp;
- TS_REQ_ext_free;
- EVP_PKEY_asn1_set_free;
- EVP_PKEY_get0_asn1;
- d2i_NETSCAPE_X509;
- EVP_PKEY_verify_recover_init;
- EVP_PKEY_CTX_set_data;
- EVP_PKEY_keygen_init;
- TS_RESP_CTX_set_status_info;
- TS_MSG_IMPRINT_get_algo;
- TS_REQ_print_bio;
- EVP_PKEY_CTX_ctrl_str;
- EVP_PKEY_get_default_digest_nid;
- PEM_write_bio_PKCS7_stream;
- TS_MSG_IMPRINT_print_bio;
- BN_asc2bn;
- TS_REQ_get_policy_id;
- ENGINE_set_default_pkey_asn1_meths;
- ENGINE_set_def_pkey_asn1_meths;
- d2i_TS_ACCURACY;
- DSO_global_lookup;
- TS_CONF_set_tsa_name;
- i2d_ASN1_SET_ANY;
- ENGINE_load_gost;
- WHIRLPOOL_BitUpdate;
- ASN1_PCTX_get_flags;
- TS_TST_INFO_get_ext_by_NID;
- TS_RESP_new;
- ESS_CERT_ID_dup;
- TS_STATUS_INFO_dup;
- TS_REQ_delete_ext;
- EVP_DigestVerifyFinal;
- EVP_PKEY_print_params;
- i2d_CMS_bio_stream;
- TS_REQ_get_msg_imprint;
- OBJ_find_sigid_by_algs;
- TS_TST_INFO_get_serial;
- TS_REQ_get_nonce;
- X509_PUBKEY_set0_param;
- EVP_PKEY_CTX_set0_keygen_info;
- DIST_POINT_set_dpname;
- i2d_ISSUING_DIST_POINT;
- ASN1_SET_ANY_it;
- EVP_PKEY_CTX_get_data;
- TS_STATUS_INFO_print_bio;
- EVP_PKEY_derive_init;
- d2i_TS_TST_INFO;
- EVP_PKEY_asn1_add_alias;
- d2i_TS_RESP_bio;
- OTHERNAME_cmp;
- GENERAL_NAME_set0_value;
- PKCS7_RECIP_INFO_get0_alg;
- TS_RESP_CTX_new;
- TS_RESP_set_tst_info;
- PKCS7_final;
- EVP_PKEY_base_id;
- TS_RESP_CTX_set_signer_cert;
- TS_REQ_set_msg_imprint;
- EVP_PKEY_CTX_ctrl;
- TS_CONF_set_digests;
- d2i_TS_MSG_IMPRINT;
- EVP_PKEY_meth_set_ctrl;
- TS_REQ_get_ext_by_NID;
- PKCS5_pbe_set0_algor;
- BN_BLINDING_thread_id;
- TS_ACCURACY_new;
- X509_CRL_METHOD_free;
- ASN1_PCTX_get_nm_flags;
- EVP_PKEY_meth_set_sign;
- CRYPTO_THREADID_current;
- EVP_PKEY_decrypt_init;
- NETSCAPE_X509_free;
- i2b_PVK_bio;
- EVP_PKEY_print_private;
- GENERAL_NAME_get0_value;
- b2i_PVK_bio;
- ASN1_UTCTIME_adj;
- TS_TST_INFO_new;
- EVP_MD_do_all_sorted;
- TS_CONF_set_default_engine;
- TS_ACCURACY_set_seconds;
- TS_TST_INFO_get_time;
- PKCS8_pkey_get0;
- EVP_PKEY_asn1_get0;
- OBJ_add_sigid;
- PKCS7_SIGNER_INFO_sign;
- EVP_PKEY_paramgen_init;
- EVP_PKEY_sign;
- OBJ_sigid_free;
- EVP_PKEY_meth_set_init;
- d2i_ESS_ISSUER_SERIAL;
- ISSUING_DIST_POINT_new;
- ASN1_TIME_adj;
- TS_OBJ_print_bio;
- EVP_PKEY_meth_set_verify_recover;
- EVP_PKEY_meth_set_vrfy_recover;
- TS_RESP_get_status_info;
- CMS_stream;
- EVP_PKEY_CTX_set_cb;
- PKCS7_to_TS_TST_INFO;
- ASN1_PCTX_get_oid_flags;
- TS_TST_INFO_add_ext;
- EVP_PKEY_meth_set_derive;
- i2d_TS_RESP_fp;
- i2d_TS_MSG_IMPRINT_bio;
- TS_RESP_CTX_set_accuracy;
- TS_REQ_set_nonce;
- ESS_CERT_ID_new;
- ENGINE_pkey_asn1_find_str;
- TS_REQ_get_ext_count;
- BUF_reverse;
- TS_TST_INFO_print_bio;
- d2i_ISSUING_DIST_POINT;
- ENGINE_get_pkey_meths;
- i2b_PrivateKey_bio;
- i2d_TS_RESP;
- b2i_PublicKey;
- TS_VERIFY_CTX_cleanup;
- TS_STATUS_INFO_free;
- TS_RESP_verify_token;
- OBJ_bsearch_ex_;
- ASN1_bn_print;
- EVP_PKEY_asn1_get_count;
- ENGINE_register_pkey_asn1_meths;
- ASN1_PCTX_set_nm_flags;
- EVP_DigestVerifyInit;
- ENGINE_set_default_pkey_meths;
- TS_TST_INFO_get_policy_id;
- TS_REQ_get_cert_req;
- X509_CRL_set_meth_data;
- PKCS8_pkey_set0;
- ASN1_STRING_copy;
- d2i_TS_TST_INFO_fp;
- X509_CRL_match;
- EVP_PKEY_asn1_set_private;
- TS_TST_INFO_get_ext_d2i;
- TS_RESP_CTX_add_policy;
- d2i_TS_RESP;
- TS_CONF_load_certs;
- TS_TST_INFO_get_msg_imprint;
- ERR_load_TS_strings;
- TS_TST_INFO_get_version;
- EVP_PKEY_CTX_dup;
- EVP_PKEY_meth_set_verify;
- i2b_PublicKey_bio;
- TS_CONF_set_certs;
- EVP_PKEY_asn1_get0_info;
- TS_VERIFY_CTX_free;
- TS_REQ_get_ext_by_critical;
- TS_RESP_CTX_set_serial_cb;
- X509_CRL_get_meth_data;
- TS_RESP_CTX_set_time_cb;
- TS_MSG_IMPRINT_get_msg;
- TS_TST_INFO_ext_free;
- TS_REQ_get_version;
- TS_REQ_add_ext;
- EVP_PKEY_CTX_set_app_data;
- OBJ_bsearch_;
- EVP_PKEY_meth_set_verifyctx;
- i2d_PKCS7_bio_stream;
- CRYPTO_THREADID_set_numeric;
- PKCS7_sign_add_signer;
- d2i_TS_TST_INFO_bio;
- TS_TST_INFO_get_ordering;
- TS_RESP_print_bio;
- TS_TST_INFO_get_exts;
- HMAC_CTX_copy;
- PKCS5_pbe2_set_iv;
- ENGINE_get_pkey_asn1_meths;
- b2i_PrivateKey;
- EVP_PKEY_CTX_get_app_data;
- TS_REQ_set_cert_req;
- CRYPTO_THREADID_set_callback;
- TS_CONF_set_serial;
- TS_TST_INFO_free;
- d2i_TS_REQ_fp;
- TS_RESP_verify_response;
- i2d_ESS_ISSUER_SERIAL;
- TS_ACCURACY_get_seconds;
- EVP_CIPHER_do_all;
- b2i_PrivateKey_bio;
- OCSP_CERTID_dup;
- X509_PUBKEY_get0_param;
- TS_MSG_IMPRINT_dup;
- PKCS7_print_ctx;
- i2d_TS_REQ_bio;
- EVP_whirlpool;
- EVP_PKEY_asn1_set_param;
- EVP_PKEY_meth_set_encrypt;
- ASN1_PCTX_set_flags;
- i2d_ESS_CERT_ID;
- TS_VERIFY_CTX_new;
- TS_RESP_CTX_set_extension_cb;
- ENGINE_register_all_pkey_meths;
- TS_RESP_CTX_set_status_info_cond;
- TS_RESP_CTX_set_stat_info_cond;
- EVP_PKEY_verify;
- WHIRLPOOL_Final;
- X509_CRL_METHOD_new;
- EVP_DigestSignFinal;
- TS_RESP_CTX_set_def_policy;
- NETSCAPE_X509_it;
- TS_RESP_create_response;
- PKCS7_SIGNER_INFO_get0_algs;
- TS_TST_INFO_get_nonce;
- EVP_PKEY_decrypt_old;
- TS_TST_INFO_set_policy_id;
- TS_CONF_set_ess_cert_id_chain;
- EVP_PKEY_CTX_get0_pkey;
- d2i_TS_REQ;
- EVP_PKEY_asn1_find_str;
- BIO_f_asn1;
- ESS_SIGNING_CERT_new;
- EVP_PBE_find;
- X509_CRL_get0_by_cert;
- EVP_PKEY_derive;
- i2d_TS_REQ;
- TS_TST_INFO_delete_ext;
- ESS_ISSUER_SERIAL_free;
- ASN1_PCTX_set_str_flags;
- ENGINE_get_pkey_asn1_meth_str;
- TS_CONF_set_signer_key;
- TS_ACCURACY_get_millis;
- TS_RESP_get_token;
- TS_ACCURACY_dup;
- ENGINE_register_all_pkey_asn1_meths;
- ENGINE_reg_all_pkey_asn1_meths;
- X509_CRL_set_default_method;
- CRYPTO_THREADID_hash;
- CMS_ContentInfo_print_ctx;
- TS_RESP_free;
- ISSUING_DIST_POINT_free;
- ESS_ISSUER_SERIAL_new;
- CMS_add1_crl;
- PKCS7_add1_attrib_digest;
- TS_RESP_CTX_add_md;
- TS_TST_INFO_dup;
- ENGINE_set_pkey_asn1_meths;
- PEM_write_bio_Parameters;
- TS_TST_INFO_get_accuracy;
- X509_CRL_get0_by_serial;
- TS_TST_INFO_set_version;
- TS_RESP_CTX_get_tst_info;
- TS_RESP_verify_signature;
- CRYPTO_THREADID_get_callback;
- TS_TST_INFO_get_tsa;
- TS_STATUS_INFO_new;
- EVP_PKEY_CTX_get_cb;
- TS_REQ_get_ext_d2i;
- GENERAL_NAME_set0_othername;
- TS_TST_INFO_get_ext_count;
- TS_RESP_CTX_get_request;
- i2d_NETSCAPE_X509;
- ENGINE_get_pkey_meth_engine;
- EVP_PKEY_meth_set_signctx;
- EVP_PKEY_asn1_copy;
- ASN1_TYPE_cmp;
- EVP_CIPHER_do_all_sorted;
- EVP_PKEY_CTX_free;
- ISSUING_DIST_POINT_it;
- d2i_TS_MSG_IMPRINT_fp;
- X509_STORE_get1_certs;
- EVP_PKEY_CTX_get_operation;
- d2i_ESS_SIGNING_CERT;
- TS_CONF_set_ordering;
- EVP_PBE_alg_add_type;
- TS_REQ_set_version;
- EVP_PKEY_get0;
- BIO_asn1_set_suffix;
- i2d_TS_STATUS_INFO;
- EVP_MD_do_all;
- TS_TST_INFO_set_accuracy;
- PKCS7_add_attrib_content_type;
- ERR_remove_thread_state;
- EVP_PKEY_meth_add0;
- TS_TST_INFO_set_tsa;
- EVP_PKEY_meth_new;
- WHIRLPOOL_Update;
- TS_CONF_set_accuracy;
- ASN1_PCTX_set_oid_flags;
- ESS_SIGNING_CERT_dup;
- d2i_TS_REQ_bio;
- X509_time_adj_ex;
- TS_RESP_CTX_add_flags;
- d2i_TS_STATUS_INFO;
- TS_MSG_IMPRINT_set_msg;
- BIO_asn1_get_suffix;
- TS_REQ_free;
- EVP_PKEY_meth_free;
- TS_REQ_get_exts;
- TS_RESP_CTX_set_clock_precision_digits;
- TS_RESP_CTX_set_clk_prec_digits;
- TS_RESP_CTX_add_failure_info;
- i2d_TS_RESP_bio;
- EVP_PKEY_CTX_get0_peerkey;
- PEM_write_bio_CMS_stream;
- TS_REQ_new;
- TS_MSG_IMPRINT_new;
- EVP_PKEY_meth_find;
- EVP_PKEY_id;
- TS_TST_INFO_set_serial;
- a2i_GENERAL_NAME;
- TS_CONF_set_crypto_device;
- EVP_PKEY_verify_init;
- TS_CONF_set_policies;
- ASN1_PCTX_new;
- ESS_CERT_ID_free;
- ENGINE_unregister_pkey_meths;
- TS_MSG_IMPRINT_free;
- TS_VERIFY_CTX_init;
- PKCS7_stream;
- TS_RESP_CTX_set_certs;
- TS_CONF_set_def_policy;
- ASN1_GENERALIZEDTIME_adj;
- NETSCAPE_X509_new;
- TS_ACCURACY_free;
- TS_RESP_get_tst_info;
- EVP_PKEY_derive_set_peer;
- PEM_read_bio_Parameters;
- TS_CONF_set_clock_precision_digits;
- TS_CONF_set_clk_prec_digits;
- ESS_ISSUER_SERIAL_dup;
- TS_ACCURACY_get_micros;
- ASN1_PCTX_get_str_flags;
- NAME_CONSTRAINTS_check;
- ASN1_BIT_STRING_check;
- X509_check_akid;
- ENGINE_unregister_pkey_asn1_meths;
- ENGINE_unreg_pkey_asn1_meths;
- ASN1_PCTX_free;
- PEM_write_bio_ASN1_stream;
- i2d_ASN1_bio_stream;
- TS_X509_ALGOR_print_bio;
- EVP_PKEY_meth_set_cleanup;
- EVP_PKEY_asn1_free;
- ESS_SIGNING_CERT_free;
- TS_TST_INFO_set_msg_imprint;
- GENERAL_NAME_cmp;
- d2i_ASN1_SET_ANY;
- ENGINE_set_pkey_meths;
- i2d_TS_REQ_fp;
- d2i_ASN1_SEQUENCE_ANY;
- GENERAL_NAME_get0_otherName;
- d2i_ESS_CERT_ID;
- OBJ_find_sigid_algs;
- EVP_PKEY_meth_set_keygen;
- PKCS5_PBKDF2_HMAC;
- EVP_PKEY_paramgen;
- EVP_PKEY_meth_set_paramgen;
- BIO_new_PKCS7;
- EVP_PKEY_verify_recover;
- TS_ext_print_bio;
- TS_ASN1_INTEGER_print_bio;
- check_defer;
- DSO_pathbyaddr;
- EVP_PKEY_set_type;
- TS_ACCURACY_set_micros;
- TS_REQ_to_TS_VERIFY_CTX;
- EVP_PKEY_meth_set_copy;
- ASN1_PCTX_set_cert_flags;
- TS_TST_INFO_get_ext;
- EVP_PKEY_asn1_set_ctrl;
- TS_TST_INFO_get_ext_by_critical;
- EVP_PKEY_CTX_new_id;
- TS_REQ_get_ext_by_OBJ;
- TS_CONF_set_signer_cert;
- X509_NAME_hash_old;
- ASN1_TIME_set_string;
- EVP_MD_flags;
- TS_RESP_CTX_free;
- DSAparams_dup;
- DHparams_dup;
- OCSP_REQ_CTX_add1_header;
- OCSP_REQ_CTX_set1_req;
- X509_STORE_set_verify_cb;
- X509_STORE_CTX_get0_current_crl;
- X509_STORE_CTX_get0_parent_ctx;
- X509_STORE_CTX_get0_current_issuer;
- X509_STORE_CTX_get0_cur_issuer;
- X509_issuer_name_hash_old;
- X509_subject_name_hash_old;
- EVP_CIPHER_CTX_copy;
- UI_method_get_prompt_constructor;
- UI_method_get_prompt_constructr;
- UI_method_set_prompt_constructor;
- UI_method_set_prompt_constructr;
- EVP_read_pw_string_min;
- CRYPTO_cts128_encrypt;
- CRYPTO_cts128_decrypt_block;
- CRYPTO_cfb128_1_encrypt;
- CRYPTO_cbc128_encrypt;
- CRYPTO_ctr128_encrypt;
- CRYPTO_ofb128_encrypt;
- CRYPTO_cts128_decrypt;
- CRYPTO_cts128_encrypt_block;
- CRYPTO_cbc128_decrypt;
- CRYPTO_cfb128_encrypt;
- CRYPTO_cfb128_8_encrypt;
-
- local:
- *;
-};
-
-
-OPENSSL_1.0.1 {
- global:
- SSL_renegotiate_abbreviated;
- TLSv1_1_method;
- TLSv1_1_client_method;
- TLSv1_1_server_method;
- SSL_CTX_set_srp_client_pwd_callback;
- SSL_CTX_set_srp_client_pwd_cb;
- SSL_get_srp_g;
- SSL_CTX_set_srp_username_callback;
- SSL_CTX_set_srp_un_cb;
- SSL_get_srp_userinfo;
- SSL_set_srp_server_param;
- SSL_set_srp_server_param_pw;
- SSL_get_srp_N;
- SSL_get_srp_username;
- SSL_CTX_set_srp_password;
- SSL_CTX_set_srp_strength;
- SSL_CTX_set_srp_verify_param_callback;
- SSL_CTX_set_srp_vfy_param_cb;
- SSL_CTX_set_srp_cb_arg;
- SSL_CTX_set_srp_username;
- SSL_CTX_SRP_CTX_init;
- SSL_SRP_CTX_init;
- SRP_Calc_A_param;
- SRP_generate_server_master_secret;
- SRP_gen_server_master_secret;
- SSL_CTX_SRP_CTX_free;
- SRP_generate_client_master_secret;
- SRP_gen_client_master_secret;
- SSL_srp_server_param_with_username;
- SSL_srp_server_param_with_un;
- SSL_SRP_CTX_free;
- SSL_set_debug;
- SSL_SESSION_get0_peer;
- TLSv1_2_client_method;
- SSL_SESSION_set1_id_context;
- TLSv1_2_server_method;
- SSL_cache_hit;
- SSL_get0_kssl_ctx;
- SSL_set0_kssl_ctx;
- SSL_set_state;
- SSL_CIPHER_get_id;
- TLSv1_2_method;
- kssl_ctx_get0_client_princ;
- SSL_export_keying_material;
- SSL_set_tlsext_use_srtp;
- SSL_CTX_set_next_protos_advertised_cb;
- SSL_CTX_set_next_protos_adv_cb;
- SSL_get0_next_proto_negotiated;
- SSL_get_selected_srtp_profile;
- SSL_CTX_set_tlsext_use_srtp;
- SSL_select_next_proto;
- SSL_get_srtp_profiles;
- SSL_CTX_set_next_proto_select_cb;
- SSL_CTX_set_next_proto_sel_cb;
- SSL_SESSION_get_compress_id;
-
- SRP_VBASE_get_by_user;
- SRP_Calc_server_key;
- SRP_create_verifier;
- SRP_create_verifier_BN;
- SRP_Calc_u;
- SRP_VBASE_free;
- SRP_Calc_client_key;
- SRP_get_default_gN;
- SRP_Calc_x;
- SRP_Calc_B;
- SRP_VBASE_new;
- SRP_check_known_gN_param;
- SRP_Calc_A;
- SRP_Verify_A_mod_N;
- SRP_VBASE_init;
- SRP_Verify_B_mod_N;
- EC_KEY_set_public_key_affine_coordinates;
- EC_KEY_set_pub_key_aff_coords;
- EVP_aes_192_ctr;
- EVP_PKEY_meth_get0_info;
- EVP_PKEY_meth_copy;
- ERR_add_error_vdata;
- EVP_aes_128_ctr;
- EVP_aes_256_ctr;
- EC_GFp_nistp224_method;
- EC_KEY_get_flags;
- RSA_padding_add_PKCS1_PSS_mgf1;
- EVP_aes_128_xts;
- EVP_aes_256_xts;
- EVP_aes_128_gcm;
- EC_KEY_clear_flags;
- EC_KEY_set_flags;
- EVP_aes_256_ccm;
- RSA_verify_PKCS1_PSS_mgf1;
- EVP_aes_128_ccm;
- EVP_aes_192_gcm;
- X509_ALGOR_set_md;
- RAND_init_fips;
- EVP_aes_256_gcm;
- EVP_aes_192_ccm;
- CMAC_CTX_copy;
- CMAC_CTX_free;
- CMAC_CTX_get0_cipher_ctx;
- CMAC_CTX_cleanup;
- CMAC_Init;
- CMAC_Update;
- CMAC_resume;
- CMAC_CTX_new;
- CMAC_Final;
- CRYPTO_ctr128_encrypt_ctr32;
- CRYPTO_gcm128_release;
- CRYPTO_ccm128_decrypt_ccm64;
- CRYPTO_ccm128_encrypt;
- CRYPTO_gcm128_encrypt;
- CRYPTO_xts128_encrypt;
- EVP_rc4_hmac_md5;
- CRYPTO_nistcts128_decrypt_block;
- CRYPTO_gcm128_setiv;
- CRYPTO_nistcts128_encrypt;
- EVP_aes_128_cbc_hmac_sha1;
- CRYPTO_gcm128_tag;
- CRYPTO_ccm128_encrypt_ccm64;
- ENGINE_load_rdrand;
- CRYPTO_ccm128_setiv;
- CRYPTO_nistcts128_encrypt_block;
- CRYPTO_gcm128_aad;
- CRYPTO_ccm128_init;
- CRYPTO_nistcts128_decrypt;
- CRYPTO_gcm128_new;
- CRYPTO_ccm128_tag;
- CRYPTO_ccm128_decrypt;
- CRYPTO_ccm128_aad;
- CRYPTO_gcm128_init;
- CRYPTO_gcm128_decrypt;
- ENGINE_load_rsax;
- CRYPTO_gcm128_decrypt_ctr32;
- CRYPTO_gcm128_encrypt_ctr32;
- CRYPTO_gcm128_finish;
- EVP_aes_256_cbc_hmac_sha1;
- PKCS5_pbkdf2_set;
- CMS_add0_recipient_password;
- CMS_decrypt_set1_password;
- CMS_RecipientInfo_set0_password;
- RAND_set_fips_drbg_type;
- X509_REQ_sign_ctx;
- RSA_PSS_PARAMS_new;
- X509_CRL_sign_ctx;
- X509_signature_dump;
- d2i_RSA_PSS_PARAMS;
- RSA_PSS_PARAMS_it;
- RSA_PSS_PARAMS_free;
- X509_sign_ctx;
- i2d_RSA_PSS_PARAMS;
- ASN1_item_sign_ctx;
- EC_GFp_nistp521_method;
- EC_GFp_nistp256_method;
- OPENSSL_stderr;
- OPENSSL_cpuid_setup;
- OPENSSL_showfatal;
- BIO_new_dgram_sctp;
- BIO_dgram_sctp_msg_waiting;
- BIO_dgram_sctp_wait_for_dry;
- BIO_s_datagram_sctp;
- BIO_dgram_is_sctp;
- BIO_dgram_sctp_notification_cb;
-} OPENSSL_1.0.0;
-
-OPENSSL_1.0.1d {
- global:
- CRYPTO_memcmp;
-} OPENSSL_1.0.1;
-
-OPENSSL_1.0.1s {
- global:
- SRP_VBASE_get1_by_user;
- SRP_user_pwd_free;
-} OPENSSL_1.0.1d;
-
-OPENSSL_1.0.2 {
- global:
- SSL_CTX_set_alpn_protos;
- SSL_set_alpn_protos;
- SSL_CTX_set_alpn_select_cb;
- SSL_get0_alpn_selected;
- SSL_CTX_set_custom_cli_ext;
- SSL_CTX_set_custom_srv_ext;
- SSL_CTX_set_srv_supp_data;
- SSL_CTX_set_cli_supp_data;
- SSL_set_cert_cb;
- SSL_CTX_use_serverinfo;
- SSL_CTX_use_serverinfo_file;
- SSL_CTX_set_cert_cb;
- SSL_CTX_get0_param;
- SSL_get0_param;
- SSL_certs_clear;
- DTLSv1_2_method;
- DTLSv1_2_server_method;
- DTLSv1_2_client_method;
- DTLS_method;
- DTLS_server_method;
- DTLS_client_method;
- SSL_CTX_get_ssl_method;
- SSL_CTX_get0_certificate;
- SSL_CTX_get0_privatekey;
- SSL_COMP_set0_compression_methods;
- SSL_COMP_free_compression_methods;
- SSL_CIPHER_find;
- SSL_is_server;
- SSL_CONF_CTX_new;
- SSL_CONF_CTX_finish;
- SSL_CONF_CTX_free;
- SSL_CONF_CTX_set_flags;
- SSL_CONF_CTX_clear_flags;
- SSL_CONF_CTX_set1_prefix;
- SSL_CONF_CTX_set_ssl;
- SSL_CONF_CTX_set_ssl_ctx;
- SSL_CONF_cmd;
- SSL_CONF_cmd_argv;
- SSL_CONF_cmd_value_type;
- SSL_trace;
- SSL_CIPHER_standard_name;
- SSL_get_tlsa_record_byname;
- ASN1_TIME_diff;
- BIO_hex_string;
- CMS_RecipientInfo_get0_pkey_ctx;
- CMS_RecipientInfo_encrypt;
- CMS_SignerInfo_get0_pkey_ctx;
- CMS_SignerInfo_get0_md_ctx;
- CMS_SignerInfo_get0_signature;
- CMS_RecipientInfo_kari_get0_alg;
- CMS_RecipientInfo_kari_get0_reks;
- CMS_RecipientInfo_kari_get0_orig_id;
- CMS_RecipientInfo_kari_orig_id_cmp;
- CMS_RecipientEncryptedKey_get0_id;
- CMS_RecipientEncryptedKey_cert_cmp;
- CMS_RecipientInfo_kari_set0_pkey;
- CMS_RecipientInfo_kari_get0_ctx;
- CMS_RecipientInfo_kari_decrypt;
- CMS_SharedInfo_encode;
- DH_compute_key_padded;
- d2i_DHxparams;
- i2d_DHxparams;
- DH_get_1024_160;
- DH_get_2048_224;
- DH_get_2048_256;
- DH_KDF_X9_42;
- ECDH_KDF_X9_62;
- ECDSA_METHOD_new;
- ECDSA_METHOD_free;
- ECDSA_METHOD_set_app_data;
- ECDSA_METHOD_get_app_data;
- ECDSA_METHOD_set_sign;
- ECDSA_METHOD_set_sign_setup;
- ECDSA_METHOD_set_verify;
- ECDSA_METHOD_set_flags;
- ECDSA_METHOD_set_name;
- EVP_des_ede3_wrap;
- EVP_aes_128_wrap;
- EVP_aes_192_wrap;
- EVP_aes_256_wrap;
- EVP_aes_128_cbc_hmac_sha256;
- EVP_aes_256_cbc_hmac_sha256;
- CRYPTO_128_wrap;
- CRYPTO_128_unwrap;
- OCSP_REQ_CTX_nbio;
- OCSP_REQ_CTX_new;
- OCSP_set_max_response_length;
- OCSP_REQ_CTX_i2d;
- OCSP_REQ_CTX_nbio_d2i;
- OCSP_REQ_CTX_get0_mem_bio;
- OCSP_REQ_CTX_http;
- RSA_padding_add_PKCS1_OAEP_mgf1;
- RSA_padding_check_PKCS1_OAEP_mgf1;
- RSA_OAEP_PARAMS_free;
- RSA_OAEP_PARAMS_it;
- RSA_OAEP_PARAMS_new;
- SSL_get_sigalgs;
- SSL_get_shared_sigalgs;
- SSL_check_chain;
- X509_chain_up_ref;
- X509_http_nbio;
- X509_CRL_http_nbio;
- X509_REVOKED_dup;
- i2d_re_X509_tbs;
- X509_get0_signature;
- X509_get_signature_nid;
- X509_CRL_diff;
- X509_chain_check_suiteb;
- X509_CRL_check_suiteb;
- X509_check_host;
- X509_check_email;
- X509_check_ip;
- X509_check_ip_asc;
- X509_STORE_set_lookup_crls_cb;
- X509_STORE_CTX_get0_store;
- X509_VERIFY_PARAM_set1_host;
- X509_VERIFY_PARAM_add1_host;
- X509_VERIFY_PARAM_set_hostflags;
- X509_VERIFY_PARAM_get0_peername;
- X509_VERIFY_PARAM_set1_email;
- X509_VERIFY_PARAM_set1_ip;
- X509_VERIFY_PARAM_set1_ip_asc;
- X509_VERIFY_PARAM_get0_name;
- X509_VERIFY_PARAM_get_count;
- X509_VERIFY_PARAM_get0;
- X509V3_EXT_free;
- EC_GROUP_get_mont_data;
- EC_curve_nid2nist;
- EC_curve_nist2nid;
- PEM_write_bio_DHxparams;
- PEM_write_DHxparams;
- SSL_CTX_add_client_custom_ext;
- SSL_CTX_add_server_custom_ext;
- SSL_extension_supported;
- BUF_strnlen;
- sk_deep_copy;
- SSL_test_functions;
-} OPENSSL_1.0.1d;
Index: sources/packages/n/openssl10/create-1.0.2u-versioned-symbols-patch/openssl-1.0.2u-new/engines/openssl.ld
===================================================================
--- sources/packages/n/openssl10/create-1.0.2u-versioned-symbols-patch/openssl-1.0.2u-new/engines/openssl.ld (revision 419)
+++ sources/packages/n/openssl10/create-1.0.2u-versioned-symbols-patch/openssl-1.0.2u-new/engines/openssl.ld (nonexistent)
@@ -1,10 +0,0 @@
-OPENSSL_1.0.0 {
- global:
- bind_engine;
- v_check;
- OPENSSL_init;
- OPENSSL_finish;
- local:
- *;
-};
-
Index: sources/packages/n/openssl10/create-1.0.2u-versioned-symbols-patch/openssl-1.0.2u-new/engines/ccgost/openssl.ld
===================================================================
--- sources/packages/n/openssl10/create-1.0.2u-versioned-symbols-patch/openssl-1.0.2u-new/engines/ccgost/openssl.ld (revision 419)
+++ sources/packages/n/openssl10/create-1.0.2u-versioned-symbols-patch/openssl-1.0.2u-new/engines/ccgost/openssl.ld (nonexistent)
@@ -1,10 +0,0 @@
-OPENSSL_1.0.0 {
- global:
- bind_engine;
- v_check;
- OPENSSL_init;
- OPENSSL_finish;
- local:
- *;
-};
-
Index: sources/packages/n/openssl10/create-1.0.2u-versioned-symbols-patch/openssl-1.0.2u-new/engines/ccgost
===================================================================
--- sources/packages/n/openssl10/create-1.0.2u-versioned-symbols-patch/openssl-1.0.2u-new/engines/ccgost (revision 419)
+++ sources/packages/n/openssl10/create-1.0.2u-versioned-symbols-patch/openssl-1.0.2u-new/engines/ccgost (nonexistent)
Property changes on: sources/packages/n/openssl10/create-1.0.2u-versioned-symbols-patch/openssl-1.0.2u-new/engines/ccgost
___________________________________________________________________
Deleted: svn:ignore
## -1,73 +0,0 ##
-
-# install dir
-dist
-
-# Target build dirs
-.a1x-newlib
-.a2x-newlib
-.at91sam7s-newlib
-
-.build-machine
-
-.a1x-glibc
-.a2x-glibc
-.h3-glibc
-.h5-glibc
-.i586-glibc
-.i686-glibc
-.imx6-glibc
-.jz47xx-glibc
-.makefile
-.am335x-glibc
-.omap543x-glibc
-.p5600-glibc
-.power8-glibc
-.power8le-glibc
-.power9-glibc
-.power9le-glibc
-.m1000-glibc
-.riscv64-glibc
-.rk328x-glibc
-.rk33xx-glibc
-.rk339x-glibc
-.s8xx-glibc
-.s9xx-glibc
-.x86_64-glibc
-
-# Hidden files (each file)
-.makefile
-.dist
-.rootfs
-
-# src & hw requires
-.src_requires
-.src_requires_depend
-.requires
-.requires_depend
-
-# Tarballs
-*.gz
-*.bz2
-*.lz
-*.xz
-*.tgz
-*.txz
-
-# Signatures
-*.asc
-*.sig
-*.sign
-*.sha1sum
-
-# Patches
-*.patch
-
-# Descriptions
-*.dsc
-*.txt
-
-# Default linux config files
-*.defconfig
-
-# backup copies
-*~
Index: sources/packages/n/openssl10/create-1.0.2u-versioned-symbols-patch/openssl-1.0.2u-new/engines
===================================================================
--- sources/packages/n/openssl10/create-1.0.2u-versioned-symbols-patch/openssl-1.0.2u-new/engines (revision 419)
+++ sources/packages/n/openssl10/create-1.0.2u-versioned-symbols-patch/openssl-1.0.2u-new/engines (nonexistent)
Property changes on: sources/packages/n/openssl10/create-1.0.2u-versioned-symbols-patch/openssl-1.0.2u-new/engines
___________________________________________________________________
Deleted: svn:ignore
## -1,73 +0,0 ##
-
-# install dir
-dist
-
-# Target build dirs
-.a1x-newlib
-.a2x-newlib
-.at91sam7s-newlib
-
-.build-machine
-
-.a1x-glibc
-.a2x-glibc
-.h3-glibc
-.h5-glibc
-.i586-glibc
-.i686-glibc
-.imx6-glibc
-.jz47xx-glibc
-.makefile
-.am335x-glibc
-.omap543x-glibc
-.p5600-glibc
-.power8-glibc
-.power8le-glibc
-.power9-glibc
-.power9le-glibc
-.m1000-glibc
-.riscv64-glibc
-.rk328x-glibc
-.rk33xx-glibc
-.rk339x-glibc
-.s8xx-glibc
-.s9xx-glibc
-.x86_64-glibc
-
-# Hidden files (each file)
-.makefile
-.dist
-.rootfs
-
-# src & hw requires
-.src_requires
-.src_requires_depend
-.requires
-.requires_depend
-
-# Tarballs
-*.gz
-*.bz2
-*.lz
-*.xz
-*.tgz
-*.txz
-
-# Signatures
-*.asc
-*.sig
-*.sign
-*.sha1sum
-
-# Patches
-*.patch
-
-# Descriptions
-*.dsc
-*.txt
-
-# Default linux config files
-*.defconfig
-
-# backup copies
-*~
Index: sources/packages/n/openssl10/create-1.0.2u-versioned-symbols-patch/openssl-1.0.2u-new
===================================================================
--- sources/packages/n/openssl10/create-1.0.2u-versioned-symbols-patch/openssl-1.0.2u-new (revision 419)
+++ sources/packages/n/openssl10/create-1.0.2u-versioned-symbols-patch/openssl-1.0.2u-new (nonexistent)
Property changes on: sources/packages/n/openssl10/create-1.0.2u-versioned-symbols-patch/openssl-1.0.2u-new
___________________________________________________________________
Deleted: svn:ignore
## -1,73 +0,0 ##
-
-# install dir
-dist
-
-# Target build dirs
-.a1x-newlib
-.a2x-newlib
-.at91sam7s-newlib
-
-.build-machine
-
-.a1x-glibc
-.a2x-glibc
-.h3-glibc
-.h5-glibc
-.i586-glibc
-.i686-glibc
-.imx6-glibc
-.jz47xx-glibc
-.makefile
-.am335x-glibc
-.omap543x-glibc
-.p5600-glibc
-.power8-glibc
-.power8le-glibc
-.power9-glibc
-.power9le-glibc
-.m1000-glibc
-.riscv64-glibc
-.rk328x-glibc
-.rk33xx-glibc
-.rk339x-glibc
-.s8xx-glibc
-.s9xx-glibc
-.x86_64-glibc
-
-# Hidden files (each file)
-.makefile
-.dist
-.rootfs
-
-# src & hw requires
-.src_requires
-.src_requires_depend
-.requires
-.requires_depend
-
-# Tarballs
-*.gz
-*.bz2
-*.lz
-*.xz
-*.tgz
-*.txz
-
-# Signatures
-*.asc
-*.sig
-*.sign
-*.sha1sum
-
-# Patches
-*.patch
-
-# Descriptions
-*.dsc
-*.txt
-
-# Default linux config files
-*.defconfig
-
-# backup copies
-*~
Index: sources/packages/n/openssl10/create-1.0.2u-versioned-symbols-patch/create.patch.sh
===================================================================
--- sources/packages/n/openssl10/create-1.0.2u-versioned-symbols-patch/create.patch.sh (revision 419)
+++ sources/packages/n/openssl10/create-1.0.2u-versioned-symbols-patch/create.patch.sh (nonexistent)
@@ -1,15 +0,0 @@
-#!/bin/sh
-
-VERSION=1.0.2u
-
-tar --files-from=file.list -xzvf ../openssl-$VERSION.tar.gz
-mv openssl-$VERSION openssl-$VERSION-orig
-
-cp -rf ./openssl-$VERSION-new ./openssl-$VERSION
-
-diff --unified -Nr openssl-$VERSION-orig openssl-$VERSION > openssl-$VERSION-versioned-symbols.patch
-
-mv openssl-$VERSION-versioned-symbols.patch ../patches
-
-rm -rf ./openssl-$VERSION
-rm -rf ./openssl-$VERSION-orig
Property changes on: sources/packages/n/openssl10/create-1.0.2u-versioned-symbols-patch/create.patch.sh
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: sources/packages/n/openssl10/create-1.0.2u-versioned-symbols-patch
===================================================================
--- sources/packages/n/openssl10/create-1.0.2u-versioned-symbols-patch (revision 419)
+++ sources/packages/n/openssl10/create-1.0.2u-versioned-symbols-patch (nonexistent)
Property changes on: sources/packages/n/openssl10/create-1.0.2u-versioned-symbols-patch
___________________________________________________________________
Deleted: svn:ignore
## -1,73 +0,0 ##
-
-# install dir
-dist
-
-# Target build dirs
-.a1x-newlib
-.a2x-newlib
-.at91sam7s-newlib
-
-.build-machine
-
-.a1x-glibc
-.a2x-glibc
-.h3-glibc
-.h5-glibc
-.i586-glibc
-.i686-glibc
-.imx6-glibc
-.jz47xx-glibc
-.makefile
-.am335x-glibc
-.omap543x-glibc
-.p5600-glibc
-.power8-glibc
-.power8le-glibc
-.power9-glibc
-.power9le-glibc
-.m1000-glibc
-.riscv64-glibc
-.rk328x-glibc
-.rk33xx-glibc
-.rk339x-glibc
-.s8xx-glibc
-.s9xx-glibc
-.x86_64-glibc
-
-# Hidden files (each file)
-.makefile
-.dist
-.rootfs
-
-# src & hw requires
-.src_requires
-.src_requires_depend
-.requires
-.requires_depend
-
-# Tarballs
-*.gz
-*.bz2
-*.lz
-*.xz
-*.tgz
-*.txz
-
-# Signatures
-*.asc
-*.sig
-*.sign
-*.sha1sum
-
-# Patches
-*.patch
-
-# Descriptions
-*.dsc
-*.txt
-
-# Default linux config files
-*.defconfig
-
-# backup copies
-*~
Index: sources/packages/n/openssl10/Makefile
===================================================================
--- sources/packages/n/openssl10/Makefile (revision 419)
+++ sources/packages/n/openssl10/Makefile (nonexistent)
@@ -1,63 +0,0 @@
-
-COMPONENT_TARGETS = $(HARDWARE_NOARCH)
-
-
-include ../../../../build-system/constants.mk
-
-
-url = $(DOWNLOAD_SERVER)/sources/packages/n/openssl10
-
-versions = 1.0.2u
-
-pkgname = openssl
-suffix = tar.gz
-
-tarballs = $(addsuffix .$(suffix), $(addprefix $(pkgname)-, $(versions)))
-sha1s = $(addsuffix .sha1sum, $(tarballs))
-
-patches = $(CURDIR)/patches/openssl-1.0.2u-versioned-symbols.patch
-patches += $(CURDIR)/patches/openssl-1.0.2u-shlib.patch
-patches += $(CURDIR)/patches/openssl-1.0.2u-pod.patch
-patches += $(CURDIR)/patches/openssl-1.0.2u-mips-O2.patch
-
-.NOTPARALLEL: $(patches)
-
-
-BUILD_TARGETS = $(tarballs) $(sha1s) $(patches)
-
-
-include ../../../../build-system/core.mk
-
-
-.PHONY: download_clean
-
-
-$(tarballs):
- @echo -e "\n======= Downloading source tarballs =======" ; \
- for tarball in $(tarballs) ; do \
- echo "$(url)/$$tarball" | xargs -n 1 -P 100 wget $(WGET_OPTIONS) - & \
- done ; wait
-
-$(sha1s): $(tarballs)
- @for sha in $@ ; do \
- echo -e "\n======= Downloading '$$sha' signature =======\n" ; \
- echo "$(url)/$$sha" | xargs -n 1 -P 100 wget $(WGET_OPTIONS) - & wait %1 ; \
- touch $$sha ; \
- echo -e "\n======= Check the '$$sha' sha1sum =======\n" ; \
- sha1sum --check $$sha ; ret="$$?" ; \
- if [ "$$ret" == "1" ]; then \
- echo -e "\n======= ERROR: Bad '$$sha' sha1sum =======\n" ; \
- exit 1 ; \
- fi ; \
- done
-
-$(patches): $(sha1s)
- @echo -e "\n======= Create Patches =======\n" ; \
- ( cd create-1.0.2u-versioned-symbols-patch ; ./create.patch.sh ) ; \
- ( cd create-1.0.2u-shlib-patch ; ./create.patch.sh ) ; \
- ( cd create-1.0.2u-pod-patch ; ./create.patch.sh ) ; \
- ( cd create-1.0.2u-mips-O2-patch ; ./create.patch.sh ) ; \
- echo -e "\n"
-
-download_clean:
- @rm -f $(tarballs) $(sha1s) $(patches)
Index: sources/packages/n/openssl10/create-1.0.2u-mips-O2-patch/file.list
===================================================================
--- sources/packages/n/openssl10/create-1.0.2u-mips-O2-patch/file.list (revision 419)
+++ sources/packages/n/openssl10/create-1.0.2u-mips-O2-patch/file.list (nonexistent)
@@ -1 +0,0 @@
-openssl-1.0.2u/Configure
Index: sources/packages/n/openssl10/create-1.0.2u-mips-O2-patch/openssl-1.0.2u-new/Configure
===================================================================
--- sources/packages/n/openssl10/create-1.0.2u-mips-O2-patch/openssl-1.0.2u-new/Configure (revision 419)
+++ sources/packages/n/openssl10/create-1.0.2u-mips-O2-patch/openssl-1.0.2u-new/Configure (nonexistent)
@@ -1,2327 +0,0 @@
-:
-eval 'exec perl -S $0 ${1+"$@"}'
- if $running_under_some_shell;
-##
-## Configure -- OpenSSL source tree configuration script
-##
-
-require 5.000;
-use strict;
-use File::Compare;
-
-# see INSTALL for instructions.
-
-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
-
-# Options:
-#
-# --openssldir install OpenSSL in OPENSSLDIR (Default: DIR/ssl if the
-# --prefix option is given; /usr/local/ssl otherwise)
-# --prefix prefix for the OpenSSL include, lib and bin directories
-# (Default: the OPENSSLDIR directory)
-#
-# --install_prefix Additional prefix for package builders (empty by
-# default). This needn't be set in advance, you can
-# just as well use "make INSTALL_PREFIX=/whatever install".
-#
-# --with-krb5-dir Declare where Kerberos 5 lives. The libraries are expected
-# to live in the subdirectory lib/ and the header files in
-# include/. A value is required.
-# --with-krb5-lib Declare where the Kerberos 5 libraries live. A value is
-# required.
-# (Default: KRB5_DIR/lib)
-# --with-krb5-include Declare where the Kerberos 5 header files live. A
-# value is required.
-# (Default: KRB5_DIR/include)
-# --with-krb5-flavor Declare what flavor of Kerberos 5 is used. Currently
-# supported values are "MIT" and "Heimdal". A value is required.
-#
-# --test-sanity Make a number of sanity checks on the data in this file.
-# This is a debugging tool for OpenSSL developers.
-#
-# --cross-compile-prefix Add specified prefix to binutils components.
-#
-# no-hw-xxx do not compile support for specific crypto hardware.
-# Generic OpenSSL-style methods relating to this support
-# are always compiled but return NULL if the hardware
-# support isn't compiled.
-# no-hw do not compile support for any crypto hardware.
-# [no-]threads [don't] try to create a library that is suitable for
-# multithreaded applications (default is "threads" if we
-# know how to do it)
-# [no-]shared [don't] try to create shared libraries when supported.
-# no-asm do not use assembler
-# no-dso do not compile in any native shared-library methods. This
-# will ensure that all methods just return NULL.
-# no-krb5 do not compile in any KRB5 library or code.
-# [no-]zlib [don't] compile support for zlib compression.
-# zlib-dynamic Like "zlib", but the zlib library is expected to be a shared
-# library and will be loaded in run-time by the OpenSSL library.
-# sctp include SCTP support
-# enable-weak-ssl-ciphers
-# Enable EXPORT and LOW SSLv3 ciphers that are disabled by
-# default. Note, weak SSLv2 ciphers are unconditionally
-# disabled.
-# 386 generate 80386 code in assembly modules
-# no-sse2 disables IA-32 SSE2 code in assembly modules, the above
-# mentioned '386' option implies this one
-# no-<cipher> build without specified algorithm (rsa, idea, rc5, ...)
-# -<xxx> +<xxx> compiler options are passed through
-#
-# DEBUG_SAFESTACK use type-safe stacks to enforce type-safety on stack items
-# provided to stack calls. Generates unique stack functions for
-# each possible stack type.
-# DES_PTR use pointer lookup vs arrays in the DES in crypto/des/des_locl.h
-# DES_RISC1 use different DES_ENCRYPT macro that helps reduce register
-# dependancies but needs to more registers, good for RISC CPU's
-# DES_RISC2 A different RISC variant.
-# DES_UNROLL unroll the inner DES loop, sometimes helps, somtimes hinders.
-# DES_INT use 'int' instead of 'long' for DES_LONG in crypto/des/des.h
-# This is used on the DEC Alpha where long is 8 bytes
-# and int is 4
-# BN_LLONG use the type 'long long' in crypto/bn/bn.h
-# MD2_CHAR use 'char' instead of 'int' for MD2_INT in crypto/md2/md2.h
-# MD2_LONG use 'long' instead of 'int' for MD2_INT in crypto/md2/md2.h
-# IDEA_SHORT use 'short' instead of 'int' for IDEA_INT in crypto/idea/idea.h
-# IDEA_LONG use 'long' instead of 'int' for IDEA_INT in crypto/idea/idea.h
-# RC2_SHORT use 'short' instead of 'int' for RC2_INT in crypto/rc2/rc2.h
-# RC2_LONG use 'long' instead of 'int' for RC2_INT in crypto/rc2/rc2.h
-# RC4_CHAR use 'char' instead of 'int' for RC4_INT in crypto/rc4/rc4.h
-# RC4_LONG use 'long' instead of 'int' for RC4_INT in crypto/rc4/rc4.h
-# RC4_INDEX define RC4_INDEX in crypto/rc4/rc4_locl.h. This turns on
-# array lookups instead of pointer use.
-# RC4_CHUNK enables code that handles data aligned at long (natural CPU
-# word) boundary.
-# RC4_CHUNK_LL enables code that handles data aligned at long long boundary
-# (intended for 64-bit CPUs running 32-bit OS).
-# BF_PTR use 'pointer arithmatic' for Blowfish (unsafe on Alpha).
-# BF_PTR2 intel specific version (generic version is more efficient).
-#
-# Following are set automatically by this script
-#
-# MD5_ASM use some extra md5 assember,
-# SHA1_ASM use some extra sha1 assember, must define L_ENDIAN for x86
-# RMD160_ASM use some extra ripemd160 assember,
-# SHA256_ASM sha256_block is implemented in assembler
-# SHA512_ASM sha512_block is implemented in assembler
-# AES_ASM ASE_[en|de]crypt is implemented in assembler
-
-# Minimum warning options... any contributions to OpenSSL should at least get
-# past these.
-
-my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wundef -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED";
-
-# TODO(openssl-team): fix problems and investigate if (at least) the following
-# warnings can also be enabled:
-# -Wconditional-uninitialized, -Wswitch-enum, -Wunused-macros,
-# -Wmissing-field-initializers, -Wmissing-variable-declarations,
-# -Wincompatible-pointer-types-discards-qualifiers, -Wcast-align,
-# -Wunreachable-code -Wunused-parameter -Wlanguage-extension-token
-# -Wextended-offsetof
-my $clang_disabled_warnings = "-Wno-unknown-warning-option -Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof";
-
-# These are used in addition to $gcc_devteam_warn when the compiler is clang.
-# TODO(openssl-team): fix problems and investigate if (at least) the
-# following warnings can also be enabled: -Wconditional-uninitialized,
-# -Wswitch-enum, -Wunused-macros, -Wmissing-field-initializers,
-# -Wmissing-variable-declarations,
-# -Wincompatible-pointer-types-discards-qualifiers, -Wcast-align,
-# -Wunreachable-code -Wunused-parameter -Wlanguage-extension-token
-# -Wextended-offsetof
-my $clang_devteam_warn = "-Wno-unknown-warning-option -Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Qunused-arguments";
-
-# Warn that "make depend" should be run?
-my $warn_make_depend = 0;
-
-my $strict_warnings = 0;
-
-my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
-
-# MD2_CHAR slags pentium pros
-my $x86_gcc_opts="RC4_INDEX MD2_INT";
-
-# MODIFY THESE PARAMETERS IF YOU ARE GOING TO USE THE 'util/speed.sh SCRIPT
-# Don't worry about these normally
-
-my $tcc="cc";
-my $tflags="-fast -Xa";
-my $tbn_mul="";
-my $tlib="-lnsl -lsocket";
-#$bits1="SIXTEEN_BIT ";
-#$bits2="THIRTY_TWO_BIT ";
-my $bits1="THIRTY_TWO_BIT ";
-my $bits2="SIXTY_FOUR_BIT ";
-
-my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o x86-gf2m.o::des-586.o crypt586.o:aes-586.o vpaes-x86.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o:cmll-x86.o:ghash-x86.o:";
-
-my $x86_elf_asm="$x86_asm:elf";
-
-my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o:ecp_nistz256.o ecp_nistz256-x86_64.o::aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o::rc4-x86_64.o rc4-md5-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o aesni-gcm-x86_64.o:";
-my $ia64_asm="ia64cpuid.o:bn-ia64.o ia64-mont.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::ghash-ia64.o::void";
-my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o::des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o:aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o::md5-sparcv9.o:sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o::::::camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o:ghash-sparcv9.o::void";
-my $sparcv8_asm=":sparcv8.o::des_enc-sparc.o fcrypt_b.o:::::::::::::void";
-my $alpha_asm="alphacpuid.o:bn_asm.o alpha-mont.o::::::sha1-alpha.o:::::::ghash-alpha.o::void";
-my $mips64_asm=":bn-mips.o mips-mont.o:::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o sha512-mips.o::::::::";
-my $mips32_asm=$mips64_asm; $mips32_asm =~ s/\s*sha512\-mips\.o//;
-my $s390x_asm="s390xcap.o s390xcpuid.o:bn-s390x.o s390x-mont.o s390x-gf2m.o:::aes-s390x.o aes-ctr.o aes-xts.o:::sha1-s390x.o sha256-s390x.o sha512-s390x.o::rc4-s390x.o:::::ghash-s390x.o:";
-my $armv4_asm="armcap.o armv4cpuid.o:bn_asm.o armv4-mont.o armv4-gf2m.o:::aes_cbc.o aes-armv4.o bsaes-armv7.o aesv8-armx.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::ghash-armv4.o ghashv8-armx.o::void";
-my $aarch64_asm="armcap.o arm64cpuid.o mem_clr.o::::aes_core.o aes_cbc.o aesv8-armx.o:::sha1-armv8.o sha256-armv8.o sha512-armv8.o:::::::ghashv8-armx.o:";
-my $parisc11_asm="pariscid.o:bn_asm.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::32";
-my $parisc20_asm="pariscid.o:pa-risc2W.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::64";
-my $ppc64_asm="ppccpuid.o ppccap.o:bn-ppc.o ppc-mont.o ppc64-mont.o:::aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o:::sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o:::::::ghashp8-ppc.o:";
-my $ppc32_asm=$ppc64_asm;
-my $no_asm="::::::::::::::::void";
-
-# As for $BSDthreads. Idea is to maintain "collective" set of flags,
-# which would cover all BSD flavors. -pthread applies to them all,
-# but is treated differently. OpenBSD expands is as -D_POSIX_THREAD
-# -lc_r, which is sufficient. FreeBSD 4.x expands it as -lc_r,
-# which has to be accompanied by explicit -D_THREAD_SAFE and
-# sometimes -D_REENTRANT. FreeBSD 5.x expands it as -lc_r, which
-# seems to be sufficient?
-my $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT";
-
-#config-string $cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $cpuid_obj : $bn_obj : $ec_obj : $des_obj : $aes_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $wp_obj : $cmll_obj : $modes_obj : $engines_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib : $arflags : $multilib
-
-my %table=(
-# File 'TABLE' (created by 'make TABLE') contains the data from this list,
-# formatted for better readability.
-
-
-#"b", "${tcc}:${tflags}::${tlib}:${bits1}:${tbn_mul}::",
-#"bl-4c-2c", "${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR MD2_CHAR:${tbn_mul}::",
-#"bl-4c-ri", "${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR RC4_INDEX:${tbn_mul}::",
-#"b2-is-ri-dp", "${tcc}:${tflags}::${tlib}:${bits2}IDEA_SHORT RC4_INDEX DES_PTR:${tbn_mul}::",
-
-# Our development configs
-"purify", "purify gcc:-g -DPURIFY -Wall::(unknown)::-lsocket -lnsl::::",
-"debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::-lefence::::",
-"debug-ben", "gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DDEBUG_SAFESTACK -O2 -pipe::(unknown):::::",
-"debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
-"debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
-"debug-ben-debug", "gcc44:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O2 -pipe::(unknown)::::::",
-"debug-ben-debug-64", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-ben-macos", "cc:$gcc_devteam_warn -arch i386 -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -DL_ENDIAN -g3 -pipe::(unknown)::-Wl,-search_paths_first::::",
-"debug-ben-macos-gcc46", "gcc-mp-4.6:$gcc_devteam_warn -Wconversion -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -DL_ENDIAN -g3 -pipe::(unknown)::::::",
-"debug-ben-darwin64","cc:$gcc_devteam_warn -g -Wno-language-extension-token -Wno-extended-offsetof -arch x86_64 -O3 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-"debug-ben-debug-64-clang", "clang:$gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-ben-no-opt", "gcc: -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -DTERMIOS -Wall -g3::(unknown)::::::",
-"debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
-"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-bodo", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-geoff32","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-geoff64","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
-"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
-"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-ia32-aes", "gcc:-DAES_EXPERIMENTAL -DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:x86cpuid.o:bn-586.o co-586.o x86-mont.o::des-586.o crypt586.o:aes_x86core.o aes_cbc.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o::ghash-x86.o::elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"dist", "cc:-O::(unknown)::::::",
-
-# Basic configs that should work on any (32 and less bit) box
-"gcc", "gcc:-O3::(unknown):::BN_LLONG:::",
-"cc", "cc:-O::(unknown)::::::",
-
-####VOS Configurations
-"vos-gcc","gcc:-O3 -Wall -DOPENSSL_SYSNAME_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm}:::::.so:",
-"debug-vos-gcc","gcc:-O0 -g -Wall -DOPENSSL_SYSNAME_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm}:::::.so:",
-
-#### Solaris x86 with GNU C setups
-# -DOPENSSL_NO_INLINE_ASM switches off inline assembler. We have to do it
-# here because whenever GNU C instantiates an assembler template it
-# surrounds it with #APP #NO_APP comment pair which (at least Solaris
-# 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic"
-# error message.
-"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -march=pentium -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# -shared -static-libgcc might appear controversial, but modules taken
-# from static libgcc do not have relocations and linking them into our
-# shared objects doesn't have any negative side-effects. On the contrary,
-# doing so makes it possible to use gcc shared build with Sun C. Given
-# that gcc generates faster code [thanks to inline assembler], I would
-# actually recommend to consider using gcc shared build even with vendor
-# compiler:-)
-# <appro@fy.chalmers.se>
-"solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
-
-#### Solaris x86 with Sun C setups
-"solaris-x86-cc","cc:-fast -xarch=generic -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
-
-#### SPARC Solaris with GNU C setups
-"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv8-gcc","gcc:-mcpu=v8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc
-"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
-####
-"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=v8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-#### SPARC Solaris with Sun C setups
-# SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2.
-# SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8
-# SC5.0 note: Compiler common patch 107357-01 or later is required!
-"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
-####
-"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-#### SunOS configs, assuming sparc for the gcc one.
-#"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::",
-"sunos-gcc","gcc:-O3 -mcpu=v8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::",
-
-#### IRIX 5.x configs
-# -mips2 flag is added by ./config when appropriate.
-"irix-gcc","gcc:-O3 -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix-cc", "cc:-O2 -use_readonly_const -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-#### IRIX 6.x configs
-# Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
-# './Configure irix-cc -o32' manually.
-"irix-mips3-gcc","gcc:-mabi=n32 -O3 -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
-"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
-# N64 ABI builds.
-"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-
-#### Unified HP-UX ANSI C configs.
-# Special notes:
-# - Originally we were optimizing at +O4 level. It should be noted
-# that the only difference between +O3 and +O4 is global inter-
-# procedural analysis. As it has to be performed during the link
-# stage the compiler leaves behind certain pseudo-code in lib*.a
-# which might be release or even patch level specific. Generating
-# the machine code for and analyzing the *whole* program appears
-# to be *extremely* memory demanding while the performance gain is
-# actually questionable. The situation is intensified by the default
-# HP-UX data set size limit (infamous 'maxdsiz' tunable) of 64MB
-# which is way too low for +O4. In other words, doesn't +O3 make
-# more sense?
-# - Keep in mind that the HP compiler by default generates code
-# suitable for execution on the host you're currently compiling at.
-# If the toolkit is ment to be used on various PA-RISC processors
-# consider './config +DAportable'.
-# - +DD64 is chosen in favour of +DA2.0W because it's meant to be
-# compatible with *future* releases.
-# - If you run ./Configure hpux-parisc-[g]cc manually don't forget to
-# pass -D_REENTRANT on HP-UX 10 and later.
-# - -DMD32_XARRAY triggers workaround for compiler bug we ran into in
-# 32-bit message digests. (For the moment of this writing) HP C
-# doesn't seem to "digest" too many local variables (they make "him"
-# chew forever:-). For more details look-up MD32_XARRAY comment in
-# crypto/sha/sha_lcl.h.
-# <appro@fy.chalmers.se>
-#
-# Since there is mention of this in shlib/hpux10-cc.sh
-"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc1_1-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${parisc11_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa1.1",
-"hpux-parisc2-gcc","gcc:-march=2.0 -O3 -DB_ENDIAN -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL DES_RISC1:".eval{my $asm=$parisc20_asm;$asm=~s/2W\./2\./;$asm=~s/:64/:32/;$asm}.":dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_32",
-"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2W.o:::::::::::::::void:dlfcn:hpux-shared:-fpic:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_64",
-
-# More attempts at unified 10.X and 11.X targets for HP C compiler.
-#
-# Chris Ruemmler <ruemmler@cup.hp.com>
-# Kevin Steves <ks@hp.se>
-"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc1_1-cc","cc:+DA1.1 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${parisc11_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa1.1",
-"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:".eval{my $asm=$parisc20_asm;$asm=~s/2W\./2\./;$asm=~s/:64/:32/;$asm}.":dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_32",
-"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${parisc20_asm}:dlfcn:hpux-shared:+Z:+DD64 -b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_64",
-
-# HP/UX IA-64 targets
-"hpux-ia64-cc","cc:-Ae +DD32 +O2 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD32 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux32",
-# Frank Geurts <frank.geurts@nl.abnamro.com> has patiently assisted with
-# with debugging of the following config.
-"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD64 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux64",
-# GCC builds...
-"hpux-ia64-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux32",
-"hpux64-ia64-gcc","gcc:-mlp64 -O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-mlp64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux64",
-
-# Legacy HPUX 9.X configs...
-"hpux-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O2 -z::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-#### HP MPE/iX http://jazz.external.hp.com/src/openssl/
-"MPE/iX-gcc", "gcc:-DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):MPE:-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
-
-# DEC Alpha OSF/1/Tru64 targets.
-#
-# "What's in a name? That which we call a rose
-# By any other word would smell as sweet."
-#
-# - William Shakespeare, "Romeo & Juliet", Act II, scene II.
-#
-# For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version
-#
-"osf1-alpha-gcc", "gcc:-O3::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
-"osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
-"tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so",
-
-####
-#### Variety of LINUX:-)
-####
-# *-generic* is endian-neutral target, but ./config is free to
-# throw in -D[BL]_ENDIAN, whichever appropriate...
-"linux-generic32","gcc:-O2 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ppc", "gcc:-DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-#######################################################################
-# Note that -march is not among compiler options in below linux-armv4
-# target line. Not specifying one is intentional to give you choice to:
-#
-# a) rely on your compiler default by not specifying one;
-# b) specify your target platform explicitly for optimal performance,
-# e.g. -march=armv6 or -march=armv7-a;
-# c) build "universal" binary that targets *range* of platforms by
-# specifying minimum and maximum supported architecture;
-#
-# As for c) option. It actually makes no sense to specify maximum to be
-# less than ARMv7, because it's the least requirement for run-time
-# switch between platform-specific code paths. And without run-time
-# switch performance would be equivalent to one for minimum. Secondly,
-# there are some natural limitations that you'd have to accept and
-# respect. Most notably you can *not* build "universal" binary for
-# big-endian platform. This is because ARMv7 processor always picks
-# instructions in little-endian order. Another similar limitation is
-# that -mthumb can't "cross" -march=armv6t2 boundary, because that's
-# where it became Thumb-2. Well, this limitation is a bit artificial,
-# because it's not really impossible, but it's deemed too tricky to
-# support. And of course you have to be sure that your binutils are
-# actually up to the task of handling maximum target platform. With all
-# this in mind here is an example of how to configure "universal" build:
-#
-# ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8
-#
-"linux-armv4", "gcc: -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-aarch64","gcc: -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# Configure script adds minimally required -march for assembly support,
-# if no -march was specified at command line. mips32 and mips64 below
-# refer to contemporary MIPS Architecture specifications, MIPS32 and
-# MIPS64, rather than to kernel bitness.
-"linux-mips32", "gcc:-mabi=32 -O2 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-mips64", "gcc:-mabi=n32 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:n32:dlfcn:linux-shared:-fPIC:-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
-"linux64-mips64", "gcc:-mabi=64 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:64:dlfcn:linux-shared:-fPIC:-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-#### IA-32 targets...
-"linux-ia32-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-aout", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
-####
-"linux-generic64","gcc:-O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ppc64", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"linux-ppc64le","gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:$ppc64_asm:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::",
-"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-x86_64", "gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"linux-x86_64-clang", "clang: -m64 -DL_ENDIAN -O3 -Wall -Wextra $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"debug-linux-x86_64-clang", "clang: -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall -Wextra $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"linux-x86_64-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"linux-x32", "gcc:-mx32 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
-"linux64-s390x", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-#### So called "highgprs" target for z/Architecture CPUs
-# "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
-# /proc/cpuinfo. The idea is to preserve most significant bits of
-# general purpose registers not only upon 32-bit process context
-# switch, but even on asynchronous signal delivery to such process.
-# This makes it possible to deploy 64-bit instructions even in legacy
-# application context and achieve better [or should we say adequate]
-# performance. The build is binary compatible with linux-generic32,
-# and the idea is to be able to install the resulting libcrypto.so
-# alongside generic one, e.g. as /lib/highgprs/libcrypto.so.x.y, for
-# ldconfig and run-time linker to autodiscover. Unfortunately it
-# doesn't work just yet, because of couple of bugs in glibc
-# sysdeps/s390/dl-procinfo.c affecting ldconfig and ld.so.1...
-"linux32-s390x", "gcc:-m31 -Wa,-mzarch -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/highgprs",
-#### SPARC Linux setups
-# Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
-# assisted with debugging of following two configs.
-"linux-sparcv8","gcc:-mcpu=v8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# it's a real mess with -mcpu=ultrasparc option under Linux, but
-# -Wa,-Av8plus should do the trick no matter what.
-"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# GCC 3.1 is a requirement
-"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-#### Alpha Linux with GNU C and Compaq C setups
-# Special notes:
-# - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
-# ought to run './Configure linux-alpha+bwx-gcc' manually, do
-# complement the command line with -mcpu=ev56, -mcpu=ev6 or whatever
-# which is appropriate.
-# - If you use ccc keep in mind that -fast implies -arch host and the
-# compiler is free to issue instructions which gonna make elder CPU
-# choke. If you wish to build "blended" toolkit, add -arch generic
-# *after* -fast and invoke './Configure linux-alpha-ccc' manually.
-#
-# <appro@fy.chalmers.se>
-#
-"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
-"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
-
-# Android: linux-* but without pointers to headers and libs.
-"android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"android-armv7","gcc:-march=armv7-a -mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"android-mips","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"android64-aarch64","gcc:-mandroid -fPIC -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -Wall::-D_REENTRANT::-pie%-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-#### *BSD [do see comment about ${BSDthreads} above!]
-"BSD-generic32","gcc:-O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-x86", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-sparcv8", "gcc:-DB_ENDIAN -O3 -mcpu=v8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-"BSD-generic64","gcc:-O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# -DMD32_REG_T=int doesn't actually belong in sparc64 target, it
-# simply *happens* to work around a compiler bug in gcc 3.3.3,
-# triggered by RIPEMD160 code.
-"BSD-sparc64", "gcc:-DB_ENDIAN -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:${sparcv9_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-ia64", "gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-x86_64", "cc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-"bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-"nextstep", "cc:-O -Wall:<libc.h>:(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
-"nextstep3.3", "cc:-O3 -Wall:<libc.h>:(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
-
-# NCR MP-RAS UNIX ver 02.03.01
-"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown)::-lsocket -lnsl -lc89:${x86_gcc_des} ${x86_gcc_opts}:::",
-
-# QNX
-"qnx4", "cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:",
-"QNX6", "gcc:::::-lsocket::${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"QNX6-i386", "gcc:-DL_ENDIAN -O2 -Wall::::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-# BeOS
-"beos-x86-r5", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -mcpu=pentium -Wall::-D_REENTRANT:BEOS:-lbe -lnet:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:beos:beos-shared:-fPIC -DPIC:-shared:.so",
-"beos-x86-bone", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -mcpu=pentium -Wall::-D_REENTRANT:BEOS:-lbe -lbind -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:beos:beos-shared:-fPIC:-shared:.so",
-
-#### SCO/Caldera targets.
-#
-# Originally we had like unixware-*, unixware-*-pentium, unixware-*-p6, etc.
-# Now we only have blended unixware-* as it's the only one used by ./config.
-# If you want to optimize for particular microarchitecture, bypass ./config
-# and './Configure unixware-7 -Kpentium_pro' or whatever appropriate.
-# Note that not all targets include assembler support. Mostly because of
-# lack of motivation to support out-of-date platforms with out-of-date
-# compiler drivers and assemblers. Tim Rice <tim@multitalents.net> has
-# patiently assisted to debug most of it.
-#
-# UnixWare 2.0x fails destest with -O.
-"unixware-2.0","cc:-DFILIO_H -DNO_STRINGS_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
-"unixware-2.1","cc:-O -DFILIO_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
-"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}-1:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -march=pentium -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}-1:dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the SCO cc.
-"sco5-cc", "cc:-belf::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}-1:dlfcn:svr3-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}-1:dlfcn:svr3-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-#### IBM's AIX.
-"aix3-cc", "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::",
-"aix-gcc", "gcc:-O -DB_ENDIAN::-pthread:AIX::BN_LLONG RC4_CHAR:${ppc32_asm}:aix32:dlfcn:aix-shared::-shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X32",
-"aix64-gcc","gcc:-maix64 -O -DB_ENDIAN::-pthread:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:${ppc64_asm}:aix64:dlfcn:aix-shared::-maix64 -shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X64",
-# Below targets assume AIX 5. Idea is to effectively disregard $OBJECT_MODE
-# at build time. $OBJECT_MODE is respected at ./config stage!
-"aix-cc", "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::BN_LLONG RC4_CHAR:${ppc32_asm}:aix32:dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32",
-"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:${ppc64_asm}:aix64:dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64",
-
-#
-# Cray T90 and similar (SDSC)
-# It's Big-endian, but the algorithms work properly when B_ENDIAN is NOT
-# defined. The T90 ints and longs are 8 bytes long, and apparently the
-# B_ENDIAN code assumes 4 byte ints. Fortunately, the non-B_ENDIAN and
-# non L_ENDIAN code aligns the bytes in each word correctly.
-#
-# The BIT_FIELD_LIMITS define is to avoid two fatal compiler errors:
-#'Taking the address of a bit field is not allowed. '
-#'An expression with bit field exists as the operand of "sizeof" '
-# (written by Wayne Schroeder <schroede@SDSC.EDU>)
-#
-# j90 is considered the base machine type for unicos machines,
-# so this configuration is now called "cray-j90" ...
-"cray-j90", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown):CRAY::SIXTY_FOUR_BIT_LONG DES_INT:::",
-
-#
-# Cray T3E (Research Center Juelich, beckman@acl.lanl.gov)
-#
-# The BIT_FIELD_LIMITS define was written for the C90 (it seems). I added
-# another use. Basically, the problem is that the T3E uses some bit fields
-# for some st_addr stuff, and then sizeof and address-of fails
-# I could not use the ams/alpha.o option because the Cray assembler, 'cam'
-# did not like it.
-"cray-t3e", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown):CRAY::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:::",
-
-# DGUX, 88100.
-"dgux-R3-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown):::RC4_INDEX DES_UNROLL:::",
-"dgux-R4-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lnsl -lsocket:RC4_INDEX DES_UNROLL:::",
-"dgux-R4-x86-gcc", "gcc:-O3 -fomit-frame-pointer -DL_ENDIAN::(unknown)::-lnsl -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-
-# Sinix/ReliantUNIX RM400
-# NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g */
-"ReliantUNIX","cc:-KPIC -g -DTERMIOS -DB_ENDIAN::-Kthread:SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${no_asm}:dlfcn:reliantunix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"SINIX","cc:-O::(unknown):SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:RC4_INDEX RC4_CHAR:::",
-"SINIX-N","/usr/ucb/cc:-O2 -misaligned::(unknown)::-lucb:RC4_INDEX RC4_CHAR:::",
-
-# SIEMENS BS2000/OSD: an EBCDIC-based mainframe
-"BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DCHARSET_EBCDIC::(unknown)::-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
-
-# OS/390 Unix an EBCDIC-based Unix system on IBM mainframe
-# You need to compile using the c89.sh wrapper in the tools directory, because the
-# IBM compiler does not like the -L switch after any object modules.
-#
-"OS390-Unix","c89.sh:-O -DB_ENDIAN -DCHARSET_EBCDIC -DNO_SYS_PARAM_H -D_ALL_SOURCE::(unknown):::THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
-
-# Visual C targets
-#
-# Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64
-"VC-WIN64I","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o ia64-mont.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ghash-ia64.o::ias:win32",
-"VC-WIN64A","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:".eval{my $asm=$x86_64_asm;$asm=~s/x86_64-gcc\.o/bn_asm.o/;$asm}.":auto:win32",
-"debug-VC-WIN64I","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ghash-ia64.o::ias:win32",
-"debug-VC-WIN64A","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:".eval{my $asm=$x86_64_asm;$asm=~s/x86_64-gcc\.o/bn_asm.o/;$asm}.":auto:win32",
-# x86 Win32 target defaults to ANSI API, if you want UNICODE, complement
-# 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE'
-"VC-WIN32","cl:-W3 -WX -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_WINSOCK_DEPRECATED_NO_WARNINGS:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
-# Unified CE target
-"debug-VC-WIN32","cl:-W3 -WX -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_WINSOCK_DEPRECATED_NO_WARNINGS:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
-"VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32",
-
-# Borland C++ 4.5
-"BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN:${no_asm}:win32",
-
-# MinGW
-"mingw", "gcc:-mno-cygwin -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -fomit-frame-pointer -O3 -march=i486 -Wall::-D_MT:MINGW32:-lws2_32 -lgdi32 -lcrypt32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts} EXPORT_VAR_AS_FN:${x86_asm}:coff:win32:cygwin-shared:-D_WINDLL -DOPENSSL_USE_APPLINK:-mno-cygwin:.dll.a",
-# As for OPENSSL_USE_APPLINK. Applink makes it possible to use .dll
-# compiled with one compiler with application compiled with another
-# compiler. It's possible to engage Applink support in mingw64 build,
-# but it's not done, because till mingw64 supports structured exception
-# handling, one can't seriously consider its binaries for using with
-# non-mingw64 run-time environment. And as mingw64 is always consistent
-# with itself, Applink is never engaged and can as well be omitted.
-"mingw64", "gcc:-mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE::-D_MT:MINGW64:-lws2_32 -lgdi32 -lcrypt32:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${x86_64_asm}:mingw64:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll.a",
-
-# UWIN
-"UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32",
-
-# Cygwin
-"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:coff:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",
-"Cygwin-x86_64", "gcc:-DTERMIOS -DL_ENDIAN -O3 -Wall:::CYGWIN::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:mingw64:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",
-
-# NetWare from David Ward (dsward@novell.com)
-# requires either MetroWerks NLM development tools, or gcc / nlmconv
-# NetWare defaults socket bio to WinSock sockets. However,
-# the builds can be configured to use BSD sockets instead.
-# netware-clib => legacy CLib c-runtime support
-"netware-clib", "mwccnlm::::::${x86_gcc_opts}::",
-"netware-clib-bsdsock", "mwccnlm::::::${x86_gcc_opts}::",
-"netware-clib-gcc", "i586-netware-gcc:-nostdinc -I/ndk/nwsdk/include/nlm -I/ndk/ws295sdk/include -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYSNAME_NETWARE -O2 -Wall:::::${x86_gcc_opts}::",
-"netware-clib-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/nwsdk/include/nlm -DNETWARE_BSDSOCK -DNETDB_USE_INTERNET -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYSNAME_NETWARE -O2 -Wall:::::${x86_gcc_opts}::",
-# netware-libc => LibC/NKS support
-"netware-libc", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::",
-"netware-libc-bsdsock", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::",
-"netware-libc-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -I/ndk/libc/include/winsock -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::",
-"netware-libc-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -DNETWARE_BSDSOCK -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::",
-
-# DJGPP
-"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIO -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:",
-
-# Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
-"ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::",
-"ultrix-gcc","gcc:-O3 -DL_ENDIAN::(unknown):::BN_LLONG::::",
-# K&R C is no longer supported; you need gcc on old Ultrix installations
-##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN::(unknown):::::::",
-
-##### MacOS X (a.k.a. Rhapsody or Darwin) setup
-"rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX_RHAPSODY::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}::",
-"darwin-ppc-cc","cc:-arch ppc -O3 -DB_ENDIAN -Wa,-force_cpusubtype_ALL::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc32_asm}:osx32:dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-"darwin64-ppc-cc","cc:-arch ppc64 -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc64_asm}:osx64:dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-"darwin-i386-cc","cc:-arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:".eval{my $asm=$x86_asm;$asm=~s/cast\-586\.o//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-"debug-darwin-i386-cc","cc:-arch i386 -g3 -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:${x86_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-"darwin64-x86_64-cc","cc:-arch x86_64 -O3 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-"debug-darwin64-x86_64-cc","cc:-arch x86_64 -ggdb -g2 -O0 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-"debug-darwin-ppc-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc32_asm}:osx32:dlfcn:darwin-shared:-fPIC:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-# iPhoneOS/iOS
-"iphoneos-cross","llvm-gcc:-O3 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fomit-frame-pointer -fno-common::-D_REENTRANT:iOS:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-
-##### A/UX
-"aux3-gcc","gcc:-O2 -DTERMIO::(unknown):AUX:-lbsd:RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
-
-##### Sony NEWS-OS 4.x
-"newsos4-gcc","gcc:-O -DB_ENDIAN::(unknown):NEWS4:-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::",
-
-##### GNU Hurd
-"hurd-x86", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC",
-
-##### OS/2 EMX
-"OS2-EMX", "gcc::::::::",
-
-##### VxWorks for various targets
-"vxworks-ppc60x","ccppc:-D_REENTRANT -mrtp -mhard-float -mstrict-align -fno-implicit-fp -DPPC32_fp60x -O2 -fstrength-reduce -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/usr/h/wrn/coreip:::VXWORKS:-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/ppc/PPC32/common:::::",
-"vxworks-ppcgen","ccppc:-D_REENTRANT -mrtp -msoft-float -mstrict-align -O1 -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/usr/h/wrn/coreip:::VXWORKS:-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/ppc/PPC32/sfcommon:::::",
-"vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::",
-"vxworks-ppc750","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h \$(DEBUG_FLAG):::VXWORKS:-r:::::",
-"vxworks-ppc750-debug","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g:::VXWORKS:-r:::::",
-"vxworks-ppc860","ccppc:-nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::",
-"vxworks-simlinux","ccpentium:-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\" -DL_ENDIAN -DCPU=SIMLINUX -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I\$(WIND_BASE)/target/h -I\$(WIND_BASE)/target/h/wrn/coreip -DOPENSSL_NO_HW_PADLOCK:::VXWORKS:-r::${no_asm}::::::ranlibpentium:",
-"vxworks-mips","ccmips:-mrtp -mips2 -O -G 0 -B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\" -DCPU=MIPS32 -msoft-float -mno-branch-likely -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/h/wrn/coreip::-D_REENTRANT:VXWORKS:-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/mips/MIPSI32/sfcommon::${mips32_asm}:o32::::::ranlibmips:",
-
-##### Compaq Non-Stop Kernel (Tandem)
-"tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown):::THIRTY_TWO_BIT:::",
-
-# uClinux
-"uClinux-dist","$ENV{'CC'}:\$(CFLAGS)::-D_REENTRANT::\$(LDFLAGS) \$(LDLIBS):BN_LLONG:${no_asm}:$ENV{'LIBSSL_dlfcn'}:linux-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):$ENV{'RANLIB'}::",
-"uClinux-dist64","$ENV{'CC'}:\$(CFLAGS)::-D_REENTRANT::\$(LDFLAGS) \$(LDLIBS):SIXTY_FOUR_BIT_LONG:${no_asm}:$ENV{'LIBSSL_dlfcn'}:linux-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):$ENV{'RANLIB'}::",
-
-);
-
-my @MK1MF_Builds=qw(VC-WIN64I VC-WIN64A
- debug-VC-WIN64I debug-VC-WIN64A
- VC-NT VC-CE VC-WIN32 debug-VC-WIN32
- BC-32
- netware-clib netware-clib-bsdsock
- netware-libc netware-libc-bsdsock);
-
-my $idx = 0;
-my $idx_cc = $idx++;
-my $idx_cflags = $idx++;
-my $idx_unistd = $idx++;
-my $idx_thread_cflag = $idx++;
-my $idx_sys_id = $idx++;
-my $idx_lflags = $idx++;
-my $idx_bn_ops = $idx++;
-my $idx_cpuid_obj = $idx++;
-my $idx_bn_obj = $idx++;
-my $idx_ec_obj = $idx++;
-my $idx_des_obj = $idx++;
-my $idx_aes_obj = $idx++;
-my $idx_bf_obj = $idx++;
-my $idx_md5_obj = $idx++;
-my $idx_sha1_obj = $idx++;
-my $idx_cast_obj = $idx++;
-my $idx_rc4_obj = $idx++;
-my $idx_rmd160_obj = $idx++;
-my $idx_rc5_obj = $idx++;
-my $idx_wp_obj = $idx++;
-my $idx_cmll_obj = $idx++;
-my $idx_modes_obj = $idx++;
-my $idx_engines_obj = $idx++;
-my $idx_perlasm_scheme = $idx++;
-my $idx_dso_scheme = $idx++;
-my $idx_shared_target = $idx++;
-my $idx_shared_cflag = $idx++;
-my $idx_shared_ldflag = $idx++;
-my $idx_shared_extension = $idx++;
-my $idx_ranlib = $idx++;
-my $idx_arflags = $idx++;
-my $idx_multilib = $idx++;
-
-my $prefix="";
-my $libdir="";
-my $openssldir="";
-my $exe_ext="";
-my $install_prefix= "$ENV{'INSTALL_PREFIX'}";
-my $cross_compile_prefix="";
-my $fipsdir="/usr/local/ssl/fips-2.0";
-my $fipslibdir="";
-my $baseaddr="0xFB00000";
-my $no_threads=0;
-my $threads=0;
-my $no_shared=0; # but "no-shared" is default
-my $zlib=1; # but "no-zlib" is default
-my $no_krb5=0; # but "no-krb5" is implied unless "--with-krb5-..." is used
-my $no_rfc3779=1; # but "no-rfc3779" is default
-my $no_asm=0;
-my $no_dso=0;
-my $no_gmp=0;
-my @skip=();
-my $Makefile="Makefile";
-my $des_locl="crypto/des/des_locl.h";
-my $des ="crypto/des/des.h";
-my $bn ="crypto/bn/bn.h";
-my $md2 ="crypto/md2/md2.h";
-my $rc4 ="crypto/rc4/rc4.h";
-my $rc4_locl="crypto/rc4/rc4_locl.h";
-my $idea ="crypto/idea/idea.h";
-my $rc2 ="crypto/rc2/rc2.h";
-my $bf ="crypto/bf/bf_locl.h";
-my $bn_asm ="bn_asm.o";
-my $des_enc="des_enc.o fcrypt_b.o";
-my $aes_enc="aes_core.o aes_cbc.o";
-my $bf_enc ="bf_enc.o";
-my $cast_enc="c_enc.o";
-my $rc4_enc="rc4_enc.o rc4_skey.o";
-my $rc5_enc="rc5_enc.o";
-my $md5_obj="";
-my $sha1_obj="";
-my $rmd160_obj="";
-my $cmll_enc="camellia.o cmll_misc.o cmll_cbc.o";
-my $processor="";
-my $default_ranlib;
-my $perl;
-my $fips=0;
-
-if (exists $ENV{FIPSDIR})
- {
- $fipsdir = $ENV{FIPSDIR};
- $fipsdir =~ s/\/$//;
- }
-
-# All of the following is disabled by default (RC5 was enabled before 0.9.8):
-
-my %disabled = ( # "what" => "comment" [or special keyword "experimental"]
- "ec_nistp_64_gcc_128" => "default",
- "gmp" => "default",
- "jpake" => "experimental",
- "libunbound" => "experimental",
- "md2" => "default",
- "rc5" => "default",
- "rfc3779" => "default",
- "sctp" => "default",
- "shared" => "default",
- "ssl-trace" => "default",
- "ssl2" => "default",
- "store" => "experimental",
- "unit-test" => "default",
- "weak-ssl-ciphers" => "default",
- "zlib" => "default",
- "zlib-dynamic" => "default"
- );
-my @experimental = ();
-
-# This is what $depflags will look like with the above defaults
-# (we need this to see if we should advise the user to run "make depend"):
-my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_LIBUNBOUND -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS";
-
-# Explicit "no-..." options will be collected in %disabled along with the defaults.
-# To remove something from %disabled, use "enable-foo" (unless it's experimental).
-# For symmetry, "disable-foo" is a synonym for "no-foo".
-
-# For features called "experimental" here, a more explicit "experimental-foo" is needed to enable.
-# We will collect such requests in @experimental.
-# To avoid accidental use of experimental features, applications will have to use -DOPENSSL_EXPERIMENTAL_FOO.
-
-
-my $no_sse2=0;
-
-&usage if ($#ARGV < 0);
-
-my $flags;
-my $depflags;
-my $openssl_experimental_defines;
-my $openssl_algorithm_defines;
-my $openssl_thread_defines;
-my $openssl_sys_defines="";
-my $openssl_other_defines;
-my $libs;
-my $libkrb5="";
-my $target;
-my $options;
-my $symlink;
-my $make_depend=0;
-my %withargs=();
-
-my @argvcopy=@ARGV;
-my $argvstring="";
-my $argv_unprocessed=1;
-
-while($argv_unprocessed)
- {
- $flags="";
- $depflags="";
- $openssl_experimental_defines="";
- $openssl_algorithm_defines="";
- $openssl_thread_defines="";
- $openssl_sys_defines="";
- $openssl_other_defines="";
- $libs="";
- $target="";
- $options="";
- $symlink=1;
-
- $argv_unprocessed=0;
- $argvstring=join(' ',@argvcopy);
-
-PROCESS_ARGS:
- foreach (@argvcopy)
- {
- s /^-no-/no-/; # some people just can't read the instructions
-
- # rewrite some options in "enable-..." form
- s /^-?-?shared$/enable-shared/;
- s /^sctp$/enable-sctp/;
- s /^threads$/enable-threads/;
- s /^zlib$/enable-zlib/;
- s /^zlib-dynamic$/enable-zlib-dynamic/;
-
- if (/^no-(.+)$/ || /^disable-(.+)$/)
- {
- if (!($disabled{$1} eq "experimental"))
- {
- if ($1 eq "ssl")
- {
- $disabled{"ssl2"} = "option(ssl)";
- $disabled{"ssl3"} = "option(ssl)";
- }
- elsif ($1 eq "tls")
- {
- $disabled{"tls1"} = "option(tls)"
- }
- elsif ($1 eq "ssl3-method")
- {
- $disabled{"ssl3-method"} = "option(ssl)";
- $disabled{"ssl3"} = "option(ssl)";
- }
- else
- {
- $disabled{$1} = "option";
- }
- }
- }
- elsif (/^enable-(.+)$/ || /^experimental-(.+)$/)
- {
- my $algo = $1;
- if ($disabled{$algo} eq "experimental")
- {
- die "You are requesting an experimental feature; please say 'experimental-$algo' if you are sure\n"
- unless (/^experimental-/);
- push @experimental, $algo;
- }
- delete $disabled{$algo};
-
- $threads = 1 if ($algo eq "threads");
- }
- elsif (/^--test-sanity$/)
- {
- exit(&test_sanity());
- }
- elsif (/^--strict-warnings/)
- {
- $strict_warnings = 1;
- }
- elsif (/^reconfigure/ || /^reconf/)
- {
- if (open(IN,"<$Makefile"))
- {
- while (<IN>)
- {
- chomp;
- if (/^CONFIGURE_ARGS=(.*)/)
- {
- $argvstring=$1;
- @argvcopy=split(' ',$argvstring);
- die "Incorrect data to reconfigure, please do a normal configuration\n"
- if (grep(/^reconf/,@argvcopy));
- print "Reconfiguring with: $argvstring\n";
- $argv_unprocessed=1;
- close(IN);
- last PROCESS_ARGS;
- }
- }
- close(IN);
- }
- die "Insufficient data to reconfigure, please do a normal configuration\n";
- }
- elsif (/^386$/)
- { $processor=386; }
- elsif (/^fips$/)
- {
- $fips=1;
- }
- elsif (/^rsaref$/)
- {
- # No RSAref support any more since it's not needed.
- # The check for the option is there so scripts aren't
- # broken
- }
- elsif (/^[-+]/)
- {
- if (/^--prefix=(.*)$/)
- {
- $prefix=$1;
- }
- elsif (/^--libdir=(.*)$/)
- {
- $libdir=$1;
- }
- elsif (/^--openssldir=(.*)$/)
- {
- $openssldir=$1;
- }
- elsif (/^--install.prefix=(.*)$/)
- {
- $install_prefix=$1;
- }
- elsif (/^--with-krb5-(dir|lib|include|flavor)=(.*)$/)
- {
- $withargs{"krb5-".$1}=$2;
- }
- elsif (/^--with-zlib-lib=(.*)$/)
- {
- $withargs{"zlib-lib"}=$1;
- }
- elsif (/^--with-zlib-include=(.*)$/)
- {
- $withargs{"zlib-include"}="-I$1";
- }
- elsif (/^--with-fipsdir=(.*)$/)
- {
- $fipsdir="$1";
- }
- elsif (/^--with-fipslibdir=(.*)$/)
- {
- $fipslibdir="$1";
- }
- elsif (/^--with-baseaddr=(.*)$/)
- {
- $baseaddr="$1";
- }
- elsif (/^--cross-compile-prefix=(.*)$/)
- {
- $cross_compile_prefix=$1;
- }
- elsif (/^-[lL](.*)$/ or /^-Wl,/)
- {
- $libs.=$_." ";
- }
- else # common if (/^[-+]/), just pass down...
- {
- $_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei;
- $flags.=$_." ";
- }
- }
- elsif ($_ =~ /^([^:]+):(.+)$/)
- {
- eval "\$table{\$1} = \"$2\""; # allow $xxx constructs in the string
- $target=$1;
- }
- else
- {
- die "target already defined - $target (offending arg: $_)\n" if ($target ne "");
- $target=$_;
- }
-
- unless ($_ eq $target || /^no-/ || /^disable-/)
- {
- # "no-..." follows later after implied disactivations
- # have been derived. (Don't take this too seroiusly,
- # we really only write OPTIONS to the Makefile out of
- # nostalgia.)
-
- if ($options eq "")
- { $options = $_; }
- else
- { $options .= " ".$_; }
- }
- }
- }
-
-
-
-if ($processor eq "386")
- {
- $disabled{"sse2"} = "forced";
- }
-
-if (!defined($withargs{"krb5-flavor"}) || $withargs{"krb5-flavor"} eq "")
- {
- $disabled{"krb5"} = "krb5-flavor not specified";
- }
-
-if (!defined($disabled{"zlib-dynamic"}))
- {
- # "zlib-dynamic" was specifically enabled, so enable "zlib"
- delete $disabled{"zlib"};
- }
-
-if (defined($disabled{"rijndael"}))
- {
- $disabled{"aes"} = "forced";
- }
-if (defined($disabled{"des"}))
- {
- $disabled{"mdc2"} = "forced";
- }
-if (defined($disabled{"ec"}))
- {
- $disabled{"ecdsa"} = "forced";
- $disabled{"ecdh"} = "forced";
- }
-
-# SSL 2.0 requires MD5 and RSA
-if (defined($disabled{"md5"}) || defined($disabled{"rsa"}))
- {
- $disabled{"ssl2"} = "forced";
- }
-
-if ($fips && $fipslibdir eq "")
- {
- $fipslibdir = $fipsdir . "/lib/";
- }
-
-# RSAX ENGINE sets default non-FIPS RSA method.
-if ($fips)
- {
- $disabled{"rsax"} = "forced";
- }
-
-# SSL 3.0 and TLS requires MD5 and SHA and either RSA or DSA+DH
-if (defined($disabled{"md5"}) || defined($disabled{"sha"})
- || (defined($disabled{"rsa"})
- && (defined($disabled{"dsa"}) || defined($disabled{"dh"}))))
- {
- $disabled{"ssl3"} = "forced";
- $disabled{"tls1"} = "forced";
- }
-
-if (defined($disabled{"ec"}) || defined($disabled{"dsa"})
- || defined($disabled{"dh"}))
- {
- $disabled{"gost"} = "forced";
- }
-
-# SRP and HEARTBEATS require TLSEXT
-if (defined($disabled{"tlsext"}))
- {
- $disabled{"srp"} = "forced";
- $disabled{"heartbeats"} = "forced";
- }
-
-if ($target eq "TABLE") {
- foreach $target (sort keys %table) {
- print_table_entry($target);
- }
- exit 0;
-}
-
-if ($target eq "LIST") {
- foreach (sort keys %table) {
- print;
- print "\n";
- }
- exit 0;
-}
-
-if ($target =~ m/^CygWin32(-.*)$/) {
- $target = "Cygwin".$1;
-}
-
-print "Configuring for $target\n";
-
-&usage if (!defined($table{$target}));
-
-
-foreach (sort (keys %disabled))
- {
- $options .= " no-$_";
-
- printf " no-%-12s %-10s", $_, "[$disabled{$_}]";
-
- if (/^dso$/)
- { $no_dso = 1; }
- elsif (/^threads$/)
- { $no_threads = 1; }
- elsif (/^shared$/)
- { $no_shared = 1; }
- elsif (/^zlib$/)
- { $zlib = 0; }
- elsif (/^static-engine$/)
- { }
- elsif (/^zlib-dynamic$/)
- { }
- elsif (/^symlinks$/)
- { $symlink = 0; }
- elsif (/^sse2$/)
- { $no_sse2 = 1; }
- else
- {
- my ($ALGO, $algo);
- ($ALGO = $algo = $_) =~ tr/[\-a-z]/[_A-Z]/;
-
- if (/^asm$/ || /^err$/ || /^hw$/ || /^hw-/)
- {
- $openssl_other_defines .= "#define OPENSSL_NO_$ALGO\n";
- print " OPENSSL_NO_$ALGO";
-
- if (/^err$/) { $flags .= "-DOPENSSL_NO_ERR "; }
- elsif (/^asm$/) { $no_asm = 1; }
- }
- else
- {
- $openssl_algorithm_defines .= "#define OPENSSL_NO_$ALGO\n";
- print " OPENSSL_NO_$ALGO";
-
- if (/^krb5$/)
- { $no_krb5 = 1; }
- else
- {
- push @skip, $algo;
- # fix-up crypto/directory name(s)
- @skip[$#skip]="whrlpool" if $algo eq "whirlpool";
- print " (skip dir)";
-
- $depflags .= " -DOPENSSL_NO_$ALGO";
- }
- }
- if (/^comp$/) { $zlib = 0; }
- }
-
- print "\n";
- }
-
-my $exp_cflags = "";
-foreach (sort @experimental)
- {
- my $ALGO;
- ($ALGO = $_) =~ tr/[a-z]/[A-Z]/;
-
- # opensslconf.h will set OPENSSL_NO_... unless OPENSSL_EXPERIMENTAL_... is defined
- $openssl_experimental_defines .= "#define OPENSSL_NO_$ALGO\n";
- $exp_cflags .= " -DOPENSSL_EXPERIMENTAL_$ALGO";
- }
-
-my $IsMK1MF=scalar grep /^$target$/,@MK1MF_Builds;
-
-$exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target =~ /^mingw/);
-$exe_ext=".nlm" if ($target =~ /netware/);
-$exe_ext=".pm" if ($target =~ /vos/);
-$openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq "");
-$prefix=$openssldir if $prefix eq "";
-
-$default_ranlib= &which("ranlib") or $default_ranlib="true";
-$perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl")
- or $perl="perl";
-my $make = $ENV{'MAKE'} || "make";
-
-$cross_compile_prefix=$ENV{'CROSS_COMPILE'} if $cross_compile_prefix eq "";
-
-chop $openssldir if $openssldir =~ /\/$/;
-chop $prefix if $prefix =~ /.\/$/;
-
-$openssldir=$prefix . "/ssl" if $openssldir eq "";
-$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/;
-
-
-print "IsMK1MF=$IsMK1MF\n";
-
-my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
-my $cc = $fields[$idx_cc];
-# Allow environment CC to override compiler...
-if($ENV{CC}) {
- $cc = $ENV{CC};
-}
-
-my $cflags = $fields[$idx_cflags];
-my $unistd = $fields[$idx_unistd];
-my $thread_cflag = $fields[$idx_thread_cflag];
-my $sys_id = $fields[$idx_sys_id];
-my $lflags = $fields[$idx_lflags];
-my $bn_ops = $fields[$idx_bn_ops];
-my $cpuid_obj = $fields[$idx_cpuid_obj];
-my $bn_obj = $fields[$idx_bn_obj];
-my $ec_obj = $fields[$idx_ec_obj];
-my $des_obj = $fields[$idx_des_obj];
-my $aes_obj = $fields[$idx_aes_obj];
-my $bf_obj = $fields[$idx_bf_obj];
-my $md5_obj = $fields[$idx_md5_obj];
-my $sha1_obj = $fields[$idx_sha1_obj];
-my $cast_obj = $fields[$idx_cast_obj];
-my $rc4_obj = $fields[$idx_rc4_obj];
-my $rmd160_obj = $fields[$idx_rmd160_obj];
-my $rc5_obj = $fields[$idx_rc5_obj];
-my $wp_obj = $fields[$idx_wp_obj];
-my $cmll_obj = $fields[$idx_cmll_obj];
-my $modes_obj = $fields[$idx_modes_obj];
-my $engines_obj = $fields[$idx_engines_obj];
-my $perlasm_scheme = $fields[$idx_perlasm_scheme];
-my $dso_scheme = $fields[$idx_dso_scheme];
-my $shared_target = $fields[$idx_shared_target];
-my $shared_cflag = $fields[$idx_shared_cflag];
-my $shared_ldflag = $fields[$idx_shared_ldflag];
-my $shared_extension = $fields[$idx_shared_extension];
-my $ranlib = $ENV{'RANLIB'} || $fields[$idx_ranlib];
-my $ar = $ENV{'AR'} || "ar";
-my $arflags = $fields[$idx_arflags];
-my $windres = $ENV{'RC'} || $ENV{'WINDRES'} || "windres";
-my $multilib = $fields[$idx_multilib];
-
-# if $prefix/lib$multilib is not an existing directory, then
-# assume that it's not searched by linker automatically, in
-# which case adding $multilib suffix causes more grief than
-# we're ready to tolerate, so don't...
-$multilib="" if !-d "$prefix/lib$multilib";
-
-$libdir="lib$multilib" if $libdir eq "";
-
-$cflags = "$cflags$exp_cflags";
-
-# '%' in $lflags is used to split flags to "pre-" and post-flags
-my ($prelflags,$postlflags)=split('%',$lflags);
-if (defined($postlflags)) { $lflags=$postlflags; }
-else { $lflags=$prelflags; undef $prelflags; }
-
-if ($target =~ /^mingw/ && `$cross_compile_prefix$cc --target-help 2>&1` !~ m/\-mno\-cygwin/m)
- {
- $cflags =~ s/\-mno\-cygwin\s*//;
- $shared_ldflag =~ s/\-mno\-cygwin\s*//;
- }
-
-if ($target =~ /linux.*\-mips/ && !$no_asm && $flags !~ /\-m(ips|arch=)/) {
- # minimally required architecture flags for assembly modules
- $cflags="-mips2 $cflags" if ($target =~ /mips32/);
- $cflags="-mips3 $cflags" if ($target =~ /mips64/);
-}
-
-my $no_shared_warn=0;
-my $no_user_cflags=0;
-
-if ($flags ne "") { $cflags="$flags$cflags"; }
-else { $no_user_cflags=1; }
-
-# Kerberos settings. The flavor must be provided from outside, either through
-# the script "config" or manually.
-if (!$no_krb5)
- {
- my ($lresolv, $lpath, $lext);
- if ($withargs{"krb5-flavor"} =~ /^[Hh]eimdal$/)
- {
- die "Sorry, Heimdal is currently not supported\n";
- }
- ##### HACK to force use of Heimdal.
- ##### WARNING: Since we don't really have adequate support for Heimdal,
- ##### using this will break the build. You'll have to make
- ##### changes to the source, and if you do, please send
- ##### patches to openssl-dev@openssl.org
- if ($withargs{"krb5-flavor"} =~ /^force-[Hh]eimdal$/)
- {
- warn "Heimdal isn't really supported. Your build WILL break\n";
- warn "If you fix the problems, please send a patch to openssl-dev\@openssl.org\n";
- $withargs{"krb5-dir"} = "/usr/heimdal"
- if $withargs{"krb5-dir"} eq "";
- $withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}.
- "/lib -lgssapi -lkrb5 -lcom_err"
- if $withargs{"krb5-lib"} eq "" && !$IsMK1MF;
- $cflags="-DKRB5_HEIMDAL $cflags";
- }
- if ($withargs{"krb5-flavor"} =~ /^[Mm][Ii][Tt]/)
- {
- $withargs{"krb5-dir"} = "/usr/kerberos"
- if $withargs{"krb5-dir"} eq "";
- $withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}.
- "/lib -lgssapi_krb5 -lkrb5 -lcom_err -lk5crypto"
- if $withargs{"krb5-lib"} eq "" && !$IsMK1MF;
- $cflags="-DKRB5_MIT $cflags";
- $withargs{"krb5-flavor"} =~ s/^[Mm][Ii][Tt][._-]*//;
- if ($withargs{"krb5-flavor"} =~ /^1[._-]*[01]/)
- {
- $cflags="-DKRB5_MIT_OLD11 $cflags";
- }
- }
- LRESOLV:
- foreach $lpath ("/lib", "/usr/lib")
- {
- foreach $lext ("a", "so")
- {
- $lresolv = "$lpath/libresolv.$lext";
- last LRESOLV if (-r "$lresolv");
- $lresolv = "";
- }
- }
- $withargs{"krb5-lib"} .= " -lresolv"
- if ("$lresolv" ne "");
- $withargs{"krb5-include"} = "-I".$withargs{"krb5-dir"}."/include"
- if $withargs{"krb5-include"} eq "" &&
- $withargs{"krb5-dir"} ne "";
- }
-
-# The DSO code currently always implements all functions so that no
-# applications will have to worry about that from a compilation point
-# of view. However, the "method"s may return zero unless that platform
-# has support compiled in for them. Currently each method is enabled
-# by a define "DSO_<name>" ... we translate the "dso_scheme" config
-# string entry into using the following logic;
-my $dso_cflags;
-if (!$no_dso && $dso_scheme ne "")
- {
- $dso_scheme =~ tr/[a-z]/[A-Z]/;
- if ($dso_scheme eq "DLFCN")
- {
- $dso_cflags = "-DDSO_DLFCN -DHAVE_DLFCN_H";
- }
- elsif ($dso_scheme eq "DLFCN_NO_H")
- {
- $dso_cflags = "-DDSO_DLFCN";
- }
- else
- {
- $dso_cflags = "-DDSO_$dso_scheme";
- }
- $cflags = "$dso_cflags $cflags";
- }
-
-my $thread_cflags;
-my $thread_defines;
-if ($thread_cflag ne "(unknown)" && !$no_threads)
- {
- # If we know how to do it, support threads by default.
- $threads = 1;
- }
-if ($thread_cflag eq "(unknown)" && $threads)
- {
- # If the user asked for "threads", [s]he is also expected to
- # provide any system-dependent compiler options that are
- # necessary.
- if ($no_user_cflags)
- {
- print "You asked for multi-threading support, but didn't\n";
- print "provide any system-specific compiler options\n";
- exit(1);
- }
- $thread_cflags="-DOPENSSL_THREADS $cflags" ;
- $thread_defines .= "#define OPENSSL_THREADS\n";
- }
-else
- {
- $thread_cflags="-DOPENSSL_THREADS $thread_cflag $cflags";
- $thread_defines .= "#define OPENSSL_THREADS\n";
-# my $def;
-# foreach $def (split ' ',$thread_cflag)
-# {
-# if ($def =~ s/^-D// && $def !~ /^_/)
-# {
-# $thread_defines .= "#define $def\n";
-# }
-# }
- }
-
-$lflags="$libs$lflags" if ($libs ne "");
-
-if ($no_asm)
- {
- $cpuid_obj=$bn_obj=$ec_obj=
- $des_obj=$aes_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj=$cmll_obj=
- $modes_obj=$sha1_obj=$md5_obj=$rmd160_obj=$wp_obj=$engines_obj="";
- }
-
-if (!$no_shared)
- {
- $cast_obj=""; # CAST assembler is not PIC
- }
-
-if ($threads)
- {
- $cflags=$thread_cflags;
- $openssl_thread_defines .= $thread_defines;
- }
-
-if ($zlib)
- {
- $cflags = "-DZLIB $cflags";
- if (defined($disabled{"zlib-dynamic"}))
- {
- if (defined($withargs{"zlib-lib"}))
- {
- $lflags = "$lflags -L" . $withargs{"zlib-lib"} . " -lz";
- }
- else
- {
- $lflags = "$lflags -lz";
- }
- }
- else
- {
- $cflags = "-DZLIB_SHARED $cflags";
- }
- }
-
-# You will find shlib_mark1 and shlib_mark2 explained in Makefile.org
-my $shared_mark = "";
-if ($shared_target eq "")
- {
- $no_shared_warn = 1 if !$no_shared;
- $no_shared = 1;
- }
-if (!$no_shared)
- {
- if ($shared_cflag ne "")
- {
- $cflags = "$shared_cflag -DOPENSSL_PIC $cflags";
- }
- }
-
-if (!$IsMK1MF)
- {
- # add {no-}static-engine to options to allow mkdef.pl to work without extra arguments
- if ($no_shared)
- {
- $openssl_other_defines.="#define OPENSSL_NO_DYNAMIC_ENGINE\n";
- $options.=" static-engine";
- }
- else
- {
- $openssl_other_defines.="#define OPENSSL_NO_STATIC_ENGINE\n";
- $options.=" no-static-engine";
- }
- }
-
-$cpuid_obj.=" uplink.o uplink-x86.o" if ($cflags =~ /\-DOPENSSL_USE_APPLINK/);
-
-#
-# Platform fix-ups
-#
-if ($target =~ /\-icc$/) # Intel C compiler
- {
- my $iccver=0;
- if (open(FD,"$cc -V 2>&1 |"))
- {
- while(<FD>) { $iccver=$1 if (/Version ([0-9]+)\./); }
- close(FD);
- }
- if ($iccver>=8)
- {
- $cflags=~s/\-KPIC/-fPIC/;
- # Eliminate unnecessary dependency from libirc.a. This is
- # essential for shared library support, as otherwise
- # apps/openssl can end up in endless loop upon startup...
- $cflags.=" -Dmemcpy=__builtin_memcpy -Dmemset=__builtin_memset";
- }
- if ($iccver>=9)
- {
- $lflags.=" -i-static";
- $lflags=~s/\-no_cpprt/-no-cpprt/;
- }
- if ($iccver>=10)
- {
- $lflags=~s/\-i\-static/-static-intel/;
- }
- if ($iccver>=11)
- {
- $cflags.=" -no-intel-extensions"; # disable Cilk
- $lflags=~s/\-no\-cpprt/-no-cxxlib/;
- }
- }
-
-# Unlike other OSes (like Solaris, Linux, Tru64, IRIX) BSD run-time
-# linkers (tested OpenBSD, NetBSD and FreeBSD) "demand" RPATH set on
-# .so objects. Apparently application RPATH is not global and does
-# not apply to .so linked with other .so. Problem manifests itself
-# when libssl.so fails to load libcrypto.so. One can argue that we
-# should engrave this into Makefile.shared rules or into BSD-* config
-# lines above. Meanwhile let's try to be cautious and pass -rpath to
-# linker only when --prefix is not /usr.
-if ($target =~ /^BSD\-/)
- {
- $shared_ldflag.=" -Wl,-rpath,\$\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|);
- }
-
-if ($sys_id ne "")
- {
- #$cflags="-DOPENSSL_SYSNAME_$sys_id $cflags";
- $openssl_sys_defines="#define OPENSSL_SYSNAME_$sys_id\n";
- }
-
-if ($ranlib eq "")
- {
- $ranlib = $default_ranlib;
- }
-
-#my ($bn1)=split(/\s+/,$bn_obj);
-#$bn1 = "" unless defined $bn1;
-#$bn1=$bn_asm unless ($bn1 =~ /\.o$/);
-#$bn_obj="$bn1";
-
-$cpuid_obj="" if ($processor eq "386");
-
-$bn_obj = $bn_asm unless $bn_obj ne "";
-# bn-586 is the only one implementing bn_*_part_words
-$cflags.=" -DOPENSSL_BN_ASM_PART_WORDS" if ($bn_obj =~ /bn-586/);
-$cflags.=" -DOPENSSL_IA32_SSE2" if (!$no_sse2 && $bn_obj =~ /86/);
-
-$cflags.=" -DOPENSSL_BN_ASM_MONT" if ($bn_obj =~ /-mont/);
-$cflags.=" -DOPENSSL_BN_ASM_MONT5" if ($bn_obj =~ /-mont5/);
-$cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($bn_obj =~ /-gf2m/);
-
-if ($fips)
- {
- $openssl_other_defines.="#define OPENSSL_FIPS\n";
- $cflags .= " -I\$(FIPSDIR)/include";
- }
-
-$cpuid_obj="mem_clr.o" unless ($cpuid_obj =~ /\.o$/);
-$des_obj=$des_enc unless ($des_obj =~ /\.o$/);
-$bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/);
-$cast_obj=$cast_enc unless ($cast_obj =~ /\.o$/);
-$rc5_obj=$rc5_enc unless ($rc5_obj =~ /\.o$/);
-if ($rc4_obj =~ /\.o$/)
- {
- $cflags.=" -DRC4_ASM";
- }
-else
- {
- $rc4_obj=$rc4_enc;
- }
-if ($sha1_obj =~ /\.o$/)
- {
-# $sha1_obj=$sha1_enc;
- $cflags.=" -DSHA1_ASM" if ($sha1_obj =~ /sx86/ || $sha1_obj =~ /sha1/);
- $cflags.=" -DSHA256_ASM" if ($sha1_obj =~ /sha256/);
- $cflags.=" -DSHA512_ASM" if ($sha1_obj =~ /sha512/);
- if ($sha1_obj =~ /sse2/)
- { if ($no_sse2)
- { $sha1_obj =~ s/\S*sse2\S+//; }
- elsif ($cflags !~ /OPENSSL_IA32_SSE2/)
- { $cflags.=" -DOPENSSL_IA32_SSE2"; }
- }
- }
-if ($md5_obj =~ /\.o$/)
- {
-# $md5_obj=$md5_enc;
- $cflags.=" -DMD5_ASM";
- }
-if ($rmd160_obj =~ /\.o$/)
- {
-# $rmd160_obj=$rmd160_enc;
- $cflags.=" -DRMD160_ASM";
- }
-if ($aes_obj =~ /\.o$/)
- {
- $cflags.=" -DAES_ASM" if ($aes_obj =~ m/\baes\-/);;
- # aes-ctr.o is not a real file, only indication that assembler
- # module implements AES_ctr32_encrypt...
- $cflags.=" -DAES_CTR_ASM" if ($aes_obj =~ s/\s*aes\-ctr\.o//);
- # aes-xts.o indicates presense of AES_xts_[en|de]crypt...
- $cflags.=" -DAES_XTS_ASM" if ($aes_obj =~ s/\s*aes\-xts\.o//);
- $aes_obj =~ s/\s*(vpaes|aesni)\-x86\.o//g if ($no_sse2);
- $cflags.=" -DVPAES_ASM" if ($aes_obj =~ m/vpaes/);
- $cflags.=" -DBSAES_ASM" if ($aes_obj =~ m/bsaes/);
- }
-else {
- $aes_obj=$aes_enc;
- }
-$wp_obj="" if ($wp_obj =~ /mmx/ && $processor eq "386");
-if ($wp_obj =~ /\.o$/ && !$disabled{"whirlpool"})
- {
- $cflags.=" -DWHIRLPOOL_ASM";
- }
-else {
- $wp_obj="wp_block.o";
- }
-$cmll_obj=$cmll_enc unless ($cmll_obj =~ /.o$/);
-if ($modes_obj =~ /ghash\-/)
- {
- $cflags.=" -DGHASH_ASM";
- }
-if ($ec_obj =~ /ecp_nistz256/)
- {
- $cflags.=" -DECP_NISTZ256_ASM";
- }
-
-# "Stringify" the C flags string. This permits it to be made part of a string
-# and works as well on command lines.
-$cflags =~ s/([\\\"])/\\\1/g;
-
-my $version = "unknown";
-my $version_num = "unknown";
-my $major = "unknown";
-my $minor = "unknown";
-my $shlib_version_number = "unknown";
-my $shlib_version_history = "unknown";
-my $shlib_major = "unknown";
-my $shlib_minor = "unknown";
-
-open(IN,'<crypto/opensslv.h') || die "unable to read opensslv.h:$!\n";
-while (<IN>)
- {
- $version=$1 if /OPENSSL.VERSION.TEXT.*OpenSSL (\S+) /;
- $version_num=$1 if /OPENSSL.VERSION.NUMBER.*0x(\S+)/;
- $shlib_version_number=$1 if /SHLIB_VERSION_NUMBER *"([^"]+)"/;
- $shlib_version_history=$1 if /SHLIB_VERSION_HISTORY *"([^"]*)"/;
- }
-close(IN);
-if ($shlib_version_history ne "") { $shlib_version_history .= ":"; }
-
-if ($version =~ /(^[0-9]*)\.([0-9\.]*)/)
- {
- $major=$1;
- $minor=$2;
- }
-
-if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/)
- {
- $shlib_major=$1;
- $shlib_minor=$2;
- }
-
-my %predefined;
-
-# collect compiler pre-defines from gcc or gcc-alike...
-open(PIPE, "$cross_compile_prefix$cc -dM -E -x c /dev/null 2>&1 |");
-while (<PIPE>) {
- m/^#define\s+(\w+(?:\(\w+\))?)(?:\s+(.+))?/ or last;
- $predefined{$1} = defined($2) ? $2 : "";
-}
-close(PIPE);
-
-# Xcode did not handle $cc -M before clang support
-my $cc_as_makedepend = 0;
-if ($predefined{__GNUC__} >= 3 && !(defined($predefined{__APPLE_CC__})
- && !defined($predefined{__clang__}))) {
- $cc_as_makedepend = 1;
-}
-
-if ($strict_warnings)
- {
- my $wopt;
- die "ERROR --strict-warnings requires gcc or clang" unless defined($predefined{__GNUC__});
- foreach $wopt (split /\s+/, $gcc_devteam_warn)
- {
- $cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/)
- }
- if (defined($predefined{__clang__}))
- {
- foreach $wopt (split /\s+/, $clang_devteam_warn)
- {
- $cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/)
- }
- }
- }
-
-open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
-unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
-open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
-print OUT "### Generated automatically from Makefile.org by Configure.\n\n";
-my $sdirs=0;
-while (<IN>)
- {
- chomp;
- $sdirs = 1 if /^SDIRS=/;
- if ($sdirs) {
- my $dir;
- foreach $dir (@skip) {
- s/(\s)$dir /$1/;
- s/\s$dir$//;
- }
- }
- $sdirs = 0 unless /\\$/;
- s/engines // if (/^DIRS=/ && $disabled{"engine"});
- s/ccgost// if (/^ENGDIRS=/ && $disabled{"gost"});
- s/^VERSION=.*/VERSION=$version/;
- s/^MAJOR=.*/MAJOR=$major/;
- s/^MINOR=.*/MINOR=$minor/;
- s/^SHLIB_VERSION_NUMBER=.*/SHLIB_VERSION_NUMBER=$shlib_version_number/;
- s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/;
- s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/;
- s/^SHLIB_MINOR=.*/SHLIB_MINOR=$shlib_minor/;
- s/^SHLIB_EXT=.*/SHLIB_EXT=$shared_extension/;
- s/^INSTALLTOP=.*$/INSTALLTOP=$prefix/;
- s/^MULTILIB=.*$/MULTILIB=$multilib/;
- s/^OPENSSLDIR=.*$/OPENSSLDIR=$openssldir/;
- s/^LIBDIR=.*$/LIBDIR=$libdir/;
- s/^INSTALL_PREFIX=.*$/INSTALL_PREFIX=$install_prefix/;
- s/^PLATFORM=.*$/PLATFORM=$target/;
- s/^OPTIONS=.*$/OPTIONS=$options/;
- s/^CONFIGURE_ARGS=.*$/CONFIGURE_ARGS=$argvstring/;
- if ($cross_compile_prefix)
- {
- s/^CC=.*$/CROSS_COMPILE= $cross_compile_prefix\nCC= \$\(CROSS_COMPILE\)$cc/;
- s/^AR=\s*/AR= \$\(CROSS_COMPILE\)/;
- s/^NM=\s*/NM= \$\(CROSS_COMPILE\)/;
- s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/;
- s/^RC=\s*/RC= \$\(CROSS_COMPILE\)/;
- s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $cc_as_makedepend;
- }
- else {
- s/^CC=.*$/CC= $cc/;
- s/^AR=\s*ar/AR= $ar/;
- s/^RANLIB=.*/RANLIB= $ranlib/;
- s/^RC=.*/RC= $windres/;
- s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc_as_makedepend;
- }
- s/^CFLAG=.*$/CFLAG= $cflags/;
- s/^DEPFLAG=.*$/DEPFLAG=$depflags/;
- s/^PEX_LIBS=.*$/PEX_LIBS= $prelflags/;
- s/^EX_LIBS=.*$/EX_LIBS= $lflags/;
- s/^EXE_EXT=.*$/EXE_EXT= $exe_ext/;
- s/^CPUID_OBJ=.*$/CPUID_OBJ= $cpuid_obj/;
- s/^BN_ASM=.*$/BN_ASM= $bn_obj/;
- s/^EC_ASM=.*$/EC_ASM= $ec_obj/;
- s/^DES_ENC=.*$/DES_ENC= $des_obj/;
- s/^AES_ENC=.*$/AES_ENC= $aes_obj/;
- s/^BF_ENC=.*$/BF_ENC= $bf_obj/;
- s/^CAST_ENC=.*$/CAST_ENC= $cast_obj/;
- s/^RC4_ENC=.*$/RC4_ENC= $rc4_obj/;
- s/^RC5_ENC=.*$/RC5_ENC= $rc5_obj/;
- s/^MD5_ASM_OBJ=.*$/MD5_ASM_OBJ= $md5_obj/;
- s/^SHA1_ASM_OBJ=.*$/SHA1_ASM_OBJ= $sha1_obj/;
- s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/;
- s/^WP_ASM_OBJ=.*$/WP_ASM_OBJ= $wp_obj/;
- s/^CMLL_ENC=.*$/CMLL_ENC= $cmll_obj/;
- s/^MODES_ASM_OBJ.=*$/MODES_ASM_OBJ= $modes_obj/;
- s/^ENGINES_ASM_OBJ.=*$/ENGINES_ASM_OBJ= $engines_obj/;
- s/^PERLASM_SCHEME=.*$/PERLASM_SCHEME= $perlasm_scheme/;
- s/^PROCESSOR=.*/PROCESSOR= $processor/;
- s/^ARFLAGS=.*/ARFLAGS= $arflags/;
- s/^PERL=.*/PERL= $perl/;
- s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/;
- s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/;
- s/^LIBZLIB=.*/LIBZLIB=$withargs{"zlib-lib"}/;
- s/^ZLIB_INCLUDE=.*/ZLIB_INCLUDE=$withargs{"zlib-include"}/;
-
- s/^FIPSDIR=.*/FIPSDIR=$fipsdir/;
- s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/;
- s/^FIPSCANLIB=.*/FIPSCANLIB=libcrypto/ if $fips;
- s/^BASEADDR=.*/BASEADDR=$baseaddr/;
-
- s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
- s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
- s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
- if ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*$/)
- {
- my $sotmp = $1;
- s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp/;
- }
- elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.dylib$/)
- {
- s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.dylib/;
- }
- elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
- {
- my $sotmp = $1;
- s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/;
- }
- elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/)
- {
- s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.\$(SHLIB_MAJOR).dylib .dylib/;
- }
- s/^SHARED_LDFLAGS=.*/SHARED_LDFLAGS=$shared_ldflag/;
- print OUT $_."\n";
- }
-close(IN);
-close(OUT);
-if ((compare($Makefile, "$Makefile.new"))
- or file_newer('Configure', $Makefile)
- or file_newer('config', $Makefile)
- or file_newer('Makefile.org', $Makefile))
- {
- rename($Makefile,"$Makefile.bak") || die "unable to rename $Makefile\n" if -e $Makefile;
- rename("$Makefile.new",$Makefile) || die "unable to rename $Makefile.new\n";
- }
-else
- { unlink("$Makefile.new"); }
-
-print "CC =$cc\n";
-print "CFLAG =$cflags\n";
-print "EX_LIBS =$lflags\n";
-print "CPUID_OBJ =$cpuid_obj\n";
-print "BN_ASM =$bn_obj\n";
-print "EC_ASM =$ec_obj\n";
-print "DES_ENC =$des_obj\n";
-print "AES_ENC =$aes_obj\n";
-print "BF_ENC =$bf_obj\n";
-print "CAST_ENC =$cast_obj\n";
-print "RC4_ENC =$rc4_obj\n";
-print "RC5_ENC =$rc5_obj\n";
-print "MD5_OBJ_ASM =$md5_obj\n";
-print "SHA1_OBJ_ASM =$sha1_obj\n";
-print "RMD160_OBJ_ASM=$rmd160_obj\n";
-print "CMLL_ENC =$cmll_obj\n";
-print "MODES_OBJ =$modes_obj\n";
-print "ENGINES_OBJ =$engines_obj\n";
-print "PROCESSOR =$processor\n";
-print "RANLIB =$ranlib\n";
-print "ARFLAGS =$arflags\n";
-print "PERL =$perl\n";
-print "KRB5_INCLUDES =",$withargs{"krb5-include"},"\n"
- if $withargs{"krb5-include"} ne "";
-
-my $des_ptr=0;
-my $des_risc1=0;
-my $des_risc2=0;
-my $des_unroll=0;
-my $bn_ll=0;
-my $def_int=2;
-my $rc4_int=$def_int;
-my $md2_int=$def_int;
-my $idea_int=$def_int;
-my $rc2_int=$def_int;
-my $rc4_idx=0;
-my $rc4_chunk=0;
-my $bf_ptr=0;
-my @type=("char","short","int","long");
-my ($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0);
-my $export_var_as_fn=0;
-
-my $des_int;
-
-foreach (sort split(/\s+/,$bn_ops))
- {
- $des_ptr=1 if /DES_PTR/;
- $des_risc1=1 if /DES_RISC1/;
- $des_risc2=1 if /DES_RISC2/;
- $des_unroll=1 if /DES_UNROLL/;
- $des_int=1 if /DES_INT/;
- $bn_ll=1 if /BN_LLONG/;
- $rc4_int=0 if /RC4_CHAR/;
- $rc4_int=3 if /RC4_LONG/;
- $rc4_idx=1 if /RC4_INDEX/;
- $rc4_chunk=1 if /RC4_CHUNK/;
- $rc4_chunk=2 if /RC4_CHUNK_LL/;
- $md2_int=0 if /MD2_CHAR/;
- $md2_int=3 if /MD2_LONG/;
- $idea_int=1 if /IDEA_SHORT/;
- $idea_int=3 if /IDEA_LONG/;
- $rc2_int=1 if /RC2_SHORT/;
- $rc2_int=3 if /RC2_LONG/;
- $bf_ptr=1 if $_ eq "BF_PTR";
- $bf_ptr=2 if $_ eq "BF_PTR2";
- ($b64l,$b64,$b32,$b16,$b8)=(0,1,0,0,0) if /SIXTY_FOUR_BIT/;
- ($b64l,$b64,$b32,$b16,$b8)=(1,0,0,0,0) if /SIXTY_FOUR_BIT_LONG/;
- ($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0) if /THIRTY_TWO_BIT/;
- ($b64l,$b64,$b32,$b16,$b8)=(0,0,0,1,0) if /SIXTEEN_BIT/;
- ($b64l,$b64,$b32,$b16,$b8)=(0,0,0,0,1) if /EIGHT_BIT/;
- $export_var_as_fn=1 if /EXPORT_VAR_AS_FN/;
- }
-
-open(IN,'<crypto/opensslconf.h.in') || die "unable to read crypto/opensslconf.h.in:$!\n";
-unlink("crypto/opensslconf.h.new") || die "unable to remove old crypto/opensslconf.h.new:$!\n" if -e "crypto/opensslconf.h.new";
-open(OUT,'>crypto/opensslconf.h.new') || die "unable to create crypto/opensslconf.h.new:$!\n";
-print OUT "/* opensslconf.h */\n";
-print OUT "/* WARNING: Generated automatically from opensslconf.h.in by Configure. */\n\n";
-
-print OUT "#ifdef __cplusplus\n";
-print OUT "extern \"C\" {\n";
-print OUT "#endif\n";
-print OUT "/* OpenSSL was configured with the following options: */\n";
-my $openssl_algorithm_defines_trans = $openssl_algorithm_defines;
-$openssl_experimental_defines =~ s/^\s*#\s*define\s+OPENSSL_NO_(.*)/#ifndef OPENSSL_EXPERIMENTAL_$1\n# ifndef OPENSSL_NO_$1\n# define OPENSSL_NO_$1\n# endif\n#endif/mg;
-$openssl_algorithm_defines_trans =~ s/^\s*#\s*define\s+OPENSSL_(.*)/# if defined(OPENSSL_$1) \&\& !defined($1)\n# define $1\n# endif/mg;
-$openssl_algorithm_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
-$openssl_algorithm_defines = " /* no ciphers excluded */\n" if $openssl_algorithm_defines eq "";
-$openssl_thread_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
-$openssl_sys_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
-$openssl_other_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
-print OUT $openssl_sys_defines;
-print OUT "#ifndef OPENSSL_DOING_MAKEDEPEND\n\n";
-print OUT $openssl_experimental_defines;
-print OUT "\n";
-print OUT $openssl_algorithm_defines;
-print OUT "\n#endif /* OPENSSL_DOING_MAKEDEPEND */\n\n";
-print OUT $openssl_thread_defines;
-print OUT $openssl_other_defines,"\n";
-
-print OUT "/* The OPENSSL_NO_* macros are also defined as NO_* if the application\n";
-print OUT " asks for it. This is a transient feature that is provided for those\n";
-print OUT " who haven't had the time to do the appropriate changes in their\n";
-print OUT " applications. */\n";
-print OUT "#ifdef OPENSSL_ALGORITHM_DEFINES\n";
-print OUT $openssl_algorithm_defines_trans;
-print OUT "#endif\n\n";
-
-print OUT "#define OPENSSL_CPUID_OBJ\n\n" if ($cpuid_obj ne "mem_clr.o");
-
-while (<IN>)
- {
- if (/^#define\s+OPENSSLDIR/)
- {
- my $foo = $openssldir;
- $foo =~ s/\\/\\\\/g;
- print OUT "#define OPENSSLDIR \"$foo\"\n";
- }
- elsif (/^#define\s+ENGINESDIR/)
- {
- my $foo = "$prefix/$libdir/engines";
- $foo =~ s/\\/\\\\/g;
- print OUT "#define ENGINESDIR \"$foo\"\n";
- }
- elsif (/^#((define)|(undef))\s+OPENSSL_EXPORT_VAR_AS_FUNCTION/)
- { printf OUT "#undef OPENSSL_EXPORT_VAR_AS_FUNCTION\n"
- if $export_var_as_fn;
- printf OUT "#%s OPENSSL_EXPORT_VAR_AS_FUNCTION\n",
- ($export_var_as_fn)?"define":"undef"; }
- elsif (/^#define\s+OPENSSL_UNISTD/)
- {
- $unistd = "<unistd.h>" if $unistd eq "";
- print OUT "#define OPENSSL_UNISTD $unistd\n";
- }
- elsif (/^#((define)|(undef))\s+SIXTY_FOUR_BIT_LONG/)
- { printf OUT "#%s SIXTY_FOUR_BIT_LONG\n",($b64l)?"define":"undef"; }
- elsif (/^#((define)|(undef))\s+SIXTY_FOUR_BIT/)
- { printf OUT "#%s SIXTY_FOUR_BIT\n",($b64)?"define":"undef"; }
- elsif (/^#((define)|(undef))\s+THIRTY_TWO_BIT/)
- { printf OUT "#%s THIRTY_TWO_BIT\n",($b32)?"define":"undef"; }
- elsif (/^#((define)|(undef))\s+SIXTEEN_BIT/)
- { printf OUT "#%s SIXTEEN_BIT\n",($b16)?"define":"undef"; }
- elsif (/^#((define)|(undef))\s+EIGHT_BIT/)
- { printf OUT "#%s EIGHT_BIT\n",($b8)?"define":"undef"; }
- elsif (/^#((define)|(undef))\s+BN_LLONG\s*$/)
- { printf OUT "#%s BN_LLONG\n",($bn_ll)?"define":"undef"; }
- elsif (/^\#define\s+DES_LONG\s+.*/)
- { printf OUT "#define DES_LONG unsigned %s\n",
- ($des_int)?'int':'long'; }
- elsif (/^\#(define|undef)\s+DES_PTR/)
- { printf OUT "#%s DES_PTR\n",($des_ptr)?'define':'undef'; }
- elsif (/^\#(define|undef)\s+DES_RISC1/)
- { printf OUT "#%s DES_RISC1\n",($des_risc1)?'define':'undef'; }
- elsif (/^\#(define|undef)\s+DES_RISC2/)
- { printf OUT "#%s DES_RISC2\n",($des_risc2)?'define':'undef'; }
- elsif (/^\#(define|undef)\s+DES_UNROLL/)
- { printf OUT "#%s DES_UNROLL\n",($des_unroll)?'define':'undef'; }
- elsif (/^#define\s+RC4_INT\s/)
- { printf OUT "#define RC4_INT unsigned %s\n",$type[$rc4_int]; }
- elsif (/^#undef\s+RC4_CHUNK/)
- {
- printf OUT "#undef RC4_CHUNK\n" if $rc4_chunk==0;
- printf OUT "#define RC4_CHUNK unsigned long\n" if $rc4_chunk==1;
- printf OUT "#define RC4_CHUNK unsigned long long\n" if $rc4_chunk==2;
- }
- elsif (/^#((define)|(undef))\s+RC4_INDEX/)
- { printf OUT "#%s RC4_INDEX\n",($rc4_idx)?"define":"undef"; }
- elsif (/^#(define|undef)\s+I386_ONLY/)
- { printf OUT "#%s I386_ONLY\n", ($processor eq "386")?
- "define":"undef"; }
- elsif (/^#define\s+MD2_INT\s/)
- { printf OUT "#define MD2_INT unsigned %s\n",$type[$md2_int]; }
- elsif (/^#define\s+IDEA_INT\s/)
- {printf OUT "#define IDEA_INT unsigned %s\n",$type[$idea_int];}
- elsif (/^#define\s+RC2_INT\s/)
- {printf OUT "#define RC2_INT unsigned %s\n",$type[$rc2_int];}
- elsif (/^#(define|undef)\s+BF_PTR/)
- {
- printf OUT "#undef BF_PTR\n" if $bf_ptr == 0;
- printf OUT "#define BF_PTR\n" if $bf_ptr == 1;
- printf OUT "#define BF_PTR2\n" if $bf_ptr == 2;
- }
- else
- { print OUT $_; }
- }
-close(IN);
-print OUT "#ifdef __cplusplus\n";
-print OUT "}\n";
-print OUT "#endif\n";
-close(OUT);
-if (compare("crypto/opensslconf.h.new","crypto/opensslconf.h"))
- {
- rename("crypto/opensslconf.h","crypto/opensslconf.h.bak") || die "unable to rename crypto/opensslconf.h\n" if -e "crypto/opensslconf.h";
- rename("crypto/opensslconf.h.new","crypto/opensslconf.h") || die "unable to rename crypto/opensslconf.h.new\n";
- }
-else
- { unlink("crypto/opensslconf.h.new"); }
-
-# Fix the date
-
-print "SIXTY_FOUR_BIT_LONG mode\n" if $b64l;
-print "SIXTY_FOUR_BIT mode\n" if $b64;
-print "THIRTY_TWO_BIT mode\n" if $b32;
-print "SIXTEEN_BIT mode\n" if $b16;
-print "EIGHT_BIT mode\n" if $b8;
-print "DES_PTR used\n" if $des_ptr;
-print "DES_RISC1 used\n" if $des_risc1;
-print "DES_RISC2 used\n" if $des_risc2;
-print "DES_UNROLL used\n" if $des_unroll;
-print "DES_INT used\n" if $des_int;
-print "BN_LLONG mode\n" if $bn_ll;
-print "RC4 uses u$type[$rc4_int]\n" if $rc4_int != $def_int;
-print "RC4_INDEX mode\n" if $rc4_idx;
-print "RC4_CHUNK is undefined\n" if $rc4_chunk==0;
-print "RC4_CHUNK is unsigned long\n" if $rc4_chunk==1;
-print "RC4_CHUNK is unsigned long long\n" if $rc4_chunk==2;
-print "MD2 uses u$type[$md2_int]\n" if $md2_int != $def_int;
-print "IDEA uses u$type[$idea_int]\n" if $idea_int != $def_int;
-print "RC2 uses u$type[$rc2_int]\n" if $rc2_int != $def_int;
-print "BF_PTR used\n" if $bf_ptr == 1;
-print "BF_PTR2 used\n" if $bf_ptr == 2;
-
-if($IsMK1MF) {
- open (OUT,">crypto/buildinf.h") || die "Can't open buildinf.h";
- printf OUT <<EOF;
-#ifndef MK1MF_BUILD
- /* auto-generated by Configure for crypto/cversion.c:
- * for Unix builds, crypto/Makefile.ssl generates functional definitions;
- * Windows builds (and other mk1mf builds) compile cversion.c with
- * -DMK1MF_BUILD and use definitions added to this file by util/mk1mf.pl. */
- #error "Windows builds (PLATFORM=$target) use mk1mf.pl-created Makefiles"
-#endif
-EOF
- close(OUT);
-} else {
- my $make_command = "$make PERL=\'$perl\'";
- my @make_targets = ();
- push @make_targets, "links" if $symlink;
- push @make_targets, "depend" if $depflags ne $default_depflags && $make_depend;
- push @make_targets, "gentests" if $symlink;
- foreach my $make_target (@make_targets) {
- (system "$make_command $make_target") == 0 or exit $?;
- }
- if ( $perl =~ m@^/@) {
- &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";');
- &dofile("apps/CA.pl",$perl,'^#!/', '#!%s');
- } else {
- # No path for Perl known ...
- &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";');
- &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
- }
- if ($depflags ne $default_depflags && !$make_depend) {
- $warn_make_depend++;
- }
-}
-
-# create the ms/version32.rc file if needed
-if ($IsMK1MF && ($target !~ /^netware/)) {
- my ($v1, $v2, $v3, $v4);
- if ($version_num =~ /(^[0-9a-f]{1})([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) {
- $v1=hex $1;
- $v2=hex $2;
- $v3=hex $3;
- $v4=hex $4;
- }
- open (OUT,">ms/version32.rc") || die "Can't open ms/version32.rc";
- print OUT <<EOF;
-#include <winver.h>
-
-LANGUAGE 0x09,0x01
-
-1 VERSIONINFO
- FILEVERSION $v1,$v2,$v3,$v4
- PRODUCTVERSION $v1,$v2,$v3,$v4
- FILEFLAGSMASK 0x3fL
-#ifdef _DEBUG
- FILEFLAGS 0x01L
-#else
- FILEFLAGS 0x00L
-#endif
- FILEOS VOS__WINDOWS32
- FILETYPE VFT_DLL
- FILESUBTYPE 0x0L
-BEGIN
- BLOCK "StringFileInfo"
- BEGIN
- BLOCK "040904b0"
- BEGIN
- // Required:
- VALUE "CompanyName", "The OpenSSL Project, http://www.openssl.org/\\0"
- VALUE "FileDescription", "OpenSSL Shared Library\\0"
- VALUE "FileVersion", "$version\\0"
-#if defined(CRYPTO)
- VALUE "InternalName", "libeay32\\0"
- VALUE "OriginalFilename", "libeay32.dll\\0"
-#elif defined(SSL)
- VALUE "InternalName", "ssleay32\\0"
- VALUE "OriginalFilename", "ssleay32.dll\\0"
-#endif
- VALUE "ProductName", "The OpenSSL Toolkit\\0"
- VALUE "ProductVersion", "$version\\0"
- // Optional:
- //VALUE "Comments", "\\0"
- VALUE "LegalCopyright", "Copyright 1998-2005 The OpenSSL Project. Copyright 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0"
- //VALUE "LegalTrademarks", "\\0"
- //VALUE "PrivateBuild", "\\0"
- //VALUE "SpecialBuild", "\\0"
- END
- END
- BLOCK "VarFileInfo"
- BEGIN
- VALUE "Translation", 0x409, 0x4b0
- END
-END
-EOF
- close(OUT);
- }
-
-print <<EOF;
-
-Configured for $target.
-EOF
-
-print <<\EOF if (!$no_threads && !$threads);
-
-The library could not be configured for supporting multi-threaded
-applications as the compiler options required on this system are not known.
-See file INSTALL for details if you need multi-threading.
-EOF
-
-print <<\EOF if ($no_shared_warn);
-
-You gave the option 'shared', which is not supported on this platform, so
-we will pretend you gave the option 'no-shared'. If you know how to implement
-shared libraries, please let us know (but please first make sure you have
-tried with a current version of OpenSSL).
-EOF
-
-print <<EOF if ($warn_make_depend);
-
-*** Because of configuration changes, you MUST do the following before
-*** building:
-
- make depend
-EOF
-
-exit(0);
-
-sub usage
- {
- print STDERR $usage;
- print STDERR "\npick os/compiler from:\n";
- my $j=0;
- my $i;
- my $k=0;
- foreach $i (sort keys %table)
- {
- next if $i =~ /^debug/;
- $k += length($i) + 1;
- if ($k > 78)
- {
- print STDERR "\n";
- $k=length($i);
- }
- print STDERR $i . " ";
- }
- foreach $i (sort keys %table)
- {
- next if $i !~ /^debug/;
- $k += length($i) + 1;
- if ($k > 78)
- {
- print STDERR "\n";
- $k=length($i);
- }
- print STDERR $i . " ";
- }
- print STDERR "\n\nNOTE: If in doubt, on Unix-ish systems use './config'.\n";
- exit(1);
- }
-
-sub which
- {
- my($name)=@_;
- my $path;
- foreach $path (split /:/, $ENV{PATH})
- {
- if (-f "$path/$name$exe_ext" and -x _)
- {
- return "$path/$name$exe_ext" unless ($name eq "perl" and
- system("$path/$name$exe_ext -e " . '\'exit($]<5.0);\''));
- }
- }
- }
-
-sub dofile
- {
- my $f; my $p; my %m; my @a; my $k; my $ff;
- ($f,$p,%m)=@_;
-
- open(IN,"<$f.in") || open(IN,"<$f") || die "unable to open $f:$!\n";
- @a=<IN>;
- close(IN);
- foreach $k (keys %m)
- {
- grep(/$k/ && ($_=sprintf($m{$k}."\n",$p)),@a);
- }
- open(OUT,">$f.new") || die "unable to open $f.new:$!\n";
- print OUT @a;
- close(OUT);
- rename($f,"$f.bak") || die "unable to rename $f\n" if -e $f;
- rename("$f.new",$f) || die "unable to rename $f.new\n";
- }
-
-sub print_table_entry
- {
- my $target = shift;
-
- my ($cc, $cflags, $unistd, $thread_cflag, $sys_id, $lflags,
- $bn_ops, $cpuid_obj, $bn_obj, $ec_obj, $des_obj, $aes_obj, $bf_obj,
- $md5_obj, $sha1_obj, $cast_obj, $rc4_obj, $rmd160_obj,
- $rc5_obj, $wp_obj, $cmll_obj, $modes_obj, $engines_obj,
- $perlasm_scheme, $dso_scheme, $shared_target, $shared_cflag,
- $shared_ldflag, $shared_extension, $ranlib, $arflags, $multilib)=
- split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
-
- print <<EOF
-
-*** $target
-\$cc = $cc
-\$cflags = $cflags
-\$unistd = $unistd
-\$thread_cflag = $thread_cflag
-\$sys_id = $sys_id
-\$lflags = $lflags
-\$bn_ops = $bn_ops
-\$cpuid_obj = $cpuid_obj
-\$bn_obj = $bn_obj
-\$ec_obj = $ec_obj
-\$des_obj = $des_obj
-\$aes_obj = $aes_obj
-\$bf_obj = $bf_obj
-\$md5_obj = $md5_obj
-\$sha1_obj = $sha1_obj
-\$cast_obj = $cast_obj
-\$rc4_obj = $rc4_obj
-\$rmd160_obj = $rmd160_obj
-\$rc5_obj = $rc5_obj
-\$wp_obj = $wp_obj
-\$cmll_obj = $cmll_obj
-\$modes_obj = $modes_obj
-\$engines_obj = $engines_obj
-\$perlasm_scheme = $perlasm_scheme
-\$dso_scheme = $dso_scheme
-\$shared_target= $shared_target
-\$shared_cflag = $shared_cflag
-\$shared_ldflag = $shared_ldflag
-\$shared_extension = $shared_extension
-\$ranlib = $ranlib
-\$arflags = $arflags
-\$multilib = $multilib
-EOF
- }
-
-sub test_sanity
- {
- my $errorcnt = 0;
-
- print STDERR "=" x 70, "\n";
- print STDERR "=== SANITY TESTING!\n";
- print STDERR "=== No configuration will be done, all other arguments will be ignored!\n";
- print STDERR "=" x 70, "\n";
-
- foreach $target (sort keys %table)
- {
- @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
-
- if ($fields[$idx_dso_scheme-1] =~ /^(beos|dl|dlfcn|win32|vms)$/)
- {
- $errorcnt++;
- print STDERR "SANITY ERROR: '$target' has the dso_scheme [$idx_dso_scheme] values\n";
- print STDERR " in the previous field\n";
- }
- elsif ($fields[$idx_dso_scheme+1] =~ /^(beos|dl|dlfcn|win32|vms)$/)
- {
- $errorcnt++;
- print STDERR "SANITY ERROR: '$target' has the dso_scheme [$idx_dso_scheme] values\n";
- print STDERR " in the following field\n";
- }
- elsif ($fields[$idx_dso_scheme] !~ /^(beos|dl|dlfcn|win32|vms|)$/)
- {
- $errorcnt++;
- print STDERR "SANITY ERROR: '$target' has the dso_scheme [$idx_dso_scheme] field = ",$fields[$idx_dso_scheme],"\n";
- print STDERR " valid values are 'beos', 'dl', 'dlfcn', 'win32' and 'vms'\n";
- }
- }
- print STDERR "No sanity errors detected!\n" if $errorcnt == 0;
- return $errorcnt;
- }
-
-sub file_newer
- {
- my ($file1, $file2) = @_;
- return (stat($file1))[9] > (stat($file2))[9]
- }
Property changes on: sources/packages/n/openssl10/create-1.0.2u-mips-O2-patch/openssl-1.0.2u-new/Configure
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: sources/packages/n/openssl10/create-1.0.2u-mips-O2-patch/openssl-1.0.2u-new
===================================================================
--- sources/packages/n/openssl10/create-1.0.2u-mips-O2-patch/openssl-1.0.2u-new (revision 419)
+++ sources/packages/n/openssl10/create-1.0.2u-mips-O2-patch/openssl-1.0.2u-new (nonexistent)
Property changes on: sources/packages/n/openssl10/create-1.0.2u-mips-O2-patch/openssl-1.0.2u-new
___________________________________________________________________
Deleted: svn:ignore
## -1,73 +0,0 ##
-
-# install dir
-dist
-
-# Target build dirs
-.a1x-newlib
-.a2x-newlib
-.at91sam7s-newlib
-
-.build-machine
-
-.a1x-glibc
-.a2x-glibc
-.h3-glibc
-.h5-glibc
-.i586-glibc
-.i686-glibc
-.imx6-glibc
-.jz47xx-glibc
-.makefile
-.am335x-glibc
-.omap543x-glibc
-.p5600-glibc
-.power8-glibc
-.power8le-glibc
-.power9-glibc
-.power9le-glibc
-.m1000-glibc
-.riscv64-glibc
-.rk328x-glibc
-.rk33xx-glibc
-.rk339x-glibc
-.s8xx-glibc
-.s9xx-glibc
-.x86_64-glibc
-
-# Hidden files (each file)
-.makefile
-.dist
-.rootfs
-
-# src & hw requires
-.src_requires
-.src_requires_depend
-.requires
-.requires_depend
-
-# Tarballs
-*.gz
-*.bz2
-*.lz
-*.xz
-*.tgz
-*.txz
-
-# Signatures
-*.asc
-*.sig
-*.sign
-*.sha1sum
-
-# Patches
-*.patch
-
-# Descriptions
-*.dsc
-*.txt
-
-# Default linux config files
-*.defconfig
-
-# backup copies
-*~
Index: sources/packages/n/openssl10/create-1.0.2u-mips-O2-patch/create.patch.sh
===================================================================
--- sources/packages/n/openssl10/create-1.0.2u-mips-O2-patch/create.patch.sh (revision 419)
+++ sources/packages/n/openssl10/create-1.0.2u-mips-O2-patch/create.patch.sh (nonexistent)
@@ -1,15 +0,0 @@
-#!/bin/sh
-
-VERSION=1.0.2u
-
-tar --files-from=file.list -xzvf ../openssl-$VERSION.tar.gz
-mv openssl-$VERSION openssl-$VERSION-orig
-
-cp -rf ./openssl-$VERSION-new ./openssl-$VERSION
-
-diff --unified -Nr openssl-$VERSION-orig openssl-$VERSION > openssl-$VERSION-mips-O2.patch
-
-mv openssl-$VERSION-mips-O2.patch ../patches
-
-rm -rf ./openssl-$VERSION
-rm -rf ./openssl-$VERSION-orig
Property changes on: sources/packages/n/openssl10/create-1.0.2u-mips-O2-patch/create.patch.sh
___________________________________________________________________
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: sources/packages/n/openssl10/create-1.0.2u-mips-O2-patch
===================================================================
--- sources/packages/n/openssl10/create-1.0.2u-mips-O2-patch (revision 419)
+++ sources/packages/n/openssl10/create-1.0.2u-mips-O2-patch (nonexistent)
Property changes on: sources/packages/n/openssl10/create-1.0.2u-mips-O2-patch
___________________________________________________________________
Deleted: svn:ignore
## -1,73 +0,0 ##
-
-# install dir
-dist
-
-# Target build dirs
-.a1x-newlib
-.a2x-newlib
-.at91sam7s-newlib
-
-.build-machine
-
-.a1x-glibc
-.a2x-glibc
-.h3-glibc
-.h5-glibc
-.i586-glibc
-.i686-glibc
-.imx6-glibc
-.jz47xx-glibc
-.makefile
-.am335x-glibc
-.omap543x-glibc
-.p5600-glibc
-.power8-glibc
-.power8le-glibc
-.power9-glibc
-.power9le-glibc
-.m1000-glibc
-.riscv64-glibc
-.rk328x-glibc
-.rk33xx-glibc
-.rk339x-glibc
-.s8xx-glibc
-.s9xx-glibc
-.x86_64-glibc
-
-# Hidden files (each file)
-.makefile
-.dist
-.rootfs
-
-# src & hw requires
-.src_requires
-.src_requires_depend
-.requires
-.requires_depend
-
-# Tarballs
-*.gz
-*.bz2
-*.lz
-*.xz
-*.tgz
-*.txz
-
-# Signatures
-*.asc
-*.sig
-*.sign
-*.sha1sum
-
-# Patches
-*.patch
-
-# Descriptions
-*.dsc
-*.txt
-
-# Default linux config files
-*.defconfig
-
-# backup copies
-*~
Index: sources/packages/n/openssl10
===================================================================
--- sources/packages/n/openssl10 (revision 419)
+++ sources/packages/n/openssl10 (nonexistent)
Property changes on: sources/packages/n/openssl10
___________________________________________________________________
Deleted: svn:ignore
## -1,73 +0,0 ##
-
-# install dir
-dist
-
-# Target build dirs
-.a1x-newlib
-.a2x-newlib
-.at91sam7s-newlib
-
-.build-machine
-
-.a1x-glibc
-.a2x-glibc
-.h3-glibc
-.h5-glibc
-.i586-glibc
-.i686-glibc
-.imx6-glibc
-.jz47xx-glibc
-.makefile
-.am335x-glibc
-.omap543x-glibc
-.p5600-glibc
-.power8-glibc
-.power8le-glibc
-.power9-glibc
-.power9le-glibc
-.m1000-glibc
-.riscv64-glibc
-.rk328x-glibc
-.rk33xx-glibc
-.rk339x-glibc
-.s8xx-glibc
-.s9xx-glibc
-.x86_64-glibc
-
-# Hidden files (each file)
-.makefile
-.dist
-.rootfs
-
-# src & hw requires
-.src_requires
-.src_requires_depend
-.requires
-.requires_depend
-
-# Tarballs
-*.gz
-*.bz2
-*.lz
-*.xz
-*.tgz
-*.txz
-
-# Signatures
-*.asc
-*.sig
-*.sign
-*.sha1sum
-
-# Patches
-*.patch
-
-# Descriptions
-*.dsc
-*.txt
-
-# Default linux config files
-*.defconfig
-
-# backup copies
-*~
Index: sources/packages/n/openssl/Makefile
===================================================================
--- sources/packages/n/openssl/Makefile (revision 419)
+++ sources/packages/n/openssl/Makefile (revision 420)
@@ -7,7 +7,7 @@
url = $(DOWNLOAD_SERVER)/sources/packages/n/openssl
-versions = 1.1.1r
+versions = 3.4.0
pkgname = openssl
suffix = tar.xz
@@ -15,10 +15,14 @@
tarballs = $(addsuffix .$(suffix), $(addprefix $(pkgname)-, $(versions)))
sha1s = $(addsuffix .sha1sum, $(tarballs))
+patches = $(CURDIR)/patches/openssl-3.4.0-legacy-provider.patch
-BUILD_TARGETS = $(tarballs) $(sha1s)
+.NOTPARALLEL: $(patches)
+BUILD_TARGETS = $(tarballs) $(sha1s) $(patches)
+
+
include ../../../../build-system/core.mk
@@ -44,5 +48,10 @@
fi ; \
done
+$(patches): $(sha1s)
+ @echo -e "\n======= Create Patches =======\n" ; \
+ ( cd create-3.4.0-legacy-provider-patch ; ./create.patch.sh ) ; \
+ echo -e "\n"
+
download_clean:
- @rm -f $(tarballs) $(sha1s)
+ @rm -f $(tarballs) $(sha1s) $(patches)
Index: sources/packages/n/openssl/create-3.4.0-legacy-provider-patch/create.patch.sh
===================================================================
--- sources/packages/n/openssl/create-3.4.0-legacy-provider-patch/create.patch.sh (nonexistent)
+++ sources/packages/n/openssl/create-3.4.0-legacy-provider-patch/create.patch.sh (revision 420)
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+VERSION=3.4.0
+
+tar --files-from=file.list -xJvf ../openssl-$VERSION.tar.xz
+mv openssl-$VERSION openssl-$VERSION-orig
+
+cp -rf ./openssl-$VERSION-new ./openssl-$VERSION
+
+diff --unified -Nr openssl-$VERSION-orig openssl-$VERSION > openssl-$VERSION-legacy-provider.patch
+
+mv openssl-$VERSION-legacy-provider.patch ../patches
+
+rm -rf ./openssl-$VERSION
+rm -rf ./openssl-$VERSION-orig
Property changes on: sources/packages/n/openssl/create-3.4.0-legacy-provider-patch/create.patch.sh
___________________________________________________________________
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
Index: sources/packages/n/openssl/create-3.4.0-legacy-provider-patch/file.list
===================================================================
--- sources/packages/n/openssl/create-3.4.0-legacy-provider-patch/file.list (nonexistent)
+++ sources/packages/n/openssl/create-3.4.0-legacy-provider-patch/file.list (revision 420)
@@ -0,0 +1 @@
+openssl-3.4.0/apps/openssl.cnf
Index: sources/packages/n/openssl/create-3.4.0-legacy-provider-patch/openssl-3.4.0-new/apps/openssl.cnf
===================================================================
--- sources/packages/n/openssl/create-3.4.0-legacy-provider-patch/openssl-3.4.0-new/apps/openssl.cnf (nonexistent)
+++ sources/packages/n/openssl/create-3.4.0-legacy-provider-patch/openssl-3.4.0-new/apps/openssl.cnf (revision 420)
@@ -0,0 +1,388 @@
+#
+# OpenSSL example configuration file.
+# See doc/man5/config.pod for more info.
+#
+# This is mostly being used for generation of certificate requests,
+# but may be used for auto loading of providers
+
+# Note that you can include other files from the main configuration
+# file using the .include directive.
+#.include filename
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME = .
+
+# Use this in order to automatically load providers.
+openssl_conf = openssl_init
+
+# Comment out the next line to ignore configuration errors
+config_diagnostics = 1
+
+# Extra OBJECT IDENTIFIER info:
+# oid_file = $ENV::HOME/.oid
+oid_section = new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions =
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+# Policies used by the TSA examples.
+tsa_policy1 = 1.2.3.4.1
+tsa_policy2 = 1.2.3.4.5.6
+tsa_policy3 = 1.2.3.4.5.7
+
+[openssl_init]
+providers = provider_sect
+
+# List of providers to load:
+# Uncomment the sections that start with ## below to enable the legacy provider.
+# Loading the legacy provider enables support for the following algorithms:
+# Hashing Algorithms / Message Digests: MD2, MD4, MDC2, WHIRLPOOL, RIPEMD160
+# Symmetric Ciphers: Blowfish, CAST, DES, IDEA, RC2, RC4,RC5, SEED
+# Key Derivation Function (KDF): PBKDF1
+# In general it is not recommended to use the above mentioned algorithms for
+# security critical operations, as they are cryptographically weak or vulnerable
+# to side-channel attacks and as such have been deprecated.
+# If you add a section explicitly activating any other provider(s), you most
+# probably need to explicitly activate the default provider, otherwise it
+# becomes unavailable in openssl. As a consequence applications depending on
+# OpenSSL may not work correctly which could lead to significant system
+# problems including inability to remotely access the system.
+
+[provider_sect]
+default = default_sect
+##legacy = legacy_sect
+
+[default_sect]
+activate = 1
+
+##[legacy_sect]
+##activate = 1
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = ./demoCA # Where everything is kept
+certs = $dir/certs # Where the issued certs are kept
+crl_dir = $dir/crl # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+#unique_subject = no # Set to 'no' to allow creation of
+ # several certs with same subject.
+new_certs_dir = $dir/newcerts # default place for new certs.
+
+certificate = $dir/cacert.pem # The CA certificate
+serial = $dir/serial # The current serial number
+crlnumber = $dir/crlnumber # the current crl number
+ # must be commented out to leave a V1 CRL
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/cakey.pem # The private key
+
+x509_extensions = usr_cert # The extensions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions = crl_ext
+
+default_days = 365 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = default # use public key default MD
+preserve = no # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+####################################################################
+[ req ]
+default_bits = 2048
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+x509_extensions = v3_ca # The extensions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix : PrintableString, BMPString (PKIX recommendation before 2004)
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
+string_mask = utf8only
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = AU
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = Some-State
+
+localityName = Locality Name (eg, city)
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName = Second Organization Name (eg, company)
+#1.organizationName_default = World Wide Web Pty Ltd
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+#organizationalUnitName_default =
+
+commonName = Common Name (e.g. server FQDN or YOUR name)
+commonName_max = 64
+
+emailAddress = Email Address
+emailAddress_max = 64
+
+# SET-ex3 = SET extension number 3
+
+[ req_attributes ]
+challengePassword = A challenge password
+challengePassword_min = 4
+challengePassword_max = 20
+
+unstructuredName = An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+# This is required for TSA certificates.
+# extendedKeyUsage = critical,timeStamping
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer
+
+basicConstraints = critical,CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
+
+####################################################################
+[ tsa ]
+
+default_tsa = tsa_config1 # the default TSA section
+
+[ tsa_config1 ]
+
+# These are used by the TSA reply generation only.
+dir = ./demoCA # TSA root directory
+serial = $dir/tsaserial # The current serial number (mandatory)
+crypto_device = builtin # OpenSSL engine to use for signing
+signer_cert = $dir/tsacert.pem # The TSA signing certificate
+ # (optional)
+certs = $dir/cacert.pem # Certificate chain to include in reply
+ # (optional)
+signer_key = $dir/private/tsakey.pem # The TSA private key (optional)
+signer_digest = sha256 # Signing digest to use. (Optional)
+default_policy = tsa_policy1 # Policy if request did not specify it
+ # (optional)
+other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
+digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory)
+accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
+clock_precision_digits = 0 # number of digits after dot. (optional)
+ordering = yes # Is ordering defined for timestamps?
+ # (optional, default: no)
+tsa_name = yes # Must the TSA name be included in the reply?
+ # (optional, default: no)
+ess_cert_id_chain = no # Must the ESS cert id chain be included?
+ # (optional, default: no)
+ess_cert_id_alg = sha256 # algorithm to compute certificate
+ # identifier (optional, default: sha256)
+
+[insta] # CMP using Insta Demo CA
+# Message transfer
+server = pki.certificate.fi:8700
+# proxy = # set this as far as needed, e.g., http://192.168.1.1:8080
+# tls_use = 0
+path = pkix/
+
+# Server authentication
+recipient = "/C=FI/O=Insta Demo/CN=Insta Demo CA" # or set srvcert or issuer
+ignore_keyusage = 1 # potentially needed quirk
+unprotected_errors = 1 # potentially needed quirk
+extracertsout = insta.extracerts.pem
+
+# Client authentication
+ref = 3078 # user identification
+secret = pass:insta # can be used for both client and server side
+
+# Generic message options
+cmd = ir # default operation, can be overridden on cmd line with, e.g., kur
+
+# Certificate enrollment
+subject = "/CN=openssl-cmp-test"
+newkey = insta.priv.pem
+out_trusted = apps/insta.ca.crt # does not include keyUsage digitalSignature
+certout = insta.cert.pem
+
+[pbm] # Password-based protection for Insta CA
+# Server and client authentication
+ref = $insta::ref # 3078
+secret = $insta::secret # pass:insta
+
+[signature] # Signature-based protection for Insta CA
+# Server authentication
+trusted = $insta::out_trusted # apps/insta.ca.crt
+
+# Client authentication
+secret = # disable PBM
+key = $insta::newkey # insta.priv.pem
+cert = $insta::certout # insta.cert.pem
+
+[ir]
+cmd = ir
+
+[cr]
+cmd = cr
+
+[kur]
+# Certificate update
+cmd = kur
+oldcert = $insta::certout # insta.cert.pem
+
+[rr]
+# Certificate revocation
+cmd = rr
+oldcert = $insta::certout # insta.cert.pem
Index: sources/packages/n/openssl/patches/README
===================================================================
--- sources/packages/n/openssl/patches/README (nonexistent)
+++ sources/packages/n/openssl/patches/README (revision 420)
@@ -0,0 +1,6 @@
+
+/* begin *
+
+ TODO: Leave some comment here.
+
+ * end */
Index: sources/packages/n/openssl/patches
===================================================================
--- sources/packages/n/openssl/patches (nonexistent)
+++ sources/packages/n/openssl/patches (revision 420)
Property changes on: sources/packages/n/openssl/patches
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,74 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.rk358x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: sources/packages/n/openssl
===================================================================
--- sources/packages/n/openssl (revision 419)
+++ sources/packages/n/openssl (revision 420)
Property changes on: sources/packages/n/openssl
___________________________________________________________________
Modified: svn:ignore
## -30,6 +30,7 ##
.rk328x-glibc
.rk33xx-glibc
.rk339x-glibc
+.rk358x-glibc
.s8xx-glibc
.s9xx-glibc
.x86_64-glibc
Index: sources/packages/n/openssl11/Makefile
===================================================================
--- sources/packages/n/openssl11/Makefile (nonexistent)
+++ sources/packages/n/openssl11/Makefile (revision 420)
@@ -0,0 +1,57 @@
+
+COMPONENT_TARGETS = $(HARDWARE_NOARCH)
+
+
+include ../../../../build-system/constants.mk
+
+
+url = $(DOWNLOAD_SERVER)/sources/packages/n/openssl
+
+versions = 1.1.1w
+
+pkgname = openssl
+suffix = tar.xz
+
+tarballs = $(addsuffix .$(suffix), $(addprefix $(pkgname)-, $(versions)))
+sha1s = $(addsuffix .sha1sum, $(tarballs))
+
+patches = $(CURDIR)/patches/openssl-1.1.1w-CVE-2024-5535.patch
+
+.NOTPARALLEL: $(patches)
+
+
+BUILD_TARGETS = $(tarballs) $(sha1s) $(patches)
+
+
+include ../../../../build-system/core.mk
+
+
+.PHONY: download_clean
+
+
+$(tarballs):
+ @echo -e "\n======= Downloading source tarballs =======" ; \
+ for tarball in $(tarballs) ; do \
+ echo "$(url)/$$tarball" | xargs -n 1 -P 100 wget $(WGET_OPTIONS) - & \
+ done ; wait
+
+$(sha1s): $(tarballs)
+ @for sha in $@ ; do \
+ echo -e "\n======= Downloading '$$sha' signature =======\n" ; \
+ echo "$(url)/$$sha" | xargs -n 1 -P 100 wget $(WGET_OPTIONS) - & wait %1 ; \
+ touch $$sha ; \
+ echo -e "\n======= Check the '$$sha' sha1sum =======\n" ; \
+ sha1sum --check $$sha ; ret="$$?" ; \
+ if [ "$$ret" == "1" ]; then \
+ echo -e "\n======= ERROR: Bad '$$sha' sha1sum =======\n" ; \
+ exit 1 ; \
+ fi ; \
+ done
+
+$(patches): $(sha1s)
+ @echo -e "\n======= Create Patches =======\n" ; \
+ ( cd create-1.1.1w-CVE-2024-5535-patch ; ./create.patch.sh ) ; \
+ echo -e "\n"
+
+download_clean:
+ @rm -f $(tarballs) $(sha1s) $(patches)
Index: sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/create.patch.sh
===================================================================
--- sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/create.patch.sh (nonexistent)
+++ sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/create.patch.sh (revision 420)
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+VERSION=1.1.1w
+
+tar --files-from=file.list -xJvf ../openssl-$VERSION.tar.xz
+mv openssl-$VERSION openssl-$VERSION-orig
+
+cp -rf ./openssl-$VERSION-new ./openssl-$VERSION
+
+diff --unified -Nr openssl-$VERSION-orig openssl-$VERSION > openssl-$VERSION-CVE-2024-5535.patch
+
+mv openssl-$VERSION-CVE-2024-5535.patch ../patches
+
+rm -rf ./openssl-$VERSION
+rm -rf ./openssl-$VERSION-orig
Property changes on: sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/create.patch.sh
___________________________________________________________________
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
Index: sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/file.list
===================================================================
--- sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/file.list (nonexistent)
+++ sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/file.list (revision 420)
@@ -0,0 +1,20 @@
+openssl-1.1.1w/crypto/dh/dh_check.c
+openssl-1.1.1w/crypto/dh/dh_err.c
+openssl-1.1.1w/crypto/dh/dh_key.c
+openssl-1.1.1w/crypto/err/openssl.txt
+openssl-1.1.1w/crypto/pkcs12/p12_add.c
+openssl-1.1.1w/crypto/pkcs12/p12_mutl.c
+openssl-1.1.1w/crypto/pkcs12/p12_npas.c
+openssl-1.1.1w/crypto/pkcs12/pk12err.c
+openssl-1.1.1w/crypto/pkcs7/pk7_mime.c
+openssl-1.1.1w/include/openssl/dh.h
+openssl-1.1.1w/include/openssl/dherr.h
+openssl-1.1.1w/include/openssl/opensslv.h
+openssl-1.1.1w/include/openssl/pkcs12err.h
+openssl-1.1.1w/include/openssl/ssl.h
+openssl-1.1.1w/ssl/record/rec_layer_s3.c
+openssl-1.1.1w/ssl/record/record.h
+openssl-1.1.1w/ssl/ssl_lib.c
+openssl-1.1.1w/ssl/ssl_local.h
+openssl-1.1.1w/ssl/ssl_sess.c
+openssl-1.1.1w/ssl/statem/statem_srvr.c
Index: sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/crypto/dh/dh_check.c
===================================================================
--- sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/crypto/dh/dh_check.c (nonexistent)
+++ sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/crypto/dh/dh_check.c (revision 420)
@@ -0,0 +1,241 @@
+/*
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include "dh_local.h"
+
+# define DH_NUMBER_ITERATIONS_FOR_PRIME 64
+
+/*-
+ * Check that p and g are suitable enough
+ *
+ * p is odd
+ * 1 < g < p - 1
+ */
+int DH_check_params_ex(const DH *dh)
+{
+ int errflags = 0;
+
+ if (!DH_check_params(dh, &errflags))
+ return 0;
+
+ if ((errflags & DH_CHECK_P_NOT_PRIME) != 0)
+ DHerr(DH_F_DH_CHECK_PARAMS_EX, DH_R_CHECK_P_NOT_PRIME);
+ if ((errflags & DH_NOT_SUITABLE_GENERATOR) != 0)
+ DHerr(DH_F_DH_CHECK_PARAMS_EX, DH_R_NOT_SUITABLE_GENERATOR);
+
+ return errflags == 0;
+}
+
+int DH_check_params(const DH *dh, int *ret)
+{
+ int ok = 0;
+ BIGNUM *tmp = NULL;
+ BN_CTX *ctx = NULL;
+
+ *ret = 0;
+ ctx = BN_CTX_new();
+ if (ctx == NULL)
+ goto err;
+ BN_CTX_start(ctx);
+ tmp = BN_CTX_get(ctx);
+ if (tmp == NULL)
+ goto err;
+
+ if (!BN_is_odd(dh->p))
+ *ret |= DH_CHECK_P_NOT_PRIME;
+ if (BN_is_negative(dh->g) || BN_is_zero(dh->g) || BN_is_one(dh->g))
+ *ret |= DH_NOT_SUITABLE_GENERATOR;
+ if (BN_copy(tmp, dh->p) == NULL || !BN_sub_word(tmp, 1))
+ goto err;
+ if (BN_cmp(dh->g, tmp) >= 0)
+ *ret |= DH_NOT_SUITABLE_GENERATOR;
+
+ ok = 1;
+ err:
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ return ok;
+}
+
+/*-
+ * Check that p is a safe prime and
+ * g is a suitable generator.
+ */
+int DH_check_ex(const DH *dh)
+{
+ int errflags = 0;
+
+ if (!DH_check(dh, &errflags))
+ return 0;
+
+ if ((errflags & DH_NOT_SUITABLE_GENERATOR) != 0)
+ DHerr(DH_F_DH_CHECK_EX, DH_R_NOT_SUITABLE_GENERATOR);
+ if ((errflags & DH_CHECK_Q_NOT_PRIME) != 0)
+ DHerr(DH_F_DH_CHECK_EX, DH_R_CHECK_Q_NOT_PRIME);
+ if ((errflags & DH_CHECK_INVALID_Q_VALUE) != 0)
+ DHerr(DH_F_DH_CHECK_EX, DH_R_CHECK_INVALID_Q_VALUE);
+ if ((errflags & DH_CHECK_INVALID_J_VALUE) != 0)
+ DHerr(DH_F_DH_CHECK_EX, DH_R_CHECK_INVALID_J_VALUE);
+ if ((errflags & DH_UNABLE_TO_CHECK_GENERATOR) != 0)
+ DHerr(DH_F_DH_CHECK_EX, DH_R_UNABLE_TO_CHECK_GENERATOR);
+ if ((errflags & DH_CHECK_P_NOT_PRIME) != 0)
+ DHerr(DH_F_DH_CHECK_EX, DH_R_CHECK_P_NOT_PRIME);
+ if ((errflags & DH_CHECK_P_NOT_SAFE_PRIME) != 0)
+ DHerr(DH_F_DH_CHECK_EX, DH_R_CHECK_P_NOT_SAFE_PRIME);
+
+ return errflags == 0;
+}
+
+int DH_check(const DH *dh, int *ret)
+{
+ int ok = 0, r, q_good = 0;
+ BN_CTX *ctx = NULL;
+ BIGNUM *t1 = NULL, *t2 = NULL;
+
+ /* Don't do any checks at all with an excessively large modulus */
+ if (BN_num_bits(dh->p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) {
+ DHerr(DH_F_DH_CHECK, DH_R_MODULUS_TOO_LARGE);
+ *ret = DH_CHECK_P_NOT_PRIME;
+ return 0;
+ }
+
+ if (!DH_check_params(dh, ret))
+ return 0;
+
+ ctx = BN_CTX_new();
+ if (ctx == NULL)
+ goto err;
+ BN_CTX_start(ctx);
+ t1 = BN_CTX_get(ctx);
+ t2 = BN_CTX_get(ctx);
+ if (t2 == NULL)
+ goto err;
+
+ if (dh->q != NULL) {
+ if (BN_ucmp(dh->p, dh->q) > 0)
+ q_good = 1;
+ else
+ *ret |= DH_CHECK_INVALID_Q_VALUE;
+ }
+
+ if (q_good) {
+ if (BN_cmp(dh->g, BN_value_one()) <= 0)
+ *ret |= DH_NOT_SUITABLE_GENERATOR;
+ else if (BN_cmp(dh->g, dh->p) >= 0)
+ *ret |= DH_NOT_SUITABLE_GENERATOR;
+ else {
+ /* Check g^q == 1 mod p */
+ if (!BN_mod_exp(t1, dh->g, dh->q, dh->p, ctx))
+ goto err;
+ if (!BN_is_one(t1))
+ *ret |= DH_NOT_SUITABLE_GENERATOR;
+ }
+ r = BN_is_prime_ex(dh->q, DH_NUMBER_ITERATIONS_FOR_PRIME, ctx, NULL);
+ if (r < 0)
+ goto err;
+ if (!r)
+ *ret |= DH_CHECK_Q_NOT_PRIME;
+ /* Check p == 1 mod q i.e. q divides p - 1 */
+ if (!BN_div(t1, t2, dh->p, dh->q, ctx))
+ goto err;
+ if (!BN_is_one(t2))
+ *ret |= DH_CHECK_INVALID_Q_VALUE;
+ if (dh->j && BN_cmp(dh->j, t1))
+ *ret |= DH_CHECK_INVALID_J_VALUE;
+ }
+
+ r = BN_is_prime_ex(dh->p, DH_NUMBER_ITERATIONS_FOR_PRIME, ctx, NULL);
+ if (r < 0)
+ goto err;
+ if (!r)
+ *ret |= DH_CHECK_P_NOT_PRIME;
+ else if (!dh->q) {
+ if (!BN_rshift1(t1, dh->p))
+ goto err;
+ r = BN_is_prime_ex(t1, DH_NUMBER_ITERATIONS_FOR_PRIME, ctx, NULL);
+ if (r < 0)
+ goto err;
+ if (!r)
+ *ret |= DH_CHECK_P_NOT_SAFE_PRIME;
+ }
+ ok = 1;
+ err:
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ return ok;
+}
+
+int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key)
+{
+ int errflags = 0;
+
+ if (!DH_check_pub_key(dh, pub_key, &errflags))
+ return 0;
+
+ if ((errflags & DH_CHECK_PUBKEY_TOO_SMALL) != 0)
+ DHerr(DH_F_DH_CHECK_PUB_KEY_EX, DH_R_CHECK_PUBKEY_TOO_SMALL);
+ if ((errflags & DH_CHECK_PUBKEY_TOO_LARGE) != 0)
+ DHerr(DH_F_DH_CHECK_PUB_KEY_EX, DH_R_CHECK_PUBKEY_TOO_LARGE);
+ if ((errflags & DH_CHECK_PUBKEY_INVALID) != 0)
+ DHerr(DH_F_DH_CHECK_PUB_KEY_EX, DH_R_CHECK_PUBKEY_INVALID);
+
+ return errflags == 0;
+}
+
+int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
+{
+ int ok = 0;
+ BIGNUM *tmp = NULL;
+ BN_CTX *ctx = NULL;
+
+ *ret = 0;
+
+ /* Don't do any checks at all with an excessively large modulus */
+ if (BN_num_bits(dh->p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) {
+ DHerr(DH_F_DH_CHECK_PUB_KEY, DH_R_MODULUS_TOO_LARGE);
+ *ret = DH_CHECK_P_NOT_PRIME | DH_CHECK_PUBKEY_INVALID;
+ return 0;
+ }
+
+ if (dh->q != NULL && BN_ucmp(dh->p, dh->q) < 0) {
+ *ret |= DH_CHECK_INVALID_Q_VALUE | DH_CHECK_PUBKEY_INVALID;
+ return 1;
+ }
+
+ ctx = BN_CTX_new();
+ if (ctx == NULL)
+ goto err;
+ BN_CTX_start(ctx);
+ tmp = BN_CTX_get(ctx);
+ if (tmp == NULL || !BN_set_word(tmp, 1))
+ goto err;
+ if (BN_cmp(pub_key, tmp) <= 0)
+ *ret |= DH_CHECK_PUBKEY_TOO_SMALL;
+ if (BN_copy(tmp, dh->p) == NULL || !BN_sub_word(tmp, 1))
+ goto err;
+ if (BN_cmp(pub_key, tmp) >= 0)
+ *ret |= DH_CHECK_PUBKEY_TOO_LARGE;
+
+ if (dh->q != NULL) {
+ /* Check pub_key^q == 1 mod p */
+ if (!BN_mod_exp(tmp, pub_key, dh->q, dh->p, ctx))
+ goto err;
+ if (!BN_is_one(tmp))
+ *ret |= DH_CHECK_PUBKEY_INVALID;
+ }
+
+ ok = 1;
+ err:
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ return ok;
+}
Index: sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/crypto/dh/dh_err.c
===================================================================
--- sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/crypto/dh/dh_err.c (nonexistent)
+++ sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/crypto/dh/dh_err.c (revision 420)
@@ -0,0 +1,104 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/dherr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA DH_str_functs[] = {
+ {ERR_PACK(ERR_LIB_DH, DH_F_COMPUTE_KEY, 0), "compute_key"},
+ {ERR_PACK(ERR_LIB_DH, DH_F_DHPARAMS_PRINT_FP, 0), "DHparams_print_fp"},
+ {ERR_PACK(ERR_LIB_DH, DH_F_DH_BUILTIN_GENPARAMS, 0),
+ "dh_builtin_genparams"},
+ {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK, 0), "DH_check"},
+ {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_EX, 0), "DH_check_ex"},
+ {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PARAMS_EX, 0), "DH_check_params_ex"},
+ {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PUB_KEY, 0), "DH_check_pub_key"},
+ {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PUB_KEY_EX, 0), "DH_check_pub_key_ex"},
+ {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_DECRYPT, 0), "dh_cms_decrypt"},
+ {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_PEERKEY, 0), "dh_cms_set_peerkey"},
+ {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_SHARED_INFO, 0),
+ "dh_cms_set_shared_info"},
+ {ERR_PACK(ERR_LIB_DH, DH_F_DH_METH_DUP, 0), "DH_meth_dup"},
+ {ERR_PACK(ERR_LIB_DH, DH_F_DH_METH_NEW, 0), "DH_meth_new"},
+ {ERR_PACK(ERR_LIB_DH, DH_F_DH_METH_SET1_NAME, 0), "DH_meth_set1_name"},
+ {ERR_PACK(ERR_LIB_DH, DH_F_DH_NEW_BY_NID, 0), "DH_new_by_nid"},
+ {ERR_PACK(ERR_LIB_DH, DH_F_DH_NEW_METHOD, 0), "DH_new_method"},
+ {ERR_PACK(ERR_LIB_DH, DH_F_DH_PARAM_DECODE, 0), "dh_param_decode"},
+ {ERR_PACK(ERR_LIB_DH, DH_F_DH_PKEY_PUBLIC_CHECK, 0),
+ "dh_pkey_public_check"},
+ {ERR_PACK(ERR_LIB_DH, DH_F_DH_PRIV_DECODE, 0), "dh_priv_decode"},
+ {ERR_PACK(ERR_LIB_DH, DH_F_DH_PRIV_ENCODE, 0), "dh_priv_encode"},
+ {ERR_PACK(ERR_LIB_DH, DH_F_DH_PUB_DECODE, 0), "dh_pub_decode"},
+ {ERR_PACK(ERR_LIB_DH, DH_F_DH_PUB_ENCODE, 0), "dh_pub_encode"},
+ {ERR_PACK(ERR_LIB_DH, DH_F_DO_DH_PRINT, 0), "do_dh_print"},
+ {ERR_PACK(ERR_LIB_DH, DH_F_GENERATE_KEY, 0), "generate_key"},
+ {ERR_PACK(ERR_LIB_DH, DH_F_PKEY_DH_CTRL_STR, 0), "pkey_dh_ctrl_str"},
+ {ERR_PACK(ERR_LIB_DH, DH_F_PKEY_DH_DERIVE, 0), "pkey_dh_derive"},
+ {ERR_PACK(ERR_LIB_DH, DH_F_PKEY_DH_INIT, 0), "pkey_dh_init"},
+ {ERR_PACK(ERR_LIB_DH, DH_F_PKEY_DH_KEYGEN, 0), "pkey_dh_keygen"},
+ {0, NULL}
+};
+
+static const ERR_STRING_DATA DH_str_reasons[] = {
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_BAD_GENERATOR), "bad generator"},
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_BN_DECODE_ERROR), "bn decode error"},
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_BN_ERROR), "bn error"},
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_INVALID_J_VALUE),
+ "check invalid j value"},
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_INVALID_Q_VALUE),
+ "check invalid q value"},
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_PUBKEY_INVALID),
+ "check pubkey invalid"},
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_PUBKEY_TOO_LARGE),
+ "check pubkey too large"},
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_PUBKEY_TOO_SMALL),
+ "check pubkey too small"},
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_P_NOT_PRIME), "check p not prime"},
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_P_NOT_SAFE_PRIME),
+ "check p not safe prime"},
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_Q_NOT_PRIME), "check q not prime"},
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_DECODE_ERROR), "decode error"},
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_INVALID_PARAMETER_NAME),
+ "invalid parameter name"},
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_INVALID_PARAMETER_NID),
+ "invalid parameter nid"},
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_INVALID_PUBKEY), "invalid public key"},
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_KDF_PARAMETER_ERROR), "kdf parameter error"},
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_KEYS_NOT_SET), "keys not set"},
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_MISSING_PUBKEY), "missing pubkey"},
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_MODULUS_TOO_LARGE), "modulus too large"},
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_NOT_SUITABLE_GENERATOR),
+ "not suitable generator"},
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_NO_PARAMETERS_SET), "no parameters set"},
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_NO_PRIVATE_VALUE), "no private value"},
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_PARAMETER_ENCODING_ERROR),
+ "parameter encoding error"},
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_PEER_KEY_ERROR), "peer key error"},
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_Q_TOO_LARGE), "q too large"},
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_SHARED_INFO_ERROR), "shared info error"},
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_UNABLE_TO_CHECK_GENERATOR),
+ "unable to check generator"},
+ {0, NULL}
+};
+
+#endif
+
+int ERR_load_DH_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+ if (ERR_func_error_string(DH_str_functs[0].error) == NULL) {
+ ERR_load_strings_const(DH_str_functs);
+ ERR_load_strings_const(DH_str_reasons);
+ }
+#endif
+ return 1;
+}
Index: sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/crypto/dh/dh_key.c
===================================================================
--- sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/crypto/dh/dh_key.c (nonexistent)
+++ sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/crypto/dh/dh_key.c (revision 420)
@@ -0,0 +1,276 @@
+/*
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "dh_local.h"
+#include "crypto/bn.h"
+
+static int generate_key(DH *dh);
+static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
+static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
+ const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+static int dh_init(DH *dh);
+static int dh_finish(DH *dh);
+
+int DH_generate_key(DH *dh)
+{
+ return dh->meth->generate_key(dh);
+}
+
+/*-
+ * NB: This function is inherently not constant time due to the
+ * RFC 5246 (8.1.2) padding style that strips leading zero bytes.
+ */
+int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+{
+ int ret = 0, i;
+ volatile size_t npad = 0, mask = 1;
+
+ /* compute the key; ret is constant unless compute_key is external */
+ if ((ret = dh->meth->compute_key(key, pub_key, dh)) <= 0)
+ return ret;
+
+ /* count leading zero bytes, yet still touch all bytes */
+ for (i = 0; i < ret; i++) {
+ mask &= !key[i];
+ npad += mask;
+ }
+
+ /* unpad key */
+ ret -= npad;
+ /* key-dependent memory access, potentially leaking npad / ret */
+ memmove(key, key + npad, ret);
+ /* key-dependent memory access, potentially leaking npad / ret */
+ memset(key + ret, 0, npad);
+
+ return ret;
+}
+
+int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+{
+ int rv, pad;
+
+ /* rv is constant unless compute_key is external */
+ rv = dh->meth->compute_key(key, pub_key, dh);
+ if (rv <= 0)
+ return rv;
+ pad = BN_num_bytes(dh->p) - rv;
+ /* pad is constant (zero) unless compute_key is external */
+ if (pad > 0) {
+ memmove(key + pad, key, rv);
+ memset(key, 0, pad);
+ }
+ return rv + pad;
+}
+
+static DH_METHOD dh_ossl = {
+ "OpenSSL DH Method",
+ generate_key,
+ compute_key,
+ dh_bn_mod_exp,
+ dh_init,
+ dh_finish,
+ DH_FLAG_FIPS_METHOD,
+ NULL,
+ NULL
+};
+
+static const DH_METHOD *default_DH_method = &dh_ossl;
+
+const DH_METHOD *DH_OpenSSL(void)
+{
+ return &dh_ossl;
+}
+
+void DH_set_default_method(const DH_METHOD *meth)
+{
+ default_DH_method = meth;
+}
+
+const DH_METHOD *DH_get_default_method(void)
+{
+ return default_DH_method;
+}
+
+static int generate_key(DH *dh)
+{
+ int ok = 0;
+ int generate_new_key = 0;
+ unsigned l;
+ BN_CTX *ctx = NULL;
+ BN_MONT_CTX *mont = NULL;
+ BIGNUM *pub_key = NULL, *priv_key = NULL;
+
+ if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
+ DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE);
+ return 0;
+ }
+
+ if (dh->q != NULL && BN_num_bits(dh->q) > OPENSSL_DH_MAX_MODULUS_BITS) {
+ DHerr(DH_F_GENERATE_KEY, DH_R_Q_TOO_LARGE);
+ return 0;
+ }
+
+ ctx = BN_CTX_new();
+ if (ctx == NULL)
+ goto err;
+
+ if (dh->priv_key == NULL) {
+ priv_key = BN_secure_new();
+ if (priv_key == NULL)
+ goto err;
+ generate_new_key = 1;
+ } else
+ priv_key = dh->priv_key;
+
+ if (dh->pub_key == NULL) {
+ pub_key = BN_new();
+ if (pub_key == NULL)
+ goto err;
+ } else
+ pub_key = dh->pub_key;
+
+ if (dh->flags & DH_FLAG_CACHE_MONT_P) {
+ mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
+ dh->lock, dh->p, ctx);
+ if (!mont)
+ goto err;
+ }
+
+ if (generate_new_key) {
+ if (dh->q) {
+ do {
+ if (!BN_priv_rand_range(priv_key, dh->q))
+ goto err;
+ }
+ while (BN_is_zero(priv_key) || BN_is_one(priv_key));
+ } else {
+ /* secret exponent length */
+ l = dh->length ? dh->length : BN_num_bits(dh->p) - 1;
+ if (!BN_priv_rand(priv_key, l, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))
+ goto err;
+ /*
+ * We handle just one known case where g is a quadratic non-residue:
+ * for g = 2: p % 8 == 3
+ */
+ if (BN_is_word(dh->g, DH_GENERATOR_2) && !BN_is_bit_set(dh->p, 2)) {
+ /* clear bit 0, since it won't be a secret anyway */
+ if (!BN_clear_bit(priv_key, 0))
+ goto err;
+ }
+ }
+ }
+
+ {
+ BIGNUM *prk = BN_new();
+
+ if (prk == NULL)
+ goto err;
+ BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
+
+ if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) {
+ BN_clear_free(prk);
+ goto err;
+ }
+ /* We MUST free prk before any further use of priv_key */
+ BN_clear_free(prk);
+ }
+
+ dh->pub_key = pub_key;
+ dh->priv_key = priv_key;
+ ok = 1;
+ err:
+ if (ok != 1)
+ DHerr(DH_F_GENERATE_KEY, ERR_R_BN_LIB);
+
+ if (pub_key != dh->pub_key)
+ BN_free(pub_key);
+ if (priv_key != dh->priv_key)
+ BN_free(priv_key);
+ BN_CTX_free(ctx);
+ return ok;
+}
+
+static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+{
+ BN_CTX *ctx = NULL;
+ BN_MONT_CTX *mont = NULL;
+ BIGNUM *tmp;
+ int ret = -1;
+ int check_result;
+
+ if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
+ DHerr(DH_F_COMPUTE_KEY, DH_R_MODULUS_TOO_LARGE);
+ goto err;
+ }
+
+ if (dh->q != NULL && BN_num_bits(dh->q) > OPENSSL_DH_MAX_MODULUS_BITS) {
+ DHerr(DH_F_COMPUTE_KEY, DH_R_Q_TOO_LARGE);
+ goto err;
+ }
+
+ ctx = BN_CTX_new();
+ if (ctx == NULL)
+ goto err;
+ BN_CTX_start(ctx);
+ tmp = BN_CTX_get(ctx);
+ if (tmp == NULL)
+ goto err;
+
+ if (dh->priv_key == NULL) {
+ DHerr(DH_F_COMPUTE_KEY, DH_R_NO_PRIVATE_VALUE);
+ goto err;
+ }
+
+ if (dh->flags & DH_FLAG_CACHE_MONT_P) {
+ mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
+ dh->lock, dh->p, ctx);
+ BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME);
+ if (!mont)
+ goto err;
+ }
+
+ if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result) {
+ DHerr(DH_F_COMPUTE_KEY, DH_R_INVALID_PUBKEY);
+ goto err;
+ }
+
+ if (!dh->
+ meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key, dh->p, ctx, mont)) {
+ DHerr(DH_F_COMPUTE_KEY, ERR_R_BN_LIB);
+ goto err;
+ }
+
+ ret = BN_bn2binpad(tmp, key, BN_num_bytes(dh->p));
+ err:
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ return ret;
+}
+
+static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
+ const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+ return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
+}
+
+static int dh_init(DH *dh)
+{
+ dh->flags |= DH_FLAG_CACHE_MONT_P;
+ return 1;
+}
+
+static int dh_finish(DH *dh)
+{
+ BN_MONT_CTX_free(dh->method_mont_p);
+ return 1;
+}
Index: sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/crypto/err/openssl.txt
===================================================================
--- sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/crypto/err/openssl.txt (nonexistent)
+++ sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/crypto/err/openssl.txt (revision 420)
@@ -0,0 +1,3067 @@
+# Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# Function codes
+ASN1_F_A2D_ASN1_OBJECT:100:a2d_ASN1_OBJECT
+ASN1_F_A2I_ASN1_INTEGER:102:a2i_ASN1_INTEGER
+ASN1_F_A2I_ASN1_STRING:103:a2i_ASN1_STRING
+ASN1_F_APPEND_EXP:176:append_exp
+ASN1_F_ASN1_BIO_INIT:113:asn1_bio_init
+ASN1_F_ASN1_BIT_STRING_SET_BIT:183:ASN1_BIT_STRING_set_bit
+ASN1_F_ASN1_CB:177:asn1_cb
+ASN1_F_ASN1_CHECK_TLEN:104:asn1_check_tlen
+ASN1_F_ASN1_COLLECT:106:asn1_collect
+ASN1_F_ASN1_D2I_EX_PRIMITIVE:108:asn1_d2i_ex_primitive
+ASN1_F_ASN1_D2I_FP:109:ASN1_d2i_fp
+ASN1_F_ASN1_D2I_READ_BIO:107:asn1_d2i_read_bio
+ASN1_F_ASN1_DIGEST:184:ASN1_digest
+ASN1_F_ASN1_DO_ADB:110:asn1_do_adb
+ASN1_F_ASN1_DO_LOCK:233:asn1_do_lock
+ASN1_F_ASN1_DUP:111:ASN1_dup
+ASN1_F_ASN1_ENC_SAVE:115:asn1_enc_save
+ASN1_F_ASN1_EX_C2I:204:asn1_ex_c2i
+ASN1_F_ASN1_FIND_END:190:asn1_find_end
+ASN1_F_ASN1_GENERALIZEDTIME_ADJ:216:ASN1_GENERALIZEDTIME_adj
+ASN1_F_ASN1_GENERATE_V3:178:ASN1_generate_v3
+ASN1_F_ASN1_GET_INT64:224:asn1_get_int64
+ASN1_F_ASN1_GET_OBJECT:114:ASN1_get_object
+ASN1_F_ASN1_GET_UINT64:225:asn1_get_uint64
+ASN1_F_ASN1_I2D_BIO:116:ASN1_i2d_bio
+ASN1_F_ASN1_I2D_FP:117:ASN1_i2d_fp
+ASN1_F_ASN1_ITEM_D2I_FP:206:ASN1_item_d2i_fp
+ASN1_F_ASN1_ITEM_DUP:191:ASN1_item_dup
+ASN1_F_ASN1_ITEM_EMBED_D2I:120:asn1_item_embed_d2i
+ASN1_F_ASN1_ITEM_EMBED_NEW:121:asn1_item_embed_new
+ASN1_F_ASN1_ITEM_EX_I2D:144:ASN1_item_ex_i2d
+ASN1_F_ASN1_ITEM_FLAGS_I2D:118:asn1_item_flags_i2d
+ASN1_F_ASN1_ITEM_I2D_BIO:192:ASN1_item_i2d_bio
+ASN1_F_ASN1_ITEM_I2D_FP:193:ASN1_item_i2d_fp
+ASN1_F_ASN1_ITEM_PACK:198:ASN1_item_pack
+ASN1_F_ASN1_ITEM_SIGN:195:ASN1_item_sign
+ASN1_F_ASN1_ITEM_SIGN_CTX:220:ASN1_item_sign_ctx
+ASN1_F_ASN1_ITEM_UNPACK:199:ASN1_item_unpack
+ASN1_F_ASN1_ITEM_VERIFY:197:ASN1_item_verify
+ASN1_F_ASN1_MBSTRING_NCOPY:122:ASN1_mbstring_ncopy
+ASN1_F_ASN1_OBJECT_NEW:123:ASN1_OBJECT_new
+ASN1_F_ASN1_OUTPUT_DATA:214:asn1_output_data
+ASN1_F_ASN1_PCTX_NEW:205:ASN1_PCTX_new
+ASN1_F_ASN1_PRIMITIVE_NEW:119:asn1_primitive_new
+ASN1_F_ASN1_SCTX_NEW:221:ASN1_SCTX_new
+ASN1_F_ASN1_SIGN:128:ASN1_sign
+ASN1_F_ASN1_STR2TYPE:179:asn1_str2type
+ASN1_F_ASN1_STRING_GET_INT64:227:asn1_string_get_int64
+ASN1_F_ASN1_STRING_GET_UINT64:230:asn1_string_get_uint64
+ASN1_F_ASN1_STRING_SET:186:ASN1_STRING_set
+ASN1_F_ASN1_STRING_TABLE_ADD:129:ASN1_STRING_TABLE_add
+ASN1_F_ASN1_STRING_TO_BN:228:asn1_string_to_bn
+ASN1_F_ASN1_STRING_TYPE_NEW:130:ASN1_STRING_type_new
+ASN1_F_ASN1_TEMPLATE_EX_D2I:132:asn1_template_ex_d2i
+ASN1_F_ASN1_TEMPLATE_NEW:133:asn1_template_new
+ASN1_F_ASN1_TEMPLATE_NOEXP_D2I:131:asn1_template_noexp_d2i
+ASN1_F_ASN1_TIME_ADJ:217:ASN1_TIME_adj
+ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING:134:ASN1_TYPE_get_int_octetstring
+ASN1_F_ASN1_TYPE_GET_OCTETSTRING:135:ASN1_TYPE_get_octetstring
+ASN1_F_ASN1_UTCTIME_ADJ:218:ASN1_UTCTIME_adj
+ASN1_F_ASN1_VERIFY:137:ASN1_verify
+ASN1_F_B64_READ_ASN1:209:b64_read_asn1
+ASN1_F_B64_WRITE_ASN1:210:B64_write_ASN1
+ASN1_F_BIO_NEW_NDEF:208:BIO_new_NDEF
+ASN1_F_BITSTR_CB:180:bitstr_cb
+ASN1_F_BN_TO_ASN1_STRING:229:bn_to_asn1_string
+ASN1_F_C2I_ASN1_BIT_STRING:189:c2i_ASN1_BIT_STRING
+ASN1_F_C2I_ASN1_INTEGER:194:c2i_ASN1_INTEGER
+ASN1_F_C2I_ASN1_OBJECT:196:c2i_ASN1_OBJECT
+ASN1_F_C2I_IBUF:226:c2i_ibuf
+ASN1_F_C2I_UINT64_INT:101:c2i_uint64_int
+ASN1_F_COLLECT_DATA:140:collect_data
+ASN1_F_D2I_ASN1_OBJECT:147:d2i_ASN1_OBJECT
+ASN1_F_D2I_ASN1_UINTEGER:150:d2i_ASN1_UINTEGER
+ASN1_F_D2I_AUTOPRIVATEKEY:207:d2i_AutoPrivateKey
+ASN1_F_D2I_PRIVATEKEY:154:d2i_PrivateKey
+ASN1_F_D2I_PUBLICKEY:155:d2i_PublicKey
+ASN1_F_DO_BUF:142:do_buf
+ASN1_F_DO_CREATE:124:do_create
+ASN1_F_DO_DUMP:125:do_dump
+ASN1_F_DO_TCREATE:222:do_tcreate
+ASN1_F_I2A_ASN1_OBJECT:126:i2a_ASN1_OBJECT
+ASN1_F_I2D_ASN1_BIO_STREAM:211:i2d_ASN1_bio_stream
+ASN1_F_I2D_ASN1_OBJECT:143:i2d_ASN1_OBJECT
+ASN1_F_I2D_DSA_PUBKEY:161:i2d_DSA_PUBKEY
+ASN1_F_I2D_EC_PUBKEY:181:i2d_EC_PUBKEY
+ASN1_F_I2D_PRIVATEKEY:163:i2d_PrivateKey
+ASN1_F_I2D_PUBLICKEY:164:i2d_PublicKey
+ASN1_F_I2D_RSA_PUBKEY:165:i2d_RSA_PUBKEY
+ASN1_F_LONG_C2I:166:long_c2i
+ASN1_F_NDEF_PREFIX:127:ndef_prefix
+ASN1_F_NDEF_SUFFIX:136:ndef_suffix
+ASN1_F_OID_MODULE_INIT:174:oid_module_init
+ASN1_F_PARSE_TAGGING:182:parse_tagging
+ASN1_F_PKCS5_PBE2_SET_IV:167:PKCS5_pbe2_set_iv
+ASN1_F_PKCS5_PBE2_SET_SCRYPT:231:PKCS5_pbe2_set_scrypt
+ASN1_F_PKCS5_PBE_SET:202:PKCS5_pbe_set
+ASN1_F_PKCS5_PBE_SET0_ALGOR:215:PKCS5_pbe_set0_algor
+ASN1_F_PKCS5_PBKDF2_SET:219:PKCS5_pbkdf2_set
+ASN1_F_PKCS5_SCRYPT_SET:232:pkcs5_scrypt_set
+ASN1_F_SMIME_READ_ASN1:212:SMIME_read_ASN1
+ASN1_F_SMIME_TEXT:213:SMIME_text
+ASN1_F_STABLE_GET:138:stable_get
+ASN1_F_STBL_MODULE_INIT:223:stbl_module_init
+ASN1_F_UINT32_C2I:105:uint32_c2i
+ASN1_F_UINT32_NEW:139:uint32_new
+ASN1_F_UINT64_C2I:112:uint64_c2i
+ASN1_F_UINT64_NEW:141:uint64_new
+ASN1_F_X509_CRL_ADD0_REVOKED:169:X509_CRL_add0_revoked
+ASN1_F_X509_INFO_NEW:170:X509_INFO_new
+ASN1_F_X509_NAME_ENCODE:203:x509_name_encode
+ASN1_F_X509_NAME_EX_D2I:158:x509_name_ex_d2i
+ASN1_F_X509_NAME_EX_NEW:171:x509_name_ex_new
+ASN1_F_X509_PKEY_NEW:173:X509_PKEY_new
+ASYNC_F_ASYNC_CTX_NEW:100:async_ctx_new
+ASYNC_F_ASYNC_INIT_THREAD:101:ASYNC_init_thread
+ASYNC_F_ASYNC_JOB_NEW:102:async_job_new
+ASYNC_F_ASYNC_PAUSE_JOB:103:ASYNC_pause_job
+ASYNC_F_ASYNC_START_FUNC:104:async_start_func
+ASYNC_F_ASYNC_START_JOB:105:ASYNC_start_job
+ASYNC_F_ASYNC_WAIT_CTX_SET_WAIT_FD:106:ASYNC_WAIT_CTX_set_wait_fd
+BIO_F_ACPT_STATE:100:acpt_state
+BIO_F_ADDRINFO_WRAP:148:addrinfo_wrap
+BIO_F_ADDR_STRINGS:134:addr_strings
+BIO_F_BIO_ACCEPT:101:BIO_accept
+BIO_F_BIO_ACCEPT_EX:137:BIO_accept_ex
+BIO_F_BIO_ACCEPT_NEW:152:BIO_ACCEPT_new
+BIO_F_BIO_ADDR_NEW:144:BIO_ADDR_new
+BIO_F_BIO_BIND:147:BIO_bind
+BIO_F_BIO_CALLBACK_CTRL:131:BIO_callback_ctrl
+BIO_F_BIO_CONNECT:138:BIO_connect
+BIO_F_BIO_CONNECT_NEW:153:BIO_CONNECT_new
+BIO_F_BIO_CTRL:103:BIO_ctrl
+BIO_F_BIO_GETS:104:BIO_gets
+BIO_F_BIO_GET_HOST_IP:106:BIO_get_host_ip
+BIO_F_BIO_GET_NEW_INDEX:102:BIO_get_new_index
+BIO_F_BIO_GET_PORT:107:BIO_get_port
+BIO_F_BIO_LISTEN:139:BIO_listen
+BIO_F_BIO_LOOKUP:135:BIO_lookup
+BIO_F_BIO_LOOKUP_EX:143:BIO_lookup_ex
+BIO_F_BIO_MAKE_PAIR:121:bio_make_pair
+BIO_F_BIO_METH_NEW:146:BIO_meth_new
+BIO_F_BIO_NEW:108:BIO_new
+BIO_F_BIO_NEW_DGRAM_SCTP:145:BIO_new_dgram_sctp
+BIO_F_BIO_NEW_FILE:109:BIO_new_file
+BIO_F_BIO_NEW_MEM_BUF:126:BIO_new_mem_buf
+BIO_F_BIO_NREAD:123:BIO_nread
+BIO_F_BIO_NREAD0:124:BIO_nread0
+BIO_F_BIO_NWRITE:125:BIO_nwrite
+BIO_F_BIO_NWRITE0:122:BIO_nwrite0
+BIO_F_BIO_PARSE_HOSTSERV:136:BIO_parse_hostserv
+BIO_F_BIO_PUTS:110:BIO_puts
+BIO_F_BIO_READ:111:BIO_read
+BIO_F_BIO_READ_EX:105:BIO_read_ex
+BIO_F_BIO_READ_INTERN:120:bio_read_intern
+BIO_F_BIO_SOCKET:140:BIO_socket
+BIO_F_BIO_SOCKET_NBIO:142:BIO_socket_nbio
+BIO_F_BIO_SOCK_INFO:141:BIO_sock_info
+BIO_F_BIO_SOCK_INIT:112:BIO_sock_init
+BIO_F_BIO_WRITE:113:BIO_write
+BIO_F_BIO_WRITE_EX:119:BIO_write_ex
+BIO_F_BIO_WRITE_INTERN:128:bio_write_intern
+BIO_F_BUFFER_CTRL:114:buffer_ctrl
+BIO_F_CONN_CTRL:127:conn_ctrl
+BIO_F_CONN_STATE:115:conn_state
+BIO_F_DGRAM_SCTP_NEW:149:dgram_sctp_new
+BIO_F_DGRAM_SCTP_READ:132:dgram_sctp_read
+BIO_F_DGRAM_SCTP_WRITE:133:dgram_sctp_write
+BIO_F_DOAPR_OUTCH:150:doapr_outch
+BIO_F_FILE_CTRL:116:file_ctrl
+BIO_F_FILE_READ:130:file_read
+BIO_F_LINEBUFFER_CTRL:129:linebuffer_ctrl
+BIO_F_LINEBUFFER_NEW:151:linebuffer_new
+BIO_F_MEM_WRITE:117:mem_write
+BIO_F_NBIOF_NEW:154:nbiof_new
+BIO_F_SLG_WRITE:155:slg_write
+BIO_F_SSL_NEW:118:SSL_new
+BN_F_BNRAND:127:bnrand
+BN_F_BNRAND_RANGE:138:bnrand_range
+BN_F_BN_BLINDING_CONVERT_EX:100:BN_BLINDING_convert_ex
+BN_F_BN_BLINDING_CREATE_PARAM:128:BN_BLINDING_create_param
+BN_F_BN_BLINDING_INVERT_EX:101:BN_BLINDING_invert_ex
+BN_F_BN_BLINDING_NEW:102:BN_BLINDING_new
+BN_F_BN_BLINDING_UPDATE:103:BN_BLINDING_update
+BN_F_BN_BN2DEC:104:BN_bn2dec
+BN_F_BN_BN2HEX:105:BN_bn2hex
+BN_F_BN_COMPUTE_WNAF:142:bn_compute_wNAF
+BN_F_BN_CTX_GET:116:BN_CTX_get
+BN_F_BN_CTX_NEW:106:BN_CTX_new
+BN_F_BN_CTX_START:129:BN_CTX_start
+BN_F_BN_DIV:107:BN_div
+BN_F_BN_DIV_RECP:130:BN_div_recp
+BN_F_BN_EXP:123:BN_exp
+BN_F_BN_EXPAND_INTERNAL:120:bn_expand_internal
+BN_F_BN_GENCB_NEW:143:BN_GENCB_new
+BN_F_BN_GENERATE_DSA_NONCE:140:BN_generate_dsa_nonce
+BN_F_BN_GENERATE_PRIME_EX:141:BN_generate_prime_ex
+BN_F_BN_GF2M_MOD:131:BN_GF2m_mod
+BN_F_BN_GF2M_MOD_EXP:132:BN_GF2m_mod_exp
+BN_F_BN_GF2M_MOD_MUL:133:BN_GF2m_mod_mul
+BN_F_BN_GF2M_MOD_SOLVE_QUAD:134:BN_GF2m_mod_solve_quad
+BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR:135:BN_GF2m_mod_solve_quad_arr
+BN_F_BN_GF2M_MOD_SQR:136:BN_GF2m_mod_sqr
+BN_F_BN_GF2M_MOD_SQRT:137:BN_GF2m_mod_sqrt
+BN_F_BN_LSHIFT:145:BN_lshift
+BN_F_BN_MOD_EXP2_MONT:118:BN_mod_exp2_mont
+BN_F_BN_MOD_EXP_MONT:109:BN_mod_exp_mont
+BN_F_BN_MOD_EXP_MONT_CONSTTIME:124:BN_mod_exp_mont_consttime
+BN_F_BN_MOD_EXP_MONT_WORD:117:BN_mod_exp_mont_word
+BN_F_BN_MOD_EXP_RECP:125:BN_mod_exp_recp
+BN_F_BN_MOD_EXP_SIMPLE:126:BN_mod_exp_simple
+BN_F_BN_MOD_INVERSE:110:BN_mod_inverse
+BN_F_BN_MOD_INVERSE_NO_BRANCH:139:BN_mod_inverse_no_branch
+BN_F_BN_MOD_LSHIFT_QUICK:119:BN_mod_lshift_quick
+BN_F_BN_MOD_SQRT:121:BN_mod_sqrt
+BN_F_BN_MONT_CTX_NEW:149:BN_MONT_CTX_new
+BN_F_BN_MPI2BN:112:BN_mpi2bn
+BN_F_BN_NEW:113:BN_new
+BN_F_BN_POOL_GET:147:BN_POOL_get
+BN_F_BN_RAND:114:BN_rand
+BN_F_BN_RAND_RANGE:122:BN_rand_range
+BN_F_BN_RECP_CTX_NEW:150:BN_RECP_CTX_new
+BN_F_BN_RSHIFT:146:BN_rshift
+BN_F_BN_SET_WORDS:144:bn_set_words
+BN_F_BN_STACK_PUSH:148:BN_STACK_push
+BN_F_BN_USUB:115:BN_usub
+BUF_F_BUF_MEM_GROW:100:BUF_MEM_grow
+BUF_F_BUF_MEM_GROW_CLEAN:105:BUF_MEM_grow_clean
+BUF_F_BUF_MEM_NEW:101:BUF_MEM_new
+CMS_F_CHECK_CONTENT:99:check_content
+CMS_F_CMS_ADD0_CERT:164:CMS_add0_cert
+CMS_F_CMS_ADD0_RECIPIENT_KEY:100:CMS_add0_recipient_key
+CMS_F_CMS_ADD0_RECIPIENT_PASSWORD:165:CMS_add0_recipient_password
+CMS_F_CMS_ADD1_RECEIPTREQUEST:158:CMS_add1_ReceiptRequest
+CMS_F_CMS_ADD1_RECIPIENT_CERT:101:CMS_add1_recipient_cert
+CMS_F_CMS_ADD1_SIGNER:102:CMS_add1_signer
+CMS_F_CMS_ADD1_SIGNINGTIME:103:cms_add1_signingTime
+CMS_F_CMS_COMPRESS:104:CMS_compress
+CMS_F_CMS_COMPRESSEDDATA_CREATE:105:cms_CompressedData_create
+CMS_F_CMS_COMPRESSEDDATA_INIT_BIO:106:cms_CompressedData_init_bio
+CMS_F_CMS_COPY_CONTENT:107:cms_copy_content
+CMS_F_CMS_COPY_MESSAGEDIGEST:108:cms_copy_messageDigest
+CMS_F_CMS_DATA:109:CMS_data
+CMS_F_CMS_DATAFINAL:110:CMS_dataFinal
+CMS_F_CMS_DATAINIT:111:CMS_dataInit
+CMS_F_CMS_DECRYPT:112:CMS_decrypt
+CMS_F_CMS_DECRYPT_SET1_KEY:113:CMS_decrypt_set1_key
+CMS_F_CMS_DECRYPT_SET1_PASSWORD:166:CMS_decrypt_set1_password
+CMS_F_CMS_DECRYPT_SET1_PKEY:114:CMS_decrypt_set1_pkey
+CMS_F_CMS_DIGESTALGORITHM_FIND_CTX:115:cms_DigestAlgorithm_find_ctx
+CMS_F_CMS_DIGESTALGORITHM_INIT_BIO:116:cms_DigestAlgorithm_init_bio
+CMS_F_CMS_DIGESTEDDATA_DO_FINAL:117:cms_DigestedData_do_final
+CMS_F_CMS_DIGEST_VERIFY:118:CMS_digest_verify
+CMS_F_CMS_ENCODE_RECEIPT:161:cms_encode_Receipt
+CMS_F_CMS_ENCRYPT:119:CMS_encrypt
+CMS_F_CMS_ENCRYPTEDCONTENT_INIT:179:cms_EncryptedContent_init
+CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO:120:cms_EncryptedContent_init_bio
+CMS_F_CMS_ENCRYPTEDDATA_DECRYPT:121:CMS_EncryptedData_decrypt
+CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT:122:CMS_EncryptedData_encrypt
+CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY:123:CMS_EncryptedData_set1_key
+CMS_F_CMS_ENVELOPEDDATA_CREATE:124:CMS_EnvelopedData_create
+CMS_F_CMS_ENVELOPEDDATA_INIT_BIO:125:cms_EnvelopedData_init_bio
+CMS_F_CMS_ENVELOPED_DATA_INIT:126:cms_enveloped_data_init
+CMS_F_CMS_ENV_ASN1_CTRL:171:cms_env_asn1_ctrl
+CMS_F_CMS_FINAL:127:CMS_final
+CMS_F_CMS_GET0_CERTIFICATE_CHOICES:128:cms_get0_certificate_choices
+CMS_F_CMS_GET0_CONTENT:129:CMS_get0_content
+CMS_F_CMS_GET0_ECONTENT_TYPE:130:cms_get0_econtent_type
+CMS_F_CMS_GET0_ENVELOPED:131:cms_get0_enveloped
+CMS_F_CMS_GET0_REVOCATION_CHOICES:132:cms_get0_revocation_choices
+CMS_F_CMS_GET0_SIGNED:133:cms_get0_signed
+CMS_F_CMS_MSGSIGDIGEST_ADD1:162:cms_msgSigDigest_add1
+CMS_F_CMS_RECEIPTREQUEST_CREATE0:159:CMS_ReceiptRequest_create0
+CMS_F_CMS_RECEIPT_VERIFY:160:cms_Receipt_verify
+CMS_F_CMS_RECIPIENTINFO_DECRYPT:134:CMS_RecipientInfo_decrypt
+CMS_F_CMS_RECIPIENTINFO_ENCRYPT:169:CMS_RecipientInfo_encrypt
+CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT:178:cms_RecipientInfo_kari_encrypt
+CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG:175:CMS_RecipientInfo_kari_get0_alg
+CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID:173:\
+ CMS_RecipientInfo_kari_get0_orig_id
+CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS:172:CMS_RecipientInfo_kari_get0_reks
+CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP:174:CMS_RecipientInfo_kari_orig_id_cmp
+CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT:135:cms_RecipientInfo_kekri_decrypt
+CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT:136:cms_RecipientInfo_kekri_encrypt
+CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID:137:CMS_RecipientInfo_kekri_get0_id
+CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP:138:CMS_RecipientInfo_kekri_id_cmp
+CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP:139:CMS_RecipientInfo_ktri_cert_cmp
+CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT:140:cms_RecipientInfo_ktri_decrypt
+CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT:141:cms_RecipientInfo_ktri_encrypt
+CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS:142:CMS_RecipientInfo_ktri_get0_algs
+CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID:143:\
+ CMS_RecipientInfo_ktri_get0_signer_id
+CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT:167:cms_RecipientInfo_pwri_crypt
+CMS_F_CMS_RECIPIENTINFO_SET0_KEY:144:CMS_RecipientInfo_set0_key
+CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD:168:CMS_RecipientInfo_set0_password
+CMS_F_CMS_RECIPIENTINFO_SET0_PKEY:145:CMS_RecipientInfo_set0_pkey
+CMS_F_CMS_SD_ASN1_CTRL:170:cms_sd_asn1_ctrl
+CMS_F_CMS_SET1_IAS:176:cms_set1_ias
+CMS_F_CMS_SET1_KEYID:177:cms_set1_keyid
+CMS_F_CMS_SET1_SIGNERIDENTIFIER:146:cms_set1_SignerIdentifier
+CMS_F_CMS_SET_DETACHED:147:CMS_set_detached
+CMS_F_CMS_SIGN:148:CMS_sign
+CMS_F_CMS_SIGNED_DATA_INIT:149:cms_signed_data_init
+CMS_F_CMS_SIGNERINFO_CONTENT_SIGN:150:cms_SignerInfo_content_sign
+CMS_F_CMS_SIGNERINFO_SIGN:151:CMS_SignerInfo_sign
+CMS_F_CMS_SIGNERINFO_VERIFY:152:CMS_SignerInfo_verify
+CMS_F_CMS_SIGNERINFO_VERIFY_CERT:153:cms_signerinfo_verify_cert
+CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT:154:CMS_SignerInfo_verify_content
+CMS_F_CMS_SIGN_RECEIPT:163:CMS_sign_receipt
+CMS_F_CMS_SI_CHECK_ATTRIBUTES:183:CMS_si_check_attributes
+CMS_F_CMS_STREAM:155:CMS_stream
+CMS_F_CMS_UNCOMPRESS:156:CMS_uncompress
+CMS_F_CMS_VERIFY:157:CMS_verify
+CMS_F_KEK_UNWRAP_KEY:180:kek_unwrap_key
+COMP_F_BIO_ZLIB_FLUSH:99:bio_zlib_flush
+COMP_F_BIO_ZLIB_NEW:100:bio_zlib_new
+COMP_F_BIO_ZLIB_READ:101:bio_zlib_read
+COMP_F_BIO_ZLIB_WRITE:102:bio_zlib_write
+COMP_F_COMP_CTX_NEW:103:COMP_CTX_new
+CONF_F_CONF_DUMP_FP:104:CONF_dump_fp
+CONF_F_CONF_LOAD:100:CONF_load
+CONF_F_CONF_LOAD_FP:103:CONF_load_fp
+CONF_F_CONF_PARSE_LIST:119:CONF_parse_list
+CONF_F_DEF_LOAD:120:def_load
+CONF_F_DEF_LOAD_BIO:121:def_load_bio
+CONF_F_GET_NEXT_FILE:107:get_next_file
+CONF_F_MODULE_ADD:122:module_add
+CONF_F_MODULE_INIT:115:module_init
+CONF_F_MODULE_LOAD_DSO:117:module_load_dso
+CONF_F_MODULE_RUN:118:module_run
+CONF_F_NCONF_DUMP_BIO:105:NCONF_dump_bio
+CONF_F_NCONF_DUMP_FP:106:NCONF_dump_fp
+CONF_F_NCONF_GET_NUMBER_E:112:NCONF_get_number_e
+CONF_F_NCONF_GET_SECTION:108:NCONF_get_section
+CONF_F_NCONF_GET_STRING:109:NCONF_get_string
+CONF_F_NCONF_LOAD:113:NCONF_load
+CONF_F_NCONF_LOAD_BIO:110:NCONF_load_bio
+CONF_F_NCONF_LOAD_FP:114:NCONF_load_fp
+CONF_F_NCONF_NEW:111:NCONF_new
+CONF_F_PROCESS_INCLUDE:116:process_include
+CONF_F_SSL_MODULE_INIT:123:ssl_module_init
+CONF_F_STR_COPY:101:str_copy
+CRYPTO_F_CMAC_CTX_NEW:120:CMAC_CTX_new
+CRYPTO_F_CRYPTO_DUP_EX_DATA:110:CRYPTO_dup_ex_data
+CRYPTO_F_CRYPTO_FREE_EX_DATA:111:CRYPTO_free_ex_data
+CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX:100:CRYPTO_get_ex_new_index
+CRYPTO_F_CRYPTO_MEMDUP:115:CRYPTO_memdup
+CRYPTO_F_CRYPTO_NEW_EX_DATA:112:CRYPTO_new_ex_data
+CRYPTO_F_CRYPTO_OCB128_COPY_CTX:121:CRYPTO_ocb128_copy_ctx
+CRYPTO_F_CRYPTO_OCB128_INIT:122:CRYPTO_ocb128_init
+CRYPTO_F_CRYPTO_SET_EX_DATA:102:CRYPTO_set_ex_data
+CRYPTO_F_FIPS_MODE_SET:109:FIPS_mode_set
+CRYPTO_F_GET_AND_LOCK:113:get_and_lock
+CRYPTO_F_OPENSSL_ATEXIT:114:OPENSSL_atexit
+CRYPTO_F_OPENSSL_BUF2HEXSTR:117:OPENSSL_buf2hexstr
+CRYPTO_F_OPENSSL_FOPEN:119:openssl_fopen
+CRYPTO_F_OPENSSL_HEXSTR2BUF:118:OPENSSL_hexstr2buf
+CRYPTO_F_OPENSSL_INIT_CRYPTO:116:OPENSSL_init_crypto
+CRYPTO_F_OPENSSL_LH_NEW:126:OPENSSL_LH_new
+CRYPTO_F_OPENSSL_SK_DEEP_COPY:127:OPENSSL_sk_deep_copy
+CRYPTO_F_OPENSSL_SK_DUP:128:OPENSSL_sk_dup
+CRYPTO_F_PKEY_HMAC_INIT:123:pkey_hmac_init
+CRYPTO_F_PKEY_POLY1305_INIT:124:pkey_poly1305_init
+CRYPTO_F_PKEY_SIPHASH_INIT:125:pkey_siphash_init
+CRYPTO_F_SK_RESERVE:129:sk_reserve
+CT_F_CTLOG_NEW:117:CTLOG_new
+CT_F_CTLOG_NEW_FROM_BASE64:118:CTLOG_new_from_base64
+CT_F_CTLOG_NEW_FROM_CONF:119:ctlog_new_from_conf
+CT_F_CTLOG_STORE_LOAD_CTX_NEW:122:ctlog_store_load_ctx_new
+CT_F_CTLOG_STORE_LOAD_FILE:123:CTLOG_STORE_load_file
+CT_F_CTLOG_STORE_LOAD_LOG:130:ctlog_store_load_log
+CT_F_CTLOG_STORE_NEW:131:CTLOG_STORE_new
+CT_F_CT_BASE64_DECODE:124:ct_base64_decode
+CT_F_CT_POLICY_EVAL_CTX_NEW:133:CT_POLICY_EVAL_CTX_new
+CT_F_CT_V1_LOG_ID_FROM_PKEY:125:ct_v1_log_id_from_pkey
+CT_F_I2O_SCT:107:i2o_SCT
+CT_F_I2O_SCT_LIST:108:i2o_SCT_LIST
+CT_F_I2O_SCT_SIGNATURE:109:i2o_SCT_signature
+CT_F_O2I_SCT:110:o2i_SCT
+CT_F_O2I_SCT_LIST:111:o2i_SCT_LIST
+CT_F_O2I_SCT_SIGNATURE:112:o2i_SCT_signature
+CT_F_SCT_CTX_NEW:126:SCT_CTX_new
+CT_F_SCT_CTX_VERIFY:128:SCT_CTX_verify
+CT_F_SCT_NEW:100:SCT_new
+CT_F_SCT_NEW_FROM_BASE64:127:SCT_new_from_base64
+CT_F_SCT_SET0_LOG_ID:101:SCT_set0_log_id
+CT_F_SCT_SET1_EXTENSIONS:114:SCT_set1_extensions
+CT_F_SCT_SET1_LOG_ID:115:SCT_set1_log_id
+CT_F_SCT_SET1_SIGNATURE:116:SCT_set1_signature
+CT_F_SCT_SET_LOG_ENTRY_TYPE:102:SCT_set_log_entry_type
+CT_F_SCT_SET_SIGNATURE_NID:103:SCT_set_signature_nid
+CT_F_SCT_SET_VERSION:104:SCT_set_version
+DH_F_COMPUTE_KEY:102:compute_key
+DH_F_DHPARAMS_PRINT_FP:101:DHparams_print_fp
+DH_F_DH_BUILTIN_GENPARAMS:106:dh_builtin_genparams
+DH_F_DH_CHECK:126:DH_check
+DH_F_DH_CHECK_EX:121:DH_check_ex
+DH_F_DH_CHECK_PARAMS_EX:122:DH_check_params_ex
+DH_F_DH_CHECK_PUB_KEY_EX:123:DH_check_pub_key_ex
+DH_F_DH_CMS_DECRYPT:114:dh_cms_decrypt
+DH_F_DH_CMS_SET_PEERKEY:115:dh_cms_set_peerkey
+DH_F_DH_CMS_SET_SHARED_INFO:116:dh_cms_set_shared_info
+DH_F_DH_METH_DUP:117:DH_meth_dup
+DH_F_DH_METH_NEW:118:DH_meth_new
+DH_F_DH_METH_SET1_NAME:119:DH_meth_set1_name
+DH_F_DH_NEW_BY_NID:104:DH_new_by_nid
+DH_F_DH_NEW_METHOD:105:DH_new_method
+DH_F_DH_PARAM_DECODE:107:dh_param_decode
+DH_F_DH_PKEY_PUBLIC_CHECK:124:dh_pkey_public_check
+DH_F_DH_PRIV_DECODE:110:dh_priv_decode
+DH_F_DH_PRIV_ENCODE:111:dh_priv_encode
+DH_F_DH_PUB_DECODE:108:dh_pub_decode
+DH_F_DH_PUB_ENCODE:109:dh_pub_encode
+DH_F_DO_DH_PRINT:100:do_dh_print
+DH_F_GENERATE_KEY:103:generate_key
+DH_F_PKEY_DH_CTRL_STR:120:pkey_dh_ctrl_str
+DH_F_PKEY_DH_DERIVE:112:pkey_dh_derive
+DH_F_PKEY_DH_INIT:125:pkey_dh_init
+DH_F_PKEY_DH_KEYGEN:113:pkey_dh_keygen
+DSA_F_DSAPARAMS_PRINT:100:DSAparams_print
+DSA_F_DSAPARAMS_PRINT_FP:101:DSAparams_print_fp
+DSA_F_DSA_BUILTIN_PARAMGEN:125:dsa_builtin_paramgen
+DSA_F_DSA_BUILTIN_PARAMGEN2:126:dsa_builtin_paramgen2
+DSA_F_DSA_DO_SIGN:112:DSA_do_sign
+DSA_F_DSA_DO_VERIFY:113:DSA_do_verify
+DSA_F_DSA_METH_DUP:127:DSA_meth_dup
+DSA_F_DSA_METH_NEW:128:DSA_meth_new
+DSA_F_DSA_METH_SET1_NAME:129:DSA_meth_set1_name
+DSA_F_DSA_NEW_METHOD:103:DSA_new_method
+DSA_F_DSA_PARAM_DECODE:119:dsa_param_decode
+DSA_F_DSA_PRINT_FP:105:DSA_print_fp
+DSA_F_DSA_PRIV_DECODE:115:dsa_priv_decode
+DSA_F_DSA_PRIV_ENCODE:116:dsa_priv_encode
+DSA_F_DSA_PUB_DECODE:117:dsa_pub_decode
+DSA_F_DSA_PUB_ENCODE:118:dsa_pub_encode
+DSA_F_DSA_SIGN:106:DSA_sign
+DSA_F_DSA_SIGN_SETUP:107:DSA_sign_setup
+DSA_F_DSA_SIG_NEW:102:DSA_SIG_new
+DSA_F_OLD_DSA_PRIV_DECODE:122:old_dsa_priv_decode
+DSA_F_PKEY_DSA_CTRL:120:pkey_dsa_ctrl
+DSA_F_PKEY_DSA_CTRL_STR:104:pkey_dsa_ctrl_str
+DSA_F_PKEY_DSA_KEYGEN:121:pkey_dsa_keygen
+DSO_F_DLFCN_BIND_FUNC:100:dlfcn_bind_func
+DSO_F_DLFCN_LOAD:102:dlfcn_load
+DSO_F_DLFCN_MERGER:130:dlfcn_merger
+DSO_F_DLFCN_NAME_CONVERTER:123:dlfcn_name_converter
+DSO_F_DLFCN_UNLOAD:103:dlfcn_unload
+DSO_F_DL_BIND_FUNC:104:dl_bind_func
+DSO_F_DL_LOAD:106:dl_load
+DSO_F_DL_MERGER:131:dl_merger
+DSO_F_DL_NAME_CONVERTER:124:dl_name_converter
+DSO_F_DL_UNLOAD:107:dl_unload
+DSO_F_DSO_BIND_FUNC:108:DSO_bind_func
+DSO_F_DSO_CONVERT_FILENAME:126:DSO_convert_filename
+DSO_F_DSO_CTRL:110:DSO_ctrl
+DSO_F_DSO_FREE:111:DSO_free
+DSO_F_DSO_GET_FILENAME:127:DSO_get_filename
+DSO_F_DSO_GLOBAL_LOOKUP:139:DSO_global_lookup
+DSO_F_DSO_LOAD:112:DSO_load
+DSO_F_DSO_MERGE:132:DSO_merge
+DSO_F_DSO_NEW_METHOD:113:DSO_new_method
+DSO_F_DSO_PATHBYADDR:105:DSO_pathbyaddr
+DSO_F_DSO_SET_FILENAME:129:DSO_set_filename
+DSO_F_DSO_UP_REF:114:DSO_up_ref
+DSO_F_VMS_BIND_SYM:115:vms_bind_sym
+DSO_F_VMS_LOAD:116:vms_load
+DSO_F_VMS_MERGER:133:vms_merger
+DSO_F_VMS_UNLOAD:117:vms_unload
+DSO_F_WIN32_BIND_FUNC:101:win32_bind_func
+DSO_F_WIN32_GLOBALLOOKUP:142:win32_globallookup
+DSO_F_WIN32_JOINER:135:win32_joiner
+DSO_F_WIN32_LOAD:120:win32_load
+DSO_F_WIN32_MERGER:134:win32_merger
+DSO_F_WIN32_NAME_CONVERTER:125:win32_name_converter
+DSO_F_WIN32_PATHBYADDR:109:*
+DSO_F_WIN32_SPLITTER:136:win32_splitter
+DSO_F_WIN32_UNLOAD:121:win32_unload
+EC_F_BN_TO_FELEM:224:BN_to_felem
+EC_F_D2I_ECPARAMETERS:144:d2i_ECParameters
+EC_F_D2I_ECPKPARAMETERS:145:d2i_ECPKParameters
+EC_F_D2I_ECPRIVATEKEY:146:d2i_ECPrivateKey
+EC_F_DO_EC_KEY_PRINT:221:do_EC_KEY_print
+EC_F_ECDH_CMS_DECRYPT:238:ecdh_cms_decrypt
+EC_F_ECDH_CMS_SET_SHARED_INFO:239:ecdh_cms_set_shared_info
+EC_F_ECDH_COMPUTE_KEY:246:ECDH_compute_key
+EC_F_ECDH_SIMPLE_COMPUTE_KEY:257:ecdh_simple_compute_key
+EC_F_ECDSA_DO_SIGN_EX:251:ECDSA_do_sign_ex
+EC_F_ECDSA_DO_VERIFY:252:ECDSA_do_verify
+EC_F_ECDSA_SIGN_EX:254:ECDSA_sign_ex
+EC_F_ECDSA_SIGN_SETUP:248:ECDSA_sign_setup
+EC_F_ECDSA_SIG_NEW:265:ECDSA_SIG_new
+EC_F_ECDSA_VERIFY:253:ECDSA_verify
+EC_F_ECD_ITEM_VERIFY:270:ecd_item_verify
+EC_F_ECKEY_PARAM2TYPE:223:eckey_param2type
+EC_F_ECKEY_PARAM_DECODE:212:eckey_param_decode
+EC_F_ECKEY_PRIV_DECODE:213:eckey_priv_decode
+EC_F_ECKEY_PRIV_ENCODE:214:eckey_priv_encode
+EC_F_ECKEY_PUB_DECODE:215:eckey_pub_decode
+EC_F_ECKEY_PUB_ENCODE:216:eckey_pub_encode
+EC_F_ECKEY_TYPE2PARAM:220:eckey_type2param
+EC_F_ECPARAMETERS_PRINT:147:ECParameters_print
+EC_F_ECPARAMETERS_PRINT_FP:148:ECParameters_print_fp
+EC_F_ECPKPARAMETERS_PRINT:149:ECPKParameters_print
+EC_F_ECPKPARAMETERS_PRINT_FP:150:ECPKParameters_print_fp
+EC_F_ECP_NISTZ256_GET_AFFINE:240:ecp_nistz256_get_affine
+EC_F_ECP_NISTZ256_INV_MOD_ORD:275:ecp_nistz256_inv_mod_ord
+EC_F_ECP_NISTZ256_MULT_PRECOMPUTE:243:ecp_nistz256_mult_precompute
+EC_F_ECP_NISTZ256_POINTS_MUL:241:ecp_nistz256_points_mul
+EC_F_ECP_NISTZ256_PRE_COMP_NEW:244:ecp_nistz256_pre_comp_new
+EC_F_ECP_NISTZ256_WINDOWED_MUL:242:ecp_nistz256_windowed_mul
+EC_F_ECX_KEY_OP:266:ecx_key_op
+EC_F_ECX_PRIV_ENCODE:267:ecx_priv_encode
+EC_F_ECX_PUB_ENCODE:268:ecx_pub_encode
+EC_F_EC_ASN1_GROUP2CURVE:153:ec_asn1_group2curve
+EC_F_EC_ASN1_GROUP2FIELDID:154:ec_asn1_group2fieldid
+EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY:208:ec_GF2m_montgomery_point_multiply
+EC_F_EC_GF2M_SIMPLE_FIELD_INV:296:ec_GF2m_simple_field_inv
+EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT:159:\
+ ec_GF2m_simple_group_check_discriminant
+EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE:195:ec_GF2m_simple_group_set_curve
+EC_F_EC_GF2M_SIMPLE_LADDER_POST:285:ec_GF2m_simple_ladder_post
+EC_F_EC_GF2M_SIMPLE_LADDER_PRE:288:ec_GF2m_simple_ladder_pre
+EC_F_EC_GF2M_SIMPLE_OCT2POINT:160:ec_GF2m_simple_oct2point
+EC_F_EC_GF2M_SIMPLE_POINT2OCT:161:ec_GF2m_simple_point2oct
+EC_F_EC_GF2M_SIMPLE_POINTS_MUL:289:ec_GF2m_simple_points_mul
+EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES:162:\
+ ec_GF2m_simple_point_get_affine_coordinates
+EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES:163:\
+ ec_GF2m_simple_point_set_affine_coordinates
+EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES:164:\
+ ec_GF2m_simple_set_compressed_coordinates
+EC_F_EC_GFP_MONT_FIELD_DECODE:133:ec_GFp_mont_field_decode
+EC_F_EC_GFP_MONT_FIELD_ENCODE:134:ec_GFp_mont_field_encode
+EC_F_EC_GFP_MONT_FIELD_INV:297:ec_GFp_mont_field_inv
+EC_F_EC_GFP_MONT_FIELD_MUL:131:ec_GFp_mont_field_mul
+EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE:209:ec_GFp_mont_field_set_to_one
+EC_F_EC_GFP_MONT_FIELD_SQR:132:ec_GFp_mont_field_sqr
+EC_F_EC_GFP_MONT_GROUP_SET_CURVE:189:ec_GFp_mont_group_set_curve
+EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE:225:ec_GFp_nistp224_group_set_curve
+EC_F_EC_GFP_NISTP224_POINTS_MUL:228:ec_GFp_nistp224_points_mul
+EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES:226:\
+ ec_GFp_nistp224_point_get_affine_coordinates
+EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE:230:ec_GFp_nistp256_group_set_curve
+EC_F_EC_GFP_NISTP256_POINTS_MUL:231:ec_GFp_nistp256_points_mul
+EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES:232:\
+ ec_GFp_nistp256_point_get_affine_coordinates
+EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE:233:ec_GFp_nistp521_group_set_curve
+EC_F_EC_GFP_NISTP521_POINTS_MUL:234:ec_GFp_nistp521_points_mul
+EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES:235:\
+ ec_GFp_nistp521_point_get_affine_coordinates
+EC_F_EC_GFP_NIST_FIELD_MUL:200:ec_GFp_nist_field_mul
+EC_F_EC_GFP_NIST_FIELD_SQR:201:ec_GFp_nist_field_sqr
+EC_F_EC_GFP_NIST_GROUP_SET_CURVE:202:ec_GFp_nist_group_set_curve
+EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES:287:ec_GFp_simple_blind_coordinates
+EC_F_EC_GFP_SIMPLE_FIELD_INV:298:ec_GFp_simple_field_inv
+EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT:165:\
+ ec_GFp_simple_group_check_discriminant
+EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE:166:ec_GFp_simple_group_set_curve
+EC_F_EC_GFP_SIMPLE_MAKE_AFFINE:102:ec_GFp_simple_make_affine
+EC_F_EC_GFP_SIMPLE_OCT2POINT:103:ec_GFp_simple_oct2point
+EC_F_EC_GFP_SIMPLE_POINT2OCT:104:ec_GFp_simple_point2oct
+EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE:137:ec_GFp_simple_points_make_affine
+EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES:167:\
+ ec_GFp_simple_point_get_affine_coordinates
+EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES:168:\
+ ec_GFp_simple_point_set_affine_coordinates
+EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES:169:\
+ ec_GFp_simple_set_compressed_coordinates
+EC_F_EC_GROUP_CHECK:170:EC_GROUP_check
+EC_F_EC_GROUP_CHECK_DISCRIMINANT:171:EC_GROUP_check_discriminant
+EC_F_EC_GROUP_COPY:106:EC_GROUP_copy
+EC_F_EC_GROUP_GET_CURVE:291:EC_GROUP_get_curve
+EC_F_EC_GROUP_GET_CURVE_GF2M:172:EC_GROUP_get_curve_GF2m
+EC_F_EC_GROUP_GET_CURVE_GFP:130:EC_GROUP_get_curve_GFp
+EC_F_EC_GROUP_GET_DEGREE:173:EC_GROUP_get_degree
+EC_F_EC_GROUP_GET_ECPARAMETERS:261:EC_GROUP_get_ecparameters
+EC_F_EC_GROUP_GET_ECPKPARAMETERS:262:EC_GROUP_get_ecpkparameters
+EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS:193:EC_GROUP_get_pentanomial_basis
+EC_F_EC_GROUP_GET_TRINOMIAL_BASIS:194:EC_GROUP_get_trinomial_basis
+EC_F_EC_GROUP_NEW:108:EC_GROUP_new
+EC_F_EC_GROUP_NEW_BY_CURVE_NAME:174:EC_GROUP_new_by_curve_name
+EC_F_EC_GROUP_NEW_FROM_DATA:175:ec_group_new_from_data
+EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS:263:EC_GROUP_new_from_ecparameters
+EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS:264:EC_GROUP_new_from_ecpkparameters
+EC_F_EC_GROUP_SET_CURVE:292:EC_GROUP_set_curve
+EC_F_EC_GROUP_SET_CURVE_GF2M:176:EC_GROUP_set_curve_GF2m
+EC_F_EC_GROUP_SET_CURVE_GFP:109:EC_GROUP_set_curve_GFp
+EC_F_EC_GROUP_SET_GENERATOR:111:EC_GROUP_set_generator
+EC_F_EC_GROUP_SET_SEED:286:EC_GROUP_set_seed
+EC_F_EC_KEY_CHECK_KEY:177:EC_KEY_check_key
+EC_F_EC_KEY_COPY:178:EC_KEY_copy
+EC_F_EC_KEY_GENERATE_KEY:179:EC_KEY_generate_key
+EC_F_EC_KEY_NEW:182:EC_KEY_new
+EC_F_EC_KEY_NEW_METHOD:245:EC_KEY_new_method
+EC_F_EC_KEY_OCT2PRIV:255:EC_KEY_oct2priv
+EC_F_EC_KEY_PRINT:180:EC_KEY_print
+EC_F_EC_KEY_PRINT_FP:181:EC_KEY_print_fp
+EC_F_EC_KEY_PRIV2BUF:279:EC_KEY_priv2buf
+EC_F_EC_KEY_PRIV2OCT:256:EC_KEY_priv2oct
+EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES:229:\
+ EC_KEY_set_public_key_affine_coordinates
+EC_F_EC_KEY_SIMPLE_CHECK_KEY:258:ec_key_simple_check_key
+EC_F_EC_KEY_SIMPLE_OCT2PRIV:259:ec_key_simple_oct2priv
+EC_F_EC_KEY_SIMPLE_PRIV2OCT:260:ec_key_simple_priv2oct
+EC_F_EC_PKEY_CHECK:273:ec_pkey_check
+EC_F_EC_PKEY_PARAM_CHECK:274:ec_pkey_param_check
+EC_F_EC_POINTS_MAKE_AFFINE:136:EC_POINTs_make_affine
+EC_F_EC_POINTS_MUL:290:EC_POINTs_mul
+EC_F_EC_POINT_ADD:112:EC_POINT_add
+EC_F_EC_POINT_BN2POINT:280:EC_POINT_bn2point
+EC_F_EC_POINT_CMP:113:EC_POINT_cmp
+EC_F_EC_POINT_COPY:114:EC_POINT_copy
+EC_F_EC_POINT_DBL:115:EC_POINT_dbl
+EC_F_EC_POINT_GET_AFFINE_COORDINATES:293:EC_POINT_get_affine_coordinates
+EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M:183:\
+ EC_POINT_get_affine_coordinates_GF2m
+EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP:116:EC_POINT_get_affine_coordinates_GFp
+EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP:117:\
+ EC_POINT_get_Jprojective_coordinates_GFp
+EC_F_EC_POINT_INVERT:210:EC_POINT_invert
+EC_F_EC_POINT_IS_AT_INFINITY:118:EC_POINT_is_at_infinity
+EC_F_EC_POINT_IS_ON_CURVE:119:EC_POINT_is_on_curve
+EC_F_EC_POINT_MAKE_AFFINE:120:EC_POINT_make_affine
+EC_F_EC_POINT_NEW:121:EC_POINT_new
+EC_F_EC_POINT_OCT2POINT:122:EC_POINT_oct2point
+EC_F_EC_POINT_POINT2BUF:281:EC_POINT_point2buf
+EC_F_EC_POINT_POINT2OCT:123:EC_POINT_point2oct
+EC_F_EC_POINT_SET_AFFINE_COORDINATES:294:EC_POINT_set_affine_coordinates
+EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M:185:\
+ EC_POINT_set_affine_coordinates_GF2m
+EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP:124:EC_POINT_set_affine_coordinates_GFp
+EC_F_EC_POINT_SET_COMPRESSED_COORDINATES:295:EC_POINT_set_compressed_coordinates
+EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M:186:\
+ EC_POINT_set_compressed_coordinates_GF2m
+EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP:125:\
+ EC_POINT_set_compressed_coordinates_GFp
+EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP:126:\
+ EC_POINT_set_Jprojective_coordinates_GFp
+EC_F_EC_POINT_SET_TO_INFINITY:127:EC_POINT_set_to_infinity
+EC_F_EC_PRE_COMP_NEW:196:ec_pre_comp_new
+EC_F_EC_SCALAR_MUL_LADDER:284:ec_scalar_mul_ladder
+EC_F_EC_WNAF_MUL:187:ec_wNAF_mul
+EC_F_EC_WNAF_PRECOMPUTE_MULT:188:ec_wNAF_precompute_mult
+EC_F_I2D_ECPARAMETERS:190:i2d_ECParameters
+EC_F_I2D_ECPKPARAMETERS:191:i2d_ECPKParameters
+EC_F_I2D_ECPRIVATEKEY:192:i2d_ECPrivateKey
+EC_F_I2O_ECPUBLICKEY:151:i2o_ECPublicKey
+EC_F_NISTP224_PRE_COMP_NEW:227:nistp224_pre_comp_new
+EC_F_NISTP256_PRE_COMP_NEW:236:nistp256_pre_comp_new
+EC_F_NISTP521_PRE_COMP_NEW:237:nistp521_pre_comp_new
+EC_F_O2I_ECPUBLICKEY:152:o2i_ECPublicKey
+EC_F_OLD_EC_PRIV_DECODE:222:old_ec_priv_decode
+EC_F_OSSL_ECDH_COMPUTE_KEY:247:ossl_ecdh_compute_key
+EC_F_OSSL_ECDSA_SIGN_SIG:249:ossl_ecdsa_sign_sig
+EC_F_OSSL_ECDSA_VERIFY_SIG:250:ossl_ecdsa_verify_sig
+EC_F_PKEY_ECD_CTRL:271:pkey_ecd_ctrl
+EC_F_PKEY_ECD_DIGESTSIGN:272:pkey_ecd_digestsign
+EC_F_PKEY_ECD_DIGESTSIGN25519:276:pkey_ecd_digestsign25519
+EC_F_PKEY_ECD_DIGESTSIGN448:277:pkey_ecd_digestsign448
+EC_F_PKEY_ECX_DERIVE:269:pkey_ecx_derive
+EC_F_PKEY_EC_CTRL:197:pkey_ec_ctrl
+EC_F_PKEY_EC_CTRL_STR:198:pkey_ec_ctrl_str
+EC_F_PKEY_EC_DERIVE:217:pkey_ec_derive
+EC_F_PKEY_EC_INIT:282:pkey_ec_init
+EC_F_PKEY_EC_KDF_DERIVE:283:pkey_ec_kdf_derive
+EC_F_PKEY_EC_KEYGEN:199:pkey_ec_keygen
+EC_F_PKEY_EC_PARAMGEN:219:pkey_ec_paramgen
+EC_F_PKEY_EC_SIGN:218:pkey_ec_sign
+EC_F_VALIDATE_ECX_DERIVE:278:validate_ecx_derive
+ENGINE_F_DIGEST_UPDATE:198:digest_update
+ENGINE_F_DYNAMIC_CTRL:180:dynamic_ctrl
+ENGINE_F_DYNAMIC_GET_DATA_CTX:181:dynamic_get_data_ctx
+ENGINE_F_DYNAMIC_LOAD:182:dynamic_load
+ENGINE_F_DYNAMIC_SET_DATA_CTX:183:dynamic_set_data_ctx
+ENGINE_F_ENGINE_ADD:105:ENGINE_add
+ENGINE_F_ENGINE_BY_ID:106:ENGINE_by_id
+ENGINE_F_ENGINE_CMD_IS_EXECUTABLE:170:ENGINE_cmd_is_executable
+ENGINE_F_ENGINE_CTRL:142:ENGINE_ctrl
+ENGINE_F_ENGINE_CTRL_CMD:178:ENGINE_ctrl_cmd
+ENGINE_F_ENGINE_CTRL_CMD_STRING:171:ENGINE_ctrl_cmd_string
+ENGINE_F_ENGINE_FINISH:107:ENGINE_finish
+ENGINE_F_ENGINE_GET_CIPHER:185:ENGINE_get_cipher
+ENGINE_F_ENGINE_GET_DIGEST:186:ENGINE_get_digest
+ENGINE_F_ENGINE_GET_FIRST:195:ENGINE_get_first
+ENGINE_F_ENGINE_GET_LAST:196:ENGINE_get_last
+ENGINE_F_ENGINE_GET_NEXT:115:ENGINE_get_next
+ENGINE_F_ENGINE_GET_PKEY_ASN1_METH:193:ENGINE_get_pkey_asn1_meth
+ENGINE_F_ENGINE_GET_PKEY_METH:192:ENGINE_get_pkey_meth
+ENGINE_F_ENGINE_GET_PREV:116:ENGINE_get_prev
+ENGINE_F_ENGINE_INIT:119:ENGINE_init
+ENGINE_F_ENGINE_LIST_ADD:120:engine_list_add
+ENGINE_F_ENGINE_LIST_REMOVE:121:engine_list_remove
+ENGINE_F_ENGINE_LOAD_PRIVATE_KEY:150:ENGINE_load_private_key
+ENGINE_F_ENGINE_LOAD_PUBLIC_KEY:151:ENGINE_load_public_key
+ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT:194:ENGINE_load_ssl_client_cert
+ENGINE_F_ENGINE_NEW:122:ENGINE_new
+ENGINE_F_ENGINE_PKEY_ASN1_FIND_STR:197:ENGINE_pkey_asn1_find_str
+ENGINE_F_ENGINE_REMOVE:123:ENGINE_remove
+ENGINE_F_ENGINE_SET_DEFAULT_STRING:189:ENGINE_set_default_string
+ENGINE_F_ENGINE_SET_ID:129:ENGINE_set_id
+ENGINE_F_ENGINE_SET_NAME:130:ENGINE_set_name
+ENGINE_F_ENGINE_TABLE_REGISTER:184:engine_table_register
+ENGINE_F_ENGINE_UNLOCKED_FINISH:191:engine_unlocked_finish
+ENGINE_F_ENGINE_UP_REF:190:ENGINE_up_ref
+ENGINE_F_INT_CLEANUP_ITEM:199:int_cleanup_item
+ENGINE_F_INT_CTRL_HELPER:172:int_ctrl_helper
+ENGINE_F_INT_ENGINE_CONFIGURE:188:int_engine_configure
+ENGINE_F_INT_ENGINE_MODULE_INIT:187:int_engine_module_init
+ENGINE_F_OSSL_HMAC_INIT:200:ossl_hmac_init
+EVP_F_AESNI_INIT_KEY:165:aesni_init_key
+EVP_F_AESNI_XTS_INIT_KEY:207:aesni_xts_init_key
+EVP_F_AES_GCM_CTRL:196:aes_gcm_ctrl
+EVP_F_AES_INIT_KEY:133:aes_init_key
+EVP_F_AES_OCB_CIPHER:169:aes_ocb_cipher
+EVP_F_AES_T4_INIT_KEY:178:aes_t4_init_key
+EVP_F_AES_T4_XTS_INIT_KEY:208:aes_t4_xts_init_key
+EVP_F_AES_WRAP_CIPHER:170:aes_wrap_cipher
+EVP_F_AES_XTS_INIT_KEY:209:aes_xts_init_key
+EVP_F_ALG_MODULE_INIT:177:alg_module_init
+EVP_F_ARIA_CCM_INIT_KEY:175:aria_ccm_init_key
+EVP_F_ARIA_GCM_CTRL:197:aria_gcm_ctrl
+EVP_F_ARIA_GCM_INIT_KEY:176:aria_gcm_init_key
+EVP_F_ARIA_INIT_KEY:185:aria_init_key
+EVP_F_B64_NEW:198:b64_new
+EVP_F_CAMELLIA_INIT_KEY:159:camellia_init_key
+EVP_F_CHACHA20_POLY1305_CTRL:182:chacha20_poly1305_ctrl
+EVP_F_CMLL_T4_INIT_KEY:179:cmll_t4_init_key
+EVP_F_DES_EDE3_WRAP_CIPHER:171:des_ede3_wrap_cipher
+EVP_F_DO_SIGVER_INIT:161:do_sigver_init
+EVP_F_ENC_NEW:199:enc_new
+EVP_F_EVP_CIPHERINIT_EX:123:EVP_CipherInit_ex
+EVP_F_EVP_CIPHER_ASN1_TO_PARAM:204:EVP_CIPHER_asn1_to_param
+EVP_F_EVP_CIPHER_CTX_COPY:163:EVP_CIPHER_CTX_copy
+EVP_F_EVP_CIPHER_CTX_CTRL:124:EVP_CIPHER_CTX_ctrl
+EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH:122:EVP_CIPHER_CTX_set_key_length
+EVP_F_EVP_CIPHER_PARAM_TO_ASN1:205:EVP_CIPHER_param_to_asn1
+EVP_F_EVP_DECRYPTFINAL_EX:101:EVP_DecryptFinal_ex
+EVP_F_EVP_DECRYPTUPDATE:166:EVP_DecryptUpdate
+EVP_F_EVP_DIGESTFINALXOF:174:EVP_DigestFinalXOF
+EVP_F_EVP_DIGESTINIT_EX:128:EVP_DigestInit_ex
+EVP_F_EVP_ENCRYPTDECRYPTUPDATE:219:evp_EncryptDecryptUpdate
+EVP_F_EVP_ENCRYPTFINAL_EX:127:EVP_EncryptFinal_ex
+EVP_F_EVP_ENCRYPTUPDATE:167:EVP_EncryptUpdate
+EVP_F_EVP_MD_CTX_COPY_EX:110:EVP_MD_CTX_copy_ex
+EVP_F_EVP_MD_SIZE:162:EVP_MD_size
+EVP_F_EVP_OPENINIT:102:EVP_OpenInit
+EVP_F_EVP_PBE_ALG_ADD:115:EVP_PBE_alg_add
+EVP_F_EVP_PBE_ALG_ADD_TYPE:160:EVP_PBE_alg_add_type
+EVP_F_EVP_PBE_CIPHERINIT:116:EVP_PBE_CipherInit
+EVP_F_EVP_PBE_SCRYPT:181:EVP_PBE_scrypt
+EVP_F_EVP_PKCS82PKEY:111:EVP_PKCS82PKEY
+EVP_F_EVP_PKEY2PKCS8:113:EVP_PKEY2PKCS8
+EVP_F_EVP_PKEY_ASN1_ADD0:188:EVP_PKEY_asn1_add0
+EVP_F_EVP_PKEY_CHECK:186:EVP_PKEY_check
+EVP_F_EVP_PKEY_COPY_PARAMETERS:103:EVP_PKEY_copy_parameters
+EVP_F_EVP_PKEY_CTX_CTRL:137:EVP_PKEY_CTX_ctrl
+EVP_F_EVP_PKEY_CTX_CTRL_STR:150:EVP_PKEY_CTX_ctrl_str
+EVP_F_EVP_PKEY_CTX_DUP:156:EVP_PKEY_CTX_dup
+EVP_F_EVP_PKEY_CTX_MD:168:EVP_PKEY_CTX_md
+EVP_F_EVP_PKEY_DECRYPT:104:EVP_PKEY_decrypt
+EVP_F_EVP_PKEY_DECRYPT_INIT:138:EVP_PKEY_decrypt_init
+EVP_F_EVP_PKEY_DECRYPT_OLD:151:EVP_PKEY_decrypt_old
+EVP_F_EVP_PKEY_DERIVE:153:EVP_PKEY_derive
+EVP_F_EVP_PKEY_DERIVE_INIT:154:EVP_PKEY_derive_init
+EVP_F_EVP_PKEY_DERIVE_SET_PEER:155:EVP_PKEY_derive_set_peer
+EVP_F_EVP_PKEY_ENCRYPT:105:EVP_PKEY_encrypt
+EVP_F_EVP_PKEY_ENCRYPT_INIT:139:EVP_PKEY_encrypt_init
+EVP_F_EVP_PKEY_ENCRYPT_OLD:152:EVP_PKEY_encrypt_old
+EVP_F_EVP_PKEY_GET0_DH:119:EVP_PKEY_get0_DH
+EVP_F_EVP_PKEY_GET0_DSA:120:EVP_PKEY_get0_DSA
+EVP_F_EVP_PKEY_GET0_EC_KEY:131:EVP_PKEY_get0_EC_KEY
+EVP_F_EVP_PKEY_GET0_HMAC:183:EVP_PKEY_get0_hmac
+EVP_F_EVP_PKEY_GET0_POLY1305:184:EVP_PKEY_get0_poly1305
+EVP_F_EVP_PKEY_GET0_RSA:121:EVP_PKEY_get0_RSA
+EVP_F_EVP_PKEY_GET0_SIPHASH:172:EVP_PKEY_get0_siphash
+EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY:202:EVP_PKEY_get_raw_private_key
+EVP_F_EVP_PKEY_GET_RAW_PUBLIC_KEY:203:EVP_PKEY_get_raw_public_key
+EVP_F_EVP_PKEY_KEYGEN:146:EVP_PKEY_keygen
+EVP_F_EVP_PKEY_KEYGEN_INIT:147:EVP_PKEY_keygen_init
+EVP_F_EVP_PKEY_METH_ADD0:194:EVP_PKEY_meth_add0
+EVP_F_EVP_PKEY_METH_NEW:195:EVP_PKEY_meth_new
+EVP_F_EVP_PKEY_NEW:106:EVP_PKEY_new
+EVP_F_EVP_PKEY_NEW_CMAC_KEY:193:EVP_PKEY_new_CMAC_key
+EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY:191:EVP_PKEY_new_raw_private_key
+EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY:192:EVP_PKEY_new_raw_public_key
+EVP_F_EVP_PKEY_PARAMGEN:148:EVP_PKEY_paramgen
+EVP_F_EVP_PKEY_PARAMGEN_INIT:149:EVP_PKEY_paramgen_init
+EVP_F_EVP_PKEY_PARAM_CHECK:189:EVP_PKEY_param_check
+EVP_F_EVP_PKEY_PUBLIC_CHECK:190:EVP_PKEY_public_check
+EVP_F_EVP_PKEY_SET1_ENGINE:187:EVP_PKEY_set1_engine
+EVP_F_EVP_PKEY_SET_ALIAS_TYPE:206:EVP_PKEY_set_alias_type
+EVP_F_EVP_PKEY_SIGN:140:EVP_PKEY_sign
+EVP_F_EVP_PKEY_SIGN_INIT:141:EVP_PKEY_sign_init
+EVP_F_EVP_PKEY_VERIFY:142:EVP_PKEY_verify
+EVP_F_EVP_PKEY_VERIFY_INIT:143:EVP_PKEY_verify_init
+EVP_F_EVP_PKEY_VERIFY_RECOVER:144:EVP_PKEY_verify_recover
+EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT:145:EVP_PKEY_verify_recover_init
+EVP_F_EVP_SIGNFINAL:107:EVP_SignFinal
+EVP_F_EVP_VERIFYFINAL:108:EVP_VerifyFinal
+EVP_F_INT_CTX_NEW:157:int_ctx_new
+EVP_F_OK_NEW:200:ok_new
+EVP_F_PKCS5_PBE_KEYIVGEN:117:PKCS5_PBE_keyivgen
+EVP_F_PKCS5_V2_PBE_KEYIVGEN:118:PKCS5_v2_PBE_keyivgen
+EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN:164:PKCS5_v2_PBKDF2_keyivgen
+EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN:180:PKCS5_v2_scrypt_keyivgen
+EVP_F_PKEY_SET_TYPE:158:pkey_set_type
+EVP_F_RC2_MAGIC_TO_METH:109:rc2_magic_to_meth
+EVP_F_RC5_CTRL:125:rc5_ctrl
+EVP_F_R_32_12_16_INIT_KEY:242:r_32_12_16_init_key
+EVP_F_S390X_AES_GCM_CTRL:201:s390x_aes_gcm_ctrl
+EVP_F_UPDATE:173:update
+KDF_F_PKEY_HKDF_CTRL_STR:103:pkey_hkdf_ctrl_str
+KDF_F_PKEY_HKDF_DERIVE:102:pkey_hkdf_derive
+KDF_F_PKEY_HKDF_INIT:108:pkey_hkdf_init
+KDF_F_PKEY_SCRYPT_CTRL_STR:104:pkey_scrypt_ctrl_str
+KDF_F_PKEY_SCRYPT_CTRL_UINT64:105:pkey_scrypt_ctrl_uint64
+KDF_F_PKEY_SCRYPT_DERIVE:109:pkey_scrypt_derive
+KDF_F_PKEY_SCRYPT_INIT:106:pkey_scrypt_init
+KDF_F_PKEY_SCRYPT_SET_MEMBUF:107:pkey_scrypt_set_membuf
+KDF_F_PKEY_TLS1_PRF_CTRL_STR:100:pkey_tls1_prf_ctrl_str
+KDF_F_PKEY_TLS1_PRF_DERIVE:101:pkey_tls1_prf_derive
+KDF_F_PKEY_TLS1_PRF_INIT:110:pkey_tls1_prf_init
+KDF_F_TLS1_PRF_ALG:111:tls1_prf_alg
+OBJ_F_OBJ_ADD_OBJECT:105:OBJ_add_object
+OBJ_F_OBJ_ADD_SIGID:107:OBJ_add_sigid
+OBJ_F_OBJ_CREATE:100:OBJ_create
+OBJ_F_OBJ_DUP:101:OBJ_dup
+OBJ_F_OBJ_NAME_NEW_INDEX:106:OBJ_NAME_new_index
+OBJ_F_OBJ_NID2LN:102:OBJ_nid2ln
+OBJ_F_OBJ_NID2OBJ:103:OBJ_nid2obj
+OBJ_F_OBJ_NID2SN:104:OBJ_nid2sn
+OBJ_F_OBJ_TXT2OBJ:108:OBJ_txt2obj
+OCSP_F_D2I_OCSP_NONCE:102:d2i_ocsp_nonce
+OCSP_F_OCSP_BASIC_ADD1_STATUS:103:OCSP_basic_add1_status
+OCSP_F_OCSP_BASIC_SIGN:104:OCSP_basic_sign
+OCSP_F_OCSP_BASIC_SIGN_CTX:119:OCSP_basic_sign_ctx
+OCSP_F_OCSP_BASIC_VERIFY:105:OCSP_basic_verify
+OCSP_F_OCSP_CERT_ID_NEW:101:OCSP_cert_id_new
+OCSP_F_OCSP_CHECK_DELEGATED:106:ocsp_check_delegated
+OCSP_F_OCSP_CHECK_IDS:107:ocsp_check_ids
+OCSP_F_OCSP_CHECK_ISSUER:108:ocsp_check_issuer
+OCSP_F_OCSP_CHECK_VALIDITY:115:OCSP_check_validity
+OCSP_F_OCSP_MATCH_ISSUERID:109:ocsp_match_issuerid
+OCSP_F_OCSP_PARSE_URL:114:OCSP_parse_url
+OCSP_F_OCSP_REQUEST_SIGN:110:OCSP_request_sign
+OCSP_F_OCSP_REQUEST_VERIFY:116:OCSP_request_verify
+OCSP_F_OCSP_RESPONSE_GET1_BASIC:111:OCSP_response_get1_basic
+OCSP_F_PARSE_HTTP_LINE1:118:parse_http_line1
+OSSL_STORE_F_FILE_CTRL:129:file_ctrl
+OSSL_STORE_F_FILE_FIND:138:file_find
+OSSL_STORE_F_FILE_GET_PASS:118:file_get_pass
+OSSL_STORE_F_FILE_LOAD:119:file_load
+OSSL_STORE_F_FILE_LOAD_TRY_DECODE:124:file_load_try_decode
+OSSL_STORE_F_FILE_NAME_TO_URI:126:file_name_to_uri
+OSSL_STORE_F_FILE_OPEN:120:file_open
+OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO:127:ossl_store_attach_pem_bio
+OSSL_STORE_F_OSSL_STORE_EXPECT:130:OSSL_STORE_expect
+OSSL_STORE_F_OSSL_STORE_FILE_ATTACH_PEM_BIO_INT:128:\
+ ossl_store_file_attach_pem_bio_int
+OSSL_STORE_F_OSSL_STORE_FIND:131:OSSL_STORE_find
+OSSL_STORE_F_OSSL_STORE_GET0_LOADER_INT:100:ossl_store_get0_loader_int
+OSSL_STORE_F_OSSL_STORE_INFO_GET1_CERT:101:OSSL_STORE_INFO_get1_CERT
+OSSL_STORE_F_OSSL_STORE_INFO_GET1_CRL:102:OSSL_STORE_INFO_get1_CRL
+OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME:103:OSSL_STORE_INFO_get1_NAME
+OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION:135:\
+ OSSL_STORE_INFO_get1_NAME_description
+OSSL_STORE_F_OSSL_STORE_INFO_GET1_PARAMS:104:OSSL_STORE_INFO_get1_PARAMS
+OSSL_STORE_F_OSSL_STORE_INFO_GET1_PKEY:105:OSSL_STORE_INFO_get1_PKEY
+OSSL_STORE_F_OSSL_STORE_INFO_NEW_CERT:106:OSSL_STORE_INFO_new_CERT
+OSSL_STORE_F_OSSL_STORE_INFO_NEW_CRL:107:OSSL_STORE_INFO_new_CRL
+OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED:123:ossl_store_info_new_EMBEDDED
+OSSL_STORE_F_OSSL_STORE_INFO_NEW_NAME:109:OSSL_STORE_INFO_new_NAME
+OSSL_STORE_F_OSSL_STORE_INFO_NEW_PARAMS:110:OSSL_STORE_INFO_new_PARAMS
+OSSL_STORE_F_OSSL_STORE_INFO_NEW_PKEY:111:OSSL_STORE_INFO_new_PKEY
+OSSL_STORE_F_OSSL_STORE_INFO_SET0_NAME_DESCRIPTION:134:\
+ OSSL_STORE_INFO_set0_NAME_description
+OSSL_STORE_F_OSSL_STORE_INIT_ONCE:112:ossl_store_init_once
+OSSL_STORE_F_OSSL_STORE_LOADER_NEW:113:OSSL_STORE_LOADER_new
+OSSL_STORE_F_OSSL_STORE_OPEN:114:OSSL_STORE_open
+OSSL_STORE_F_OSSL_STORE_OPEN_INT:115:*
+OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT:117:ossl_store_register_loader_int
+OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ALIAS:132:OSSL_STORE_SEARCH_by_alias
+OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ISSUER_SERIAL:133:\
+ OSSL_STORE_SEARCH_by_issuer_serial
+OSSL_STORE_F_OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT:136:\
+ OSSL_STORE_SEARCH_by_key_fingerprint
+OSSL_STORE_F_OSSL_STORE_SEARCH_BY_NAME:137:OSSL_STORE_SEARCH_by_name
+OSSL_STORE_F_OSSL_STORE_UNREGISTER_LOADER_INT:116:\
+ ossl_store_unregister_loader_int
+OSSL_STORE_F_TRY_DECODE_PARAMS:121:try_decode_params
+OSSL_STORE_F_TRY_DECODE_PKCS12:122:try_decode_PKCS12
+OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED:125:try_decode_PKCS8Encrypted
+PEM_F_B2I_DSS:127:b2i_dss
+PEM_F_B2I_PVK_BIO:128:b2i_PVK_bio
+PEM_F_B2I_RSA:129:b2i_rsa
+PEM_F_CHECK_BITLEN_DSA:130:check_bitlen_dsa
+PEM_F_CHECK_BITLEN_RSA:131:check_bitlen_rsa
+PEM_F_D2I_PKCS8PRIVATEKEY_BIO:120:d2i_PKCS8PrivateKey_bio
+PEM_F_D2I_PKCS8PRIVATEKEY_FP:121:d2i_PKCS8PrivateKey_fp
+PEM_F_DO_B2I:132:do_b2i
+PEM_F_DO_B2I_BIO:133:do_b2i_bio
+PEM_F_DO_BLOB_HEADER:134:do_blob_header
+PEM_F_DO_I2B:146:do_i2b
+PEM_F_DO_PK8PKEY:126:do_pk8pkey
+PEM_F_DO_PK8PKEY_FP:125:do_pk8pkey_fp
+PEM_F_DO_PVK_BODY:135:do_PVK_body
+PEM_F_DO_PVK_HEADER:136:do_PVK_header
+PEM_F_GET_HEADER_AND_DATA:143:get_header_and_data
+PEM_F_GET_NAME:144:get_name
+PEM_F_I2B_PVK:137:i2b_PVK
+PEM_F_I2B_PVK_BIO:138:i2b_PVK_bio
+PEM_F_LOAD_IV:101:load_iv
+PEM_F_PEM_ASN1_READ:102:PEM_ASN1_read
+PEM_F_PEM_ASN1_READ_BIO:103:PEM_ASN1_read_bio
+PEM_F_PEM_ASN1_WRITE:104:PEM_ASN1_write
+PEM_F_PEM_ASN1_WRITE_BIO:105:PEM_ASN1_write_bio
+PEM_F_PEM_DEF_CALLBACK:100:PEM_def_callback
+PEM_F_PEM_DO_HEADER:106:PEM_do_header
+PEM_F_PEM_GET_EVP_CIPHER_INFO:107:PEM_get_EVP_CIPHER_INFO
+PEM_F_PEM_READ:108:PEM_read
+PEM_F_PEM_READ_BIO:109:PEM_read_bio
+PEM_F_PEM_READ_BIO_DHPARAMS:141:PEM_read_bio_DHparams
+PEM_F_PEM_READ_BIO_EX:145:PEM_read_bio_ex
+PEM_F_PEM_READ_BIO_PARAMETERS:140:PEM_read_bio_Parameters
+PEM_F_PEM_READ_BIO_PRIVATEKEY:123:PEM_read_bio_PrivateKey
+PEM_F_PEM_READ_DHPARAMS:142:PEM_read_DHparams
+PEM_F_PEM_READ_PRIVATEKEY:124:PEM_read_PrivateKey
+PEM_F_PEM_SIGNFINAL:112:PEM_SignFinal
+PEM_F_PEM_WRITE:113:PEM_write
+PEM_F_PEM_WRITE_BIO:114:PEM_write_bio
+PEM_F_PEM_WRITE_BIO_PRIVATEKEY_TRADITIONAL:147:\
+ PEM_write_bio_PrivateKey_traditional
+PEM_F_PEM_WRITE_PRIVATEKEY:139:PEM_write_PrivateKey
+PEM_F_PEM_X509_INFO_READ:115:PEM_X509_INFO_read
+PEM_F_PEM_X509_INFO_READ_BIO:116:PEM_X509_INFO_read_bio
+PEM_F_PEM_X509_INFO_WRITE_BIO:117:PEM_X509_INFO_write_bio
+PKCS12_F_OPENSSL_ASC2UNI:121:OPENSSL_asc2uni
+PKCS12_F_OPENSSL_UNI2ASC:124:OPENSSL_uni2asc
+PKCS12_F_OPENSSL_UNI2UTF8:127:OPENSSL_uni2utf8
+PKCS12_F_OPENSSL_UTF82UNI:129:OPENSSL_utf82uni
+PKCS12_F_PKCS12_CREATE:105:PKCS12_create
+PKCS12_F_PKCS12_GEN_MAC:107:PKCS12_gen_mac
+PKCS12_F_PKCS12_INIT:109:PKCS12_init
+PKCS12_F_PKCS12_ITEM_DECRYPT_D2I:106:PKCS12_item_decrypt_d2i
+PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT:108:PKCS12_item_i2d_encrypt
+PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG:117:PKCS12_item_pack_safebag
+PKCS12_F_PKCS12_KEY_GEN_ASC:110:PKCS12_key_gen_asc
+PKCS12_F_PKCS12_KEY_GEN_UNI:111:PKCS12_key_gen_uni
+PKCS12_F_PKCS12_KEY_GEN_UTF8:116:PKCS12_key_gen_utf8
+PKCS12_F_PKCS12_NEWPASS:128:PKCS12_newpass
+PKCS12_F_PKCS12_PACK_P7DATA:114:PKCS12_pack_p7data
+PKCS12_F_PKCS12_PACK_P7ENCDATA:115:PKCS12_pack_p7encdata
+PKCS12_F_PKCS12_PARSE:118:PKCS12_parse
+PKCS12_F_PKCS12_PBE_CRYPT:119:PKCS12_pbe_crypt
+PKCS12_F_PKCS12_PBE_KEYIVGEN:120:PKCS12_PBE_keyivgen
+PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF:112:PKCS12_SAFEBAG_create0_p8inf
+PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8:113:PKCS12_SAFEBAG_create0_pkcs8
+PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT:133:\
+ PKCS12_SAFEBAG_create_pkcs8_encrypt
+PKCS12_F_PKCS12_SETUP_MAC:122:PKCS12_setup_mac
+PKCS12_F_PKCS12_SET_MAC:123:PKCS12_set_mac
+PKCS12_F_PKCS12_UNPACK_AUTHSAFES:130:PKCS12_unpack_authsafes
+PKCS12_F_PKCS12_UNPACK_P7DATA:131:PKCS12_unpack_p7data
+PKCS12_F_PKCS12_UNPACK_P7ENCDATA:134:PKCS12_unpack_p7encdata
+PKCS12_F_PKCS12_VERIFY_MAC:126:PKCS12_verify_mac
+PKCS12_F_PKCS8_ENCRYPT:125:PKCS8_encrypt
+PKCS12_F_PKCS8_SET0_PBE:132:PKCS8_set0_pbe
+PKCS7_F_DO_PKCS7_SIGNED_ATTRIB:136:do_pkcs7_signed_attrib
+PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME:135:PKCS7_add0_attrib_signing_time
+PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP:118:PKCS7_add_attrib_smimecap
+PKCS7_F_PKCS7_ADD_CERTIFICATE:100:PKCS7_add_certificate
+PKCS7_F_PKCS7_ADD_CRL:101:PKCS7_add_crl
+PKCS7_F_PKCS7_ADD_RECIPIENT_INFO:102:PKCS7_add_recipient_info
+PKCS7_F_PKCS7_ADD_SIGNATURE:131:PKCS7_add_signature
+PKCS7_F_PKCS7_ADD_SIGNER:103:PKCS7_add_signer
+PKCS7_F_PKCS7_BIO_ADD_DIGEST:125:PKCS7_bio_add_digest
+PKCS7_F_PKCS7_COPY_EXISTING_DIGEST:138:pkcs7_copy_existing_digest
+PKCS7_F_PKCS7_CTRL:104:PKCS7_ctrl
+PKCS7_F_PKCS7_DATADECODE:112:PKCS7_dataDecode
+PKCS7_F_PKCS7_DATAFINAL:128:PKCS7_dataFinal
+PKCS7_F_PKCS7_DATAINIT:105:PKCS7_dataInit
+PKCS7_F_PKCS7_DATAVERIFY:107:PKCS7_dataVerify
+PKCS7_F_PKCS7_DECRYPT:114:PKCS7_decrypt
+PKCS7_F_PKCS7_DECRYPT_RINFO:133:pkcs7_decrypt_rinfo
+PKCS7_F_PKCS7_ENCODE_RINFO:132:pkcs7_encode_rinfo
+PKCS7_F_PKCS7_ENCRYPT:115:PKCS7_encrypt
+PKCS7_F_PKCS7_FINAL:134:PKCS7_final
+PKCS7_F_PKCS7_FIND_DIGEST:127:PKCS7_find_digest
+PKCS7_F_PKCS7_GET0_SIGNERS:124:PKCS7_get0_signers
+PKCS7_F_PKCS7_RECIP_INFO_SET:130:PKCS7_RECIP_INFO_set
+PKCS7_F_PKCS7_SET_CIPHER:108:PKCS7_set_cipher
+PKCS7_F_PKCS7_SET_CONTENT:109:PKCS7_set_content
+PKCS7_F_PKCS7_SET_DIGEST:126:PKCS7_set_digest
+PKCS7_F_PKCS7_SET_TYPE:110:PKCS7_set_type
+PKCS7_F_PKCS7_SIGN:116:PKCS7_sign
+PKCS7_F_PKCS7_SIGNATUREVERIFY:113:PKCS7_signatureVerify
+PKCS7_F_PKCS7_SIGNER_INFO_SET:129:PKCS7_SIGNER_INFO_set
+PKCS7_F_PKCS7_SIGNER_INFO_SIGN:139:PKCS7_SIGNER_INFO_sign
+PKCS7_F_PKCS7_SIGN_ADD_SIGNER:137:PKCS7_sign_add_signer
+PKCS7_F_PKCS7_SIMPLE_SMIMECAP:119:PKCS7_simple_smimecap
+PKCS7_F_PKCS7_VERIFY:117:PKCS7_verify
+RAND_F_DATA_COLLECT_METHOD:127:data_collect_method
+RAND_F_DRBG_BYTES:101:drbg_bytes
+RAND_F_DRBG_GET_ENTROPY:105:drbg_get_entropy
+RAND_F_DRBG_SETUP:117:drbg_setup
+RAND_F_GET_ENTROPY:106:get_entropy
+RAND_F_RAND_BYTES:100:RAND_bytes
+RAND_F_RAND_DRBG_ENABLE_LOCKING:119:rand_drbg_enable_locking
+RAND_F_RAND_DRBG_GENERATE:107:RAND_DRBG_generate
+RAND_F_RAND_DRBG_GET_ENTROPY:120:rand_drbg_get_entropy
+RAND_F_RAND_DRBG_GET_NONCE:123:rand_drbg_get_nonce
+RAND_F_RAND_DRBG_INSTANTIATE:108:RAND_DRBG_instantiate
+RAND_F_RAND_DRBG_NEW:109:RAND_DRBG_new
+RAND_F_RAND_DRBG_RESEED:110:RAND_DRBG_reseed
+RAND_F_RAND_DRBG_RESTART:102:rand_drbg_restart
+RAND_F_RAND_DRBG_SET:104:RAND_DRBG_set
+RAND_F_RAND_DRBG_SET_DEFAULTS:121:RAND_DRBG_set_defaults
+RAND_F_RAND_DRBG_UNINSTANTIATE:118:RAND_DRBG_uninstantiate
+RAND_F_RAND_LOAD_FILE:111:RAND_load_file
+RAND_F_RAND_POOL_ACQUIRE_ENTROPY:122:rand_pool_acquire_entropy
+RAND_F_RAND_POOL_ADD:103:rand_pool_add
+RAND_F_RAND_POOL_ADD_BEGIN:113:rand_pool_add_begin
+RAND_F_RAND_POOL_ADD_END:114:rand_pool_add_end
+RAND_F_RAND_POOL_ATTACH:124:rand_pool_attach
+RAND_F_RAND_POOL_BYTES_NEEDED:115:rand_pool_bytes_needed
+RAND_F_RAND_POOL_GROW:125:rand_pool_grow
+RAND_F_RAND_POOL_NEW:116:rand_pool_new
+RAND_F_RAND_PSEUDO_BYTES:126:RAND_pseudo_bytes
+RAND_F_RAND_WRITE_FILE:112:RAND_write_file
+RSA_F_CHECK_PADDING_MD:140:check_padding_md
+RSA_F_ENCODE_PKCS1:146:encode_pkcs1
+RSA_F_INT_RSA_VERIFY:145:int_rsa_verify
+RSA_F_OLD_RSA_PRIV_DECODE:147:old_rsa_priv_decode
+RSA_F_PKEY_PSS_INIT:165:pkey_pss_init
+RSA_F_PKEY_RSA_CTRL:143:pkey_rsa_ctrl
+RSA_F_PKEY_RSA_CTRL_STR:144:pkey_rsa_ctrl_str
+RSA_F_PKEY_RSA_SIGN:142:pkey_rsa_sign
+RSA_F_PKEY_RSA_VERIFY:149:pkey_rsa_verify
+RSA_F_PKEY_RSA_VERIFYRECOVER:141:pkey_rsa_verifyrecover
+RSA_F_RSA_ALGOR_TO_MD:156:rsa_algor_to_md
+RSA_F_RSA_BUILTIN_KEYGEN:129:rsa_builtin_keygen
+RSA_F_RSA_CHECK_KEY:123:RSA_check_key
+RSA_F_RSA_CHECK_KEY_EX:160:RSA_check_key_ex
+RSA_F_RSA_CMS_DECRYPT:159:rsa_cms_decrypt
+RSA_F_RSA_CMS_VERIFY:158:rsa_cms_verify
+RSA_F_RSA_ITEM_VERIFY:148:rsa_item_verify
+RSA_F_RSA_METH_DUP:161:RSA_meth_dup
+RSA_F_RSA_METH_NEW:162:RSA_meth_new
+RSA_F_RSA_METH_SET1_NAME:163:RSA_meth_set1_name
+RSA_F_RSA_MGF1_TO_MD:157:*
+RSA_F_RSA_MULTIP_INFO_NEW:166:rsa_multip_info_new
+RSA_F_RSA_NEW_METHOD:106:RSA_new_method
+RSA_F_RSA_NULL:124:*
+RSA_F_RSA_NULL_PRIVATE_DECRYPT:132:*
+RSA_F_RSA_NULL_PRIVATE_ENCRYPT:133:*
+RSA_F_RSA_NULL_PUBLIC_DECRYPT:134:*
+RSA_F_RSA_NULL_PUBLIC_ENCRYPT:135:*
+RSA_F_RSA_OSSL_PRIVATE_DECRYPT:101:rsa_ossl_private_decrypt
+RSA_F_RSA_OSSL_PRIVATE_ENCRYPT:102:rsa_ossl_private_encrypt
+RSA_F_RSA_OSSL_PUBLIC_DECRYPT:103:rsa_ossl_public_decrypt
+RSA_F_RSA_OSSL_PUBLIC_ENCRYPT:104:rsa_ossl_public_encrypt
+RSA_F_RSA_PADDING_ADD_NONE:107:RSA_padding_add_none
+RSA_F_RSA_PADDING_ADD_PKCS1_OAEP:121:RSA_padding_add_PKCS1_OAEP
+RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1:154:RSA_padding_add_PKCS1_OAEP_mgf1
+RSA_F_RSA_PADDING_ADD_PKCS1_PSS:125:RSA_padding_add_PKCS1_PSS
+RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1:152:RSA_padding_add_PKCS1_PSS_mgf1
+RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1:108:RSA_padding_add_PKCS1_type_1
+RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2:109:RSA_padding_add_PKCS1_type_2
+RSA_F_RSA_PADDING_ADD_SSLV23:110:RSA_padding_add_SSLv23
+RSA_F_RSA_PADDING_ADD_X931:127:RSA_padding_add_X931
+RSA_F_RSA_PADDING_CHECK_NONE:111:RSA_padding_check_none
+RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP:122:RSA_padding_check_PKCS1_OAEP
+RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1:153:RSA_padding_check_PKCS1_OAEP_mgf1
+RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1:112:RSA_padding_check_PKCS1_type_1
+RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2:113:RSA_padding_check_PKCS1_type_2
+RSA_F_RSA_PADDING_CHECK_SSLV23:114:RSA_padding_check_SSLv23
+RSA_F_RSA_PADDING_CHECK_X931:128:RSA_padding_check_X931
+RSA_F_RSA_PARAM_DECODE:164:rsa_param_decode
+RSA_F_RSA_PRINT:115:RSA_print
+RSA_F_RSA_PRINT_FP:116:RSA_print_fp
+RSA_F_RSA_PRIV_DECODE:150:rsa_priv_decode
+RSA_F_RSA_PRIV_ENCODE:138:rsa_priv_encode
+RSA_F_RSA_PSS_GET_PARAM:151:rsa_pss_get_param
+RSA_F_RSA_PSS_TO_CTX:155:rsa_pss_to_ctx
+RSA_F_RSA_PUB_DECODE:139:rsa_pub_decode
+RSA_F_RSA_SETUP_BLINDING:136:RSA_setup_blinding
+RSA_F_RSA_SIGN:117:RSA_sign
+RSA_F_RSA_SIGN_ASN1_OCTET_STRING:118:RSA_sign_ASN1_OCTET_STRING
+RSA_F_RSA_VERIFY:119:RSA_verify
+RSA_F_RSA_VERIFY_ASN1_OCTET_STRING:120:RSA_verify_ASN1_OCTET_STRING
+RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1:126:RSA_verify_PKCS1_PSS_mgf1
+RSA_F_SETUP_TBUF:167:setup_tbuf
+SM2_F_PKEY_SM2_COPY:115:pkey_sm2_copy
+SM2_F_PKEY_SM2_CTRL:109:pkey_sm2_ctrl
+SM2_F_PKEY_SM2_CTRL_STR:110:pkey_sm2_ctrl_str
+SM2_F_PKEY_SM2_DIGEST_CUSTOM:114:pkey_sm2_digest_custom
+SM2_F_PKEY_SM2_INIT:111:pkey_sm2_init
+SM2_F_PKEY_SM2_SIGN:112:pkey_sm2_sign
+SM2_F_SM2_COMPUTE_MSG_HASH:100:sm2_compute_msg_hash
+SM2_F_SM2_COMPUTE_USERID_DIGEST:101:sm2_compute_userid_digest
+SM2_F_SM2_COMPUTE_Z_DIGEST:113:sm2_compute_z_digest
+SM2_F_SM2_DECRYPT:102:sm2_decrypt
+SM2_F_SM2_ENCRYPT:103:sm2_encrypt
+SM2_F_SM2_PLAINTEXT_SIZE:104:sm2_plaintext_size
+SM2_F_SM2_SIGN:105:sm2_sign
+SM2_F_SM2_SIG_GEN:106:sm2_sig_gen
+SM2_F_SM2_SIG_VERIFY:107:sm2_sig_verify
+SM2_F_SM2_VERIFY:108:sm2_verify
+SSL_F_ADD_CLIENT_KEY_SHARE_EXT:438:*
+SSL_F_ADD_KEY_SHARE:512:add_key_share
+SSL_F_BYTES_TO_CIPHER_LIST:519:bytes_to_cipher_list
+SSL_F_CHECK_SUITEB_CIPHER_LIST:331:check_suiteb_cipher_list
+SSL_F_CIPHERSUITE_CB:622:ciphersuite_cb
+SSL_F_CONSTRUCT_CA_NAMES:552:construct_ca_names
+SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS:553:construct_key_exchange_tbs
+SSL_F_CONSTRUCT_STATEFUL_TICKET:636:construct_stateful_ticket
+SSL_F_CONSTRUCT_STATELESS_TICKET:637:construct_stateless_ticket
+SSL_F_CREATE_SYNTHETIC_MESSAGE_HASH:539:create_synthetic_message_hash
+SSL_F_CREATE_TICKET_PREQUEL:638:create_ticket_prequel
+SSL_F_CT_MOVE_SCTS:345:ct_move_scts
+SSL_F_CT_STRICT:349:ct_strict
+SSL_F_CUSTOM_EXT_ADD:554:custom_ext_add
+SSL_F_CUSTOM_EXT_PARSE:555:custom_ext_parse
+SSL_F_D2I_SSL_SESSION:103:d2i_SSL_SESSION
+SSL_F_DANE_CTX_ENABLE:347:dane_ctx_enable
+SSL_F_DANE_MTYPE_SET:393:dane_mtype_set
+SSL_F_DANE_TLSA_ADD:394:dane_tlsa_add
+SSL_F_DERIVE_SECRET_KEY_AND_IV:514:derive_secret_key_and_iv
+SSL_F_DO_DTLS1_WRITE:245:do_dtls1_write
+SSL_F_DO_SSL3_WRITE:104:do_ssl3_write
+SSL_F_DTLS1_BUFFER_RECORD:247:dtls1_buffer_record
+SSL_F_DTLS1_CHECK_TIMEOUT_NUM:318:dtls1_check_timeout_num
+SSL_F_DTLS1_HEARTBEAT:305:*
+SSL_F_DTLS1_HM_FRAGMENT_NEW:623:dtls1_hm_fragment_new
+SSL_F_DTLS1_PREPROCESS_FRAGMENT:288:dtls1_preprocess_fragment
+SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS:424:dtls1_process_buffered_records
+SSL_F_DTLS1_PROCESS_RECORD:257:dtls1_process_record
+SSL_F_DTLS1_READ_BYTES:258:dtls1_read_bytes
+SSL_F_DTLS1_READ_FAILED:339:dtls1_read_failed
+SSL_F_DTLS1_RETRANSMIT_MESSAGE:390:dtls1_retransmit_message
+SSL_F_DTLS1_WRITE_APP_DATA_BYTES:268:dtls1_write_app_data_bytes
+SSL_F_DTLS1_WRITE_BYTES:545:dtls1_write_bytes
+SSL_F_DTLSV1_LISTEN:350:DTLSv1_listen
+SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC:371:dtls_construct_change_cipher_spec
+SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST:385:\
+ dtls_construct_hello_verify_request
+SSL_F_DTLS_GET_REASSEMBLED_MESSAGE:370:dtls_get_reassembled_message
+SSL_F_DTLS_PROCESS_HELLO_VERIFY:386:dtls_process_hello_verify
+SSL_F_DTLS_RECORD_LAYER_NEW:635:DTLS_RECORD_LAYER_new
+SSL_F_DTLS_WAIT_FOR_DRY:592:dtls_wait_for_dry
+SSL_F_EARLY_DATA_COUNT_OK:532:early_data_count_ok
+SSL_F_FINAL_EARLY_DATA:556:final_early_data
+SSL_F_FINAL_EC_PT_FORMATS:485:final_ec_pt_formats
+SSL_F_FINAL_EMS:486:final_ems
+SSL_F_FINAL_KEY_SHARE:503:final_key_share
+SSL_F_FINAL_MAXFRAGMENTLEN:557:final_maxfragmentlen
+SSL_F_FINAL_PSK:639:final_psk
+SSL_F_FINAL_RENEGOTIATE:483:final_renegotiate
+SSL_F_FINAL_SERVER_NAME:558:final_server_name
+SSL_F_FINAL_SIG_ALGS:497:final_sig_algs
+SSL_F_GET_CERT_VERIFY_TBS_DATA:588:get_cert_verify_tbs_data
+SSL_F_NSS_KEYLOG_INT:500:nss_keylog_int
+SSL_F_OPENSSL_INIT_SSL:342:OPENSSL_init_ssl
+SSL_F_OSSL_STATEM_CLIENT13_READ_TRANSITION:436:*
+SSL_F_OSSL_STATEM_CLIENT13_WRITE_TRANSITION:598:\
+ ossl_statem_client13_write_transition
+SSL_F_OSSL_STATEM_CLIENT_CONSTRUCT_MESSAGE:430:*
+SSL_F_OSSL_STATEM_CLIENT_POST_PROCESS_MESSAGE:593:\
+ ossl_statem_client_post_process_message
+SSL_F_OSSL_STATEM_CLIENT_PROCESS_MESSAGE:594:ossl_statem_client_process_message
+SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION:417:ossl_statem_client_read_transition
+SSL_F_OSSL_STATEM_CLIENT_WRITE_TRANSITION:599:\
+ ossl_statem_client_write_transition
+SSL_F_OSSL_STATEM_SERVER13_READ_TRANSITION:437:*
+SSL_F_OSSL_STATEM_SERVER13_WRITE_TRANSITION:600:\
+ ossl_statem_server13_write_transition
+SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE:431:*
+SSL_F_OSSL_STATEM_SERVER_POST_PROCESS_MESSAGE:601:\
+ ossl_statem_server_post_process_message
+SSL_F_OSSL_STATEM_SERVER_POST_WORK:602:ossl_statem_server_post_work
+SSL_F_OSSL_STATEM_SERVER_PRE_WORK:640:
+SSL_F_OSSL_STATEM_SERVER_PROCESS_MESSAGE:603:ossl_statem_server_process_message
+SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION:418:ossl_statem_server_read_transition
+SSL_F_OSSL_STATEM_SERVER_WRITE_TRANSITION:604:\
+ ossl_statem_server_write_transition
+SSL_F_PARSE_CA_NAMES:541:parse_ca_names
+SSL_F_PITEM_NEW:624:pitem_new
+SSL_F_PQUEUE_NEW:625:pqueue_new
+SSL_F_PROCESS_KEY_SHARE_EXT:439:*
+SSL_F_READ_STATE_MACHINE:352:read_state_machine
+SSL_F_SET_CLIENT_CIPHERSUITE:540:set_client_ciphersuite
+SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET:595:srp_generate_client_master_secret
+SSL_F_SRP_GENERATE_SERVER_MASTER_SECRET:589:srp_generate_server_master_secret
+SSL_F_SRP_VERIFY_SERVER_PARAM:596:srp_verify_server_param
+SSL_F_SSL3_CHANGE_CIPHER_STATE:129:ssl3_change_cipher_state
+SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM:130:ssl3_check_cert_and_algorithm
+SSL_F_SSL3_CTRL:213:ssl3_ctrl
+SSL_F_SSL3_CTX_CTRL:133:ssl3_ctx_ctrl
+SSL_F_SSL3_DIGEST_CACHED_RECORDS:293:ssl3_digest_cached_records
+SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC:292:ssl3_do_change_cipher_spec
+SSL_F_SSL3_ENC:608:ssl3_enc
+SSL_F_SSL3_FINAL_FINISH_MAC:285:ssl3_final_finish_mac
+SSL_F_SSL3_FINISH_MAC:587:ssl3_finish_mac
+SSL_F_SSL3_GENERATE_KEY_BLOCK:238:ssl3_generate_key_block
+SSL_F_SSL3_GENERATE_MASTER_SECRET:388:ssl3_generate_master_secret
+SSL_F_SSL3_GET_RECORD:143:ssl3_get_record
+SSL_F_SSL3_INIT_FINISHED_MAC:397:ssl3_init_finished_mac
+SSL_F_SSL3_OUTPUT_CERT_CHAIN:147:ssl3_output_cert_chain
+SSL_F_SSL3_READ_BYTES:148:ssl3_read_bytes
+SSL_F_SSL3_READ_N:149:ssl3_read_n
+SSL_F_SSL3_SETUP_KEY_BLOCK:157:ssl3_setup_key_block
+SSL_F_SSL3_SETUP_READ_BUFFER:156:ssl3_setup_read_buffer
+SSL_F_SSL3_SETUP_WRITE_BUFFER:291:ssl3_setup_write_buffer
+SSL_F_SSL3_WRITE_BYTES:158:ssl3_write_bytes
+SSL_F_SSL3_WRITE_PENDING:159:ssl3_write_pending
+SSL_F_SSL_ADD_CERT_CHAIN:316:ssl_add_cert_chain
+SSL_F_SSL_ADD_CERT_TO_BUF:319:*
+SSL_F_SSL_ADD_CERT_TO_WPACKET:493:ssl_add_cert_to_wpacket
+SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT:298:*
+SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT:277:*
+SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT:307:*
+SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK:215:SSL_add_dir_cert_subjects_to_stack
+SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK:216:\
+ SSL_add_file_cert_subjects_to_stack
+SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT:299:*
+SSL_F_SSL_ADD_SERVERHELLO_TLSEXT:278:*
+SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT:308:*
+SSL_F_SSL_BAD_METHOD:160:ssl_bad_method
+SSL_F_SSL_BUILD_CERT_CHAIN:332:ssl_build_cert_chain
+SSL_F_SSL_BYTES_TO_CIPHER_LIST:161:SSL_bytes_to_cipher_list
+SSL_F_SSL_CACHE_CIPHERLIST:520:ssl_cache_cipherlist
+SSL_F_SSL_CERT_ADD0_CHAIN_CERT:346:ssl_cert_add0_chain_cert
+SSL_F_SSL_CERT_DUP:221:ssl_cert_dup
+SSL_F_SSL_CERT_NEW:162:ssl_cert_new
+SSL_F_SSL_CERT_SET0_CHAIN:340:ssl_cert_set0_chain
+SSL_F_SSL_CHECK_PRIVATE_KEY:163:SSL_check_private_key
+SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT:280:*
+SSL_F_SSL_CHECK_SRP_EXT_CLIENTHELLO:606:ssl_check_srp_ext_ClientHello
+SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG:279:ssl_check_srvr_ecc_cert_and_alg
+SSL_F_SSL_CHOOSE_CLIENT_VERSION:607:ssl_choose_client_version
+SSL_F_SSL_CIPHER_DESCRIPTION:626:SSL_CIPHER_description
+SSL_F_SSL_CIPHER_LIST_TO_BYTES:425:ssl_cipher_list_to_bytes
+SSL_F_SSL_CIPHER_PROCESS_RULESTR:230:ssl_cipher_process_rulestr
+SSL_F_SSL_CIPHER_STRENGTH_SORT:231:ssl_cipher_strength_sort
+SSL_F_SSL_CLEAR:164:SSL_clear
+SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT:627:\
+ SSL_client_hello_get1_extensions_present
+SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD:165:SSL_COMP_add_compression_method
+SSL_F_SSL_CONF_CMD:334:SSL_CONF_cmd
+SSL_F_SSL_CREATE_CIPHER_LIST:166:ssl_create_cipher_list
+SSL_F_SSL_CTRL:232:SSL_ctrl
+SSL_F_SSL_CTX_CHECK_PRIVATE_KEY:168:SSL_CTX_check_private_key
+SSL_F_SSL_CTX_ENABLE_CT:398:SSL_CTX_enable_ct
+SSL_F_SSL_CTX_MAKE_PROFILES:309:ssl_ctx_make_profiles
+SSL_F_SSL_CTX_NEW:169:SSL_CTX_new
+SSL_F_SSL_CTX_SET_ALPN_PROTOS:343:SSL_CTX_set_alpn_protos
+SSL_F_SSL_CTX_SET_CIPHER_LIST:269:SSL_CTX_set_cipher_list
+SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE:290:SSL_CTX_set_client_cert_engine
+SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK:396:SSL_CTX_set_ct_validation_callback
+SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT:219:SSL_CTX_set_session_id_context
+SSL_F_SSL_CTX_SET_SSL_VERSION:170:SSL_CTX_set_ssl_version
+SSL_F_SSL_CTX_SET_TLSEXT_MAX_FRAGMENT_LENGTH:551:\
+ SSL_CTX_set_tlsext_max_fragment_length
+SSL_F_SSL_CTX_USE_CERTIFICATE:171:SSL_CTX_use_certificate
+SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1:172:SSL_CTX_use_certificate_ASN1
+SSL_F_SSL_CTX_USE_CERTIFICATE_FILE:173:SSL_CTX_use_certificate_file
+SSL_F_SSL_CTX_USE_PRIVATEKEY:174:SSL_CTX_use_PrivateKey
+SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1:175:SSL_CTX_use_PrivateKey_ASN1
+SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE:176:SSL_CTX_use_PrivateKey_file
+SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT:272:SSL_CTX_use_psk_identity_hint
+SSL_F_SSL_CTX_USE_RSAPRIVATEKEY:177:SSL_CTX_use_RSAPrivateKey
+SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1:178:SSL_CTX_use_RSAPrivateKey_ASN1
+SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE:179:SSL_CTX_use_RSAPrivateKey_file
+SSL_F_SSL_CTX_USE_SERVERINFO:336:SSL_CTX_use_serverinfo
+SSL_F_SSL_CTX_USE_SERVERINFO_EX:543:SSL_CTX_use_serverinfo_ex
+SSL_F_SSL_CTX_USE_SERVERINFO_FILE:337:SSL_CTX_use_serverinfo_file
+SSL_F_SSL_DANE_DUP:403:ssl_dane_dup
+SSL_F_SSL_DANE_ENABLE:395:SSL_dane_enable
+SSL_F_SSL_DERIVE:590:ssl_derive
+SSL_F_SSL_DO_CONFIG:391:ssl_do_config
+SSL_F_SSL_DO_HANDSHAKE:180:SSL_do_handshake
+SSL_F_SSL_DUP_CA_LIST:408:SSL_dup_CA_list
+SSL_F_SSL_ENABLE_CT:402:SSL_enable_ct
+SSL_F_SSL_GENERATE_PKEY_GROUP:559:ssl_generate_pkey_group
+SSL_F_SSL_GENERATE_SESSION_ID:547:ssl_generate_session_id
+SSL_F_SSL_GET_NEW_SESSION:181:ssl_get_new_session
+SSL_F_SSL_GET_PREV_SESSION:217:ssl_get_prev_session
+SSL_F_SSL_GET_SERVER_CERT_INDEX:322:*
+SSL_F_SSL_GET_SIGN_PKEY:183:*
+SSL_F_SSL_HANDSHAKE_HASH:560:ssl_handshake_hash
+SSL_F_SSL_INIT_WBIO_BUFFER:184:ssl_init_wbio_buffer
+SSL_F_SSL_KEY_UPDATE:515:SSL_key_update
+SSL_F_SSL_LOAD_CLIENT_CA_FILE:185:SSL_load_client_CA_file
+SSL_F_SSL_LOG_MASTER_SECRET:498:*
+SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE:499:ssl_log_rsa_client_key_exchange
+SSL_F_SSL_MODULE_INIT:392:ssl_module_init
+SSL_F_SSL_NEW:186:SSL_new
+SSL_F_SSL_NEXT_PROTO_VALIDATE:565:ssl_next_proto_validate
+SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT:300:*
+SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT:302:*
+SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT:310:*
+SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT:301:*
+SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT:303:*
+SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT:311:*
+SSL_F_SSL_PEEK:270:SSL_peek
+SSL_F_SSL_PEEK_EX:432:SSL_peek_ex
+SSL_F_SSL_PEEK_INTERNAL:522:ssl_peek_internal
+SSL_F_SSL_READ:223:SSL_read
+SSL_F_SSL_READ_EARLY_DATA:529:SSL_read_early_data
+SSL_F_SSL_READ_EX:434:SSL_read_ex
+SSL_F_SSL_READ_INTERNAL:523:ssl_read_internal
+SSL_F_SSL_RENEGOTIATE:516:SSL_renegotiate
+SSL_F_SSL_RENEGOTIATE_ABBREVIATED:546:SSL_renegotiate_abbreviated
+SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT:320:*
+SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT:321:*
+SSL_F_SSL_SESSION_DUP:348:ssl_session_dup
+SSL_F_SSL_SESSION_NEW:189:SSL_SESSION_new
+SSL_F_SSL_SESSION_PRINT_FP:190:SSL_SESSION_print_fp
+SSL_F_SSL_SESSION_SET1_ID:423:SSL_SESSION_set1_id
+SSL_F_SSL_SESSION_SET1_ID_CONTEXT:312:SSL_SESSION_set1_id_context
+SSL_F_SSL_SET_ALPN_PROTOS:344:SSL_set_alpn_protos
+SSL_F_SSL_SET_CERT:191:ssl_set_cert
+SSL_F_SSL_SET_CERT_AND_KEY:621:ssl_set_cert_and_key
+SSL_F_SSL_SET_CIPHER_LIST:271:SSL_set_cipher_list
+SSL_F_SSL_SET_CT_VALIDATION_CALLBACK:399:SSL_set_ct_validation_callback
+SSL_F_SSL_SET_FD:192:SSL_set_fd
+SSL_F_SSL_SET_PKEY:193:ssl_set_pkey
+SSL_F_SSL_SET_RFD:194:SSL_set_rfd
+SSL_F_SSL_SET_SESSION:195:SSL_set_session
+SSL_F_SSL_SET_SESSION_ID_CONTEXT:218:SSL_set_session_id_context
+SSL_F_SSL_SET_SESSION_TICKET_EXT:294:SSL_set_session_ticket_ext
+SSL_F_SSL_SET_TLSEXT_MAX_FRAGMENT_LENGTH:550:SSL_set_tlsext_max_fragment_length
+SSL_F_SSL_SET_WFD:196:SSL_set_wfd
+SSL_F_SSL_SHUTDOWN:224:SSL_shutdown
+SSL_F_SSL_SRP_CTX_INIT:313:SSL_SRP_CTX_init
+SSL_F_SSL_START_ASYNC_JOB:389:ssl_start_async_job
+SSL_F_SSL_UNDEFINED_FUNCTION:197:ssl_undefined_function
+SSL_F_SSL_UNDEFINED_VOID_FUNCTION:244:ssl_undefined_void_function
+SSL_F_SSL_USE_CERTIFICATE:198:SSL_use_certificate
+SSL_F_SSL_USE_CERTIFICATE_ASN1:199:SSL_use_certificate_ASN1
+SSL_F_SSL_USE_CERTIFICATE_FILE:200:SSL_use_certificate_file
+SSL_F_SSL_USE_PRIVATEKEY:201:SSL_use_PrivateKey
+SSL_F_SSL_USE_PRIVATEKEY_ASN1:202:SSL_use_PrivateKey_ASN1
+SSL_F_SSL_USE_PRIVATEKEY_FILE:203:SSL_use_PrivateKey_file
+SSL_F_SSL_USE_PSK_IDENTITY_HINT:273:SSL_use_psk_identity_hint
+SSL_F_SSL_USE_RSAPRIVATEKEY:204:SSL_use_RSAPrivateKey
+SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1:205:SSL_use_RSAPrivateKey_ASN1
+SSL_F_SSL_USE_RSAPRIVATEKEY_FILE:206:SSL_use_RSAPrivateKey_file
+SSL_F_SSL_VALIDATE_CT:400:ssl_validate_ct
+SSL_F_SSL_VERIFY_CERT_CHAIN:207:ssl_verify_cert_chain
+SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE:616:SSL_verify_client_post_handshake
+SSL_F_SSL_WRITE:208:SSL_write
+SSL_F_SSL_WRITE_EARLY_DATA:526:SSL_write_early_data
+SSL_F_SSL_WRITE_EARLY_FINISH:527:*
+SSL_F_SSL_WRITE_EX:433:SSL_write_ex
+SSL_F_SSL_WRITE_INTERNAL:524:ssl_write_internal
+SSL_F_STATE_MACHINE:353:state_machine
+SSL_F_TLS12_CHECK_PEER_SIGALG:333:tls12_check_peer_sigalg
+SSL_F_TLS12_COPY_SIGALGS:533:tls12_copy_sigalgs
+SSL_F_TLS13_CHANGE_CIPHER_STATE:440:tls13_change_cipher_state
+SSL_F_TLS13_ENC:609:tls13_enc
+SSL_F_TLS13_FINAL_FINISH_MAC:605:tls13_final_finish_mac
+SSL_F_TLS13_GENERATE_SECRET:591:tls13_generate_secret
+SSL_F_TLS13_HKDF_EXPAND:561:tls13_hkdf_expand
+SSL_F_TLS13_RESTORE_HANDSHAKE_DIGEST_FOR_PHA:617:\
+ tls13_restore_handshake_digest_for_pha
+SSL_F_TLS13_SAVE_HANDSHAKE_DIGEST_FOR_PHA:618:\
+ tls13_save_handshake_digest_for_pha
+SSL_F_TLS13_SETUP_KEY_BLOCK:441:tls13_setup_key_block
+SSL_F_TLS1_CHANGE_CIPHER_STATE:209:tls1_change_cipher_state
+SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS:341:*
+SSL_F_TLS1_ENC:401:tls1_enc
+SSL_F_TLS1_EXPORT_KEYING_MATERIAL:314:tls1_export_keying_material
+SSL_F_TLS1_GET_CURVELIST:338:tls1_get_curvelist
+SSL_F_TLS1_PRF:284:tls1_PRF
+SSL_F_TLS1_SAVE_U16:628:tls1_save_u16
+SSL_F_TLS1_SETUP_KEY_BLOCK:211:tls1_setup_key_block
+SSL_F_TLS1_SET_GROUPS:629:tls1_set_groups
+SSL_F_TLS1_SET_RAW_SIGALGS:630:tls1_set_raw_sigalgs
+SSL_F_TLS1_SET_SERVER_SIGALGS:335:tls1_set_server_sigalgs
+SSL_F_TLS1_SET_SHARED_SIGALGS:631:tls1_set_shared_sigalgs
+SSL_F_TLS1_SET_SIGALGS:632:tls1_set_sigalgs
+SSL_F_TLS_CHOOSE_SIGALG:513:tls_choose_sigalg
+SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK:354:tls_client_key_exchange_post_work
+SSL_F_TLS_COLLECT_EXTENSIONS:435:tls_collect_extensions
+SSL_F_TLS_CONSTRUCT_CERTIFICATE_AUTHORITIES:542:\
+ tls_construct_certificate_authorities
+SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST:372:tls_construct_certificate_request
+SSL_F_TLS_CONSTRUCT_CERT_STATUS:429:*
+SSL_F_TLS_CONSTRUCT_CERT_STATUS_BODY:494:tls_construct_cert_status_body
+SSL_F_TLS_CONSTRUCT_CERT_VERIFY:496:tls_construct_cert_verify
+SSL_F_TLS_CONSTRUCT_CHANGE_CIPHER_SPEC:427:tls_construct_change_cipher_spec
+SSL_F_TLS_CONSTRUCT_CKE_DHE:404:tls_construct_cke_dhe
+SSL_F_TLS_CONSTRUCT_CKE_ECDHE:405:tls_construct_cke_ecdhe
+SSL_F_TLS_CONSTRUCT_CKE_GOST:406:tls_construct_cke_gost
+SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE:407:tls_construct_cke_psk_preamble
+SSL_F_TLS_CONSTRUCT_CKE_RSA:409:tls_construct_cke_rsa
+SSL_F_TLS_CONSTRUCT_CKE_SRP:410:tls_construct_cke_srp
+SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE:484:tls_construct_client_certificate
+SSL_F_TLS_CONSTRUCT_CLIENT_HELLO:487:tls_construct_client_hello
+SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE:488:tls_construct_client_key_exchange
+SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY:489:*
+SSL_F_TLS_CONSTRUCT_CTOS_ALPN:466:tls_construct_ctos_alpn
+SSL_F_TLS_CONSTRUCT_CTOS_CERTIFICATE:355:*
+SSL_F_TLS_CONSTRUCT_CTOS_COOKIE:535:tls_construct_ctos_cookie
+SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA:530:tls_construct_ctos_early_data
+SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS:467:tls_construct_ctos_ec_pt_formats
+SSL_F_TLS_CONSTRUCT_CTOS_EMS:468:tls_construct_ctos_ems
+SSL_F_TLS_CONSTRUCT_CTOS_ETM:469:tls_construct_ctos_etm
+SSL_F_TLS_CONSTRUCT_CTOS_HELLO:356:*
+SSL_F_TLS_CONSTRUCT_CTOS_KEY_EXCHANGE:357:*
+SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE:470:tls_construct_ctos_key_share
+SSL_F_TLS_CONSTRUCT_CTOS_MAXFRAGMENTLEN:549:tls_construct_ctos_maxfragmentlen
+SSL_F_TLS_CONSTRUCT_CTOS_NPN:471:tls_construct_ctos_npn
+SSL_F_TLS_CONSTRUCT_CTOS_PADDING:472:tls_construct_ctos_padding
+SSL_F_TLS_CONSTRUCT_CTOS_POST_HANDSHAKE_AUTH:619:\
+ tls_construct_ctos_post_handshake_auth
+SSL_F_TLS_CONSTRUCT_CTOS_PSK:501:tls_construct_ctos_psk
+SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES:509:tls_construct_ctos_psk_kex_modes
+SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE:473:tls_construct_ctos_renegotiate
+SSL_F_TLS_CONSTRUCT_CTOS_SCT:474:tls_construct_ctos_sct
+SSL_F_TLS_CONSTRUCT_CTOS_SERVER_NAME:475:tls_construct_ctos_server_name
+SSL_F_TLS_CONSTRUCT_CTOS_SESSION_TICKET:476:tls_construct_ctos_session_ticket
+SSL_F_TLS_CONSTRUCT_CTOS_SIG_ALGS:477:tls_construct_ctos_sig_algs
+SSL_F_TLS_CONSTRUCT_CTOS_SRP:478:tls_construct_ctos_srp
+SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST:479:tls_construct_ctos_status_request
+SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS:480:\
+ tls_construct_ctos_supported_groups
+SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS:481:\
+ tls_construct_ctos_supported_versions
+SSL_F_TLS_CONSTRUCT_CTOS_USE_SRTP:482:tls_construct_ctos_use_srtp
+SSL_F_TLS_CONSTRUCT_CTOS_VERIFY:358:*
+SSL_F_TLS_CONSTRUCT_ENCRYPTED_EXTENSIONS:443:tls_construct_encrypted_extensions
+SSL_F_TLS_CONSTRUCT_END_OF_EARLY_DATA:536:tls_construct_end_of_early_data
+SSL_F_TLS_CONSTRUCT_EXTENSIONS:447:tls_construct_extensions
+SSL_F_TLS_CONSTRUCT_FINISHED:359:tls_construct_finished
+SSL_F_TLS_CONSTRUCT_HELLO_REQUEST:373:*
+SSL_F_TLS_CONSTRUCT_HELLO_RETRY_REQUEST:510:tls_construct_hello_retry_request
+SSL_F_TLS_CONSTRUCT_KEY_UPDATE:517:tls_construct_key_update
+SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET:428:tls_construct_new_session_ticket
+SSL_F_TLS_CONSTRUCT_NEXT_PROTO:426:tls_construct_next_proto
+SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE:490:tls_construct_server_certificate
+SSL_F_TLS_CONSTRUCT_SERVER_HELLO:491:tls_construct_server_hello
+SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE:492:tls_construct_server_key_exchange
+SSL_F_TLS_CONSTRUCT_STOC_ALPN:451:tls_construct_stoc_alpn
+SSL_F_TLS_CONSTRUCT_STOC_CERTIFICATE:374:*
+SSL_F_TLS_CONSTRUCT_STOC_COOKIE:613:tls_construct_stoc_cookie
+SSL_F_TLS_CONSTRUCT_STOC_CRYPTOPRO_BUG:452:tls_construct_stoc_cryptopro_bug
+SSL_F_TLS_CONSTRUCT_STOC_DONE:375:*
+SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA:531:tls_construct_stoc_early_data
+SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA_INFO:525:*
+SSL_F_TLS_CONSTRUCT_STOC_EC_PT_FORMATS:453:tls_construct_stoc_ec_pt_formats
+SSL_F_TLS_CONSTRUCT_STOC_EMS:454:tls_construct_stoc_ems
+SSL_F_TLS_CONSTRUCT_STOC_ETM:455:tls_construct_stoc_etm
+SSL_F_TLS_CONSTRUCT_STOC_HELLO:376:*
+SSL_F_TLS_CONSTRUCT_STOC_KEY_EXCHANGE:377:*
+SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE:456:tls_construct_stoc_key_share
+SSL_F_TLS_CONSTRUCT_STOC_MAXFRAGMENTLEN:548:tls_construct_stoc_maxfragmentlen
+SSL_F_TLS_CONSTRUCT_STOC_NEXT_PROTO_NEG:457:tls_construct_stoc_next_proto_neg
+SSL_F_TLS_CONSTRUCT_STOC_PSK:504:tls_construct_stoc_psk
+SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE:458:tls_construct_stoc_renegotiate
+SSL_F_TLS_CONSTRUCT_STOC_SERVER_NAME:459:tls_construct_stoc_server_name
+SSL_F_TLS_CONSTRUCT_STOC_SESSION_TICKET:460:tls_construct_stoc_session_ticket
+SSL_F_TLS_CONSTRUCT_STOC_STATUS_REQUEST:461:tls_construct_stoc_status_request
+SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS:544:\
+ tls_construct_stoc_supported_groups
+SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS:611:\
+ tls_construct_stoc_supported_versions
+SSL_F_TLS_CONSTRUCT_STOC_USE_SRTP:462:tls_construct_stoc_use_srtp
+SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO:521:\
+ tls_early_post_process_client_hello
+SSL_F_TLS_FINISH_HANDSHAKE:597:tls_finish_handshake
+SSL_F_TLS_GET_MESSAGE_BODY:351:tls_get_message_body
+SSL_F_TLS_GET_MESSAGE_HEADER:387:tls_get_message_header
+SSL_F_TLS_HANDLE_ALPN:562:tls_handle_alpn
+SSL_F_TLS_HANDLE_STATUS_REQUEST:563:tls_handle_status_request
+SSL_F_TLS_PARSE_CERTIFICATE_AUTHORITIES:566:tls_parse_certificate_authorities
+SSL_F_TLS_PARSE_CLIENTHELLO_TLSEXT:449:*
+SSL_F_TLS_PARSE_CTOS_ALPN:567:tls_parse_ctos_alpn
+SSL_F_TLS_PARSE_CTOS_COOKIE:614:tls_parse_ctos_cookie
+SSL_F_TLS_PARSE_CTOS_EARLY_DATA:568:tls_parse_ctos_early_data
+SSL_F_TLS_PARSE_CTOS_EC_PT_FORMATS:569:tls_parse_ctos_ec_pt_formats
+SSL_F_TLS_PARSE_CTOS_EMS:570:tls_parse_ctos_ems
+SSL_F_TLS_PARSE_CTOS_KEY_SHARE:463:tls_parse_ctos_key_share
+SSL_F_TLS_PARSE_CTOS_MAXFRAGMENTLEN:571:tls_parse_ctos_maxfragmentlen
+SSL_F_TLS_PARSE_CTOS_POST_HANDSHAKE_AUTH:620:tls_parse_ctos_post_handshake_auth
+SSL_F_TLS_PARSE_CTOS_PSK:505:tls_parse_ctos_psk
+SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES:572:tls_parse_ctos_psk_kex_modes
+SSL_F_TLS_PARSE_CTOS_RENEGOTIATE:464:tls_parse_ctos_renegotiate
+SSL_F_TLS_PARSE_CTOS_SERVER_NAME:573:tls_parse_ctos_server_name
+SSL_F_TLS_PARSE_CTOS_SESSION_TICKET:574:tls_parse_ctos_session_ticket
+SSL_F_TLS_PARSE_CTOS_SIG_ALGS:575:tls_parse_ctos_sig_algs
+SSL_F_TLS_PARSE_CTOS_SIG_ALGS_CERT:615:tls_parse_ctos_sig_algs_cert
+SSL_F_TLS_PARSE_CTOS_SRP:576:tls_parse_ctos_srp
+SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST:577:tls_parse_ctos_status_request
+SSL_F_TLS_PARSE_CTOS_SUPPORTED_GROUPS:578:tls_parse_ctos_supported_groups
+SSL_F_TLS_PARSE_CTOS_USE_SRTP:465:tls_parse_ctos_use_srtp
+SSL_F_TLS_PARSE_STOC_ALPN:579:tls_parse_stoc_alpn
+SSL_F_TLS_PARSE_STOC_COOKIE:534:tls_parse_stoc_cookie
+SSL_F_TLS_PARSE_STOC_EARLY_DATA:538:tls_parse_stoc_early_data
+SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO:528:*
+SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS:580:tls_parse_stoc_ec_pt_formats
+SSL_F_TLS_PARSE_STOC_KEY_SHARE:445:tls_parse_stoc_key_share
+SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN:581:tls_parse_stoc_maxfragmentlen
+SSL_F_TLS_PARSE_STOC_NPN:582:tls_parse_stoc_npn
+SSL_F_TLS_PARSE_STOC_PSK:502:tls_parse_stoc_psk
+SSL_F_TLS_PARSE_STOC_RENEGOTIATE:448:tls_parse_stoc_renegotiate
+SSL_F_TLS_PARSE_STOC_SCT:564:tls_parse_stoc_sct
+SSL_F_TLS_PARSE_STOC_SERVER_NAME:583:tls_parse_stoc_server_name
+SSL_F_TLS_PARSE_STOC_SESSION_TICKET:584:tls_parse_stoc_session_ticket
+SSL_F_TLS_PARSE_STOC_STATUS_REQUEST:585:tls_parse_stoc_status_request
+SSL_F_TLS_PARSE_STOC_SUPPORTED_VERSIONS:612:tls_parse_stoc_supported_versions
+SSL_F_TLS_PARSE_STOC_USE_SRTP:446:tls_parse_stoc_use_srtp
+SSL_F_TLS_POST_PROCESS_CLIENT_HELLO:378:tls_post_process_client_hello
+SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE:384:\
+ tls_post_process_client_key_exchange
+SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE:360:tls_prepare_client_certificate
+SSL_F_TLS_PROCESS_AS_HELLO_RETRY_REQUEST:610:tls_process_as_hello_retry_request
+SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST:361:tls_process_certificate_request
+SSL_F_TLS_PROCESS_CERT_STATUS:362:*
+SSL_F_TLS_PROCESS_CERT_STATUS_BODY:495:tls_process_cert_status_body
+SSL_F_TLS_PROCESS_CERT_VERIFY:379:tls_process_cert_verify
+SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC:363:tls_process_change_cipher_spec
+SSL_F_TLS_PROCESS_CKE_DHE:411:tls_process_cke_dhe
+SSL_F_TLS_PROCESS_CKE_ECDHE:412:tls_process_cke_ecdhe
+SSL_F_TLS_PROCESS_CKE_GOST:413:tls_process_cke_gost
+SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE:414:tls_process_cke_psk_preamble
+SSL_F_TLS_PROCESS_CKE_RSA:415:tls_process_cke_rsa
+SSL_F_TLS_PROCESS_CKE_SRP:416:tls_process_cke_srp
+SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE:380:tls_process_client_certificate
+SSL_F_TLS_PROCESS_CLIENT_HELLO:381:tls_process_client_hello
+SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE:382:tls_process_client_key_exchange
+SSL_F_TLS_PROCESS_ENCRYPTED_EXTENSIONS:444:tls_process_encrypted_extensions
+SSL_F_TLS_PROCESS_END_OF_EARLY_DATA:537:tls_process_end_of_early_data
+SSL_F_TLS_PROCESS_FINISHED:364:tls_process_finished
+SSL_F_TLS_PROCESS_HELLO_REQ:507:tls_process_hello_req
+SSL_F_TLS_PROCESS_HELLO_RETRY_REQUEST:511:tls_process_hello_retry_request
+SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT:442:tls_process_initial_server_flight
+SSL_F_TLS_PROCESS_KEY_EXCHANGE:365:tls_process_key_exchange
+SSL_F_TLS_PROCESS_KEY_UPDATE:518:tls_process_key_update
+SSL_F_TLS_PROCESS_NEW_SESSION_TICKET:366:tls_process_new_session_ticket
+SSL_F_TLS_PROCESS_NEXT_PROTO:383:tls_process_next_proto
+SSL_F_TLS_PROCESS_SERVER_CERTIFICATE:367:tls_process_server_certificate
+SSL_F_TLS_PROCESS_SERVER_DONE:368:tls_process_server_done
+SSL_F_TLS_PROCESS_SERVER_HELLO:369:tls_process_server_hello
+SSL_F_TLS_PROCESS_SKE_DHE:419:tls_process_ske_dhe
+SSL_F_TLS_PROCESS_SKE_ECDHE:420:tls_process_ske_ecdhe
+SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE:421:tls_process_ske_psk_preamble
+SSL_F_TLS_PROCESS_SKE_SRP:422:tls_process_ske_srp
+SSL_F_TLS_PSK_DO_BINDER:506:tls_psk_do_binder
+SSL_F_TLS_SCAN_CLIENTHELLO_TLSEXT:450:*
+SSL_F_TLS_SETUP_HANDSHAKE:508:tls_setup_handshake
+SSL_F_USE_CERTIFICATE_CHAIN_FILE:220:use_certificate_chain_file
+SSL_F_WPACKET_INTERN_INIT_LEN:633:wpacket_intern_init_len
+SSL_F_WPACKET_START_SUB_PACKET_LEN__:634:WPACKET_start_sub_packet_len__
+SSL_F_WRITE_STATE_MACHINE:586:write_state_machine
+TS_F_DEF_SERIAL_CB:110:def_serial_cb
+TS_F_DEF_TIME_CB:111:def_time_cb
+TS_F_ESS_ADD_SIGNING_CERT:112:ess_add_signing_cert
+TS_F_ESS_ADD_SIGNING_CERT_V2:147:ess_add_signing_cert_v2
+TS_F_ESS_CERT_ID_NEW_INIT:113:ess_CERT_ID_new_init
+TS_F_ESS_CERT_ID_V2_NEW_INIT:156:ess_cert_id_v2_new_init
+TS_F_ESS_SIGNING_CERT_NEW_INIT:114:ess_SIGNING_CERT_new_init
+TS_F_ESS_SIGNING_CERT_V2_NEW_INIT:157:ess_signing_cert_v2_new_init
+TS_F_INT_TS_RESP_VERIFY_TOKEN:149:int_ts_RESP_verify_token
+TS_F_PKCS7_TO_TS_TST_INFO:148:PKCS7_to_TS_TST_INFO
+TS_F_TS_ACCURACY_SET_MICROS:115:TS_ACCURACY_set_micros
+TS_F_TS_ACCURACY_SET_MILLIS:116:TS_ACCURACY_set_millis
+TS_F_TS_ACCURACY_SET_SECONDS:117:TS_ACCURACY_set_seconds
+TS_F_TS_CHECK_IMPRINTS:100:ts_check_imprints
+TS_F_TS_CHECK_NONCES:101:ts_check_nonces
+TS_F_TS_CHECK_POLICY:102:ts_check_policy
+TS_F_TS_CHECK_SIGNING_CERTS:103:ts_check_signing_certs
+TS_F_TS_CHECK_STATUS_INFO:104:ts_check_status_info
+TS_F_TS_COMPUTE_IMPRINT:145:ts_compute_imprint
+TS_F_TS_CONF_INVALID:151:ts_CONF_invalid
+TS_F_TS_CONF_LOAD_CERT:153:TS_CONF_load_cert
+TS_F_TS_CONF_LOAD_CERTS:154:TS_CONF_load_certs
+TS_F_TS_CONF_LOAD_KEY:155:TS_CONF_load_key
+TS_F_TS_CONF_LOOKUP_FAIL:152:ts_CONF_lookup_fail
+TS_F_TS_CONF_SET_DEFAULT_ENGINE:146:TS_CONF_set_default_engine
+TS_F_TS_GET_STATUS_TEXT:105:ts_get_status_text
+TS_F_TS_MSG_IMPRINT_SET_ALGO:118:TS_MSG_IMPRINT_set_algo
+TS_F_TS_REQ_SET_MSG_IMPRINT:119:TS_REQ_set_msg_imprint
+TS_F_TS_REQ_SET_NONCE:120:TS_REQ_set_nonce
+TS_F_TS_REQ_SET_POLICY_ID:121:TS_REQ_set_policy_id
+TS_F_TS_RESP_CREATE_RESPONSE:122:TS_RESP_create_response
+TS_F_TS_RESP_CREATE_TST_INFO:123:ts_RESP_create_tst_info
+TS_F_TS_RESP_CTX_ADD_FAILURE_INFO:124:TS_RESP_CTX_add_failure_info
+TS_F_TS_RESP_CTX_ADD_MD:125:TS_RESP_CTX_add_md
+TS_F_TS_RESP_CTX_ADD_POLICY:126:TS_RESP_CTX_add_policy
+TS_F_TS_RESP_CTX_NEW:127:TS_RESP_CTX_new
+TS_F_TS_RESP_CTX_SET_ACCURACY:128:TS_RESP_CTX_set_accuracy
+TS_F_TS_RESP_CTX_SET_CERTS:129:TS_RESP_CTX_set_certs
+TS_F_TS_RESP_CTX_SET_DEF_POLICY:130:TS_RESP_CTX_set_def_policy
+TS_F_TS_RESP_CTX_SET_SIGNER_CERT:131:TS_RESP_CTX_set_signer_cert
+TS_F_TS_RESP_CTX_SET_STATUS_INFO:132:TS_RESP_CTX_set_status_info
+TS_F_TS_RESP_GET_POLICY:133:ts_RESP_get_policy
+TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION:134:TS_RESP_set_genTime_with_precision
+TS_F_TS_RESP_SET_STATUS_INFO:135:TS_RESP_set_status_info
+TS_F_TS_RESP_SET_TST_INFO:150:TS_RESP_set_tst_info
+TS_F_TS_RESP_SIGN:136:ts_RESP_sign
+TS_F_TS_RESP_VERIFY_SIGNATURE:106:TS_RESP_verify_signature
+TS_F_TS_TST_INFO_SET_ACCURACY:137:TS_TST_INFO_set_accuracy
+TS_F_TS_TST_INFO_SET_MSG_IMPRINT:138:TS_TST_INFO_set_msg_imprint
+TS_F_TS_TST_INFO_SET_NONCE:139:TS_TST_INFO_set_nonce
+TS_F_TS_TST_INFO_SET_POLICY_ID:140:TS_TST_INFO_set_policy_id
+TS_F_TS_TST_INFO_SET_SERIAL:141:TS_TST_INFO_set_serial
+TS_F_TS_TST_INFO_SET_TIME:142:TS_TST_INFO_set_time
+TS_F_TS_TST_INFO_SET_TSA:143:TS_TST_INFO_set_tsa
+TS_F_TS_VERIFY:108:*
+TS_F_TS_VERIFY_CERT:109:ts_verify_cert
+TS_F_TS_VERIFY_CTX_NEW:144:TS_VERIFY_CTX_new
+UI_F_CLOSE_CONSOLE:115:close_console
+UI_F_ECHO_CONSOLE:116:echo_console
+UI_F_GENERAL_ALLOCATE_BOOLEAN:108:general_allocate_boolean
+UI_F_GENERAL_ALLOCATE_PROMPT:109:general_allocate_prompt
+UI_F_NOECHO_CONSOLE:117:noecho_console
+UI_F_OPEN_CONSOLE:114:open_console
+UI_F_UI_CONSTRUCT_PROMPT:121:UI_construct_prompt
+UI_F_UI_CREATE_METHOD:112:UI_create_method
+UI_F_UI_CTRL:111:UI_ctrl
+UI_F_UI_DUP_ERROR_STRING:101:UI_dup_error_string
+UI_F_UI_DUP_INFO_STRING:102:UI_dup_info_string
+UI_F_UI_DUP_INPUT_BOOLEAN:110:UI_dup_input_boolean
+UI_F_UI_DUP_INPUT_STRING:103:UI_dup_input_string
+UI_F_UI_DUP_USER_DATA:118:UI_dup_user_data
+UI_F_UI_DUP_VERIFY_STRING:106:UI_dup_verify_string
+UI_F_UI_GET0_RESULT:107:UI_get0_result
+UI_F_UI_GET_RESULT_LENGTH:119:UI_get_result_length
+UI_F_UI_NEW_METHOD:104:UI_new_method
+UI_F_UI_PROCESS:113:UI_process
+UI_F_UI_SET_RESULT:105:UI_set_result
+UI_F_UI_SET_RESULT_EX:120:UI_set_result_ex
+X509V3_F_A2I_GENERAL_NAME:164:a2i_GENERAL_NAME
+X509V3_F_ADDR_VALIDATE_PATH_INTERNAL:166:addr_validate_path_internal
+X509V3_F_ASIDENTIFIERCHOICE_CANONIZE:161:ASIdentifierChoice_canonize
+X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL:162:ASIdentifierChoice_is_canonical
+X509V3_F_BIGNUM_TO_STRING:167:bignum_to_string
+X509V3_F_COPY_EMAIL:122:copy_email
+X509V3_F_COPY_ISSUER:123:copy_issuer
+X509V3_F_DO_DIRNAME:144:do_dirname
+X509V3_F_DO_EXT_I2D:135:do_ext_i2d
+X509V3_F_DO_EXT_NCONF:151:do_ext_nconf
+X509V3_F_GNAMES_FROM_SECTNAME:156:gnames_from_sectname
+X509V3_F_I2S_ASN1_ENUMERATED:121:i2s_ASN1_ENUMERATED
+X509V3_F_I2S_ASN1_IA5STRING:149:i2s_ASN1_IA5STRING
+X509V3_F_I2S_ASN1_INTEGER:120:i2s_ASN1_INTEGER
+X509V3_F_I2V_AUTHORITY_INFO_ACCESS:138:i2v_AUTHORITY_INFO_ACCESS
+X509V3_F_I2V_AUTHORITY_KEYID:173:i2v_AUTHORITY_KEYID
+X509V3_F_LEVEL_ADD_NODE:168:level_add_node
+X509V3_F_NOTICE_SECTION:132:notice_section
+X509V3_F_NREF_NOS:133:nref_nos
+X509V3_F_POLICY_CACHE_CREATE:169:policy_cache_create
+X509V3_F_POLICY_CACHE_NEW:170:policy_cache_new
+X509V3_F_POLICY_DATA_NEW:171:policy_data_new
+X509V3_F_POLICY_SECTION:131:policy_section
+X509V3_F_PROCESS_PCI_VALUE:150:process_pci_value
+X509V3_F_R2I_CERTPOL:130:r2i_certpol
+X509V3_F_R2I_PCI:155:r2i_pci
+X509V3_F_S2I_ASN1_IA5STRING:100:s2i_ASN1_IA5STRING
+X509V3_F_S2I_ASN1_INTEGER:108:s2i_ASN1_INTEGER
+X509V3_F_S2I_ASN1_OCTET_STRING:112:s2i_ASN1_OCTET_STRING
+X509V3_F_S2I_SKEY_ID:115:s2i_skey_id
+X509V3_F_SET_DIST_POINT_NAME:158:set_dist_point_name
+X509V3_F_SXNET_ADD_ID_ASC:125:SXNET_add_id_asc
+X509V3_F_SXNET_ADD_ID_INTEGER:126:SXNET_add_id_INTEGER
+X509V3_F_SXNET_ADD_ID_ULONG:127:SXNET_add_id_ulong
+X509V3_F_SXNET_GET_ID_ASC:128:SXNET_get_id_asc
+X509V3_F_SXNET_GET_ID_ULONG:129:SXNET_get_id_ulong
+X509V3_F_TREE_INIT:172:tree_init
+X509V3_F_V2I_ASIDENTIFIERS:163:v2i_ASIdentifiers
+X509V3_F_V2I_ASN1_BIT_STRING:101:v2i_ASN1_BIT_STRING
+X509V3_F_V2I_AUTHORITY_INFO_ACCESS:139:v2i_AUTHORITY_INFO_ACCESS
+X509V3_F_V2I_AUTHORITY_KEYID:119:v2i_AUTHORITY_KEYID
+X509V3_F_V2I_BASIC_CONSTRAINTS:102:v2i_BASIC_CONSTRAINTS
+X509V3_F_V2I_CRLD:134:v2i_crld
+X509V3_F_V2I_EXTENDED_KEY_USAGE:103:v2i_EXTENDED_KEY_USAGE
+X509V3_F_V2I_GENERAL_NAMES:118:v2i_GENERAL_NAMES
+X509V3_F_V2I_GENERAL_NAME_EX:117:v2i_GENERAL_NAME_ex
+X509V3_F_V2I_IDP:157:v2i_idp
+X509V3_F_V2I_IPADDRBLOCKS:159:v2i_IPAddrBlocks
+X509V3_F_V2I_ISSUER_ALT:153:v2i_issuer_alt
+X509V3_F_V2I_NAME_CONSTRAINTS:147:v2i_NAME_CONSTRAINTS
+X509V3_F_V2I_POLICY_CONSTRAINTS:146:v2i_POLICY_CONSTRAINTS
+X509V3_F_V2I_POLICY_MAPPINGS:145:v2i_POLICY_MAPPINGS
+X509V3_F_V2I_SUBJECT_ALT:154:v2i_subject_alt
+X509V3_F_V2I_TLS_FEATURE:165:v2i_TLS_FEATURE
+X509V3_F_V3_GENERIC_EXTENSION:116:v3_generic_extension
+X509V3_F_X509V3_ADD1_I2D:140:X509V3_add1_i2d
+X509V3_F_X509V3_ADD_LEN_VALUE:174:x509v3_add_len_value
+X509V3_F_X509V3_ADD_VALUE:105:X509V3_add_value
+X509V3_F_X509V3_EXT_ADD:104:X509V3_EXT_add
+X509V3_F_X509V3_EXT_ADD_ALIAS:106:X509V3_EXT_add_alias
+X509V3_F_X509V3_EXT_I2D:136:X509V3_EXT_i2d
+X509V3_F_X509V3_EXT_NCONF:152:X509V3_EXT_nconf
+X509V3_F_X509V3_GET_SECTION:142:X509V3_get_section
+X509V3_F_X509V3_GET_STRING:143:X509V3_get_string
+X509V3_F_X509V3_GET_VALUE_BOOL:110:X509V3_get_value_bool
+X509V3_F_X509V3_PARSE_LIST:109:X509V3_parse_list
+X509V3_F_X509_PURPOSE_ADD:137:X509_PURPOSE_add
+X509V3_F_X509_PURPOSE_SET:141:X509_PURPOSE_set
+X509_F_ADD_CERT_DIR:100:add_cert_dir
+X509_F_BUILD_CHAIN:106:build_chain
+X509_F_BY_FILE_CTRL:101:by_file_ctrl
+X509_F_CHECK_NAME_CONSTRAINTS:149:check_name_constraints
+X509_F_CHECK_POLICY:145:check_policy
+X509_F_DANE_I2D:107:dane_i2d
+X509_F_DIR_CTRL:102:dir_ctrl
+X509_F_GET_CERT_BY_SUBJECT:103:get_cert_by_subject
+X509_F_I2D_X509_AUX:151:i2d_X509_AUX
+X509_F_LOOKUP_CERTS_SK:152:lookup_certs_sk
+X509_F_NETSCAPE_SPKI_B64_DECODE:129:NETSCAPE_SPKI_b64_decode
+X509_F_NETSCAPE_SPKI_B64_ENCODE:130:NETSCAPE_SPKI_b64_encode
+X509_F_NEW_DIR:153:new_dir
+X509_F_X509AT_ADD1_ATTR:135:X509at_add1_attr
+X509_F_X509V3_ADD_EXT:104:X509v3_add_ext
+X509_F_X509_ATTRIBUTE_CREATE_BY_NID:136:X509_ATTRIBUTE_create_by_NID
+X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ:137:X509_ATTRIBUTE_create_by_OBJ
+X509_F_X509_ATTRIBUTE_CREATE_BY_TXT:140:X509_ATTRIBUTE_create_by_txt
+X509_F_X509_ATTRIBUTE_GET0_DATA:139:X509_ATTRIBUTE_get0_data
+X509_F_X509_ATTRIBUTE_SET1_DATA:138:X509_ATTRIBUTE_set1_data
+X509_F_X509_CHECK_PRIVATE_KEY:128:X509_check_private_key
+X509_F_X509_CRL_DIFF:105:X509_CRL_diff
+X509_F_X509_CRL_METHOD_NEW:154:X509_CRL_METHOD_new
+X509_F_X509_CRL_PRINT_FP:147:X509_CRL_print_fp
+X509_F_X509_EXTENSION_CREATE_BY_NID:108:X509_EXTENSION_create_by_NID
+X509_F_X509_EXTENSION_CREATE_BY_OBJ:109:X509_EXTENSION_create_by_OBJ
+X509_F_X509_GET_PUBKEY_PARAMETERS:110:X509_get_pubkey_parameters
+X509_F_X509_LOAD_CERT_CRL_FILE:132:X509_load_cert_crl_file
+X509_F_X509_LOAD_CERT_FILE:111:X509_load_cert_file
+X509_F_X509_LOAD_CRL_FILE:112:X509_load_crl_file
+X509_F_X509_LOOKUP_METH_NEW:160:X509_LOOKUP_meth_new
+X509_F_X509_LOOKUP_NEW:155:X509_LOOKUP_new
+X509_F_X509_NAME_ADD_ENTRY:113:X509_NAME_add_entry
+X509_F_X509_NAME_CANON:156:x509_name_canon
+X509_F_X509_NAME_ENTRY_CREATE_BY_NID:114:X509_NAME_ENTRY_create_by_NID
+X509_F_X509_NAME_ENTRY_CREATE_BY_TXT:131:X509_NAME_ENTRY_create_by_txt
+X509_F_X509_NAME_ENTRY_SET_OBJECT:115:X509_NAME_ENTRY_set_object
+X509_F_X509_NAME_ONELINE:116:X509_NAME_oneline
+X509_F_X509_NAME_PRINT:117:X509_NAME_print
+X509_F_X509_OBJECT_NEW:150:X509_OBJECT_new
+X509_F_X509_PRINT_EX_FP:118:X509_print_ex_fp
+X509_F_X509_PUBKEY_DECODE:148:x509_pubkey_decode
+X509_F_X509_PUBKEY_GET:161:X509_PUBKEY_get
+X509_F_X509_PUBKEY_GET0:119:X509_PUBKEY_get0
+X509_F_X509_PUBKEY_SET:120:X509_PUBKEY_set
+X509_F_X509_REQ_CHECK_PRIVATE_KEY:144:X509_REQ_check_private_key
+X509_F_X509_REQ_PRINT_EX:121:X509_REQ_print_ex
+X509_F_X509_REQ_PRINT_FP:122:X509_REQ_print_fp
+X509_F_X509_REQ_TO_X509:123:X509_REQ_to_X509
+X509_F_X509_STORE_ADD_CERT:124:X509_STORE_add_cert
+X509_F_X509_STORE_ADD_CRL:125:X509_STORE_add_crl
+X509_F_X509_STORE_ADD_LOOKUP:157:X509_STORE_add_lookup
+X509_F_X509_STORE_CTX_GET1_ISSUER:146:X509_STORE_CTX_get1_issuer
+X509_F_X509_STORE_CTX_INIT:143:X509_STORE_CTX_init
+X509_F_X509_STORE_CTX_NEW:142:X509_STORE_CTX_new
+X509_F_X509_STORE_CTX_PURPOSE_INHERIT:134:X509_STORE_CTX_purpose_inherit
+X509_F_X509_STORE_NEW:158:X509_STORE_new
+X509_F_X509_TO_X509_REQ:126:X509_to_X509_REQ
+X509_F_X509_TRUST_ADD:133:X509_TRUST_add
+X509_F_X509_TRUST_SET:141:X509_TRUST_set
+X509_F_X509_VERIFY_CERT:127:X509_verify_cert
+X509_F_X509_VERIFY_PARAM_NEW:159:X509_VERIFY_PARAM_new
+
+#Reason codes
+ASN1_R_ADDING_OBJECT:171:adding object
+ASN1_R_ASN1_PARSE_ERROR:203:asn1 parse error
+ASN1_R_ASN1_SIG_PARSE_ERROR:204:asn1 sig parse error
+ASN1_R_AUX_ERROR:100:aux error
+ASN1_R_BAD_OBJECT_HEADER:102:bad object header
+ASN1_R_BAD_TEMPLATE:230:bad template
+ASN1_R_BMPSTRING_IS_WRONG_LENGTH:214:bmpstring is wrong length
+ASN1_R_BN_LIB:105:bn lib
+ASN1_R_BOOLEAN_IS_WRONG_LENGTH:106:boolean is wrong length
+ASN1_R_BUFFER_TOO_SMALL:107:buffer too small
+ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER:108:cipher has no object identifier
+ASN1_R_CONTEXT_NOT_INITIALISED:217:context not initialised
+ASN1_R_DATA_IS_WRONG:109:data is wrong
+ASN1_R_DECODE_ERROR:110:decode error
+ASN1_R_DEPTH_EXCEEDED:174:depth exceeded
+ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED:198:digest and key type not supported
+ASN1_R_ENCODE_ERROR:112:encode error
+ASN1_R_ERROR_GETTING_TIME:173:error getting time
+ASN1_R_ERROR_LOADING_SECTION:172:error loading section
+ASN1_R_ERROR_SETTING_CIPHER_PARAMS:114:error setting cipher params
+ASN1_R_EXPECTING_AN_INTEGER:115:expecting an integer
+ASN1_R_EXPECTING_AN_OBJECT:116:expecting an object
+ASN1_R_EXPLICIT_LENGTH_MISMATCH:119:explicit length mismatch
+ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED:120:explicit tag not constructed
+ASN1_R_FIELD_MISSING:121:field missing
+ASN1_R_FIRST_NUM_TOO_LARGE:122:first num too large
+ASN1_R_HEADER_TOO_LONG:123:header too long
+ASN1_R_ILLEGAL_BITSTRING_FORMAT:175:illegal bitstring format
+ASN1_R_ILLEGAL_BOOLEAN:176:illegal boolean
+ASN1_R_ILLEGAL_CHARACTERS:124:illegal characters
+ASN1_R_ILLEGAL_FORMAT:177:illegal format
+ASN1_R_ILLEGAL_HEX:178:illegal hex
+ASN1_R_ILLEGAL_IMPLICIT_TAG:179:illegal implicit tag
+ASN1_R_ILLEGAL_INTEGER:180:illegal integer
+ASN1_R_ILLEGAL_NEGATIVE_VALUE:226:illegal negative value
+ASN1_R_ILLEGAL_NESTED_TAGGING:181:illegal nested tagging
+ASN1_R_ILLEGAL_NULL:125:illegal null
+ASN1_R_ILLEGAL_NULL_VALUE:182:illegal null value
+ASN1_R_ILLEGAL_OBJECT:183:illegal object
+ASN1_R_ILLEGAL_OPTIONAL_ANY:126:illegal optional any
+ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE:170:illegal options on item template
+ASN1_R_ILLEGAL_PADDING:221:illegal padding
+ASN1_R_ILLEGAL_TAGGED_ANY:127:illegal tagged any
+ASN1_R_ILLEGAL_TIME_VALUE:184:illegal time value
+ASN1_R_ILLEGAL_ZERO_CONTENT:222:illegal zero content
+ASN1_R_INTEGER_NOT_ASCII_FORMAT:185:integer not ascii format
+ASN1_R_INTEGER_TOO_LARGE_FOR_LONG:128:integer too large for long
+ASN1_R_INVALID_BIT_STRING_BITS_LEFT:220:invalid bit string bits left
+ASN1_R_INVALID_BMPSTRING_LENGTH:129:invalid bmpstring length
+ASN1_R_INVALID_DIGIT:130:invalid digit
+ASN1_R_INVALID_MIME_TYPE:205:invalid mime type
+ASN1_R_INVALID_MODIFIER:186:invalid modifier
+ASN1_R_INVALID_NUMBER:187:invalid number
+ASN1_R_INVALID_OBJECT_ENCODING:216:invalid object encoding
+ASN1_R_INVALID_SCRYPT_PARAMETERS:227:invalid scrypt parameters
+ASN1_R_INVALID_SEPARATOR:131:invalid separator
+ASN1_R_INVALID_STRING_TABLE_VALUE:218:invalid string table value
+ASN1_R_INVALID_UNIVERSALSTRING_LENGTH:133:invalid universalstring length
+ASN1_R_INVALID_UTF8STRING:134:invalid utf8string
+ASN1_R_INVALID_VALUE:219:invalid value
+ASN1_R_LIST_ERROR:188:list error
+ASN1_R_MIME_NO_CONTENT_TYPE:206:mime no content type
+ASN1_R_MIME_PARSE_ERROR:207:mime parse error
+ASN1_R_MIME_SIG_PARSE_ERROR:208:mime sig parse error
+ASN1_R_MISSING_EOC:137:missing eoc
+ASN1_R_MISSING_SECOND_NUMBER:138:missing second number
+ASN1_R_MISSING_VALUE:189:missing value
+ASN1_R_MSTRING_NOT_UNIVERSAL:139:mstring not universal
+ASN1_R_MSTRING_WRONG_TAG:140:mstring wrong tag
+ASN1_R_NESTED_ASN1_STRING:197:nested asn1 string
+ASN1_R_NESTED_TOO_DEEP:201:nested too deep
+ASN1_R_NON_HEX_CHARACTERS:141:non hex characters
+ASN1_R_NOT_ASCII_FORMAT:190:not ascii format
+ASN1_R_NOT_ENOUGH_DATA:142:not enough data
+ASN1_R_NO_CONTENT_TYPE:209:no content type
+ASN1_R_NO_MATCHING_CHOICE_TYPE:143:no matching choice type
+ASN1_R_NO_MULTIPART_BODY_FAILURE:210:no multipart body failure
+ASN1_R_NO_MULTIPART_BOUNDARY:211:no multipart boundary
+ASN1_R_NO_SIG_CONTENT_TYPE:212:no sig content type
+ASN1_R_NULL_IS_WRONG_LENGTH:144:null is wrong length
+ASN1_R_OBJECT_NOT_ASCII_FORMAT:191:object not ascii format
+ASN1_R_ODD_NUMBER_OF_CHARS:145:odd number of chars
+ASN1_R_SECOND_NUMBER_TOO_LARGE:147:second number too large
+ASN1_R_SEQUENCE_LENGTH_MISMATCH:148:sequence length mismatch
+ASN1_R_SEQUENCE_NOT_CONSTRUCTED:149:sequence not constructed
+ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG:192:sequence or set needs config
+ASN1_R_SHORT_LINE:150:short line
+ASN1_R_SIG_INVALID_MIME_TYPE:213:sig invalid mime type
+ASN1_R_STREAMING_NOT_SUPPORTED:202:streaming not supported
+ASN1_R_STRING_TOO_LONG:151:string too long
+ASN1_R_STRING_TOO_SHORT:152:string too short
+ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD:154:\
+ the asn1 object identifier is not known for this md
+ASN1_R_TIME_NOT_ASCII_FORMAT:193:time not ascii format
+ASN1_R_TOO_LARGE:223:too large
+ASN1_R_TOO_LONG:155:too long
+ASN1_R_TOO_SMALL:224:too small
+ASN1_R_TYPE_NOT_CONSTRUCTED:156:type not constructed
+ASN1_R_TYPE_NOT_PRIMITIVE:195:type not primitive
+ASN1_R_UNEXPECTED_EOC:159:unexpected eoc
+ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH:215:universalstring is wrong length
+ASN1_R_UNKNOWN_FORMAT:160:unknown format
+ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM:161:unknown message digest algorithm
+ASN1_R_UNKNOWN_OBJECT_TYPE:162:unknown object type
+ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE:163:unknown public key type
+ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM:199:unknown signature algorithm
+ASN1_R_UNKNOWN_TAG:194:unknown tag
+ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE:164:unsupported any defined by type
+ASN1_R_UNSUPPORTED_CIPHER:228:unsupported cipher
+ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE:167:unsupported public key type
+ASN1_R_UNSUPPORTED_TYPE:196:unsupported type
+ASN1_R_WRONG_INTEGER_TYPE:225:wrong integer type
+ASN1_R_WRONG_PUBLIC_KEY_TYPE:200:wrong public key type
+ASN1_R_WRONG_TAG:168:wrong tag
+ASYNC_R_FAILED_TO_SET_POOL:101:failed to set pool
+ASYNC_R_FAILED_TO_SWAP_CONTEXT:102:failed to swap context
+ASYNC_R_INIT_FAILED:105:init failed
+ASYNC_R_INVALID_POOL_SIZE:103:invalid pool size
+BIO_R_ACCEPT_ERROR:100:accept error
+BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET:141:addrinfo addr is not af inet
+BIO_R_AMBIGUOUS_HOST_OR_SERVICE:129:ambiguous host or service
+BIO_R_BAD_FOPEN_MODE:101:bad fopen mode
+BIO_R_BROKEN_PIPE:124:broken pipe
+BIO_R_CONNECT_ERROR:103:connect error
+BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET:107:gethostbyname addr is not af inet
+BIO_R_GETSOCKNAME_ERROR:132:getsockname error
+BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS:133:getsockname truncated address
+BIO_R_GETTING_SOCKTYPE:134:getting socktype
+BIO_R_INVALID_ARGUMENT:125:invalid argument
+BIO_R_INVALID_SOCKET:135:invalid socket
+BIO_R_IN_USE:123:in use
+BIO_R_LENGTH_TOO_LONG:102:length too long
+BIO_R_LISTEN_V6_ONLY:136:listen v6 only
+BIO_R_LOOKUP_RETURNED_NOTHING:142:lookup returned nothing
+BIO_R_MALFORMED_HOST_OR_SERVICE:130:malformed host or service
+BIO_R_NBIO_CONNECT_ERROR:110:nbio connect error
+BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED:143:\
+ no accept addr or service specified
+BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED:144:no hostname or service specified
+BIO_R_NO_PORT_DEFINED:113:no port defined
+BIO_R_NO_SUCH_FILE:128:no such file
+BIO_R_NULL_PARAMETER:115:null parameter
+BIO_R_UNABLE_TO_BIND_SOCKET:117:unable to bind socket
+BIO_R_UNABLE_TO_CREATE_SOCKET:118:unable to create socket
+BIO_R_UNABLE_TO_KEEPALIVE:137:unable to keepalive
+BIO_R_UNABLE_TO_LISTEN_SOCKET:119:unable to listen socket
+BIO_R_UNABLE_TO_NODELAY:138:unable to nodelay
+BIO_R_UNABLE_TO_REUSEADDR:139:unable to reuseaddr
+BIO_R_UNAVAILABLE_IP_FAMILY:145:unavailable ip family
+BIO_R_UNINITIALIZED:120:uninitialized
+BIO_R_UNKNOWN_INFO_TYPE:140:unknown info type
+BIO_R_UNSUPPORTED_IP_FAMILY:146:unsupported ip family
+BIO_R_UNSUPPORTED_METHOD:121:unsupported method
+BIO_R_UNSUPPORTED_PROTOCOL_FAMILY:131:unsupported protocol family
+BIO_R_WRITE_TO_READ_ONLY_BIO:126:write to read only BIO
+BIO_R_WSASTARTUP:122:WSAStartup
+BN_R_ARG2_LT_ARG3:100:arg2 lt arg3
+BN_R_BAD_RECIPROCAL:101:bad reciprocal
+BN_R_BIGNUM_TOO_LONG:114:bignum too long
+BN_R_BITS_TOO_SMALL:118:bits too small
+BN_R_CALLED_WITH_EVEN_MODULUS:102:called with even modulus
+BN_R_DIV_BY_ZERO:103:div by zero
+BN_R_ENCODING_ERROR:104:encoding error
+BN_R_EXPAND_ON_STATIC_BIGNUM_DATA:105:expand on static bignum data
+BN_R_INPUT_NOT_REDUCED:110:input not reduced
+BN_R_INVALID_LENGTH:106:invalid length
+BN_R_INVALID_RANGE:115:invalid range
+BN_R_INVALID_SHIFT:119:invalid shift
+BN_R_NOT_A_SQUARE:111:not a square
+BN_R_NOT_INITIALIZED:107:not initialized
+BN_R_NO_INVERSE:108:no inverse
+BN_R_NO_SOLUTION:116:no solution
+BN_R_PRIVATE_KEY_TOO_LARGE:117:private key too large
+BN_R_P_IS_NOT_PRIME:112:p is not prime
+BN_R_TOO_MANY_ITERATIONS:113:too many iterations
+BN_R_TOO_MANY_TEMPORARY_VARIABLES:109:too many temporary variables
+CMS_R_ADD_SIGNER_ERROR:99:add signer error
+CMS_R_ATTRIBUTE_ERROR:161:attribute error
+CMS_R_CERTIFICATE_ALREADY_PRESENT:175:certificate already present
+CMS_R_CERTIFICATE_HAS_NO_KEYID:160:certificate has no keyid
+CMS_R_CERTIFICATE_VERIFY_ERROR:100:certificate verify error
+CMS_R_CIPHER_INITIALISATION_ERROR:101:cipher initialisation error
+CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR:102:\
+ cipher parameter initialisation error
+CMS_R_CMS_DATAFINAL_ERROR:103:cms datafinal error
+CMS_R_CMS_LIB:104:cms lib
+CMS_R_CONTENTIDENTIFIER_MISMATCH:170:contentidentifier mismatch
+CMS_R_CONTENT_NOT_FOUND:105:content not found
+CMS_R_CONTENT_TYPE_MISMATCH:171:content type mismatch
+CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA:106:content type not compressed data
+CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA:107:content type not enveloped data
+CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA:108:content type not signed data
+CMS_R_CONTENT_VERIFY_ERROR:109:content verify error
+CMS_R_CTRL_ERROR:110:ctrl error
+CMS_R_CTRL_FAILURE:111:ctrl failure
+CMS_R_DECRYPT_ERROR:112:decrypt error
+CMS_R_ERROR_GETTING_PUBLIC_KEY:113:error getting public key
+CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE:114:\
+ error reading messagedigest attribute
+CMS_R_ERROR_SETTING_KEY:115:error setting key
+CMS_R_ERROR_SETTING_RECIPIENTINFO:116:error setting recipientinfo
+CMS_R_INVALID_ENCRYPTED_KEY_LENGTH:117:invalid encrypted key length
+CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER:176:invalid key encryption parameter
+CMS_R_INVALID_KEY_LENGTH:118:invalid key length
+CMS_R_MD_BIO_INIT_ERROR:119:md bio init error
+CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH:120:\
+ messagedigest attribute wrong length
+CMS_R_MESSAGEDIGEST_WRONG_LENGTH:121:messagedigest wrong length
+CMS_R_MSGSIGDIGEST_ERROR:172:msgsigdigest error
+CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE:162:msgsigdigest verification failure
+CMS_R_MSGSIGDIGEST_WRONG_LENGTH:163:msgsigdigest wrong length
+CMS_R_NEED_ONE_SIGNER:164:need one signer
+CMS_R_NOT_A_SIGNED_RECEIPT:165:not a signed receipt
+CMS_R_NOT_ENCRYPTED_DATA:122:not encrypted data
+CMS_R_NOT_KEK:123:not kek
+CMS_R_NOT_KEY_AGREEMENT:181:not key agreement
+CMS_R_NOT_KEY_TRANSPORT:124:not key transport
+CMS_R_NOT_PWRI:177:not pwri
+CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE:125:not supported for this key type
+CMS_R_NO_CIPHER:126:no cipher
+CMS_R_NO_CONTENT:127:no content
+CMS_R_NO_CONTENT_TYPE:173:no content type
+CMS_R_NO_DEFAULT_DIGEST:128:no default digest
+CMS_R_NO_DIGEST_SET:129:no digest set
+CMS_R_NO_KEY:130:no key
+CMS_R_NO_KEY_OR_CERT:174:no key or cert
+CMS_R_NO_MATCHING_DIGEST:131:no matching digest
+CMS_R_NO_MATCHING_RECIPIENT:132:no matching recipient
+CMS_R_NO_MATCHING_SIGNATURE:166:no matching signature
+CMS_R_NO_MSGSIGDIGEST:167:no msgsigdigest
+CMS_R_NO_PASSWORD:178:no password
+CMS_R_NO_PRIVATE_KEY:133:no private key
+CMS_R_NO_PUBLIC_KEY:134:no public key
+CMS_R_NO_RECEIPT_REQUEST:168:no receipt request
+CMS_R_NO_SIGNERS:135:no signers
+CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE:136:\
+ private key does not match certificate
+CMS_R_RECEIPT_DECODE_ERROR:169:receipt decode error
+CMS_R_RECIPIENT_ERROR:137:recipient error
+CMS_R_SIGNER_CERTIFICATE_NOT_FOUND:138:signer certificate not found
+CMS_R_SIGNFINAL_ERROR:139:signfinal error
+CMS_R_SMIME_TEXT_ERROR:140:smime text error
+CMS_R_STORE_INIT_ERROR:141:store init error
+CMS_R_TYPE_NOT_COMPRESSED_DATA:142:type not compressed data
+CMS_R_TYPE_NOT_DATA:143:type not data
+CMS_R_TYPE_NOT_DIGESTED_DATA:144:type not digested data
+CMS_R_TYPE_NOT_ENCRYPTED_DATA:145:type not encrypted data
+CMS_R_TYPE_NOT_ENVELOPED_DATA:146:type not enveloped data
+CMS_R_UNABLE_TO_FINALIZE_CONTEXT:147:unable to finalize context
+CMS_R_UNKNOWN_CIPHER:148:unknown cipher
+CMS_R_UNKNOWN_DIGEST_ALGORITHM:149:unknown digest algorithm
+CMS_R_UNKNOWN_ID:150:unknown id
+CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM:151:unsupported compression algorithm
+CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM:194:\
+ unsupported content encryption algorithm
+CMS_R_UNSUPPORTED_CONTENT_TYPE:152:unsupported content type
+CMS_R_UNSUPPORTED_KEK_ALGORITHM:153:unsupported kek algorithm
+CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM:179:\
+ unsupported key encryption algorithm
+CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE:155:unsupported recipientinfo type
+CMS_R_UNSUPPORTED_RECIPIENT_TYPE:154:unsupported recipient type
+CMS_R_UNSUPPORTED_TYPE:156:unsupported type
+CMS_R_UNWRAP_ERROR:157:unwrap error
+CMS_R_UNWRAP_FAILURE:180:unwrap failure
+CMS_R_VERIFICATION_FAILURE:158:verification failure
+CMS_R_WRAP_ERROR:159:wrap error
+COMP_R_ZLIB_DEFLATE_ERROR:99:zlib deflate error
+COMP_R_ZLIB_INFLATE_ERROR:100:zlib inflate error
+COMP_R_ZLIB_NOT_SUPPORTED:101:zlib not supported
+CONF_R_ERROR_LOADING_DSO:110:error loading dso
+CONF_R_LIST_CANNOT_BE_NULL:115:list cannot be null
+CONF_R_MISSING_CLOSE_SQUARE_BRACKET:100:missing close square bracket
+CONF_R_MISSING_EQUAL_SIGN:101:missing equal sign
+CONF_R_MISSING_INIT_FUNCTION:112:missing init function
+CONF_R_MODULE_INITIALIZATION_ERROR:109:module initialization error
+CONF_R_NO_CLOSE_BRACE:102:no close brace
+CONF_R_NO_CONF:105:no conf
+CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE:106:no conf or environment variable
+CONF_R_NO_SECTION:107:no section
+CONF_R_NO_SUCH_FILE:114:no such file
+CONF_R_NO_VALUE:108:no value
+CONF_R_NUMBER_TOO_LARGE:121:number too large
+CONF_R_RECURSIVE_DIRECTORY_INCLUDE:111:recursive directory include
+CONF_R_SSL_COMMAND_SECTION_EMPTY:117:ssl command section empty
+CONF_R_SSL_COMMAND_SECTION_NOT_FOUND:118:ssl command section not found
+CONF_R_SSL_SECTION_EMPTY:119:ssl section empty
+CONF_R_SSL_SECTION_NOT_FOUND:120:ssl section not found
+CONF_R_UNABLE_TO_CREATE_NEW_SECTION:103:unable to create new section
+CONF_R_UNKNOWN_MODULE_NAME:113:unknown module name
+CONF_R_VARIABLE_EXPANSION_TOO_LONG:116:variable expansion too long
+CONF_R_VARIABLE_HAS_NO_VALUE:104:variable has no value
+CRYPTO_R_FIPS_MODE_NOT_SUPPORTED:101:fips mode not supported
+CRYPTO_R_ILLEGAL_HEX_DIGIT:102:illegal hex digit
+CRYPTO_R_ODD_NUMBER_OF_DIGITS:103:odd number of digits
+CT_R_BASE64_DECODE_ERROR:108:base64 decode error
+CT_R_INVALID_LOG_ID_LENGTH:100:invalid log id length
+CT_R_LOG_CONF_INVALID:109:log conf invalid
+CT_R_LOG_CONF_INVALID_KEY:110:log conf invalid key
+CT_R_LOG_CONF_MISSING_DESCRIPTION:111:log conf missing description
+CT_R_LOG_CONF_MISSING_KEY:112:log conf missing key
+CT_R_LOG_KEY_INVALID:113:log key invalid
+CT_R_SCT_FUTURE_TIMESTAMP:116:sct future timestamp
+CT_R_SCT_INVALID:104:sct invalid
+CT_R_SCT_INVALID_SIGNATURE:107:sct invalid signature
+CT_R_SCT_LIST_INVALID:105:sct list invalid
+CT_R_SCT_LOG_ID_MISMATCH:114:sct log id mismatch
+CT_R_SCT_NOT_SET:106:sct not set
+CT_R_SCT_UNSUPPORTED_VERSION:115:sct unsupported version
+CT_R_UNRECOGNIZED_SIGNATURE_NID:101:unrecognized signature nid
+CT_R_UNSUPPORTED_ENTRY_TYPE:102:unsupported entry type
+CT_R_UNSUPPORTED_VERSION:103:unsupported version
+DH_R_BAD_GENERATOR:101:bad generator
+DH_R_BN_DECODE_ERROR:109:bn decode error
+DH_R_BN_ERROR:106:bn error
+DH_R_CHECK_INVALID_J_VALUE:115:check invalid j value
+DH_R_CHECK_INVALID_Q_VALUE:116:check invalid q value
+DH_R_CHECK_PUBKEY_INVALID:122:check pubkey invalid
+DH_R_CHECK_PUBKEY_TOO_LARGE:123:check pubkey too large
+DH_R_CHECK_PUBKEY_TOO_SMALL:124:check pubkey too small
+DH_R_CHECK_P_NOT_PRIME:117:check p not prime
+DH_R_CHECK_P_NOT_SAFE_PRIME:118:check p not safe prime
+DH_R_CHECK_Q_NOT_PRIME:119:check q not prime
+DH_R_DECODE_ERROR:104:decode error
+DH_R_INVALID_PARAMETER_NAME:110:invalid parameter name
+DH_R_INVALID_PARAMETER_NID:114:invalid parameter nid
+DH_R_INVALID_PUBKEY:102:invalid public key
+DH_R_KDF_PARAMETER_ERROR:112:kdf parameter error
+DH_R_KEYS_NOT_SET:108:keys not set
+DH_R_MISSING_PUBKEY:125:missing pubkey
+DH_R_MODULUS_TOO_LARGE:103:modulus too large
+DH_R_NOT_SUITABLE_GENERATOR:120:not suitable generator
+DH_R_NO_PARAMETERS_SET:107:no parameters set
+DH_R_NO_PRIVATE_VALUE:100:no private value
+DH_R_PARAMETER_ENCODING_ERROR:105:parameter encoding error
+DH_R_PEER_KEY_ERROR:111:peer key error
+DH_R_Q_TOO_LARGE:130:q too large
+DH_R_SHARED_INFO_ERROR:113:shared info error
+DH_R_UNABLE_TO_CHECK_GENERATOR:121:unable to check generator
+DSA_R_BAD_Q_VALUE:102:bad q value
+DSA_R_BN_DECODE_ERROR:108:bn decode error
+DSA_R_BN_ERROR:109:bn error
+DSA_R_DECODE_ERROR:104:decode error
+DSA_R_INVALID_DIGEST_TYPE:106:invalid digest type
+DSA_R_INVALID_PARAMETERS:112:invalid parameters
+DSA_R_MISSING_PARAMETERS:101:missing parameters
+DSA_R_MISSING_PRIVATE_KEY:111:missing private key
+DSA_R_MODULUS_TOO_LARGE:103:modulus too large
+DSA_R_NO_PARAMETERS_SET:107:no parameters set
+DSA_R_PARAMETER_ENCODING_ERROR:105:parameter encoding error
+DSA_R_Q_NOT_PRIME:113:q not prime
+DSA_R_SEED_LEN_SMALL:110:seed_len is less than the length of q
+DSO_R_CTRL_FAILED:100:control command failed
+DSO_R_DSO_ALREADY_LOADED:110:dso already loaded
+DSO_R_EMPTY_FILE_STRUCTURE:113:empty file structure
+DSO_R_FAILURE:114:failure
+DSO_R_FILENAME_TOO_BIG:101:filename too big
+DSO_R_FINISH_FAILED:102:cleanup method function failed
+DSO_R_INCORRECT_FILE_SYNTAX:115:incorrect file syntax
+DSO_R_LOAD_FAILED:103:could not load the shared library
+DSO_R_NAME_TRANSLATION_FAILED:109:name translation failed
+DSO_R_NO_FILENAME:111:no filename
+DSO_R_NULL_HANDLE:104:a null shared library handle was used
+DSO_R_SET_FILENAME_FAILED:112:set filename failed
+DSO_R_STACK_ERROR:105:the meth_data stack is corrupt
+DSO_R_SYM_FAILURE:106:could not bind to the requested symbol name
+DSO_R_UNLOAD_FAILED:107:could not unload the shared library
+DSO_R_UNSUPPORTED:108:functionality not supported
+EC_R_ASN1_ERROR:115:asn1 error
+EC_R_BAD_SIGNATURE:156:bad signature
+EC_R_BIGNUM_OUT_OF_RANGE:144:bignum out of range
+EC_R_BUFFER_TOO_SMALL:100:buffer too small
+EC_R_CANNOT_INVERT:165:cannot invert
+EC_R_COORDINATES_OUT_OF_RANGE:146:coordinates out of range
+EC_R_CURVE_DOES_NOT_SUPPORT_ECDH:160:curve does not support ecdh
+EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING:159:curve does not support signing
+EC_R_D2I_ECPKPARAMETERS_FAILURE:117:d2i ecpkparameters failure
+EC_R_DECODE_ERROR:142:decode error
+EC_R_DISCRIMINANT_IS_ZERO:118:discriminant is zero
+EC_R_EC_GROUP_NEW_BY_NAME_FAILURE:119:ec group new by name failure
+EC_R_FIELD_TOO_LARGE:143:field too large
+EC_R_GF2M_NOT_SUPPORTED:147:gf2m not supported
+EC_R_GROUP2PKPARAMETERS_FAILURE:120:group2pkparameters failure
+EC_R_I2D_ECPKPARAMETERS_FAILURE:121:i2d ecpkparameters failure
+EC_R_INCOMPATIBLE_OBJECTS:101:incompatible objects
+EC_R_INVALID_ARGUMENT:112:invalid argument
+EC_R_INVALID_COMPRESSED_POINT:110:invalid compressed point
+EC_R_INVALID_COMPRESSION_BIT:109:invalid compression bit
+EC_R_INVALID_CURVE:141:invalid curve
+EC_R_INVALID_DIGEST:151:invalid digest
+EC_R_INVALID_DIGEST_TYPE:138:invalid digest type
+EC_R_INVALID_ENCODING:102:invalid encoding
+EC_R_INVALID_FIELD:103:invalid field
+EC_R_INVALID_FORM:104:invalid form
+EC_R_INVALID_GROUP_ORDER:122:invalid group order
+EC_R_INVALID_KEY:116:invalid key
+EC_R_INVALID_OUTPUT_LENGTH:161:invalid output length
+EC_R_INVALID_PEER_KEY:133:invalid peer key
+EC_R_INVALID_PENTANOMIAL_BASIS:132:invalid pentanomial basis
+EC_R_INVALID_PRIVATE_KEY:123:invalid private key
+EC_R_INVALID_TRINOMIAL_BASIS:137:invalid trinomial basis
+EC_R_KDF_PARAMETER_ERROR:148:kdf parameter error
+EC_R_KEYS_NOT_SET:140:keys not set
+EC_R_LADDER_POST_FAILURE:136:ladder post failure
+EC_R_LADDER_PRE_FAILURE:153:ladder pre failure
+EC_R_LADDER_STEP_FAILURE:162:ladder step failure
+EC_R_MISSING_OID:167:missing OID
+EC_R_MISSING_PARAMETERS:124:missing parameters
+EC_R_MISSING_PRIVATE_KEY:125:missing private key
+EC_R_NEED_NEW_SETUP_VALUES:157:need new setup values
+EC_R_NOT_A_NIST_PRIME:135:not a NIST prime
+EC_R_NOT_IMPLEMENTED:126:not implemented
+EC_R_NOT_INITIALIZED:111:not initialized
+EC_R_NO_PARAMETERS_SET:139:no parameters set
+EC_R_NO_PRIVATE_VALUE:154:no private value
+EC_R_OPERATION_NOT_SUPPORTED:152:operation not supported
+EC_R_PASSED_NULL_PARAMETER:134:passed null parameter
+EC_R_PEER_KEY_ERROR:149:peer key error
+EC_R_PKPARAMETERS2GROUP_FAILURE:127:pkparameters2group failure
+EC_R_POINT_ARITHMETIC_FAILURE:155:point arithmetic failure
+EC_R_POINT_AT_INFINITY:106:point at infinity
+EC_R_POINT_COORDINATES_BLIND_FAILURE:163:point coordinates blind failure
+EC_R_POINT_IS_NOT_ON_CURVE:107:point is not on curve
+EC_R_RANDOM_NUMBER_GENERATION_FAILED:158:random number generation failed
+EC_R_SHARED_INFO_ERROR:150:shared info error
+EC_R_SLOT_FULL:108:slot full
+EC_R_UNDEFINED_GENERATOR:113:undefined generator
+EC_R_UNDEFINED_ORDER:128:undefined order
+EC_R_UNKNOWN_COFACTOR:164:unknown cofactor
+EC_R_UNKNOWN_GROUP:129:unknown group
+EC_R_UNKNOWN_ORDER:114:unknown order
+EC_R_UNSUPPORTED_FIELD:131:unsupported field
+EC_R_WRONG_CURVE_PARAMETERS:145:wrong curve parameters
+EC_R_WRONG_ORDER:130:wrong order
+ENGINE_R_ALREADY_LOADED:100:already loaded
+ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER:133:argument is not a number
+ENGINE_R_CMD_NOT_EXECUTABLE:134:cmd not executable
+ENGINE_R_COMMAND_TAKES_INPUT:135:command takes input
+ENGINE_R_COMMAND_TAKES_NO_INPUT:136:command takes no input
+ENGINE_R_CONFLICTING_ENGINE_ID:103:conflicting engine id
+ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED:119:ctrl command not implemented
+ENGINE_R_DSO_FAILURE:104:DSO failure
+ENGINE_R_DSO_NOT_FOUND:132:dso not found
+ENGINE_R_ENGINES_SECTION_ERROR:148:engines section error
+ENGINE_R_ENGINE_CONFIGURATION_ERROR:102:engine configuration error
+ENGINE_R_ENGINE_IS_NOT_IN_LIST:105:engine is not in the list
+ENGINE_R_ENGINE_SECTION_ERROR:149:engine section error
+ENGINE_R_FAILED_LOADING_PRIVATE_KEY:128:failed loading private key
+ENGINE_R_FAILED_LOADING_PUBLIC_KEY:129:failed loading public key
+ENGINE_R_FINISH_FAILED:106:finish failed
+ENGINE_R_ID_OR_NAME_MISSING:108:'id' or 'name' missing
+ENGINE_R_INIT_FAILED:109:init failed
+ENGINE_R_INTERNAL_LIST_ERROR:110:internal list error
+ENGINE_R_INVALID_ARGUMENT:143:invalid argument
+ENGINE_R_INVALID_CMD_NAME:137:invalid cmd name
+ENGINE_R_INVALID_CMD_NUMBER:138:invalid cmd number
+ENGINE_R_INVALID_INIT_VALUE:151:invalid init value
+ENGINE_R_INVALID_STRING:150:invalid string
+ENGINE_R_NOT_INITIALISED:117:not initialised
+ENGINE_R_NOT_LOADED:112:not loaded
+ENGINE_R_NO_CONTROL_FUNCTION:120:no control function
+ENGINE_R_NO_INDEX:144:no index
+ENGINE_R_NO_LOAD_FUNCTION:125:no load function
+ENGINE_R_NO_REFERENCE:130:no reference
+ENGINE_R_NO_SUCH_ENGINE:116:no such engine
+ENGINE_R_UNIMPLEMENTED_CIPHER:146:unimplemented cipher
+ENGINE_R_UNIMPLEMENTED_DIGEST:147:unimplemented digest
+ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD:101:unimplemented public key method
+ENGINE_R_VERSION_INCOMPATIBILITY:145:version incompatibility
+EVP_R_AES_KEY_SETUP_FAILED:143:aes key setup failed
+EVP_R_ARIA_KEY_SETUP_FAILED:176:aria key setup failed
+EVP_R_BAD_DECRYPT:100:bad decrypt
+EVP_R_BAD_KEY_LENGTH:195:bad key length
+EVP_R_BUFFER_TOO_SMALL:155:buffer too small
+EVP_R_CAMELLIA_KEY_SETUP_FAILED:157:camellia key setup failed
+EVP_R_CIPHER_PARAMETER_ERROR:122:cipher parameter error
+EVP_R_COMMAND_NOT_SUPPORTED:147:command not supported
+EVP_R_COPY_ERROR:173:copy error
+EVP_R_CTRL_NOT_IMPLEMENTED:132:ctrl not implemented
+EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED:133:ctrl operation not implemented
+EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH:138:data not multiple of block length
+EVP_R_DECODE_ERROR:114:decode error
+EVP_R_DIFFERENT_KEY_TYPES:101:different key types
+EVP_R_DIFFERENT_PARAMETERS:153:different parameters
+EVP_R_ERROR_LOADING_SECTION:165:error loading section
+EVP_R_ERROR_SETTING_FIPS_MODE:166:error setting fips mode
+EVP_R_EXPECTING_AN_HMAC_KEY:174:expecting an hmac key
+EVP_R_EXPECTING_AN_RSA_KEY:127:expecting an rsa key
+EVP_R_EXPECTING_A_DH_KEY:128:expecting a dh key
+EVP_R_EXPECTING_A_DSA_KEY:129:expecting a dsa key
+EVP_R_EXPECTING_A_EC_KEY:142:expecting a ec key
+EVP_R_EXPECTING_A_POLY1305_KEY:164:expecting a poly1305 key
+EVP_R_EXPECTING_A_SIPHASH_KEY:175:expecting a siphash key
+EVP_R_FIPS_MODE_NOT_SUPPORTED:167:fips mode not supported
+EVP_R_GET_RAW_KEY_FAILED:182:get raw key failed
+EVP_R_ILLEGAL_SCRYPT_PARAMETERS:171:illegal scrypt parameters
+EVP_R_INITIALIZATION_ERROR:134:initialization error
+EVP_R_INPUT_NOT_INITIALIZED:111:input not initialized
+EVP_R_INVALID_DIGEST:152:invalid digest
+EVP_R_INVALID_FIPS_MODE:168:invalid fips mode
+EVP_R_INVALID_IV_LENGTH:194:invalid iv length
+EVP_R_INVALID_KEY:163:invalid key
+EVP_R_INVALID_KEY_LENGTH:130:invalid key length
+EVP_R_INVALID_OPERATION:148:invalid operation
+EVP_R_KEYGEN_FAILURE:120:keygen failure
+EVP_R_KEY_SETUP_FAILED:180:key setup failed
+EVP_R_MEMORY_LIMIT_EXCEEDED:172:memory limit exceeded
+EVP_R_MESSAGE_DIGEST_IS_NULL:159:message digest is null
+EVP_R_METHOD_NOT_SUPPORTED:144:method not supported
+EVP_R_MISSING_PARAMETERS:103:missing parameters
+EVP_R_NOT_XOF_OR_INVALID_LENGTH:178:not XOF or invalid length
+EVP_R_NO_CIPHER_SET:131:no cipher set
+EVP_R_NO_DEFAULT_DIGEST:158:no default digest
+EVP_R_NO_DIGEST_SET:139:no digest set
+EVP_R_NO_KEY_SET:154:no key set
+EVP_R_NO_OPERATION_SET:149:no operation set
+EVP_R_ONLY_ONESHOT_SUPPORTED:177:only oneshot supported
+EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:150:\
+ operation not supported for this keytype
+EVP_R_OPERATON_NOT_INITIALIZED:151:operaton not initialized
+EVP_R_OUTPUT_WOULD_OVERFLOW:184:output would overflow
+EVP_R_PARTIALLY_OVERLAPPING:162:partially overlapping buffers
+EVP_R_PBKDF2_ERROR:181:pbkdf2 error
+EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED:179:\
+ pkey application asn1 method already registered
+EVP_R_PRIVATE_KEY_DECODE_ERROR:145:private key decode error
+EVP_R_PRIVATE_KEY_ENCODE_ERROR:146:private key encode error
+EVP_R_PUBLIC_KEY_NOT_RSA:106:public key not rsa
+EVP_R_UNKNOWN_CIPHER:160:unknown cipher
+EVP_R_UNKNOWN_DIGEST:161:unknown digest
+EVP_R_UNKNOWN_OPTION:169:unknown option
+EVP_R_UNKNOWN_PBE_ALGORITHM:121:unknown pbe algorithm
+EVP_R_UNSUPPORTED_ALGORITHM:156:unsupported algorithm
+EVP_R_UNSUPPORTED_CIPHER:107:unsupported cipher
+EVP_R_UNSUPPORTED_KEYLENGTH:123:unsupported keylength
+EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION:124:\
+ unsupported key derivation function
+EVP_R_UNSUPPORTED_KEY_SIZE:108:unsupported key size
+EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS:135:unsupported number of rounds
+EVP_R_UNSUPPORTED_PRF:125:unsupported prf
+EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM:118:unsupported private key algorithm
+EVP_R_UNSUPPORTED_SALT_TYPE:126:unsupported salt type
+EVP_R_WRAP_MODE_NOT_ALLOWED:170:wrap mode not allowed
+EVP_R_WRONG_FINAL_BLOCK_LENGTH:109:wrong final block length
+EVP_R_XTS_DUPLICATED_KEYS:183:xts duplicated keys
+KDF_R_INVALID_DIGEST:100:invalid digest
+KDF_R_MISSING_ITERATION_COUNT:109:missing iteration count
+KDF_R_MISSING_KEY:104:missing key
+KDF_R_MISSING_MESSAGE_DIGEST:105:missing message digest
+KDF_R_MISSING_PARAMETER:101:missing parameter
+KDF_R_MISSING_PASS:110:missing pass
+KDF_R_MISSING_SALT:111:missing salt
+KDF_R_MISSING_SECRET:107:missing secret
+KDF_R_MISSING_SEED:106:missing seed
+KDF_R_UNKNOWN_PARAMETER_TYPE:103:unknown parameter type
+KDF_R_VALUE_ERROR:108:value error
+KDF_R_VALUE_MISSING:102:value missing
+OBJ_R_OID_EXISTS:102:oid exists
+OBJ_R_UNKNOWN_NID:101:unknown nid
+OCSP_R_CERTIFICATE_VERIFY_ERROR:101:certificate verify error
+OCSP_R_DIGEST_ERR:102:digest err
+OCSP_R_ERROR_IN_NEXTUPDATE_FIELD:122:error in nextupdate field
+OCSP_R_ERROR_IN_THISUPDATE_FIELD:123:error in thisupdate field
+OCSP_R_ERROR_PARSING_URL:121:error parsing url
+OCSP_R_MISSING_OCSPSIGNING_USAGE:103:missing ocspsigning usage
+OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE:124:nextupdate before thisupdate
+OCSP_R_NOT_BASIC_RESPONSE:104:not basic response
+OCSP_R_NO_CERTIFICATES_IN_CHAIN:105:no certificates in chain
+OCSP_R_NO_RESPONSE_DATA:108:no response data
+OCSP_R_NO_REVOKED_TIME:109:no revoked time
+OCSP_R_NO_SIGNER_KEY:130:no signer key
+OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE:110:\
+ private key does not match certificate
+OCSP_R_REQUEST_NOT_SIGNED:128:request not signed
+OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA:111:\
+ response contains no revocation data
+OCSP_R_ROOT_CA_NOT_TRUSTED:112:root ca not trusted
+OCSP_R_SERVER_RESPONSE_ERROR:114:server response error
+OCSP_R_SERVER_RESPONSE_PARSE_ERROR:115:server response parse error
+OCSP_R_SIGNATURE_FAILURE:117:signature failure
+OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND:118:signer certificate not found
+OCSP_R_STATUS_EXPIRED:125:status expired
+OCSP_R_STATUS_NOT_YET_VALID:126:status not yet valid
+OCSP_R_STATUS_TOO_OLD:127:status too old
+OCSP_R_UNKNOWN_MESSAGE_DIGEST:119:unknown message digest
+OCSP_R_UNKNOWN_NID:120:unknown nid
+OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE:129:unsupported requestorname type
+OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE:107:ambiguous content type
+OSSL_STORE_R_BAD_PASSWORD_READ:115:bad password read
+OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC:113:error verifying pkcs12 mac
+OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST:121:\
+ fingerprint size does not match digest
+OSSL_STORE_R_INVALID_SCHEME:106:invalid scheme
+OSSL_STORE_R_IS_NOT_A:112:is not a
+OSSL_STORE_R_LOADER_INCOMPLETE:116:loader incomplete
+OSSL_STORE_R_LOADING_STARTED:117:loading started
+OSSL_STORE_R_NOT_A_CERTIFICATE:100:not a certificate
+OSSL_STORE_R_NOT_A_CRL:101:not a crl
+OSSL_STORE_R_NOT_A_KEY:102:not a key
+OSSL_STORE_R_NOT_A_NAME:103:not a name
+OSSL_STORE_R_NOT_PARAMETERS:104:not parameters
+OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR:114:passphrase callback error
+OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE:108:path must be absolute
+OSSL_STORE_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES:119:\
+ search only supported for directories
+OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED:109:\
+ ui process interrupted or cancelled
+OSSL_STORE_R_UNREGISTERED_SCHEME:105:unregistered scheme
+OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE:110:unsupported content type
+OSSL_STORE_R_UNSUPPORTED_OPERATION:118:unsupported operation
+OSSL_STORE_R_UNSUPPORTED_SEARCH_TYPE:120:unsupported search type
+OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED:111:uri authority unsupported
+PEM_R_BAD_BASE64_DECODE:100:bad base64 decode
+PEM_R_BAD_DECRYPT:101:bad decrypt
+PEM_R_BAD_END_LINE:102:bad end line
+PEM_R_BAD_IV_CHARS:103:bad iv chars
+PEM_R_BAD_MAGIC_NUMBER:116:bad magic number
+PEM_R_BAD_PASSWORD_READ:104:bad password read
+PEM_R_BAD_VERSION_NUMBER:117:bad version number
+PEM_R_BIO_WRITE_FAILURE:118:bio write failure
+PEM_R_CIPHER_IS_NULL:127:cipher is null
+PEM_R_ERROR_CONVERTING_PRIVATE_KEY:115:error converting private key
+PEM_R_EXPECTING_PRIVATE_KEY_BLOB:119:expecting private key blob
+PEM_R_EXPECTING_PUBLIC_KEY_BLOB:120:expecting public key blob
+PEM_R_HEADER_TOO_LONG:128:header too long
+PEM_R_INCONSISTENT_HEADER:121:inconsistent header
+PEM_R_KEYBLOB_HEADER_PARSE_ERROR:122:keyblob header parse error
+PEM_R_KEYBLOB_TOO_SHORT:123:keyblob too short
+PEM_R_MISSING_DEK_IV:129:missing dek iv
+PEM_R_NOT_DEK_INFO:105:not dek info
+PEM_R_NOT_ENCRYPTED:106:not encrypted
+PEM_R_NOT_PROC_TYPE:107:not proc type
+PEM_R_NO_START_LINE:108:no start line
+PEM_R_PROBLEMS_GETTING_PASSWORD:109:problems getting password
+PEM_R_PVK_DATA_TOO_SHORT:124:pvk data too short
+PEM_R_PVK_TOO_SHORT:125:pvk too short
+PEM_R_READ_KEY:111:read key
+PEM_R_SHORT_HEADER:112:short header
+PEM_R_UNEXPECTED_DEK_IV:130:unexpected dek iv
+PEM_R_UNSUPPORTED_CIPHER:113:unsupported cipher
+PEM_R_UNSUPPORTED_ENCRYPTION:114:unsupported encryption
+PEM_R_UNSUPPORTED_KEY_COMPONENTS:126:unsupported key components
+PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE:110:unsupported public key type
+PKCS12_R_CANT_PACK_STRUCTURE:100:cant pack structure
+PKCS12_R_CONTENT_TYPE_NOT_DATA:121:content type not data
+PKCS12_R_DECODE_ERROR:101:decode error
+PKCS12_R_ENCODE_ERROR:102:encode error
+PKCS12_R_ENCRYPT_ERROR:103:encrypt error
+PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE:120:error setting encrypted data type
+PKCS12_R_INVALID_NULL_ARGUMENT:104:invalid null argument
+PKCS12_R_INVALID_NULL_PKCS12_POINTER:105:invalid null pkcs12 pointer
+PKCS12_R_IV_GEN_ERROR:106:iv gen error
+PKCS12_R_KEY_GEN_ERROR:107:key gen error
+PKCS12_R_MAC_ABSENT:108:mac absent
+PKCS12_R_MAC_GENERATION_ERROR:109:mac generation error
+PKCS12_R_MAC_SETUP_ERROR:110:mac setup error
+PKCS12_R_MAC_STRING_SET_ERROR:111:mac string set error
+PKCS12_R_MAC_VERIFY_FAILURE:113:mac verify failure
+PKCS12_R_PARSE_ERROR:114:parse error
+PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR:115:pkcs12 algor cipherinit error
+PKCS12_R_PKCS12_CIPHERFINAL_ERROR:116:pkcs12 cipherfinal error
+PKCS12_R_PKCS12_PBE_CRYPT_ERROR:117:pkcs12 pbe crypt error
+PKCS12_R_UNKNOWN_DIGEST_ALGORITHM:118:unknown digest algorithm
+PKCS12_R_UNSUPPORTED_PKCS12_MODE:119:unsupported pkcs12 mode
+PKCS7_R_CERTIFICATE_VERIFY_ERROR:117:certificate verify error
+PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER:144:cipher has no object identifier
+PKCS7_R_CIPHER_NOT_INITIALIZED:116:cipher not initialized
+PKCS7_R_CONTENT_AND_DATA_PRESENT:118:content and data present
+PKCS7_R_CTRL_ERROR:152:ctrl error
+PKCS7_R_DECRYPT_ERROR:119:decrypt error
+PKCS7_R_DIGEST_FAILURE:101:digest failure
+PKCS7_R_ENCRYPTION_CTRL_FAILURE:149:encryption ctrl failure
+PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE:150:\
+ encryption not supported for this key type
+PKCS7_R_ERROR_ADDING_RECIPIENT:120:error adding recipient
+PKCS7_R_ERROR_SETTING_CIPHER:121:error setting cipher
+PKCS7_R_INVALID_NULL_POINTER:143:invalid null pointer
+PKCS7_R_INVALID_SIGNED_DATA_TYPE:155:invalid signed data type
+PKCS7_R_NO_CONTENT:122:no content
+PKCS7_R_NO_DEFAULT_DIGEST:151:no default digest
+PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND:154:no matching digest type found
+PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE:115:no recipient matches certificate
+PKCS7_R_NO_SIGNATURES_ON_DATA:123:no signatures on data
+PKCS7_R_NO_SIGNERS:142:no signers
+PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE:104:\
+ operation not supported on this type
+PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR:124:pkcs7 add signature error
+PKCS7_R_PKCS7_ADD_SIGNER_ERROR:153:pkcs7 add signer error
+PKCS7_R_PKCS7_DATASIGN:145:pkcs7 datasign
+PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE:127:\
+ private key does not match certificate
+PKCS7_R_SIGNATURE_FAILURE:105:signature failure
+PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND:128:signer certificate not found
+PKCS7_R_SIGNING_CTRL_FAILURE:147:signing ctrl failure
+PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE:148:\
+ signing not supported for this key type
+PKCS7_R_SMIME_TEXT_ERROR:129:smime text error
+PKCS7_R_UNABLE_TO_FIND_CERTIFICATE:106:unable to find certificate
+PKCS7_R_UNABLE_TO_FIND_MEM_BIO:107:unable to find mem bio
+PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST:108:unable to find message digest
+PKCS7_R_UNKNOWN_DIGEST_TYPE:109:unknown digest type
+PKCS7_R_UNKNOWN_OPERATION:110:unknown operation
+PKCS7_R_UNSUPPORTED_CIPHER_TYPE:111:unsupported cipher type
+PKCS7_R_UNSUPPORTED_CONTENT_TYPE:112:unsupported content type
+PKCS7_R_WRONG_CONTENT_TYPE:113:wrong content type
+PKCS7_R_WRONG_PKCS7_TYPE:114:wrong pkcs7 type
+RAND_R_ADDITIONAL_INPUT_TOO_LONG:102:additional input too long
+RAND_R_ALREADY_INSTANTIATED:103:already instantiated
+RAND_R_ARGUMENT_OUT_OF_RANGE:105:argument out of range
+RAND_R_CANNOT_OPEN_FILE:121:Cannot open file
+RAND_R_DRBG_ALREADY_INITIALIZED:129:drbg already initialized
+RAND_R_DRBG_NOT_INITIALISED:104:drbg not initialised
+RAND_R_ENTROPY_INPUT_TOO_LONG:106:entropy input too long
+RAND_R_ENTROPY_OUT_OF_RANGE:124:entropy out of range
+RAND_R_ERROR_ENTROPY_POOL_WAS_IGNORED:127:error entropy pool was ignored
+RAND_R_ERROR_INITIALISING_DRBG:107:error initialising drbg
+RAND_R_ERROR_INSTANTIATING_DRBG:108:error instantiating drbg
+RAND_R_ERROR_RETRIEVING_ADDITIONAL_INPUT:109:error retrieving additional input
+RAND_R_ERROR_RETRIEVING_ENTROPY:110:error retrieving entropy
+RAND_R_ERROR_RETRIEVING_NONCE:111:error retrieving nonce
+RAND_R_FAILED_TO_CREATE_LOCK:126:failed to create lock
+RAND_R_FUNC_NOT_IMPLEMENTED:101:Function not implemented
+RAND_R_FWRITE_ERROR:123:Error writing file
+RAND_R_GENERATE_ERROR:112:generate error
+RAND_R_INTERNAL_ERROR:113:internal error
+RAND_R_IN_ERROR_STATE:114:in error state
+RAND_R_NOT_A_REGULAR_FILE:122:Not a regular file
+RAND_R_NOT_INSTANTIATED:115:not instantiated
+RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED:128:no drbg implementation selected
+RAND_R_PARENT_LOCKING_NOT_ENABLED:130:parent locking not enabled
+RAND_R_PARENT_STRENGTH_TOO_WEAK:131:parent strength too weak
+RAND_R_PERSONALISATION_STRING_TOO_LONG:116:personalisation string too long
+RAND_R_PREDICTION_RESISTANCE_NOT_SUPPORTED:133:\
+ prediction resistance not supported
+RAND_R_PRNG_NOT_SEEDED:100:PRNG not seeded
+RAND_R_RANDOM_POOL_OVERFLOW:125:random pool overflow
+RAND_R_RANDOM_POOL_UNDERFLOW:134:random pool underflow
+RAND_R_REQUEST_TOO_LARGE_FOR_DRBG:117:request too large for drbg
+RAND_R_RESEED_ERROR:118:reseed error
+RAND_R_SELFTEST_FAILURE:119:selftest failure
+RAND_R_TOO_LITTLE_NONCE_REQUESTED:135:too little nonce requested
+RAND_R_TOO_MUCH_NONCE_REQUESTED:136:too much nonce requested
+RAND_R_UNSUPPORTED_DRBG_FLAGS:132:unsupported drbg flags
+RAND_R_UNSUPPORTED_DRBG_TYPE:120:unsupported drbg type
+RSA_R_ALGORITHM_MISMATCH:100:algorithm mismatch
+RSA_R_BAD_E_VALUE:101:bad e value
+RSA_R_BAD_FIXED_HEADER_DECRYPT:102:bad fixed header decrypt
+RSA_R_BAD_PAD_BYTE_COUNT:103:bad pad byte count
+RSA_R_BAD_SIGNATURE:104:bad signature
+RSA_R_BLOCK_TYPE_IS_NOT_01:106:block type is not 01
+RSA_R_BLOCK_TYPE_IS_NOT_02:107:block type is not 02
+RSA_R_DATA_GREATER_THAN_MOD_LEN:108:data greater than mod len
+RSA_R_DATA_TOO_LARGE:109:data too large
+RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE:110:data too large for key size
+RSA_R_DATA_TOO_LARGE_FOR_MODULUS:132:data too large for modulus
+RSA_R_DATA_TOO_SMALL:111:data too small
+RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE:122:data too small for key size
+RSA_R_DIGEST_DOES_NOT_MATCH:158:digest does not match
+RSA_R_DIGEST_NOT_ALLOWED:145:digest not allowed
+RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY:112:digest too big for rsa key
+RSA_R_DMP1_NOT_CONGRUENT_TO_D:124:dmp1 not congruent to d
+RSA_R_DMQ1_NOT_CONGRUENT_TO_D:125:dmq1 not congruent to d
+RSA_R_D_E_NOT_CONGRUENT_TO_1:123:d e not congruent to 1
+RSA_R_FIRST_OCTET_INVALID:133:first octet invalid
+RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE:144:\
+ illegal or unsupported padding mode
+RSA_R_INVALID_DIGEST:157:invalid digest
+RSA_R_INVALID_DIGEST_LENGTH:143:invalid digest length
+RSA_R_INVALID_HEADER:137:invalid header
+RSA_R_INVALID_LABEL:160:invalid label
+RSA_R_INVALID_MESSAGE_LENGTH:131:invalid message length
+RSA_R_INVALID_MGF1_MD:156:invalid mgf1 md
+RSA_R_INVALID_MULTI_PRIME_KEY:167:invalid multi prime key
+RSA_R_INVALID_OAEP_PARAMETERS:161:invalid oaep parameters
+RSA_R_INVALID_PADDING:138:invalid padding
+RSA_R_INVALID_PADDING_MODE:141:invalid padding mode
+RSA_R_INVALID_PSS_PARAMETERS:149:invalid pss parameters
+RSA_R_INVALID_PSS_SALTLEN:146:invalid pss saltlen
+RSA_R_INVALID_SALT_LENGTH:150:invalid salt length
+RSA_R_INVALID_TRAILER:139:invalid trailer
+RSA_R_INVALID_X931_DIGEST:142:invalid x931 digest
+RSA_R_IQMP_NOT_INVERSE_OF_Q:126:iqmp not inverse of q
+RSA_R_KEY_PRIME_NUM_INVALID:165:key prime num invalid
+RSA_R_KEY_SIZE_TOO_SMALL:120:key size too small
+RSA_R_LAST_OCTET_INVALID:134:last octet invalid
+RSA_R_MGF1_DIGEST_NOT_ALLOWED:152:mgf1 digest not allowed
+RSA_R_MISSING_PRIVATE_KEY:179:missing private key
+RSA_R_MODULUS_TOO_LARGE:105:modulus too large
+RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R:168:mp coefficient not inverse of r
+RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D:169:mp exponent not congruent to d
+RSA_R_MP_R_NOT_PRIME:170:mp r not prime
+RSA_R_NO_PUBLIC_EXPONENT:140:no public exponent
+RSA_R_NULL_BEFORE_BLOCK_MISSING:113:null before block missing
+RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES:172:n does not equal product of primes
+RSA_R_N_DOES_NOT_EQUAL_P_Q:127:n does not equal p q
+RSA_R_OAEP_DECODING_ERROR:121:oaep decoding error
+RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:148:\
+ operation not supported for this keytype
+RSA_R_PADDING_CHECK_FAILED:114:padding check failed
+RSA_R_PKCS_DECODING_ERROR:159:pkcs decoding error
+RSA_R_PSS_SALTLEN_TOO_SMALL:164:pss saltlen too small
+RSA_R_P_NOT_PRIME:128:p not prime
+RSA_R_Q_NOT_PRIME:129:q not prime
+RSA_R_RSA_OPERATIONS_NOT_SUPPORTED:130:rsa operations not supported
+RSA_R_SLEN_CHECK_FAILED:136:salt length check failed
+RSA_R_SLEN_RECOVERY_FAILED:135:salt length recovery failed
+RSA_R_SSLV3_ROLLBACK_ATTACK:115:sslv3 rollback attack
+RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD:116:\
+ the asn1 object identifier is not known for this md
+RSA_R_UNKNOWN_ALGORITHM_TYPE:117:unknown algorithm type
+RSA_R_UNKNOWN_DIGEST:166:unknown digest
+RSA_R_UNKNOWN_MASK_DIGEST:151:unknown mask digest
+RSA_R_UNKNOWN_PADDING_TYPE:118:unknown padding type
+RSA_R_UNSUPPORTED_ENCRYPTION_TYPE:162:unsupported encryption type
+RSA_R_UNSUPPORTED_LABEL_SOURCE:163:unsupported label source
+RSA_R_UNSUPPORTED_MASK_ALGORITHM:153:unsupported mask algorithm
+RSA_R_UNSUPPORTED_MASK_PARAMETER:154:unsupported mask parameter
+RSA_R_UNSUPPORTED_SIGNATURE_TYPE:155:unsupported signature type
+RSA_R_VALUE_MISSING:147:value missing
+RSA_R_WRONG_SIGNATURE_LENGTH:119:wrong signature length
+SM2_R_ASN1_ERROR:100:asn1 error
+SM2_R_BAD_SIGNATURE:101:bad signature
+SM2_R_BUFFER_TOO_SMALL:107:buffer too small
+SM2_R_DIST_ID_TOO_LARGE:110:dist id too large
+SM2_R_ID_NOT_SET:112:id not set
+SM2_R_ID_TOO_LARGE:111:id too large
+SM2_R_INVALID_CURVE:108:invalid curve
+SM2_R_INVALID_DIGEST:102:invalid digest
+SM2_R_INVALID_DIGEST_TYPE:103:invalid digest type
+SM2_R_INVALID_ENCODING:104:invalid encoding
+SM2_R_INVALID_FIELD:105:invalid field
+SM2_R_NO_PARAMETERS_SET:109:no parameters set
+SM2_R_USER_ID_TOO_LARGE:106:user id too large
+SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY:291:\
+ application data after close notify
+SSL_R_APP_DATA_IN_HANDSHAKE:100:app data in handshake
+SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT:272:\
+ attempt to reuse session in different context
+SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE:143:\
+ at least TLS 1.0 needed in FIPS mode
+SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE:158:\
+ at least (D)TLS 1.2 needed in Suite B mode
+SSL_R_BAD_CHANGE_CIPHER_SPEC:103:bad change cipher spec
+SSL_R_BAD_CIPHER:186:bad cipher
+SSL_R_BAD_DATA:390:bad data
+SSL_R_BAD_DATA_RETURNED_BY_CALLBACK:106:bad data returned by callback
+SSL_R_BAD_DECOMPRESSION:107:bad decompression
+SSL_R_BAD_DH_VALUE:102:bad dh value
+SSL_R_BAD_DIGEST_LENGTH:111:bad digest length
+SSL_R_BAD_EARLY_DATA:233:bad early data
+SSL_R_BAD_ECC_CERT:304:bad ecc cert
+SSL_R_BAD_ECPOINT:306:bad ecpoint
+SSL_R_BAD_EXTENSION:110:bad extension
+SSL_R_BAD_HANDSHAKE_LENGTH:332:bad handshake length
+SSL_R_BAD_HANDSHAKE_STATE:236:bad handshake state
+SSL_R_BAD_HELLO_REQUEST:105:bad hello request
+SSL_R_BAD_HRR_VERSION:263:bad hrr version
+SSL_R_BAD_KEY_SHARE:108:bad key share
+SSL_R_BAD_KEY_UPDATE:122:bad key update
+SSL_R_BAD_LEGACY_VERSION:292:bad legacy version
+SSL_R_BAD_LENGTH:271:bad length
+SSL_R_BAD_PACKET:240:bad packet
+SSL_R_BAD_PACKET_LENGTH:115:bad packet length
+SSL_R_BAD_PROTOCOL_VERSION_NUMBER:116:bad protocol version number
+SSL_R_BAD_PSK:219:bad psk
+SSL_R_BAD_PSK_IDENTITY:114:bad psk identity
+SSL_R_BAD_RECORD_TYPE:443:bad record type
+SSL_R_BAD_RSA_ENCRYPT:119:bad rsa encrypt
+SSL_R_BAD_SIGNATURE:123:bad signature
+SSL_R_BAD_SRP_A_LENGTH:347:bad srp a length
+SSL_R_BAD_SRP_PARAMETERS:371:bad srp parameters
+SSL_R_BAD_SRTP_MKI_VALUE:352:bad srtp mki value
+SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST:353:bad srtp protection profile list
+SSL_R_BAD_SSL_FILETYPE:124:bad ssl filetype
+SSL_R_BAD_VALUE:384:bad value
+SSL_R_BAD_WRITE_RETRY:127:bad write retry
+SSL_R_BINDER_DOES_NOT_VERIFY:253:binder does not verify
+SSL_R_BIO_NOT_SET:128:bio not set
+SSL_R_BLOCK_CIPHER_PAD_IS_WRONG:129:block cipher pad is wrong
+SSL_R_BN_LIB:130:bn lib
+SSL_R_CALLBACK_FAILED:234:callback failed
+SSL_R_CANNOT_CHANGE_CIPHER:109:cannot change cipher
+SSL_R_CA_DN_LENGTH_MISMATCH:131:ca dn length mismatch
+SSL_R_CA_KEY_TOO_SMALL:397:ca key too small
+SSL_R_CA_MD_TOO_WEAK:398:ca md too weak
+SSL_R_CCS_RECEIVED_EARLY:133:ccs received early
+SSL_R_CERTIFICATE_VERIFY_FAILED:134:certificate verify failed
+SSL_R_CERT_CB_ERROR:377:cert cb error
+SSL_R_CERT_LENGTH_MISMATCH:135:cert length mismatch
+SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED:218:ciphersuite digest has changed
+SSL_R_CIPHER_CODE_WRONG_LENGTH:137:cipher code wrong length
+SSL_R_CIPHER_OR_HASH_UNAVAILABLE:138:cipher or hash unavailable
+SSL_R_CLIENTHELLO_TLSEXT:226:clienthello tlsext
+SSL_R_COMPRESSED_LENGTH_TOO_LONG:140:compressed length too long
+SSL_R_COMPRESSION_DISABLED:343:compression disabled
+SSL_R_COMPRESSION_FAILURE:141:compression failure
+SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE:307:\
+ compression id not within private range
+SSL_R_COMPRESSION_LIBRARY_ERROR:142:compression library error
+SSL_R_CONNECTION_TYPE_NOT_SET:144:connection type not set
+SSL_R_CONTEXT_NOT_DANE_ENABLED:167:context not dane enabled
+SSL_R_COOKIE_GEN_CALLBACK_FAILURE:400:cookie gen callback failure
+SSL_R_COOKIE_MISMATCH:308:cookie mismatch
+SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED:206:\
+ custom ext handler already installed
+SSL_R_DANE_ALREADY_ENABLED:172:dane already enabled
+SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL:173:dane cannot override mtype full
+SSL_R_DANE_NOT_ENABLED:175:dane not enabled
+SSL_R_DANE_TLSA_BAD_CERTIFICATE:180:dane tlsa bad certificate
+SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE:184:dane tlsa bad certificate usage
+SSL_R_DANE_TLSA_BAD_DATA_LENGTH:189:dane tlsa bad data length
+SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH:192:dane tlsa bad digest length
+SSL_R_DANE_TLSA_BAD_MATCHING_TYPE:200:dane tlsa bad matching type
+SSL_R_DANE_TLSA_BAD_PUBLIC_KEY:201:dane tlsa bad public key
+SSL_R_DANE_TLSA_BAD_SELECTOR:202:dane tlsa bad selector
+SSL_R_DANE_TLSA_NULL_DATA:203:dane tlsa null data
+SSL_R_DATA_BETWEEN_CCS_AND_FINISHED:145:data between ccs and finished
+SSL_R_DATA_LENGTH_TOO_LONG:146:data length too long
+SSL_R_DECRYPTION_FAILED:147:decryption failed
+SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC:281:\
+ decryption failed or bad record mac
+SSL_R_DH_KEY_TOO_SMALL:394:dh key too small
+SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG:148:dh public value length is wrong
+SSL_R_DIGEST_CHECK_FAILED:149:digest check failed
+SSL_R_DTLS_MESSAGE_TOO_BIG:334:dtls message too big
+SSL_R_DUPLICATE_COMPRESSION_ID:309:duplicate compression id
+SSL_R_ECC_CERT_NOT_FOR_SIGNING:318:ecc cert not for signing
+SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE:374:ecdh required for suiteb mode
+SSL_R_EE_KEY_TOO_SMALL:399:ee key too small
+SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST:354:empty srtp protection profile list
+SSL_R_ENCRYPTED_LENGTH_TOO_LONG:150:encrypted length too long
+SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST:151:error in received cipher list
+SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN:204:error setting tlsa base domain
+SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE:194:exceeds max fragment size
+SSL_R_EXCESSIVE_MESSAGE_SIZE:152:excessive message size
+SSL_R_EXTENSION_NOT_RECEIVED:279:extension not received
+SSL_R_EXTRA_DATA_IN_MESSAGE:153:extra data in message
+SSL_R_EXT_LENGTH_MISMATCH:163:ext length mismatch
+SSL_R_FAILED_TO_INIT_ASYNC:405:failed to init async
+SSL_R_FRAGMENTED_CLIENT_HELLO:401:fragmented client hello
+SSL_R_GOT_A_FIN_BEFORE_A_CCS:154:got a fin before a ccs
+SSL_R_HTTPS_PROXY_REQUEST:155:https proxy request
+SSL_R_HTTP_REQUEST:156:http request
+SSL_R_ILLEGAL_POINT_COMPRESSION:162:illegal point compression
+SSL_R_ILLEGAL_SUITEB_DIGEST:380:illegal Suite B digest
+SSL_R_INAPPROPRIATE_FALLBACK:373:inappropriate fallback
+SSL_R_INCONSISTENT_COMPRESSION:340:inconsistent compression
+SSL_R_INCONSISTENT_EARLY_DATA_ALPN:222:inconsistent early data alpn
+SSL_R_INCONSISTENT_EARLY_DATA_SNI:231:inconsistent early data sni
+SSL_R_INCONSISTENT_EXTMS:104:inconsistent extms
+SSL_R_INSUFFICIENT_SECURITY:241:insufficient security
+SSL_R_INVALID_ALERT:205:invalid alert
+SSL_R_INVALID_CCS_MESSAGE:260:invalid ccs message
+SSL_R_INVALID_CERTIFICATE_OR_ALG:238:invalid certificate or alg
+SSL_R_INVALID_COMMAND:280:invalid command
+SSL_R_INVALID_COMPRESSION_ALGORITHM:341:invalid compression algorithm
+SSL_R_INVALID_CONFIG:283:invalid config
+SSL_R_INVALID_CONFIGURATION_NAME:113:invalid configuration name
+SSL_R_INVALID_CONTEXT:282:invalid context
+SSL_R_INVALID_CT_VALIDATION_TYPE:212:invalid ct validation type
+SSL_R_INVALID_KEY_UPDATE_TYPE:120:invalid key update type
+SSL_R_INVALID_MAX_EARLY_DATA:174:invalid max early data
+SSL_R_INVALID_NULL_CMD_NAME:385:invalid null cmd name
+SSL_R_INVALID_SEQUENCE_NUMBER:402:invalid sequence number
+SSL_R_INVALID_SERVERINFO_DATA:388:invalid serverinfo data
+SSL_R_INVALID_SESSION_ID:999:invalid session id
+SSL_R_INVALID_SRP_USERNAME:357:invalid srp username
+SSL_R_INVALID_STATUS_RESPONSE:328:invalid status response
+SSL_R_INVALID_TICKET_KEYS_LENGTH:325:invalid ticket keys length
+SSL_R_LENGTH_MISMATCH:159:length mismatch
+SSL_R_LENGTH_TOO_LONG:404:length too long
+SSL_R_LENGTH_TOO_SHORT:160:length too short
+SSL_R_LIBRARY_BUG:274:library bug
+SSL_R_LIBRARY_HAS_NO_CIPHERS:161:library has no ciphers
+SSL_R_MISSING_DSA_SIGNING_CERT:165:missing dsa signing cert
+SSL_R_MISSING_ECDSA_SIGNING_CERT:381:missing ecdsa signing cert
+SSL_R_MISSING_FATAL:256:missing fatal
+SSL_R_MISSING_PARAMETERS:290:missing parameters
+SSL_R_MISSING_PSK_KEX_MODES_EXTENSION:310:missing psk kex modes extension
+SSL_R_MISSING_RSA_CERTIFICATE:168:missing rsa certificate
+SSL_R_MISSING_RSA_ENCRYPTING_CERT:169:missing rsa encrypting cert
+SSL_R_MISSING_RSA_SIGNING_CERT:170:missing rsa signing cert
+SSL_R_MISSING_SIGALGS_EXTENSION:112:missing sigalgs extension
+SSL_R_MISSING_SIGNING_CERT:221:missing signing cert
+SSL_R_MISSING_SRP_PARAM:358:can't find SRP server param
+SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION:209:missing supported groups extension
+SSL_R_MISSING_TMP_DH_KEY:171:missing tmp dh key
+SSL_R_MISSING_TMP_ECDH_KEY:311:missing tmp ecdh key
+SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA:293:\
+ mixed handshake and non handshake data
+SSL_R_NOT_ON_RECORD_BOUNDARY:182:not on record boundary
+SSL_R_NOT_REPLACING_CERTIFICATE:289:not replacing certificate
+SSL_R_NOT_SERVER:284:not server
+SSL_R_NO_APPLICATION_PROTOCOL:235:no application protocol
+SSL_R_NO_CERTIFICATES_RETURNED:176:no certificates returned
+SSL_R_NO_CERTIFICATE_ASSIGNED:177:no certificate assigned
+SSL_R_NO_CERTIFICATE_SET:179:no certificate set
+SSL_R_NO_CHANGE_FOLLOWING_HRR:214:no change following hrr
+SSL_R_NO_CIPHERS_AVAILABLE:181:no ciphers available
+SSL_R_NO_CIPHERS_SPECIFIED:183:no ciphers specified
+SSL_R_NO_CIPHER_MATCH:185:no cipher match
+SSL_R_NO_CLIENT_CERT_METHOD:331:no client cert method
+SSL_R_NO_COMPRESSION_SPECIFIED:187:no compression specified
+SSL_R_NO_COOKIE_CALLBACK_SET:287:no cookie callback set
+SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER:330:\
+ Peer haven't sent GOST certificate, required for selected ciphersuite
+SSL_R_NO_METHOD_SPECIFIED:188:no method specified
+SSL_R_NO_PEM_EXTENSIONS:389:no pem extensions
+SSL_R_NO_PRIVATE_KEY_ASSIGNED:190:no private key assigned
+SSL_R_NO_PROTOCOLS_AVAILABLE:191:no protocols available
+SSL_R_NO_RENEGOTIATION:339:no renegotiation
+SSL_R_NO_REQUIRED_DIGEST:324:no required digest
+SSL_R_NO_SHARED_CIPHER:193:no shared cipher
+SSL_R_NO_SHARED_GROUPS:410:no shared groups
+SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS:376:no shared signature algorithms
+SSL_R_NO_SRTP_PROFILES:359:no srtp profiles
+SSL_R_NO_SUITABLE_KEY_SHARE:101:no suitable key share
+SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM:118:no suitable signature algorithm
+SSL_R_NO_VALID_SCTS:216:no valid scts
+SSL_R_NO_VERIFY_COOKIE_CALLBACK:403:no verify cookie callback
+SSL_R_NULL_SSL_CTX:195:null ssl ctx
+SSL_R_NULL_SSL_METHOD_PASSED:196:null ssl method passed
+SSL_R_OCSP_CALLBACK_FAILURE:294:ocsp callback failure
+SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED:197:old session cipher not returned
+SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED:344:\
+ old session compression algorithm not returned
+SSL_R_OVERFLOW_ERROR:237:overflow error
+SSL_R_PACKET_LENGTH_TOO_LONG:198:packet length too long
+SSL_R_PARSE_TLSEXT:227:parse tlsext
+SSL_R_PATH_TOO_LONG:270:path too long
+SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE:199:peer did not return a certificate
+SSL_R_PEM_NAME_BAD_PREFIX:391:pem name bad prefix
+SSL_R_PEM_NAME_TOO_SHORT:392:pem name too short
+SSL_R_PIPELINE_FAILURE:406:pipeline failure
+SSL_R_POST_HANDSHAKE_AUTH_ENCODING_ERR:278:post handshake auth encoding err
+SSL_R_PRIVATE_KEY_MISMATCH:288:private key mismatch
+SSL_R_PROTOCOL_IS_SHUTDOWN:207:protocol is shutdown
+SSL_R_PSK_IDENTITY_NOT_FOUND:223:psk identity not found
+SSL_R_PSK_NO_CLIENT_CB:224:psk no client cb
+SSL_R_PSK_NO_SERVER_CB:225:psk no server cb
+SSL_R_READ_BIO_NOT_SET:211:read bio not set
+SSL_R_READ_TIMEOUT_EXPIRED:312:read timeout expired
+SSL_R_RECORD_LENGTH_MISMATCH:213:record length mismatch
+SSL_R_RECORD_TOO_SMALL:298:record too small
+SSL_R_RENEGOTIATE_EXT_TOO_LONG:335:renegotiate ext too long
+SSL_R_RENEGOTIATION_ENCODING_ERR:336:renegotiation encoding err
+SSL_R_RENEGOTIATION_MISMATCH:337:renegotiation mismatch
+SSL_R_REQUEST_PENDING:285:request pending
+SSL_R_REQUEST_SENT:286:request sent
+SSL_R_REQUIRED_CIPHER_MISSING:215:required cipher missing
+SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING:342:\
+ required compression algorithm missing
+SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING:345:scsv received when renegotiating
+SSL_R_SCT_VERIFICATION_FAILED:208:sct verification failed
+SSL_R_SERVERHELLO_TLSEXT:275:serverhello tlsext
+SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED:277:session id context uninitialized
+SSL_R_SHUTDOWN_WHILE_IN_INIT:407:shutdown while in init
+SSL_R_SIGNATURE_ALGORITHMS_ERROR:360:signature algorithms error
+SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE:220:\
+ signature for non signing certificate
+SSL_R_SRP_A_CALC:361:error with the srp params
+SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES:362:srtp could not allocate profiles
+SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG:363:\
+ srtp protection profile list too long
+SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE:364:srtp unknown protection profile
+SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH:232:\
+ ssl3 ext invalid max fragment length
+SSL_R_SSL3_EXT_INVALID_SERVERNAME:319:ssl3 ext invalid servername
+SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE:320:ssl3 ext invalid servername type
+SSL_R_SSL3_SESSION_ID_TOO_LONG:300:ssl3 session id too long
+SSL_R_SSL_COMMAND_SECTION_EMPTY:117:ssl command section empty
+SSL_R_SSL_COMMAND_SECTION_NOT_FOUND:125:ssl command section not found
+SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION:228:ssl ctx has no default ssl version
+SSL_R_SSL_HANDSHAKE_FAILURE:229:ssl handshake failure
+SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS:230:ssl library has no ciphers
+SSL_R_SSL_NEGATIVE_LENGTH:372:ssl negative length
+SSL_R_SSL_SECTION_EMPTY:126:ssl section empty
+SSL_R_SSL_SECTION_NOT_FOUND:136:ssl section not found
+SSL_R_SSL_SESSION_ID_CALLBACK_FAILED:301:ssl session id callback failed
+SSL_R_SSL_SESSION_ID_CONFLICT:302:ssl session id conflict
+SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG:273:ssl session id context too long
+SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH:303:ssl session id has bad length
+SSL_R_SSL_SESSION_ID_TOO_LONG:408:ssl session id too long
+SSL_R_SSL_SESSION_VERSION_MISMATCH:210:ssl session version mismatch
+SSL_R_STILL_IN_INIT:121:still in init
+SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT:365:peer does not accept heartbeats
+SSL_R_TLS_HEARTBEAT_PENDING:366:heartbeat request already pending
+SSL_R_TLS_ILLEGAL_EXPORTER_LABEL:367:tls illegal exporter label
+SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST:157:tls invalid ecpointformat list
+SSL_R_TOO_MANY_KEY_UPDATES:132:too many key updates
+SSL_R_TOO_MANY_WARN_ALERTS:409:too many warn alerts
+SSL_R_TOO_MUCH_EARLY_DATA:164:too much early data
+SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS:314:unable to find ecdh parameters
+SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS:239:\
+ unable to find public key parameters
+SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES:242:unable to load ssl3 md5 routines
+SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES:243:unable to load ssl3 sha1 routines
+SSL_R_UNEXPECTED_CCS_MESSAGE:262:unexpected ccs message
+SSL_R_UNEXPECTED_END_OF_EARLY_DATA:178:unexpected end of early data
+SSL_R_UNEXPECTED_MESSAGE:244:unexpected message
+SSL_R_UNEXPECTED_RECORD:245:unexpected record
+SSL_R_UNINITIALIZED:276:uninitialized
+SSL_R_UNKNOWN_ALERT_TYPE:246:unknown alert type
+SSL_R_UNKNOWN_CERTIFICATE_TYPE:247:unknown certificate type
+SSL_R_UNKNOWN_CIPHER_RETURNED:248:unknown cipher returned
+SSL_R_UNKNOWN_CIPHER_TYPE:249:unknown cipher type
+SSL_R_UNKNOWN_CMD_NAME:386:unknown cmd name
+SSL_R_UNKNOWN_COMMAND:139:unknown command
+SSL_R_UNKNOWN_DIGEST:368:unknown digest
+SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE:250:unknown key exchange type
+SSL_R_UNKNOWN_PKEY_TYPE:251:unknown pkey type
+SSL_R_UNKNOWN_PROTOCOL:252:unknown protocol
+SSL_R_UNKNOWN_SSL_VERSION:254:unknown ssl version
+SSL_R_UNKNOWN_STATE:255:unknown state
+SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED:338:\
+ unsafe legacy renegotiation disabled
+SSL_R_UNSOLICITED_EXTENSION:217:unsolicited extension
+SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM:257:unsupported compression algorithm
+SSL_R_UNSUPPORTED_ELLIPTIC_CURVE:315:unsupported elliptic curve
+SSL_R_UNSUPPORTED_PROTOCOL:258:unsupported protocol
+SSL_R_UNSUPPORTED_SSL_VERSION:259:unsupported ssl version
+SSL_R_UNSUPPORTED_STATUS_TYPE:329:unsupported status type
+SSL_R_USE_SRTP_NOT_NEGOTIATED:369:use srtp not negotiated
+SSL_R_VERSION_TOO_HIGH:166:version too high
+SSL_R_VERSION_TOO_LOW:396:version too low
+SSL_R_WRONG_CERTIFICATE_TYPE:383:wrong certificate type
+SSL_R_WRONG_CIPHER_RETURNED:261:wrong cipher returned
+SSL_R_WRONG_CURVE:378:wrong curve
+SSL_R_WRONG_SIGNATURE_LENGTH:264:wrong signature length
+SSL_R_WRONG_SIGNATURE_SIZE:265:wrong signature size
+SSL_R_WRONG_SIGNATURE_TYPE:370:wrong signature type
+SSL_R_WRONG_SSL_VERSION:266:wrong ssl version
+SSL_R_WRONG_VERSION_NUMBER:267:wrong version number
+SSL_R_X509_LIB:268:x509 lib
+SSL_R_X509_VERIFICATION_SETUP_PROBLEMS:269:x509 verification setup problems
+TS_R_BAD_PKCS7_TYPE:132:bad pkcs7 type
+TS_R_BAD_TYPE:133:bad type
+TS_R_CANNOT_LOAD_CERT:137:cannot load certificate
+TS_R_CANNOT_LOAD_KEY:138:cannot load private key
+TS_R_CERTIFICATE_VERIFY_ERROR:100:certificate verify error
+TS_R_COULD_NOT_SET_ENGINE:127:could not set engine
+TS_R_COULD_NOT_SET_TIME:115:could not set time
+TS_R_DETACHED_CONTENT:134:detached content
+TS_R_ESS_ADD_SIGNING_CERT_ERROR:116:ess add signing cert error
+TS_R_ESS_ADD_SIGNING_CERT_V2_ERROR:139:ess add signing cert v2 error
+TS_R_ESS_SIGNING_CERTIFICATE_ERROR:101:ess signing certificate error
+TS_R_INVALID_NULL_POINTER:102:invalid null pointer
+TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE:117:invalid signer certificate purpose
+TS_R_MESSAGE_IMPRINT_MISMATCH:103:message imprint mismatch
+TS_R_NONCE_MISMATCH:104:nonce mismatch
+TS_R_NONCE_NOT_RETURNED:105:nonce not returned
+TS_R_NO_CONTENT:106:no content
+TS_R_NO_TIME_STAMP_TOKEN:107:no time stamp token
+TS_R_PKCS7_ADD_SIGNATURE_ERROR:118:pkcs7 add signature error
+TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR:119:pkcs7 add signed attr error
+TS_R_PKCS7_TO_TS_TST_INFO_FAILED:129:pkcs7 to ts tst info failed
+TS_R_POLICY_MISMATCH:108:policy mismatch
+TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE:120:\
+ private key does not match certificate
+TS_R_RESPONSE_SETUP_ERROR:121:response setup error
+TS_R_SIGNATURE_FAILURE:109:signature failure
+TS_R_THERE_MUST_BE_ONE_SIGNER:110:there must be one signer
+TS_R_TIME_SYSCALL_ERROR:122:time syscall error
+TS_R_TOKEN_NOT_PRESENT:130:token not present
+TS_R_TOKEN_PRESENT:131:token present
+TS_R_TSA_NAME_MISMATCH:111:tsa name mismatch
+TS_R_TSA_UNTRUSTED:112:tsa untrusted
+TS_R_TST_INFO_SETUP_ERROR:123:tst info setup error
+TS_R_TS_DATASIGN:124:ts datasign
+TS_R_UNACCEPTABLE_POLICY:125:unacceptable policy
+TS_R_UNSUPPORTED_MD_ALGORITHM:126:unsupported md algorithm
+TS_R_UNSUPPORTED_VERSION:113:unsupported version
+TS_R_VAR_BAD_VALUE:135:var bad value
+TS_R_VAR_LOOKUP_FAILURE:136:cannot find config variable
+TS_R_WRONG_CONTENT_TYPE:114:wrong content type
+UI_R_COMMON_OK_AND_CANCEL_CHARACTERS:104:common ok and cancel characters
+UI_R_INDEX_TOO_LARGE:102:index too large
+UI_R_INDEX_TOO_SMALL:103:index too small
+UI_R_NO_RESULT_BUFFER:105:no result buffer
+UI_R_PROCESSING_ERROR:107:processing error
+UI_R_RESULT_TOO_LARGE:100:result too large
+UI_R_RESULT_TOO_SMALL:101:result too small
+UI_R_SYSASSIGN_ERROR:109:sys$assign error
+UI_R_SYSDASSGN_ERROR:110:sys$dassgn error
+UI_R_SYSQIOW_ERROR:111:sys$qiow error
+UI_R_UNKNOWN_CONTROL_COMMAND:106:unknown control command
+UI_R_UNKNOWN_TTYGET_ERRNO_VALUE:108:unknown ttyget errno value
+UI_R_USER_DATA_DUPLICATION_UNSUPPORTED:112:user data duplication unsupported
+X509V3_R_BAD_IP_ADDRESS:118:bad ip address
+X509V3_R_BAD_OBJECT:119:bad object
+X509V3_R_BN_DEC2BN_ERROR:100:bn dec2bn error
+X509V3_R_BN_TO_ASN1_INTEGER_ERROR:101:bn to asn1 integer error
+X509V3_R_DIRNAME_ERROR:149:dirname error
+X509V3_R_DISTPOINT_ALREADY_SET:160:distpoint already set
+X509V3_R_DUPLICATE_ZONE_ID:133:duplicate zone id
+X509V3_R_ERROR_CONVERTING_ZONE:131:error converting zone
+X509V3_R_ERROR_CREATING_EXTENSION:144:error creating extension
+X509V3_R_ERROR_IN_EXTENSION:128:error in extension
+X509V3_R_EXPECTED_A_SECTION_NAME:137:expected a section name
+X509V3_R_EXTENSION_EXISTS:145:extension exists
+X509V3_R_EXTENSION_NAME_ERROR:115:extension name error
+X509V3_R_EXTENSION_NOT_FOUND:102:extension not found
+X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED:103:extension setting not supported
+X509V3_R_EXTENSION_VALUE_ERROR:116:extension value error
+X509V3_R_ILLEGAL_EMPTY_EXTENSION:151:illegal empty extension
+X509V3_R_INCORRECT_POLICY_SYNTAX_TAG:152:incorrect policy syntax tag
+X509V3_R_INVALID_ASNUMBER:162:invalid asnumber
+X509V3_R_INVALID_ASRANGE:163:invalid asrange
+X509V3_R_INVALID_BOOLEAN_STRING:104:invalid boolean string
+X509V3_R_INVALID_EXTENSION_STRING:105:invalid extension string
+X509V3_R_INVALID_INHERITANCE:165:invalid inheritance
+X509V3_R_INVALID_IPADDRESS:166:invalid ipaddress
+X509V3_R_INVALID_MULTIPLE_RDNS:161:invalid multiple rdns
+X509V3_R_INVALID_NAME:106:invalid name
+X509V3_R_INVALID_NULL_ARGUMENT:107:invalid null argument
+X509V3_R_INVALID_NULL_NAME:108:invalid null name
+X509V3_R_INVALID_NULL_VALUE:109:invalid null value
+X509V3_R_INVALID_NUMBER:140:invalid number
+X509V3_R_INVALID_NUMBERS:141:invalid numbers
+X509V3_R_INVALID_OBJECT_IDENTIFIER:110:invalid object identifier
+X509V3_R_INVALID_OPTION:138:invalid option
+X509V3_R_INVALID_POLICY_IDENTIFIER:134:invalid policy identifier
+X509V3_R_INVALID_PROXY_POLICY_SETTING:153:invalid proxy policy setting
+X509V3_R_INVALID_PURPOSE:146:invalid purpose
+X509V3_R_INVALID_SAFI:164:invalid safi
+X509V3_R_INVALID_SECTION:135:invalid section
+X509V3_R_INVALID_SYNTAX:143:invalid syntax
+X509V3_R_ISSUER_DECODE_ERROR:126:issuer decode error
+X509V3_R_MISSING_VALUE:124:missing value
+X509V3_R_NEED_ORGANIZATION_AND_NUMBERS:142:need organization and numbers
+X509V3_R_NO_CONFIG_DATABASE:136:no config database
+X509V3_R_NO_ISSUER_CERTIFICATE:121:no issuer certificate
+X509V3_R_NO_ISSUER_DETAILS:127:no issuer details
+X509V3_R_NO_POLICY_IDENTIFIER:139:no policy identifier
+X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED:154:\
+ no proxy cert policy language defined
+X509V3_R_NO_PUBLIC_KEY:114:no public key
+X509V3_R_NO_SUBJECT_DETAILS:125:no subject details
+X509V3_R_OPERATION_NOT_DEFINED:148:operation not defined
+X509V3_R_OTHERNAME_ERROR:147:othername error
+X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED:155:policy language already defined
+X509V3_R_POLICY_PATH_LENGTH:156:policy path length
+X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED:157:\
+ policy path length already defined
+X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY:159:\
+ policy when proxy language requires no policy
+X509V3_R_SECTION_NOT_FOUND:150:section not found
+X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS:122:unable to get issuer details
+X509V3_R_UNABLE_TO_GET_ISSUER_KEYID:123:unable to get issuer keyid
+X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT:111:unknown bit string argument
+X509V3_R_UNKNOWN_EXTENSION:129:unknown extension
+X509V3_R_UNKNOWN_EXTENSION_NAME:130:unknown extension name
+X509V3_R_UNKNOWN_OPTION:120:unknown option
+X509V3_R_UNSUPPORTED_OPTION:117:unsupported option
+X509V3_R_UNSUPPORTED_TYPE:167:unsupported type
+X509V3_R_USER_TOO_LONG:132:user too long
+X509_R_AKID_MISMATCH:110:akid mismatch
+X509_R_BAD_SELECTOR:133:bad selector
+X509_R_BAD_X509_FILETYPE:100:bad x509 filetype
+X509_R_BASE64_DECODE_ERROR:118:base64 decode error
+X509_R_CANT_CHECK_DH_KEY:114:cant check dh key
+X509_R_CERT_ALREADY_IN_HASH_TABLE:101:cert already in hash table
+X509_R_CRL_ALREADY_DELTA:127:crl already delta
+X509_R_CRL_VERIFY_FAILURE:131:crl verify failure
+X509_R_IDP_MISMATCH:128:idp mismatch
+X509_R_INVALID_ATTRIBUTES:138:invalid attributes
+X509_R_INVALID_DIRECTORY:113:invalid directory
+X509_R_INVALID_FIELD_NAME:119:invalid field name
+X509_R_INVALID_TRUST:123:invalid trust
+X509_R_ISSUER_MISMATCH:129:issuer mismatch
+X509_R_KEY_TYPE_MISMATCH:115:key type mismatch
+X509_R_KEY_VALUES_MISMATCH:116:key values mismatch
+X509_R_LOADING_CERT_DIR:103:loading cert dir
+X509_R_LOADING_DEFAULTS:104:loading defaults
+X509_R_METHOD_NOT_SUPPORTED:124:method not supported
+X509_R_NAME_TOO_LONG:134:name too long
+X509_R_NEWER_CRL_NOT_NEWER:132:newer crl not newer
+X509_R_NO_CERTIFICATE_FOUND:135:no certificate found
+X509_R_NO_CERTIFICATE_OR_CRL_FOUND:136:no certificate or crl found
+X509_R_NO_CERT_SET_FOR_US_TO_VERIFY:105:no cert set for us to verify
+X509_R_NO_CRL_FOUND:137:no crl found
+X509_R_NO_CRL_NUMBER:130:no crl number
+X509_R_PUBLIC_KEY_DECODE_ERROR:125:public key decode error
+X509_R_PUBLIC_KEY_ENCODE_ERROR:126:public key encode error
+X509_R_SHOULD_RETRY:106:should retry
+X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN:107:unable to find parameters in chain
+X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY:108:unable to get certs public key
+X509_R_UNKNOWN_KEY_TYPE:117:unknown key type
+X509_R_UNKNOWN_NID:109:unknown nid
+X509_R_UNKNOWN_PURPOSE_ID:121:unknown purpose id
+X509_R_UNKNOWN_TRUST_ID:120:unknown trust id
+X509_R_UNSUPPORTED_ALGORITHM:111:unsupported algorithm
+X509_R_WRONG_LOOKUP_TYPE:112:wrong lookup type
+X509_R_WRONG_TYPE:122:wrong type
Index: sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/crypto/pkcs12/p12_add.c
===================================================================
--- sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/crypto/pkcs12/p12_add.c (nonexistent)
+++ sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/crypto/pkcs12/p12_add.c (revision 420)
@@ -0,0 +1,182 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/pkcs12.h>
+#include "p12_local.h"
+
+/* Pack an object into an OCTET STRING and turn into a safebag */
+
+PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it,
+ int nid1, int nid2)
+{
+ PKCS12_BAGS *bag;
+ PKCS12_SAFEBAG *safebag;
+
+ if ((bag = PKCS12_BAGS_new()) == NULL) {
+ PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ bag->type = OBJ_nid2obj(nid1);
+ if (!ASN1_item_pack(obj, it, &bag->value.octet)) {
+ PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if ((safebag = PKCS12_SAFEBAG_new()) == NULL) {
+ PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ safebag->value.bag = bag;
+ safebag->type = OBJ_nid2obj(nid2);
+ return safebag;
+
+ err:
+ PKCS12_BAGS_free(bag);
+ return NULL;
+}
+
+/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
+PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
+{
+ PKCS7 *p7;
+
+ if ((p7 = PKCS7_new()) == NULL) {
+ PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ p7->type = OBJ_nid2obj(NID_pkcs7_data);
+ if ((p7->d.data = ASN1_OCTET_STRING_new()) == NULL) {
+ PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) {
+ PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE);
+ goto err;
+ }
+ return p7;
+
+ err:
+ PKCS7_free(p7);
+ return NULL;
+}
+
+/* Unpack SAFEBAGS from PKCS#7 data ContentInfo */
+STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7)
+{
+ if (!PKCS7_type_is_data(p7)) {
+ PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA,
+ PKCS12_R_CONTENT_TYPE_NOT_DATA);
+ return NULL;
+ }
+
+ if (p7->d.data == NULL) {
+ PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA, PKCS12_R_DECODE_ERROR);
+ return NULL;
+ }
+
+ return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS));
+}
+
+/* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */
+
+PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
+ unsigned char *salt, int saltlen, int iter,
+ STACK_OF(PKCS12_SAFEBAG) *bags)
+{
+ PKCS7 *p7;
+ X509_ALGOR *pbe;
+ const EVP_CIPHER *pbe_ciph;
+
+ if ((p7 = PKCS7_new()) == NULL) {
+ PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ if (!PKCS7_set_type(p7, NID_pkcs7_encrypted)) {
+ PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA,
+ PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
+ goto err;
+ }
+
+ pbe_ciph = EVP_get_cipherbynid(pbe_nid);
+
+ if (pbe_ciph)
+ pbe = PKCS5_pbe2_set(pbe_ciph, iter, salt, saltlen);
+ else
+ pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
+
+ if (!pbe) {
+ PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm);
+ p7->d.encrypted->enc_data->algorithm = pbe;
+ ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
+ if (!(p7->d.encrypted->enc_data->enc_data =
+ PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass,
+ passlen, bags, 1))) {
+ PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR);
+ goto err;
+ }
+
+ return p7;
+
+ err:
+ PKCS7_free(p7);
+ return NULL;
+}
+
+STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass,
+ int passlen)
+{
+ if (!PKCS7_type_is_encrypted(p7))
+ return NULL;
+
+ if (p7->d.encrypted == NULL) {
+ PKCS12err(PKCS12_F_PKCS12_UNPACK_P7ENCDATA, PKCS12_R_DECODE_ERROR);
+ return NULL;
+ }
+
+ return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm,
+ ASN1_ITEM_rptr(PKCS12_SAFEBAGS),
+ pass, passlen,
+ p7->d.encrypted->enc_data->enc_data, 1);
+}
+
+PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag,
+ const char *pass, int passlen)
+{
+ return PKCS8_decrypt(bag->value.shkeybag, pass, passlen);
+}
+
+int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes)
+{
+ if (ASN1_item_pack(safes, ASN1_ITEM_rptr(PKCS12_AUTHSAFES),
+ &p12->authsafes->d.data))
+ return 1;
+ return 0;
+}
+
+STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12)
+{
+ if (!PKCS7_type_is_data(p12->authsafes)) {
+ PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES,
+ PKCS12_R_CONTENT_TYPE_NOT_DATA);
+ return NULL;
+ }
+
+ if (p12->authsafes->d.data == NULL) {
+ PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES, PKCS12_R_DECODE_ERROR);
+ return NULL;
+ }
+
+ return ASN1_item_unpack(p12->authsafes->d.data,
+ ASN1_ITEM_rptr(PKCS12_AUTHSAFES));
+}
Index: sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/crypto/pkcs12/p12_mutl.c
===================================================================
--- sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/crypto/pkcs12/p12_mutl.c (nonexistent)
+++ sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/crypto/pkcs12/p12_mutl.c (revision 420)
@@ -0,0 +1,251 @@
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/crypto.h>
+#include <openssl/hmac.h>
+#include <openssl/rand.h>
+#include <openssl/pkcs12.h>
+#include "p12_local.h"
+
+int PKCS12_mac_present(const PKCS12 *p12)
+{
+ return p12->mac ? 1 : 0;
+}
+
+void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac,
+ const X509_ALGOR **pmacalg,
+ const ASN1_OCTET_STRING **psalt,
+ const ASN1_INTEGER **piter,
+ const PKCS12 *p12)
+{
+ if (p12->mac) {
+ X509_SIG_get0(p12->mac->dinfo, pmacalg, pmac);
+ if (psalt)
+ *psalt = p12->mac->salt;
+ if (piter)
+ *piter = p12->mac->iter;
+ } else {
+ if (pmac)
+ *pmac = NULL;
+ if (pmacalg)
+ *pmacalg = NULL;
+ if (psalt)
+ *psalt = NULL;
+ if (piter)
+ *piter = NULL;
+ }
+}
+
+#define TK26_MAC_KEY_LEN 32
+
+static int pkcs12_gen_gost_mac_key(const char *pass, int passlen,
+ const unsigned char *salt, int saltlen,
+ int iter, int keylen, unsigned char *key,
+ const EVP_MD *digest)
+{
+ unsigned char out[96];
+
+ if (keylen != TK26_MAC_KEY_LEN) {
+ return 0;
+ }
+
+ if (!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter,
+ digest, sizeof(out), out)) {
+ return 0;
+ }
+ memcpy(key, out + sizeof(out) - TK26_MAC_KEY_LEN, TK26_MAC_KEY_LEN);
+ OPENSSL_cleanse(out, sizeof(out));
+ return 1;
+}
+
+/* Generate a MAC */
+static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
+ unsigned char *mac, unsigned int *maclen,
+ int (*pkcs12_key_gen)(const char *pass, int passlen,
+ unsigned char *salt, int slen,
+ int id, int iter, int n,
+ unsigned char *out,
+ const EVP_MD *md_type))
+{
+ int ret = 0;
+ const EVP_MD *md_type;
+ HMAC_CTX *hmac = NULL;
+ unsigned char key[EVP_MAX_MD_SIZE], *salt;
+ int saltlen, iter;
+ int md_size = 0;
+ int md_type_nid;
+ const X509_ALGOR *macalg;
+ const ASN1_OBJECT *macoid;
+
+ if (pkcs12_key_gen == NULL)
+ pkcs12_key_gen = PKCS12_key_gen_utf8;
+
+ if (!PKCS7_type_is_data(p12->authsafes)) {
+ PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_CONTENT_TYPE_NOT_DATA);
+ return 0;
+ }
+
+ if (p12->authsafes->d.data == NULL) {
+ PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_DECODE_ERROR);
+ return 0;
+ }
+
+ salt = p12->mac->salt->data;
+ saltlen = p12->mac->salt->length;
+ if (!p12->mac->iter)
+ iter = 1;
+ else
+ iter = ASN1_INTEGER_get(p12->mac->iter);
+ X509_SIG_get0(p12->mac->dinfo, &macalg, NULL);
+ X509_ALGOR_get0(&macoid, NULL, NULL, macalg);
+ if ((md_type = EVP_get_digestbyobj(macoid)) == NULL) {
+ PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
+ return 0;
+ }
+ md_size = EVP_MD_size(md_type);
+ md_type_nid = EVP_MD_type(md_type);
+ if (md_size < 0)
+ return 0;
+ if ((md_type_nid == NID_id_GostR3411_94
+ || md_type_nid == NID_id_GostR3411_2012_256
+ || md_type_nid == NID_id_GostR3411_2012_512)
+ && ossl_safe_getenv("LEGACY_GOST_PKCS12") == NULL) {
+ md_size = TK26_MAC_KEY_LEN;
+ if (!pkcs12_gen_gost_mac_key(pass, passlen, salt, saltlen, iter,
+ md_size, key, md_type)) {
+ PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR);
+ goto err;
+ }
+ } else
+ if (!(*pkcs12_key_gen)(pass, passlen, salt, saltlen, PKCS12_MAC_ID,
+ iter, md_size, key, md_type)) {
+ PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR);
+ goto err;
+ }
+ if ((hmac = HMAC_CTX_new()) == NULL
+ || !HMAC_Init_ex(hmac, key, md_size, md_type, NULL)
+ || !HMAC_Update(hmac, p12->authsafes->d.data->data,
+ p12->authsafes->d.data->length)
+ || !HMAC_Final(hmac, mac, maclen)) {
+ goto err;
+ }
+ ret = 1;
+
+err:
+ OPENSSL_cleanse(key, sizeof(key));
+ HMAC_CTX_free(hmac);
+ return ret;
+}
+
+int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
+ unsigned char *mac, unsigned int *maclen)
+{
+ return pkcs12_gen_mac(p12, pass, passlen, mac, maclen, NULL);
+}
+
+/* Verify the mac */
+int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen)
+{
+ unsigned char mac[EVP_MAX_MD_SIZE];
+ unsigned int maclen;
+ const ASN1_OCTET_STRING *macoct;
+
+ if (p12->mac == NULL) {
+ PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_ABSENT);
+ return 0;
+ }
+ if (!pkcs12_gen_mac(p12, pass, passlen, mac, &maclen,
+ PKCS12_key_gen_utf8)) {
+ PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_GENERATION_ERROR);
+ return 0;
+ }
+ X509_SIG_get0(p12->mac->dinfo, NULL, &macoct);
+ if ((maclen != (unsigned int)ASN1_STRING_length(macoct))
+ || CRYPTO_memcmp(mac, ASN1_STRING_get0_data(macoct), maclen) != 0)
+ return 0;
+
+ return 1;
+}
+
+/* Set a mac */
+
+int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
+ unsigned char *salt, int saltlen, int iter,
+ const EVP_MD *md_type)
+{
+ unsigned char mac[EVP_MAX_MD_SIZE];
+ unsigned int maclen;
+ ASN1_OCTET_STRING *macoct;
+
+ if (!md_type)
+ md_type = EVP_sha1();
+ if (PKCS12_setup_mac(p12, iter, salt, saltlen, md_type) == PKCS12_ERROR) {
+ PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_SETUP_ERROR);
+ return 0;
+ }
+ /*
+ * Note that output mac is forced to UTF-8...
+ */
+ if (!pkcs12_gen_mac(p12, pass, passlen, mac, &maclen,
+ PKCS12_key_gen_utf8)) {
+ PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_GENERATION_ERROR);
+ return 0;
+ }
+ X509_SIG_getm(p12->mac->dinfo, NULL, &macoct);
+ if (!ASN1_OCTET_STRING_set(macoct, mac, maclen)) {
+ PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_STRING_SET_ERROR);
+ return 0;
+ }
+ return 1;
+}
+
+/* Set up a mac structure */
+int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
+ const EVP_MD *md_type)
+{
+ X509_ALGOR *macalg;
+
+ PKCS12_MAC_DATA_free(p12->mac);
+ p12->mac = NULL;
+
+ if ((p12->mac = PKCS12_MAC_DATA_new()) == NULL)
+ return PKCS12_ERROR;
+ if (iter > 1) {
+ if ((p12->mac->iter = ASN1_INTEGER_new()) == NULL) {
+ PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ if (!ASN1_INTEGER_set(p12->mac->iter, iter)) {
+ PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ }
+ if (!saltlen)
+ saltlen = PKCS12_SALT_LEN;
+ if ((p12->mac->salt->data = OPENSSL_malloc(saltlen)) == NULL) {
+ PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ p12->mac->salt->length = saltlen;
+ if (!salt) {
+ if (RAND_bytes(p12->mac->salt->data, saltlen) <= 0)
+ return 0;
+ } else
+ memcpy(p12->mac->salt->data, salt, saltlen);
+ X509_SIG_getm(p12->mac->dinfo, &macalg, NULL);
+ if (!X509_ALGOR_set0(macalg, OBJ_nid2obj(EVP_MD_type(md_type)),
+ V_ASN1_NULL, NULL)) {
+ PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
+ return 1;
+}
Index: sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/crypto/pkcs12/p12_npas.c
===================================================================
--- sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/crypto/pkcs12/p12_npas.c (nonexistent)
+++ sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/crypto/pkcs12/p12_npas.c (revision 420)
@@ -0,0 +1,185 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/pkcs12.h>
+#include "p12_local.h"
+
+/* PKCS#12 password change routine */
+
+static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass);
+static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass,
+ const char *newpass);
+static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass,
+ const char *newpass);
+static int alg_get(const X509_ALGOR *alg, int *pnid, int *piter,
+ int *psaltlen);
+
+/*
+ * Change the password on a PKCS#12 structure.
+ */
+
+int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass)
+{
+ /* Check for NULL PKCS12 structure */
+
+ if (!p12) {
+ PKCS12err(PKCS12_F_PKCS12_NEWPASS,
+ PKCS12_R_INVALID_NULL_PKCS12_POINTER);
+ return 0;
+ }
+
+ /* Check the mac */
+
+ if (!PKCS12_verify_mac(p12, oldpass, -1)) {
+ PKCS12err(PKCS12_F_PKCS12_NEWPASS, PKCS12_R_MAC_VERIFY_FAILURE);
+ return 0;
+ }
+
+ if (!newpass_p12(p12, oldpass, newpass)) {
+ PKCS12err(PKCS12_F_PKCS12_NEWPASS, PKCS12_R_PARSE_ERROR);
+ return 0;
+ }
+
+ return 1;
+}
+
+/* Parse the outer PKCS#12 structure */
+
+static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass)
+{
+ STACK_OF(PKCS7) *asafes = NULL, *newsafes = NULL;
+ STACK_OF(PKCS12_SAFEBAG) *bags = NULL;
+ int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0;
+ PKCS7 *p7, *p7new;
+ ASN1_OCTET_STRING *p12_data_tmp = NULL, *macoct = NULL;
+ unsigned char mac[EVP_MAX_MD_SIZE];
+ unsigned int maclen;
+ int rv = 0;
+
+ if ((asafes = PKCS12_unpack_authsafes(p12)) == NULL)
+ goto err;
+ if ((newsafes = sk_PKCS7_new_null()) == NULL)
+ goto err;
+ for (i = 0; i < sk_PKCS7_num(asafes); i++) {
+ p7 = sk_PKCS7_value(asafes, i);
+ bagnid = OBJ_obj2nid(p7->type);
+ if (bagnid == NID_pkcs7_data) {
+ bags = PKCS12_unpack_p7data(p7);
+ } else if (bagnid == NID_pkcs7_encrypted) {
+ bags = PKCS12_unpack_p7encdata(p7, oldpass, -1);
+ if (p7->d.encrypted == NULL
+ || !alg_get(p7->d.encrypted->enc_data->algorithm,
+ &pbe_nid, &pbe_iter, &pbe_saltlen))
+ goto err;
+ } else {
+ continue;
+ }
+ if (bags == NULL)
+ goto err;
+ if (!newpass_bags(bags, oldpass, newpass))
+ goto err;
+ /* Repack bag in same form with new password */
+ if (bagnid == NID_pkcs7_data)
+ p7new = PKCS12_pack_p7data(bags);
+ else
+ p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, NULL,
+ pbe_saltlen, pbe_iter, bags);
+ if (!p7new || !sk_PKCS7_push(newsafes, p7new))
+ goto err;
+ sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+ bags = NULL;
+ }
+
+ /* Repack safe: save old safe in case of error */
+
+ p12_data_tmp = p12->authsafes->d.data;
+ if ((p12->authsafes->d.data = ASN1_OCTET_STRING_new()) == NULL)
+ goto err;
+ if (!PKCS12_pack_authsafes(p12, newsafes))
+ goto err;
+
+ if (!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen))
+ goto err;
+ X509_SIG_getm(p12->mac->dinfo, NULL, &macoct);
+ if (!ASN1_OCTET_STRING_set(macoct, mac, maclen))
+ goto err;
+
+ rv = 1;
+
+err:
+ /* Restore old safe if necessary */
+ if (rv == 1) {
+ ASN1_OCTET_STRING_free(p12_data_tmp);
+ } else if (p12_data_tmp != NULL) {
+ ASN1_OCTET_STRING_free(p12->authsafes->d.data);
+ p12->authsafes->d.data = p12_data_tmp;
+ }
+ sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+ sk_PKCS7_pop_free(asafes, PKCS7_free);
+ sk_PKCS7_pop_free(newsafes, PKCS7_free);
+ return rv;
+}
+
+static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass,
+ const char *newpass)
+{
+ int i;
+ for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
+ if (!newpass_bag(sk_PKCS12_SAFEBAG_value(bags, i), oldpass, newpass))
+ return 0;
+ }
+ return 1;
+}
+
+/* Change password of safebag: only needs handle shrouded keybags */
+
+static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass,
+ const char *newpass)
+{
+ PKCS8_PRIV_KEY_INFO *p8;
+ X509_SIG *p8new;
+ int p8_nid, p8_saltlen, p8_iter;
+ const X509_ALGOR *shalg;
+
+ if (PKCS12_SAFEBAG_get_nid(bag) != NID_pkcs8ShroudedKeyBag)
+ return 1;
+
+ if ((p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1)) == NULL)
+ return 0;
+ X509_SIG_get0(bag->value.shkeybag, &shalg, NULL);
+ if (!alg_get(shalg, &p8_nid, &p8_iter, &p8_saltlen))
+ return 0;
+ p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen,
+ p8_iter, p8);
+ PKCS8_PRIV_KEY_INFO_free(p8);
+ if (p8new == NULL)
+ return 0;
+ X509_SIG_free(bag->value.shkeybag);
+ bag->value.shkeybag = p8new;
+ return 1;
+}
+
+static int alg_get(const X509_ALGOR *alg, int *pnid, int *piter,
+ int *psaltlen)
+{
+ PBEPARAM *pbe;
+ pbe = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBEPARAM), alg->parameter);
+ if (!pbe)
+ return 0;
+ *pnid = OBJ_obj2nid(alg->algorithm);
+ *piter = ASN1_INTEGER_get(pbe->iter);
+ *psaltlen = pbe->salt->length;
+ PBEPARAM_free(pbe);
+ return 1;
+}
Index: sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/crypto/pkcs12/pk12err.c
===================================================================
--- sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/crypto/pkcs12/pk12err.c (nonexistent)
+++ sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/crypto/pkcs12/pk12err.c (revision 420)
@@ -0,0 +1,119 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/pkcs12err.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA PKCS12_str_functs[] = {
+ {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_OPENSSL_ASC2UNI, 0), "OPENSSL_asc2uni"},
+ {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_OPENSSL_UNI2ASC, 0), "OPENSSL_uni2asc"},
+ {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_OPENSSL_UNI2UTF8, 0),
+ "OPENSSL_uni2utf8"},
+ {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_OPENSSL_UTF82UNI, 0),
+ "OPENSSL_utf82uni"},
+ {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_CREATE, 0), "PKCS12_create"},
+ {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_GEN_MAC, 0), "PKCS12_gen_mac"},
+ {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_INIT, 0), "PKCS12_init"},
+ {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_ITEM_DECRYPT_D2I, 0),
+ "PKCS12_item_decrypt_d2i"},
+ {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, 0),
+ "PKCS12_item_i2d_encrypt"},
+ {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, 0),
+ "PKCS12_item_pack_safebag"},
+ {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_KEY_GEN_ASC, 0),
+ "PKCS12_key_gen_asc"},
+ {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_KEY_GEN_UNI, 0),
+ "PKCS12_key_gen_uni"},
+ {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_KEY_GEN_UTF8, 0),
+ "PKCS12_key_gen_utf8"},
+ {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_NEWPASS, 0), "PKCS12_newpass"},
+ {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_PACK_P7DATA, 0),
+ "PKCS12_pack_p7data"},
+ {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_PACK_P7ENCDATA, 0),
+ "PKCS12_pack_p7encdata"},
+ {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_PARSE, 0), "PKCS12_parse"},
+ {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_PBE_CRYPT, 0),
+ "PKCS12_pbe_crypt"},
+ {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_PBE_KEYIVGEN, 0),
+ "PKCS12_PBE_keyivgen"},
+ {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF, 0),
+ "PKCS12_SAFEBAG_create0_p8inf"},
+ {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8, 0),
+ "PKCS12_SAFEBAG_create0_pkcs8"},
+ {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT, 0),
+ "PKCS12_SAFEBAG_create_pkcs8_encrypt"},
+ {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_SETUP_MAC, 0),
+ "PKCS12_setup_mac"},
+ {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_SET_MAC, 0), "PKCS12_set_mac"},
+ {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_UNPACK_AUTHSAFES, 0),
+ "PKCS12_unpack_authsafes"},
+ {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_UNPACK_P7DATA, 0),
+ "PKCS12_unpack_p7data"},
+ {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_UNPACK_P7ENCDATA, 0),
+ "PKCS12_unpack_p7encdata"},
+ {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_VERIFY_MAC, 0),
+ "PKCS12_verify_mac"},
+ {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS8_ENCRYPT, 0), "PKCS8_encrypt"},
+ {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS8_SET0_PBE, 0), "PKCS8_set0_pbe"},
+ {0, NULL}
+};
+
+static const ERR_STRING_DATA PKCS12_str_reasons[] = {
+ {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_CANT_PACK_STRUCTURE),
+ "cant pack structure"},
+ {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_CONTENT_TYPE_NOT_DATA),
+ "content type not data"},
+ {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_DECODE_ERROR), "decode error"},
+ {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_ENCODE_ERROR), "encode error"},
+ {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_ENCRYPT_ERROR), "encrypt error"},
+ {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE),
+ "error setting encrypted data type"},
+ {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_INVALID_NULL_ARGUMENT),
+ "invalid null argument"},
+ {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_INVALID_NULL_PKCS12_POINTER),
+ "invalid null pkcs12 pointer"},
+ {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_IV_GEN_ERROR), "iv gen error"},
+ {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_KEY_GEN_ERROR), "key gen error"},
+ {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_MAC_ABSENT), "mac absent"},
+ {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_MAC_GENERATION_ERROR),
+ "mac generation error"},
+ {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_MAC_SETUP_ERROR), "mac setup error"},
+ {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_MAC_STRING_SET_ERROR),
+ "mac string set error"},
+ {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_MAC_VERIFY_FAILURE),
+ "mac verify failure"},
+ {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_PARSE_ERROR), "parse error"},
+ {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR),
+ "pkcs12 algor cipherinit error"},
+ {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_PKCS12_CIPHERFINAL_ERROR),
+ "pkcs12 cipherfinal error"},
+ {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_PKCS12_PBE_CRYPT_ERROR),
+ "pkcs12 pbe crypt error"},
+ {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM),
+ "unknown digest algorithm"},
+ {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_UNSUPPORTED_PKCS12_MODE),
+ "unsupported pkcs12 mode"},
+ {0, NULL}
+};
+
+#endif
+
+int ERR_load_PKCS12_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+ if (ERR_func_error_string(PKCS12_str_functs[0].error) == NULL) {
+ ERR_load_strings_const(PKCS12_str_functs);
+ ERR_load_strings_const(PKCS12_str_reasons);
+ }
+#endif
+ return 1;
+}
Index: sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/crypto/pkcs7/pk7_mime.c
===================================================================
--- sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/crypto/pkcs7/pk7_mime.c (nonexistent)
+++ sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/crypto/pkcs7/pk7_mime.c (revision 420)
@@ -0,0 +1,53 @@
+/*
+ * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+
+/* PKCS#7 wrappers round generalised stream and MIME routines */
+
+int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags)
+{
+ return i2d_ASN1_bio_stream(out, (ASN1_VALUE *)p7, in, flags,
+ ASN1_ITEM_rptr(PKCS7));
+}
+
+int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags)
+{
+ return PEM_write_bio_ASN1_stream(out, (ASN1_VALUE *)p7, in, flags,
+ "PKCS7", ASN1_ITEM_rptr(PKCS7));
+}
+
+int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
+{
+ STACK_OF(X509_ALGOR) *mdalgs;
+ int ctype_nid = OBJ_obj2nid(p7->type);
+ if (ctype_nid == NID_pkcs7_signed) {
+ if (p7->d.sign == NULL) {
+ return 0;
+ }
+ mdalgs = p7->d.sign->md_algs;
+ }
+ else {
+ mdalgs = NULL;
+ }
+
+ flags ^= SMIME_OLDMIME;
+
+ return SMIME_write_ASN1(bio, (ASN1_VALUE *)p7, data, flags,
+ ctype_nid, NID_undef, mdalgs,
+ ASN1_ITEM_rptr(PKCS7));
+}
+
+PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont)
+{
+ return (PKCS7 *)SMIME_read_ASN1(bio, bcont, ASN1_ITEM_rptr(PKCS7));
+}
Index: sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/include/openssl/dh.h
===================================================================
--- sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/include/openssl/dh.h (nonexistent)
+++ sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/include/openssl/dh.h (revision 420)
@@ -0,0 +1,345 @@
+/*
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DH_H
+# define HEADER_DH_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_DH
+# include <openssl/e_os2.h>
+# include <openssl/bio.h>
+# include <openssl/asn1.h>
+# include <openssl/ossl_typ.h>
+# if OPENSSL_API_COMPAT < 0x10100000L
+# include <openssl/bn.h>
+# endif
+# include <openssl/dherr.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+# ifndef OPENSSL_DH_MAX_MODULUS_BITS
+# define OPENSSL_DH_MAX_MODULUS_BITS 10000
+# endif
+# ifndef OPENSSL_DH_CHECK_MAX_MODULUS_BITS
+# define OPENSSL_DH_CHECK_MAX_MODULUS_BITS 32768
+# endif
+
+# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
+
+# define DH_FLAG_CACHE_MONT_P 0x01
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+/*
+ * Does nothing. Previously this switched off constant time behaviour.
+ */
+# define DH_FLAG_NO_EXP_CONSTTIME 0x00
+# endif
+
+/*
+ * If this flag is set the DH method is FIPS compliant and can be used in
+ * FIPS mode. This is set in the validated module method. If an application
+ * sets this flag in its own methods it is its responsibility to ensure the
+ * result is compliant.
+ */
+
+# define DH_FLAG_FIPS_METHOD 0x0400
+
+/*
+ * If this flag is set the operations normally disabled in FIPS mode are
+ * permitted it is then the applications responsibility to ensure that the
+ * usage is compliant.
+ */
+
+# define DH_FLAG_NON_FIPS_ALLOW 0x0400
+
+/* Already defined in ossl_typ.h */
+/* typedef struct dh_st DH; */
+/* typedef struct dh_method DH_METHOD; */
+
+DECLARE_ASN1_ITEM(DHparams)
+
+# define DH_GENERATOR_2 2
+/* #define DH_GENERATOR_3 3 */
+# define DH_GENERATOR_5 5
+
+/* DH_check error codes, some of them shared with DH_check_pub_key */
+# define DH_CHECK_P_NOT_PRIME 0x01
+# define DH_CHECK_P_NOT_SAFE_PRIME 0x02
+# define DH_UNABLE_TO_CHECK_GENERATOR 0x04
+# define DH_NOT_SUITABLE_GENERATOR 0x08
+# define DH_CHECK_Q_NOT_PRIME 0x10
+# define DH_CHECK_INVALID_Q_VALUE 0x20 /* +DH_check_pub_key */
+# define DH_CHECK_INVALID_J_VALUE 0x40
+# define DH_MODULUS_TOO_SMALL 0x80
+# define DH_MODULUS_TOO_LARGE 0x100 /* +DH_check_pub_key */
+
+/* DH_check_pub_key error codes */
+# define DH_CHECK_PUBKEY_TOO_SMALL 0x01
+# define DH_CHECK_PUBKEY_TOO_LARGE 0x02
+# define DH_CHECK_PUBKEY_INVALID 0x04
+
+/*
+ * primes p where (p-1)/2 is prime too are called "safe"; we define this for
+ * backward compatibility:
+ */
+# define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME
+
+# define d2i_DHparams_fp(fp,x) \
+ (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
+ (char *(*)())d2i_DHparams, \
+ (fp), \
+ (unsigned char **)(x))
+# define i2d_DHparams_fp(fp,x) \
+ ASN1_i2d_fp(i2d_DHparams,(fp), (unsigned char *)(x))
+# define d2i_DHparams_bio(bp,x) \
+ ASN1_d2i_bio_of(DH, DH_new, d2i_DHparams, bp, x)
+# define i2d_DHparams_bio(bp,x) \
+ ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x)
+
+# define d2i_DHxparams_fp(fp,x) \
+ (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
+ (char *(*)())d2i_DHxparams, \
+ (fp), \
+ (unsigned char **)(x))
+# define i2d_DHxparams_fp(fp,x) \
+ ASN1_i2d_fp(i2d_DHxparams,(fp), (unsigned char *)(x))
+# define d2i_DHxparams_bio(bp,x) \
+ ASN1_d2i_bio_of(DH, DH_new, d2i_DHxparams, bp, x)
+# define i2d_DHxparams_bio(bp,x) \
+ ASN1_i2d_bio_of_const(DH, i2d_DHxparams, bp, x)
+
+DH *DHparams_dup(DH *);
+
+const DH_METHOD *DH_OpenSSL(void);
+
+void DH_set_default_method(const DH_METHOD *meth);
+const DH_METHOD *DH_get_default_method(void);
+int DH_set_method(DH *dh, const DH_METHOD *meth);
+DH *DH_new_method(ENGINE *engine);
+
+DH *DH_new(void);
+void DH_free(DH *dh);
+int DH_up_ref(DH *dh);
+int DH_bits(const DH *dh);
+int DH_size(const DH *dh);
+int DH_security_bits(const DH *dh);
+#define DH_get_ex_new_index(l, p, newf, dupf, freef) \
+ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, l, p, newf, dupf, freef)
+int DH_set_ex_data(DH *d, int idx, void *arg);
+void *DH_get_ex_data(DH *d, int idx);
+
+/* Deprecated version */
+DEPRECATEDIN_0_9_8(DH *DH_generate_parameters(int prime_len, int generator,
+ void (*callback) (int, int,
+ void *),
+ void *cb_arg))
+
+/* New version */
+int DH_generate_parameters_ex(DH *dh, int prime_len, int generator,
+ BN_GENCB *cb);
+
+int DH_check_params_ex(const DH *dh);
+int DH_check_ex(const DH *dh);
+int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key);
+int DH_check_params(const DH *dh, int *ret);
+int DH_check(const DH *dh, int *codes);
+int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *codes);
+int DH_generate_key(DH *dh);
+int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
+int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh);
+DH *d2i_DHparams(DH **a, const unsigned char **pp, long length);
+int i2d_DHparams(const DH *a, unsigned char **pp);
+DH *d2i_DHxparams(DH **a, const unsigned char **pp, long length);
+int i2d_DHxparams(const DH *a, unsigned char **pp);
+# ifndef OPENSSL_NO_STDIO
+int DHparams_print_fp(FILE *fp, const DH *x);
+# endif
+int DHparams_print(BIO *bp, const DH *x);
+
+/* RFC 5114 parameters */
+DH *DH_get_1024_160(void);
+DH *DH_get_2048_224(void);
+DH *DH_get_2048_256(void);
+
+/* Named parameters, currently RFC7919 */
+DH *DH_new_by_nid(int nid);
+int DH_get_nid(const DH *dh);
+
+# ifndef OPENSSL_NO_CMS
+/* RFC2631 KDF */
+int DH_KDF_X9_42(unsigned char *out, size_t outlen,
+ const unsigned char *Z, size_t Zlen,
+ ASN1_OBJECT *key_oid,
+ const unsigned char *ukm, size_t ukmlen, const EVP_MD *md);
+# endif
+
+void DH_get0_pqg(const DH *dh,
+ const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
+void DH_get0_key(const DH *dh,
+ const BIGNUM **pub_key, const BIGNUM **priv_key);
+int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
+const BIGNUM *DH_get0_p(const DH *dh);
+const BIGNUM *DH_get0_q(const DH *dh);
+const BIGNUM *DH_get0_g(const DH *dh);
+const BIGNUM *DH_get0_priv_key(const DH *dh);
+const BIGNUM *DH_get0_pub_key(const DH *dh);
+void DH_clear_flags(DH *dh, int flags);
+int DH_test_flags(const DH *dh, int flags);
+void DH_set_flags(DH *dh, int flags);
+ENGINE *DH_get0_engine(DH *d);
+long DH_get_length(const DH *dh);
+int DH_set_length(DH *dh, long length);
+
+DH_METHOD *DH_meth_new(const char *name, int flags);
+void DH_meth_free(DH_METHOD *dhm);
+DH_METHOD *DH_meth_dup(const DH_METHOD *dhm);
+const char *DH_meth_get0_name(const DH_METHOD *dhm);
+int DH_meth_set1_name(DH_METHOD *dhm, const char *name);
+int DH_meth_get_flags(const DH_METHOD *dhm);
+int DH_meth_set_flags(DH_METHOD *dhm, int flags);
+void *DH_meth_get0_app_data(const DH_METHOD *dhm);
+int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data);
+int (*DH_meth_get_generate_key(const DH_METHOD *dhm)) (DH *);
+int DH_meth_set_generate_key(DH_METHOD *dhm, int (*generate_key) (DH *));
+int (*DH_meth_get_compute_key(const DH_METHOD *dhm))
+ (unsigned char *key, const BIGNUM *pub_key, DH *dh);
+int DH_meth_set_compute_key(DH_METHOD *dhm,
+ int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh));
+int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm))
+ (const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *,
+ BN_CTX *, BN_MONT_CTX *);
+int DH_meth_set_bn_mod_exp(DH_METHOD *dhm,
+ int (*bn_mod_exp) (const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *,
+ const BIGNUM *, BN_CTX *, BN_MONT_CTX *));
+int (*DH_meth_get_init(const DH_METHOD *dhm))(DH *);
+int DH_meth_set_init(DH_METHOD *dhm, int (*init)(DH *));
+int (*DH_meth_get_finish(const DH_METHOD *dhm)) (DH *);
+int DH_meth_set_finish(DH_METHOD *dhm, int (*finish) (DH *));
+int (*DH_meth_get_generate_params(const DH_METHOD *dhm))
+ (DH *, int, int, BN_GENCB *);
+int DH_meth_set_generate_params(DH_METHOD *dhm,
+ int (*generate_params) (DH *, int, int, BN_GENCB *));
+
+
+# define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
+ EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL)
+
+# define EVP_PKEY_CTX_set_dh_paramgen_subprime_len(ctx, len) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
+ EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN, len, NULL)
+
+# define EVP_PKEY_CTX_set_dh_paramgen_type(ctx, typ) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
+ EVP_PKEY_CTRL_DH_PARAMGEN_TYPE, typ, NULL)
+
+# define EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, gen) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
+ EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL)
+
+# define EVP_PKEY_CTX_set_dh_rfc5114(ctx, gen) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \
+ EVP_PKEY_CTRL_DH_RFC5114, gen, NULL)
+
+# define EVP_PKEY_CTX_set_dhx_rfc5114(ctx, gen) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \
+ EVP_PKEY_CTRL_DH_RFC5114, gen, NULL)
+
+# define EVP_PKEY_CTX_set_dh_nid(ctx, nid) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, \
+ EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, \
+ EVP_PKEY_CTRL_DH_NID, nid, NULL)
+
+# define EVP_PKEY_CTX_set_dh_pad(ctx, pad) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_DH_PAD, pad, NULL)
+
+# define EVP_PKEY_CTX_set_dh_kdf_type(ctx, kdf) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_DH_KDF_TYPE, kdf, NULL)
+
+# define EVP_PKEY_CTX_get_dh_kdf_type(ctx) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_DH_KDF_TYPE, -2, NULL)
+
+# define EVP_PKEY_CTX_set0_dh_kdf_oid(ctx, oid) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_DH_KDF_OID, 0, (void *)(oid))
+
+# define EVP_PKEY_CTX_get0_dh_kdf_oid(ctx, poid) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_GET_DH_KDF_OID, 0, (void *)(poid))
+
+# define EVP_PKEY_CTX_set_dh_kdf_md(ctx, md) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_DH_KDF_MD, 0, (void *)(md))
+
+# define EVP_PKEY_CTX_get_dh_kdf_md(ctx, pmd) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_GET_DH_KDF_MD, 0, (void *)(pmd))
+
+# define EVP_PKEY_CTX_set_dh_kdf_outlen(ctx, len) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_DH_KDF_OUTLEN, len, NULL)
+
+# define EVP_PKEY_CTX_get_dh_kdf_outlen(ctx, plen) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN, 0, (void *)(plen))
+
+# define EVP_PKEY_CTX_set0_dh_kdf_ukm(ctx, p, plen) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_DH_KDF_UKM, plen, (void *)(p))
+
+# define EVP_PKEY_CTX_get0_dh_kdf_ukm(ctx, p) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+ EVP_PKEY_OP_DERIVE, \
+ EVP_PKEY_CTRL_GET_DH_KDF_UKM, 0, (void *)(p))
+
+# define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN (EVP_PKEY_ALG_CTRL + 1)
+# define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR (EVP_PKEY_ALG_CTRL + 2)
+# define EVP_PKEY_CTRL_DH_RFC5114 (EVP_PKEY_ALG_CTRL + 3)
+# define EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN (EVP_PKEY_ALG_CTRL + 4)
+# define EVP_PKEY_CTRL_DH_PARAMGEN_TYPE (EVP_PKEY_ALG_CTRL + 5)
+# define EVP_PKEY_CTRL_DH_KDF_TYPE (EVP_PKEY_ALG_CTRL + 6)
+# define EVP_PKEY_CTRL_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 7)
+# define EVP_PKEY_CTRL_GET_DH_KDF_MD (EVP_PKEY_ALG_CTRL + 8)
+# define EVP_PKEY_CTRL_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 9)
+# define EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 10)
+# define EVP_PKEY_CTRL_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 11)
+# define EVP_PKEY_CTRL_GET_DH_KDF_UKM (EVP_PKEY_ALG_CTRL + 12)
+# define EVP_PKEY_CTRL_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 13)
+# define EVP_PKEY_CTRL_GET_DH_KDF_OID (EVP_PKEY_ALG_CTRL + 14)
+# define EVP_PKEY_CTRL_DH_NID (EVP_PKEY_ALG_CTRL + 15)
+# define EVP_PKEY_CTRL_DH_PAD (EVP_PKEY_ALG_CTRL + 16)
+
+/* KDF types */
+# define EVP_PKEY_DH_KDF_NONE 1
+# ifndef OPENSSL_NO_CMS
+# define EVP_PKEY_DH_KDF_X9_42 2
+# endif
+
+
+# ifdef __cplusplus
+}
+# endif
+# endif
+#endif
Index: sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/include/openssl/dherr.h
===================================================================
--- sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/include/openssl/dherr.h (nonexistent)
+++ sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/include/openssl/dherr.h (revision 420)
@@ -0,0 +1,91 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DHERR_H
+# define HEADER_DHERR_H
+
+# ifndef HEADER_SYMHACKS_H
+# include <openssl/symhacks.h>
+# endif
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_DH
+
+# ifdef __cplusplus
+extern "C"
+# endif
+int ERR_load_DH_strings(void);
+
+/*
+ * DH function codes.
+ */
+# define DH_F_COMPUTE_KEY 102
+# define DH_F_DHPARAMS_PRINT_FP 101
+# define DH_F_DH_BUILTIN_GENPARAMS 106
+# define DH_F_DH_CHECK 126
+# define DH_F_DH_CHECK_EX 121
+# define DH_F_DH_CHECK_PARAMS_EX 122
+# define DH_F_DH_CHECK_PUB_KEY 127
+# define DH_F_DH_CHECK_PUB_KEY_EX 123
+# define DH_F_DH_CMS_DECRYPT 114
+# define DH_F_DH_CMS_SET_PEERKEY 115
+# define DH_F_DH_CMS_SET_SHARED_INFO 116
+# define DH_F_DH_METH_DUP 117
+# define DH_F_DH_METH_NEW 118
+# define DH_F_DH_METH_SET1_NAME 119
+# define DH_F_DH_NEW_BY_NID 104
+# define DH_F_DH_NEW_METHOD 105
+# define DH_F_DH_PARAM_DECODE 107
+# define DH_F_DH_PKEY_PUBLIC_CHECK 124
+# define DH_F_DH_PRIV_DECODE 110
+# define DH_F_DH_PRIV_ENCODE 111
+# define DH_F_DH_PUB_DECODE 108
+# define DH_F_DH_PUB_ENCODE 109
+# define DH_F_DO_DH_PRINT 100
+# define DH_F_GENERATE_KEY 103
+# define DH_F_PKEY_DH_CTRL_STR 120
+# define DH_F_PKEY_DH_DERIVE 112
+# define DH_F_PKEY_DH_INIT 125
+# define DH_F_PKEY_DH_KEYGEN 113
+
+/*
+ * DH reason codes.
+ */
+# define DH_R_BAD_GENERATOR 101
+# define DH_R_BN_DECODE_ERROR 109
+# define DH_R_BN_ERROR 106
+# define DH_R_CHECK_INVALID_J_VALUE 115
+# define DH_R_CHECK_INVALID_Q_VALUE 116
+# define DH_R_CHECK_PUBKEY_INVALID 122
+# define DH_R_CHECK_PUBKEY_TOO_LARGE 123
+# define DH_R_CHECK_PUBKEY_TOO_SMALL 124
+# define DH_R_CHECK_P_NOT_PRIME 117
+# define DH_R_CHECK_P_NOT_SAFE_PRIME 118
+# define DH_R_CHECK_Q_NOT_PRIME 119
+# define DH_R_DECODE_ERROR 104
+# define DH_R_INVALID_PARAMETER_NAME 110
+# define DH_R_INVALID_PARAMETER_NID 114
+# define DH_R_INVALID_PUBKEY 102
+# define DH_R_KDF_PARAMETER_ERROR 112
+# define DH_R_KEYS_NOT_SET 108
+# define DH_R_MISSING_PUBKEY 125
+# define DH_R_MODULUS_TOO_LARGE 103
+# define DH_R_NOT_SUITABLE_GENERATOR 120
+# define DH_R_NO_PARAMETERS_SET 107
+# define DH_R_NO_PRIVATE_VALUE 100
+# define DH_R_PARAMETER_ENCODING_ERROR 105
+# define DH_R_PEER_KEY_ERROR 111
+# define DH_R_Q_TOO_LARGE 130
+# define DH_R_SHARED_INFO_ERROR 113
+# define DH_R_UNABLE_TO_CHECK_GENERATOR 121
+
+# endif
+#endif
Index: sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/include/openssl/opensslv.h
===================================================================
--- sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/include/openssl/opensslv.h (nonexistent)
+++ sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/include/openssl/opensslv.h (revision 420)
@@ -0,0 +1,101 @@
+/*
+ * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_OPENSSLV_H
+# define HEADER_OPENSSLV_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*-
+ * Numeric release version identifier:
+ * MNNFFPPS: major minor fix patch status
+ * The status nibble has one of the values 0 for development, 1 to e for betas
+ * 1 to 14, and f for release. The patch level is exactly that.
+ * For example:
+ * 0.9.3-dev 0x00903000
+ * 0.9.3-beta1 0x00903001
+ * 0.9.3-beta2-dev 0x00903002
+ * 0.9.3-beta2 0x00903002 (same as ...beta2-dev)
+ * 0.9.3 0x0090300f
+ * 0.9.3a 0x0090301f
+ * 0.9.4 0x0090400f
+ * 1.2.3z 0x102031af
+ *
+ * For continuity reasons (because 0.9.5 is already out, and is coded
+ * 0x00905100), between 0.9.5 and 0.9.6 the coding of the patch level
+ * part is slightly different, by setting the highest bit. This means
+ * that 0.9.5a looks like this: 0x0090581f. At 0.9.6, we can start
+ * with 0x0090600S...
+ *
+ * (Prior to 0.9.3-dev a different scheme was used: 0.9.2b is 0x0922.)
+ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
+ * major minor fix final patch/beta)
+ */
+# define OPENSSL_VERSION_NUMBER 0x101011afL
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1za 26 Jun 2024"
+
+/*-
+ * The macros below are to be used for shared library (.so, .dll, ...)
+ * versioning. That kind of versioning works a bit differently between
+ * operating systems. The most usual scheme is to set a major and a minor
+ * number, and have the runtime loader check that the major number is equal
+ * to what it was at application link time, while the minor number has to
+ * be greater or equal to what it was at application link time. With this
+ * scheme, the version number is usually part of the file name, like this:
+ *
+ * libcrypto.so.0.9
+ *
+ * Some unixen also make a softlink with the major version number only:
+ *
+ * libcrypto.so.0
+ *
+ * On Tru64 and IRIX 6.x it works a little bit differently. There, the
+ * shared library version is stored in the file, and is actually a series
+ * of versions, separated by colons. The rightmost version present in the
+ * library when linking an application is stored in the application to be
+ * matched at run time. When the application is run, a check is done to
+ * see if the library version stored in the application matches any of the
+ * versions in the version string of the library itself.
+ * This version string can be constructed in any way, depending on what
+ * kind of matching is desired. However, to implement the same scheme as
+ * the one used in the other unixen, all compatible versions, from lowest
+ * to highest, should be part of the string. Consecutive builds would
+ * give the following versions strings:
+ *
+ * 3.0
+ * 3.0:3.1
+ * 3.0:3.1:3.2
+ * 4.0
+ * 4.0:4.1
+ *
+ * Notice how version 4 is completely incompatible with version, and
+ * therefore give the breach you can see.
+ *
+ * There may be other schemes as well that I haven't yet discovered.
+ *
+ * So, here's the way it works here: first of all, the library version
+ * number doesn't need at all to match the overall OpenSSL version.
+ * However, it's nice and more understandable if it actually does.
+ * The current library version is stored in the macro SHLIB_VERSION_NUMBER,
+ * which is just a piece of text in the format "M.m.e" (Major, minor, edit).
+ * For the sake of Tru64, IRIX, and any other OS that behaves in similar ways,
+ * we need to keep a history of version numbers, which is done in the
+ * macro SHLIB_VERSION_HISTORY. The numbers are separated by colons and
+ * should only keep the versions that are binary compatible with the current.
+ */
+# define SHLIB_VERSION_HISTORY ""
+# define SHLIB_VERSION_NUMBER "1.1"
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif /* HEADER_OPENSSLV_H */
Index: sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/include/openssl/pkcs12err.h
===================================================================
--- sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/include/openssl/pkcs12err.h (nonexistent)
+++ sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/include/openssl/pkcs12err.h (revision 420)
@@ -0,0 +1,82 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_PKCS12ERR_H
+# define HEADER_PKCS12ERR_H
+
+# ifndef HEADER_SYMHACKS_H
+# include <openssl/symhacks.h>
+# endif
+
+# ifdef __cplusplus
+extern "C"
+# endif
+int ERR_load_PKCS12_strings(void);
+
+/*
+ * PKCS12 function codes.
+ */
+# define PKCS12_F_OPENSSL_ASC2UNI 121
+# define PKCS12_F_OPENSSL_UNI2ASC 124
+# define PKCS12_F_OPENSSL_UNI2UTF8 127
+# define PKCS12_F_OPENSSL_UTF82UNI 129
+# define PKCS12_F_PKCS12_CREATE 105
+# define PKCS12_F_PKCS12_GEN_MAC 107
+# define PKCS12_F_PKCS12_INIT 109
+# define PKCS12_F_PKCS12_ITEM_DECRYPT_D2I 106
+# define PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT 108
+# define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG 117
+# define PKCS12_F_PKCS12_KEY_GEN_ASC 110
+# define PKCS12_F_PKCS12_KEY_GEN_UNI 111
+# define PKCS12_F_PKCS12_KEY_GEN_UTF8 116
+# define PKCS12_F_PKCS12_NEWPASS 128
+# define PKCS12_F_PKCS12_PACK_P7DATA 114
+# define PKCS12_F_PKCS12_PACK_P7ENCDATA 115
+# define PKCS12_F_PKCS12_PARSE 118
+# define PKCS12_F_PKCS12_PBE_CRYPT 119
+# define PKCS12_F_PKCS12_PBE_KEYIVGEN 120
+# define PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF 112
+# define PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8 113
+# define PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT 133
+# define PKCS12_F_PKCS12_SETUP_MAC 122
+# define PKCS12_F_PKCS12_SET_MAC 123
+# define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 130
+# define PKCS12_F_PKCS12_UNPACK_P7DATA 131
+# define PKCS12_F_PKCS12_UNPACK_P7ENCDATA 134
+# define PKCS12_F_PKCS12_VERIFY_MAC 126
+# define PKCS12_F_PKCS8_ENCRYPT 125
+# define PKCS12_F_PKCS8_SET0_PBE 132
+
+/*
+ * PKCS12 reason codes.
+ */
+# define PKCS12_R_CANT_PACK_STRUCTURE 100
+# define PKCS12_R_CONTENT_TYPE_NOT_DATA 121
+# define PKCS12_R_DECODE_ERROR 101
+# define PKCS12_R_ENCODE_ERROR 102
+# define PKCS12_R_ENCRYPT_ERROR 103
+# define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE 120
+# define PKCS12_R_INVALID_NULL_ARGUMENT 104
+# define PKCS12_R_INVALID_NULL_PKCS12_POINTER 105
+# define PKCS12_R_IV_GEN_ERROR 106
+# define PKCS12_R_KEY_GEN_ERROR 107
+# define PKCS12_R_MAC_ABSENT 108
+# define PKCS12_R_MAC_GENERATION_ERROR 109
+# define PKCS12_R_MAC_SETUP_ERROR 110
+# define PKCS12_R_MAC_STRING_SET_ERROR 111
+# define PKCS12_R_MAC_VERIFY_FAILURE 113
+# define PKCS12_R_PARSE_ERROR 114
+# define PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR 115
+# define PKCS12_R_PKCS12_CIPHERFINAL_ERROR 116
+# define PKCS12_R_PKCS12_PBE_CRYPT_ERROR 117
+# define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM 118
+# define PKCS12_R_UNSUPPORTED_PKCS12_MODE 119
+
+#endif
Index: sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/include/openssl/ssl.h
===================================================================
--- sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/include/openssl/ssl.h (nonexistent)
+++ sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/include/openssl/ssl.h (revision 420)
@@ -0,0 +1,2448 @@
+/*
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SSL_H
+# define HEADER_SSL_H
+
+# include <openssl/e_os2.h>
+# include <openssl/opensslconf.h>
+# include <openssl/comp.h>
+# include <openssl/bio.h>
+# if OPENSSL_API_COMPAT < 0x10100000L
+# include <openssl/x509.h>
+# include <openssl/crypto.h>
+# include <openssl/buffer.h>
+# endif
+# include <openssl/lhash.h>
+# include <openssl/pem.h>
+# include <openssl/hmac.h>
+# include <openssl/async.h>
+
+# include <openssl/safestack.h>
+# include <openssl/symhacks.h>
+# include <openssl/ct.h>
+# include <openssl/sslerr.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* OpenSSL version number for ASN.1 encoding of the session information */
+/*-
+ * Version 0 - initial version
+ * Version 1 - added the optional peer certificate
+ */
+# define SSL_SESSION_ASN1_VERSION 0x0001
+
+# define SSL_MAX_SSL_SESSION_ID_LENGTH 32
+# define SSL_MAX_SID_CTX_LENGTH 32
+
+# define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8)
+# define SSL_MAX_KEY_ARG_LENGTH 8
+# define SSL_MAX_MASTER_KEY_LENGTH 48
+
+/* The maximum number of encrypt/decrypt pipelines we can support */
+# define SSL_MAX_PIPELINES 32
+
+/* text strings for the ciphers */
+
+/* These are used to specify which ciphers to use and not to use */
+
+# define SSL_TXT_LOW "LOW"
+# define SSL_TXT_MEDIUM "MEDIUM"
+# define SSL_TXT_HIGH "HIGH"
+# define SSL_TXT_FIPS "FIPS"
+
+# define SSL_TXT_aNULL "aNULL"
+# define SSL_TXT_eNULL "eNULL"
+# define SSL_TXT_NULL "NULL"
+
+# define SSL_TXT_kRSA "kRSA"
+# define SSL_TXT_kDHr "kDHr"/* this cipher class has been removed */
+# define SSL_TXT_kDHd "kDHd"/* this cipher class has been removed */
+# define SSL_TXT_kDH "kDH"/* this cipher class has been removed */
+# define SSL_TXT_kEDH "kEDH"/* alias for kDHE */
+# define SSL_TXT_kDHE "kDHE"
+# define SSL_TXT_kECDHr "kECDHr"/* this cipher class has been removed */
+# define SSL_TXT_kECDHe "kECDHe"/* this cipher class has been removed */
+# define SSL_TXT_kECDH "kECDH"/* this cipher class has been removed */
+# define SSL_TXT_kEECDH "kEECDH"/* alias for kECDHE */
+# define SSL_TXT_kECDHE "kECDHE"
+# define SSL_TXT_kPSK "kPSK"
+# define SSL_TXT_kRSAPSK "kRSAPSK"
+# define SSL_TXT_kECDHEPSK "kECDHEPSK"
+# define SSL_TXT_kDHEPSK "kDHEPSK"
+# define SSL_TXT_kGOST "kGOST"
+# define SSL_TXT_kSRP "kSRP"
+
+# define SSL_TXT_aRSA "aRSA"
+# define SSL_TXT_aDSS "aDSS"
+# define SSL_TXT_aDH "aDH"/* this cipher class has been removed */
+# define SSL_TXT_aECDH "aECDH"/* this cipher class has been removed */
+# define SSL_TXT_aECDSA "aECDSA"
+# define SSL_TXT_aPSK "aPSK"
+# define SSL_TXT_aGOST94 "aGOST94"
+# define SSL_TXT_aGOST01 "aGOST01"
+# define SSL_TXT_aGOST12 "aGOST12"
+# define SSL_TXT_aGOST "aGOST"
+# define SSL_TXT_aSRP "aSRP"
+
+# define SSL_TXT_DSS "DSS"
+# define SSL_TXT_DH "DH"
+# define SSL_TXT_DHE "DHE"/* same as "kDHE:-ADH" */
+# define SSL_TXT_EDH "EDH"/* alias for DHE */
+# define SSL_TXT_ADH "ADH"
+# define SSL_TXT_RSA "RSA"
+# define SSL_TXT_ECDH "ECDH"
+# define SSL_TXT_EECDH "EECDH"/* alias for ECDHE" */
+# define SSL_TXT_ECDHE "ECDHE"/* same as "kECDHE:-AECDH" */
+# define SSL_TXT_AECDH "AECDH"
+# define SSL_TXT_ECDSA "ECDSA"
+# define SSL_TXT_PSK "PSK"
+# define SSL_TXT_SRP "SRP"
+
+# define SSL_TXT_DES "DES"
+# define SSL_TXT_3DES "3DES"
+# define SSL_TXT_RC4 "RC4"
+# define SSL_TXT_RC2 "RC2"
+# define SSL_TXT_IDEA "IDEA"
+# define SSL_TXT_SEED "SEED"
+# define SSL_TXT_AES128 "AES128"
+# define SSL_TXT_AES256 "AES256"
+# define SSL_TXT_AES "AES"
+# define SSL_TXT_AES_GCM "AESGCM"
+# define SSL_TXT_AES_CCM "AESCCM"
+# define SSL_TXT_AES_CCM_8 "AESCCM8"
+# define SSL_TXT_CAMELLIA128 "CAMELLIA128"
+# define SSL_TXT_CAMELLIA256 "CAMELLIA256"
+# define SSL_TXT_CAMELLIA "CAMELLIA"
+# define SSL_TXT_CHACHA20 "CHACHA20"
+# define SSL_TXT_GOST "GOST89"
+# define SSL_TXT_ARIA "ARIA"
+# define SSL_TXT_ARIA_GCM "ARIAGCM"
+# define SSL_TXT_ARIA128 "ARIA128"
+# define SSL_TXT_ARIA256 "ARIA256"
+
+# define SSL_TXT_MD5 "MD5"
+# define SSL_TXT_SHA1 "SHA1"
+# define SSL_TXT_SHA "SHA"/* same as "SHA1" */
+# define SSL_TXT_GOST94 "GOST94"
+# define SSL_TXT_GOST89MAC "GOST89MAC"
+# define SSL_TXT_GOST12 "GOST12"
+# define SSL_TXT_GOST89MAC12 "GOST89MAC12"
+# define SSL_TXT_SHA256 "SHA256"
+# define SSL_TXT_SHA384 "SHA384"
+
+# define SSL_TXT_SSLV3 "SSLv3"
+# define SSL_TXT_TLSV1 "TLSv1"
+# define SSL_TXT_TLSV1_1 "TLSv1.1"
+# define SSL_TXT_TLSV1_2 "TLSv1.2"
+
+# define SSL_TXT_ALL "ALL"
+
+/*-
+ * COMPLEMENTOF* definitions. These identifiers are used to (de-select)
+ * ciphers normally not being used.
+ * Example: "RC4" will activate all ciphers using RC4 including ciphers
+ * without authentication, which would normally disabled by DEFAULT (due
+ * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT"
+ * will make sure that it is also disabled in the specific selection.
+ * COMPLEMENTOF* identifiers are portable between version, as adjustments
+ * to the default cipher setup will also be included here.
+ *
+ * COMPLEMENTOFDEFAULT does not experience the same special treatment that
+ * DEFAULT gets, as only selection is being done and no sorting as needed
+ * for DEFAULT.
+ */
+# define SSL_TXT_CMPALL "COMPLEMENTOFALL"
+# define SSL_TXT_CMPDEF "COMPLEMENTOFDEFAULT"
+
+/*
+ * The following cipher list is used by default. It also is substituted when
+ * an application-defined cipher list string starts with 'DEFAULT'.
+ * This applies to ciphersuites for TLSv1.2 and below.
+ */
+# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL"
+/* This is the default set of TLSv1.3 ciphersuites */
+# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
+# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
+ "TLS_CHACHA20_POLY1305_SHA256:" \
+ "TLS_AES_128_GCM_SHA256"
+# else
+# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
+ "TLS_AES_128_GCM_SHA256"
+#endif
+/*
+ * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
+ * starts with a reasonable order, and all we have to do for DEFAULT is
+ * throwing out anonymous and unencrypted ciphersuites! (The latter are not
+ * actually enabled by ALL, but "ALL:RSA" would enable some of them.)
+ */
+
+/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
+# define SSL_SENT_SHUTDOWN 1
+# define SSL_RECEIVED_SHUTDOWN 2
+
+#ifdef __cplusplus
+}
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1
+# define SSL_FILETYPE_PEM X509_FILETYPE_PEM
+
+/*
+ * This is needed to stop compilers complaining about the 'struct ssl_st *'
+ * function parameters used to prototype callbacks in SSL_CTX.
+ */
+typedef struct ssl_st *ssl_crock_st;
+typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT;
+typedef struct ssl_method_st SSL_METHOD;
+typedef struct ssl_cipher_st SSL_CIPHER;
+typedef struct ssl_session_st SSL_SESSION;
+typedef struct tls_sigalgs_st TLS_SIGALGS;
+typedef struct ssl_conf_ctx_st SSL_CONF_CTX;
+typedef struct ssl_comp_st SSL_COMP;
+
+STACK_OF(SSL_CIPHER);
+STACK_OF(SSL_COMP);
+
+/* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/
+typedef struct srtp_protection_profile_st {
+ const char *name;
+ unsigned long id;
+} SRTP_PROTECTION_PROFILE;
+
+DEFINE_STACK_OF(SRTP_PROTECTION_PROFILE)
+
+typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data,
+ int len, void *arg);
+typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
+ STACK_OF(SSL_CIPHER) *peer_ciphers,
+ const SSL_CIPHER **cipher, void *arg);
+
+/* Extension context codes */
+/* This extension is only allowed in TLS */
+#define SSL_EXT_TLS_ONLY 0x0001
+/* This extension is only allowed in DTLS */
+#define SSL_EXT_DTLS_ONLY 0x0002
+/* Some extensions may be allowed in DTLS but we don't implement them for it */
+#define SSL_EXT_TLS_IMPLEMENTATION_ONLY 0x0004
+/* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */
+#define SSL_EXT_SSL3_ALLOWED 0x0008
+/* Extension is only defined for TLS1.2 and below */
+#define SSL_EXT_TLS1_2_AND_BELOW_ONLY 0x0010
+/* Extension is only defined for TLS1.3 and above */
+#define SSL_EXT_TLS1_3_ONLY 0x0020
+/* Ignore this extension during parsing if we are resuming */
+#define SSL_EXT_IGNORE_ON_RESUMPTION 0x0040
+#define SSL_EXT_CLIENT_HELLO 0x0080
+/* Really means TLS1.2 or below */
+#define SSL_EXT_TLS1_2_SERVER_HELLO 0x0100
+#define SSL_EXT_TLS1_3_SERVER_HELLO 0x0200
+#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS 0x0400
+#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST 0x0800
+#define SSL_EXT_TLS1_3_CERTIFICATE 0x1000
+#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET 0x2000
+#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST 0x4000
+
+/* Typedefs for handling custom extensions */
+
+typedef int (*custom_ext_add_cb)(SSL *s, unsigned int ext_type,
+ const unsigned char **out, size_t *outlen,
+ int *al, void *add_arg);
+
+typedef void (*custom_ext_free_cb)(SSL *s, unsigned int ext_type,
+ const unsigned char *out, void *add_arg);
+
+typedef int (*custom_ext_parse_cb)(SSL *s, unsigned int ext_type,
+ const unsigned char *in, size_t inlen,
+ int *al, void *parse_arg);
+
+
+typedef int (*SSL_custom_ext_add_cb_ex)(SSL *s, unsigned int ext_type,
+ unsigned int context,
+ const unsigned char **out,
+ size_t *outlen, X509 *x,
+ size_t chainidx,
+ int *al, void *add_arg);
+
+typedef void (*SSL_custom_ext_free_cb_ex)(SSL *s, unsigned int ext_type,
+ unsigned int context,
+ const unsigned char *out,
+ void *add_arg);
+
+typedef int (*SSL_custom_ext_parse_cb_ex)(SSL *s, unsigned int ext_type,
+ unsigned int context,
+ const unsigned char *in,
+ size_t inlen, X509 *x,
+ size_t chainidx,
+ int *al, void *parse_arg);
+
+/* Typedef for verification callback */
+typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx);
+
+/*
+ * Some values are reserved until OpenSSL 1.2.0 because they were previously
+ * included in SSL_OP_ALL in a 1.1.x release.
+ *
+ * Reserved value (until OpenSSL 1.2.0) 0x00000001U
+ * Reserved value (until OpenSSL 1.2.0) 0x00000002U
+ */
+/* Allow initial connection to servers that don't support RI */
+# define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004U
+
+/* Reserved value (until OpenSSL 1.2.0) 0x00000008U */
+# define SSL_OP_TLSEXT_PADDING 0x00000010U
+/* Reserved value (until OpenSSL 1.2.0) 0x00000020U */
+# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040U
+/*
+ * Reserved value (until OpenSSL 1.2.0) 0x00000080U
+ * Reserved value (until OpenSSL 1.2.0) 0x00000100U
+ * Reserved value (until OpenSSL 1.2.0) 0x00000200U
+ */
+
+/* In TLSv1.3 allow a non-(ec)dhe based kex_mode */
+# define SSL_OP_ALLOW_NO_DHE_KEX 0x00000400U
+
+/*
+ * Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added in
+ * OpenSSL 0.9.6d. Usually (depending on the application protocol) the
+ * workaround is not needed. Unfortunately some broken SSL/TLS
+ * implementations cannot handle it at all, which is why we include it in
+ * SSL_OP_ALL. Added in 0.9.6e
+ */
+# define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800U
+
+/* DTLS options */
+# define SSL_OP_NO_QUERY_MTU 0x00001000U
+/* Turn on Cookie Exchange (on relevant for servers) */
+# define SSL_OP_COOKIE_EXCHANGE 0x00002000U
+/* Don't use RFC4507 ticket extension */
+# define SSL_OP_NO_TICKET 0x00004000U
+# ifndef OPENSSL_NO_DTLS1_METHOD
+/* Use Cisco's "speshul" version of DTLS_BAD_VER
+ * (only with deprecated DTLSv1_client_method()) */
+# define SSL_OP_CISCO_ANYCONNECT 0x00008000U
+# endif
+
+/* As server, disallow session resumption on renegotiation */
+# define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000U
+/* Don't use compression even if supported */
+# define SSL_OP_NO_COMPRESSION 0x00020000U
+/* Permit unsafe legacy renegotiation */
+# define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000U
+/* Disable encrypt-then-mac */
+# define SSL_OP_NO_ENCRYPT_THEN_MAC 0x00080000U
+
+/*
+ * Enable TLSv1.3 Compatibility mode. This is on by default. A future version
+ * of OpenSSL may have this disabled by default.
+ */
+# define SSL_OP_ENABLE_MIDDLEBOX_COMPAT 0x00100000U
+
+/* Prioritize Chacha20Poly1305 when client does.
+ * Modifies SSL_OP_CIPHER_SERVER_PREFERENCE */
+# define SSL_OP_PRIORITIZE_CHACHA 0x00200000U
+
+/*
+ * Set on servers to choose the cipher according to the server's preferences
+ */
+# define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000U
+/*
+ * If set, a server will allow a client to issue a SSLv3.0 version number as
+ * latest version supported in the premaster secret, even when TLSv1.0
+ * (version 3.1) was announced in the client hello. Normally this is
+ * forbidden to prevent version rollback attacks.
+ */
+# define SSL_OP_TLS_ROLLBACK_BUG 0x00800000U
+
+/*
+ * Switches off automatic TLSv1.3 anti-replay protection for early data. This
+ * is a server-side option only (no effect on the client).
+ */
+# define SSL_OP_NO_ANTI_REPLAY 0x01000000U
+
+# define SSL_OP_NO_SSLv3 0x02000000U
+# define SSL_OP_NO_TLSv1 0x04000000U
+# define SSL_OP_NO_TLSv1_2 0x08000000U
+# define SSL_OP_NO_TLSv1_1 0x10000000U
+# define SSL_OP_NO_TLSv1_3 0x20000000U
+
+# define SSL_OP_NO_DTLSv1 0x04000000U
+# define SSL_OP_NO_DTLSv1_2 0x08000000U
+
+# define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv3|\
+ SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2|SSL_OP_NO_TLSv1_3)
+# define SSL_OP_NO_DTLS_MASK (SSL_OP_NO_DTLSv1|SSL_OP_NO_DTLSv1_2)
+
+/* Disallow all renegotiation */
+# define SSL_OP_NO_RENEGOTIATION 0x40000000U
+
+/*
+ * Make server add server-hello extension from early version of cryptopro
+ * draft, when GOST ciphersuite is negotiated. Required for interoperability
+ * with CryptoPro CSP 3.x
+ */
+# define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x80000000U
+
+/*
+ * SSL_OP_ALL: various bug workarounds that should be rather harmless.
+ * This used to be 0x000FFFFFL before 0.9.7.
+ * This used to be 0x80000BFFU before 1.1.1.
+ */
+# define SSL_OP_ALL (SSL_OP_CRYPTOPRO_TLSEXT_BUG|\
+ SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS|\
+ SSL_OP_LEGACY_SERVER_CONNECT|\
+ SSL_OP_TLSEXT_PADDING|\
+ SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
+
+/* OBSOLETE OPTIONS: retained for compatibility */
+
+/* Removed from OpenSSL 1.1.0. Was 0x00000001L */
+/* Related to removed SSLv2. */
+# define SSL_OP_MICROSOFT_SESS_ID_BUG 0x0
+/* Removed from OpenSSL 1.1.0. Was 0x00000002L */
+/* Related to removed SSLv2. */
+# define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x0
+/* Removed from OpenSSL 0.9.8q and 1.0.0c. Was 0x00000008L */
+/* Dead forever, see CVE-2010-4180 */
+# define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x0
+/* Removed from OpenSSL 1.0.1h and 1.0.2. Was 0x00000010L */
+/* Refers to ancient SSLREF and SSLv2. */
+# define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0
+/* Removed from OpenSSL 1.1.0. Was 0x00000020 */
+# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x0
+/* Removed from OpenSSL 0.9.7h and 0.9.8b. Was 0x00000040L */
+# define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0
+/* Removed from OpenSSL 1.1.0. Was 0x00000080 */
+/* Ancient SSLeay version. */
+# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0
+/* Removed from OpenSSL 1.1.0. Was 0x00000100L */
+# define SSL_OP_TLS_D5_BUG 0x0
+/* Removed from OpenSSL 1.1.0. Was 0x00000200L */
+# define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0
+/* Removed from OpenSSL 1.1.0. Was 0x00080000L */
+# define SSL_OP_SINGLE_ECDH_USE 0x0
+/* Removed from OpenSSL 1.1.0. Was 0x00100000L */
+# define SSL_OP_SINGLE_DH_USE 0x0
+/* Removed from OpenSSL 1.0.1k and 1.0.2. Was 0x00200000L */
+# define SSL_OP_EPHEMERAL_RSA 0x0
+/* Removed from OpenSSL 1.1.0. Was 0x01000000L */
+# define SSL_OP_NO_SSLv2 0x0
+/* Removed from OpenSSL 1.0.1. Was 0x08000000L */
+# define SSL_OP_PKCS1_CHECK_1 0x0
+/* Removed from OpenSSL 1.0.1. Was 0x10000000L */
+# define SSL_OP_PKCS1_CHECK_2 0x0
+/* Removed from OpenSSL 1.1.0. Was 0x20000000L */
+# define SSL_OP_NETSCAPE_CA_DN_BUG 0x0
+/* Removed from OpenSSL 1.1.0. Was 0x40000000L */
+# define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x0
+
+/*
+ * Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
+ * when just a single record has been written):
+ */
+# define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001U
+/*
+ * Make it possible to retry SSL_write() with changed buffer location (buffer
+ * contents must stay the same!); this is not the default to avoid the
+ * misconception that non-blocking SSL_write() behaves like non-blocking
+ * write():
+ */
+# define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002U
+/*
+ * Never bother the application with retries if the transport is blocking:
+ */
+# define SSL_MODE_AUTO_RETRY 0x00000004U
+/* Don't attempt to automatically build certificate chain */
+# define SSL_MODE_NO_AUTO_CHAIN 0x00000008U
+/*
+ * Save RAM by releasing read and write buffers when they're empty. (SSL3 and
+ * TLS only.) Released buffers are freed.
+ */
+# define SSL_MODE_RELEASE_BUFFERS 0x00000010U
+/*
+ * Send the current time in the Random fields of the ClientHello and
+ * ServerHello records for compatibility with hypothetical implementations
+ * that require it.
+ */
+# define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020U
+# define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040U
+/*
+ * Send TLS_FALLBACK_SCSV in the ClientHello. To be set only by applications
+ * that reconnect with a downgraded protocol version; see
+ * draft-ietf-tls-downgrade-scsv-00 for details. DO NOT ENABLE THIS if your
+ * application attempts a normal handshake. Only use this in explicit
+ * fallback retries, following the guidance in
+ * draft-ietf-tls-downgrade-scsv-00.
+ */
+# define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080U
+/*
+ * Support Asynchronous operation
+ */
+# define SSL_MODE_ASYNC 0x00000100U
+
+/*
+ * When using DTLS/SCTP, include the terminating zero in the label
+ * used for computing the endpoint-pair shared secret. Required for
+ * interoperability with implementations having this bug like these
+ * older version of OpenSSL:
+ * - OpenSSL 1.0.0 series
+ * - OpenSSL 1.0.1 series
+ * - OpenSSL 1.0.2 series
+ * - OpenSSL 1.1.0 series
+ * - OpenSSL 1.1.1 and 1.1.1a
+ */
+# define SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG 0x00000400U
+
+/* Cert related flags */
+/*
+ * Many implementations ignore some aspects of the TLS standards such as
+ * enforcing certificate chain algorithms. When this is set we enforce them.
+ */
+# define SSL_CERT_FLAG_TLS_STRICT 0x00000001U
+
+/* Suite B modes, takes same values as certificate verify flags */
+# define SSL_CERT_FLAG_SUITEB_128_LOS_ONLY 0x10000
+/* Suite B 192 bit only mode */
+# define SSL_CERT_FLAG_SUITEB_192_LOS 0x20000
+/* Suite B 128 bit mode allowing 192 bit algorithms */
+# define SSL_CERT_FLAG_SUITEB_128_LOS 0x30000
+
+/* Perform all sorts of protocol violations for testing purposes */
+# define SSL_CERT_FLAG_BROKEN_PROTOCOL 0x10000000
+
+/* Flags for building certificate chains */
+/* Treat any existing certificates as untrusted CAs */
+# define SSL_BUILD_CHAIN_FLAG_UNTRUSTED 0x1
+/* Don't include root CA in chain */
+# define SSL_BUILD_CHAIN_FLAG_NO_ROOT 0x2
+/* Just check certificates already there */
+# define SSL_BUILD_CHAIN_FLAG_CHECK 0x4
+/* Ignore verification errors */
+# define SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR 0x8
+/* Clear verification errors from queue */
+# define SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR 0x10
+
+/* Flags returned by SSL_check_chain */
+/* Certificate can be used with this session */
+# define CERT_PKEY_VALID 0x1
+/* Certificate can also be used for signing */
+# define CERT_PKEY_SIGN 0x2
+/* EE certificate signing algorithm OK */
+# define CERT_PKEY_EE_SIGNATURE 0x10
+/* CA signature algorithms OK */
+# define CERT_PKEY_CA_SIGNATURE 0x20
+/* EE certificate parameters OK */
+# define CERT_PKEY_EE_PARAM 0x40
+/* CA certificate parameters OK */
+# define CERT_PKEY_CA_PARAM 0x80
+/* Signing explicitly allowed as opposed to SHA1 fallback */
+# define CERT_PKEY_EXPLICIT_SIGN 0x100
+/* Client CA issuer names match (always set for server cert) */
+# define CERT_PKEY_ISSUER_NAME 0x200
+/* Cert type matches client types (always set for server cert) */
+# define CERT_PKEY_CERT_TYPE 0x400
+/* Cert chain suitable to Suite B */
+# define CERT_PKEY_SUITEB 0x800
+
+# define SSL_CONF_FLAG_CMDLINE 0x1
+# define SSL_CONF_FLAG_FILE 0x2
+# define SSL_CONF_FLAG_CLIENT 0x4
+# define SSL_CONF_FLAG_SERVER 0x8
+# define SSL_CONF_FLAG_SHOW_ERRORS 0x10
+# define SSL_CONF_FLAG_CERTIFICATE 0x20
+# define SSL_CONF_FLAG_REQUIRE_PRIVATE 0x40
+/* Configuration value types */
+# define SSL_CONF_TYPE_UNKNOWN 0x0
+# define SSL_CONF_TYPE_STRING 0x1
+# define SSL_CONF_TYPE_FILE 0x2
+# define SSL_CONF_TYPE_DIR 0x3
+# define SSL_CONF_TYPE_NONE 0x4
+
+/* Maximum length of the application-controlled segment of a a TLSv1.3 cookie */
+# define SSL_COOKIE_LENGTH 4096
+
+/*
+ * Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, they
+ * cannot be used to clear bits.
+ */
+
+unsigned long SSL_CTX_get_options(const SSL_CTX *ctx);
+unsigned long SSL_get_options(const SSL *s);
+unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op);
+unsigned long SSL_clear_options(SSL *s, unsigned long op);
+unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op);
+unsigned long SSL_set_options(SSL *s, unsigned long op);
+
+# define SSL_CTX_set_mode(ctx,op) \
+ SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)
+# define SSL_CTX_clear_mode(ctx,op) \
+ SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL)
+# define SSL_CTX_get_mode(ctx) \
+ SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL)
+# define SSL_clear_mode(ssl,op) \
+ SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL)
+# define SSL_set_mode(ssl,op) \
+ SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)
+# define SSL_get_mode(ssl) \
+ SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL)
+# define SSL_set_mtu(ssl, mtu) \
+ SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL)
+# define DTLS_set_link_mtu(ssl, mtu) \
+ SSL_ctrl((ssl),DTLS_CTRL_SET_LINK_MTU,(mtu),NULL)
+# define DTLS_get_link_min_mtu(ssl) \
+ SSL_ctrl((ssl),DTLS_CTRL_GET_LINK_MIN_MTU,0,NULL)
+
+# define SSL_get_secure_renegotiation_support(ssl) \
+ SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)
+
+# ifndef OPENSSL_NO_HEARTBEATS
+# define SSL_heartbeat(ssl) \
+ SSL_ctrl((ssl),SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT,0,NULL)
+# endif
+
+# define SSL_CTX_set_cert_flags(ctx,op) \
+ SSL_CTX_ctrl((ctx),SSL_CTRL_CERT_FLAGS,(op),NULL)
+# define SSL_set_cert_flags(s,op) \
+ SSL_ctrl((s),SSL_CTRL_CERT_FLAGS,(op),NULL)
+# define SSL_CTX_clear_cert_flags(ctx,op) \
+ SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL)
+# define SSL_clear_cert_flags(s,op) \
+ SSL_ctrl((s),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL)
+
+void SSL_CTX_set_msg_callback(SSL_CTX *ctx,
+ void (*cb) (int write_p, int version,
+ int content_type, const void *buf,
+ size_t len, SSL *ssl, void *arg));
+void SSL_set_msg_callback(SSL *ssl,
+ void (*cb) (int write_p, int version,
+ int content_type, const void *buf,
+ size_t len, SSL *ssl, void *arg));
+# define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
+# define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
+
+# define SSL_get_extms_support(s) \
+ SSL_ctrl((s),SSL_CTRL_GET_EXTMS_SUPPORT,0,NULL)
+
+# ifndef OPENSSL_NO_SRP
+
+/* see tls_srp.c */
+__owur int SSL_SRP_CTX_init(SSL *s);
+__owur int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx);
+int SSL_SRP_CTX_free(SSL *ctx);
+int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx);
+__owur int SSL_srp_server_param_with_username(SSL *s, int *ad);
+__owur int SRP_Calc_A_param(SSL *s);
+
+# endif
+
+/* 100k max cert list */
+# define SSL_MAX_CERT_LIST_DEFAULT 1024*100
+
+# define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20)
+
+/*
+ * This callback type is used inside SSL_CTX, SSL, and in the functions that
+ * set them. It is used to override the generation of SSL/TLS session IDs in
+ * a server. Return value should be zero on an error, non-zero to proceed.
+ * Also, callbacks should themselves check if the id they generate is unique
+ * otherwise the SSL handshake will fail with an error - callbacks can do
+ * this using the 'ssl' value they're passed by;
+ * SSL_has_matching_session_id(ssl, id, *id_len) The length value passed in
+ * is set at the maximum size the session ID can be. In SSLv3/TLSv1 it is 32
+ * bytes. The callback can alter this length to be less if desired. It is
+ * also an error for the callback to set the size to zero.
+ */
+typedef int (*GEN_SESSION_CB) (SSL *ssl, unsigned char *id,
+ unsigned int *id_len);
+
+# define SSL_SESS_CACHE_OFF 0x0000
+# define SSL_SESS_CACHE_CLIENT 0x0001
+# define SSL_SESS_CACHE_SERVER 0x0002
+# define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
+# define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080
+/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */
+# define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100
+# define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200
+# define SSL_SESS_CACHE_NO_INTERNAL \
+ (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE)
+
+LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx);
+# define SSL_CTX_sess_number(ctx) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL)
+# define SSL_CTX_sess_connect(ctx) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL)
+# define SSL_CTX_sess_connect_good(ctx) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL)
+# define SSL_CTX_sess_connect_renegotiate(ctx) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL)
+# define SSL_CTX_sess_accept(ctx) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL)
+# define SSL_CTX_sess_accept_renegotiate(ctx) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL)
+# define SSL_CTX_sess_accept_good(ctx) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL)
+# define SSL_CTX_sess_hits(ctx) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL)
+# define SSL_CTX_sess_cb_hits(ctx) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL)
+# define SSL_CTX_sess_misses(ctx) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL)
+# define SSL_CTX_sess_timeouts(ctx) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL)
+# define SSL_CTX_sess_cache_full(ctx) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)
+
+void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
+ int (*new_session_cb) (struct ssl_st *ssl,
+ SSL_SESSION *sess));
+int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (struct ssl_st *ssl,
+ SSL_SESSION *sess);
+void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
+ void (*remove_session_cb) (struct ssl_ctx_st
+ *ctx,
+ SSL_SESSION *sess));
+void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (struct ssl_ctx_st *ctx,
+ SSL_SESSION *sess);
+void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
+ SSL_SESSION *(*get_session_cb) (struct ssl_st
+ *ssl,
+ const unsigned char
+ *data, int len,
+ int *copy));
+SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (struct ssl_st *ssl,
+ const unsigned char *data,
+ int len, int *copy);
+void SSL_CTX_set_info_callback(SSL_CTX *ctx,
+ void (*cb) (const SSL *ssl, int type, int val));
+void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type,
+ int val);
+void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
+ int (*client_cert_cb) (SSL *ssl, X509 **x509,
+ EVP_PKEY **pkey));
+int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509,
+ EVP_PKEY **pkey);
+# ifndef OPENSSL_NO_ENGINE
+__owur int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
+# endif
+void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
+ int (*app_gen_cookie_cb) (SSL *ssl,
+ unsigned char
+ *cookie,
+ unsigned int
+ *cookie_len));
+void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
+ int (*app_verify_cookie_cb) (SSL *ssl,
+ const unsigned
+ char *cookie,
+ unsigned int
+ cookie_len));
+
+void SSL_CTX_set_stateless_cookie_generate_cb(
+ SSL_CTX *ctx,
+ int (*gen_stateless_cookie_cb) (SSL *ssl,
+ unsigned char *cookie,
+ size_t *cookie_len));
+void SSL_CTX_set_stateless_cookie_verify_cb(
+ SSL_CTX *ctx,
+ int (*verify_stateless_cookie_cb) (SSL *ssl,
+ const unsigned char *cookie,
+ size_t cookie_len));
+# ifndef OPENSSL_NO_NEXTPROTONEG
+
+typedef int (*SSL_CTX_npn_advertised_cb_func)(SSL *ssl,
+ const unsigned char **out,
+ unsigned int *outlen,
+ void *arg);
+void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s,
+ SSL_CTX_npn_advertised_cb_func cb,
+ void *arg);
+# define SSL_CTX_set_npn_advertised_cb SSL_CTX_set_next_protos_advertised_cb
+
+typedef int (*SSL_CTX_npn_select_cb_func)(SSL *s,
+ unsigned char **out,
+ unsigned char *outlen,
+ const unsigned char *in,
+ unsigned int inlen,
+ void *arg);
+void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s,
+ SSL_CTX_npn_select_cb_func cb,
+ void *arg);
+# define SSL_CTX_set_npn_select_cb SSL_CTX_set_next_proto_select_cb
+
+void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
+ unsigned *len);
+# define SSL_get0_npn_negotiated SSL_get0_next_proto_negotiated
+# endif
+
+__owur int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
+ const unsigned char *in, unsigned int inlen,
+ const unsigned char *client,
+ unsigned int client_len);
+
+# define OPENSSL_NPN_UNSUPPORTED 0
+# define OPENSSL_NPN_NEGOTIATED 1
+# define OPENSSL_NPN_NO_OVERLAP 2
+
+__owur int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
+ unsigned int protos_len);
+__owur int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
+ unsigned int protos_len);
+typedef int (*SSL_CTX_alpn_select_cb_func)(SSL *ssl,
+ const unsigned char **out,
+ unsigned char *outlen,
+ const unsigned char *in,
+ unsigned int inlen,
+ void *arg);
+void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
+ SSL_CTX_alpn_select_cb_func cb,
+ void *arg);
+void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
+ unsigned int *len);
+
+# ifndef OPENSSL_NO_PSK
+/*
+ * the maximum length of the buffer given to callbacks containing the
+ * resulting identity/psk
+ */
+# define PSK_MAX_IDENTITY_LEN 128
+# define PSK_MAX_PSK_LEN 256
+typedef unsigned int (*SSL_psk_client_cb_func)(SSL *ssl,
+ const char *hint,
+ char *identity,
+ unsigned int max_identity_len,
+ unsigned char *psk,
+ unsigned int max_psk_len);
+void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb);
+void SSL_set_psk_client_callback(SSL *ssl, SSL_psk_client_cb_func cb);
+
+typedef unsigned int (*SSL_psk_server_cb_func)(SSL *ssl,
+ const char *identity,
+ unsigned char *psk,
+ unsigned int max_psk_len);
+void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb);
+void SSL_set_psk_server_callback(SSL *ssl, SSL_psk_server_cb_func cb);
+
+__owur int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint);
+__owur int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint);
+const char *SSL_get_psk_identity_hint(const SSL *s);
+const char *SSL_get_psk_identity(const SSL *s);
+# endif
+
+typedef int (*SSL_psk_find_session_cb_func)(SSL *ssl,
+ const unsigned char *identity,
+ size_t identity_len,
+ SSL_SESSION **sess);
+typedef int (*SSL_psk_use_session_cb_func)(SSL *ssl, const EVP_MD *md,
+ const unsigned char **id,
+ size_t *idlen,
+ SSL_SESSION **sess);
+
+void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb);
+void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx,
+ SSL_psk_find_session_cb_func cb);
+void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb);
+void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx,
+ SSL_psk_use_session_cb_func cb);
+
+/* Register callbacks to handle custom TLS Extensions for client or server. */
+
+__owur int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx,
+ unsigned int ext_type);
+
+__owur int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx,
+ unsigned int ext_type,
+ custom_ext_add_cb add_cb,
+ custom_ext_free_cb free_cb,
+ void *add_arg,
+ custom_ext_parse_cb parse_cb,
+ void *parse_arg);
+
+__owur int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx,
+ unsigned int ext_type,
+ custom_ext_add_cb add_cb,
+ custom_ext_free_cb free_cb,
+ void *add_arg,
+ custom_ext_parse_cb parse_cb,
+ void *parse_arg);
+
+__owur int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
+ unsigned int context,
+ SSL_custom_ext_add_cb_ex add_cb,
+ SSL_custom_ext_free_cb_ex free_cb,
+ void *add_arg,
+ SSL_custom_ext_parse_cb_ex parse_cb,
+ void *parse_arg);
+
+__owur int SSL_extension_supported(unsigned int ext_type);
+
+# define SSL_NOTHING 1
+# define SSL_WRITING 2
+# define SSL_READING 3
+# define SSL_X509_LOOKUP 4
+# define SSL_ASYNC_PAUSED 5
+# define SSL_ASYNC_NO_JOBS 6
+# define SSL_CLIENT_HELLO_CB 7
+
+/* These will only be used when doing non-blocking IO */
+# define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING)
+# define SSL_want_read(s) (SSL_want(s) == SSL_READING)
+# define SSL_want_write(s) (SSL_want(s) == SSL_WRITING)
+# define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP)
+# define SSL_want_async(s) (SSL_want(s) == SSL_ASYNC_PAUSED)
+# define SSL_want_async_job(s) (SSL_want(s) == SSL_ASYNC_NO_JOBS)
+# define SSL_want_client_hello_cb(s) (SSL_want(s) == SSL_CLIENT_HELLO_CB)
+
+# define SSL_MAC_FLAG_READ_MAC_STREAM 1
+# define SSL_MAC_FLAG_WRITE_MAC_STREAM 2
+
+/*
+ * A callback for logging out TLS key material. This callback should log out
+ * |line| followed by a newline.
+ */
+typedef void (*SSL_CTX_keylog_cb_func)(const SSL *ssl, const char *line);
+
+/*
+ * SSL_CTX_set_keylog_callback configures a callback to log key material. This
+ * is intended for debugging use with tools like Wireshark. The cb function
+ * should log line followed by a newline.
+ */
+void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb);
+
+/*
+ * SSL_CTX_get_keylog_callback returns the callback configured by
+ * SSL_CTX_set_keylog_callback.
+ */
+SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx);
+
+int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data);
+uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx);
+int SSL_set_max_early_data(SSL *s, uint32_t max_early_data);
+uint32_t SSL_get_max_early_data(const SSL *s);
+int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data);
+uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx);
+int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data);
+uint32_t SSL_get_recv_max_early_data(const SSL *s);
+
+#ifdef __cplusplus
+}
+#endif
+
+# include <openssl/ssl2.h>
+# include <openssl/ssl3.h>
+# include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */
+# include <openssl/dtls1.h> /* Datagram TLS */
+# include <openssl/srtp.h> /* Support for the use_srtp extension */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * These need to be after the above set of includes due to a compiler bug
+ * in VisualStudio 2015
+ */
+DEFINE_STACK_OF_CONST(SSL_CIPHER)
+DEFINE_STACK_OF(SSL_COMP)
+
+/* compatibility */
+# define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)(arg)))
+# define SSL_get_app_data(s) (SSL_get_ex_data(s,0))
+# define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0, \
+ (char *)(a)))
+# define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s,0))
+# define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0))
+# define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0, \
+ (char *)(arg)))
+DEPRECATEDIN_1_1_0(void SSL_set_debug(SSL *s, int debug))
+
+/* TLSv1.3 KeyUpdate message types */
+/* -1 used so that this is an invalid value for the on-the-wire protocol */
+#define SSL_KEY_UPDATE_NONE -1
+/* Values as defined for the on-the-wire protocol */
+#define SSL_KEY_UPDATE_NOT_REQUESTED 0
+#define SSL_KEY_UPDATE_REQUESTED 1
+
+/*
+ * The valid handshake states (one for each type message sent and one for each
+ * type of message received). There are also two "special" states:
+ * TLS = TLS or DTLS state
+ * DTLS = DTLS specific state
+ * CR/SR = Client Read/Server Read
+ * CW/SW = Client Write/Server Write
+ *
+ * The "special" states are:
+ * TLS_ST_BEFORE = No handshake has been initiated yet
+ * TLS_ST_OK = A handshake has been successfully completed
+ */
+typedef enum {
+ TLS_ST_BEFORE,
+ TLS_ST_OK,
+ DTLS_ST_CR_HELLO_VERIFY_REQUEST,
+ TLS_ST_CR_SRVR_HELLO,
+ TLS_ST_CR_CERT,
+ TLS_ST_CR_CERT_STATUS,
+ TLS_ST_CR_KEY_EXCH,
+ TLS_ST_CR_CERT_REQ,
+ TLS_ST_CR_SRVR_DONE,
+ TLS_ST_CR_SESSION_TICKET,
+ TLS_ST_CR_CHANGE,
+ TLS_ST_CR_FINISHED,
+ TLS_ST_CW_CLNT_HELLO,
+ TLS_ST_CW_CERT,
+ TLS_ST_CW_KEY_EXCH,
+ TLS_ST_CW_CERT_VRFY,
+ TLS_ST_CW_CHANGE,
+ TLS_ST_CW_NEXT_PROTO,
+ TLS_ST_CW_FINISHED,
+ TLS_ST_SW_HELLO_REQ,
+ TLS_ST_SR_CLNT_HELLO,
+ DTLS_ST_SW_HELLO_VERIFY_REQUEST,
+ TLS_ST_SW_SRVR_HELLO,
+ TLS_ST_SW_CERT,
+ TLS_ST_SW_KEY_EXCH,
+ TLS_ST_SW_CERT_REQ,
+ TLS_ST_SW_SRVR_DONE,
+ TLS_ST_SR_CERT,
+ TLS_ST_SR_KEY_EXCH,
+ TLS_ST_SR_CERT_VRFY,
+ TLS_ST_SR_NEXT_PROTO,
+ TLS_ST_SR_CHANGE,
+ TLS_ST_SR_FINISHED,
+ TLS_ST_SW_SESSION_TICKET,
+ TLS_ST_SW_CERT_STATUS,
+ TLS_ST_SW_CHANGE,
+ TLS_ST_SW_FINISHED,
+ TLS_ST_SW_ENCRYPTED_EXTENSIONS,
+ TLS_ST_CR_ENCRYPTED_EXTENSIONS,
+ TLS_ST_CR_CERT_VRFY,
+ TLS_ST_SW_CERT_VRFY,
+ TLS_ST_CR_HELLO_REQ,
+ TLS_ST_SW_KEY_UPDATE,
+ TLS_ST_CW_KEY_UPDATE,
+ TLS_ST_SR_KEY_UPDATE,
+ TLS_ST_CR_KEY_UPDATE,
+ TLS_ST_EARLY_DATA,
+ TLS_ST_PENDING_EARLY_DATA_END,
+ TLS_ST_CW_END_OF_EARLY_DATA,
+ TLS_ST_SR_END_OF_EARLY_DATA
+} OSSL_HANDSHAKE_STATE;
+
+/*
+ * Most of the following state values are no longer used and are defined to be
+ * the closest equivalent value in the current state machine code. Not all
+ * defines have an equivalent and are set to a dummy value (-1). SSL_ST_CONNECT
+ * and SSL_ST_ACCEPT are still in use in the definition of SSL_CB_ACCEPT_LOOP,
+ * SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP and SSL_CB_CONNECT_EXIT.
+ */
+
+# define SSL_ST_CONNECT 0x1000
+# define SSL_ST_ACCEPT 0x2000
+
+# define SSL_ST_MASK 0x0FFF
+
+# define SSL_CB_LOOP 0x01
+# define SSL_CB_EXIT 0x02
+# define SSL_CB_READ 0x04
+# define SSL_CB_WRITE 0x08
+# define SSL_CB_ALERT 0x4000/* used in callback */
+# define SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)
+# define SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)
+# define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)
+# define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)
+# define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)
+# define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)
+# define SSL_CB_HANDSHAKE_START 0x10
+# define SSL_CB_HANDSHAKE_DONE 0x20
+
+/* Is the SSL_connection established? */
+# define SSL_in_connect_init(a) (SSL_in_init(a) && !SSL_is_server(a))
+# define SSL_in_accept_init(a) (SSL_in_init(a) && SSL_is_server(a))
+int SSL_in_init(const SSL *s);
+int SSL_in_before(const SSL *s);
+int SSL_is_init_finished(const SSL *s);
+
+/*
+ * The following 3 states are kept in ssl->rlayer.rstate when reads fail, you
+ * should not need these
+ */
+# define SSL_ST_READ_HEADER 0xF0
+# define SSL_ST_READ_BODY 0xF1
+# define SSL_ST_READ_DONE 0xF2
+
+/*-
+ * Obtain latest Finished message
+ * -- that we sent (SSL_get_finished)
+ * -- that we expected from peer (SSL_get_peer_finished).
+ * Returns length (0 == no Finished so far), copies up to 'count' bytes.
+ */
+size_t SSL_get_finished(const SSL *s, void *buf, size_t count);
+size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
+
+/*
+ * use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 3 options are
+ * 'ored' with SSL_VERIFY_PEER if they are desired
+ */
+# define SSL_VERIFY_NONE 0x00
+# define SSL_VERIFY_PEER 0x01
+# define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
+# define SSL_VERIFY_CLIENT_ONCE 0x04
+# define SSL_VERIFY_POST_HANDSHAKE 0x08
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+# define OpenSSL_add_ssl_algorithms() SSL_library_init()
+# define SSLeay_add_ssl_algorithms() SSL_library_init()
+# endif
+
+/* More backward compatibility */
+# define SSL_get_cipher(s) \
+ SSL_CIPHER_get_name(SSL_get_current_cipher(s))
+# define SSL_get_cipher_bits(s,np) \
+ SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
+# define SSL_get_cipher_version(s) \
+ SSL_CIPHER_get_version(SSL_get_current_cipher(s))
+# define SSL_get_cipher_name(s) \
+ SSL_CIPHER_get_name(SSL_get_current_cipher(s))
+# define SSL_get_time(a) SSL_SESSION_get_time(a)
+# define SSL_set_time(a,b) SSL_SESSION_set_time((a),(b))
+# define SSL_get_timeout(a) SSL_SESSION_get_timeout(a)
+# define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b))
+
+# define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id)
+# define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id)
+
+DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
+# define SSL_AD_REASON_OFFSET 1000/* offset to get SSL_R_... value
+ * from SSL_AD_... */
+/* These alert types are for SSLv3 and TLSv1 */
+# define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY
+/* fatal */
+# define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE
+/* fatal */
+# define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC
+# define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED
+# define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW
+/* fatal */
+# define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE
+/* fatal */
+# define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE
+/* Not for TLS */
+# define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE
+# define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE
+# define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE
+# define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED
+# define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED
+# define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN
+/* fatal */
+# define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER
+/* fatal */
+# define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA
+/* fatal */
+# define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED
+/* fatal */
+# define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR
+# define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR
+/* fatal */
+# define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION
+/* fatal */
+# define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION
+/* fatal */
+# define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY
+/* fatal */
+# define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR
+# define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED
+# define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION
+# define SSL_AD_MISSING_EXTENSION TLS13_AD_MISSING_EXTENSION
+# define SSL_AD_CERTIFICATE_REQUIRED TLS13_AD_CERTIFICATE_REQUIRED
+# define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION
+# define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE
+# define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME
+# define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
+# define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
+/* fatal */
+# define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY
+/* fatal */
+# define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK
+# define SSL_AD_NO_APPLICATION_PROTOCOL TLS1_AD_NO_APPLICATION_PROTOCOL
+# define SSL_ERROR_NONE 0
+# define SSL_ERROR_SSL 1
+# define SSL_ERROR_WANT_READ 2
+# define SSL_ERROR_WANT_WRITE 3
+# define SSL_ERROR_WANT_X509_LOOKUP 4
+# define SSL_ERROR_SYSCALL 5/* look at error stack/return
+ * value/errno */
+# define SSL_ERROR_ZERO_RETURN 6
+# define SSL_ERROR_WANT_CONNECT 7
+# define SSL_ERROR_WANT_ACCEPT 8
+# define SSL_ERROR_WANT_ASYNC 9
+# define SSL_ERROR_WANT_ASYNC_JOB 10
+# define SSL_ERROR_WANT_CLIENT_HELLO_CB 11
+# define SSL_CTRL_SET_TMP_DH 3
+# define SSL_CTRL_SET_TMP_ECDH 4
+# define SSL_CTRL_SET_TMP_DH_CB 6
+# define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9
+# define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10
+# define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11
+# define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12
+# define SSL_CTRL_GET_FLAGS 13
+# define SSL_CTRL_EXTRA_CHAIN_CERT 14
+# define SSL_CTRL_SET_MSG_CALLBACK 15
+# define SSL_CTRL_SET_MSG_CALLBACK_ARG 16
+/* only applies to datagram connections */
+# define SSL_CTRL_SET_MTU 17
+/* Stats */
+# define SSL_CTRL_SESS_NUMBER 20
+# define SSL_CTRL_SESS_CONNECT 21
+# define SSL_CTRL_SESS_CONNECT_GOOD 22
+# define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23
+# define SSL_CTRL_SESS_ACCEPT 24
+# define SSL_CTRL_SESS_ACCEPT_GOOD 25
+# define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26
+# define SSL_CTRL_SESS_HIT 27
+# define SSL_CTRL_SESS_CB_HIT 28
+# define SSL_CTRL_SESS_MISSES 29
+# define SSL_CTRL_SESS_TIMEOUTS 30
+# define SSL_CTRL_SESS_CACHE_FULL 31
+# define SSL_CTRL_MODE 33
+# define SSL_CTRL_GET_READ_AHEAD 40
+# define SSL_CTRL_SET_READ_AHEAD 41
+# define SSL_CTRL_SET_SESS_CACHE_SIZE 42
+# define SSL_CTRL_GET_SESS_CACHE_SIZE 43
+# define SSL_CTRL_SET_SESS_CACHE_MODE 44
+# define SSL_CTRL_GET_SESS_CACHE_MODE 45
+# define SSL_CTRL_GET_MAX_CERT_LIST 50
+# define SSL_CTRL_SET_MAX_CERT_LIST 51
+# define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52
+/* see tls1.h for macros based on these */
+# define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53
+# define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54
+# define SSL_CTRL_SET_TLSEXT_HOSTNAME 55
+# define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56
+# define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57
+# define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58
+# define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59
+/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60 */
+/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61 */
+/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62 */
+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63
+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64
+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65
+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66
+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67
+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68
+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69
+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70
+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71
+# define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72
+# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75
+# define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76
+# define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77
+# define SSL_CTRL_SET_SRP_ARG 78
+# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79
+# define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80
+# define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81
+# ifndef OPENSSL_NO_HEARTBEATS
+# define SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT 85
+# define SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING 86
+# define SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS 87
+# endif
+# define DTLS_CTRL_GET_TIMEOUT 73
+# define DTLS_CTRL_HANDLE_TIMEOUT 74
+# define SSL_CTRL_GET_RI_SUPPORT 76
+# define SSL_CTRL_CLEAR_MODE 78
+# define SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB 79
+# define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82
+# define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83
+# define SSL_CTRL_CHAIN 88
+# define SSL_CTRL_CHAIN_CERT 89
+# define SSL_CTRL_GET_GROUPS 90
+# define SSL_CTRL_SET_GROUPS 91
+# define SSL_CTRL_SET_GROUPS_LIST 92
+# define SSL_CTRL_GET_SHARED_GROUP 93
+# define SSL_CTRL_SET_SIGALGS 97
+# define SSL_CTRL_SET_SIGALGS_LIST 98
+# define SSL_CTRL_CERT_FLAGS 99
+# define SSL_CTRL_CLEAR_CERT_FLAGS 100
+# define SSL_CTRL_SET_CLIENT_SIGALGS 101
+# define SSL_CTRL_SET_CLIENT_SIGALGS_LIST 102
+# define SSL_CTRL_GET_CLIENT_CERT_TYPES 103
+# define SSL_CTRL_SET_CLIENT_CERT_TYPES 104
+# define SSL_CTRL_BUILD_CERT_CHAIN 105
+# define SSL_CTRL_SET_VERIFY_CERT_STORE 106
+# define SSL_CTRL_SET_CHAIN_CERT_STORE 107
+# define SSL_CTRL_GET_PEER_SIGNATURE_NID 108
+# define SSL_CTRL_GET_PEER_TMP_KEY 109
+# define SSL_CTRL_GET_RAW_CIPHERLIST 110
+# define SSL_CTRL_GET_EC_POINT_FORMATS 111
+# define SSL_CTRL_GET_CHAIN_CERTS 115
+# define SSL_CTRL_SELECT_CURRENT_CERT 116
+# define SSL_CTRL_SET_CURRENT_CERT 117
+# define SSL_CTRL_SET_DH_AUTO 118
+# define DTLS_CTRL_SET_LINK_MTU 120
+# define DTLS_CTRL_GET_LINK_MIN_MTU 121
+# define SSL_CTRL_GET_EXTMS_SUPPORT 122
+# define SSL_CTRL_SET_MIN_PROTO_VERSION 123
+# define SSL_CTRL_SET_MAX_PROTO_VERSION 124
+# define SSL_CTRL_SET_SPLIT_SEND_FRAGMENT 125
+# define SSL_CTRL_SET_MAX_PIPELINES 126
+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE 127
+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB 128
+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129
+# define SSL_CTRL_GET_MIN_PROTO_VERSION 130
+# define SSL_CTRL_GET_MAX_PROTO_VERSION 131
+# define SSL_CTRL_GET_SIGNATURE_NID 132
+# define SSL_CTRL_GET_TMP_KEY 133
+# define SSL_CTRL_GET_VERIFY_CERT_STORE 137
+# define SSL_CTRL_GET_CHAIN_CERT_STORE 138
+# define SSL_CERT_SET_FIRST 1
+# define SSL_CERT_SET_NEXT 2
+# define SSL_CERT_SET_SERVER 3
+# define DTLSv1_get_timeout(ssl, arg) \
+ SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)(arg))
+# define DTLSv1_handle_timeout(ssl) \
+ SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL)
+# define SSL_num_renegotiations(ssl) \
+ SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL)
+# define SSL_clear_num_renegotiations(ssl) \
+ SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL)
+# define SSL_total_renegotiations(ssl) \
+ SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL)
+# define SSL_CTX_set_tmp_dh(ctx,dh) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)(dh))
+# define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh))
+# define SSL_CTX_set_dh_auto(ctx, onoff) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_DH_AUTO,onoff,NULL)
+# define SSL_set_dh_auto(s, onoff) \
+ SSL_ctrl(s,SSL_CTRL_SET_DH_AUTO,onoff,NULL)
+# define SSL_set_tmp_dh(ssl,dh) \
+ SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)(dh))
+# define SSL_set_tmp_ecdh(ssl,ecdh) \
+ SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh))
+# define SSL_CTX_add_extra_chain_cert(ctx,x509) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)(x509))
+# define SSL_CTX_get_extra_chain_certs(ctx,px509) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509)
+# define SSL_CTX_get_extra_chain_certs_only(ctx,px509) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,1,px509)
+# define SSL_CTX_clear_extra_chain_certs(ctx) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL)
+# define SSL_CTX_set0_chain(ctx,sk) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)(sk))
+# define SSL_CTX_set1_chain(ctx,sk) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)(sk))
+# define SSL_CTX_add0_chain_cert(ctx,x509) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)(x509))
+# define SSL_CTX_add1_chain_cert(ctx,x509) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)(x509))
+# define SSL_CTX_get0_chain_certs(ctx,px509) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERTS,0,px509)
+# define SSL_CTX_clear_chain_certs(ctx) \
+ SSL_CTX_set0_chain(ctx,NULL)
+# define SSL_CTX_build_cert_chain(ctx, flags) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL)
+# define SSL_CTX_select_current_cert(ctx,x509) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)(x509))
+# define SSL_CTX_set_current_cert(ctx, op) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL)
+# define SSL_CTX_set0_verify_cert_store(ctx,st) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st))
+# define SSL_CTX_set1_verify_cert_store(ctx,st) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)(st))
+# define SSL_CTX_get0_verify_cert_store(ctx,st) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_VERIFY_CERT_STORE,0,(char *)(st))
+# define SSL_CTX_set0_chain_cert_store(ctx,st) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st))
+# define SSL_CTX_set1_chain_cert_store(ctx,st) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st))
+# define SSL_CTX_get0_chain_cert_store(ctx,st) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERT_STORE,0,(char *)(st))
+# define SSL_set0_chain(s,sk) \
+ SSL_ctrl(s,SSL_CTRL_CHAIN,0,(char *)(sk))
+# define SSL_set1_chain(s,sk) \
+ SSL_ctrl(s,SSL_CTRL_CHAIN,1,(char *)(sk))
+# define SSL_add0_chain_cert(s,x509) \
+ SSL_ctrl(s,SSL_CTRL_CHAIN_CERT,0,(char *)(x509))
+# define SSL_add1_chain_cert(s,x509) \
+ SSL_ctrl(s,SSL_CTRL_CHAIN_CERT,1,(char *)(x509))
+# define SSL_get0_chain_certs(s,px509) \
+ SSL_ctrl(s,SSL_CTRL_GET_CHAIN_CERTS,0,px509)
+# define SSL_clear_chain_certs(s) \
+ SSL_set0_chain(s,NULL)
+# define SSL_build_cert_chain(s, flags) \
+ SSL_ctrl(s,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL)
+# define SSL_select_current_cert(s,x509) \
+ SSL_ctrl(s,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)(x509))
+# define SSL_set_current_cert(s,op) \
+ SSL_ctrl(s,SSL_CTRL_SET_CURRENT_CERT, op, NULL)
+# define SSL_set0_verify_cert_store(s,st) \
+ SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st))
+# define SSL_set1_verify_cert_store(s,st) \
+ SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)(st))
+#define SSL_get0_verify_cert_store(s,st) \
+ SSL_ctrl(s,SSL_CTRL_GET_VERIFY_CERT_STORE,0,(char *)(st))
+# define SSL_set0_chain_cert_store(s,st) \
+ SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st))
+# define SSL_set1_chain_cert_store(s,st) \
+ SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st))
+#define SSL_get0_chain_cert_store(s,st) \
+ SSL_ctrl(s,SSL_CTRL_GET_CHAIN_CERT_STORE,0,(char *)(st))
+# define SSL_get1_groups(s, glist) \
+ SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist))
+# define SSL_CTX_set1_groups(ctx, glist, glistlen) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist))
+# define SSL_CTX_set1_groups_list(ctx, s) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS_LIST,0,(char *)(s))
+# define SSL_set1_groups(s, glist, glistlen) \
+ SSL_ctrl(s,SSL_CTRL_SET_GROUPS,glistlen,(char *)(glist))
+# define SSL_set1_groups_list(s, str) \
+ SSL_ctrl(s,SSL_CTRL_SET_GROUPS_LIST,0,(char *)(str))
+# define SSL_get_shared_group(s, n) \
+ SSL_ctrl(s,SSL_CTRL_GET_SHARED_GROUP,n,NULL)
+# define SSL_CTX_set1_sigalgs(ctx, slist, slistlen) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)(slist))
+# define SSL_CTX_set1_sigalgs_list(ctx, s) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)(s))
+# define SSL_set1_sigalgs(s, slist, slistlen) \
+ SSL_ctrl(s,SSL_CTRL_SET_SIGALGS,slistlen,(int *)(slist))
+# define SSL_set1_sigalgs_list(s, str) \
+ SSL_ctrl(s,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)(str))
+# define SSL_CTX_set1_client_sigalgs(ctx, slist, slistlen) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)(slist))
+# define SSL_CTX_set1_client_sigalgs_list(ctx, s) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)(s))
+# define SSL_set1_client_sigalgs(s, slist, slistlen) \
+ SSL_ctrl(s,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)(slist))
+# define SSL_set1_client_sigalgs_list(s, str) \
+ SSL_ctrl(s,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)(str))
+# define SSL_get0_certificate_types(s, clist) \
+ SSL_ctrl(s, SSL_CTRL_GET_CLIENT_CERT_TYPES, 0, (char *)(clist))
+# define SSL_CTX_set1_client_certificate_types(ctx, clist, clistlen) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen, \
+ (char *)(clist))
+# define SSL_set1_client_certificate_types(s, clist, clistlen) \
+ SSL_ctrl(s,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)(clist))
+# define SSL_get_signature_nid(s, pn) \
+ SSL_ctrl(s,SSL_CTRL_GET_SIGNATURE_NID,0,pn)
+# define SSL_get_peer_signature_nid(s, pn) \
+ SSL_ctrl(s,SSL_CTRL_GET_PEER_SIGNATURE_NID,0,pn)
+# define SSL_get_peer_tmp_key(s, pk) \
+ SSL_ctrl(s,SSL_CTRL_GET_PEER_TMP_KEY,0,pk)
+# define SSL_get_tmp_key(s, pk) \
+ SSL_ctrl(s,SSL_CTRL_GET_TMP_KEY,0,pk)
+# define SSL_get0_raw_cipherlist(s, plst) \
+ SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,plst)
+# define SSL_get0_ec_point_formats(s, plst) \
+ SSL_ctrl(s,SSL_CTRL_GET_EC_POINT_FORMATS,0,plst)
+# define SSL_CTX_set_min_proto_version(ctx, version) \
+ SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL)
+# define SSL_CTX_set_max_proto_version(ctx, version) \
+ SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL)
+# define SSL_CTX_get_min_proto_version(ctx) \
+ SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL)
+# define SSL_CTX_get_max_proto_version(ctx) \
+ SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL)
+# define SSL_set_min_proto_version(s, version) \
+ SSL_ctrl(s, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL)
+# define SSL_set_max_proto_version(s, version) \
+ SSL_ctrl(s, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL)
+# define SSL_get_min_proto_version(s) \
+ SSL_ctrl(s, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL)
+# define SSL_get_max_proto_version(s) \
+ SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL)
+
+/* Backwards compatibility, original 1.1.0 names */
+# define SSL_CTRL_GET_SERVER_TMP_KEY \
+ SSL_CTRL_GET_PEER_TMP_KEY
+# define SSL_get_server_tmp_key(s, pk) \
+ SSL_get_peer_tmp_key(s, pk)
+
+/*
+ * The following symbol names are old and obsolete. They are kept
+ * for compatibility reasons only and should not be used anymore.
+ */
+# define SSL_CTRL_GET_CURVES SSL_CTRL_GET_GROUPS
+# define SSL_CTRL_SET_CURVES SSL_CTRL_SET_GROUPS
+# define SSL_CTRL_SET_CURVES_LIST SSL_CTRL_SET_GROUPS_LIST
+# define SSL_CTRL_GET_SHARED_CURVE SSL_CTRL_GET_SHARED_GROUP
+
+# define SSL_get1_curves SSL_get1_groups
+# define SSL_CTX_set1_curves SSL_CTX_set1_groups
+# define SSL_CTX_set1_curves_list SSL_CTX_set1_groups_list
+# define SSL_set1_curves SSL_set1_groups
+# define SSL_set1_curves_list SSL_set1_groups_list
+# define SSL_get_shared_curve SSL_get_shared_group
+
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+/* Provide some compatibility macros for removed functionality. */
+# define SSL_CTX_need_tmp_RSA(ctx) 0
+# define SSL_CTX_set_tmp_rsa(ctx,rsa) 1
+# define SSL_need_tmp_RSA(ssl) 0
+# define SSL_set_tmp_rsa(ssl,rsa) 1
+# define SSL_CTX_set_ecdh_auto(dummy, onoff) ((onoff) != 0)
+# define SSL_set_ecdh_auto(dummy, onoff) ((onoff) != 0)
+/*
+ * We "pretend" to call the callback to avoid warnings about unused static
+ * functions.
+ */
+# define SSL_CTX_set_tmp_rsa_callback(ctx, cb) while(0) (cb)(NULL, 0, 0)
+# define SSL_set_tmp_rsa_callback(ssl, cb) while(0) (cb)(NULL, 0, 0)
+# endif
+__owur const BIO_METHOD *BIO_f_ssl(void);
+__owur BIO *BIO_new_ssl(SSL_CTX *ctx, int client);
+__owur BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
+__owur BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
+__owur int BIO_ssl_copy_session_id(BIO *to, BIO *from);
+void BIO_ssl_shutdown(BIO *ssl_bio);
+
+__owur int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str);
+__owur SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
+int SSL_CTX_up_ref(SSL_CTX *ctx);
+void SSL_CTX_free(SSL_CTX *);
+__owur long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
+__owur long SSL_CTX_get_timeout(const SSL_CTX *ctx);
+__owur X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
+void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *);
+void SSL_CTX_set1_cert_store(SSL_CTX *, X509_STORE *);
+__owur int SSL_want(const SSL *s);
+__owur int SSL_clear(SSL *s);
+
+void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm);
+
+__owur const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
+__owur const SSL_CIPHER *SSL_get_pending_cipher(const SSL *s);
+__owur int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits);
+__owur const char *SSL_CIPHER_get_version(const SSL_CIPHER *c);
+__owur const char *SSL_CIPHER_get_name(const SSL_CIPHER *c);
+__owur const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c);
+__owur const char *OPENSSL_cipher_name(const char *rfc_name);
+__owur uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c);
+__owur uint16_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c);
+__owur int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c);
+__owur int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c);
+__owur const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c);
+__owur int SSL_CIPHER_is_aead(const SSL_CIPHER *c);
+
+__owur int SSL_get_fd(const SSL *s);
+__owur int SSL_get_rfd(const SSL *s);
+__owur int SSL_get_wfd(const SSL *s);
+__owur const char *SSL_get_cipher_list(const SSL *s, int n);
+__owur char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size);
+__owur int SSL_get_read_ahead(const SSL *s);
+__owur int SSL_pending(const SSL *s);
+__owur int SSL_has_pending(const SSL *s);
+# ifndef OPENSSL_NO_SOCK
+__owur int SSL_set_fd(SSL *s, int fd);
+__owur int SSL_set_rfd(SSL *s, int fd);
+__owur int SSL_set_wfd(SSL *s, int fd);
+# endif
+void SSL_set0_rbio(SSL *s, BIO *rbio);
+void SSL_set0_wbio(SSL *s, BIO *wbio);
+void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio);
+__owur BIO *SSL_get_rbio(const SSL *s);
+__owur BIO *SSL_get_wbio(const SSL *s);
+__owur int SSL_set_cipher_list(SSL *s, const char *str);
+__owur int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str);
+__owur int SSL_set_ciphersuites(SSL *s, const char *str);
+void SSL_set_read_ahead(SSL *s, int yes);
+__owur int SSL_get_verify_mode(const SSL *s);
+__owur int SSL_get_verify_depth(const SSL *s);
+__owur SSL_verify_cb SSL_get_verify_callback(const SSL *s);
+void SSL_set_verify(SSL *s, int mode, SSL_verify_cb callback);
+void SSL_set_verify_depth(SSL *s, int depth);
+void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg);
+# ifndef OPENSSL_NO_RSA
+__owur int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
+__owur int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d,
+ long len);
+# endif
+__owur int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
+__owur int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d,
+ long len);
+__owur int SSL_use_certificate(SSL *ssl, X509 *x);
+__owur int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len);
+__owur int SSL_use_cert_and_key(SSL *ssl, X509 *x509, EVP_PKEY *privatekey,
+ STACK_OF(X509) *chain, int override);
+
+
+/* serverinfo file format versions */
+# define SSL_SERVERINFOV1 1
+# define SSL_SERVERINFOV2 2
+
+/* Set serverinfo data for the current active cert. */
+__owur int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
+ size_t serverinfo_length);
+__owur int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version,
+ const unsigned char *serverinfo,
+ size_t serverinfo_length);
+__owur int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file);
+
+#ifndef OPENSSL_NO_RSA
+__owur int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
+#endif
+
+__owur int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
+__owur int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
+
+#ifndef OPENSSL_NO_RSA
+__owur int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file,
+ int type);
+#endif
+__owur int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file,
+ int type);
+__owur int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file,
+ int type);
+/* PEM type */
+__owur int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file);
+__owur int SSL_use_certificate_chain_file(SSL *ssl, const char *file);
+__owur STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
+__owur int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
+ const char *file);
+int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
+ const char *dir);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+# define SSL_load_error_strings() \
+ OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \
+ | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL)
+# endif
+
+__owur const char *SSL_state_string(const SSL *s);
+__owur const char *SSL_rstate_string(const SSL *s);
+__owur const char *SSL_state_string_long(const SSL *s);
+__owur const char *SSL_rstate_string_long(const SSL *s);
+__owur long SSL_SESSION_get_time(const SSL_SESSION *s);
+__owur long SSL_SESSION_set_time(SSL_SESSION *s, long t);
+__owur long SSL_SESSION_get_timeout(const SSL_SESSION *s);
+__owur long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
+__owur int SSL_SESSION_get_protocol_version(const SSL_SESSION *s);
+__owur int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version);
+
+__owur const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s);
+__owur int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname);
+void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s,
+ const unsigned char **alpn,
+ size_t *len);
+__owur int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s,
+ const unsigned char *alpn,
+ size_t len);
+__owur const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s);
+__owur int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher);
+__owur int SSL_SESSION_has_ticket(const SSL_SESSION *s);
+__owur unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s);
+void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick,
+ size_t *len);
+__owur uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s);
+__owur int SSL_SESSION_set_max_early_data(SSL_SESSION *s,
+ uint32_t max_early_data);
+__owur int SSL_copy_session_id(SSL *to, const SSL *from);
+__owur X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);
+__owur int SSL_SESSION_set1_id_context(SSL_SESSION *s,
+ const unsigned char *sid_ctx,
+ unsigned int sid_ctx_len);
+__owur int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,
+ unsigned int sid_len);
+__owur int SSL_SESSION_is_resumable(const SSL_SESSION *s);
+
+__owur SSL_SESSION *SSL_SESSION_new(void);
+__owur SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src);
+const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
+ unsigned int *len);
+const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s,
+ unsigned int *len);
+__owur unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s);
+# ifndef OPENSSL_NO_STDIO
+int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses);
+# endif
+int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses);
+int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x);
+int SSL_SESSION_up_ref(SSL_SESSION *ses);
+void SSL_SESSION_free(SSL_SESSION *ses);
+__owur int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
+__owur int SSL_set_session(SSL *to, SSL_SESSION *session);
+int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *session);
+int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *session);
+__owur int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb);
+__owur int SSL_set_generate_session_id(SSL *s, GEN_SESSION_CB cb);
+__owur int SSL_has_matching_session_id(const SSL *s,
+ const unsigned char *id,
+ unsigned int id_len);
+SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
+ long length);
+
+# ifdef HEADER_X509_H
+__owur X509 *SSL_get_peer_certificate(const SSL *s);
+# endif
+
+__owur STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s);
+
+__owur int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
+__owur int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
+__owur SSL_verify_cb SSL_CTX_get_verify_callback(const SSL_CTX *ctx);
+void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, SSL_verify_cb callback);
+void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth);
+void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
+ int (*cb) (X509_STORE_CTX *, void *),
+ void *arg);
+void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg),
+ void *arg);
+# ifndef OPENSSL_NO_RSA
+__owur int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
+__owur int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d,
+ long len);
+# endif
+__owur int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
+__owur int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx,
+ const unsigned char *d, long len);
+__owur int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
+__owur int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len,
+ const unsigned char *d);
+__owur int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey,
+ STACK_OF(X509) *chain, int override);
+
+void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
+void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
+pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx);
+void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx);
+void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb);
+void SSL_set_default_passwd_cb_userdata(SSL *s, void *u);
+pem_password_cb *SSL_get_default_passwd_cb(SSL *s);
+void *SSL_get_default_passwd_cb_userdata(SSL *s);
+
+__owur int SSL_CTX_check_private_key(const SSL_CTX *ctx);
+__owur int SSL_check_private_key(const SSL *ctx);
+
+__owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx,
+ const unsigned char *sid_ctx,
+ unsigned int sid_ctx_len);
+
+SSL *SSL_new(SSL_CTX *ctx);
+int SSL_up_ref(SSL *s);
+int SSL_is_dtls(const SSL *s);
+__owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
+ unsigned int sid_ctx_len);
+
+__owur int SSL_CTX_set_purpose(SSL_CTX *ctx, int purpose);
+__owur int SSL_set_purpose(SSL *ssl, int purpose);
+__owur int SSL_CTX_set_trust(SSL_CTX *ctx, int trust);
+__owur int SSL_set_trust(SSL *ssl, int trust);
+
+__owur int SSL_set1_host(SSL *s, const char *hostname);
+__owur int SSL_add1_host(SSL *s, const char *hostname);
+__owur const char *SSL_get0_peername(SSL *s);
+void SSL_set_hostflags(SSL *s, unsigned int flags);
+
+__owur int SSL_CTX_dane_enable(SSL_CTX *ctx);
+__owur int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md,
+ uint8_t mtype, uint8_t ord);
+__owur int SSL_dane_enable(SSL *s, const char *basedomain);
+__owur int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector,
+ uint8_t mtype, unsigned const char *data, size_t dlen);
+__owur int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki);
+__owur int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector,
+ uint8_t *mtype, unsigned const char **data,
+ size_t *dlen);
+/*
+ * Bridge opacity barrier between libcrypt and libssl, also needed to support
+ * offline testing in test/danetest.c
+ */
+SSL_DANE *SSL_get0_dane(SSL *ssl);
+/*
+ * DANE flags
+ */
+unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags);
+unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags);
+unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags);
+unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags);
+
+__owur int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);
+__owur int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm);
+
+__owur X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx);
+__owur X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl);
+
+# ifndef OPENSSL_NO_SRP
+int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name);
+int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password);
+int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength);
+int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx,
+ char *(*cb) (SSL *, void *));
+int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx,
+ int (*cb) (SSL *, void *));
+int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx,
+ int (*cb) (SSL *, int *, void *));
+int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg);
+
+int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g,
+ BIGNUM *sa, BIGNUM *v, char *info);
+int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass,
+ const char *grp);
+
+__owur BIGNUM *SSL_get_srp_g(SSL *s);
+__owur BIGNUM *SSL_get_srp_N(SSL *s);
+
+__owur char *SSL_get_srp_username(SSL *s);
+__owur char *SSL_get_srp_userinfo(SSL *s);
+# endif
+
+/*
+ * ClientHello callback and helpers.
+ */
+
+# define SSL_CLIENT_HELLO_SUCCESS 1
+# define SSL_CLIENT_HELLO_ERROR 0
+# define SSL_CLIENT_HELLO_RETRY (-1)
+
+typedef int (*SSL_client_hello_cb_fn) (SSL *s, int *al, void *arg);
+void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn cb,
+ void *arg);
+int SSL_client_hello_isv2(SSL *s);
+unsigned int SSL_client_hello_get0_legacy_version(SSL *s);
+size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out);
+size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out);
+size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out);
+size_t SSL_client_hello_get0_compression_methods(SSL *s,
+ const unsigned char **out);
+int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen);
+int SSL_client_hello_get0_ext(SSL *s, unsigned int type,
+ const unsigned char **out, size_t *outlen);
+
+void SSL_certs_clear(SSL *s);
+void SSL_free(SSL *ssl);
+# ifdef OSSL_ASYNC_FD
+/*
+ * Windows application developer has to include windows.h to use these.
+ */
+__owur int SSL_waiting_for_async(SSL *s);
+__owur int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds);
+__owur int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd,
+ size_t *numaddfds, OSSL_ASYNC_FD *delfd,
+ size_t *numdelfds);
+# endif
+__owur int SSL_accept(SSL *ssl);
+__owur int SSL_stateless(SSL *s);
+__owur int SSL_connect(SSL *ssl);
+__owur int SSL_read(SSL *ssl, void *buf, int num);
+__owur int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes);
+
+# define SSL_READ_EARLY_DATA_ERROR 0
+# define SSL_READ_EARLY_DATA_SUCCESS 1
+# define SSL_READ_EARLY_DATA_FINISH 2
+
+__owur int SSL_read_early_data(SSL *s, void *buf, size_t num,
+ size_t *readbytes);
+__owur int SSL_peek(SSL *ssl, void *buf, int num);
+__owur int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes);
+__owur int SSL_write(SSL *ssl, const void *buf, int num);
+__owur int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written);
+__owur int SSL_write_early_data(SSL *s, const void *buf, size_t num,
+ size_t *written);
+long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg);
+long SSL_callback_ctrl(SSL *, int, void (*)(void));
+long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg);
+long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void));
+
+# define SSL_EARLY_DATA_NOT_SENT 0
+# define SSL_EARLY_DATA_REJECTED 1
+# define SSL_EARLY_DATA_ACCEPTED 2
+
+__owur int SSL_get_early_data_status(const SSL *s);
+
+__owur int SSL_get_error(const SSL *s, int ret_code);
+__owur const char *SSL_get_version(const SSL *s);
+
+/* This sets the 'default' SSL version that SSL_new() will create */
+__owur int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
+
+# ifndef OPENSSL_NO_SSL3_METHOD
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_method(void)) /* SSLv3 */
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_server_method(void))
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_client_method(void))
+# endif
+
+#define SSLv23_method TLS_method
+#define SSLv23_server_method TLS_server_method
+#define SSLv23_client_method TLS_client_method
+
+/* Negotiate highest available SSL/TLS version */
+__owur const SSL_METHOD *TLS_method(void);
+__owur const SSL_METHOD *TLS_server_method(void);
+__owur const SSL_METHOD *TLS_client_method(void);
+
+# ifndef OPENSSL_NO_TLS1_METHOD
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_method(void)) /* TLSv1.0 */
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_server_method(void))
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_client_method(void))
+# endif
+
+# ifndef OPENSSL_NO_TLS1_1_METHOD
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_method(void)) /* TLSv1.1 */
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_server_method(void))
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_client_method(void))
+# endif
+
+# ifndef OPENSSL_NO_TLS1_2_METHOD
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_method(void)) /* TLSv1.2 */
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_server_method(void))
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_client_method(void))
+# endif
+
+# ifndef OPENSSL_NO_DTLS1_METHOD
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_method(void)) /* DTLSv1.0 */
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_server_method(void))
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_client_method(void))
+# endif
+
+# ifndef OPENSSL_NO_DTLS1_2_METHOD
+/* DTLSv1.2 */
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_method(void))
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_server_method(void))
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_client_method(void))
+# endif
+
+__owur const SSL_METHOD *DTLS_method(void); /* DTLS 1.0 and 1.2 */
+__owur const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */
+__owur const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */
+
+__owur size_t DTLS_get_data_mtu(const SSL *s);
+
+__owur STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
+__owur STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx);
+__owur STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s);
+__owur STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s);
+
+__owur int SSL_do_handshake(SSL *s);
+int SSL_key_update(SSL *s, int updatetype);
+int SSL_get_key_update_type(const SSL *s);
+int SSL_renegotiate(SSL *s);
+int SSL_renegotiate_abbreviated(SSL *s);
+__owur int SSL_renegotiate_pending(const SSL *s);
+int SSL_shutdown(SSL *s);
+__owur int SSL_verify_client_post_handshake(SSL *s);
+void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val);
+void SSL_set_post_handshake_auth(SSL *s, int val);
+
+__owur const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx);
+__owur const SSL_METHOD *SSL_get_ssl_method(const SSL *s);
+__owur int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method);
+__owur const char *SSL_alert_type_string_long(int value);
+__owur const char *SSL_alert_type_string(int value);
+__owur const char *SSL_alert_desc_string_long(int value);
+__owur const char *SSL_alert_desc_string(int value);
+
+void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
+void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
+__owur const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s);
+__owur const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx);
+__owur int SSL_add1_to_CA_list(SSL *ssl, const X509 *x);
+__owur int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x);
+__owur const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s);
+
+void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
+void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
+__owur STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
+__owur STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s);
+__owur int SSL_add_client_CA(SSL *ssl, X509 *x);
+__owur int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x);
+
+void SSL_set_connect_state(SSL *s);
+void SSL_set_accept_state(SSL *s);
+
+__owur long SSL_get_default_timeout(const SSL *s);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+# define SSL_library_init() OPENSSL_init_ssl(0, NULL)
+# endif
+
+__owur char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size);
+__owur STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk);
+
+__owur SSL *SSL_dup(SSL *ssl);
+
+__owur X509 *SSL_get_certificate(const SSL *ssl);
+/*
+ * EVP_PKEY
+ */
+struct evp_pkey_st *SSL_get_privatekey(const SSL *ssl);
+
+__owur X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx);
+__owur EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx);
+
+void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode);
+__owur int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
+void SSL_set_quiet_shutdown(SSL *ssl, int mode);
+__owur int SSL_get_quiet_shutdown(const SSL *ssl);
+void SSL_set_shutdown(SSL *ssl, int mode);
+__owur int SSL_get_shutdown(const SSL *ssl);
+__owur int SSL_version(const SSL *ssl);
+__owur int SSL_client_version(const SSL *s);
+__owur int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
+__owur int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx);
+__owur int SSL_CTX_set_default_verify_file(SSL_CTX *ctx);
+__owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
+ const char *CApath);
+# define SSL_get0_session SSL_get_session/* just peek at pointer */
+__owur SSL_SESSION *SSL_get_session(const SSL *ssl);
+__owur SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
+__owur SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
+SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx);
+void SSL_set_info_callback(SSL *ssl,
+ void (*cb) (const SSL *ssl, int type, int val));
+void (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type,
+ int val);
+__owur OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl);
+
+void SSL_set_verify_result(SSL *ssl, long v);
+__owur long SSL_get_verify_result(const SSL *ssl);
+__owur STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s);
+
+__owur size_t SSL_get_client_random(const SSL *ssl, unsigned char *out,
+ size_t outlen);
+__owur size_t SSL_get_server_random(const SSL *ssl, unsigned char *out,
+ size_t outlen);
+__owur size_t SSL_SESSION_get_master_key(const SSL_SESSION *sess,
+ unsigned char *out, size_t outlen);
+__owur int SSL_SESSION_set1_master_key(SSL_SESSION *sess,
+ const unsigned char *in, size_t len);
+uint8_t SSL_SESSION_get_max_fragment_length(const SSL_SESSION *sess);
+
+#define SSL_get_ex_new_index(l, p, newf, dupf, freef) \
+ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, l, p, newf, dupf, freef)
+__owur int SSL_set_ex_data(SSL *ssl, int idx, void *data);
+void *SSL_get_ex_data(const SSL *ssl, int idx);
+#define SSL_SESSION_get_ex_new_index(l, p, newf, dupf, freef) \
+ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, l, p, newf, dupf, freef)
+__owur int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data);
+void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss, int idx);
+#define SSL_CTX_get_ex_new_index(l, p, newf, dupf, freef) \
+ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, l, p, newf, dupf, freef)
+__owur int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data);
+void *SSL_CTX_get_ex_data(const SSL_CTX *ssl, int idx);
+
+__owur int SSL_get_ex_data_X509_STORE_CTX_idx(void);
+
+# define SSL_CTX_sess_set_cache_size(ctx,t) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL)
+# define SSL_CTX_sess_get_cache_size(ctx) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL)
+# define SSL_CTX_set_session_cache_mode(ctx,m) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL)
+# define SSL_CTX_get_session_cache_mode(ctx) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL)
+
+# define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx)
+# define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m)
+# define SSL_CTX_get_read_ahead(ctx) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL)
+# define SSL_CTX_set_read_ahead(ctx,m) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL)
+# define SSL_CTX_get_max_cert_list(ctx) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
+# define SSL_CTX_set_max_cert_list(ctx,m) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
+# define SSL_get_max_cert_list(ssl) \
+ SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
+# define SSL_set_max_cert_list(ssl,m) \
+ SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
+
+# define SSL_CTX_set_max_send_fragment(ctx,m) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
+# define SSL_set_max_send_fragment(ssl,m) \
+ SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
+# define SSL_CTX_set_split_send_fragment(ctx,m) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL)
+# define SSL_set_split_send_fragment(ssl,m) \
+ SSL_ctrl(ssl,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL)
+# define SSL_CTX_set_max_pipelines(ctx,m) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_PIPELINES,m,NULL)
+# define SSL_set_max_pipelines(ssl,m) \
+ SSL_ctrl(ssl,SSL_CTRL_SET_MAX_PIPELINES,m,NULL)
+
+void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len);
+void SSL_set_default_read_buffer_len(SSL *s, size_t len);
+
+# ifndef OPENSSL_NO_DH
+/* NB: the |keylength| is only applicable when is_export is true */
+void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
+ DH *(*dh) (SSL *ssl, int is_export,
+ int keylength));
+void SSL_set_tmp_dh_callback(SSL *ssl,
+ DH *(*dh) (SSL *ssl, int is_export,
+ int keylength));
+# endif
+
+__owur const COMP_METHOD *SSL_get_current_compression(const SSL *s);
+__owur const COMP_METHOD *SSL_get_current_expansion(const SSL *s);
+__owur const char *SSL_COMP_get_name(const COMP_METHOD *comp);
+__owur const char *SSL_COMP_get0_name(const SSL_COMP *comp);
+__owur int SSL_COMP_get_id(const SSL_COMP *comp);
+STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
+__owur STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP)
+ *meths);
+# if OPENSSL_API_COMPAT < 0x10100000L
+# define SSL_COMP_free_compression_methods() while(0) continue
+# endif
+__owur int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm);
+
+const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr);
+int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c);
+int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c);
+int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len,
+ int isv2format, STACK_OF(SSL_CIPHER) **sk,
+ STACK_OF(SSL_CIPHER) **scsvs);
+
+/* TLS extensions functions */
+__owur int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len);
+
+__owur int SSL_set_session_ticket_ext_cb(SSL *s,
+ tls_session_ticket_ext_cb_fn cb,
+ void *arg);
+
+/* Pre-shared secret session resumption functions */
+__owur int SSL_set_session_secret_cb(SSL *s,
+ tls_session_secret_cb_fn session_secret_cb,
+ void *arg);
+
+void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx,
+ int (*cb) (SSL *ssl,
+ int
+ is_forward_secure));
+
+void SSL_set_not_resumable_session_callback(SSL *ssl,
+ int (*cb) (SSL *ssl,
+ int is_forward_secure));
+
+void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx,
+ size_t (*cb) (SSL *ssl, int type,
+ size_t len, void *arg));
+void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg);
+void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx);
+int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size);
+
+void SSL_set_record_padding_callback(SSL *ssl,
+ size_t (*cb) (SSL *ssl, int type,
+ size_t len, void *arg));
+void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg);
+void *SSL_get_record_padding_callback_arg(const SSL *ssl);
+int SSL_set_block_padding(SSL *ssl, size_t block_size);
+
+int SSL_set_num_tickets(SSL *s, size_t num_tickets);
+size_t SSL_get_num_tickets(const SSL *s);
+int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
+size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+# define SSL_cache_hit(s) SSL_session_reused(s)
+# endif
+
+__owur int SSL_session_reused(const SSL *s);
+__owur int SSL_is_server(const SSL *s);
+
+__owur __owur SSL_CONF_CTX *SSL_CONF_CTX_new(void);
+int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx);
+void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx);
+unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags);
+__owur unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx,
+ unsigned int flags);
+__owur int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *pre);
+
+void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl);
+void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx);
+
+__owur int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value);
+__owur int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv);
+__owur int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd);
+
+void SSL_add_ssl_module(void);
+int SSL_config(SSL *s, const char *name);
+int SSL_CTX_config(SSL_CTX *ctx, const char *name);
+
+# ifndef OPENSSL_NO_SSL_TRACE
+void SSL_trace(int write_p, int version, int content_type,
+ const void *buf, size_t len, SSL *ssl, void *arg);
+# endif
+
+# ifndef OPENSSL_NO_SOCK
+int DTLSv1_listen(SSL *s, BIO_ADDR *client);
+# endif
+
+# ifndef OPENSSL_NO_CT
+
+/*
+ * A callback for verifying that the received SCTs are sufficient.
+ * Expected to return 1 if they are sufficient, otherwise 0.
+ * May return a negative integer if an error occurs.
+ * A connection should be aborted if the SCTs are deemed insufficient.
+ */
+typedef int (*ssl_ct_validation_cb)(const CT_POLICY_EVAL_CTX *ctx,
+ const STACK_OF(SCT) *scts, void *arg);
+
+/*
+ * Sets a |callback| that is invoked upon receipt of ServerHelloDone to validate
+ * the received SCTs.
+ * If the callback returns a non-positive result, the connection is terminated.
+ * Call this function before beginning a handshake.
+ * If a NULL |callback| is provided, SCT validation is disabled.
+ * |arg| is arbitrary userdata that will be passed to the callback whenever it
+ * is invoked. Ownership of |arg| remains with the caller.
+ *
+ * NOTE: A side-effect of setting a CT callback is that an OCSP stapled response
+ * will be requested.
+ */
+int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback,
+ void *arg);
+int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx,
+ ssl_ct_validation_cb callback,
+ void *arg);
+#define SSL_disable_ct(s) \
+ ((void) SSL_set_validation_callback((s), NULL, NULL))
+#define SSL_CTX_disable_ct(ctx) \
+ ((void) SSL_CTX_set_validation_callback((ctx), NULL, NULL))
+
+/*
+ * The validation type enumerates the available behaviours of the built-in SSL
+ * CT validation callback selected via SSL_enable_ct() and SSL_CTX_enable_ct().
+ * The underlying callback is a static function in libssl.
+ */
+enum {
+ SSL_CT_VALIDATION_PERMISSIVE = 0,
+ SSL_CT_VALIDATION_STRICT
+};
+
+/*
+ * Enable CT by setting up a callback that implements one of the built-in
+ * validation variants. The SSL_CT_VALIDATION_PERMISSIVE variant always
+ * continues the handshake, the application can make appropriate decisions at
+ * handshake completion. The SSL_CT_VALIDATION_STRICT variant requires at
+ * least one valid SCT, or else handshake termination will be requested. The
+ * handshake may continue anyway if SSL_VERIFY_NONE is in effect.
+ */
+int SSL_enable_ct(SSL *s, int validation_mode);
+int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode);
+
+/*
+ * Report whether a non-NULL callback is enabled.
+ */
+int SSL_ct_is_enabled(const SSL *s);
+int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx);
+
+/* Gets the SCTs received from a connection */
+const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s);
+
+/*
+ * Loads the CT log list from the default location.
+ * If a CTLOG_STORE has previously been set using SSL_CTX_set_ctlog_store,
+ * the log information loaded from this file will be appended to the
+ * CTLOG_STORE.
+ * Returns 1 on success, 0 otherwise.
+ */
+int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx);
+
+/*
+ * Loads the CT log list from the specified file path.
+ * If a CTLOG_STORE has previously been set using SSL_CTX_set_ctlog_store,
+ * the log information loaded from this file will be appended to the
+ * CTLOG_STORE.
+ * Returns 1 on success, 0 otherwise.
+ */
+int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path);
+
+/*
+ * Sets the CT log list used by all SSL connections created from this SSL_CTX.
+ * Ownership of the CTLOG_STORE is transferred to the SSL_CTX.
+ */
+void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE *logs);
+
+/*
+ * Gets the CT log list used by all SSL connections created from this SSL_CTX.
+ * This will be NULL unless one of the following functions has been called:
+ * - SSL_CTX_set_default_ctlog_list_file
+ * - SSL_CTX_set_ctlog_list_file
+ * - SSL_CTX_set_ctlog_store
+ */
+const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx);
+
+# endif /* OPENSSL_NO_CT */
+
+/* What the "other" parameter contains in security callback */
+/* Mask for type */
+# define SSL_SECOP_OTHER_TYPE 0xffff0000
+# define SSL_SECOP_OTHER_NONE 0
+# define SSL_SECOP_OTHER_CIPHER (1 << 16)
+# define SSL_SECOP_OTHER_CURVE (2 << 16)
+# define SSL_SECOP_OTHER_DH (3 << 16)
+# define SSL_SECOP_OTHER_PKEY (4 << 16)
+# define SSL_SECOP_OTHER_SIGALG (5 << 16)
+# define SSL_SECOP_OTHER_CERT (6 << 16)
+
+/* Indicated operation refers to peer key or certificate */
+# define SSL_SECOP_PEER 0x1000
+
+/* Values for "op" parameter in security callback */
+
+/* Called to filter ciphers */
+/* Ciphers client supports */
+# define SSL_SECOP_CIPHER_SUPPORTED (1 | SSL_SECOP_OTHER_CIPHER)
+/* Cipher shared by client/server */
+# define SSL_SECOP_CIPHER_SHARED (2 | SSL_SECOP_OTHER_CIPHER)
+/* Sanity check of cipher server selects */
+# define SSL_SECOP_CIPHER_CHECK (3 | SSL_SECOP_OTHER_CIPHER)
+/* Curves supported by client */
+# define SSL_SECOP_CURVE_SUPPORTED (4 | SSL_SECOP_OTHER_CURVE)
+/* Curves shared by client/server */
+# define SSL_SECOP_CURVE_SHARED (5 | SSL_SECOP_OTHER_CURVE)
+/* Sanity check of curve server selects */
+# define SSL_SECOP_CURVE_CHECK (6 | SSL_SECOP_OTHER_CURVE)
+/* Temporary DH key */
+# define SSL_SECOP_TMP_DH (7 | SSL_SECOP_OTHER_PKEY)
+/* SSL/TLS version */
+# define SSL_SECOP_VERSION (9 | SSL_SECOP_OTHER_NONE)
+/* Session tickets */
+# define SSL_SECOP_TICKET (10 | SSL_SECOP_OTHER_NONE)
+/* Supported signature algorithms sent to peer */
+# define SSL_SECOP_SIGALG_SUPPORTED (11 | SSL_SECOP_OTHER_SIGALG)
+/* Shared signature algorithm */
+# define SSL_SECOP_SIGALG_SHARED (12 | SSL_SECOP_OTHER_SIGALG)
+/* Sanity check signature algorithm allowed */
+# define SSL_SECOP_SIGALG_CHECK (13 | SSL_SECOP_OTHER_SIGALG)
+/* Used to get mask of supported public key signature algorithms */
+# define SSL_SECOP_SIGALG_MASK (14 | SSL_SECOP_OTHER_SIGALG)
+/* Use to see if compression is allowed */
+# define SSL_SECOP_COMPRESSION (15 | SSL_SECOP_OTHER_NONE)
+/* EE key in certificate */
+# define SSL_SECOP_EE_KEY (16 | SSL_SECOP_OTHER_CERT)
+/* CA key in certificate */
+# define SSL_SECOP_CA_KEY (17 | SSL_SECOP_OTHER_CERT)
+/* CA digest algorithm in certificate */
+# define SSL_SECOP_CA_MD (18 | SSL_SECOP_OTHER_CERT)
+/* Peer EE key in certificate */
+# define SSL_SECOP_PEER_EE_KEY (SSL_SECOP_EE_KEY | SSL_SECOP_PEER)
+/* Peer CA key in certificate */
+# define SSL_SECOP_PEER_CA_KEY (SSL_SECOP_CA_KEY | SSL_SECOP_PEER)
+/* Peer CA digest algorithm in certificate */
+# define SSL_SECOP_PEER_CA_MD (SSL_SECOP_CA_MD | SSL_SECOP_PEER)
+
+void SSL_set_security_level(SSL *s, int level);
+__owur int SSL_get_security_level(const SSL *s);
+void SSL_set_security_callback(SSL *s,
+ int (*cb) (const SSL *s, const SSL_CTX *ctx,
+ int op, int bits, int nid,
+ void *other, void *ex));
+int (*SSL_get_security_callback(const SSL *s)) (const SSL *s,
+ const SSL_CTX *ctx, int op,
+ int bits, int nid, void *other,
+ void *ex);
+void SSL_set0_security_ex_data(SSL *s, void *ex);
+__owur void *SSL_get0_security_ex_data(const SSL *s);
+
+void SSL_CTX_set_security_level(SSL_CTX *ctx, int level);
+__owur int SSL_CTX_get_security_level(const SSL_CTX *ctx);
+void SSL_CTX_set_security_callback(SSL_CTX *ctx,
+ int (*cb) (const SSL *s, const SSL_CTX *ctx,
+ int op, int bits, int nid,
+ void *other, void *ex));
+int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s,
+ const SSL_CTX *ctx,
+ int op, int bits,
+ int nid,
+ void *other,
+ void *ex);
+void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex);
+__owur void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx);
+
+/* OPENSSL_INIT flag 0x010000 reserved for internal use */
+# define OPENSSL_INIT_NO_LOAD_SSL_STRINGS 0x00100000L
+# define OPENSSL_INIT_LOAD_SSL_STRINGS 0x00200000L
+
+# define OPENSSL_INIT_SSL_DEFAULT \
+ (OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS)
+
+int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
+
+# ifndef OPENSSL_NO_UNIT_TEST
+__owur const struct openssl_ssl_test_functions *SSL_test_functions(void);
+# endif
+
+__owur int SSL_free_buffers(SSL *ssl);
+__owur int SSL_alloc_buffers(SSL *ssl);
+
+/* Status codes passed to the decrypt session ticket callback. Some of these
+ * are for internal use only and are never passed to the callback. */
+typedef int SSL_TICKET_STATUS;
+
+/* Support for ticket appdata */
+/* fatal error, malloc failure */
+# define SSL_TICKET_FATAL_ERR_MALLOC 0
+/* fatal error, either from parsing or decrypting the ticket */
+# define SSL_TICKET_FATAL_ERR_OTHER 1
+/* No ticket present */
+# define SSL_TICKET_NONE 2
+/* Empty ticket present */
+# define SSL_TICKET_EMPTY 3
+/* the ticket couldn't be decrypted */
+# define SSL_TICKET_NO_DECRYPT 4
+/* a ticket was successfully decrypted */
+# define SSL_TICKET_SUCCESS 5
+/* same as above but the ticket needs to be renewed */
+# define SSL_TICKET_SUCCESS_RENEW 6
+
+/* Return codes for the decrypt session ticket callback */
+typedef int SSL_TICKET_RETURN;
+
+/* An error occurred */
+#define SSL_TICKET_RETURN_ABORT 0
+/* Do not use the ticket, do not send a renewed ticket to the client */
+#define SSL_TICKET_RETURN_IGNORE 1
+/* Do not use the ticket, send a renewed ticket to the client */
+#define SSL_TICKET_RETURN_IGNORE_RENEW 2
+/* Use the ticket, do not send a renewed ticket to the client */
+#define SSL_TICKET_RETURN_USE 3
+/* Use the ticket, send a renewed ticket to the client */
+#define SSL_TICKET_RETURN_USE_RENEW 4
+
+typedef int (*SSL_CTX_generate_session_ticket_fn)(SSL *s, void *arg);
+typedef SSL_TICKET_RETURN (*SSL_CTX_decrypt_session_ticket_fn)(SSL *s, SSL_SESSION *ss,
+ const unsigned char *keyname,
+ size_t keyname_length,
+ SSL_TICKET_STATUS status,
+ void *arg);
+int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx,
+ SSL_CTX_generate_session_ticket_fn gen_cb,
+ SSL_CTX_decrypt_session_ticket_fn dec_cb,
+ void *arg);
+int SSL_SESSION_set1_ticket_appdata(SSL_SESSION *ss, const void *data, size_t len);
+int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len);
+
+extern const char SSL_version_str[];
+
+typedef unsigned int (*DTLS_timer_cb)(SSL *s, unsigned int timer_us);
+
+void DTLS_set_timer_cb(SSL *s, DTLS_timer_cb cb);
+
+
+typedef int (*SSL_allow_early_data_cb_fn)(SSL *s, void *arg);
+void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx,
+ SSL_allow_early_data_cb_fn cb,
+ void *arg);
+void SSL_set_allow_early_data_cb(SSL *s,
+ SSL_allow_early_data_cb_fn cb,
+ void *arg);
+
+# ifdef __cplusplus
+}
+# endif
+#endif
Index: sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/ssl/record/rec_layer_s3.c
===================================================================
--- sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/ssl/record/rec_layer_s3.c (nonexistent)
+++ sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/ssl/record/rec_layer_s3.c (revision 420)
@@ -0,0 +1,1807 @@
+/*
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <limits.h>
+#include <errno.h>
+#include "../ssl_local.h"
+#include <openssl/evp.h>
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include "record_local.h"
+#include "../packet_local.h"
+#include "internal/cryptlib.h"
+
+#if defined(OPENSSL_SMALL_FOOTPRINT) || \
+ !( defined(AESNI_ASM) && ( \
+ defined(__x86_64) || defined(__x86_64__) || \
+ defined(_M_AMD64) || defined(_M_X64) ) \
+ )
+# undef EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
+# define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0
+#endif
+
+void RECORD_LAYER_init(RECORD_LAYER *rl, SSL *s)
+{
+ rl->s = s;
+ RECORD_LAYER_set_first_record(&s->rlayer);
+ SSL3_RECORD_clear(rl->rrec, SSL_MAX_PIPELINES);
+}
+
+void RECORD_LAYER_clear(RECORD_LAYER *rl)
+{
+ rl->rstate = SSL_ST_READ_HEADER;
+
+ /*
+ * Do I need to clear read_ahead? As far as I can tell read_ahead did not
+ * previously get reset by SSL_clear...so I'll keep it that way..but is
+ * that right?
+ */
+
+ rl->packet = NULL;
+ rl->packet_length = 0;
+ rl->wnum = 0;
+ memset(rl->handshake_fragment, 0, sizeof(rl->handshake_fragment));
+ rl->handshake_fragment_len = 0;
+ rl->wpend_tot = 0;
+ rl->wpend_type = 0;
+ rl->wpend_ret = 0;
+ rl->wpend_buf = NULL;
+
+ SSL3_BUFFER_clear(&rl->rbuf);
+ ssl3_release_write_buffer(rl->s);
+ rl->numrpipes = 0;
+ SSL3_RECORD_clear(rl->rrec, SSL_MAX_PIPELINES);
+
+ RECORD_LAYER_reset_read_sequence(rl);
+ RECORD_LAYER_reset_write_sequence(rl);
+
+ if (rl->d)
+ DTLS_RECORD_LAYER_clear(rl);
+}
+
+void RECORD_LAYER_release(RECORD_LAYER *rl)
+{
+ if (SSL3_BUFFER_is_initialised(&rl->rbuf))
+ ssl3_release_read_buffer(rl->s);
+ if (rl->numwpipes > 0)
+ ssl3_release_write_buffer(rl->s);
+ SSL3_RECORD_release(rl->rrec, SSL_MAX_PIPELINES);
+}
+
+/* Checks if we have unprocessed read ahead data pending */
+int RECORD_LAYER_read_pending(const RECORD_LAYER *rl)
+{
+ return SSL3_BUFFER_get_left(&rl->rbuf) != 0;
+}
+
+int RECORD_LAYER_data_present(const RECORD_LAYER *rl)
+{
+ if (rl->rstate == SSL_ST_READ_BODY)
+ return 1;
+ if (RECORD_LAYER_processed_read_pending(rl))
+ return 1;
+ return 0;
+}
+
+/* Checks if we have decrypted unread record data pending */
+int RECORD_LAYER_processed_read_pending(const RECORD_LAYER *rl)
+{
+ size_t curr_rec = 0, num_recs = RECORD_LAYER_get_numrpipes(rl);
+ const SSL3_RECORD *rr = rl->rrec;
+
+ while (curr_rec < num_recs && SSL3_RECORD_is_read(&rr[curr_rec]))
+ curr_rec++;
+
+ return curr_rec < num_recs;
+}
+
+int RECORD_LAYER_write_pending(const RECORD_LAYER *rl)
+{
+ return (rl->numwpipes > 0)
+ && SSL3_BUFFER_get_left(&rl->wbuf[rl->numwpipes - 1]) != 0;
+}
+
+void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl)
+{
+ memset(rl->read_sequence, 0, sizeof(rl->read_sequence));
+}
+
+void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl)
+{
+ memset(rl->write_sequence, 0, sizeof(rl->write_sequence));
+}
+
+size_t ssl3_pending(const SSL *s)
+{
+ size_t i, num = 0;
+
+ if (s->rlayer.rstate == SSL_ST_READ_BODY)
+ return 0;
+
+ /* Take into account DTLS buffered app data */
+ if (SSL_IS_DTLS(s)) {
+ DTLS1_RECORD_DATA *rdata;
+ pitem *item, *iter;
+
+ iter = pqueue_iterator(s->rlayer.d->buffered_app_data.q);
+ while ((item = pqueue_next(&iter)) != NULL) {
+ rdata = item->data;
+ num += rdata->rrec.length;
+ }
+ }
+
+ for (i = 0; i < RECORD_LAYER_get_numrpipes(&s->rlayer); i++) {
+ if (SSL3_RECORD_get_type(&s->rlayer.rrec[i])
+ != SSL3_RT_APPLICATION_DATA)
+ return num;
+ num += SSL3_RECORD_get_length(&s->rlayer.rrec[i]);
+ }
+
+ return num;
+}
+
+void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len)
+{
+ ctx->default_read_buf_len = len;
+}
+
+void SSL_set_default_read_buffer_len(SSL *s, size_t len)
+{
+ SSL3_BUFFER_set_default_len(RECORD_LAYER_get_rbuf(&s->rlayer), len);
+}
+
+const char *SSL_rstate_string_long(const SSL *s)
+{
+ switch (s->rlayer.rstate) {
+ case SSL_ST_READ_HEADER:
+ return "read header";
+ case SSL_ST_READ_BODY:
+ return "read body";
+ case SSL_ST_READ_DONE:
+ return "read done";
+ default:
+ return "unknown";
+ }
+}
+
+const char *SSL_rstate_string(const SSL *s)
+{
+ switch (s->rlayer.rstate) {
+ case SSL_ST_READ_HEADER:
+ return "RH";
+ case SSL_ST_READ_BODY:
+ return "RB";
+ case SSL_ST_READ_DONE:
+ return "RD";
+ default:
+ return "unknown";
+ }
+}
+
+/*
+ * Return values are as per SSL_read()
+ */
+int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold,
+ size_t *readbytes)
+{
+ /*
+ * If extend == 0, obtain new n-byte packet; if extend == 1, increase
+ * packet by another n bytes. The packet will be in the sub-array of
+ * s->rlayer.rbuf.buf specified by s->rlayer.packet and
+ * s->rlayer.packet_length. (If s->rlayer.read_ahead is set, 'max' bytes may
+ * be stored in rbuf [plus s->rlayer.packet_length bytes if extend == 1].)
+ * if clearold == 1, move the packet to the start of the buffer; if
+ * clearold == 0 then leave any old packets where they were
+ */
+ size_t len, left, align = 0;
+ unsigned char *pkt;
+ SSL3_BUFFER *rb;
+
+ if (n == 0)
+ return 0;
+
+ rb = &s->rlayer.rbuf;
+ if (rb->buf == NULL)
+ if (!ssl3_setup_read_buffer(s)) {
+ /* SSLfatal() already called */
+ return -1;
+ }
+
+ left = rb->left;
+#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
+ align = (size_t)rb->buf + SSL3_RT_HEADER_LENGTH;
+ align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD);
+#endif
+
+ if (!extend) {
+ /* start with empty packet ... */
+ if (left == 0)
+ rb->offset = align;
+ else if (align != 0 && left >= SSL3_RT_HEADER_LENGTH) {
+ /*
+ * check if next packet length is large enough to justify payload
+ * alignment...
+ */
+ pkt = rb->buf + rb->offset;
+ if (pkt[0] == SSL3_RT_APPLICATION_DATA
+ && (pkt[3] << 8 | pkt[4]) >= 128) {
+ /*
+ * Note that even if packet is corrupted and its length field
+ * is insane, we can only be led to wrong decision about
+ * whether memmove will occur or not. Header values has no
+ * effect on memmove arguments and therefore no buffer
+ * overrun can be triggered.
+ */
+ memmove(rb->buf + align, pkt, left);
+ rb->offset = align;
+ }
+ }
+ s->rlayer.packet = rb->buf + rb->offset;
+ s->rlayer.packet_length = 0;
+ /* ... now we can act as if 'extend' was set */
+ }
+
+ len = s->rlayer.packet_length;
+ pkt = rb->buf + align;
+ /*
+ * Move any available bytes to front of buffer: 'len' bytes already
+ * pointed to by 'packet', 'left' extra ones at the end
+ */
+ if (s->rlayer.packet != pkt && clearold == 1) {
+ memmove(pkt, s->rlayer.packet, len + left);
+ s->rlayer.packet = pkt;
+ rb->offset = len + align;
+ }
+
+ /*
+ * For DTLS/UDP reads should not span multiple packets because the read
+ * operation returns the whole packet at once (as long as it fits into
+ * the buffer).
+ */
+ if (SSL_IS_DTLS(s)) {
+ if (left == 0 && extend)
+ return 0;
+ if (left > 0 && n > left)
+ n = left;
+ }
+
+ /* if there is enough in the buffer from a previous read, take some */
+ if (left >= n) {
+ s->rlayer.packet_length += n;
+ rb->left = left - n;
+ rb->offset += n;
+ *readbytes = n;
+ return 1;
+ }
+
+ /* else we need to read more data */
+
+ if (n > rb->len - rb->offset) {
+ /* does not happen */
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_N,
+ ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
+
+ /* We always act like read_ahead is set for DTLS */
+ if (!s->rlayer.read_ahead && !SSL_IS_DTLS(s))
+ /* ignore max parameter */
+ max = n;
+ else {
+ if (max < n)
+ max = n;
+ if (max > rb->len - rb->offset)
+ max = rb->len - rb->offset;
+ }
+
+ while (left < n) {
+ size_t bioread = 0;
+ int ret;
+
+ /*
+ * Now we have len+left bytes at the front of s->s3->rbuf.buf and
+ * need to read in more until we have len+n (up to len+max if
+ * possible)
+ */
+
+ clear_sys_error();
+ if (s->rbio != NULL) {
+ s->rwstate = SSL_READING;
+ /* TODO(size_t): Convert this function */
+ ret = BIO_read(s->rbio, pkt + len + left, max - left);
+ if (ret >= 0)
+ bioread = ret;
+ } else {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_N,
+ SSL_R_READ_BIO_NOT_SET);
+ ret = -1;
+ }
+
+ if (ret <= 0) {
+ rb->left = left;
+ if (s->mode & SSL_MODE_RELEASE_BUFFERS && !SSL_IS_DTLS(s))
+ if (len + left == 0)
+ ssl3_release_read_buffer(s);
+ return ret;
+ }
+ left += bioread;
+ /*
+ * reads should *never* span multiple packets for DTLS because the
+ * underlying transport protocol is message oriented as opposed to
+ * byte oriented as in the TLS case.
+ */
+ if (SSL_IS_DTLS(s)) {
+ if (n > left)
+ n = left; /* makes the while condition false */
+ }
+ }
+
+ /* done reading, now the book-keeping */
+ rb->offset += n;
+ rb->left = left - n;
+ s->rlayer.packet_length += n;
+ s->rwstate = SSL_NOTHING;
+ *readbytes = n;
+ return 1;
+}
+
+/*
+ * Call this to write data in records of type 'type' It will return <= 0 if
+ * not all data has been sent or non-blocking IO.
+ */
+int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
+ size_t *written)
+{
+ const unsigned char *buf = buf_;
+ size_t tot;
+ size_t n, max_send_fragment, split_send_fragment, maxpipes;
+#if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
+ size_t nw;
+#endif
+ SSL3_BUFFER *wb = &s->rlayer.wbuf[0];
+ int i;
+ size_t tmpwrit;
+
+ s->rwstate = SSL_NOTHING;
+ tot = s->rlayer.wnum;
+ /*
+ * ensure that if we end up with a smaller value of data to write out
+ * than the original len from a write which didn't complete for
+ * non-blocking I/O and also somehow ended up avoiding the check for
+ * this in ssl3_write_pending/SSL_R_BAD_WRITE_RETRY as it must never be
+ * possible to end up with (len-tot) as a large number that will then
+ * promptly send beyond the end of the users buffer ... so we trap and
+ * report the error in a way the user will notice
+ */
+ if ((len < s->rlayer.wnum)
+ || ((wb->left != 0) && (len < (s->rlayer.wnum + s->rlayer.wpend_tot)))) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_WRITE_BYTES,
+ SSL_R_BAD_LENGTH);
+ return -1;
+ }
+
+ if (s->early_data_state == SSL_EARLY_DATA_WRITING
+ && !early_data_count_ok(s, len, 0, 1)) {
+ /* SSLfatal() already called */
+ return -1;
+ }
+
+ s->rlayer.wnum = 0;
+
+ /*
+ * If we are supposed to be sending a KeyUpdate then go into init unless we
+ * have writes pending - in which case we should finish doing that first.
+ */
+ if (wb->left == 0 && s->key_update != SSL_KEY_UPDATE_NONE)
+ ossl_statem_set_in_init(s, 1);
+
+ /*
+ * When writing early data on the server side we could be "in_init" in
+ * between receiving the EoED and the CF - but we don't want to handle those
+ * messages yet.
+ */
+ if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s)
+ && s->early_data_state != SSL_EARLY_DATA_UNAUTH_WRITING) {
+ i = s->handshake_func(s);
+ /* SSLfatal() already called */
+ if (i < 0)
+ return i;
+ if (i == 0) {
+ return -1;
+ }
+ }
+
+ /*
+ * first check if there is a SSL3_BUFFER still being written out. This
+ * will happen with non blocking IO
+ */
+ if (wb->left != 0) {
+ /* SSLfatal() already called if appropriate */
+ i = ssl3_write_pending(s, type, &buf[tot], s->rlayer.wpend_tot,
+ &tmpwrit);
+ if (i <= 0) {
+ /* XXX should we ssl3_release_write_buffer if i<0? */
+ s->rlayer.wnum = tot;
+ return i;
+ }
+ tot += tmpwrit; /* this might be last fragment */
+ }
+#if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
+ /*
+ * Depending on platform multi-block can deliver several *times*
+ * better performance. Downside is that it has to allocate
+ * jumbo buffer to accommodate up to 8 records, but the
+ * compromise is considered worthy.
+ */
+ if (type == SSL3_RT_APPLICATION_DATA &&
+ len >= 4 * (max_send_fragment = ssl_get_max_send_fragment(s)) &&
+ s->compress == NULL && s->msg_callback == NULL &&
+ !SSL_WRITE_ETM(s) && SSL_USE_EXPLICIT_IV(s) &&
+ EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_write_ctx)) &
+ EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) {
+ unsigned char aad[13];
+ EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param;
+ size_t packlen;
+ int packleni;
+
+ /* minimize address aliasing conflicts */
+ if ((max_send_fragment & 0xfff) == 0)
+ max_send_fragment -= 512;
+
+ if (tot == 0 || wb->buf == NULL) { /* allocate jumbo buffer */
+ ssl3_release_write_buffer(s);
+
+ packlen = EVP_CIPHER_CTX_ctrl(s->enc_write_ctx,
+ EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE,
+ (int)max_send_fragment, NULL);
+
+ if (len >= 8 * max_send_fragment)
+ packlen *= 8;
+ else
+ packlen *= 4;
+
+ if (!ssl3_setup_write_buffer(s, 1, packlen)) {
+ /* SSLfatal() already called */
+ return -1;
+ }
+ } else if (tot == len) { /* done? */
+ /* free jumbo buffer */
+ ssl3_release_write_buffer(s);
+ *written = tot;
+ return 1;
+ }
+
+ n = (len - tot);
+ for (;;) {
+ if (n < 4 * max_send_fragment) {
+ /* free jumbo buffer */
+ ssl3_release_write_buffer(s);
+ break;
+ }
+
+ if (s->s3->alert_dispatch) {
+ i = s->method->ssl_dispatch_alert(s);
+ if (i <= 0) {
+ /* SSLfatal() already called if appropriate */
+ s->rlayer.wnum = tot;
+ return i;
+ }
+ }
+
+ if (n >= 8 * max_send_fragment)
+ nw = max_send_fragment * (mb_param.interleave = 8);
+ else
+ nw = max_send_fragment * (mb_param.interleave = 4);
+
+ memcpy(aad, s->rlayer.write_sequence, 8);
+ aad[8] = type;
+ aad[9] = (unsigned char)(s->version >> 8);
+ aad[10] = (unsigned char)(s->version);
+ aad[11] = 0;
+ aad[12] = 0;
+ mb_param.out = NULL;
+ mb_param.inp = aad;
+ mb_param.len = nw;
+
+ packleni = EVP_CIPHER_CTX_ctrl(s->enc_write_ctx,
+ EVP_CTRL_TLS1_1_MULTIBLOCK_AAD,
+ sizeof(mb_param), &mb_param);
+ packlen = (size_t)packleni;
+ if (packleni <= 0 || packlen > wb->len) { /* never happens */
+ /* free jumbo buffer */
+ ssl3_release_write_buffer(s);
+ break;
+ }
+
+ mb_param.out = wb->buf;
+ mb_param.inp = &buf[tot];
+ mb_param.len = nw;
+
+ if (EVP_CIPHER_CTX_ctrl(s->enc_write_ctx,
+ EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT,
+ sizeof(mb_param), &mb_param) <= 0)
+ return -1;
+
+ s->rlayer.write_sequence[7] += mb_param.interleave;
+ if (s->rlayer.write_sequence[7] < mb_param.interleave) {
+ int j = 6;
+ while (j >= 0 && (++s->rlayer.write_sequence[j--]) == 0) ;
+ }
+
+ wb->offset = 0;
+ wb->left = packlen;
+
+ s->rlayer.wpend_tot = nw;
+ s->rlayer.wpend_buf = &buf[tot];
+ s->rlayer.wpend_type = type;
+ s->rlayer.wpend_ret = nw;
+
+ i = ssl3_write_pending(s, type, &buf[tot], nw, &tmpwrit);
+ if (i <= 0) {
+ /* SSLfatal() already called if appropriate */
+ if (i < 0 && (!s->wbio || !BIO_should_retry(s->wbio))) {
+ /* free jumbo buffer */
+ ssl3_release_write_buffer(s);
+ }
+ s->rlayer.wnum = tot;
+ return i;
+ }
+ if (tmpwrit == n) {
+ /* free jumbo buffer */
+ ssl3_release_write_buffer(s);
+ *written = tot + tmpwrit;
+ return 1;
+ }
+ n -= tmpwrit;
+ tot += tmpwrit;
+ }
+ } else
+#endif /* !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK */
+ if (tot == len) { /* done? */
+ if (s->mode & SSL_MODE_RELEASE_BUFFERS && !SSL_IS_DTLS(s))
+ ssl3_release_write_buffer(s);
+
+ *written = tot;
+ return 1;
+ }
+
+ n = (len - tot);
+
+ max_send_fragment = ssl_get_max_send_fragment(s);
+ split_send_fragment = ssl_get_split_send_fragment(s);
+ /*
+ * If max_pipelines is 0 then this means "undefined" and we default to
+ * 1 pipeline. Similarly if the cipher does not support pipelined
+ * processing then we also only use 1 pipeline, or if we're not using
+ * explicit IVs
+ */
+ maxpipes = s->max_pipelines;
+ if (maxpipes > SSL_MAX_PIPELINES) {
+ /*
+ * We should have prevented this when we set max_pipelines so we
+ * shouldn't get here
+ */
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_WRITE_BYTES,
+ ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
+ if (maxpipes == 0
+ || s->enc_write_ctx == NULL
+ || !(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_write_ctx))
+ & EVP_CIPH_FLAG_PIPELINE)
+ || !SSL_USE_EXPLICIT_IV(s))
+ maxpipes = 1;
+ if (max_send_fragment == 0 || split_send_fragment == 0
+ || split_send_fragment > max_send_fragment) {
+ /*
+ * We should have prevented this when we set/get the split and max send
+ * fragments so we shouldn't get here
+ */
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_WRITE_BYTES,
+ ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
+
+ for (;;) {
+ size_t pipelens[SSL_MAX_PIPELINES], tmppipelen, remain;
+ size_t numpipes, j;
+
+ if (n == 0)
+ numpipes = 1;
+ else
+ numpipes = ((n - 1) / split_send_fragment) + 1;
+ if (numpipes > maxpipes)
+ numpipes = maxpipes;
+
+ if (n / numpipes >= max_send_fragment) {
+ /*
+ * We have enough data to completely fill all available
+ * pipelines
+ */
+ for (j = 0; j < numpipes; j++) {
+ pipelens[j] = max_send_fragment;
+ }
+ } else {
+ /* We can partially fill all available pipelines */
+ tmppipelen = n / numpipes;
+ remain = n % numpipes;
+ for (j = 0; j < numpipes; j++) {
+ pipelens[j] = tmppipelen;
+ if (j < remain)
+ pipelens[j]++;
+ }
+ }
+
+ i = do_ssl3_write(s, type, &(buf[tot]), pipelens, numpipes, 0,
+ &tmpwrit);
+ if (i <= 0) {
+ /* SSLfatal() already called if appropriate */
+ /* XXX should we ssl3_release_write_buffer if i<0? */
+ s->rlayer.wnum = tot;
+ return i;
+ }
+
+ if (tmpwrit == n ||
+ (type == SSL3_RT_APPLICATION_DATA &&
+ (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) {
+ /*
+ * next chunk of data should get another prepended empty fragment
+ * in ciphersuites with known-IV weakness:
+ */
+ s->s3->empty_fragment_done = 0;
+
+ if (tmpwrit == n
+ && (s->mode & SSL_MODE_RELEASE_BUFFERS) != 0
+ && !SSL_IS_DTLS(s))
+ ssl3_release_write_buffer(s);
+
+ *written = tot + tmpwrit;
+ return 1;
+ }
+
+ n -= tmpwrit;
+ tot += tmpwrit;
+ }
+}
+
+int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+ size_t *pipelens, size_t numpipes,
+ int create_empty_fragment, size_t *written)
+{
+ WPACKET pkt[SSL_MAX_PIPELINES];
+ SSL3_RECORD wr[SSL_MAX_PIPELINES];
+ WPACKET *thispkt;
+ SSL3_RECORD *thiswr;
+ unsigned char *recordstart;
+ int i, mac_size, clear = 0;
+ size_t prefix_len = 0;
+ int eivlen = 0;
+ size_t align = 0;
+ SSL3_BUFFER *wb;
+ SSL_SESSION *sess;
+ size_t totlen = 0, len, wpinited = 0;
+ size_t j;
+
+ for (j = 0; j < numpipes; j++)
+ totlen += pipelens[j];
+ /*
+ * first check if there is a SSL3_BUFFER still being written out. This
+ * will happen with non blocking IO
+ */
+ if (RECORD_LAYER_write_pending(&s->rlayer)) {
+ /* Calls SSLfatal() as required */
+ return ssl3_write_pending(s, type, buf, totlen, written);
+ }
+
+ /* If we have an alert to send, lets send it */
+ if (s->s3->alert_dispatch) {
+ i = s->method->ssl_dispatch_alert(s);
+ if (i <= 0) {
+ /* SSLfatal() already called if appropriate */
+ return i;
+ }
+ /* if it went, fall through and send more stuff */
+ }
+
+ if (s->rlayer.numwpipes < numpipes) {
+ if (!ssl3_setup_write_buffer(s, numpipes, 0)) {
+ /* SSLfatal() already called */
+ return -1;
+ }
+ }
+
+ if (totlen == 0 && !create_empty_fragment)
+ return 0;
+
+ sess = s->session;
+
+ if ((sess == NULL) ||
+ (s->enc_write_ctx == NULL) || (EVP_MD_CTX_md(s->write_hash) == NULL)) {
+ clear = s->enc_write_ctx ? 0 : 1; /* must be AEAD cipher */
+ mac_size = 0;
+ } else {
+ /* TODO(siz_t): Convert me */
+ mac_size = EVP_MD_CTX_size(s->write_hash);
+ if (mac_size < 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ }
+
+ /*
+ * 'create_empty_fragment' is true only when this function calls itself
+ */
+ if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done) {
+ /*
+ * countermeasure against known-IV weakness in CBC ciphersuites (see
+ * http://www.openssl.org/~bodo/tls-cbc.txt)
+ */
+
+ if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA) {
+ /*
+ * recursive function call with 'create_empty_fragment' set; this
+ * prepares and buffers the data for an empty fragment (these
+ * 'prefix_len' bytes are sent out later together with the actual
+ * payload)
+ */
+ size_t tmppipelen = 0;
+ int ret;
+
+ ret = do_ssl3_write(s, type, buf, &tmppipelen, 1, 1, &prefix_len);
+ if (ret <= 0) {
+ /* SSLfatal() already called if appropriate */
+ goto err;
+ }
+
+ if (prefix_len >
+ (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) {
+ /* insufficient space */
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ }
+
+ s->s3->empty_fragment_done = 1;
+ }
+
+ if (create_empty_fragment) {
+ wb = &s->rlayer.wbuf[0];
+#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
+ /*
+ * extra fragment would be couple of cipher blocks, which would be
+ * multiple of SSL3_ALIGN_PAYLOAD, so if we want to align the real
+ * payload, then we can just pretend we simply have two headers.
+ */
+ align = (size_t)SSL3_BUFFER_get_buf(wb) + 2 * SSL3_RT_HEADER_LENGTH;
+ align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD);
+#endif
+ SSL3_BUFFER_set_offset(wb, align);
+ if (!WPACKET_init_static_len(&pkt[0], SSL3_BUFFER_get_buf(wb),
+ SSL3_BUFFER_get_len(wb), 0)
+ || !WPACKET_allocate_bytes(&pkt[0], align, NULL)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ wpinited = 1;
+ } else if (prefix_len) {
+ wb = &s->rlayer.wbuf[0];
+ if (!WPACKET_init_static_len(&pkt[0],
+ SSL3_BUFFER_get_buf(wb),
+ SSL3_BUFFER_get_len(wb), 0)
+ || !WPACKET_allocate_bytes(&pkt[0], SSL3_BUFFER_get_offset(wb)
+ + prefix_len, NULL)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ wpinited = 1;
+ } else {
+ for (j = 0; j < numpipes; j++) {
+ thispkt = &pkt[j];
+
+ wb = &s->rlayer.wbuf[j];
+#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD != 0
+ align = (size_t)SSL3_BUFFER_get_buf(wb) + SSL3_RT_HEADER_LENGTH;
+ align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD);
+#endif
+ SSL3_BUFFER_set_offset(wb, align);
+ if (!WPACKET_init_static_len(thispkt, SSL3_BUFFER_get_buf(wb),
+ SSL3_BUFFER_get_len(wb), 0)
+ || !WPACKET_allocate_bytes(thispkt, align, NULL)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ wpinited++;
+ }
+ }
+
+ /* Explicit IV length, block ciphers appropriate version flag */
+ if (s->enc_write_ctx && SSL_USE_EXPLICIT_IV(s) && !SSL_TREAT_AS_TLS13(s)) {
+ int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx);
+ if (mode == EVP_CIPH_CBC_MODE) {
+ /* TODO(size_t): Convert me */
+ eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx);
+ if (eivlen <= 1)
+ eivlen = 0;
+ } else if (mode == EVP_CIPH_GCM_MODE) {
+ /* Need explicit part of IV for GCM mode */
+ eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN;
+ } else if (mode == EVP_CIPH_CCM_MODE) {
+ eivlen = EVP_CCM_TLS_EXPLICIT_IV_LEN;
+ }
+ }
+
+ totlen = 0;
+ /* Clear our SSL3_RECORD structures */
+ memset(wr, 0, sizeof(wr));
+ for (j = 0; j < numpipes; j++) {
+ unsigned int version = (s->version == TLS1_3_VERSION) ? TLS1_2_VERSION
+ : s->version;
+ unsigned char *compressdata = NULL;
+ size_t maxcomplen;
+ unsigned int rectype;
+
+ thispkt = &pkt[j];
+ thiswr = &wr[j];
+
+ /*
+ * In TLSv1.3, once encrypting, we always use application data for the
+ * record type
+ */
+ if (SSL_TREAT_AS_TLS13(s)
+ && s->enc_write_ctx != NULL
+ && (s->statem.enc_write_state != ENC_WRITE_STATE_WRITE_PLAIN_ALERTS
+ || type != SSL3_RT_ALERT))
+ rectype = SSL3_RT_APPLICATION_DATA;
+ else
+ rectype = type;
+ SSL3_RECORD_set_type(thiswr, rectype);
+
+ /*
+ * Some servers hang if initial client hello is larger than 256 bytes
+ * and record version number > TLS 1.0
+ */
+ if (SSL_get_state(s) == TLS_ST_CW_CLNT_HELLO
+ && !s->renegotiate
+ && TLS1_get_version(s) > TLS1_VERSION
+ && s->hello_retry_request == SSL_HRR_NONE)
+ version = TLS1_VERSION;
+ SSL3_RECORD_set_rec_version(thiswr, version);
+
+ maxcomplen = pipelens[j];
+ if (s->compress != NULL)
+ maxcomplen += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
+
+ /* write the header */
+ if (!WPACKET_put_bytes_u8(thispkt, rectype)
+ || !WPACKET_put_bytes_u16(thispkt, version)
+ || !WPACKET_start_sub_packet_u16(thispkt)
+ || (eivlen > 0
+ && !WPACKET_allocate_bytes(thispkt, eivlen, NULL))
+ || (maxcomplen > 0
+ && !WPACKET_reserve_bytes(thispkt, maxcomplen,
+ &compressdata))) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ /* lets setup the record stuff. */
+ SSL3_RECORD_set_data(thiswr, compressdata);
+ SSL3_RECORD_set_length(thiswr, pipelens[j]);
+ SSL3_RECORD_set_input(thiswr, (unsigned char *)&buf[totlen]);
+ totlen += pipelens[j];
+
+ /*
+ * we now 'read' from thiswr->input, thiswr->length bytes into
+ * thiswr->data
+ */
+
+ /* first we compress */
+ if (s->compress != NULL) {
+ if (!ssl3_do_compress(s, thiswr)
+ || !WPACKET_allocate_bytes(thispkt, thiswr->length, NULL)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+ SSL_R_COMPRESSION_FAILURE);
+ goto err;
+ }
+ } else {
+ if (!WPACKET_memcpy(thispkt, thiswr->input, thiswr->length)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ SSL3_RECORD_reset_input(&wr[j]);
+ }
+
+ if (SSL_TREAT_AS_TLS13(s)
+ && s->enc_write_ctx != NULL
+ && (s->statem.enc_write_state != ENC_WRITE_STATE_WRITE_PLAIN_ALERTS
+ || type != SSL3_RT_ALERT)) {
+ size_t rlen, max_send_fragment;
+
+ if (!WPACKET_put_bytes_u8(thispkt, type)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ SSL3_RECORD_add_length(thiswr, 1);
+
+ /* Add TLS1.3 padding */
+ max_send_fragment = ssl_get_max_send_fragment(s);
+ rlen = SSL3_RECORD_get_length(thiswr);
+ if (rlen < max_send_fragment) {
+ size_t padding = 0;
+ size_t max_padding = max_send_fragment - rlen;
+ if (s->record_padding_cb != NULL) {
+ padding = s->record_padding_cb(s, type, rlen, s->record_padding_arg);
+ } else if (s->block_padding > 0) {
+ size_t mask = s->block_padding - 1;
+ size_t remainder;
+
+ /* optimize for power of 2 */
+ if ((s->block_padding & mask) == 0)
+ remainder = rlen & mask;
+ else
+ remainder = rlen % s->block_padding;
+ /* don't want to add a block of padding if we don't have to */
+ if (remainder == 0)
+ padding = 0;
+ else
+ padding = s->block_padding - remainder;
+ }
+ if (padding > 0) {
+ /* do not allow the record to exceed max plaintext length */
+ if (padding > max_padding)
+ padding = max_padding;
+ if (!WPACKET_memset(thispkt, 0, padding)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ SSL3_RECORD_add_length(thiswr, padding);
+ }
+ }
+ }
+
+ /*
+ * we should still have the output to thiswr->data and the input from
+ * wr->input. Length should be thiswr->length. thiswr->data still points
+ * in the wb->buf
+ */
+
+ if (!SSL_WRITE_ETM(s) && mac_size != 0) {
+ unsigned char *mac;
+
+ if (!WPACKET_allocate_bytes(thispkt, mac_size, &mac)
+ || !s->method->ssl3_enc->mac(s, thiswr, mac, 1)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ }
+
+ /*
+ * Reserve some bytes for any growth that may occur during encryption. If
+ * we are adding the MAC independently of the cipher algorithm, then the
+ * max encrypted overhead does not need to include an allocation for that
+ * MAC
+ */
+ if (!WPACKET_reserve_bytes(thispkt,
+ SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD
+ - mac_size,
+ NULL)
+ /*
+ * We also need next the amount of bytes written to this
+ * sub-packet
+ */
+ || !WPACKET_get_length(thispkt, &len)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ /* Get a pointer to the start of this record excluding header */
+ recordstart = WPACKET_get_curr(thispkt) - len;
+
+ SSL3_RECORD_set_data(thiswr, recordstart);
+ SSL3_RECORD_reset_input(thiswr);
+ SSL3_RECORD_set_length(thiswr, len);
+ }
+
+ if (s->statem.enc_write_state == ENC_WRITE_STATE_WRITE_PLAIN_ALERTS) {
+ /*
+ * We haven't actually negotiated the version yet, but we're trying to
+ * send early data - so we need to use the tls13enc function.
+ */
+ if (tls13_enc(s, wr, numpipes, 1) < 1) {
+ if (!ossl_statem_in_error(s)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+ ERR_R_INTERNAL_ERROR);
+ }
+ goto err;
+ }
+ } else {
+ if (s->method->ssl3_enc->enc(s, wr, numpipes, 1) < 1) {
+ if (!ossl_statem_in_error(s)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+ ERR_R_INTERNAL_ERROR);
+ }
+ goto err;
+ }
+ }
+
+ for (j = 0; j < numpipes; j++) {
+ size_t origlen;
+
+ thispkt = &pkt[j];
+ thiswr = &wr[j];
+
+ /* Allocate bytes for the encryption overhead */
+ if (!WPACKET_get_length(thispkt, &origlen)
+ /* Check we allowed enough room for the encryption growth */
+ || !ossl_assert(origlen + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD
+ - mac_size >= thiswr->length)
+ /* Encryption should never shrink the data! */
+ || origlen > thiswr->length
+ || (thiswr->length > origlen
+ && !WPACKET_allocate_bytes(thispkt,
+ thiswr->length - origlen, NULL))) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ if (SSL_WRITE_ETM(s) && mac_size != 0) {
+ unsigned char *mac;
+
+ if (!WPACKET_allocate_bytes(thispkt, mac_size, &mac)
+ || !s->method->ssl3_enc->mac(s, thiswr, mac, 1)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ SSL3_RECORD_add_length(thiswr, mac_size);
+ }
+
+ if (!WPACKET_get_length(thispkt, &len)
+ || !WPACKET_close(thispkt)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ if (s->msg_callback) {
+ recordstart = WPACKET_get_curr(thispkt) - len
+ - SSL3_RT_HEADER_LENGTH;
+ s->msg_callback(1, 0, SSL3_RT_HEADER, recordstart,
+ SSL3_RT_HEADER_LENGTH, s,
+ s->msg_callback_arg);
+
+ if (SSL_TREAT_AS_TLS13(s) && s->enc_write_ctx != NULL) {
+ unsigned char ctype = type;
+
+ s->msg_callback(1, s->version, SSL3_RT_INNER_CONTENT_TYPE,
+ &ctype, 1, s, s->msg_callback_arg);
+ }
+ }
+
+ if (!WPACKET_finish(thispkt)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ /*
+ * we should now have thiswr->data pointing to the encrypted data, which
+ * is thiswr->length long
+ */
+ SSL3_RECORD_set_type(thiswr, type); /* not needed but helps for
+ * debugging */
+ SSL3_RECORD_add_length(thiswr, SSL3_RT_HEADER_LENGTH);
+
+ if (create_empty_fragment) {
+ /*
+ * we are in a recursive call; just return the length, don't write
+ * out anything here
+ */
+ if (j > 0) {
+ /* We should never be pipelining an empty fragment!! */
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ *written = SSL3_RECORD_get_length(thiswr);
+ return 1;
+ }
+
+ /* now let's set up wb */
+ SSL3_BUFFER_set_left(&s->rlayer.wbuf[j],
+ prefix_len + SSL3_RECORD_get_length(thiswr));
+ }
+
+ /*
+ * memorize arguments so that ssl3_write_pending can detect bad write
+ * retries later
+ */
+ s->rlayer.wpend_tot = totlen;
+ s->rlayer.wpend_buf = buf;
+ s->rlayer.wpend_type = type;
+ s->rlayer.wpend_ret = totlen;
+
+ /* we now just need to write the buffer */
+ return ssl3_write_pending(s, type, buf, totlen, written);
+ err:
+ for (j = 0; j < wpinited; j++)
+ WPACKET_cleanup(&pkt[j]);
+ return -1;
+}
+
+/* if s->s3->wbuf.left != 0, we need to call this
+ *
+ * Return values are as per SSL_write()
+ */
+int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len,
+ size_t *written)
+{
+ int i;
+ SSL3_BUFFER *wb = s->rlayer.wbuf;
+ size_t currbuf = 0;
+ size_t tmpwrit = 0;
+
+ if ((s->rlayer.wpend_tot > len)
+ || (!(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)
+ && (s->rlayer.wpend_buf != buf))
+ || (s->rlayer.wpend_type != type)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_WRITE_PENDING,
+ SSL_R_BAD_WRITE_RETRY);
+ return -1;
+ }
+
+ for (;;) {
+ /* Loop until we find a buffer we haven't written out yet */
+ if (SSL3_BUFFER_get_left(&wb[currbuf]) == 0
+ && currbuf < s->rlayer.numwpipes - 1) {
+ currbuf++;
+ continue;
+ }
+ clear_sys_error();
+ if (s->wbio != NULL) {
+ s->rwstate = SSL_WRITING;
+ /* TODO(size_t): Convert this call */
+ i = BIO_write(s->wbio, (char *)
+ &(SSL3_BUFFER_get_buf(&wb[currbuf])
+ [SSL3_BUFFER_get_offset(&wb[currbuf])]),
+ (unsigned int)SSL3_BUFFER_get_left(&wb[currbuf]));
+ if (i >= 0)
+ tmpwrit = i;
+ } else {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_WRITE_PENDING,
+ SSL_R_BIO_NOT_SET);
+ i = -1;
+ }
+ if (i > 0 && tmpwrit == SSL3_BUFFER_get_left(&wb[currbuf])) {
+ SSL3_BUFFER_set_left(&wb[currbuf], 0);
+ SSL3_BUFFER_add_offset(&wb[currbuf], tmpwrit);
+ if (currbuf + 1 < s->rlayer.numwpipes)
+ continue;
+ s->rwstate = SSL_NOTHING;
+ *written = s->rlayer.wpend_ret;
+ return 1;
+ } else if (i <= 0) {
+ if (SSL_IS_DTLS(s)) {
+ /*
+ * For DTLS, just drop it. That's kind of the whole point in
+ * using a datagram service
+ */
+ SSL3_BUFFER_set_left(&wb[currbuf], 0);
+ }
+ return i;
+ }
+ SSL3_BUFFER_add_offset(&wb[currbuf], tmpwrit);
+ SSL3_BUFFER_sub_left(&wb[currbuf], tmpwrit);
+ }
+}
+
+/*-
+ * Return up to 'len' payload bytes received in 'type' records.
+ * 'type' is one of the following:
+ *
+ * - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
+ * - SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)
+ * - 0 (during a shutdown, no data has to be returned)
+ *
+ * If we don't have stored data to work from, read a SSL/TLS record first
+ * (possibly multiple records if we still don't have anything to return).
+ *
+ * This function must handle any surprises the peer may have for us, such as
+ * Alert records (e.g. close_notify) or renegotiation requests. ChangeCipherSpec
+ * messages are treated as if they were handshake messages *if* the |recd_type|
+ * argument is non NULL.
+ * Also if record payloads contain fragments too small to process, we store
+ * them until there is enough for the respective protocol (the record protocol
+ * may use arbitrary fragmentation and even interleaving):
+ * Change cipher spec protocol
+ * just 1 byte needed, no need for keeping anything stored
+ * Alert protocol
+ * 2 bytes needed (AlertLevel, AlertDescription)
+ * Handshake protocol
+ * 4 bytes needed (HandshakeType, uint24 length) -- we just have
+ * to detect unexpected Client Hello and Hello Request messages
+ * here, anything else is handled by higher layers
+ * Application data protocol
+ * none of our business
+ */
+int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
+ size_t len, int peek, size_t *readbytes)
+{
+ int i, j, ret;
+ size_t n, curr_rec, num_recs, totalbytes;
+ SSL3_RECORD *rr;
+ SSL3_BUFFER *rbuf;
+ void (*cb) (const SSL *ssl, int type2, int val) = NULL;
+ int is_tls13 = SSL_IS_TLS13(s);
+
+ rbuf = &s->rlayer.rbuf;
+
+ if (!SSL3_BUFFER_is_initialised(rbuf)) {
+ /* Not initialized yet */
+ if (!ssl3_setup_read_buffer(s)) {
+ /* SSLfatal() already called */
+ return -1;
+ }
+ }
+
+ if ((type && (type != SSL3_RT_APPLICATION_DATA)
+ && (type != SSL3_RT_HANDSHAKE)) || (peek
+ && (type !=
+ SSL3_RT_APPLICATION_DATA))) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_BYTES,
+ ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
+
+ if ((type == SSL3_RT_HANDSHAKE) && (s->rlayer.handshake_fragment_len > 0))
+ /* (partially) satisfy request from storage */
+ {
+ unsigned char *src = s->rlayer.handshake_fragment;
+ unsigned char *dst = buf;
+ unsigned int k;
+
+ /* peek == 0 */
+ n = 0;
+ while ((len > 0) && (s->rlayer.handshake_fragment_len > 0)) {
+ *dst++ = *src++;
+ len--;
+ s->rlayer.handshake_fragment_len--;
+ n++;
+ }
+ /* move any remaining fragment bytes: */
+ for (k = 0; k < s->rlayer.handshake_fragment_len; k++)
+ s->rlayer.handshake_fragment[k] = *src++;
+
+ if (recvd_type != NULL)
+ *recvd_type = SSL3_RT_HANDSHAKE;
+
+ *readbytes = n;
+ return 1;
+ }
+
+ /*
+ * Now s->rlayer.handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE.
+ */
+
+ if (!ossl_statem_get_in_handshake(s) && SSL_in_init(s)) {
+ /* type == SSL3_RT_APPLICATION_DATA */
+ i = s->handshake_func(s);
+ /* SSLfatal() already called */
+ if (i < 0)
+ return i;
+ if (i == 0)
+ return -1;
+ }
+ start:
+ s->rwstate = SSL_NOTHING;
+
+ /*-
+ * For each record 'i' up to |num_recs]
+ * rr[i].type - is the type of record
+ * rr[i].data, - data
+ * rr[i].off, - offset into 'data' for next read
+ * rr[i].length, - number of bytes.
+ */
+ rr = s->rlayer.rrec;
+ num_recs = RECORD_LAYER_get_numrpipes(&s->rlayer);
+
+ do {
+ /* get new records if necessary */
+ if (num_recs == 0) {
+ ret = ssl3_get_record(s);
+ if (ret <= 0) {
+ /* SSLfatal() already called if appropriate */
+ return ret;
+ }
+ num_recs = RECORD_LAYER_get_numrpipes(&s->rlayer);
+ if (num_recs == 0) {
+ /* Shouldn't happen */
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_BYTES,
+ ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
+ }
+ /* Skip over any records we have already read */
+ for (curr_rec = 0;
+ curr_rec < num_recs && SSL3_RECORD_is_read(&rr[curr_rec]);
+ curr_rec++) ;
+ if (curr_rec == num_recs) {
+ RECORD_LAYER_set_numrpipes(&s->rlayer, 0);
+ num_recs = 0;
+ curr_rec = 0;
+ }
+ } while (num_recs == 0);
+ rr = &rr[curr_rec];
+
+ if (s->rlayer.handshake_fragment_len > 0
+ && SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE
+ && SSL_IS_TLS13(s)) {
+ SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+ SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA);
+ return -1;
+ }
+
+ /*
+ * Reset the count of consecutive warning alerts if we've got a non-empty
+ * record that isn't an alert.
+ */
+ if (SSL3_RECORD_get_type(rr) != SSL3_RT_ALERT
+ && SSL3_RECORD_get_length(rr) != 0)
+ s->rlayer.alert_count = 0;
+
+ /* we now have a packet which can be read and processed */
+
+ if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
+ * reset by ssl3_get_finished */
+ && (SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE)) {
+ SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+ SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
+ return -1;
+ }
+
+ /*
+ * If the other end has shut down, throw anything we read away (even in
+ * 'peek' mode)
+ */
+ if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
+ SSL3_RECORD_set_length(rr, 0);
+ s->rwstate = SSL_NOTHING;
+ return 0;
+ }
+
+ if (type == SSL3_RECORD_get_type(rr)
+ || (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC
+ && type == SSL3_RT_HANDSHAKE && recvd_type != NULL
+ && !is_tls13)) {
+ /*
+ * SSL3_RT_APPLICATION_DATA or
+ * SSL3_RT_HANDSHAKE or
+ * SSL3_RT_CHANGE_CIPHER_SPEC
+ */
+ /*
+ * make sure that we are not getting application data when we are
+ * doing a handshake for the first time
+ */
+ if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
+ (s->enc_read_ctx == NULL)) {
+ SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+ SSL_R_APP_DATA_IN_HANDSHAKE);
+ return -1;
+ }
+
+ if (type == SSL3_RT_HANDSHAKE
+ && SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC
+ && s->rlayer.handshake_fragment_len > 0) {
+ SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+ SSL_R_CCS_RECEIVED_EARLY);
+ return -1;
+ }
+
+ if (recvd_type != NULL)
+ *recvd_type = SSL3_RECORD_get_type(rr);
+
+ if (len == 0) {
+ /*
+ * Mark a zero length record as read. This ensures multiple calls to
+ * SSL_read() with a zero length buffer will eventually cause
+ * SSL_pending() to report data as being available.
+ */
+ if (SSL3_RECORD_get_length(rr) == 0)
+ SSL3_RECORD_set_read(rr);
+ return 0;
+ }
+
+ totalbytes = 0;
+ do {
+ if (len - totalbytes > SSL3_RECORD_get_length(rr))
+ n = SSL3_RECORD_get_length(rr);
+ else
+ n = len - totalbytes;
+
+ memcpy(buf, &(rr->data[rr->off]), n);
+ buf += n;
+ if (peek) {
+ /* Mark any zero length record as consumed CVE-2016-6305 */
+ if (SSL3_RECORD_get_length(rr) == 0)
+ SSL3_RECORD_set_read(rr);
+ } else {
+ SSL3_RECORD_sub_length(rr, n);
+ SSL3_RECORD_add_off(rr, n);
+ if (SSL3_RECORD_get_length(rr) == 0) {
+ s->rlayer.rstate = SSL_ST_READ_HEADER;
+ SSL3_RECORD_set_off(rr, 0);
+ SSL3_RECORD_set_read(rr);
+ }
+ }
+ if (SSL3_RECORD_get_length(rr) == 0
+ || (peek && n == SSL3_RECORD_get_length(rr))) {
+ curr_rec++;
+ rr++;
+ }
+ totalbytes += n;
+ } while (type == SSL3_RT_APPLICATION_DATA && curr_rec < num_recs
+ && totalbytes < len);
+ if (totalbytes == 0) {
+ /* We must have read empty records. Get more data */
+ goto start;
+ }
+ if (!peek && curr_rec == num_recs
+ && (s->mode & SSL_MODE_RELEASE_BUFFERS)
+ && SSL3_BUFFER_get_left(rbuf) == 0)
+ ssl3_release_read_buffer(s);
+ *readbytes = totalbytes;
+ return 1;
+ }
+
+ /*
+ * If we get here, then type != rr->type; if we have a handshake message,
+ * then it was unexpected (Hello Request or Client Hello) or invalid (we
+ * were actually expecting a CCS).
+ */
+
+ /*
+ * Lets just double check that we've not got an SSLv2 record
+ */
+ if (rr->rec_version == SSL2_VERSION) {
+ /*
+ * Should never happen. ssl3_get_record() should only give us an SSLv2
+ * record back if this is the first packet and we are looking for an
+ * initial ClientHello. Therefore |type| should always be equal to
+ * |rr->type|. If not then something has gone horribly wrong
+ */
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_BYTES,
+ ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
+
+ if (s->method->version == TLS_ANY_VERSION
+ && (s->server || rr->type != SSL3_RT_ALERT)) {
+ /*
+ * If we've got this far and still haven't decided on what version
+ * we're using then this must be a client side alert we're dealing with
+ * (we don't allow heartbeats yet). We shouldn't be receiving anything
+ * other than a ClientHello if we are a server.
+ */
+ s->version = rr->rec_version;
+ SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+ SSL_R_UNEXPECTED_MESSAGE);
+ return -1;
+ }
+
+ /*-
+ * s->rlayer.handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE;
+ * (Possibly rr is 'empty' now, i.e. rr->length may be 0.)
+ */
+
+ if (SSL3_RECORD_get_type(rr) == SSL3_RT_ALERT) {
+ unsigned int alert_level, alert_descr;
+ unsigned char *alert_bytes = SSL3_RECORD_get_data(rr)
+ + SSL3_RECORD_get_off(rr);
+ PACKET alert;
+
+ if (!PACKET_buf_init(&alert, alert_bytes, SSL3_RECORD_get_length(rr))
+ || !PACKET_get_1(&alert, &alert_level)
+ || !PACKET_get_1(&alert, &alert_descr)
+ || PACKET_remaining(&alert) != 0) {
+ SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+ SSL_R_INVALID_ALERT);
+ return -1;
+ }
+
+ if (s->msg_callback)
+ s->msg_callback(0, s->version, SSL3_RT_ALERT, alert_bytes, 2, s,
+ s->msg_callback_arg);
+
+ if (s->info_callback != NULL)
+ cb = s->info_callback;
+ else if (s->ctx->info_callback != NULL)
+ cb = s->ctx->info_callback;
+
+ if (cb != NULL) {
+ j = (alert_level << 8) | alert_descr;
+ cb(s, SSL_CB_READ_ALERT, j);
+ }
+
+ if (alert_level == SSL3_AL_WARNING
+ || (is_tls13 && alert_descr == SSL_AD_USER_CANCELLED)) {
+ s->s3->warn_alert = alert_descr;
+ SSL3_RECORD_set_read(rr);
+
+ s->rlayer.alert_count++;
+ if (s->rlayer.alert_count == MAX_WARN_ALERT_COUNT) {
+ SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+ SSL_R_TOO_MANY_WARN_ALERTS);
+ return -1;
+ }
+ }
+
+ /*
+ * Apart from close_notify the only other warning alert in TLSv1.3
+ * is user_cancelled - which we just ignore.
+ */
+ if (is_tls13 && alert_descr == SSL_AD_USER_CANCELLED) {
+ goto start;
+ } else if (alert_descr == SSL_AD_CLOSE_NOTIFY
+ && (is_tls13 || alert_level == SSL3_AL_WARNING)) {
+ s->shutdown |= SSL_RECEIVED_SHUTDOWN;
+ return 0;
+ } else if (alert_level == SSL3_AL_FATAL || is_tls13) {
+ char tmp[16];
+
+ s->rwstate = SSL_NOTHING;
+ s->s3->fatal_alert = alert_descr;
+ SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_READ_BYTES,
+ SSL_AD_REASON_OFFSET + alert_descr);
+ BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr);
+ ERR_add_error_data(2, "SSL alert number ", tmp);
+ s->shutdown |= SSL_RECEIVED_SHUTDOWN;
+ SSL3_RECORD_set_read(rr);
+ SSL_CTX_remove_session(s->session_ctx, s->session);
+ return 0;
+ } else if (alert_descr == SSL_AD_NO_RENEGOTIATION) {
+ /*
+ * This is a warning but we receive it if we requested
+ * renegotiation and the peer denied it. Terminate with a fatal
+ * alert because if application tried to renegotiate it
+ * presumably had a good reason and expects it to succeed. In
+ * future we might have a renegotiation where we don't care if
+ * the peer refused it where we carry on.
+ */
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_SSL3_READ_BYTES,
+ SSL_R_NO_RENEGOTIATION);
+ return -1;
+ } else if (alert_level == SSL3_AL_WARNING) {
+ /* We ignore any other warning alert in TLSv1.2 and below */
+ goto start;
+ }
+
+ SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SSL3_READ_BYTES,
+ SSL_R_UNKNOWN_ALERT_TYPE);
+ return -1;
+ }
+
+ if ((s->shutdown & SSL_SENT_SHUTDOWN) != 0) {
+ if (SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) {
+ BIO *rbio;
+
+ /*
+ * We ignore any handshake messages sent to us unless they are
+ * TLSv1.3 in which case we want to process them. For all other
+ * handshake messages we can't do anything reasonable with them
+ * because we are unable to write any response due to having already
+ * sent close_notify.
+ */
+ if (!SSL_IS_TLS13(s)) {
+ SSL3_RECORD_set_length(rr, 0);
+ SSL3_RECORD_set_read(rr);
+
+ if ((s->mode & SSL_MODE_AUTO_RETRY) != 0)
+ goto start;
+
+ s->rwstate = SSL_READING;
+ rbio = SSL_get_rbio(s);
+ BIO_clear_retry_flags(rbio);
+ BIO_set_retry_read(rbio);
+ return -1;
+ }
+ } else {
+ /*
+ * The peer is continuing to send application data, but we have
+ * already sent close_notify. If this was expected we should have
+ * been called via SSL_read() and this would have been handled
+ * above.
+ * No alert sent because we already sent close_notify
+ */
+ SSL3_RECORD_set_length(rr, 0);
+ SSL3_RECORD_set_read(rr);
+ SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_READ_BYTES,
+ SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY);
+ return -1;
+ }
+ }
+
+ /*
+ * For handshake data we have 'fragment' storage, so fill that so that we
+ * can process the header at a fixed place. This is done after the
+ * "SHUTDOWN" code above to avoid filling the fragment storage with data
+ * that we're just going to discard.
+ */
+ if (SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) {
+ size_t dest_maxlen = sizeof(s->rlayer.handshake_fragment);
+ unsigned char *dest = s->rlayer.handshake_fragment;
+ size_t *dest_len = &s->rlayer.handshake_fragment_len;
+
+ n = dest_maxlen - *dest_len; /* available space in 'dest' */
+ if (SSL3_RECORD_get_length(rr) < n)
+ n = SSL3_RECORD_get_length(rr); /* available bytes */
+
+ /* now move 'n' bytes: */
+ memcpy(dest + *dest_len,
+ SSL3_RECORD_get_data(rr) + SSL3_RECORD_get_off(rr), n);
+ SSL3_RECORD_add_off(rr, n);
+ SSL3_RECORD_sub_length(rr, n);
+ *dest_len += n;
+ if (SSL3_RECORD_get_length(rr) == 0)
+ SSL3_RECORD_set_read(rr);
+
+ if (*dest_len < dest_maxlen)
+ goto start; /* fragment was too small */
+ }
+
+ if (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC) {
+ SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+ SSL_R_CCS_RECEIVED_EARLY);
+ return -1;
+ }
+
+ /*
+ * Unexpected handshake message (ClientHello, NewSessionTicket (TLS1.3) or
+ * protocol violation)
+ */
+ if ((s->rlayer.handshake_fragment_len >= 4)
+ && !ossl_statem_get_in_handshake(s)) {
+ int ined = (s->early_data_state == SSL_EARLY_DATA_READING);
+
+ /* We found handshake data, so we're going back into init */
+ ossl_statem_set_in_init(s, 1);
+
+ i = s->handshake_func(s);
+ /* SSLfatal() already called if appropriate */
+ if (i < 0)
+ return i;
+ if (i == 0) {
+ return -1;
+ }
+
+ /*
+ * If we were actually trying to read early data and we found a
+ * handshake message, then we don't want to continue to try and read
+ * the application data any more. It won't be "early" now.
+ */
+ if (ined)
+ return -1;
+
+ if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
+ if (SSL3_BUFFER_get_left(rbuf) == 0) {
+ /* no read-ahead left? */
+ BIO *bio;
+ /*
+ * In the case where we try to read application data, but we
+ * trigger an SSL handshake, we return -1 with the retry
+ * option set. Otherwise renegotiation may cause nasty
+ * problems in the blocking world
+ */
+ s->rwstate = SSL_READING;
+ bio = SSL_get_rbio(s);
+ BIO_clear_retry_flags(bio);
+ BIO_set_retry_read(bio);
+ return -1;
+ }
+ }
+ goto start;
+ }
+
+ switch (SSL3_RECORD_get_type(rr)) {
+ default:
+ /*
+ * TLS 1.0 and 1.1 say you SHOULD ignore unrecognised record types, but
+ * TLS 1.2 says you MUST send an unexpected message alert. We use the
+ * TLS 1.2 behaviour for all protocol versions to prevent issues where
+ * no progress is being made and the peer continually sends unrecognised
+ * record types, using up resources processing them.
+ */
+ SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+ SSL_R_UNEXPECTED_RECORD);
+ return -1;
+ case SSL3_RT_CHANGE_CIPHER_SPEC:
+ case SSL3_RT_ALERT:
+ case SSL3_RT_HANDSHAKE:
+ /*
+ * we already handled all of these, with the possible exception of
+ * SSL3_RT_HANDSHAKE when ossl_statem_get_in_handshake(s) is true, but
+ * that should not happen when type != rr->type
+ */
+ SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+ ERR_R_INTERNAL_ERROR);
+ return -1;
+ case SSL3_RT_APPLICATION_DATA:
+ /*
+ * At this point, we were expecting handshake data, but have
+ * application data. If the library was running inside ssl3_read()
+ * (i.e. in_read_app_data is set) and it makes sense to read
+ * application data at this point (session renegotiation not yet
+ * started), we will indulge it.
+ */
+ if (ossl_statem_app_data_allowed(s)) {
+ s->s3->in_read_app_data = 2;
+ return -1;
+ } else if (ossl_statem_skip_early_data(s)) {
+ /*
+ * This can happen after a client sends a CH followed by early_data,
+ * but the server responds with a HelloRetryRequest. The server
+ * reads the next record from the client expecting to find a
+ * plaintext ClientHello but gets a record which appears to be
+ * application data. The trial decrypt "works" because null
+ * decryption was applied. We just skip it and move on to the next
+ * record.
+ */
+ if (!early_data_count_ok(s, rr->length,
+ EARLY_DATA_CIPHERTEXT_OVERHEAD, 0)) {
+ /* SSLfatal() already called */
+ return -1;
+ }
+ SSL3_RECORD_set_read(rr);
+ goto start;
+ } else {
+ SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+ SSL_R_UNEXPECTED_RECORD);
+ return -1;
+ }
+ }
+}
+
+void ssl3_record_sequence_update(unsigned char *seq)
+{
+ int i;
+
+ for (i = 7; i >= 0; i--) {
+ ++seq[i];
+ if (seq[i] != 0)
+ break;
+ }
+}
+
+/*
+ * Returns true if the current rrec was sent in SSLv2 backwards compatible
+ * format and false otherwise.
+ */
+int RECORD_LAYER_is_sslv2_record(RECORD_LAYER *rl)
+{
+ return SSL3_RECORD_is_sslv2_record(&rl->rrec[0]);
+}
+
+/*
+ * Returns the length in bytes of the current rrec
+ */
+size_t RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl)
+{
+ return SSL3_RECORD_get_length(&rl->rrec[0]);
+}
Index: sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/ssl/record/record.h
===================================================================
--- sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/ssl/record/record.h (nonexistent)
+++ sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/ssl/record/record.h (revision 420)
@@ -0,0 +1,237 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*****************************************************************************
+ * *
+ * These structures should be considered PRIVATE to the record layer. No *
+ * non-record layer code should be using these structures in any way. *
+ * *
+ *****************************************************************************/
+
+typedef struct ssl3_buffer_st {
+ /* at least SSL3_RT_MAX_PACKET_SIZE bytes, see ssl3_setup_buffers() */
+ unsigned char *buf;
+ /* default buffer size (or 0 if no default set) */
+ size_t default_len;
+ /* buffer size */
+ size_t len;
+ /* where to 'copy from' */
+ size_t offset;
+ /* how many bytes left */
+ size_t left;
+} SSL3_BUFFER;
+
+#define SEQ_NUM_SIZE 8
+
+typedef struct ssl3_record_st {
+ /* Record layer version */
+ /* r */
+ int rec_version;
+ /* type of record */
+ /* r */
+ int type;
+ /* How many bytes available */
+ /* rw */
+ size_t length;
+ /*
+ * How many bytes were available before padding was removed? This is used
+ * to implement the MAC check in constant time for CBC records.
+ */
+ /* rw */
+ size_t orig_len;
+ /* read/write offset into 'buf' */
+ /* r */
+ size_t off;
+ /* pointer to the record data */
+ /* rw */
+ unsigned char *data;
+ /* where the decode bytes are */
+ /* rw */
+ unsigned char *input;
+ /* only used with decompression - malloc()ed */
+ /* r */
+ unsigned char *comp;
+ /* Whether the data from this record has already been read or not */
+ /* r */
+ unsigned int read;
+ /* epoch number, needed by DTLS1 */
+ /* r */
+ unsigned long epoch;
+ /* sequence number, needed by DTLS1 */
+ /* r */
+ unsigned char seq_num[SEQ_NUM_SIZE];
+} SSL3_RECORD;
+
+typedef struct dtls1_bitmap_st {
+ /* Track 32 packets on 32-bit systems and 64 - on 64-bit systems */
+ unsigned long map;
+ /* Max record number seen so far, 64-bit value in big-endian encoding */
+ unsigned char max_seq_num[SEQ_NUM_SIZE];
+} DTLS1_BITMAP;
+
+typedef struct record_pqueue_st {
+ unsigned short epoch;
+ struct pqueue_st *q;
+} record_pqueue;
+
+typedef struct dtls1_record_data_st {
+ unsigned char *packet;
+ size_t packet_length;
+ SSL3_BUFFER rbuf;
+ SSL3_RECORD rrec;
+#ifndef OPENSSL_NO_SCTP
+ struct bio_dgram_sctp_rcvinfo recordinfo;
+#endif
+} DTLS1_RECORD_DATA;
+
+typedef struct dtls_record_layer_st {
+ /*
+ * The current data and handshake epoch. This is initially
+ * undefined, and starts at zero once the initial handshake is
+ * completed
+ */
+ unsigned short r_epoch;
+ unsigned short w_epoch;
+ /* records being received in the current epoch */
+ DTLS1_BITMAP bitmap;
+ /* renegotiation starts a new set of sequence numbers */
+ DTLS1_BITMAP next_bitmap;
+ /* Received handshake records (processed and unprocessed) */
+ record_pqueue unprocessed_rcds;
+ record_pqueue processed_rcds;
+ /*
+ * Buffered application records. Only for records between CCS and
+ * Finished to prevent either protocol violation or unnecessary message
+ * loss.
+ */
+ record_pqueue buffered_app_data;
+ /* save last and current sequence numbers for retransmissions */
+ unsigned char last_write_sequence[8];
+ unsigned char curr_write_sequence[8];
+} DTLS_RECORD_LAYER;
+
+/*****************************************************************************
+ * *
+ * This structure should be considered "opaque" to anything outside of the *
+ * record layer. No non-record layer code should be accessing the members of *
+ * this structure. *
+ * *
+ *****************************************************************************/
+
+typedef struct record_layer_st {
+ /* The parent SSL structure */
+ SSL *s;
+ /*
+ * Read as many input bytes as possible (for
+ * non-blocking reads)
+ */
+ int read_ahead;
+ /* where we are when reading */
+ int rstate;
+ /* How many pipelines can be used to read data */
+ size_t numrpipes;
+ /* How many pipelines can be used to write data */
+ size_t numwpipes;
+ /* read IO goes into here */
+ SSL3_BUFFER rbuf;
+ /* write IO goes into here */
+ SSL3_BUFFER wbuf[SSL_MAX_PIPELINES];
+ /* each decoded record goes in here */
+ SSL3_RECORD rrec[SSL_MAX_PIPELINES];
+ /* used internally to point at a raw packet */
+ unsigned char *packet;
+ size_t packet_length;
+ /* number of bytes sent so far */
+ size_t wnum;
+ unsigned char handshake_fragment[4];
+ size_t handshake_fragment_len;
+ /* The number of consecutive empty records we have received */
+ size_t empty_record_count;
+ /* partial write - check the numbers match */
+ /* number bytes written */
+ size_t wpend_tot;
+ int wpend_type;
+ /* number of bytes submitted */
+ size_t wpend_ret;
+ const unsigned char *wpend_buf;
+ unsigned char read_sequence[SEQ_NUM_SIZE];
+ unsigned char write_sequence[SEQ_NUM_SIZE];
+ /* Set to true if this is the first record in a connection */
+ unsigned int is_first_record;
+ /* Count of the number of consecutive warning alerts received */
+ unsigned int alert_count;
+ DTLS_RECORD_LAYER *d;
+} RECORD_LAYER;
+
+/*****************************************************************************
+ * *
+ * The following macros/functions represent the libssl internal API to the *
+ * record layer. Any libssl code may call these functions/macros *
+ * *
+ *****************************************************************************/
+
+#define MIN_SSL2_RECORD_LEN 9
+
+#define RECORD_LAYER_set_read_ahead(rl, ra) ((rl)->read_ahead = (ra))
+#define RECORD_LAYER_get_read_ahead(rl) ((rl)->read_ahead)
+#define RECORD_LAYER_get_packet(rl) ((rl)->packet)
+#define RECORD_LAYER_get_packet_length(rl) ((rl)->packet_length)
+#define RECORD_LAYER_add_packet_length(rl, inc) ((rl)->packet_length += (inc))
+#define DTLS_RECORD_LAYER_get_w_epoch(rl) ((rl)->d->w_epoch)
+#define DTLS_RECORD_LAYER_get_processed_rcds(rl) \
+ ((rl)->d->processed_rcds)
+#define DTLS_RECORD_LAYER_get_unprocessed_rcds(rl) \
+ ((rl)->d->unprocessed_rcds)
+#define RECORD_LAYER_get_rbuf(rl) (&(rl)->rbuf)
+#define RECORD_LAYER_get_wbuf(rl) ((rl)->wbuf)
+
+void RECORD_LAYER_init(RECORD_LAYER *rl, SSL *s);
+void RECORD_LAYER_clear(RECORD_LAYER *rl);
+void RECORD_LAYER_release(RECORD_LAYER *rl);
+int RECORD_LAYER_read_pending(const RECORD_LAYER *rl);
+int RECORD_LAYER_processed_read_pending(const RECORD_LAYER *rl);
+int RECORD_LAYER_write_pending(const RECORD_LAYER *rl);
+int RECORD_LAYER_data_present(const RECORD_LAYER *rl);
+void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl);
+void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl);
+int RECORD_LAYER_is_sslv2_record(RECORD_LAYER *rl);
+size_t RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl);
+__owur size_t ssl3_pending(const SSL *s);
+__owur int ssl3_write_bytes(SSL *s, int type, const void *buf, size_t len,
+ size_t *written);
+int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+ size_t *pipelens, size_t numpipes,
+ int create_empty_fragment, size_t *written);
+__owur int ssl3_read_bytes(SSL *s, int type, int *recvd_type,
+ unsigned char *buf, size_t len, int peek,
+ size_t *readbytes);
+__owur int ssl3_setup_buffers(SSL *s);
+__owur int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int send);
+__owur int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send);
+__owur int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len,
+ size_t *written);
+__owur int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int send);
+__owur int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send);
+__owur int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int send);
+int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl);
+void DTLS_RECORD_LAYER_free(RECORD_LAYER *rl);
+void DTLS_RECORD_LAYER_clear(RECORD_LAYER *rl);
+void DTLS_RECORD_LAYER_set_saved_w_epoch(RECORD_LAYER *rl, unsigned short e);
+void DTLS_RECORD_LAYER_clear(RECORD_LAYER *rl);
+void DTLS_RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, unsigned char *seq);
+__owur int dtls1_read_bytes(SSL *s, int type, int *recvd_type,
+ unsigned char *buf, size_t len, int peek,
+ size_t *readbytes);
+__owur int dtls1_write_bytes(SSL *s, int type, const void *buf, size_t len,
+ size_t *written);
+int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
+ size_t len, int create_empty_fragment, size_t *written);
+void dtls1_reset_seq_numbers(SSL *s, int rw);
+int dtls_buffer_listen_record(SSL *s, size_t len, unsigned char *seq,
+ size_t off);
Index: sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/ssl/ssl_lib.c
===================================================================
--- sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/ssl/ssl_lib.c (nonexistent)
+++ sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/ssl/ssl_lib.c (revision 420)
@@ -0,0 +1,5730 @@
+/*
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "ssl_local.h"
+#include <openssl/objects.h>
+#include <openssl/x509v3.h>
+#include <openssl/rand.h>
+#include <openssl/rand_drbg.h>
+#include <openssl/ocsp.h>
+#include <openssl/dh.h>
+#include <openssl/engine.h>
+#include <openssl/async.h>
+#include <openssl/ct.h>
+#include "internal/cryptlib.h"
+#include "internal/refcount.h"
+
+const char SSL_version_str[] = OPENSSL_VERSION_TEXT;
+
+static int ssl_undefined_function_1(SSL *ssl, SSL3_RECORD *r, size_t s, int t)
+{
+ (void)r;
+ (void)s;
+ (void)t;
+ return ssl_undefined_function(ssl);
+}
+
+static int ssl_undefined_function_2(SSL *ssl, SSL3_RECORD *r, unsigned char *s,
+ int t)
+{
+ (void)r;
+ (void)s;
+ (void)t;
+ return ssl_undefined_function(ssl);
+}
+
+static int ssl_undefined_function_3(SSL *ssl, unsigned char *r,
+ unsigned char *s, size_t t, size_t *u)
+{
+ (void)r;
+ (void)s;
+ (void)t;
+ (void)u;
+ return ssl_undefined_function(ssl);
+}
+
+static int ssl_undefined_function_4(SSL *ssl, int r)
+{
+ (void)r;
+ return ssl_undefined_function(ssl);
+}
+
+static size_t ssl_undefined_function_5(SSL *ssl, const char *r, size_t s,
+ unsigned char *t)
+{
+ (void)r;
+ (void)s;
+ (void)t;
+ return ssl_undefined_function(ssl);
+}
+
+static int ssl_undefined_function_6(int r)
+{
+ (void)r;
+ return ssl_undefined_function(NULL);
+}
+
+static int ssl_undefined_function_7(SSL *ssl, unsigned char *r, size_t s,
+ const char *t, size_t u,
+ const unsigned char *v, size_t w, int x)
+{
+ (void)r;
+ (void)s;
+ (void)t;
+ (void)u;
+ (void)v;
+ (void)w;
+ (void)x;
+ return ssl_undefined_function(ssl);
+}
+
+SSL3_ENC_METHOD ssl3_undef_enc_method = {
+ ssl_undefined_function_1,
+ ssl_undefined_function_2,
+ ssl_undefined_function,
+ ssl_undefined_function_3,
+ ssl_undefined_function_4,
+ ssl_undefined_function_5,
+ NULL, /* client_finished_label */
+ 0, /* client_finished_label_len */
+ NULL, /* server_finished_label */
+ 0, /* server_finished_label_len */
+ ssl_undefined_function_6,
+ ssl_undefined_function_7,
+};
+
+struct ssl_async_args {
+ SSL *s;
+ void *buf;
+ size_t num;
+ enum { READFUNC, WRITEFUNC, OTHERFUNC } type;
+ union {
+ int (*func_read) (SSL *, void *, size_t, size_t *);
+ int (*func_write) (SSL *, const void *, size_t, size_t *);
+ int (*func_other) (SSL *);
+ } f;
+};
+
+static const struct {
+ uint8_t mtype;
+ uint8_t ord;
+ int nid;
+} dane_mds[] = {
+ {
+ DANETLS_MATCHING_FULL, 0, NID_undef
+ },
+ {
+ DANETLS_MATCHING_2256, 1, NID_sha256
+ },
+ {
+ DANETLS_MATCHING_2512, 2, NID_sha512
+ },
+};
+
+static int dane_ctx_enable(struct dane_ctx_st *dctx)
+{
+ const EVP_MD **mdevp;
+ uint8_t *mdord;
+ uint8_t mdmax = DANETLS_MATCHING_LAST;
+ int n = ((int)mdmax) + 1; /* int to handle PrivMatch(255) */
+ size_t i;
+
+ if (dctx->mdevp != NULL)
+ return 1;
+
+ mdevp = OPENSSL_zalloc(n * sizeof(*mdevp));
+ mdord = OPENSSL_zalloc(n * sizeof(*mdord));
+
+ if (mdord == NULL || mdevp == NULL) {
+ OPENSSL_free(mdord);
+ OPENSSL_free(mdevp);
+ SSLerr(SSL_F_DANE_CTX_ENABLE, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
+ /* Install default entries */
+ for (i = 0; i < OSSL_NELEM(dane_mds); ++i) {
+ const EVP_MD *md;
+
+ if (dane_mds[i].nid == NID_undef ||
+ (md = EVP_get_digestbynid(dane_mds[i].nid)) == NULL)
+ continue;
+ mdevp[dane_mds[i].mtype] = md;
+ mdord[dane_mds[i].mtype] = dane_mds[i].ord;
+ }
+
+ dctx->mdevp = mdevp;
+ dctx->mdord = mdord;
+ dctx->mdmax = mdmax;
+
+ return 1;
+}
+
+static void dane_ctx_final(struct dane_ctx_st *dctx)
+{
+ OPENSSL_free(dctx->mdevp);
+ dctx->mdevp = NULL;
+
+ OPENSSL_free(dctx->mdord);
+ dctx->mdord = NULL;
+ dctx->mdmax = 0;
+}
+
+static void tlsa_free(danetls_record *t)
+{
+ if (t == NULL)
+ return;
+ OPENSSL_free(t->data);
+ EVP_PKEY_free(t->spki);
+ OPENSSL_free(t);
+}
+
+static void dane_final(SSL_DANE *dane)
+{
+ sk_danetls_record_pop_free(dane->trecs, tlsa_free);
+ dane->trecs = NULL;
+
+ sk_X509_pop_free(dane->certs, X509_free);
+ dane->certs = NULL;
+
+ X509_free(dane->mcert);
+ dane->mcert = NULL;
+ dane->mtlsa = NULL;
+ dane->mdpth = -1;
+ dane->pdpth = -1;
+}
+
+/*
+ * dane_copy - Copy dane configuration, sans verification state.
+ */
+static int ssl_dane_dup(SSL *to, SSL *from)
+{
+ int num;
+ int i;
+
+ if (!DANETLS_ENABLED(&from->dane))
+ return 1;
+
+ num = sk_danetls_record_num(from->dane.trecs);
+ dane_final(&to->dane);
+ to->dane.flags = from->dane.flags;
+ to->dane.dctx = &to->ctx->dane;
+ to->dane.trecs = sk_danetls_record_new_reserve(NULL, num);
+
+ if (to->dane.trecs == NULL) {
+ SSLerr(SSL_F_SSL_DANE_DUP, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
+ for (i = 0; i < num; ++i) {
+ danetls_record *t = sk_danetls_record_value(from->dane.trecs, i);
+
+ if (SSL_dane_tlsa_add(to, t->usage, t->selector, t->mtype,
+ t->data, t->dlen) <= 0)
+ return 0;
+ }
+ return 1;
+}
+
+static int dane_mtype_set(struct dane_ctx_st *dctx,
+ const EVP_MD *md, uint8_t mtype, uint8_t ord)
+{
+ int i;
+
+ if (mtype == DANETLS_MATCHING_FULL && md != NULL) {
+ SSLerr(SSL_F_DANE_MTYPE_SET, SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL);
+ return 0;
+ }
+
+ if (mtype > dctx->mdmax) {
+ const EVP_MD **mdevp;
+ uint8_t *mdord;
+ int n = ((int)mtype) + 1;
+
+ mdevp = OPENSSL_realloc(dctx->mdevp, n * sizeof(*mdevp));
+ if (mdevp == NULL) {
+ SSLerr(SSL_F_DANE_MTYPE_SET, ERR_R_MALLOC_FAILURE);
+ return -1;
+ }
+ dctx->mdevp = mdevp;
+
+ mdord = OPENSSL_realloc(dctx->mdord, n * sizeof(*mdord));
+ if (mdord == NULL) {
+ SSLerr(SSL_F_DANE_MTYPE_SET, ERR_R_MALLOC_FAILURE);
+ return -1;
+ }
+ dctx->mdord = mdord;
+
+ /* Zero-fill any gaps */
+ for (i = dctx->mdmax + 1; i < mtype; ++i) {
+ mdevp[i] = NULL;
+ mdord[i] = 0;
+ }
+
+ dctx->mdmax = mtype;
+ }
+
+ dctx->mdevp[mtype] = md;
+ /* Coerce ordinal of disabled matching types to 0 */
+ dctx->mdord[mtype] = (md == NULL) ? 0 : ord;
+
+ return 1;
+}
+
+static const EVP_MD *tlsa_md_get(SSL_DANE *dane, uint8_t mtype)
+{
+ if (mtype > dane->dctx->mdmax)
+ return NULL;
+ return dane->dctx->mdevp[mtype];
+}
+
+static int dane_tlsa_add(SSL_DANE *dane,
+ uint8_t usage,
+ uint8_t selector,
+ uint8_t mtype, unsigned const char *data, size_t dlen)
+{
+ danetls_record *t;
+ const EVP_MD *md = NULL;
+ int ilen = (int)dlen;
+ int i;
+ int num;
+
+ if (dane->trecs == NULL) {
+ SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_NOT_ENABLED);
+ return -1;
+ }
+
+ if (ilen < 0 || dlen != (size_t)ilen) {
+ SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_DATA_LENGTH);
+ return 0;
+ }
+
+ if (usage > DANETLS_USAGE_LAST) {
+ SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE);
+ return 0;
+ }
+
+ if (selector > DANETLS_SELECTOR_LAST) {
+ SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_SELECTOR);
+ return 0;
+ }
+
+ if (mtype != DANETLS_MATCHING_FULL) {
+ md = tlsa_md_get(dane, mtype);
+ if (md == NULL) {
+ SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_MATCHING_TYPE);
+ return 0;
+ }
+ }
+
+ if (md != NULL && dlen != (size_t)EVP_MD_size(md)) {
+ SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH);
+ return 0;
+ }
+ if (!data) {
+ SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_NULL_DATA);
+ return 0;
+ }
+
+ if ((t = OPENSSL_zalloc(sizeof(*t))) == NULL) {
+ SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
+ return -1;
+ }
+
+ t->usage = usage;
+ t->selector = selector;
+ t->mtype = mtype;
+ t->data = OPENSSL_malloc(dlen);
+ if (t->data == NULL) {
+ tlsa_free(t);
+ SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
+ return -1;
+ }
+ memcpy(t->data, data, dlen);
+ t->dlen = dlen;
+
+ /* Validate and cache full certificate or public key */
+ if (mtype == DANETLS_MATCHING_FULL) {
+ const unsigned char *p = data;
+ X509 *cert = NULL;
+ EVP_PKEY *pkey = NULL;
+
+ switch (selector) {
+ case DANETLS_SELECTOR_CERT:
+ if (!d2i_X509(&cert, &p, ilen) || p < data ||
+ dlen != (size_t)(p - data)) {
+ tlsa_free(t);
+ SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE);
+ return 0;
+ }
+ if (X509_get0_pubkey(cert) == NULL) {
+ tlsa_free(t);
+ SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE);
+ return 0;
+ }
+
+ if ((DANETLS_USAGE_BIT(usage) & DANETLS_TA_MASK) == 0) {
+ X509_free(cert);
+ break;
+ }
+
+ /*
+ * For usage DANE-TA(2), we support authentication via "2 0 0" TLSA
+ * records that contain full certificates of trust-anchors that are
+ * not present in the wire chain. For usage PKIX-TA(0), we augment
+ * the chain with untrusted Full(0) certificates from DNS, in case
+ * they are missing from the chain.
+ */
+ if ((dane->certs == NULL &&
+ (dane->certs = sk_X509_new_null()) == NULL) ||
+ !sk_X509_push(dane->certs, cert)) {
+ SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
+ X509_free(cert);
+ tlsa_free(t);
+ return -1;
+ }
+ break;
+
+ case DANETLS_SELECTOR_SPKI:
+ if (!d2i_PUBKEY(&pkey, &p, ilen) || p < data ||
+ dlen != (size_t)(p - data)) {
+ tlsa_free(t);
+ SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_PUBLIC_KEY);
+ return 0;
+ }
+
+ /*
+ * For usage DANE-TA(2), we support authentication via "2 1 0" TLSA
+ * records that contain full bare keys of trust-anchors that are
+ * not present in the wire chain.
+ */
+ if (usage == DANETLS_USAGE_DANE_TA)
+ t->spki = pkey;
+ else
+ EVP_PKEY_free(pkey);
+ break;
+ }
+ }
+
+ /*-
+ * Find the right insertion point for the new record.
+ *
+ * See crypto/x509/x509_vfy.c. We sort DANE-EE(3) records first, so that
+ * they can be processed first, as they require no chain building, and no
+ * expiration or hostname checks. Because DANE-EE(3) is numerically
+ * largest, this is accomplished via descending sort by "usage".
+ *
+ * We also sort in descending order by matching ordinal to simplify
+ * the implementation of digest agility in the verification code.
+ *
+ * The choice of order for the selector is not significant, so we
+ * use the same descending order for consistency.
+ */
+ num = sk_danetls_record_num(dane->trecs);
+ for (i = 0; i < num; ++i) {
+ danetls_record *rec = sk_danetls_record_value(dane->trecs, i);
+
+ if (rec->usage > usage)
+ continue;
+ if (rec->usage < usage)
+ break;
+ if (rec->selector > selector)
+ continue;
+ if (rec->selector < selector)
+ break;
+ if (dane->dctx->mdord[rec->mtype] > dane->dctx->mdord[mtype])
+ continue;
+ break;
+ }
+
+ if (!sk_danetls_record_insert(dane->trecs, t, i)) {
+ tlsa_free(t);
+ SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
+ return -1;
+ }
+ dane->umask |= DANETLS_USAGE_BIT(usage);
+
+ return 1;
+}
+
+/*
+ * Return 0 if there is only one version configured and it was disabled
+ * at configure time. Return 1 otherwise.
+ */
+static int ssl_check_allowed_versions(int min_version, int max_version)
+{
+ int minisdtls = 0, maxisdtls = 0;
+
+ /* Figure out if we're doing DTLS versions or TLS versions */
+ if (min_version == DTLS1_BAD_VER
+ || min_version >> 8 == DTLS1_VERSION_MAJOR)
+ minisdtls = 1;
+ if (max_version == DTLS1_BAD_VER
+ || max_version >> 8 == DTLS1_VERSION_MAJOR)
+ maxisdtls = 1;
+ /* A wildcard version of 0 could be DTLS or TLS. */
+ if ((minisdtls && !maxisdtls && max_version != 0)
+ || (maxisdtls && !minisdtls && min_version != 0)) {
+ /* Mixing DTLS and TLS versions will lead to sadness; deny it. */
+ return 0;
+ }
+
+ if (minisdtls || maxisdtls) {
+ /* Do DTLS version checks. */
+ if (min_version == 0)
+ /* Ignore DTLS1_BAD_VER */
+ min_version = DTLS1_VERSION;
+ if (max_version == 0)
+ max_version = DTLS1_2_VERSION;
+#ifdef OPENSSL_NO_DTLS1_2
+ if (max_version == DTLS1_2_VERSION)
+ max_version = DTLS1_VERSION;
+#endif
+#ifdef OPENSSL_NO_DTLS1
+ if (min_version == DTLS1_VERSION)
+ min_version = DTLS1_2_VERSION;
+#endif
+ /* Done massaging versions; do the check. */
+ if (0
+#ifdef OPENSSL_NO_DTLS1
+ || (DTLS_VERSION_GE(min_version, DTLS1_VERSION)
+ && DTLS_VERSION_GE(DTLS1_VERSION, max_version))
+#endif
+#ifdef OPENSSL_NO_DTLS1_2
+ || (DTLS_VERSION_GE(min_version, DTLS1_2_VERSION)
+ && DTLS_VERSION_GE(DTLS1_2_VERSION, max_version))
+#endif
+ )
+ return 0;
+ } else {
+ /* Regular TLS version checks. */
+ if (min_version == 0)
+ min_version = SSL3_VERSION;
+ if (max_version == 0)
+ max_version = TLS1_3_VERSION;
+#ifdef OPENSSL_NO_TLS1_3
+ if (max_version == TLS1_3_VERSION)
+ max_version = TLS1_2_VERSION;
+#endif
+#ifdef OPENSSL_NO_TLS1_2
+ if (max_version == TLS1_2_VERSION)
+ max_version = TLS1_1_VERSION;
+#endif
+#ifdef OPENSSL_NO_TLS1_1
+ if (max_version == TLS1_1_VERSION)
+ max_version = TLS1_VERSION;
+#endif
+#ifdef OPENSSL_NO_TLS1
+ if (max_version == TLS1_VERSION)
+ max_version = SSL3_VERSION;
+#endif
+#ifdef OPENSSL_NO_SSL3
+ if (min_version == SSL3_VERSION)
+ min_version = TLS1_VERSION;
+#endif
+#ifdef OPENSSL_NO_TLS1
+ if (min_version == TLS1_VERSION)
+ min_version = TLS1_1_VERSION;
+#endif
+#ifdef OPENSSL_NO_TLS1_1
+ if (min_version == TLS1_1_VERSION)
+ min_version = TLS1_2_VERSION;
+#endif
+#ifdef OPENSSL_NO_TLS1_2
+ if (min_version == TLS1_2_VERSION)
+ min_version = TLS1_3_VERSION;
+#endif
+ /* Done massaging versions; do the check. */
+ if (0
+#ifdef OPENSSL_NO_SSL3
+ || (min_version <= SSL3_VERSION && SSL3_VERSION <= max_version)
+#endif
+#ifdef OPENSSL_NO_TLS1
+ || (min_version <= TLS1_VERSION && TLS1_VERSION <= max_version)
+#endif
+#ifdef OPENSSL_NO_TLS1_1
+ || (min_version <= TLS1_1_VERSION && TLS1_1_VERSION <= max_version)
+#endif
+#ifdef OPENSSL_NO_TLS1_2
+ || (min_version <= TLS1_2_VERSION && TLS1_2_VERSION <= max_version)
+#endif
+#ifdef OPENSSL_NO_TLS1_3
+ || (min_version <= TLS1_3_VERSION && TLS1_3_VERSION <= max_version)
+#endif
+ )
+ return 0;
+ }
+ return 1;
+}
+
+static void clear_ciphers(SSL *s)
+{
+ /* clear the current cipher */
+ ssl_clear_cipher_ctx(s);
+ ssl_clear_hash_ctx(&s->read_hash);
+ ssl_clear_hash_ctx(&s->write_hash);
+}
+
+int SSL_clear(SSL *s)
+{
+ if (s->method == NULL) {
+ SSLerr(SSL_F_SSL_CLEAR, SSL_R_NO_METHOD_SPECIFIED);
+ return 0;
+ }
+
+ if (ssl_clear_bad_session(s)) {
+ SSL_SESSION_free(s->session);
+ s->session = NULL;
+ }
+ SSL_SESSION_free(s->psksession);
+ s->psksession = NULL;
+ OPENSSL_free(s->psksession_id);
+ s->psksession_id = NULL;
+ s->psksession_id_len = 0;
+ s->hello_retry_request = 0;
+ s->sent_tickets = 0;
+
+ s->error = 0;
+ s->hit = 0;
+ s->shutdown = 0;
+
+ if (s->renegotiate) {
+ SSLerr(SSL_F_SSL_CLEAR, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
+ ossl_statem_clear(s);
+
+ s->version = s->method->version;
+ s->client_version = s->version;
+ s->rwstate = SSL_NOTHING;
+
+ BUF_MEM_free(s->init_buf);
+ s->init_buf = NULL;
+ clear_ciphers(s);
+ s->first_packet = 0;
+
+ s->key_update = SSL_KEY_UPDATE_NONE;
+
+ EVP_MD_CTX_free(s->pha_dgst);
+ s->pha_dgst = NULL;
+
+ /* Reset DANE verification result state */
+ s->dane.mdpth = -1;
+ s->dane.pdpth = -1;
+ X509_free(s->dane.mcert);
+ s->dane.mcert = NULL;
+ s->dane.mtlsa = NULL;
+
+ /* Clear the verification result peername */
+ X509_VERIFY_PARAM_move_peername(s->param, NULL);
+
+ /* Clear any shared connection state */
+ OPENSSL_free(s->shared_sigalgs);
+ s->shared_sigalgs = NULL;
+ s->shared_sigalgslen = 0;
+
+ /*
+ * Check to see if we were changed into a different method, if so, revert
+ * back.
+ */
+ if (s->method != s->ctx->method) {
+ s->method->ssl_free(s);
+ s->method = s->ctx->method;
+ if (!s->method->ssl_new(s))
+ return 0;
+ } else {
+ if (!s->method->ssl_clear(s))
+ return 0;
+ }
+
+ RECORD_LAYER_clear(&s->rlayer);
+
+ return 1;
+}
+
+/** Used to change an SSL_CTXs default SSL method type */
+int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
+{
+ STACK_OF(SSL_CIPHER) *sk;
+
+ ctx->method = meth;
+
+ if (!SSL_CTX_set_ciphersuites(ctx, TLS_DEFAULT_CIPHERSUITES)) {
+ SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
+ return 0;
+ }
+ sk = ssl_create_cipher_list(ctx->method,
+ ctx->tls13_ciphersuites,
+ &(ctx->cipher_list),
+ &(ctx->cipher_list_by_id),
+ SSL_DEFAULT_CIPHER_LIST, ctx->cert);
+ if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
+ SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
+ return 0;
+ }
+ return 1;
+}
+
+SSL *SSL_new(SSL_CTX *ctx)
+{
+ SSL *s;
+
+ if (ctx == NULL) {
+ SSLerr(SSL_F_SSL_NEW, SSL_R_NULL_SSL_CTX);
+ return NULL;
+ }
+ if (ctx->method == NULL) {
+ SSLerr(SSL_F_SSL_NEW, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
+ return NULL;
+ }
+
+ s = OPENSSL_zalloc(sizeof(*s));
+ if (s == NULL)
+ goto err;
+
+ s->references = 1;
+ s->lock = CRYPTO_THREAD_lock_new();
+ if (s->lock == NULL) {
+ OPENSSL_free(s);
+ s = NULL;
+ goto err;
+ }
+
+ RECORD_LAYER_init(&s->rlayer, s);
+
+ s->options = ctx->options;
+ s->dane.flags = ctx->dane.flags;
+ s->min_proto_version = ctx->min_proto_version;
+ s->max_proto_version = ctx->max_proto_version;
+ s->mode = ctx->mode;
+ s->max_cert_list = ctx->max_cert_list;
+ s->max_early_data = ctx->max_early_data;
+ s->recv_max_early_data = ctx->recv_max_early_data;
+ s->num_tickets = ctx->num_tickets;
+ s->pha_enabled = ctx->pha_enabled;
+
+ /* Shallow copy of the ciphersuites stack */
+ s->tls13_ciphersuites = sk_SSL_CIPHER_dup(ctx->tls13_ciphersuites);
+ if (s->tls13_ciphersuites == NULL)
+ goto err;
+
+ /*
+ * Earlier library versions used to copy the pointer to the CERT, not
+ * its contents; only when setting new parameters for the per-SSL
+ * copy, ssl_cert_new would be called (and the direct reference to
+ * the per-SSL_CTX settings would be lost, but those still were
+ * indirectly accessed for various purposes, and for that reason they
+ * used to be known as s->ctx->default_cert). Now we don't look at the
+ * SSL_CTX's CERT after having duplicated it once.
+ */
+ s->cert = ssl_cert_dup(ctx->cert);
+ if (s->cert == NULL)
+ goto err;
+
+ RECORD_LAYER_set_read_ahead(&s->rlayer, ctx->read_ahead);
+ s->msg_callback = ctx->msg_callback;
+ s->msg_callback_arg = ctx->msg_callback_arg;
+ s->verify_mode = ctx->verify_mode;
+ s->not_resumable_session_cb = ctx->not_resumable_session_cb;
+ s->record_padding_cb = ctx->record_padding_cb;
+ s->record_padding_arg = ctx->record_padding_arg;
+ s->block_padding = ctx->block_padding;
+ s->sid_ctx_length = ctx->sid_ctx_length;
+ if (!ossl_assert(s->sid_ctx_length <= sizeof(s->sid_ctx)))
+ goto err;
+ memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx));
+ s->verify_callback = ctx->default_verify_callback;
+ s->generate_session_id = ctx->generate_session_id;
+
+ s->param = X509_VERIFY_PARAM_new();
+ if (s->param == NULL)
+ goto err;
+ X509_VERIFY_PARAM_inherit(s->param, ctx->param);
+ s->quiet_shutdown = ctx->quiet_shutdown;
+
+ s->ext.max_fragment_len_mode = ctx->ext.max_fragment_len_mode;
+ s->max_send_fragment = ctx->max_send_fragment;
+ s->split_send_fragment = ctx->split_send_fragment;
+ s->max_pipelines = ctx->max_pipelines;
+ if (s->max_pipelines > 1)
+ RECORD_LAYER_set_read_ahead(&s->rlayer, 1);
+ if (ctx->default_read_buf_len > 0)
+ SSL_set_default_read_buffer_len(s, ctx->default_read_buf_len);
+
+ SSL_CTX_up_ref(ctx);
+ s->ctx = ctx;
+ s->ext.debug_cb = 0;
+ s->ext.debug_arg = NULL;
+ s->ext.ticket_expected = 0;
+ s->ext.status_type = ctx->ext.status_type;
+ s->ext.status_expected = 0;
+ s->ext.ocsp.ids = NULL;
+ s->ext.ocsp.exts = NULL;
+ s->ext.ocsp.resp = NULL;
+ s->ext.ocsp.resp_len = 0;
+ SSL_CTX_up_ref(ctx);
+ s->session_ctx = ctx;
+#ifndef OPENSSL_NO_EC
+ if (ctx->ext.ecpointformats) {
+ s->ext.ecpointformats =
+ OPENSSL_memdup(ctx->ext.ecpointformats,
+ ctx->ext.ecpointformats_len);
+ if (!s->ext.ecpointformats) {
+ s->ext.ecpointformats_len = 0;
+ goto err;
+ }
+ s->ext.ecpointformats_len =
+ ctx->ext.ecpointformats_len;
+ }
+ if (ctx->ext.supportedgroups) {
+ s->ext.supportedgroups =
+ OPENSSL_memdup(ctx->ext.supportedgroups,
+ ctx->ext.supportedgroups_len
+ * sizeof(*ctx->ext.supportedgroups));
+ if (!s->ext.supportedgroups) {
+ s->ext.supportedgroups_len = 0;
+ goto err;
+ }
+ s->ext.supportedgroups_len = ctx->ext.supportedgroups_len;
+ }
+#endif
+#ifndef OPENSSL_NO_NEXTPROTONEG
+ s->ext.npn = NULL;
+#endif
+
+ if (s->ctx->ext.alpn) {
+ s->ext.alpn = OPENSSL_malloc(s->ctx->ext.alpn_len);
+ if (s->ext.alpn == NULL) {
+ s->ext.alpn_len = 0;
+ goto err;
+ }
+ memcpy(s->ext.alpn, s->ctx->ext.alpn, s->ctx->ext.alpn_len);
+ s->ext.alpn_len = s->ctx->ext.alpn_len;
+ }
+
+ s->verified_chain = NULL;
+ s->verify_result = X509_V_OK;
+
+ s->default_passwd_callback = ctx->default_passwd_callback;
+ s->default_passwd_callback_userdata = ctx->default_passwd_callback_userdata;
+
+ s->method = ctx->method;
+
+ s->key_update = SSL_KEY_UPDATE_NONE;
+
+ s->allow_early_data_cb = ctx->allow_early_data_cb;
+ s->allow_early_data_cb_data = ctx->allow_early_data_cb_data;
+
+ if (!s->method->ssl_new(s))
+ goto err;
+
+ s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1;
+
+ if (!SSL_clear(s))
+ goto err;
+
+ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data))
+ goto err;
+
+#ifndef OPENSSL_NO_PSK
+ s->psk_client_callback = ctx->psk_client_callback;
+ s->psk_server_callback = ctx->psk_server_callback;
+#endif
+ s->psk_find_session_cb = ctx->psk_find_session_cb;
+ s->psk_use_session_cb = ctx->psk_use_session_cb;
+
+ s->job = NULL;
+
+#ifndef OPENSSL_NO_CT
+ if (!SSL_set_ct_validation_callback(s, ctx->ct_validation_callback,
+ ctx->ct_validation_callback_arg))
+ goto err;
+#endif
+
+ return s;
+ err:
+ SSL_free(s);
+ SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
+ return NULL;
+}
+
+int SSL_is_dtls(const SSL *s)
+{
+ return SSL_IS_DTLS(s) ? 1 : 0;
+}
+
+int SSL_up_ref(SSL *s)
+{
+ int i;
+
+ if (CRYPTO_UP_REF(&s->references, &i, s->lock) <= 0)
+ return 0;
+
+ REF_PRINT_COUNT("SSL", s);
+ REF_ASSERT_ISNT(i < 2);
+ return ((i > 1) ? 1 : 0);
+}
+
+int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
+ unsigned int sid_ctx_len)
+{
+ if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
+ SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,
+ SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
+ return 0;
+ }
+ ctx->sid_ctx_length = sid_ctx_len;
+ memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len);
+
+ return 1;
+}
+
+int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
+ unsigned int sid_ctx_len)
+{
+ if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
+ SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,
+ SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
+ return 0;
+ }
+ ssl->sid_ctx_length = sid_ctx_len;
+ memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len);
+
+ return 1;
+}
+
+int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
+{
+ CRYPTO_THREAD_write_lock(ctx->lock);
+ ctx->generate_session_id = cb;
+ CRYPTO_THREAD_unlock(ctx->lock);
+ return 1;
+}
+
+int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
+{
+ CRYPTO_THREAD_write_lock(ssl->lock);
+ ssl->generate_session_id = cb;
+ CRYPTO_THREAD_unlock(ssl->lock);
+ return 1;
+}
+
+int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
+ unsigned int id_len)
+{
+ /*
+ * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how
+ * we can "construct" a session to give us the desired check - i.e. to
+ * find if there's a session in the hash table that would conflict with
+ * any new session built out of this id/id_len and the ssl_version in use
+ * by this SSL.
+ */
+ SSL_SESSION r, *p;
+
+ if (id_len > sizeof(r.session_id))
+ return 0;
+
+ r.ssl_version = ssl->version;
+ r.session_id_length = id_len;
+ memcpy(r.session_id, id, id_len);
+
+ CRYPTO_THREAD_read_lock(ssl->session_ctx->lock);
+ p = lh_SSL_SESSION_retrieve(ssl->session_ctx->sessions, &r);
+ CRYPTO_THREAD_unlock(ssl->session_ctx->lock);
+ return (p != NULL);
+}
+
+int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
+{
+ return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
+}
+
+int SSL_set_purpose(SSL *s, int purpose)
+{
+ return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
+}
+
+int SSL_CTX_set_trust(SSL_CTX *s, int trust)
+{
+ return X509_VERIFY_PARAM_set_trust(s->param, trust);
+}
+
+int SSL_set_trust(SSL *s, int trust)
+{
+ return X509_VERIFY_PARAM_set_trust(s->param, trust);
+}
+
+int SSL_set1_host(SSL *s, const char *hostname)
+{
+ return X509_VERIFY_PARAM_set1_host(s->param, hostname, 0);
+}
+
+int SSL_add1_host(SSL *s, const char *hostname)
+{
+ return X509_VERIFY_PARAM_add1_host(s->param, hostname, 0);
+}
+
+void SSL_set_hostflags(SSL *s, unsigned int flags)
+{
+ X509_VERIFY_PARAM_set_hostflags(s->param, flags);
+}
+
+const char *SSL_get0_peername(SSL *s)
+{
+ return X509_VERIFY_PARAM_get0_peername(s->param);
+}
+
+int SSL_CTX_dane_enable(SSL_CTX *ctx)
+{
+ return dane_ctx_enable(&ctx->dane);
+}
+
+unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags)
+{
+ unsigned long orig = ctx->dane.flags;
+
+ ctx->dane.flags |= flags;
+ return orig;
+}
+
+unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags)
+{
+ unsigned long orig = ctx->dane.flags;
+
+ ctx->dane.flags &= ~flags;
+ return orig;
+}
+
+int SSL_dane_enable(SSL *s, const char *basedomain)
+{
+ SSL_DANE *dane = &s->dane;
+
+ if (s->ctx->dane.mdmax == 0) {
+ SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_CONTEXT_NOT_DANE_ENABLED);
+ return 0;
+ }
+ if (dane->trecs != NULL) {
+ SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_DANE_ALREADY_ENABLED);
+ return 0;
+ }
+
+ /*
+ * Default SNI name. This rejects empty names, while set1_host below
+ * accepts them and disables host name checks. To avoid side-effects with
+ * invalid input, set the SNI name first.
+ */
+ if (s->ext.hostname == NULL) {
+ if (!SSL_set_tlsext_host_name(s, basedomain)) {
+ SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN);
+ return -1;
+ }
+ }
+
+ /* Primary RFC6125 reference identifier */
+ if (!X509_VERIFY_PARAM_set1_host(s->param, basedomain, 0)) {
+ SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN);
+ return -1;
+ }
+
+ dane->mdpth = -1;
+ dane->pdpth = -1;
+ dane->dctx = &s->ctx->dane;
+ dane->trecs = sk_danetls_record_new_null();
+
+ if (dane->trecs == NULL) {
+ SSLerr(SSL_F_SSL_DANE_ENABLE, ERR_R_MALLOC_FAILURE);
+ return -1;
+ }
+ return 1;
+}
+
+unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags)
+{
+ unsigned long orig = ssl->dane.flags;
+
+ ssl->dane.flags |= flags;
+ return orig;
+}
+
+unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags)
+{
+ unsigned long orig = ssl->dane.flags;
+
+ ssl->dane.flags &= ~flags;
+ return orig;
+}
+
+int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki)
+{
+ SSL_DANE *dane = &s->dane;
+
+ if (!DANETLS_ENABLED(dane) || s->verify_result != X509_V_OK)
+ return -1;
+ if (dane->mtlsa) {
+ if (mcert)
+ *mcert = dane->mcert;
+ if (mspki)
+ *mspki = (dane->mcert == NULL) ? dane->mtlsa->spki : NULL;
+ }
+ return dane->mdpth;
+}
+
+int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector,
+ uint8_t *mtype, unsigned const char **data, size_t *dlen)
+{
+ SSL_DANE *dane = &s->dane;
+
+ if (!DANETLS_ENABLED(dane) || s->verify_result != X509_V_OK)
+ return -1;
+ if (dane->mtlsa) {
+ if (usage)
+ *usage = dane->mtlsa->usage;
+ if (selector)
+ *selector = dane->mtlsa->selector;
+ if (mtype)
+ *mtype = dane->mtlsa->mtype;
+ if (data)
+ *data = dane->mtlsa->data;
+ if (dlen)
+ *dlen = dane->mtlsa->dlen;
+ }
+ return dane->mdpth;
+}
+
+SSL_DANE *SSL_get0_dane(SSL *s)
+{
+ return &s->dane;
+}
+
+int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector,
+ uint8_t mtype, unsigned const char *data, size_t dlen)
+{
+ return dane_tlsa_add(&s->dane, usage, selector, mtype, data, dlen);
+}
+
+int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, uint8_t mtype,
+ uint8_t ord)
+{
+ return dane_mtype_set(&ctx->dane, md, mtype, ord);
+}
+
+int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
+{
+ return X509_VERIFY_PARAM_set1(ctx->param, vpm);
+}
+
+int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
+{
+ return X509_VERIFY_PARAM_set1(ssl->param, vpm);
+}
+
+X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx)
+{
+ return ctx->param;
+}
+
+X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl)
+{
+ return ssl->param;
+}
+
+void SSL_certs_clear(SSL *s)
+{
+ ssl_cert_clear_certs(s->cert);
+}
+
+void SSL_free(SSL *s)
+{
+ int i;
+
+ if (s == NULL)
+ return;
+ CRYPTO_DOWN_REF(&s->references, &i, s->lock);
+ REF_PRINT_COUNT("SSL", s);
+ if (i > 0)
+ return;
+ REF_ASSERT_ISNT(i < 0);
+
+ X509_VERIFY_PARAM_free(s->param);
+ dane_final(&s->dane);
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
+
+ /* Ignore return value */
+ ssl_free_wbio_buffer(s);
+
+ BIO_free_all(s->wbio);
+ BIO_free_all(s->rbio);
+
+ BUF_MEM_free(s->init_buf);
+
+ /* add extra stuff */
+ sk_SSL_CIPHER_free(s->cipher_list);
+ sk_SSL_CIPHER_free(s->cipher_list_by_id);
+ sk_SSL_CIPHER_free(s->tls13_ciphersuites);
+ sk_SSL_CIPHER_free(s->peer_ciphers);
+
+ /* Make the next call work :-) */
+ if (s->session != NULL) {
+ ssl_clear_bad_session(s);
+ SSL_SESSION_free(s->session);
+ }
+ SSL_SESSION_free(s->psksession);
+ OPENSSL_free(s->psksession_id);
+
+ clear_ciphers(s);
+
+ ssl_cert_free(s->cert);
+ OPENSSL_free(s->shared_sigalgs);
+ /* Free up if allocated */
+
+ OPENSSL_free(s->ext.hostname);
+ SSL_CTX_free(s->session_ctx);
+#ifndef OPENSSL_NO_EC
+ OPENSSL_free(s->ext.ecpointformats);
+ OPENSSL_free(s->ext.peer_ecpointformats);
+ OPENSSL_free(s->ext.supportedgroups);
+ OPENSSL_free(s->ext.peer_supportedgroups);
+#endif /* OPENSSL_NO_EC */
+ sk_X509_EXTENSION_pop_free(s->ext.ocsp.exts, X509_EXTENSION_free);
+#ifndef OPENSSL_NO_OCSP
+ sk_OCSP_RESPID_pop_free(s->ext.ocsp.ids, OCSP_RESPID_free);
+#endif
+#ifndef OPENSSL_NO_CT
+ SCT_LIST_free(s->scts);
+ OPENSSL_free(s->ext.scts);
+#endif
+ OPENSSL_free(s->ext.ocsp.resp);
+ OPENSSL_free(s->ext.alpn);
+ OPENSSL_free(s->ext.tls13_cookie);
+ if (s->clienthello != NULL)
+ OPENSSL_free(s->clienthello->pre_proc_exts);
+ OPENSSL_free(s->clienthello);
+ OPENSSL_free(s->pha_context);
+ EVP_MD_CTX_free(s->pha_dgst);
+
+ sk_X509_NAME_pop_free(s->ca_names, X509_NAME_free);
+ sk_X509_NAME_pop_free(s->client_ca_names, X509_NAME_free);
+
+ sk_X509_pop_free(s->verified_chain, X509_free);
+
+ if (s->method != NULL)
+ s->method->ssl_free(s);
+
+ RECORD_LAYER_release(&s->rlayer);
+
+ SSL_CTX_free(s->ctx);
+
+ ASYNC_WAIT_CTX_free(s->waitctx);
+
+#if !defined(OPENSSL_NO_NEXTPROTONEG)
+ OPENSSL_free(s->ext.npn);
+#endif
+
+#ifndef OPENSSL_NO_SRTP
+ sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
+#endif
+
+ CRYPTO_THREAD_lock_free(s->lock);
+
+ OPENSSL_free(s);
+}
+
+void SSL_set0_rbio(SSL *s, BIO *rbio)
+{
+ BIO_free_all(s->rbio);
+ s->rbio = rbio;
+}
+
+void SSL_set0_wbio(SSL *s, BIO *wbio)
+{
+ /*
+ * If the output buffering BIO is still in place, remove it
+ */
+ if (s->bbio != NULL)
+ s->wbio = BIO_pop(s->wbio);
+
+ BIO_free_all(s->wbio);
+ s->wbio = wbio;
+
+ /* Re-attach |bbio| to the new |wbio|. */
+ if (s->bbio != NULL)
+ s->wbio = BIO_push(s->bbio, s->wbio);
+}
+
+void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio)
+{
+ /*
+ * For historical reasons, this function has many different cases in
+ * ownership handling.
+ */
+
+ /* If nothing has changed, do nothing */
+ if (rbio == SSL_get_rbio(s) && wbio == SSL_get_wbio(s))
+ return;
+
+ /*
+ * If the two arguments are equal then one fewer reference is granted by the
+ * caller than we want to take
+ */
+ if (rbio != NULL && rbio == wbio)
+ BIO_up_ref(rbio);
+
+ /*
+ * If only the wbio is changed only adopt one reference.
+ */
+ if (rbio == SSL_get_rbio(s)) {
+ SSL_set0_wbio(s, wbio);
+ return;
+ }
+ /*
+ * There is an asymmetry here for historical reasons. If only the rbio is
+ * changed AND the rbio and wbio were originally different, then we only
+ * adopt one reference.
+ */
+ if (wbio == SSL_get_wbio(s) && SSL_get_rbio(s) != SSL_get_wbio(s)) {
+ SSL_set0_rbio(s, rbio);
+ return;
+ }
+
+ /* Otherwise, adopt both references. */
+ SSL_set0_rbio(s, rbio);
+ SSL_set0_wbio(s, wbio);
+}
+
+BIO *SSL_get_rbio(const SSL *s)
+{
+ return s->rbio;
+}
+
+BIO *SSL_get_wbio(const SSL *s)
+{
+ if (s->bbio != NULL) {
+ /*
+ * If |bbio| is active, the true caller-configured BIO is its
+ * |next_bio|.
+ */
+ return BIO_next(s->bbio);
+ }
+ return s->wbio;
+}
+
+int SSL_get_fd(const SSL *s)
+{
+ return SSL_get_rfd(s);
+}
+
+int SSL_get_rfd(const SSL *s)
+{
+ int ret = -1;
+ BIO *b, *r;
+
+ b = SSL_get_rbio(s);
+ r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
+ if (r != NULL)
+ BIO_get_fd(r, &ret);
+ return ret;
+}
+
+int SSL_get_wfd(const SSL *s)
+{
+ int ret = -1;
+ BIO *b, *r;
+
+ b = SSL_get_wbio(s);
+ r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
+ if (r != NULL)
+ BIO_get_fd(r, &ret);
+ return ret;
+}
+
+#ifndef OPENSSL_NO_SOCK
+int SSL_set_fd(SSL *s, int fd)
+{
+ int ret = 0;
+ BIO *bio = NULL;
+
+ bio = BIO_new(BIO_s_socket());
+
+ if (bio == NULL) {
+ SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
+ goto err;
+ }
+ BIO_set_fd(bio, fd, BIO_NOCLOSE);
+ SSL_set_bio(s, bio, bio);
+ ret = 1;
+ err:
+ return ret;
+}
+
+int SSL_set_wfd(SSL *s, int fd)
+{
+ BIO *rbio = SSL_get_rbio(s);
+
+ if (rbio == NULL || BIO_method_type(rbio) != BIO_TYPE_SOCKET
+ || (int)BIO_get_fd(rbio, NULL) != fd) {
+ BIO *bio = BIO_new(BIO_s_socket());
+
+ if (bio == NULL) {
+ SSLerr(SSL_F_SSL_SET_WFD, ERR_R_BUF_LIB);
+ return 0;
+ }
+ BIO_set_fd(bio, fd, BIO_NOCLOSE);
+ SSL_set0_wbio(s, bio);
+ } else {
+ BIO_up_ref(rbio);
+ SSL_set0_wbio(s, rbio);
+ }
+ return 1;
+}
+
+int SSL_set_rfd(SSL *s, int fd)
+{
+ BIO *wbio = SSL_get_wbio(s);
+
+ if (wbio == NULL || BIO_method_type(wbio) != BIO_TYPE_SOCKET
+ || ((int)BIO_get_fd(wbio, NULL) != fd)) {
+ BIO *bio = BIO_new(BIO_s_socket());
+
+ if (bio == NULL) {
+ SSLerr(SSL_F_SSL_SET_RFD, ERR_R_BUF_LIB);
+ return 0;
+ }
+ BIO_set_fd(bio, fd, BIO_NOCLOSE);
+ SSL_set0_rbio(s, bio);
+ } else {
+ BIO_up_ref(wbio);
+ SSL_set0_rbio(s, wbio);
+ }
+
+ return 1;
+}
+#endif
+
+/* return length of latest Finished message we sent, copy to 'buf' */
+size_t SSL_get_finished(const SSL *s, void *buf, size_t count)
+{
+ size_t ret = 0;
+
+ if (s->s3 != NULL) {
+ ret = s->s3->tmp.finish_md_len;
+ if (count > ret)
+ count = ret;
+ memcpy(buf, s->s3->tmp.finish_md, count);
+ }
+ return ret;
+}
+
+/* return length of latest Finished message we expected, copy to 'buf' */
+size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
+{
+ size_t ret = 0;
+
+ if (s->s3 != NULL) {
+ ret = s->s3->tmp.peer_finish_md_len;
+ if (count > ret)
+ count = ret;
+ memcpy(buf, s->s3->tmp.peer_finish_md, count);
+ }
+ return ret;
+}
+
+int SSL_get_verify_mode(const SSL *s)
+{
+ return s->verify_mode;
+}
+
+int SSL_get_verify_depth(const SSL *s)
+{
+ return X509_VERIFY_PARAM_get_depth(s->param);
+}
+
+int (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *) {
+ return s->verify_callback;
+}
+
+int SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
+{
+ return ctx->verify_mode;
+}
+
+int SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
+{
+ return X509_VERIFY_PARAM_get_depth(ctx->param);
+}
+
+int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int, X509_STORE_CTX *) {
+ return ctx->default_verify_callback;
+}
+
+void SSL_set_verify(SSL *s, int mode,
+ int (*callback) (int ok, X509_STORE_CTX *ctx))
+{
+ s->verify_mode = mode;
+ if (callback != NULL)
+ s->verify_callback = callback;
+}
+
+void SSL_set_verify_depth(SSL *s, int depth)
+{
+ X509_VERIFY_PARAM_set_depth(s->param, depth);
+}
+
+void SSL_set_read_ahead(SSL *s, int yes)
+{
+ RECORD_LAYER_set_read_ahead(&s->rlayer, yes);
+}
+
+int SSL_get_read_ahead(const SSL *s)
+{
+ return RECORD_LAYER_get_read_ahead(&s->rlayer);
+}
+
+int SSL_pending(const SSL *s)
+{
+ size_t pending = s->method->ssl_pending(s);
+
+ /*
+ * SSL_pending cannot work properly if read-ahead is enabled
+ * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), and it is
+ * impossible to fix since SSL_pending cannot report errors that may be
+ * observed while scanning the new data. (Note that SSL_pending() is
+ * often used as a boolean value, so we'd better not return -1.)
+ *
+ * SSL_pending also cannot work properly if the value >INT_MAX. In that case
+ * we just return INT_MAX.
+ */
+ return pending < INT_MAX ? (int)pending : INT_MAX;
+}
+
+int SSL_has_pending(const SSL *s)
+{
+ /*
+ * Similar to SSL_pending() but returns a 1 to indicate that we have
+ * processed or unprocessed data available or 0 otherwise (as opposed to the
+ * number of bytes available). Unlike SSL_pending() this will take into
+ * account read_ahead data. A 1 return simply indicates that we have data.
+ * That data may not result in any application data, or we may fail to parse
+ * the records for some reason.
+ */
+
+ /* Check buffered app data if any first */
+ if (SSL_IS_DTLS(s)) {
+ DTLS1_RECORD_DATA *rdata;
+ pitem *item, *iter;
+
+ iter = pqueue_iterator(s->rlayer.d->buffered_app_data.q);
+ while ((item = pqueue_next(&iter)) != NULL) {
+ rdata = item->data;
+ if (rdata->rrec.length > 0)
+ return 1;
+ }
+ }
+
+ if (RECORD_LAYER_processed_read_pending(&s->rlayer))
+ return 1;
+
+ return RECORD_LAYER_read_pending(&s->rlayer);
+}
+
+X509 *SSL_get_peer_certificate(const SSL *s)
+{
+ X509 *r;
+
+ if ((s == NULL) || (s->session == NULL))
+ r = NULL;
+ else
+ r = s->session->peer;
+
+ if (r == NULL)
+ return r;
+
+ X509_up_ref(r);
+
+ return r;
+}
+
+STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s)
+{
+ STACK_OF(X509) *r;
+
+ if ((s == NULL) || (s->session == NULL))
+ r = NULL;
+ else
+ r = s->session->peer_chain;
+
+ /*
+ * If we are a client, cert_chain includes the peer's own certificate; if
+ * we are a server, it does not.
+ */
+
+ return r;
+}
+
+/*
+ * Now in theory, since the calling process own 't' it should be safe to
+ * modify. We need to be able to read f without being hassled
+ */
+int SSL_copy_session_id(SSL *t, const SSL *f)
+{
+ int i;
+ /* Do we need to to SSL locking? */
+ if (!SSL_set_session(t, SSL_get_session(f))) {
+ return 0;
+ }
+
+ /*
+ * what if we are setup for one protocol version but want to talk another
+ */
+ if (t->method != f->method) {
+ t->method->ssl_free(t);
+ t->method = f->method;
+ if (t->method->ssl_new(t) == 0)
+ return 0;
+ }
+
+ CRYPTO_UP_REF(&f->cert->references, &i, f->cert->lock);
+ ssl_cert_free(t->cert);
+ t->cert = f->cert;
+ if (!SSL_set_session_id_context(t, f->sid_ctx, (int)f->sid_ctx_length)) {
+ return 0;
+ }
+
+ return 1;
+}
+
+/* Fix this so it checks all the valid key/cert options */
+int SSL_CTX_check_private_key(const SSL_CTX *ctx)
+{
+ if ((ctx == NULL) || (ctx->cert->key->x509 == NULL)) {
+ SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED);
+ return 0;
+ }
+ if (ctx->cert->key->privatekey == NULL) {
+ SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
+ return 0;
+ }
+ return X509_check_private_key
+ (ctx->cert->key->x509, ctx->cert->key->privatekey);
+}
+
+/* Fix this function so that it takes an optional type parameter */
+int SSL_check_private_key(const SSL *ssl)
+{
+ if (ssl == NULL) {
+ SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ if (ssl->cert->key->x509 == NULL) {
+ SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED);
+ return 0;
+ }
+ if (ssl->cert->key->privatekey == NULL) {
+ SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
+ return 0;
+ }
+ return X509_check_private_key(ssl->cert->key->x509,
+ ssl->cert->key->privatekey);
+}
+
+int SSL_waiting_for_async(SSL *s)
+{
+ if (s->job)
+ return 1;
+
+ return 0;
+}
+
+int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds)
+{
+ ASYNC_WAIT_CTX *ctx = s->waitctx;
+
+ if (ctx == NULL)
+ return 0;
+ return ASYNC_WAIT_CTX_get_all_fds(ctx, fds, numfds);
+}
+
+int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, size_t *numaddfds,
+ OSSL_ASYNC_FD *delfd, size_t *numdelfds)
+{
+ ASYNC_WAIT_CTX *ctx = s->waitctx;
+
+ if (ctx == NULL)
+ return 0;
+ return ASYNC_WAIT_CTX_get_changed_fds(ctx, addfd, numaddfds, delfd,
+ numdelfds);
+}
+
+int SSL_accept(SSL *s)
+{
+ if (s->handshake_func == NULL) {
+ /* Not properly initialized yet */
+ SSL_set_accept_state(s);
+ }
+
+ return SSL_do_handshake(s);
+}
+
+int SSL_connect(SSL *s)
+{
+ if (s->handshake_func == NULL) {
+ /* Not properly initialized yet */
+ SSL_set_connect_state(s);
+ }
+
+ return SSL_do_handshake(s);
+}
+
+long SSL_get_default_timeout(const SSL *s)
+{
+ return s->method->get_timeout();
+}
+
+static int ssl_start_async_job(SSL *s, struct ssl_async_args *args,
+ int (*func) (void *))
+{
+ int ret;
+ if (s->waitctx == NULL) {
+ s->waitctx = ASYNC_WAIT_CTX_new();
+ if (s->waitctx == NULL)
+ return -1;
+ }
+
+ s->rwstate = SSL_NOTHING;
+ switch (ASYNC_start_job(&s->job, s->waitctx, &ret, func, args,
+ sizeof(struct ssl_async_args))) {
+ case ASYNC_ERR:
+ s->rwstate = SSL_NOTHING;
+ SSLerr(SSL_F_SSL_START_ASYNC_JOB, SSL_R_FAILED_TO_INIT_ASYNC);
+ return -1;
+ case ASYNC_PAUSE:
+ s->rwstate = SSL_ASYNC_PAUSED;
+ return -1;
+ case ASYNC_NO_JOBS:
+ s->rwstate = SSL_ASYNC_NO_JOBS;
+ return -1;
+ case ASYNC_FINISH:
+ s->job = NULL;
+ return ret;
+ default:
+ s->rwstate = SSL_NOTHING;
+ SSLerr(SSL_F_SSL_START_ASYNC_JOB, ERR_R_INTERNAL_ERROR);
+ /* Shouldn't happen */
+ return -1;
+ }
+}
+
+static int ssl_io_intern(void *vargs)
+{
+ struct ssl_async_args *args;
+ SSL *s;
+ void *buf;
+ size_t num;
+
+ args = (struct ssl_async_args *)vargs;
+ s = args->s;
+ buf = args->buf;
+ num = args->num;
+ switch (args->type) {
+ case READFUNC:
+ return args->f.func_read(s, buf, num, &s->asyncrw);
+ case WRITEFUNC:
+ return args->f.func_write(s, buf, num, &s->asyncrw);
+ case OTHERFUNC:
+ return args->f.func_other(s);
+ }
+ return -1;
+}
+
+int ssl_read_internal(SSL *s, void *buf, size_t num, size_t *readbytes)
+{
+ if (s->handshake_func == NULL) {
+ SSLerr(SSL_F_SSL_READ_INTERNAL, SSL_R_UNINITIALIZED);
+ return -1;
+ }
+
+ if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
+ s->rwstate = SSL_NOTHING;
+ return 0;
+ }
+
+ if (s->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY
+ || s->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY) {
+ SSLerr(SSL_F_SSL_READ_INTERNAL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return 0;
+ }
+ /*
+ * If we are a client and haven't received the ServerHello etc then we
+ * better do that
+ */
+ ossl_statem_check_finish_init(s, 0);
+
+ if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
+ struct ssl_async_args args;
+ int ret;
+
+ args.s = s;
+ args.buf = buf;
+ args.num = num;
+ args.type = READFUNC;
+ args.f.func_read = s->method->ssl_read;
+
+ ret = ssl_start_async_job(s, &args, ssl_io_intern);
+ *readbytes = s->asyncrw;
+ return ret;
+ } else {
+ return s->method->ssl_read(s, buf, num, readbytes);
+ }
+}
+
+int SSL_read(SSL *s, void *buf, int num)
+{
+ int ret;
+ size_t readbytes;
+
+ if (num < 0) {
+ SSLerr(SSL_F_SSL_READ, SSL_R_BAD_LENGTH);
+ return -1;
+ }
+
+ ret = ssl_read_internal(s, buf, (size_t)num, &readbytes);
+
+ /*
+ * The cast is safe here because ret should be <= INT_MAX because num is
+ * <= INT_MAX
+ */
+ if (ret > 0)
+ ret = (int)readbytes;
+
+ return ret;
+}
+
+int SSL_read_ex(SSL *s, void *buf, size_t num, size_t *readbytes)
+{
+ int ret = ssl_read_internal(s, buf, num, readbytes);
+
+ if (ret < 0)
+ ret = 0;
+ return ret;
+}
+
+int SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes)
+{
+ int ret;
+
+ if (!s->server) {
+ SSLerr(SSL_F_SSL_READ_EARLY_DATA, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return SSL_READ_EARLY_DATA_ERROR;
+ }
+
+ switch (s->early_data_state) {
+ case SSL_EARLY_DATA_NONE:
+ if (!SSL_in_before(s)) {
+ SSLerr(SSL_F_SSL_READ_EARLY_DATA,
+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return SSL_READ_EARLY_DATA_ERROR;
+ }
+ /* fall through */
+
+ case SSL_EARLY_DATA_ACCEPT_RETRY:
+ s->early_data_state = SSL_EARLY_DATA_ACCEPTING;
+ ret = SSL_accept(s);
+ if (ret <= 0) {
+ /* NBIO or error */
+ s->early_data_state = SSL_EARLY_DATA_ACCEPT_RETRY;
+ return SSL_READ_EARLY_DATA_ERROR;
+ }
+ /* fall through */
+
+ case SSL_EARLY_DATA_READ_RETRY:
+ if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
+ s->early_data_state = SSL_EARLY_DATA_READING;
+ ret = SSL_read_ex(s, buf, num, readbytes);
+ /*
+ * State machine will update early_data_state to
+ * SSL_EARLY_DATA_FINISHED_READING if we get an EndOfEarlyData
+ * message
+ */
+ if (ret > 0 || (ret <= 0 && s->early_data_state
+ != SSL_EARLY_DATA_FINISHED_READING)) {
+ s->early_data_state = SSL_EARLY_DATA_READ_RETRY;
+ return ret > 0 ? SSL_READ_EARLY_DATA_SUCCESS
+ : SSL_READ_EARLY_DATA_ERROR;
+ }
+ } else {
+ s->early_data_state = SSL_EARLY_DATA_FINISHED_READING;
+ }
+ *readbytes = 0;
+ return SSL_READ_EARLY_DATA_FINISH;
+
+ default:
+ SSLerr(SSL_F_SSL_READ_EARLY_DATA, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return SSL_READ_EARLY_DATA_ERROR;
+ }
+}
+
+int SSL_get_early_data_status(const SSL *s)
+{
+ return s->ext.early_data;
+}
+
+static int ssl_peek_internal(SSL *s, void *buf, size_t num, size_t *readbytes)
+{
+ if (s->handshake_func == NULL) {
+ SSLerr(SSL_F_SSL_PEEK_INTERNAL, SSL_R_UNINITIALIZED);
+ return -1;
+ }
+
+ if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
+ return 0;
+ }
+ if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
+ struct ssl_async_args args;
+ int ret;
+
+ args.s = s;
+ args.buf = buf;
+ args.num = num;
+ args.type = READFUNC;
+ args.f.func_read = s->method->ssl_peek;
+
+ ret = ssl_start_async_job(s, &args, ssl_io_intern);
+ *readbytes = s->asyncrw;
+ return ret;
+ } else {
+ return s->method->ssl_peek(s, buf, num, readbytes);
+ }
+}
+
+int SSL_peek(SSL *s, void *buf, int num)
+{
+ int ret;
+ size_t readbytes;
+
+ if (num < 0) {
+ SSLerr(SSL_F_SSL_PEEK, SSL_R_BAD_LENGTH);
+ return -1;
+ }
+
+ ret = ssl_peek_internal(s, buf, (size_t)num, &readbytes);
+
+ /*
+ * The cast is safe here because ret should be <= INT_MAX because num is
+ * <= INT_MAX
+ */
+ if (ret > 0)
+ ret = (int)readbytes;
+
+ return ret;
+}
+
+
+int SSL_peek_ex(SSL *s, void *buf, size_t num, size_t *readbytes)
+{
+ int ret = ssl_peek_internal(s, buf, num, readbytes);
+
+ if (ret < 0)
+ ret = 0;
+ return ret;
+}
+
+int ssl_write_internal(SSL *s, const void *buf, size_t num, size_t *written)
+{
+ if (s->handshake_func == NULL) {
+ SSLerr(SSL_F_SSL_WRITE_INTERNAL, SSL_R_UNINITIALIZED);
+ return -1;
+ }
+
+ if (s->shutdown & SSL_SENT_SHUTDOWN) {
+ s->rwstate = SSL_NOTHING;
+ SSLerr(SSL_F_SSL_WRITE_INTERNAL, SSL_R_PROTOCOL_IS_SHUTDOWN);
+ return -1;
+ }
+
+ if (s->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY
+ || s->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY
+ || s->early_data_state == SSL_EARLY_DATA_READ_RETRY) {
+ SSLerr(SSL_F_SSL_WRITE_INTERNAL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return 0;
+ }
+ /* If we are a client and haven't sent the Finished we better do that */
+ ossl_statem_check_finish_init(s, 1);
+
+ if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
+ int ret;
+ struct ssl_async_args args;
+
+ args.s = s;
+ args.buf = (void *)buf;
+ args.num = num;
+ args.type = WRITEFUNC;
+ args.f.func_write = s->method->ssl_write;
+
+ ret = ssl_start_async_job(s, &args, ssl_io_intern);
+ *written = s->asyncrw;
+ return ret;
+ } else {
+ return s->method->ssl_write(s, buf, num, written);
+ }
+}
+
+int SSL_write(SSL *s, const void *buf, int num)
+{
+ int ret;
+ size_t written;
+
+ if (num < 0) {
+ SSLerr(SSL_F_SSL_WRITE, SSL_R_BAD_LENGTH);
+ return -1;
+ }
+
+ ret = ssl_write_internal(s, buf, (size_t)num, &written);
+
+ /*
+ * The cast is safe here because ret should be <= INT_MAX because num is
+ * <= INT_MAX
+ */
+ if (ret > 0)
+ ret = (int)written;
+
+ return ret;
+}
+
+int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written)
+{
+ int ret = ssl_write_internal(s, buf, num, written);
+
+ if (ret < 0)
+ ret = 0;
+ return ret;
+}
+
+int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written)
+{
+ int ret, early_data_state;
+ size_t writtmp;
+ uint32_t partialwrite;
+
+ switch (s->early_data_state) {
+ case SSL_EARLY_DATA_NONE:
+ if (s->server
+ || !SSL_in_before(s)
+ || ((s->session == NULL || s->session->ext.max_early_data == 0)
+ && (s->psk_use_session_cb == NULL))) {
+ SSLerr(SSL_F_SSL_WRITE_EARLY_DATA,
+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return 0;
+ }
+ /* fall through */
+
+ case SSL_EARLY_DATA_CONNECT_RETRY:
+ s->early_data_state = SSL_EARLY_DATA_CONNECTING;
+ ret = SSL_connect(s);
+ if (ret <= 0) {
+ /* NBIO or error */
+ s->early_data_state = SSL_EARLY_DATA_CONNECT_RETRY;
+ return 0;
+ }
+ /* fall through */
+
+ case SSL_EARLY_DATA_WRITE_RETRY:
+ s->early_data_state = SSL_EARLY_DATA_WRITING;
+ /*
+ * We disable partial write for early data because we don't keep track
+ * of how many bytes we've written between the SSL_write_ex() call and
+ * the flush if the flush needs to be retried)
+ */
+ partialwrite = s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE;
+ s->mode &= ~SSL_MODE_ENABLE_PARTIAL_WRITE;
+ ret = SSL_write_ex(s, buf, num, &writtmp);
+ s->mode |= partialwrite;
+ if (!ret) {
+ s->early_data_state = SSL_EARLY_DATA_WRITE_RETRY;
+ return ret;
+ }
+ s->early_data_state = SSL_EARLY_DATA_WRITE_FLUSH;
+ /* fall through */
+
+ case SSL_EARLY_DATA_WRITE_FLUSH:
+ /* The buffering BIO is still in place so we need to flush it */
+ if (statem_flush(s) != 1)
+ return 0;
+ *written = num;
+ s->early_data_state = SSL_EARLY_DATA_WRITE_RETRY;
+ return 1;
+
+ case SSL_EARLY_DATA_FINISHED_READING:
+ case SSL_EARLY_DATA_READ_RETRY:
+ early_data_state = s->early_data_state;
+ /* We are a server writing to an unauthenticated client */
+ s->early_data_state = SSL_EARLY_DATA_UNAUTH_WRITING;
+ ret = SSL_write_ex(s, buf, num, written);
+ /* The buffering BIO is still in place */
+ if (ret)
+ (void)BIO_flush(s->wbio);
+ s->early_data_state = early_data_state;
+ return ret;
+
+ default:
+ SSLerr(SSL_F_SSL_WRITE_EARLY_DATA, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return 0;
+ }
+}
+
+int SSL_shutdown(SSL *s)
+{
+ /*
+ * Note that this function behaves differently from what one might
+ * expect. Return values are 0 for no success (yet), 1 for success; but
+ * calling it once is usually not enough, even if blocking I/O is used
+ * (see ssl3_shutdown).
+ */
+
+ if (s->handshake_func == NULL) {
+ SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED);
+ return -1;
+ }
+
+ if (!SSL_in_init(s)) {
+ if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
+ struct ssl_async_args args;
+
+ memset(&args, 0, sizeof(args));
+ args.s = s;
+ args.type = OTHERFUNC;
+ args.f.func_other = s->method->ssl_shutdown;
+
+ return ssl_start_async_job(s, &args, ssl_io_intern);
+ } else {
+ return s->method->ssl_shutdown(s);
+ }
+ } else {
+ SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_SHUTDOWN_WHILE_IN_INIT);
+ return -1;
+ }
+}
+
+int SSL_key_update(SSL *s, int updatetype)
+{
+ /*
+ * TODO(TLS1.3): How will applications know whether TLSv1.3 has been
+ * negotiated, and that it is appropriate to call SSL_key_update() instead
+ * of SSL_renegotiate().
+ */
+ if (!SSL_IS_TLS13(s)) {
+ SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_WRONG_SSL_VERSION);
+ return 0;
+ }
+
+ if (updatetype != SSL_KEY_UPDATE_NOT_REQUESTED
+ && updatetype != SSL_KEY_UPDATE_REQUESTED) {
+ SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_INVALID_KEY_UPDATE_TYPE);
+ return 0;
+ }
+
+ if (!SSL_is_init_finished(s)) {
+ SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_STILL_IN_INIT);
+ return 0;
+ }
+
+ if (RECORD_LAYER_write_pending(&s->rlayer)) {
+ SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_BAD_WRITE_RETRY);
+ return 0;
+ }
+
+ ossl_statem_set_in_init(s, 1);
+ s->key_update = updatetype;
+ return 1;
+}
+
+int SSL_get_key_update_type(const SSL *s)
+{
+ return s->key_update;
+}
+
+int SSL_renegotiate(SSL *s)
+{
+ if (SSL_IS_TLS13(s)) {
+ SSLerr(SSL_F_SSL_RENEGOTIATE, SSL_R_WRONG_SSL_VERSION);
+ return 0;
+ }
+
+ if ((s->options & SSL_OP_NO_RENEGOTIATION)) {
+ SSLerr(SSL_F_SSL_RENEGOTIATE, SSL_R_NO_RENEGOTIATION);
+ return 0;
+ }
+
+ s->renegotiate = 1;
+ s->new_session = 1;
+
+ return s->method->ssl_renegotiate(s);
+}
+
+int SSL_renegotiate_abbreviated(SSL *s)
+{
+ if (SSL_IS_TLS13(s)) {
+ SSLerr(SSL_F_SSL_RENEGOTIATE_ABBREVIATED, SSL_R_WRONG_SSL_VERSION);
+ return 0;
+ }
+
+ if ((s->options & SSL_OP_NO_RENEGOTIATION)) {
+ SSLerr(SSL_F_SSL_RENEGOTIATE_ABBREVIATED, SSL_R_NO_RENEGOTIATION);
+ return 0;
+ }
+
+ s->renegotiate = 1;
+ s->new_session = 0;
+
+ return s->method->ssl_renegotiate(s);
+}
+
+int SSL_renegotiate_pending(const SSL *s)
+{
+ /*
+ * becomes true when negotiation is requested; false again once a
+ * handshake has finished
+ */
+ return (s->renegotiate != 0);
+}
+
+long SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
+{
+ long l;
+
+ switch (cmd) {
+ case SSL_CTRL_GET_READ_AHEAD:
+ return RECORD_LAYER_get_read_ahead(&s->rlayer);
+ case SSL_CTRL_SET_READ_AHEAD:
+ l = RECORD_LAYER_get_read_ahead(&s->rlayer);
+ RECORD_LAYER_set_read_ahead(&s->rlayer, larg);
+ return l;
+
+ case SSL_CTRL_SET_MSG_CALLBACK_ARG:
+ s->msg_callback_arg = parg;
+ return 1;
+
+ case SSL_CTRL_MODE:
+ return (s->mode |= larg);
+ case SSL_CTRL_CLEAR_MODE:
+ return (s->mode &= ~larg);
+ case SSL_CTRL_GET_MAX_CERT_LIST:
+ return (long)s->max_cert_list;
+ case SSL_CTRL_SET_MAX_CERT_LIST:
+ if (larg < 0)
+ return 0;
+ l = (long)s->max_cert_list;
+ s->max_cert_list = (size_t)larg;
+ return l;
+ case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
+ if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
+ return 0;
+ s->max_send_fragment = larg;
+ if (s->max_send_fragment < s->split_send_fragment)
+ s->split_send_fragment = s->max_send_fragment;
+ return 1;
+ case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
+ if ((size_t)larg > s->max_send_fragment || larg == 0)
+ return 0;
+ s->split_send_fragment = larg;
+ return 1;
+ case SSL_CTRL_SET_MAX_PIPELINES:
+ if (larg < 1 || larg > SSL_MAX_PIPELINES)
+ return 0;
+ s->max_pipelines = larg;
+ if (larg > 1)
+ RECORD_LAYER_set_read_ahead(&s->rlayer, 1);
+ return 1;
+ case SSL_CTRL_GET_RI_SUPPORT:
+ if (s->s3)
+ return s->s3->send_connection_binding;
+ else
+ return 0;
+ case SSL_CTRL_CERT_FLAGS:
+ return (s->cert->cert_flags |= larg);
+ case SSL_CTRL_CLEAR_CERT_FLAGS:
+ return (s->cert->cert_flags &= ~larg);
+
+ case SSL_CTRL_GET_RAW_CIPHERLIST:
+ if (parg) {
+ if (s->s3->tmp.ciphers_raw == NULL)
+ return 0;
+ *(unsigned char **)parg = s->s3->tmp.ciphers_raw;
+ return (int)s->s3->tmp.ciphers_rawlen;
+ } else {
+ return TLS_CIPHER_LEN;
+ }
+ case SSL_CTRL_GET_EXTMS_SUPPORT:
+ if (!s->session || SSL_in_init(s) || ossl_statem_get_in_handshake(s))
+ return -1;
+ if (s->session->flags & SSL_SESS_FLAG_EXTMS)
+ return 1;
+ else
+ return 0;
+ case SSL_CTRL_SET_MIN_PROTO_VERSION:
+ return ssl_check_allowed_versions(larg, s->max_proto_version)
+ && ssl_set_version_bound(s->ctx->method->version, (int)larg,
+ &s->min_proto_version);
+ case SSL_CTRL_GET_MIN_PROTO_VERSION:
+ return s->min_proto_version;
+ case SSL_CTRL_SET_MAX_PROTO_VERSION:
+ return ssl_check_allowed_versions(s->min_proto_version, larg)
+ && ssl_set_version_bound(s->ctx->method->version, (int)larg,
+ &s->max_proto_version);
+ case SSL_CTRL_GET_MAX_PROTO_VERSION:
+ return s->max_proto_version;
+ default:
+ return s->method->ssl_ctrl(s, cmd, larg, parg);
+ }
+}
+
+long SSL_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
+{
+ switch (cmd) {
+ case SSL_CTRL_SET_MSG_CALLBACK:
+ s->msg_callback = (void (*)
+ (int write_p, int version, int content_type,
+ const void *buf, size_t len, SSL *ssl,
+ void *arg))(fp);
+ return 1;
+
+ default:
+ return s->method->ssl_callback_ctrl(s, cmd, fp);
+ }
+}
+
+LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx)
+{
+ return ctx->sessions;
+}
+
+long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
+{
+ long l;
+ /* For some cases with ctx == NULL perform syntax checks */
+ if (ctx == NULL) {
+ switch (cmd) {
+#ifndef OPENSSL_NO_EC
+ case SSL_CTRL_SET_GROUPS_LIST:
+ return tls1_set_groups_list(NULL, NULL, parg);
+#endif
+ case SSL_CTRL_SET_SIGALGS_LIST:
+ case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
+ return tls1_set_sigalgs_list(NULL, parg, 0);
+ default:
+ return 0;
+ }
+ }
+
+ switch (cmd) {
+ case SSL_CTRL_GET_READ_AHEAD:
+ return ctx->read_ahead;
+ case SSL_CTRL_SET_READ_AHEAD:
+ l = ctx->read_ahead;
+ ctx->read_ahead = larg;
+ return l;
+
+ case SSL_CTRL_SET_MSG_CALLBACK_ARG:
+ ctx->msg_callback_arg = parg;
+ return 1;
+
+ case SSL_CTRL_GET_MAX_CERT_LIST:
+ return (long)ctx->max_cert_list;
+ case SSL_CTRL_SET_MAX_CERT_LIST:
+ if (larg < 0)
+ return 0;
+ l = (long)ctx->max_cert_list;
+ ctx->max_cert_list = (size_t)larg;
+ return l;
+
+ case SSL_CTRL_SET_SESS_CACHE_SIZE:
+ if (larg < 0)
+ return 0;
+ l = (long)ctx->session_cache_size;
+ ctx->session_cache_size = (size_t)larg;
+ return l;
+ case SSL_CTRL_GET_SESS_CACHE_SIZE:
+ return (long)ctx->session_cache_size;
+ case SSL_CTRL_SET_SESS_CACHE_MODE:
+ l = ctx->session_cache_mode;
+ ctx->session_cache_mode = larg;
+ return l;
+ case SSL_CTRL_GET_SESS_CACHE_MODE:
+ return ctx->session_cache_mode;
+
+ case SSL_CTRL_SESS_NUMBER:
+ return lh_SSL_SESSION_num_items(ctx->sessions);
+ case SSL_CTRL_SESS_CONNECT:
+ return tsan_load(&ctx->stats.sess_connect);
+ case SSL_CTRL_SESS_CONNECT_GOOD:
+ return tsan_load(&ctx->stats.sess_connect_good);
+ case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
+ return tsan_load(&ctx->stats.sess_connect_renegotiate);
+ case SSL_CTRL_SESS_ACCEPT:
+ return tsan_load(&ctx->stats.sess_accept);
+ case SSL_CTRL_SESS_ACCEPT_GOOD:
+ return tsan_load(&ctx->stats.sess_accept_good);
+ case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
+ return tsan_load(&ctx->stats.sess_accept_renegotiate);
+ case SSL_CTRL_SESS_HIT:
+ return tsan_load(&ctx->stats.sess_hit);
+ case SSL_CTRL_SESS_CB_HIT:
+ return tsan_load(&ctx->stats.sess_cb_hit);
+ case SSL_CTRL_SESS_MISSES:
+ return tsan_load(&ctx->stats.sess_miss);
+ case SSL_CTRL_SESS_TIMEOUTS:
+ return tsan_load(&ctx->stats.sess_timeout);
+ case SSL_CTRL_SESS_CACHE_FULL:
+ return tsan_load(&ctx->stats.sess_cache_full);
+ case SSL_CTRL_MODE:
+ return (ctx->mode |= larg);
+ case SSL_CTRL_CLEAR_MODE:
+ return (ctx->mode &= ~larg);
+ case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
+ if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
+ return 0;
+ ctx->max_send_fragment = larg;
+ if (ctx->max_send_fragment < ctx->split_send_fragment)
+ ctx->split_send_fragment = ctx->max_send_fragment;
+ return 1;
+ case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
+ if ((size_t)larg > ctx->max_send_fragment || larg == 0)
+ return 0;
+ ctx->split_send_fragment = larg;
+ return 1;
+ case SSL_CTRL_SET_MAX_PIPELINES:
+ if (larg < 1 || larg > SSL_MAX_PIPELINES)
+ return 0;
+ ctx->max_pipelines = larg;
+ return 1;
+ case SSL_CTRL_CERT_FLAGS:
+ return (ctx->cert->cert_flags |= larg);
+ case SSL_CTRL_CLEAR_CERT_FLAGS:
+ return (ctx->cert->cert_flags &= ~larg);
+ case SSL_CTRL_SET_MIN_PROTO_VERSION:
+ return ssl_check_allowed_versions(larg, ctx->max_proto_version)
+ && ssl_set_version_bound(ctx->method->version, (int)larg,
+ &ctx->min_proto_version);
+ case SSL_CTRL_GET_MIN_PROTO_VERSION:
+ return ctx->min_proto_version;
+ case SSL_CTRL_SET_MAX_PROTO_VERSION:
+ return ssl_check_allowed_versions(ctx->min_proto_version, larg)
+ && ssl_set_version_bound(ctx->method->version, (int)larg,
+ &ctx->max_proto_version);
+ case SSL_CTRL_GET_MAX_PROTO_VERSION:
+ return ctx->max_proto_version;
+ default:
+ return ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg);
+ }
+}
+
+long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
+{
+ switch (cmd) {
+ case SSL_CTRL_SET_MSG_CALLBACK:
+ ctx->msg_callback = (void (*)
+ (int write_p, int version, int content_type,
+ const void *buf, size_t len, SSL *ssl,
+ void *arg))(fp);
+ return 1;
+
+ default:
+ return ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp);
+ }
+}
+
+int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
+{
+ if (a->id > b->id)
+ return 1;
+ if (a->id < b->id)
+ return -1;
+ return 0;
+}
+
+int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
+ const SSL_CIPHER *const *bp)
+{
+ if ((*ap)->id > (*bp)->id)
+ return 1;
+ if ((*ap)->id < (*bp)->id)
+ return -1;
+ return 0;
+}
+
+/** return a STACK of the ciphers available for the SSL and in order of
+ * preference */
+STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
+{
+ if (s != NULL) {
+ if (s->cipher_list != NULL) {
+ return s->cipher_list;
+ } else if ((s->ctx != NULL) && (s->ctx->cipher_list != NULL)) {
+ return s->ctx->cipher_list;
+ }
+ }
+ return NULL;
+}
+
+STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s)
+{
+ if ((s == NULL) || !s->server)
+ return NULL;
+ return s->peer_ciphers;
+}
+
+STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s)
+{
+ STACK_OF(SSL_CIPHER) *sk = NULL, *ciphers;
+ int i;
+
+ ciphers = SSL_get_ciphers(s);
+ if (!ciphers)
+ return NULL;
+ if (!ssl_set_client_disabled(s))
+ return NULL;
+ for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
+ const SSL_CIPHER *c = sk_SSL_CIPHER_value(ciphers, i);
+ if (!ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_SUPPORTED, 0)) {
+ if (!sk)
+ sk = sk_SSL_CIPHER_new_null();
+ if (!sk)
+ return NULL;
+ if (!sk_SSL_CIPHER_push(sk, c)) {
+ sk_SSL_CIPHER_free(sk);
+ return NULL;
+ }
+ }
+ }
+ return sk;
+}
+
+/** return a STACK of the ciphers available for the SSL and in order of
+ * algorithm id */
+STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)
+{
+ if (s != NULL) {
+ if (s->cipher_list_by_id != NULL) {
+ return s->cipher_list_by_id;
+ } else if ((s->ctx != NULL) && (s->ctx->cipher_list_by_id != NULL)) {
+ return s->ctx->cipher_list_by_id;
+ }
+ }
+ return NULL;
+}
+
+/** The old interface to get the same thing as SSL_get_ciphers() */
+const char *SSL_get_cipher_list(const SSL *s, int n)
+{
+ const SSL_CIPHER *c;
+ STACK_OF(SSL_CIPHER) *sk;
+
+ if (s == NULL)
+ return NULL;
+ sk = SSL_get_ciphers(s);
+ if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
+ return NULL;
+ c = sk_SSL_CIPHER_value(sk, n);
+ if (c == NULL)
+ return NULL;
+ return c->name;
+}
+
+/** return a STACK of the ciphers available for the SSL_CTX and in order of
+ * preference */
+STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx)
+{
+ if (ctx != NULL)
+ return ctx->cipher_list;
+ return NULL;
+}
+
+/*
+ * Distinguish between ciphers controlled by set_ciphersuite() and
+ * set_cipher_list() when counting.
+ */
+static int cipher_list_tls12_num(STACK_OF(SSL_CIPHER) *sk)
+{
+ int i, num = 0;
+ const SSL_CIPHER *c;
+
+ if (sk == NULL)
+ return 0;
+ for (i = 0; i < sk_SSL_CIPHER_num(sk); ++i) {
+ c = sk_SSL_CIPHER_value(sk, i);
+ if (c->min_tls >= TLS1_3_VERSION)
+ continue;
+ num++;
+ }
+ return num;
+}
+
+/** specify the ciphers to be used by default by the SSL_CTX */
+int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
+{
+ STACK_OF(SSL_CIPHER) *sk;
+
+ sk = ssl_create_cipher_list(ctx->method, ctx->tls13_ciphersuites,
+ &ctx->cipher_list, &ctx->cipher_list_by_id, str,
+ ctx->cert);
+ /*
+ * ssl_create_cipher_list may return an empty stack if it was unable to
+ * find a cipher matching the given rule string (for example if the rule
+ * string specifies a cipher which has been disabled). This is not an
+ * error as far as ssl_create_cipher_list is concerned, and hence
+ * ctx->cipher_list and ctx->cipher_list_by_id has been updated.
+ */
+ if (sk == NULL)
+ return 0;
+ else if (cipher_list_tls12_num(sk) == 0) {
+ SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
+ return 0;
+ }
+ return 1;
+}
+
+/** specify the ciphers to be used by the SSL */
+int SSL_set_cipher_list(SSL *s, const char *str)
+{
+ STACK_OF(SSL_CIPHER) *sk;
+
+ sk = ssl_create_cipher_list(s->ctx->method, s->tls13_ciphersuites,
+ &s->cipher_list, &s->cipher_list_by_id, str,
+ s->cert);
+ /* see comment in SSL_CTX_set_cipher_list */
+ if (sk == NULL)
+ return 0;
+ else if (cipher_list_tls12_num(sk) == 0) {
+ SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
+ return 0;
+ }
+ return 1;
+}
+
+char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size)
+{
+ char *p;
+ STACK_OF(SSL_CIPHER) *clntsk, *srvrsk;
+ const SSL_CIPHER *c;
+ int i;
+
+ if (!s->server
+ || s->peer_ciphers == NULL
+ || size < 2)
+ return NULL;
+
+ p = buf;
+ clntsk = s->peer_ciphers;
+ srvrsk = SSL_get_ciphers(s);
+ if (clntsk == NULL || srvrsk == NULL)
+ return NULL;
+
+ if (sk_SSL_CIPHER_num(clntsk) == 0 || sk_SSL_CIPHER_num(srvrsk) == 0)
+ return NULL;
+
+ for (i = 0; i < sk_SSL_CIPHER_num(clntsk); i++) {
+ int n;
+
+ c = sk_SSL_CIPHER_value(clntsk, i);
+ if (sk_SSL_CIPHER_find(srvrsk, c) < 0)
+ continue;
+
+ n = strlen(c->name);
+ if (n + 1 > size) {
+ if (p != buf)
+ --p;
+ *p = '\0';
+ return buf;
+ }
+ strcpy(p, c->name);
+ p += n;
+ *(p++) = ':';
+ size -= n + 1;
+ }
+ p[-1] = '\0';
+ return buf;
+}
+
+/**
+ * Return the requested servername (SNI) value. Note that the behaviour varies
+ * depending on:
+ * - whether this is called by the client or the server,
+ * - if we are before or during/after the handshake,
+ * - if a resumption or normal handshake is being attempted/has occurred
+ * - whether we have negotiated TLSv1.2 (or below) or TLSv1.3
+ *
+ * Note that only the host_name type is defined (RFC 3546).
+ */
+const char *SSL_get_servername(const SSL *s, const int type)
+{
+ /*
+ * If we don't know if we are the client or the server yet then we assume
+ * client.
+ */
+ int server = s->handshake_func == NULL ? 0 : s->server;
+ if (type != TLSEXT_NAMETYPE_host_name)
+ return NULL;
+
+ if (server) {
+ /**
+ * Server side
+ * In TLSv1.3 on the server SNI is not associated with the session
+ * but in TLSv1.2 or below it is.
+ *
+ * Before the handshake:
+ * - return NULL
+ *
+ * During/after the handshake (TLSv1.2 or below resumption occurred):
+ * - If a servername was accepted by the server in the original
+ * handshake then it will return that servername, or NULL otherwise.
+ *
+ * During/after the handshake (TLSv1.2 or below resumption did not occur):
+ * - The function will return the servername requested by the client in
+ * this handshake or NULL if none was requested.
+ */
+ if (s->hit && !SSL_IS_TLS13(s))
+ return s->session->ext.hostname;
+ } else {
+ /**
+ * Client side
+ *
+ * Before the handshake:
+ * - If a servername has been set via a call to
+ * SSL_set_tlsext_host_name() then it will return that servername
+ * - If one has not been set, but a TLSv1.2 resumption is being
+ * attempted and the session from the original handshake had a
+ * servername accepted by the server then it will return that
+ * servername
+ * - Otherwise it returns NULL
+ *
+ * During/after the handshake (TLSv1.2 or below resumption occurred):
+ * - If the session from the original handshake had a servername accepted
+ * by the server then it will return that servername.
+ * - Otherwise it returns the servername set via
+ * SSL_set_tlsext_host_name() (or NULL if it was not called).
+ *
+ * During/after the handshake (TLSv1.2 or below resumption did not occur):
+ * - It will return the servername set via SSL_set_tlsext_host_name()
+ * (or NULL if it was not called).
+ */
+ if (SSL_in_before(s)) {
+ if (s->ext.hostname == NULL
+ && s->session != NULL
+ && s->session->ssl_version != TLS1_3_VERSION)
+ return s->session->ext.hostname;
+ } else {
+ if (!SSL_IS_TLS13(s) && s->hit && s->session->ext.hostname != NULL)
+ return s->session->ext.hostname;
+ }
+ }
+
+ return s->ext.hostname;
+}
+
+int SSL_get_servername_type(const SSL *s)
+{
+ if (SSL_get_servername(s, TLSEXT_NAMETYPE_host_name) != NULL)
+ return TLSEXT_NAMETYPE_host_name;
+ return -1;
+}
+
+/*
+ * SSL_select_next_proto implements the standard protocol selection. It is
+ * expected that this function is called from the callback set by
+ * SSL_CTX_set_next_proto_select_cb. The protocol data is assumed to be a
+ * vector of 8-bit, length prefixed byte strings. The length byte itself is
+ * not included in the length. A byte string of length 0 is invalid. No byte
+ * string may be truncated. The current, but experimental algorithm for
+ * selecting the protocol is: 1) If the server doesn't support NPN then this
+ * is indicated to the callback. In this case, the client application has to
+ * abort the connection or have a default application level protocol. 2) If
+ * the server supports NPN, but advertises an empty list then the client
+ * selects the first protocol in its list, but indicates via the API that this
+ * fallback case was enacted. 3) Otherwise, the client finds the first
+ * protocol in the server's list that it supports and selects this protocol.
+ * This is because it's assumed that the server has better information about
+ * which protocol a client should use. 4) If the client doesn't support any
+ * of the server's advertised protocols, then this is treated the same as
+ * case 2. It returns either OPENSSL_NPN_NEGOTIATED if a common protocol was
+ * found, or OPENSSL_NPN_NO_OVERLAP if the fallback case was reached.
+ */
+int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
+ const unsigned char *server,
+ unsigned int server_len,
+ const unsigned char *client, unsigned int client_len)
+{
+ PACKET cpkt, csubpkt, spkt, ssubpkt;
+
+ if (!PACKET_buf_init(&cpkt, client, client_len)
+ || !PACKET_get_length_prefixed_1(&cpkt, &csubpkt)
+ || PACKET_remaining(&csubpkt) == 0) {
+ *out = NULL;
+ *outlen = 0;
+ return OPENSSL_NPN_NO_OVERLAP;
+ }
+
+ /*
+ * Set the default opportunistic protocol. Will be overwritten if we find
+ * a match.
+ */
+ *out = (unsigned char *)PACKET_data(&csubpkt);
+ *outlen = (unsigned char)PACKET_remaining(&csubpkt);
+
+ /*
+ * For each protocol in server preference order, see if we support it.
+ */
+ if (PACKET_buf_init(&spkt, server, server_len)) {
+ while (PACKET_get_length_prefixed_1(&spkt, &ssubpkt)) {
+ if (PACKET_remaining(&ssubpkt) == 0)
+ continue; /* Invalid - ignore it */
+ if (PACKET_buf_init(&cpkt, client, client_len)) {
+ while (PACKET_get_length_prefixed_1(&cpkt, &csubpkt)) {
+ if (PACKET_equal(&csubpkt, PACKET_data(&ssubpkt),
+ PACKET_remaining(&ssubpkt))) {
+ /* We found a match */
+ *out = (unsigned char *)PACKET_data(&ssubpkt);
+ *outlen = (unsigned char)PACKET_remaining(&ssubpkt);
+ return OPENSSL_NPN_NEGOTIATED;
+ }
+ }
+ /* Ignore spurious trailing bytes in the client list */
+ } else {
+ /* This should never happen */
+ return OPENSSL_NPN_NO_OVERLAP;
+ }
+ }
+ /* Ignore spurious trailing bytes in the server list */
+ }
+
+ /*
+ * There's no overlap between our protocols and the server's list. We use
+ * the default opportunistic protocol selected earlier
+ */
+ return OPENSSL_NPN_NO_OVERLAP;
+}
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+/*
+ * SSL_get0_next_proto_negotiated sets *data and *len to point to the
+ * client's requested protocol for this connection and returns 0. If the
+ * client didn't request any protocol, then *data is set to NULL. Note that
+ * the client can request any protocol it chooses. The value returned from
+ * this function need not be a member of the list of supported protocols
+ * provided by the callback.
+ */
+void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
+ unsigned *len)
+{
+ *data = s->ext.npn;
+ if (!*data) {
+ *len = 0;
+ } else {
+ *len = (unsigned int)s->ext.npn_len;
+ }
+}
+
+/*
+ * SSL_CTX_set_npn_advertised_cb sets a callback that is called when
+ * a TLS server needs a list of supported protocols for Next Protocol
+ * Negotiation. The returned list must be in wire format. The list is
+ * returned by setting |out| to point to it and |outlen| to its length. This
+ * memory will not be modified, but one should assume that the SSL* keeps a
+ * reference to it. The callback should return SSL_TLSEXT_ERR_OK if it
+ * wishes to advertise. Otherwise, no such extension will be included in the
+ * ServerHello.
+ */
+void SSL_CTX_set_npn_advertised_cb(SSL_CTX *ctx,
+ SSL_CTX_npn_advertised_cb_func cb,
+ void *arg)
+{
+ ctx->ext.npn_advertised_cb = cb;
+ ctx->ext.npn_advertised_cb_arg = arg;
+}
+
+/*
+ * SSL_CTX_set_next_proto_select_cb sets a callback that is called when a
+ * client needs to select a protocol from the server's provided list. |out|
+ * must be set to point to the selected protocol (which may be within |in|).
+ * The length of the protocol name must be written into |outlen|. The
+ * server's advertised protocols are provided in |in| and |inlen|. The
+ * callback can assume that |in| is syntactically valid. The client must
+ * select a protocol. It is fatal to the connection if this callback returns
+ * a value other than SSL_TLSEXT_ERR_OK.
+ */
+void SSL_CTX_set_npn_select_cb(SSL_CTX *ctx,
+ SSL_CTX_npn_select_cb_func cb,
+ void *arg)
+{
+ ctx->ext.npn_select_cb = cb;
+ ctx->ext.npn_select_cb_arg = arg;
+}
+#endif
+
+static int alpn_value_ok(const unsigned char *protos, unsigned int protos_len)
+{
+ unsigned int idx;
+
+ if (protos_len < 2 || protos == NULL)
+ return 0;
+
+ for (idx = 0; idx < protos_len; idx += protos[idx] + 1) {
+ if (protos[idx] == 0)
+ return 0;
+ }
+ return idx == protos_len;
+}
+/*
+ * SSL_CTX_set_alpn_protos sets the ALPN protocol list on |ctx| to |protos|.
+ * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
+ * length-prefixed strings). Returns 0 on success.
+ */
+int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
+ unsigned int protos_len)
+{
+ unsigned char *alpn;
+
+ if (protos_len == 0 || protos == NULL) {
+ OPENSSL_free(ctx->ext.alpn);
+ ctx->ext.alpn = NULL;
+ ctx->ext.alpn_len = 0;
+ return 0;
+ }
+ /* Not valid per RFC */
+ if (!alpn_value_ok(protos, protos_len))
+ return 1;
+
+ alpn = OPENSSL_memdup(protos, protos_len);
+ if (alpn == NULL) {
+ SSLerr(SSL_F_SSL_CTX_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);
+ return 1;
+ }
+ OPENSSL_free(ctx->ext.alpn);
+ ctx->ext.alpn = alpn;
+ ctx->ext.alpn_len = protos_len;
+
+ return 0;
+}
+
+/*
+ * SSL_set_alpn_protos sets the ALPN protocol list on |ssl| to |protos|.
+ * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
+ * length-prefixed strings). Returns 0 on success.
+ */
+int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
+ unsigned int protos_len)
+{
+ unsigned char *alpn;
+
+ if (protos_len == 0 || protos == NULL) {
+ OPENSSL_free(ssl->ext.alpn);
+ ssl->ext.alpn = NULL;
+ ssl->ext.alpn_len = 0;
+ return 0;
+ }
+ /* Not valid per RFC */
+ if (!alpn_value_ok(protos, protos_len))
+ return 1;
+
+ alpn = OPENSSL_memdup(protos, protos_len);
+ if (alpn == NULL) {
+ SSLerr(SSL_F_SSL_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);
+ return 1;
+ }
+ OPENSSL_free(ssl->ext.alpn);
+ ssl->ext.alpn = alpn;
+ ssl->ext.alpn_len = protos_len;
+
+ return 0;
+}
+
+/*
+ * SSL_CTX_set_alpn_select_cb sets a callback function on |ctx| that is
+ * called during ClientHello processing in order to select an ALPN protocol
+ * from the client's list of offered protocols.
+ */
+void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
+ SSL_CTX_alpn_select_cb_func cb,
+ void *arg)
+{
+ ctx->ext.alpn_select_cb = cb;
+ ctx->ext.alpn_select_cb_arg = arg;
+}
+
+/*
+ * SSL_get0_alpn_selected gets the selected ALPN protocol (if any) from |ssl|.
+ * On return it sets |*data| to point to |*len| bytes of protocol name
+ * (not including the leading length-prefix byte). If the server didn't
+ * respond with a negotiated protocol then |*len| will be zero.
+ */
+void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
+ unsigned int *len)
+{
+ *data = NULL;
+ if (ssl->s3)
+ *data = ssl->s3->alpn_selected;
+ if (*data == NULL)
+ *len = 0;
+ else
+ *len = (unsigned int)ssl->s3->alpn_selected_len;
+}
+
+int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
+ const char *label, size_t llen,
+ const unsigned char *context, size_t contextlen,
+ int use_context)
+{
+ if (s->session == NULL
+ || (s->version < TLS1_VERSION && s->version != DTLS1_BAD_VER))
+ return -1;
+
+ return s->method->ssl3_enc->export_keying_material(s, out, olen, label,
+ llen, context,
+ contextlen, use_context);
+}
+
+int SSL_export_keying_material_early(SSL *s, unsigned char *out, size_t olen,
+ const char *label, size_t llen,
+ const unsigned char *context,
+ size_t contextlen)
+{
+ if (s->version != TLS1_3_VERSION)
+ return 0;
+
+ return tls13_export_keying_material_early(s, out, olen, label, llen,
+ context, contextlen);
+}
+
+static unsigned long ssl_session_hash(const SSL_SESSION *a)
+{
+ const unsigned char *session_id = a->session_id;
+ unsigned long l;
+ unsigned char tmp_storage[4];
+
+ if (a->session_id_length < sizeof(tmp_storage)) {
+ memset(tmp_storage, 0, sizeof(tmp_storage));
+ memcpy(tmp_storage, a->session_id, a->session_id_length);
+ session_id = tmp_storage;
+ }
+
+ l = (unsigned long)
+ ((unsigned long)session_id[0]) |
+ ((unsigned long)session_id[1] << 8L) |
+ ((unsigned long)session_id[2] << 16L) |
+ ((unsigned long)session_id[3] << 24L);
+ return l;
+}
+
+/*
+ * NB: If this function (or indeed the hash function which uses a sort of
+ * coarser function than this one) is changed, ensure
+ * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on
+ * being able to construct an SSL_SESSION that will collide with any existing
+ * session with a matching session ID.
+ */
+static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
+{
+ if (a->ssl_version != b->ssl_version)
+ return 1;
+ if (a->session_id_length != b->session_id_length)
+ return 1;
+ return memcmp(a->session_id, b->session_id, a->session_id_length);
+}
+
+/*
+ * These wrapper functions should remain rather than redeclaring
+ * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
+ * variable. The reason is that the functions aren't static, they're exposed
+ * via ssl.h.
+ */
+
+SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
+{
+ SSL_CTX *ret = NULL;
+
+ if (meth == NULL) {
+ SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_NULL_SSL_METHOD_PASSED);
+ return NULL;
+ }
+
+ if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL))
+ return NULL;
+
+ if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
+ SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
+ goto err;
+ }
+ ret = OPENSSL_zalloc(sizeof(*ret));
+ if (ret == NULL)
+ goto err;
+
+ ret->method = meth;
+ ret->min_proto_version = 0;
+ ret->max_proto_version = 0;
+ ret->mode = SSL_MODE_AUTO_RETRY;
+ ret->session_cache_mode = SSL_SESS_CACHE_SERVER;
+ ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
+ /* We take the system default. */
+ ret->session_timeout = meth->get_timeout();
+ ret->references = 1;
+ ret->lock = CRYPTO_THREAD_lock_new();
+ if (ret->lock == NULL) {
+ SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
+ OPENSSL_free(ret);
+ return NULL;
+ }
+ ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT;
+ ret->verify_mode = SSL_VERIFY_NONE;
+ if ((ret->cert = ssl_cert_new()) == NULL)
+ goto err;
+
+ ret->sessions = lh_SSL_SESSION_new(ssl_session_hash, ssl_session_cmp);
+ if (ret->sessions == NULL)
+ goto err;
+ ret->cert_store = X509_STORE_new();
+ if (ret->cert_store == NULL)
+ goto err;
+#ifndef OPENSSL_NO_CT
+ ret->ctlog_store = CTLOG_STORE_new();
+ if (ret->ctlog_store == NULL)
+ goto err;
+#endif
+
+ if (!SSL_CTX_set_ciphersuites(ret, TLS_DEFAULT_CIPHERSUITES))
+ goto err;
+
+ if (!ssl_create_cipher_list(ret->method,
+ ret->tls13_ciphersuites,
+ &ret->cipher_list, &ret->cipher_list_by_id,
+ SSL_DEFAULT_CIPHER_LIST, ret->cert)
+ || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
+ SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
+ goto err2;
+ }
+
+ ret->param = X509_VERIFY_PARAM_new();
+ if (ret->param == NULL)
+ goto err;
+
+ if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) {
+ SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
+ goto err2;
+ }
+ if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) {
+ SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
+ goto err2;
+ }
+
+ if ((ret->ca_names = sk_X509_NAME_new_null()) == NULL)
+ goto err;
+
+ if ((ret->client_ca_names = sk_X509_NAME_new_null()) == NULL)
+ goto err;
+
+ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data))
+ goto err;
+
+ if ((ret->ext.secure = OPENSSL_secure_zalloc(sizeof(*ret->ext.secure))) == NULL)
+ goto err;
+
+ /* No compression for DTLS */
+ if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS))
+ ret->comp_methods = SSL_COMP_get_compression_methods();
+
+ ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
+ ret->split_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
+
+ /* Setup RFC5077 ticket keys */
+ if ((RAND_bytes(ret->ext.tick_key_name,
+ sizeof(ret->ext.tick_key_name)) <= 0)
+ || (RAND_priv_bytes(ret->ext.secure->tick_hmac_key,
+ sizeof(ret->ext.secure->tick_hmac_key)) <= 0)
+ || (RAND_priv_bytes(ret->ext.secure->tick_aes_key,
+ sizeof(ret->ext.secure->tick_aes_key)) <= 0))
+ ret->options |= SSL_OP_NO_TICKET;
+
+ if (RAND_priv_bytes(ret->ext.cookie_hmac_key,
+ sizeof(ret->ext.cookie_hmac_key)) <= 0)
+ goto err;
+
+#ifndef OPENSSL_NO_SRP
+ if (!SSL_CTX_SRP_CTX_init(ret))
+ goto err;
+#endif
+#ifndef OPENSSL_NO_ENGINE
+# ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
+# define eng_strx(x) #x
+# define eng_str(x) eng_strx(x)
+ /* Use specific client engine automatically... ignore errors */
+ {
+ ENGINE *eng;
+ eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
+ if (!eng) {
+ ERR_clear_error();
+ ENGINE_load_builtin_engines();
+ eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
+ }
+ if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))
+ ERR_clear_error();
+ }
+# endif
+#endif
+ /*
+ * Default is to connect to non-RI servers. When RI is more widely
+ * deployed might change this.
+ */
+ ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
+ /*
+ * Disable compression by default to prevent CRIME. Applications can
+ * re-enable compression by configuring
+ * SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION);
+ * or by using the SSL_CONF library. Similarly we also enable TLSv1.3
+ * middlebox compatibility by default. This may be disabled by default in
+ * a later OpenSSL version.
+ */
+ ret->options |= SSL_OP_NO_COMPRESSION | SSL_OP_ENABLE_MIDDLEBOX_COMPAT;
+
+ ret->ext.status_type = TLSEXT_STATUSTYPE_nothing;
+
+ /*
+ * We cannot usefully set a default max_early_data here (which gets
+ * propagated in SSL_new(), for the following reason: setting the
+ * SSL field causes tls_construct_stoc_early_data() to tell the
+ * client that early data will be accepted when constructing a TLS 1.3
+ * session ticket, and the client will accordingly send us early data
+ * when using that ticket (if the client has early data to send).
+ * However, in order for the early data to actually be consumed by
+ * the application, the application must also have calls to
+ * SSL_read_early_data(); otherwise we'll just skip past the early data
+ * and ignore it. So, since the application must add calls to
+ * SSL_read_early_data(), we also require them to add
+ * calls to SSL_CTX_set_max_early_data() in order to use early data,
+ * eliminating the bandwidth-wasting early data in the case described
+ * above.
+ */
+ ret->max_early_data = 0;
+
+ /*
+ * Default recv_max_early_data is a fully loaded single record. Could be
+ * split across multiple records in practice. We set this differently to
+ * max_early_data so that, in the default case, we do not advertise any
+ * support for early_data, but if a client were to send us some (e.g.
+ * because of an old, stale ticket) then we will tolerate it and skip over
+ * it.
+ */
+ ret->recv_max_early_data = SSL3_RT_MAX_PLAIN_LENGTH;
+
+ /* By default we send two session tickets automatically in TLSv1.3 */
+ ret->num_tickets = 2;
+
+ ssl_ctx_system_config(ret);
+
+ return ret;
+ err:
+ SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
+ err2:
+ SSL_CTX_free(ret);
+ return NULL;
+}
+
+int SSL_CTX_up_ref(SSL_CTX *ctx)
+{
+ int i;
+
+ if (CRYPTO_UP_REF(&ctx->references, &i, ctx->lock) <= 0)
+ return 0;
+
+ REF_PRINT_COUNT("SSL_CTX", ctx);
+ REF_ASSERT_ISNT(i < 2);
+ return ((i > 1) ? 1 : 0);
+}
+
+void SSL_CTX_free(SSL_CTX *a)
+{
+ int i;
+
+ if (a == NULL)
+ return;
+
+ CRYPTO_DOWN_REF(&a->references, &i, a->lock);
+ REF_PRINT_COUNT("SSL_CTX", a);
+ if (i > 0)
+ return;
+ REF_ASSERT_ISNT(i < 0);
+
+ X509_VERIFY_PARAM_free(a->param);
+ dane_ctx_final(&a->dane);
+
+ /*
+ * Free internal session cache. However: the remove_cb() may reference
+ * the ex_data of SSL_CTX, thus the ex_data store can only be removed
+ * after the sessions were flushed.
+ * As the ex_data handling routines might also touch the session cache,
+ * the most secure solution seems to be: empty (flush) the cache, then
+ * free ex_data, then finally free the cache.
+ * (See ticket [openssl.org #212].)
+ */
+ if (a->sessions != NULL)
+ SSL_CTX_flush_sessions(a, 0);
+
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
+ lh_SSL_SESSION_free(a->sessions);
+ X509_STORE_free(a->cert_store);
+#ifndef OPENSSL_NO_CT
+ CTLOG_STORE_free(a->ctlog_store);
+#endif
+ sk_SSL_CIPHER_free(a->cipher_list);
+ sk_SSL_CIPHER_free(a->cipher_list_by_id);
+ sk_SSL_CIPHER_free(a->tls13_ciphersuites);
+ ssl_cert_free(a->cert);
+ sk_X509_NAME_pop_free(a->ca_names, X509_NAME_free);
+ sk_X509_NAME_pop_free(a->client_ca_names, X509_NAME_free);
+ sk_X509_pop_free(a->extra_certs, X509_free);
+ a->comp_methods = NULL;
+#ifndef OPENSSL_NO_SRTP
+ sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
+#endif
+#ifndef OPENSSL_NO_SRP
+ SSL_CTX_SRP_CTX_free(a);
+#endif
+#ifndef OPENSSL_NO_ENGINE
+ ENGINE_finish(a->client_cert_engine);
+#endif
+
+#ifndef OPENSSL_NO_EC
+ OPENSSL_free(a->ext.ecpointformats);
+ OPENSSL_free(a->ext.supportedgroups);
+#endif
+ OPENSSL_free(a->ext.alpn);
+ OPENSSL_secure_free(a->ext.secure);
+
+ CRYPTO_THREAD_lock_free(a->lock);
+
+ OPENSSL_free(a);
+}
+
+void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
+{
+ ctx->default_passwd_callback = cb;
+}
+
+void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u)
+{
+ ctx->default_passwd_callback_userdata = u;
+}
+
+pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
+{
+ return ctx->default_passwd_callback;
+}
+
+void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
+{
+ return ctx->default_passwd_callback_userdata;
+}
+
+void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb)
+{
+ s->default_passwd_callback = cb;
+}
+
+void SSL_set_default_passwd_cb_userdata(SSL *s, void *u)
+{
+ s->default_passwd_callback_userdata = u;
+}
+
+pem_password_cb *SSL_get_default_passwd_cb(SSL *s)
+{
+ return s->default_passwd_callback;
+}
+
+void *SSL_get_default_passwd_cb_userdata(SSL *s)
+{
+ return s->default_passwd_callback_userdata;
+}
+
+void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
+ int (*cb) (X509_STORE_CTX *, void *),
+ void *arg)
+{
+ ctx->app_verify_callback = cb;
+ ctx->app_verify_arg = arg;
+}
+
+void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
+ int (*cb) (int, X509_STORE_CTX *))
+{
+ ctx->verify_mode = mode;
+ ctx->default_verify_callback = cb;
+}
+
+void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)
+{
+ X509_VERIFY_PARAM_set_depth(ctx->param, depth);
+}
+
+void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), void *arg)
+{
+ ssl_cert_set_cert_cb(c->cert, cb, arg);
+}
+
+void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg)
+{
+ ssl_cert_set_cert_cb(s->cert, cb, arg);
+}
+
+void ssl_set_masks(SSL *s)
+{
+ CERT *c = s->cert;
+ uint32_t *pvalid = s->s3->tmp.valid_flags;
+ int rsa_enc, rsa_sign, dh_tmp, dsa_sign;
+ unsigned long mask_k, mask_a;
+#ifndef OPENSSL_NO_EC
+ int have_ecc_cert, ecdsa_ok;
+#endif
+ if (c == NULL)
+ return;
+
+#ifndef OPENSSL_NO_DH
+ dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL || c->dh_tmp_auto);
+#else
+ dh_tmp = 0;
+#endif
+
+ rsa_enc = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID;
+ rsa_sign = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID;
+ dsa_sign = pvalid[SSL_PKEY_DSA_SIGN] & CERT_PKEY_VALID;
+#ifndef OPENSSL_NO_EC
+ have_ecc_cert = pvalid[SSL_PKEY_ECC] & CERT_PKEY_VALID;
+#endif
+ mask_k = 0;
+ mask_a = 0;
+
+#ifdef CIPHER_DEBUG
+ fprintf(stderr, "dht=%d re=%d rs=%d ds=%d\n",
+ dh_tmp, rsa_enc, rsa_sign, dsa_sign);
+#endif
+
+#ifndef OPENSSL_NO_GOST
+ if (ssl_has_cert(s, SSL_PKEY_GOST12_512)) {
+ mask_k |= SSL_kGOST;
+ mask_a |= SSL_aGOST12;
+ }
+ if (ssl_has_cert(s, SSL_PKEY_GOST12_256)) {
+ mask_k |= SSL_kGOST;
+ mask_a |= SSL_aGOST12;
+ }
+ if (ssl_has_cert(s, SSL_PKEY_GOST01)) {
+ mask_k |= SSL_kGOST;
+ mask_a |= SSL_aGOST01;
+ }
+#endif
+
+ if (rsa_enc)
+ mask_k |= SSL_kRSA;
+
+ if (dh_tmp)
+ mask_k |= SSL_kDHE;
+
+ /*
+ * If we only have an RSA-PSS certificate allow RSA authentication
+ * if TLS 1.2 and peer supports it.
+ */
+
+ if (rsa_enc || rsa_sign || (ssl_has_cert(s, SSL_PKEY_RSA_PSS_SIGN)
+ && pvalid[SSL_PKEY_RSA_PSS_SIGN] & CERT_PKEY_EXPLICIT_SIGN
+ && TLS1_get_version(s) == TLS1_2_VERSION))
+ mask_a |= SSL_aRSA;
+
+ if (dsa_sign) {
+ mask_a |= SSL_aDSS;
+ }
+
+ mask_a |= SSL_aNULL;
+
+ /*
+ * An ECC certificate may be usable for ECDH and/or ECDSA cipher suites
+ * depending on the key usage extension.
+ */
+#ifndef OPENSSL_NO_EC
+ if (have_ecc_cert) {
+ uint32_t ex_kusage;
+ ex_kusage = X509_get_key_usage(c->pkeys[SSL_PKEY_ECC].x509);
+ ecdsa_ok = ex_kusage & X509v3_KU_DIGITAL_SIGNATURE;
+ if (!(pvalid[SSL_PKEY_ECC] & CERT_PKEY_SIGN))
+ ecdsa_ok = 0;
+ if (ecdsa_ok)
+ mask_a |= SSL_aECDSA;
+ }
+ /* Allow Ed25519 for TLS 1.2 if peer supports it */
+ if (!(mask_a & SSL_aECDSA) && ssl_has_cert(s, SSL_PKEY_ED25519)
+ && pvalid[SSL_PKEY_ED25519] & CERT_PKEY_EXPLICIT_SIGN
+ && TLS1_get_version(s) == TLS1_2_VERSION)
+ mask_a |= SSL_aECDSA;
+
+ /* Allow Ed448 for TLS 1.2 if peer supports it */
+ if (!(mask_a & SSL_aECDSA) && ssl_has_cert(s, SSL_PKEY_ED448)
+ && pvalid[SSL_PKEY_ED448] & CERT_PKEY_EXPLICIT_SIGN
+ && TLS1_get_version(s) == TLS1_2_VERSION)
+ mask_a |= SSL_aECDSA;
+#endif
+
+#ifndef OPENSSL_NO_EC
+ mask_k |= SSL_kECDHE;
+#endif
+
+#ifndef OPENSSL_NO_PSK
+ mask_k |= SSL_kPSK;
+ mask_a |= SSL_aPSK;
+ if (mask_k & SSL_kRSA)
+ mask_k |= SSL_kRSAPSK;
+ if (mask_k & SSL_kDHE)
+ mask_k |= SSL_kDHEPSK;
+ if (mask_k & SSL_kECDHE)
+ mask_k |= SSL_kECDHEPSK;
+#endif
+
+ s->s3->tmp.mask_k = mask_k;
+ s->s3->tmp.mask_a = mask_a;
+}
+
+#ifndef OPENSSL_NO_EC
+
+int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
+{
+ if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aECDSA) {
+ /* key usage, if present, must allow signing */
+ if (!(X509_get_key_usage(x) & X509v3_KU_DIGITAL_SIGNATURE)) {
+ SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
+ SSL_R_ECC_CERT_NOT_FOR_SIGNING);
+ return 0;
+ }
+ }
+ return 1; /* all checks are ok */
+}
+
+#endif
+
+int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo,
+ size_t *serverinfo_length)
+{
+ CERT_PKEY *cpk = s->s3->tmp.cert;
+ *serverinfo_length = 0;
+
+ if (cpk == NULL || cpk->serverinfo == NULL)
+ return 0;
+
+ *serverinfo = cpk->serverinfo;
+ *serverinfo_length = cpk->serverinfo_length;
+ return 1;
+}
+
+void ssl_update_cache(SSL *s, int mode)
+{
+ int i;
+
+ /*
+ * If the session_id_length is 0, we are not supposed to cache it, and it
+ * would be rather hard to do anyway :-). Also if the session has already
+ * been marked as not_resumable we should not cache it for later reuse.
+ */
+ if (s->session->session_id_length == 0 || s->session->not_resumable)
+ return;
+
+ /*
+ * If sid_ctx_length is 0 there is no specific application context
+ * associated with this session, so when we try to resume it and
+ * SSL_VERIFY_PEER is requested to verify the client identity, we have no
+ * indication that this is actually a session for the proper application
+ * context, and the *handshake* will fail, not just the resumption attempt.
+ * Do not cache (on the server) these sessions that are not resumable
+ * (clients can set SSL_VERIFY_PEER without needing a sid_ctx set).
+ */
+ if (s->server && s->session->sid_ctx_length == 0
+ && (s->verify_mode & SSL_VERIFY_PEER) != 0)
+ return;
+
+ i = s->session_ctx->session_cache_mode;
+ if ((i & mode) != 0
+ && (!s->hit || SSL_IS_TLS13(s))) {
+ /*
+ * Add the session to the internal cache. In server side TLSv1.3 we
+ * normally don't do this because by default it's a full stateless ticket
+ * with only a dummy session id so there is no reason to cache it,
+ * unless:
+ * - we are doing early_data, in which case we cache so that we can
+ * detect replays
+ * - the application has set a remove_session_cb so needs to know about
+ * session timeout events
+ * - SSL_OP_NO_TICKET is set in which case it is a stateful ticket
+ */
+ if ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) == 0
+ && (!SSL_IS_TLS13(s)
+ || !s->server
+ || (s->max_early_data > 0
+ && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0)
+ || s->session_ctx->remove_session_cb != NULL
+ || (s->options & SSL_OP_NO_TICKET) != 0))
+ SSL_CTX_add_session(s->session_ctx, s->session);
+
+ /*
+ * Add the session to the external cache. We do this even in server side
+ * TLSv1.3 without early data because some applications just want to
+ * know about the creation of a session and aren't doing a full cache.
+ */
+ if (s->session_ctx->new_session_cb != NULL) {
+ SSL_SESSION_up_ref(s->session);
+ if (!s->session_ctx->new_session_cb(s, s->session))
+ SSL_SESSION_free(s->session);
+ }
+ }
+
+ /* auto flush every 255 connections */
+ if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && ((i & mode) == mode)) {
+ TSAN_QUALIFIER int *stat;
+ if (mode & SSL_SESS_CACHE_CLIENT)
+ stat = &s->session_ctx->stats.sess_connect_good;
+ else
+ stat = &s->session_ctx->stats.sess_accept_good;
+ if ((tsan_load(stat) & 0xff) == 0xff)
+ SSL_CTX_flush_sessions(s->session_ctx, (unsigned long)time(NULL));
+ }
+}
+
+const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx)
+{
+ return ctx->method;
+}
+
+const SSL_METHOD *SSL_get_ssl_method(const SSL *s)
+{
+ return s->method;
+}
+
+int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
+{
+ int ret = 1;
+
+ if (s->method != meth) {
+ const SSL_METHOD *sm = s->method;
+ int (*hf) (SSL *) = s->handshake_func;
+
+ if (sm->version == meth->version)
+ s->method = meth;
+ else {
+ sm->ssl_free(s);
+ s->method = meth;
+ ret = s->method->ssl_new(s);
+ }
+
+ if (hf == sm->ssl_connect)
+ s->handshake_func = meth->ssl_connect;
+ else if (hf == sm->ssl_accept)
+ s->handshake_func = meth->ssl_accept;
+ }
+ return ret;
+}
+
+int SSL_get_error(const SSL *s, int i)
+{
+ int reason;
+ unsigned long l;
+ BIO *bio;
+
+ if (i > 0)
+ return SSL_ERROR_NONE;
+
+ /*
+ * Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake etc,
+ * where we do encode the error
+ */
+ if ((l = ERR_peek_error()) != 0) {
+ if (ERR_GET_LIB(l) == ERR_LIB_SYS)
+ return SSL_ERROR_SYSCALL;
+ else
+ return SSL_ERROR_SSL;
+ }
+
+ if (SSL_want_read(s)) {
+ bio = SSL_get_rbio(s);
+ if (BIO_should_read(bio))
+ return SSL_ERROR_WANT_READ;
+ else if (BIO_should_write(bio))
+ /*
+ * This one doesn't make too much sense ... We never try to write
+ * to the rbio, and an application program where rbio and wbio
+ * are separate couldn't even know what it should wait for.
+ * However if we ever set s->rwstate incorrectly (so that we have
+ * SSL_want_read(s) instead of SSL_want_write(s)) and rbio and
+ * wbio *are* the same, this test works around that bug; so it
+ * might be safer to keep it.
+ */
+ return SSL_ERROR_WANT_WRITE;
+ else if (BIO_should_io_special(bio)) {
+ reason = BIO_get_retry_reason(bio);
+ if (reason == BIO_RR_CONNECT)
+ return SSL_ERROR_WANT_CONNECT;
+ else if (reason == BIO_RR_ACCEPT)
+ return SSL_ERROR_WANT_ACCEPT;
+ else
+ return SSL_ERROR_SYSCALL; /* unknown */
+ }
+ }
+
+ if (SSL_want_write(s)) {
+ /* Access wbio directly - in order to use the buffered bio if present */
+ bio = s->wbio;
+ if (BIO_should_write(bio))
+ return SSL_ERROR_WANT_WRITE;
+ else if (BIO_should_read(bio))
+ /*
+ * See above (SSL_want_read(s) with BIO_should_write(bio))
+ */
+ return SSL_ERROR_WANT_READ;
+ else if (BIO_should_io_special(bio)) {
+ reason = BIO_get_retry_reason(bio);
+ if (reason == BIO_RR_CONNECT)
+ return SSL_ERROR_WANT_CONNECT;
+ else if (reason == BIO_RR_ACCEPT)
+ return SSL_ERROR_WANT_ACCEPT;
+ else
+ return SSL_ERROR_SYSCALL;
+ }
+ }
+ if (SSL_want_x509_lookup(s))
+ return SSL_ERROR_WANT_X509_LOOKUP;
+ if (SSL_want_async(s))
+ return SSL_ERROR_WANT_ASYNC;
+ if (SSL_want_async_job(s))
+ return SSL_ERROR_WANT_ASYNC_JOB;
+ if (SSL_want_client_hello_cb(s))
+ return SSL_ERROR_WANT_CLIENT_HELLO_CB;
+
+ if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
+ (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
+ return SSL_ERROR_ZERO_RETURN;
+
+ return SSL_ERROR_SYSCALL;
+}
+
+static int ssl_do_handshake_intern(void *vargs)
+{
+ struct ssl_async_args *args;
+ SSL *s;
+
+ args = (struct ssl_async_args *)vargs;
+ s = args->s;
+
+ return s->handshake_func(s);
+}
+
+int SSL_do_handshake(SSL *s)
+{
+ int ret = 1;
+
+ if (s->handshake_func == NULL) {
+ SSLerr(SSL_F_SSL_DO_HANDSHAKE, SSL_R_CONNECTION_TYPE_NOT_SET);
+ return -1;
+ }
+
+ ossl_statem_check_finish_init(s, -1);
+
+ s->method->ssl_renegotiate_check(s, 0);
+
+ if (SSL_in_init(s) || SSL_in_before(s)) {
+ if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
+ struct ssl_async_args args;
+
+ memset(&args, 0, sizeof(args));
+ args.s = s;
+
+ ret = ssl_start_async_job(s, &args, ssl_do_handshake_intern);
+ } else {
+ ret = s->handshake_func(s);
+ }
+ }
+ return ret;
+}
+
+void SSL_set_accept_state(SSL *s)
+{
+ s->server = 1;
+ s->shutdown = 0;
+ ossl_statem_clear(s);
+ s->handshake_func = s->method->ssl_accept;
+ clear_ciphers(s);
+}
+
+void SSL_set_connect_state(SSL *s)
+{
+ s->server = 0;
+ s->shutdown = 0;
+ ossl_statem_clear(s);
+ s->handshake_func = s->method->ssl_connect;
+ clear_ciphers(s);
+}
+
+int ssl_undefined_function(SSL *s)
+{
+ SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return 0;
+}
+
+int ssl_undefined_void_function(void)
+{
+ SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,
+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return 0;
+}
+
+int ssl_undefined_const_function(const SSL *s)
+{
+ return 0;
+}
+
+const SSL_METHOD *ssl_bad_method(int ver)
+{
+ SSLerr(SSL_F_SSL_BAD_METHOD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return NULL;
+}
+
+const char *ssl_protocol_to_string(int version)
+{
+ switch(version)
+ {
+ case TLS1_3_VERSION:
+ return "TLSv1.3";
+
+ case TLS1_2_VERSION:
+ return "TLSv1.2";
+
+ case TLS1_1_VERSION:
+ return "TLSv1.1";
+
+ case TLS1_VERSION:
+ return "TLSv1";
+
+ case SSL3_VERSION:
+ return "SSLv3";
+
+ case DTLS1_BAD_VER:
+ return "DTLSv0.9";
+
+ case DTLS1_VERSION:
+ return "DTLSv1";
+
+ case DTLS1_2_VERSION:
+ return "DTLSv1.2";
+
+ default:
+ return "unknown";
+ }
+}
+
+const char *SSL_get_version(const SSL *s)
+{
+ return ssl_protocol_to_string(s->version);
+}
+
+static int dup_ca_names(STACK_OF(X509_NAME) **dst, STACK_OF(X509_NAME) *src)
+{
+ STACK_OF(X509_NAME) *sk;
+ X509_NAME *xn;
+ int i;
+
+ if (src == NULL) {
+ *dst = NULL;
+ return 1;
+ }
+
+ if ((sk = sk_X509_NAME_new_null()) == NULL)
+ return 0;
+ for (i = 0; i < sk_X509_NAME_num(src); i++) {
+ xn = X509_NAME_dup(sk_X509_NAME_value(src, i));
+ if (xn == NULL) {
+ sk_X509_NAME_pop_free(sk, X509_NAME_free);
+ return 0;
+ }
+ if (sk_X509_NAME_insert(sk, xn, i) == 0) {
+ X509_NAME_free(xn);
+ sk_X509_NAME_pop_free(sk, X509_NAME_free);
+ return 0;
+ }
+ }
+ *dst = sk;
+
+ return 1;
+}
+
+SSL *SSL_dup(SSL *s)
+{
+ SSL *ret;
+ int i;
+
+ /* If we're not quiescent, just up_ref! */
+ if (!SSL_in_init(s) || !SSL_in_before(s)) {
+ CRYPTO_UP_REF(&s->references, &i, s->lock);
+ return s;
+ }
+
+ /*
+ * Otherwise, copy configuration state, and session if set.
+ */
+ if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL)
+ return NULL;
+
+ if (s->session != NULL) {
+ /*
+ * Arranges to share the same session via up_ref. This "copies"
+ * session-id, SSL_METHOD, sid_ctx, and 'cert'
+ */
+ if (!SSL_copy_session_id(ret, s))
+ goto err;
+ } else {
+ /*
+ * No session has been established yet, so we have to expect that
+ * s->cert or ret->cert will be changed later -- they should not both
+ * point to the same object, and thus we can't use
+ * SSL_copy_session_id.
+ */
+ if (!SSL_set_ssl_method(ret, s->method))
+ goto err;
+
+ if (s->cert != NULL) {
+ ssl_cert_free(ret->cert);
+ ret->cert = ssl_cert_dup(s->cert);
+ if (ret->cert == NULL)
+ goto err;
+ }
+
+ if (!SSL_set_session_id_context(ret, s->sid_ctx,
+ (int)s->sid_ctx_length))
+ goto err;
+ }
+
+ if (!ssl_dane_dup(ret, s))
+ goto err;
+ ret->version = s->version;
+ ret->options = s->options;
+ ret->min_proto_version = s->min_proto_version;
+ ret->max_proto_version = s->max_proto_version;
+ ret->mode = s->mode;
+ SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s));
+ SSL_set_read_ahead(ret, SSL_get_read_ahead(s));
+ ret->msg_callback = s->msg_callback;
+ ret->msg_callback_arg = s->msg_callback_arg;
+ SSL_set_verify(ret, SSL_get_verify_mode(s), SSL_get_verify_callback(s));
+ SSL_set_verify_depth(ret, SSL_get_verify_depth(s));
+ ret->generate_session_id = s->generate_session_id;
+
+ SSL_set_info_callback(ret, SSL_get_info_callback(s));
+
+ /* copy app data, a little dangerous perhaps */
+ if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data))
+ goto err;
+
+ ret->server = s->server;
+ if (s->handshake_func) {
+ if (s->server)
+ SSL_set_accept_state(ret);
+ else
+ SSL_set_connect_state(ret);
+ }
+ ret->shutdown = s->shutdown;
+ ret->hit = s->hit;
+
+ ret->default_passwd_callback = s->default_passwd_callback;
+ ret->default_passwd_callback_userdata = s->default_passwd_callback_userdata;
+
+ X509_VERIFY_PARAM_inherit(ret->param, s->param);
+
+ /* dup the cipher_list and cipher_list_by_id stacks */
+ if (s->cipher_list != NULL) {
+ if ((ret->cipher_list = sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
+ goto err;
+ }
+ if (s->cipher_list_by_id != NULL)
+ if ((ret->cipher_list_by_id = sk_SSL_CIPHER_dup(s->cipher_list_by_id))
+ == NULL)
+ goto err;
+
+ /* Dup the client_CA list */
+ if (!dup_ca_names(&ret->ca_names, s->ca_names)
+ || !dup_ca_names(&ret->client_ca_names, s->client_ca_names))
+ goto err;
+
+ return ret;
+
+ err:
+ SSL_free(ret);
+ return NULL;
+}
+
+void ssl_clear_cipher_ctx(SSL *s)
+{
+ if (s->enc_read_ctx != NULL) {
+ EVP_CIPHER_CTX_free(s->enc_read_ctx);
+ s->enc_read_ctx = NULL;
+ }
+ if (s->enc_write_ctx != NULL) {
+ EVP_CIPHER_CTX_free(s->enc_write_ctx);
+ s->enc_write_ctx = NULL;
+ }
+#ifndef OPENSSL_NO_COMP
+ COMP_CTX_free(s->expand);
+ s->expand = NULL;
+ COMP_CTX_free(s->compress);
+ s->compress = NULL;
+#endif
+}
+
+X509 *SSL_get_certificate(const SSL *s)
+{
+ if (s->cert != NULL)
+ return s->cert->key->x509;
+ else
+ return NULL;
+}
+
+EVP_PKEY *SSL_get_privatekey(const SSL *s)
+{
+ if (s->cert != NULL)
+ return s->cert->key->privatekey;
+ else
+ return NULL;
+}
+
+X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx)
+{
+ if (ctx->cert != NULL)
+ return ctx->cert->key->x509;
+ else
+ return NULL;
+}
+
+EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx)
+{
+ if (ctx->cert != NULL)
+ return ctx->cert->key->privatekey;
+ else
+ return NULL;
+}
+
+const SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
+{
+ if ((s->session != NULL) && (s->session->cipher != NULL))
+ return s->session->cipher;
+ return NULL;
+}
+
+const SSL_CIPHER *SSL_get_pending_cipher(const SSL *s)
+{
+ return s->s3->tmp.new_cipher;
+}
+
+const COMP_METHOD *SSL_get_current_compression(const SSL *s)
+{
+#ifndef OPENSSL_NO_COMP
+ return s->compress ? COMP_CTX_get_method(s->compress) : NULL;
+#else
+ return NULL;
+#endif
+}
+
+const COMP_METHOD *SSL_get_current_expansion(const SSL *s)
+{
+#ifndef OPENSSL_NO_COMP
+ return s->expand ? COMP_CTX_get_method(s->expand) : NULL;
+#else
+ return NULL;
+#endif
+}
+
+int ssl_init_wbio_buffer(SSL *s)
+{
+ BIO *bbio;
+
+ if (s->bbio != NULL) {
+ /* Already buffered. */
+ return 1;
+ }
+
+ bbio = BIO_new(BIO_f_buffer());
+ if (bbio == NULL || !BIO_set_read_buffer_size(bbio, 1)) {
+ BIO_free(bbio);
+ SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER, ERR_R_BUF_LIB);
+ return 0;
+ }
+ s->bbio = bbio;
+ s->wbio = BIO_push(bbio, s->wbio);
+
+ return 1;
+}
+
+int ssl_free_wbio_buffer(SSL *s)
+{
+ /* callers ensure s is never null */
+ if (s->bbio == NULL)
+ return 1;
+
+ s->wbio = BIO_pop(s->wbio);
+ BIO_free(s->bbio);
+ s->bbio = NULL;
+
+ return 1;
+}
+
+void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode)
+{
+ ctx->quiet_shutdown = mode;
+}
+
+int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)
+{
+ return ctx->quiet_shutdown;
+}
+
+void SSL_set_quiet_shutdown(SSL *s, int mode)
+{
+ s->quiet_shutdown = mode;
+}
+
+int SSL_get_quiet_shutdown(const SSL *s)
+{
+ return s->quiet_shutdown;
+}
+
+void SSL_set_shutdown(SSL *s, int mode)
+{
+ s->shutdown = mode;
+}
+
+int SSL_get_shutdown(const SSL *s)
+{
+ return s->shutdown;
+}
+
+int SSL_version(const SSL *s)
+{
+ return s->version;
+}
+
+int SSL_client_version(const SSL *s)
+{
+ return s->client_version;
+}
+
+SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
+{
+ return ssl->ctx;
+}
+
+SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx)
+{
+ CERT *new_cert;
+ if (ssl->ctx == ctx)
+ return ssl->ctx;
+ if (ctx == NULL)
+ ctx = ssl->session_ctx;
+ new_cert = ssl_cert_dup(ctx->cert);
+ if (new_cert == NULL) {
+ return NULL;
+ }
+
+ if (!custom_exts_copy_flags(&new_cert->custext, &ssl->cert->custext)) {
+ ssl_cert_free(new_cert);
+ return NULL;
+ }
+
+ ssl_cert_free(ssl->cert);
+ ssl->cert = new_cert;
+
+ /*
+ * Program invariant: |sid_ctx| has fixed size (SSL_MAX_SID_CTX_LENGTH),
+ * so setter APIs must prevent invalid lengths from entering the system.
+ */
+ if (!ossl_assert(ssl->sid_ctx_length <= sizeof(ssl->sid_ctx)))
+ return NULL;
+
+ /*
+ * If the session ID context matches that of the parent SSL_CTX,
+ * inherit it from the new SSL_CTX as well. If however the context does
+ * not match (i.e., it was set per-ssl with SSL_set_session_id_context),
+ * leave it unchanged.
+ */
+ if ((ssl->ctx != NULL) &&
+ (ssl->sid_ctx_length == ssl->ctx->sid_ctx_length) &&
+ (memcmp(ssl->sid_ctx, ssl->ctx->sid_ctx, ssl->sid_ctx_length) == 0)) {
+ ssl->sid_ctx_length = ctx->sid_ctx_length;
+ memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx));
+ }
+
+ SSL_CTX_up_ref(ctx);
+ SSL_CTX_free(ssl->ctx); /* decrement reference count */
+ ssl->ctx = ctx;
+
+ return ssl->ctx;
+}
+
+int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
+{
+ return X509_STORE_set_default_paths(ctx->cert_store);
+}
+
+int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx)
+{
+ X509_LOOKUP *lookup;
+
+ lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_hash_dir());
+ if (lookup == NULL)
+ return 0;
+ X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
+
+ /* Clear any errors if the default directory does not exist */
+ ERR_clear_error();
+
+ return 1;
+}
+
+int SSL_CTX_set_default_verify_file(SSL_CTX *ctx)
+{
+ X509_LOOKUP *lookup;
+
+ lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_file());
+ if (lookup == NULL)
+ return 0;
+
+ X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
+
+ /* Clear any errors if the default file does not exist */
+ ERR_clear_error();
+
+ return 1;
+}
+
+int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
+ const char *CApath)
+{
+ return X509_STORE_load_locations(ctx->cert_store, CAfile, CApath);
+}
+
+void SSL_set_info_callback(SSL *ssl,
+ void (*cb) (const SSL *ssl, int type, int val))
+{
+ ssl->info_callback = cb;
+}
+
+/*
+ * One compiler (Diab DCC) doesn't like argument names in returned function
+ * pointer.
+ */
+void (*SSL_get_info_callback(const SSL *ssl)) (const SSL * /* ssl */ ,
+ int /* type */ ,
+ int /* val */ ) {
+ return ssl->info_callback;
+}
+
+void SSL_set_verify_result(SSL *ssl, long arg)
+{
+ ssl->verify_result = arg;
+}
+
+long SSL_get_verify_result(const SSL *ssl)
+{
+ return ssl->verify_result;
+}
+
+size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen)
+{
+ if (outlen == 0)
+ return sizeof(ssl->s3->client_random);
+ if (outlen > sizeof(ssl->s3->client_random))
+ outlen = sizeof(ssl->s3->client_random);
+ memcpy(out, ssl->s3->client_random, outlen);
+ return outlen;
+}
+
+size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen)
+{
+ if (outlen == 0)
+ return sizeof(ssl->s3->server_random);
+ if (outlen > sizeof(ssl->s3->server_random))
+ outlen = sizeof(ssl->s3->server_random);
+ memcpy(out, ssl->s3->server_random, outlen);
+ return outlen;
+}
+
+size_t SSL_SESSION_get_master_key(const SSL_SESSION *session,
+ unsigned char *out, size_t outlen)
+{
+ if (outlen == 0)
+ return session->master_key_length;
+ if (outlen > session->master_key_length)
+ outlen = session->master_key_length;
+ memcpy(out, session->master_key, outlen);
+ return outlen;
+}
+
+int SSL_SESSION_set1_master_key(SSL_SESSION *sess, const unsigned char *in,
+ size_t len)
+{
+ if (len > sizeof(sess->master_key))
+ return 0;
+
+ memcpy(sess->master_key, in, len);
+ sess->master_key_length = len;
+ return 1;
+}
+
+
+int SSL_set_ex_data(SSL *s, int idx, void *arg)
+{
+ return CRYPTO_set_ex_data(&s->ex_data, idx, arg);
+}
+
+void *SSL_get_ex_data(const SSL *s, int idx)
+{
+ return CRYPTO_get_ex_data(&s->ex_data, idx);
+}
+
+int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg)
+{
+ return CRYPTO_set_ex_data(&s->ex_data, idx, arg);
+}
+
+void *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx)
+{
+ return CRYPTO_get_ex_data(&s->ex_data, idx);
+}
+
+X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx)
+{
+ return ctx->cert_store;
+}
+
+void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store)
+{
+ X509_STORE_free(ctx->cert_store);
+ ctx->cert_store = store;
+}
+
+void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store)
+{
+ if (store != NULL)
+ X509_STORE_up_ref(store);
+ SSL_CTX_set_cert_store(ctx, store);
+}
+
+int SSL_want(const SSL *s)
+{
+ return s->rwstate;
+}
+
+/**
+ * \brief Set the callback for generating temporary DH keys.
+ * \param ctx the SSL context.
+ * \param dh the callback
+ */
+
+#ifndef OPENSSL_NO_DH
+void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
+ DH *(*dh) (SSL *ssl, int is_export,
+ int keylength))
+{
+ SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh);
+}
+
+void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export,
+ int keylength))
+{
+ SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh);
+}
+#endif
+
+#ifndef OPENSSL_NO_PSK
+int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)
+{
+ if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
+ SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
+ return 0;
+ }
+ OPENSSL_free(ctx->cert->psk_identity_hint);
+ if (identity_hint != NULL) {
+ ctx->cert->psk_identity_hint = OPENSSL_strdup(identity_hint);
+ if (ctx->cert->psk_identity_hint == NULL)
+ return 0;
+ } else
+ ctx->cert->psk_identity_hint = NULL;
+ return 1;
+}
+
+int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint)
+{
+ if (s == NULL)
+ return 0;
+
+ if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
+ SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
+ return 0;
+ }
+ OPENSSL_free(s->cert->psk_identity_hint);
+ if (identity_hint != NULL) {
+ s->cert->psk_identity_hint = OPENSSL_strdup(identity_hint);
+ if (s->cert->psk_identity_hint == NULL)
+ return 0;
+ } else
+ s->cert->psk_identity_hint = NULL;
+ return 1;
+}
+
+const char *SSL_get_psk_identity_hint(const SSL *s)
+{
+ if (s == NULL || s->session == NULL)
+ return NULL;
+ return s->session->psk_identity_hint;
+}
+
+const char *SSL_get_psk_identity(const SSL *s)
+{
+ if (s == NULL || s->session == NULL)
+ return NULL;
+ return s->session->psk_identity;
+}
+
+void SSL_set_psk_client_callback(SSL *s, SSL_psk_client_cb_func cb)
+{
+ s->psk_client_callback = cb;
+}
+
+void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb)
+{
+ ctx->psk_client_callback = cb;
+}
+
+void SSL_set_psk_server_callback(SSL *s, SSL_psk_server_cb_func cb)
+{
+ s->psk_server_callback = cb;
+}
+
+void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb)
+{
+ ctx->psk_server_callback = cb;
+}
+#endif
+
+void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb)
+{
+ s->psk_find_session_cb = cb;
+}
+
+void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx,
+ SSL_psk_find_session_cb_func cb)
+{
+ ctx->psk_find_session_cb = cb;
+}
+
+void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb)
+{
+ s->psk_use_session_cb = cb;
+}
+
+void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx,
+ SSL_psk_use_session_cb_func cb)
+{
+ ctx->psk_use_session_cb = cb;
+}
+
+void SSL_CTX_set_msg_callback(SSL_CTX *ctx,
+ void (*cb) (int write_p, int version,
+ int content_type, const void *buf,
+ size_t len, SSL *ssl, void *arg))
+{
+ SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
+}
+
+void SSL_set_msg_callback(SSL *ssl,
+ void (*cb) (int write_p, int version,
+ int content_type, const void *buf,
+ size_t len, SSL *ssl, void *arg))
+{
+ SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
+}
+
+void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx,
+ int (*cb) (SSL *ssl,
+ int
+ is_forward_secure))
+{
+ SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB,
+ (void (*)(void))cb);
+}
+
+void SSL_set_not_resumable_session_callback(SSL *ssl,
+ int (*cb) (SSL *ssl,
+ int is_forward_secure))
+{
+ SSL_callback_ctrl(ssl, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB,
+ (void (*)(void))cb);
+}
+
+void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx,
+ size_t (*cb) (SSL *ssl, int type,
+ size_t len, void *arg))
+{
+ ctx->record_padding_cb = cb;
+}
+
+void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg)
+{
+ ctx->record_padding_arg = arg;
+}
+
+void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx)
+{
+ return ctx->record_padding_arg;
+}
+
+int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size)
+{
+ /* block size of 0 or 1 is basically no padding */
+ if (block_size == 1)
+ ctx->block_padding = 0;
+ else if (block_size <= SSL3_RT_MAX_PLAIN_LENGTH)
+ ctx->block_padding = block_size;
+ else
+ return 0;
+ return 1;
+}
+
+void SSL_set_record_padding_callback(SSL *ssl,
+ size_t (*cb) (SSL *ssl, int type,
+ size_t len, void *arg))
+{
+ ssl->record_padding_cb = cb;
+}
+
+void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg)
+{
+ ssl->record_padding_arg = arg;
+}
+
+void *SSL_get_record_padding_callback_arg(const SSL *ssl)
+{
+ return ssl->record_padding_arg;
+}
+
+int SSL_set_block_padding(SSL *ssl, size_t block_size)
+{
+ /* block size of 0 or 1 is basically no padding */
+ if (block_size == 1)
+ ssl->block_padding = 0;
+ else if (block_size <= SSL3_RT_MAX_PLAIN_LENGTH)
+ ssl->block_padding = block_size;
+ else
+ return 0;
+ return 1;
+}
+
+int SSL_set_num_tickets(SSL *s, size_t num_tickets)
+{
+ s->num_tickets = num_tickets;
+
+ return 1;
+}
+
+size_t SSL_get_num_tickets(const SSL *s)
+{
+ return s->num_tickets;
+}
+
+int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets)
+{
+ ctx->num_tickets = num_tickets;
+
+ return 1;
+}
+
+size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx)
+{
+ return ctx->num_tickets;
+}
+
+/*
+ * Allocates new EVP_MD_CTX and sets pointer to it into given pointer
+ * variable, freeing EVP_MD_CTX previously stored in that variable, if any.
+ * If EVP_MD pointer is passed, initializes ctx with this |md|.
+ * Returns the newly allocated ctx;
+ */
+
+EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md)
+{
+ ssl_clear_hash_ctx(hash);
+ *hash = EVP_MD_CTX_new();
+ if (*hash == NULL || (md && EVP_DigestInit_ex(*hash, md, NULL) <= 0)) {
+ EVP_MD_CTX_free(*hash);
+ *hash = NULL;
+ return NULL;
+ }
+ return *hash;
+}
+
+void ssl_clear_hash_ctx(EVP_MD_CTX **hash)
+{
+
+ EVP_MD_CTX_free(*hash);
+ *hash = NULL;
+}
+
+/* Retrieve handshake hashes */
+int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen,
+ size_t *hashlen)
+{
+ EVP_MD_CTX *ctx = NULL;
+ EVP_MD_CTX *hdgst = s->s3->handshake_dgst;
+ int hashleni = EVP_MD_CTX_size(hdgst);
+ int ret = 0;
+
+ if (hashleni < 0 || (size_t)hashleni > outlen) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_HANDSHAKE_HASH,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ ctx = EVP_MD_CTX_new();
+ if (ctx == NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_HANDSHAKE_HASH,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ if (!EVP_MD_CTX_copy_ex(ctx, hdgst)
+ || EVP_DigestFinal_ex(ctx, out, NULL) <= 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_HANDSHAKE_HASH,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ *hashlen = hashleni;
+
+ ret = 1;
+ err:
+ EVP_MD_CTX_free(ctx);
+ return ret;
+}
+
+int SSL_session_reused(const SSL *s)
+{
+ return s->hit;
+}
+
+int SSL_is_server(const SSL *s)
+{
+ return s->server;
+}
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+void SSL_set_debug(SSL *s, int debug)
+{
+ /* Old function was do-nothing anyway... */
+ (void)s;
+ (void)debug;
+}
+#endif
+
+void SSL_set_security_level(SSL *s, int level)
+{
+ s->cert->sec_level = level;
+}
+
+int SSL_get_security_level(const SSL *s)
+{
+ return s->cert->sec_level;
+}
+
+void SSL_set_security_callback(SSL *s,
+ int (*cb) (const SSL *s, const SSL_CTX *ctx,
+ int op, int bits, int nid,
+ void *other, void *ex))
+{
+ s->cert->sec_cb = cb;
+}
+
+int (*SSL_get_security_callback(const SSL *s)) (const SSL *s,
+ const SSL_CTX *ctx, int op,
+ int bits, int nid, void *other,
+ void *ex) {
+ return s->cert->sec_cb;
+}
+
+void SSL_set0_security_ex_data(SSL *s, void *ex)
+{
+ s->cert->sec_ex = ex;
+}
+
+void *SSL_get0_security_ex_data(const SSL *s)
+{
+ return s->cert->sec_ex;
+}
+
+void SSL_CTX_set_security_level(SSL_CTX *ctx, int level)
+{
+ ctx->cert->sec_level = level;
+}
+
+int SSL_CTX_get_security_level(const SSL_CTX *ctx)
+{
+ return ctx->cert->sec_level;
+}
+
+void SSL_CTX_set_security_callback(SSL_CTX *ctx,
+ int (*cb) (const SSL *s, const SSL_CTX *ctx,
+ int op, int bits, int nid,
+ void *other, void *ex))
+{
+ ctx->cert->sec_cb = cb;
+}
+
+int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s,
+ const SSL_CTX *ctx,
+ int op, int bits,
+ int nid,
+ void *other,
+ void *ex) {
+ return ctx->cert->sec_cb;
+}
+
+void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex)
+{
+ ctx->cert->sec_ex = ex;
+}
+
+void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx)
+{
+ return ctx->cert->sec_ex;
+}
+
+/*
+ * Get/Set/Clear options in SSL_CTX or SSL, formerly macros, now functions that
+ * can return unsigned long, instead of the generic long return value from the
+ * control interface.
+ */
+unsigned long SSL_CTX_get_options(const SSL_CTX *ctx)
+{
+ return ctx->options;
+}
+
+unsigned long SSL_get_options(const SSL *s)
+{
+ return s->options;
+}
+
+unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op)
+{
+ return ctx->options |= op;
+}
+
+unsigned long SSL_set_options(SSL *s, unsigned long op)
+{
+ return s->options |= op;
+}
+
+unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op)
+{
+ return ctx->options &= ~op;
+}
+
+unsigned long SSL_clear_options(SSL *s, unsigned long op)
+{
+ return s->options &= ~op;
+}
+
+STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s)
+{
+ return s->verified_chain;
+}
+
+IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
+
+#ifndef OPENSSL_NO_CT
+
+/*
+ * Moves SCTs from the |src| stack to the |dst| stack.
+ * The source of each SCT will be set to |origin|.
+ * If |dst| points to a NULL pointer, a new stack will be created and owned by
+ * the caller.
+ * Returns the number of SCTs moved, or a negative integer if an error occurs.
+ */
+static int ct_move_scts(STACK_OF(SCT) **dst, STACK_OF(SCT) *src,
+ sct_source_t origin)
+{
+ int scts_moved = 0;
+ SCT *sct = NULL;
+
+ if (*dst == NULL) {
+ *dst = sk_SCT_new_null();
+ if (*dst == NULL) {
+ SSLerr(SSL_F_CT_MOVE_SCTS, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ }
+
+ while ((sct = sk_SCT_pop(src)) != NULL) {
+ if (SCT_set_source(sct, origin) != 1)
+ goto err;
+
+ if (sk_SCT_push(*dst, sct) <= 0)
+ goto err;
+ scts_moved += 1;
+ }
+
+ return scts_moved;
+ err:
+ if (sct != NULL)
+ sk_SCT_push(src, sct); /* Put the SCT back */
+ return -1;
+}
+
+/*
+ * Look for data collected during ServerHello and parse if found.
+ * Returns the number of SCTs extracted.
+ */
+static int ct_extract_tls_extension_scts(SSL *s)
+{
+ int scts_extracted = 0;
+
+ if (s->ext.scts != NULL) {
+ const unsigned char *p = s->ext.scts;
+ STACK_OF(SCT) *scts = o2i_SCT_LIST(NULL, &p, s->ext.scts_len);
+
+ scts_extracted = ct_move_scts(&s->scts, scts, SCT_SOURCE_TLS_EXTENSION);
+
+ SCT_LIST_free(scts);
+ }
+
+ return scts_extracted;
+}
+
+/*
+ * Checks for an OCSP response and then attempts to extract any SCTs found if it
+ * contains an SCT X509 extension. They will be stored in |s->scts|.
+ * Returns:
+ * - The number of SCTs extracted, assuming an OCSP response exists.
+ * - 0 if no OCSP response exists or it contains no SCTs.
+ * - A negative integer if an error occurs.
+ */
+static int ct_extract_ocsp_response_scts(SSL *s)
+{
+# ifndef OPENSSL_NO_OCSP
+ int scts_extracted = 0;
+ const unsigned char *p;
+ OCSP_BASICRESP *br = NULL;
+ OCSP_RESPONSE *rsp = NULL;
+ STACK_OF(SCT) *scts = NULL;
+ int i;
+
+ if (s->ext.ocsp.resp == NULL || s->ext.ocsp.resp_len == 0)
+ goto err;
+
+ p = s->ext.ocsp.resp;
+ rsp = d2i_OCSP_RESPONSE(NULL, &p, (int)s->ext.ocsp.resp_len);
+ if (rsp == NULL)
+ goto err;
+
+ br = OCSP_response_get1_basic(rsp);
+ if (br == NULL)
+ goto err;
+
+ for (i = 0; i < OCSP_resp_count(br); ++i) {
+ OCSP_SINGLERESP *single = OCSP_resp_get0(br, i);
+
+ if (single == NULL)
+ continue;
+
+ scts =
+ OCSP_SINGLERESP_get1_ext_d2i(single, NID_ct_cert_scts, NULL, NULL);
+ scts_extracted =
+ ct_move_scts(&s->scts, scts, SCT_SOURCE_OCSP_STAPLED_RESPONSE);
+ if (scts_extracted < 0)
+ goto err;
+ }
+ err:
+ SCT_LIST_free(scts);
+ OCSP_BASICRESP_free(br);
+ OCSP_RESPONSE_free(rsp);
+ return scts_extracted;
+# else
+ /* Behave as if no OCSP response exists */
+ return 0;
+# endif
+}
+
+/*
+ * Attempts to extract SCTs from the peer certificate.
+ * Return the number of SCTs extracted, or a negative integer if an error
+ * occurs.
+ */
+static int ct_extract_x509v3_extension_scts(SSL *s)
+{
+ int scts_extracted = 0;
+ X509 *cert = s->session != NULL ? s->session->peer : NULL;
+
+ if (cert != NULL) {
+ STACK_OF(SCT) *scts =
+ X509_get_ext_d2i(cert, NID_ct_precert_scts, NULL, NULL);
+
+ scts_extracted =
+ ct_move_scts(&s->scts, scts, SCT_SOURCE_X509V3_EXTENSION);
+
+ SCT_LIST_free(scts);
+ }
+
+ return scts_extracted;
+}
+
+/*
+ * Attempts to find all received SCTs by checking TLS extensions, the OCSP
+ * response (if it exists) and X509v3 extensions in the certificate.
+ * Returns NULL if an error occurs.
+ */
+const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s)
+{
+ if (!s->scts_parsed) {
+ if (ct_extract_tls_extension_scts(s) < 0 ||
+ ct_extract_ocsp_response_scts(s) < 0 ||
+ ct_extract_x509v3_extension_scts(s) < 0)
+ goto err;
+
+ s->scts_parsed = 1;
+ }
+ return s->scts;
+ err:
+ return NULL;
+}
+
+static int ct_permissive(const CT_POLICY_EVAL_CTX * ctx,
+ const STACK_OF(SCT) *scts, void *unused_arg)
+{
+ return 1;
+}
+
+static int ct_strict(const CT_POLICY_EVAL_CTX * ctx,
+ const STACK_OF(SCT) *scts, void *unused_arg)
+{
+ int count = scts != NULL ? sk_SCT_num(scts) : 0;
+ int i;
+
+ for (i = 0; i < count; ++i) {
+ SCT *sct = sk_SCT_value(scts, i);
+ int status = SCT_get_validation_status(sct);
+
+ if (status == SCT_VALIDATION_STATUS_VALID)
+ return 1;
+ }
+ SSLerr(SSL_F_CT_STRICT, SSL_R_NO_VALID_SCTS);
+ return 0;
+}
+
+int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback,
+ void *arg)
+{
+ /*
+ * Since code exists that uses the custom extension handler for CT, look
+ * for this and throw an error if they have already registered to use CT.
+ */
+ if (callback != NULL && SSL_CTX_has_client_custom_ext(s->ctx,
+ TLSEXT_TYPE_signed_certificate_timestamp))
+ {
+ SSLerr(SSL_F_SSL_SET_CT_VALIDATION_CALLBACK,
+ SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED);
+ return 0;
+ }
+
+ if (callback != NULL) {
+ /*
+ * If we are validating CT, then we MUST accept SCTs served via OCSP
+ */
+ if (!SSL_set_tlsext_status_type(s, TLSEXT_STATUSTYPE_ocsp))
+ return 0;
+ }
+
+ s->ct_validation_callback = callback;
+ s->ct_validation_callback_arg = arg;
+
+ return 1;
+}
+
+int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx,
+ ssl_ct_validation_cb callback, void *arg)
+{
+ /*
+ * Since code exists that uses the custom extension handler for CT, look for
+ * this and throw an error if they have already registered to use CT.
+ */
+ if (callback != NULL && SSL_CTX_has_client_custom_ext(ctx,
+ TLSEXT_TYPE_signed_certificate_timestamp))
+ {
+ SSLerr(SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK,
+ SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED);
+ return 0;
+ }
+
+ ctx->ct_validation_callback = callback;
+ ctx->ct_validation_callback_arg = arg;
+ return 1;
+}
+
+int SSL_ct_is_enabled(const SSL *s)
+{
+ return s->ct_validation_callback != NULL;
+}
+
+int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx)
+{
+ return ctx->ct_validation_callback != NULL;
+}
+
+int ssl_validate_ct(SSL *s)
+{
+ int ret = 0;
+ X509 *cert = s->session != NULL ? s->session->peer : NULL;
+ X509 *issuer;
+ SSL_DANE *dane = &s->dane;
+ CT_POLICY_EVAL_CTX *ctx = NULL;
+ const STACK_OF(SCT) *scts;
+
+ /*
+ * If no callback is set, the peer is anonymous, or its chain is invalid,
+ * skip SCT validation - just return success. Applications that continue
+ * handshakes without certificates, with unverified chains, or pinned leaf
+ * certificates are outside the scope of the WebPKI and CT.
+ *
+ * The above exclusions notwithstanding the vast majority of peers will
+ * have rather ordinary certificate chains validated by typical
+ * applications that perform certificate verification and therefore will
+ * process SCTs when enabled.
+ */
+ if (s->ct_validation_callback == NULL || cert == NULL ||
+ s->verify_result != X509_V_OK ||
+ s->verified_chain == NULL || sk_X509_num(s->verified_chain) <= 1)
+ return 1;
+
+ /*
+ * CT not applicable for chains validated via DANE-TA(2) or DANE-EE(3)
+ * trust-anchors. See https://tools.ietf.org/html/rfc7671#section-4.2
+ */
+ if (DANETLS_ENABLED(dane) && dane->mtlsa != NULL) {
+ switch (dane->mtlsa->usage) {
+ case DANETLS_USAGE_DANE_TA:
+ case DANETLS_USAGE_DANE_EE:
+ return 1;
+ }
+ }
+
+ ctx = CT_POLICY_EVAL_CTX_new();
+ if (ctx == NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_VALIDATE_CT,
+ ERR_R_MALLOC_FAILURE);
+ goto end;
+ }
+
+ issuer = sk_X509_value(s->verified_chain, 1);
+ CT_POLICY_EVAL_CTX_set1_cert(ctx, cert);
+ CT_POLICY_EVAL_CTX_set1_issuer(ctx, issuer);
+ CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(ctx, s->ctx->ctlog_store);
+ CT_POLICY_EVAL_CTX_set_time(
+ ctx, (uint64_t)SSL_SESSION_get_time(SSL_get0_session(s)) * 1000);
+
+ scts = SSL_get0_peer_scts(s);
+
+ /*
+ * This function returns success (> 0) only when all the SCTs are valid, 0
+ * when some are invalid, and < 0 on various internal errors (out of
+ * memory, etc.). Having some, or even all, invalid SCTs is not sufficient
+ * reason to abort the handshake, that decision is up to the callback.
+ * Therefore, we error out only in the unexpected case that the return
+ * value is negative.
+ *
+ * XXX: One might well argue that the return value of this function is an
+ * unfortunate design choice. Its job is only to determine the validation
+ * status of each of the provided SCTs. So long as it correctly separates
+ * the wheat from the chaff it should return success. Failure in this case
+ * ought to correspond to an inability to carry out its duties.
+ */
+ if (SCT_LIST_validate(scts, ctx) < 0) {
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_SSL_VALIDATE_CT,
+ SSL_R_SCT_VERIFICATION_FAILED);
+ goto end;
+ }
+
+ ret = s->ct_validation_callback(ctx, scts, s->ct_validation_callback_arg);
+ if (ret < 0)
+ ret = 0; /* This function returns 0 on failure */
+ if (!ret)
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_SSL_VALIDATE_CT,
+ SSL_R_CALLBACK_FAILED);
+
+ end:
+ CT_POLICY_EVAL_CTX_free(ctx);
+ /*
+ * With SSL_VERIFY_NONE the session may be cached and re-used despite a
+ * failure return code here. Also the application may wish the complete
+ * the handshake, and then disconnect cleanly at a higher layer, after
+ * checking the verification status of the completed connection.
+ *
+ * We therefore force a certificate verification failure which will be
+ * visible via SSL_get_verify_result() and cached as part of any resumed
+ * session.
+ *
+ * Note: the permissive callback is for information gathering only, always
+ * returns success, and does not affect verification status. Only the
+ * strict callback or a custom application-specified callback can trigger
+ * connection failure or record a verification error.
+ */
+ if (ret <= 0)
+ s->verify_result = X509_V_ERR_NO_VALID_SCTS;
+ return ret;
+}
+
+int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode)
+{
+ switch (validation_mode) {
+ default:
+ SSLerr(SSL_F_SSL_CTX_ENABLE_CT, SSL_R_INVALID_CT_VALIDATION_TYPE);
+ return 0;
+ case SSL_CT_VALIDATION_PERMISSIVE:
+ return SSL_CTX_set_ct_validation_callback(ctx, ct_permissive, NULL);
+ case SSL_CT_VALIDATION_STRICT:
+ return SSL_CTX_set_ct_validation_callback(ctx, ct_strict, NULL);
+ }
+}
+
+int SSL_enable_ct(SSL *s, int validation_mode)
+{
+ switch (validation_mode) {
+ default:
+ SSLerr(SSL_F_SSL_ENABLE_CT, SSL_R_INVALID_CT_VALIDATION_TYPE);
+ return 0;
+ case SSL_CT_VALIDATION_PERMISSIVE:
+ return SSL_set_ct_validation_callback(s, ct_permissive, NULL);
+ case SSL_CT_VALIDATION_STRICT:
+ return SSL_set_ct_validation_callback(s, ct_strict, NULL);
+ }
+}
+
+int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx)
+{
+ return CTLOG_STORE_load_default_file(ctx->ctlog_store);
+}
+
+int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path)
+{
+ return CTLOG_STORE_load_file(ctx->ctlog_store, path);
+}
+
+void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE * logs)
+{
+ CTLOG_STORE_free(ctx->ctlog_store);
+ ctx->ctlog_store = logs;
+}
+
+const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx)
+{
+ return ctx->ctlog_store;
+}
+
+#endif /* OPENSSL_NO_CT */
+
+void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn cb,
+ void *arg)
+{
+ c->client_hello_cb = cb;
+ c->client_hello_cb_arg = arg;
+}
+
+int SSL_client_hello_isv2(SSL *s)
+{
+ if (s->clienthello == NULL)
+ return 0;
+ return s->clienthello->isv2;
+}
+
+unsigned int SSL_client_hello_get0_legacy_version(SSL *s)
+{
+ if (s->clienthello == NULL)
+ return 0;
+ return s->clienthello->legacy_version;
+}
+
+size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out)
+{
+ if (s->clienthello == NULL)
+ return 0;
+ if (out != NULL)
+ *out = s->clienthello->random;
+ return SSL3_RANDOM_SIZE;
+}
+
+size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out)
+{
+ if (s->clienthello == NULL)
+ return 0;
+ if (out != NULL)
+ *out = s->clienthello->session_id;
+ return s->clienthello->session_id_len;
+}
+
+size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out)
+{
+ if (s->clienthello == NULL)
+ return 0;
+ if (out != NULL)
+ *out = PACKET_data(&s->clienthello->ciphersuites);
+ return PACKET_remaining(&s->clienthello->ciphersuites);
+}
+
+size_t SSL_client_hello_get0_compression_methods(SSL *s, const unsigned char **out)
+{
+ if (s->clienthello == NULL)
+ return 0;
+ if (out != NULL)
+ *out = s->clienthello->compressions;
+ return s->clienthello->compressions_len;
+}
+
+int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen)
+{
+ RAW_EXTENSION *ext;
+ int *present;
+ size_t num = 0, i;
+
+ if (s->clienthello == NULL || out == NULL || outlen == NULL)
+ return 0;
+ for (i = 0; i < s->clienthello->pre_proc_exts_len; i++) {
+ ext = s->clienthello->pre_proc_exts + i;
+ if (ext->present)
+ num++;
+ }
+ if (num == 0) {
+ *out = NULL;
+ *outlen = 0;
+ return 1;
+ }
+ if ((present = OPENSSL_malloc(sizeof(*present) * num)) == NULL) {
+ SSLerr(SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT,
+ ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ for (i = 0; i < s->clienthello->pre_proc_exts_len; i++) {
+ ext = s->clienthello->pre_proc_exts + i;
+ if (ext->present) {
+ if (ext->received_order >= num)
+ goto err;
+ present[ext->received_order] = ext->type;
+ }
+ }
+ *out = present;
+ *outlen = num;
+ return 1;
+ err:
+ OPENSSL_free(present);
+ return 0;
+}
+
+int SSL_client_hello_get0_ext(SSL *s, unsigned int type, const unsigned char **out,
+ size_t *outlen)
+{
+ size_t i;
+ RAW_EXTENSION *r;
+
+ if (s->clienthello == NULL)
+ return 0;
+ for (i = 0; i < s->clienthello->pre_proc_exts_len; ++i) {
+ r = s->clienthello->pre_proc_exts + i;
+ if (r->present && r->type == type) {
+ if (out != NULL)
+ *out = PACKET_data(&r->data);
+ if (outlen != NULL)
+ *outlen = PACKET_remaining(&r->data);
+ return 1;
+ }
+ }
+ return 0;
+}
+
+int SSL_free_buffers(SSL *ssl)
+{
+ RECORD_LAYER *rl = &ssl->rlayer;
+
+ if (RECORD_LAYER_read_pending(rl) || RECORD_LAYER_write_pending(rl))
+ return 0;
+
+ if (RECORD_LAYER_data_present(rl))
+ return 0;
+
+ RECORD_LAYER_release(rl);
+ return 1;
+}
+
+int SSL_alloc_buffers(SSL *ssl)
+{
+ return ssl3_setup_buffers(ssl);
+}
+
+void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb)
+{
+ ctx->keylog_callback = cb;
+}
+
+SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx)
+{
+ return ctx->keylog_callback;
+}
+
+static int nss_keylog_int(const char *prefix,
+ SSL *ssl,
+ const uint8_t *parameter_1,
+ size_t parameter_1_len,
+ const uint8_t *parameter_2,
+ size_t parameter_2_len)
+{
+ char *out = NULL;
+ char *cursor = NULL;
+ size_t out_len = 0;
+ size_t i;
+ size_t prefix_len;
+
+ if (ssl->ctx->keylog_callback == NULL)
+ return 1;
+
+ /*
+ * Our output buffer will contain the following strings, rendered with
+ * space characters in between, terminated by a NULL character: first the
+ * prefix, then the first parameter, then the second parameter. The
+ * meaning of each parameter depends on the specific key material being
+ * logged. Note that the first and second parameters are encoded in
+ * hexadecimal, so we need a buffer that is twice their lengths.
+ */
+ prefix_len = strlen(prefix);
+ out_len = prefix_len + (2 * parameter_1_len) + (2 * parameter_2_len) + 3;
+ if ((out = cursor = OPENSSL_malloc(out_len)) == NULL) {
+ SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, SSL_F_NSS_KEYLOG_INT,
+ ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
+ strcpy(cursor, prefix);
+ cursor += prefix_len;
+ *cursor++ = ' ';
+
+ for (i = 0; i < parameter_1_len; i++) {
+ sprintf(cursor, "%02x", parameter_1[i]);
+ cursor += 2;
+ }
+ *cursor++ = ' ';
+
+ for (i = 0; i < parameter_2_len; i++) {
+ sprintf(cursor, "%02x", parameter_2[i]);
+ cursor += 2;
+ }
+ *cursor = '\0';
+
+ ssl->ctx->keylog_callback(ssl, (const char *)out);
+ OPENSSL_clear_free(out, out_len);
+ return 1;
+
+}
+
+int ssl_log_rsa_client_key_exchange(SSL *ssl,
+ const uint8_t *encrypted_premaster,
+ size_t encrypted_premaster_len,
+ const uint8_t *premaster,
+ size_t premaster_len)
+{
+ if (encrypted_premaster_len < 8) {
+ SSLfatal(ssl, SSL_AD_INTERNAL_ERROR,
+ SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
+ /* We only want the first 8 bytes of the encrypted premaster as a tag. */
+ return nss_keylog_int("RSA",
+ ssl,
+ encrypted_premaster,
+ 8,
+ premaster,
+ premaster_len);
+}
+
+int ssl_log_secret(SSL *ssl,
+ const char *label,
+ const uint8_t *secret,
+ size_t secret_len)
+{
+ return nss_keylog_int(label,
+ ssl,
+ ssl->s3->client_random,
+ SSL3_RANDOM_SIZE,
+ secret,
+ secret_len);
+}
+
+#define SSLV2_CIPHER_LEN 3
+
+int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format)
+{
+ int n;
+
+ n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN;
+
+ if (PACKET_remaining(cipher_suites) == 0) {
+ SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SSL_CACHE_CIPHERLIST,
+ SSL_R_NO_CIPHERS_SPECIFIED);
+ return 0;
+ }
+
+ if (PACKET_remaining(cipher_suites) % n != 0) {
+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL_CACHE_CIPHERLIST,
+ SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
+ return 0;
+ }
+
+ OPENSSL_free(s->s3->tmp.ciphers_raw);
+ s->s3->tmp.ciphers_raw = NULL;
+ s->s3->tmp.ciphers_rawlen = 0;
+
+ if (sslv2format) {
+ size_t numciphers = PACKET_remaining(cipher_suites) / n;
+ PACKET sslv2ciphers = *cipher_suites;
+ unsigned int leadbyte;
+ unsigned char *raw;
+
+ /*
+ * We store the raw ciphers list in SSLv3+ format so we need to do some
+ * preprocessing to convert the list first. If there are any SSLv2 only
+ * ciphersuites with a non-zero leading byte then we are going to
+ * slightly over allocate because we won't store those. But that isn't a
+ * problem.
+ */
+ raw = OPENSSL_malloc(numciphers * TLS_CIPHER_LEN);
+ s->s3->tmp.ciphers_raw = raw;
+ if (raw == NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CACHE_CIPHERLIST,
+ ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ for (s->s3->tmp.ciphers_rawlen = 0;
+ PACKET_remaining(&sslv2ciphers) > 0;
+ raw += TLS_CIPHER_LEN) {
+ if (!PACKET_get_1(&sslv2ciphers, &leadbyte)
+ || (leadbyte == 0
+ && !PACKET_copy_bytes(&sslv2ciphers, raw,
+ TLS_CIPHER_LEN))
+ || (leadbyte != 0
+ && !PACKET_forward(&sslv2ciphers, TLS_CIPHER_LEN))) {
+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL_CACHE_CIPHERLIST,
+ SSL_R_BAD_PACKET);
+ OPENSSL_free(s->s3->tmp.ciphers_raw);
+ s->s3->tmp.ciphers_raw = NULL;
+ s->s3->tmp.ciphers_rawlen = 0;
+ return 0;
+ }
+ if (leadbyte == 0)
+ s->s3->tmp.ciphers_rawlen += TLS_CIPHER_LEN;
+ }
+ } else if (!PACKET_memdup(cipher_suites, &s->s3->tmp.ciphers_raw,
+ &s->s3->tmp.ciphers_rawlen)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CACHE_CIPHERLIST,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+ return 1;
+}
+
+int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len,
+ int isv2format, STACK_OF(SSL_CIPHER) **sk,
+ STACK_OF(SSL_CIPHER) **scsvs)
+{
+ PACKET pkt;
+
+ if (!PACKET_buf_init(&pkt, bytes, len))
+ return 0;
+ return bytes_to_cipher_list(s, &pkt, sk, scsvs, isv2format, 0);
+}
+
+int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
+ STACK_OF(SSL_CIPHER) **skp,
+ STACK_OF(SSL_CIPHER) **scsvs_out,
+ int sslv2format, int fatal)
+{
+ const SSL_CIPHER *c;
+ STACK_OF(SSL_CIPHER) *sk = NULL;
+ STACK_OF(SSL_CIPHER) *scsvs = NULL;
+ int n;
+ /* 3 = SSLV2_CIPHER_LEN > TLS_CIPHER_LEN = 2. */
+ unsigned char cipher[SSLV2_CIPHER_LEN];
+
+ n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN;
+
+ if (PACKET_remaining(cipher_suites) == 0) {
+ if (fatal)
+ SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_BYTES_TO_CIPHER_LIST,
+ SSL_R_NO_CIPHERS_SPECIFIED);
+ else
+ SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, SSL_R_NO_CIPHERS_SPECIFIED);
+ return 0;
+ }
+
+ if (PACKET_remaining(cipher_suites) % n != 0) {
+ if (fatal)
+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_BYTES_TO_CIPHER_LIST,
+ SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
+ else
+ SSLerr(SSL_F_BYTES_TO_CIPHER_LIST,
+ SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
+ return 0;
+ }
+
+ sk = sk_SSL_CIPHER_new_null();
+ scsvs = sk_SSL_CIPHER_new_null();
+ if (sk == NULL || scsvs == NULL) {
+ if (fatal)
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_BYTES_TO_CIPHER_LIST,
+ ERR_R_MALLOC_FAILURE);
+ else
+ SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ while (PACKET_copy_bytes(cipher_suites, cipher, n)) {
+ /*
+ * SSLv3 ciphers wrapped in an SSLv2-compatible ClientHello have the
+ * first byte set to zero, while true SSLv2 ciphers have a non-zero
+ * first byte. We don't support any true SSLv2 ciphers, so skip them.
+ */
+ if (sslv2format && cipher[0] != '\0')
+ continue;
+
+ /* For SSLv2-compat, ignore leading 0-byte. */
+ c = ssl_get_cipher_by_char(s, sslv2format ? &cipher[1] : cipher, 1);
+ if (c != NULL) {
+ if ((c->valid && !sk_SSL_CIPHER_push(sk, c)) ||
+ (!c->valid && !sk_SSL_CIPHER_push(scsvs, c))) {
+ if (fatal)
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
+ else
+ SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ }
+ }
+ if (PACKET_remaining(cipher_suites) > 0) {
+ if (fatal)
+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_BYTES_TO_CIPHER_LIST,
+ SSL_R_BAD_LENGTH);
+ else
+ SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, SSL_R_BAD_LENGTH);
+ goto err;
+ }
+
+ if (skp != NULL)
+ *skp = sk;
+ else
+ sk_SSL_CIPHER_free(sk);
+ if (scsvs_out != NULL)
+ *scsvs_out = scsvs;
+ else
+ sk_SSL_CIPHER_free(scsvs);
+ return 1;
+ err:
+ sk_SSL_CIPHER_free(sk);
+ sk_SSL_CIPHER_free(scsvs);
+ return 0;
+}
+
+int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data)
+{
+ ctx->max_early_data = max_early_data;
+
+ return 1;
+}
+
+uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx)
+{
+ return ctx->max_early_data;
+}
+
+int SSL_set_max_early_data(SSL *s, uint32_t max_early_data)
+{
+ s->max_early_data = max_early_data;
+
+ return 1;
+}
+
+uint32_t SSL_get_max_early_data(const SSL *s)
+{
+ return s->max_early_data;
+}
+
+int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data)
+{
+ ctx->recv_max_early_data = recv_max_early_data;
+
+ return 1;
+}
+
+uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx)
+{
+ return ctx->recv_max_early_data;
+}
+
+int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data)
+{
+ s->recv_max_early_data = recv_max_early_data;
+
+ return 1;
+}
+
+uint32_t SSL_get_recv_max_early_data(const SSL *s)
+{
+ return s->recv_max_early_data;
+}
+
+__owur unsigned int ssl_get_max_send_fragment(const SSL *ssl)
+{
+ /* Return any active Max Fragment Len extension */
+ if (ssl->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(ssl->session))
+ return GET_MAX_FRAGMENT_LENGTH(ssl->session);
+
+ /* return current SSL connection setting */
+ return ssl->max_send_fragment;
+}
+
+__owur unsigned int ssl_get_split_send_fragment(const SSL *ssl)
+{
+ /* Return a value regarding an active Max Fragment Len extension */
+ if (ssl->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(ssl->session)
+ && ssl->split_send_fragment > GET_MAX_FRAGMENT_LENGTH(ssl->session))
+ return GET_MAX_FRAGMENT_LENGTH(ssl->session);
+
+ /* else limit |split_send_fragment| to current |max_send_fragment| */
+ if (ssl->split_send_fragment > ssl->max_send_fragment)
+ return ssl->max_send_fragment;
+
+ /* return current SSL connection setting */
+ return ssl->split_send_fragment;
+}
+
+int SSL_stateless(SSL *s)
+{
+ int ret;
+
+ /* Ensure there is no state left over from a previous invocation */
+ if (!SSL_clear(s))
+ return 0;
+
+ ERR_clear_error();
+
+ s->s3->flags |= TLS1_FLAGS_STATELESS;
+ ret = SSL_accept(s);
+ s->s3->flags &= ~TLS1_FLAGS_STATELESS;
+
+ if (ret > 0 && s->ext.cookieok)
+ return 1;
+
+ if (s->hello_retry_request == SSL_HRR_PENDING && !ossl_statem_in_error(s))
+ return 0;
+
+ return -1;
+}
+
+void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val)
+{
+ ctx->pha_enabled = val;
+}
+
+void SSL_set_post_handshake_auth(SSL *ssl, int val)
+{
+ ssl->pha_enabled = val;
+}
+
+int SSL_verify_client_post_handshake(SSL *ssl)
+{
+ if (!SSL_IS_TLS13(ssl)) {
+ SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_WRONG_SSL_VERSION);
+ return 0;
+ }
+ if (!ssl->server) {
+ SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_NOT_SERVER);
+ return 0;
+ }
+
+ if (!SSL_is_init_finished(ssl)) {
+ SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_STILL_IN_INIT);
+ return 0;
+ }
+
+ switch (ssl->post_handshake_auth) {
+ case SSL_PHA_NONE:
+ SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_EXTENSION_NOT_RECEIVED);
+ return 0;
+ default:
+ case SSL_PHA_EXT_SENT:
+ SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, ERR_R_INTERNAL_ERROR);
+ return 0;
+ case SSL_PHA_EXT_RECEIVED:
+ break;
+ case SSL_PHA_REQUEST_PENDING:
+ SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_REQUEST_PENDING);
+ return 0;
+ case SSL_PHA_REQUESTED:
+ SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_REQUEST_SENT);
+ return 0;
+ }
+
+ ssl->post_handshake_auth = SSL_PHA_REQUEST_PENDING;
+
+ /* checks verify_mode and algorithm_auth */
+ if (!send_certificate_request(ssl)) {
+ ssl->post_handshake_auth = SSL_PHA_EXT_RECEIVED; /* restore on error */
+ SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_INVALID_CONFIG);
+ return 0;
+ }
+
+ ossl_statem_set_in_init(ssl, 1);
+ return 1;
+}
+
+int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx,
+ SSL_CTX_generate_session_ticket_fn gen_cb,
+ SSL_CTX_decrypt_session_ticket_fn dec_cb,
+ void *arg)
+{
+ ctx->generate_ticket_cb = gen_cb;
+ ctx->decrypt_ticket_cb = dec_cb;
+ ctx->ticket_cb_data = arg;
+ return 1;
+}
+
+void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx,
+ SSL_allow_early_data_cb_fn cb,
+ void *arg)
+{
+ ctx->allow_early_data_cb = cb;
+ ctx->allow_early_data_cb_data = arg;
+}
+
+void SSL_set_allow_early_data_cb(SSL *s,
+ SSL_allow_early_data_cb_fn cb,
+ void *arg)
+{
+ s->allow_early_data_cb = cb;
+ s->allow_early_data_cb_data = arg;
+}
Index: sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/ssl/ssl_local.h
===================================================================
--- sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/ssl/ssl_local.h (nonexistent)
+++ sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/ssl/ssl_local.h (revision 420)
@@ -0,0 +1,2672 @@
+/*
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_SSL_LOCAL_H
+# define OSSL_SSL_LOCAL_H
+
+# include "e_os.h" /* struct timeval for DTLS */
+# include <stdlib.h>
+# include <time.h>
+# include <string.h>
+# include <errno.h>
+
+# include <openssl/buffer.h>
+# include <openssl/comp.h>
+# include <openssl/bio.h>
+# include <openssl/rsa.h>
+# include <openssl/dsa.h>
+# include <openssl/err.h>
+# include <openssl/ssl.h>
+# include <openssl/async.h>
+# include <openssl/symhacks.h>
+# include <openssl/ct.h>
+# include "record/record.h"
+# include "statem/statem.h"
+# include "packet_local.h"
+# include "internal/dane.h"
+# include "internal/refcount.h"
+# include "internal/tsan_assist.h"
+
+# ifdef OPENSSL_BUILD_SHLIBSSL
+# undef OPENSSL_EXTERN
+# define OPENSSL_EXTERN OPENSSL_EXPORT
+# endif
+
+# define c2l(c,l) (l = ((unsigned long)(*((c)++))) , \
+ l|=(((unsigned long)(*((c)++)))<< 8), \
+ l|=(((unsigned long)(*((c)++)))<<16), \
+ l|=(((unsigned long)(*((c)++)))<<24))
+
+/* NOTE - c is not incremented as per c2l */
+# define c2ln(c,l1,l2,n) { \
+ c+=n; \
+ l1=l2=0; \
+ switch (n) { \
+ case 8: l2 =((unsigned long)(*(--(c))))<<24; \
+ case 7: l2|=((unsigned long)(*(--(c))))<<16; \
+ case 6: l2|=((unsigned long)(*(--(c))))<< 8; \
+ case 5: l2|=((unsigned long)(*(--(c)))); \
+ case 4: l1 =((unsigned long)(*(--(c))))<<24; \
+ case 3: l1|=((unsigned long)(*(--(c))))<<16; \
+ case 2: l1|=((unsigned long)(*(--(c))))<< 8; \
+ case 1: l1|=((unsigned long)(*(--(c)))); \
+ } \
+ }
+
+# define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
+ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>24)&0xff))
+
+# define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24, \
+ l|=((unsigned long)(*((c)++)))<<16, \
+ l|=((unsigned long)(*((c)++)))<< 8, \
+ l|=((unsigned long)(*((c)++))))
+
+# define n2l8(c,l) (l =((uint64_t)(*((c)++)))<<56, \
+ l|=((uint64_t)(*((c)++)))<<48, \
+ l|=((uint64_t)(*((c)++)))<<40, \
+ l|=((uint64_t)(*((c)++)))<<32, \
+ l|=((uint64_t)(*((c)++)))<<24, \
+ l|=((uint64_t)(*((c)++)))<<16, \
+ l|=((uint64_t)(*((c)++)))<< 8, \
+ l|=((uint64_t)(*((c)++))))
+
+
+# define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+ *((c)++)=(unsigned char)(((l) )&0xff))
+
+# define l2n6(l,c) (*((c)++)=(unsigned char)(((l)>>40)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>32)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>24)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+ *((c)++)=(unsigned char)(((l) )&0xff))
+
+# define l2n8(l,c) (*((c)++)=(unsigned char)(((l)>>56)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>48)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>40)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>32)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>24)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+ *((c)++)=(unsigned char)(((l) )&0xff))
+
+/* NOTE - c is not incremented as per l2c */
+# define l2cn(l1,l2,c,n) { \
+ c+=n; \
+ switch (n) { \
+ case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+ case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+ case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+ case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \
+ case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
+ case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+ case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+ case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \
+ } \
+ }
+
+# define n2s(c,s) ((s=(((unsigned int)((c)[0]))<< 8)| \
+ (((unsigned int)((c)[1])) )),(c)+=2)
+# define s2n(s,c) (((c)[0]=(unsigned char)(((s)>> 8)&0xff), \
+ (c)[1]=(unsigned char)(((s) )&0xff)),(c)+=2)
+
+# define n2l3(c,l) ((l =(((unsigned long)((c)[0]))<<16)| \
+ (((unsigned long)((c)[1]))<< 8)| \
+ (((unsigned long)((c)[2])) )),(c)+=3)
+
+# define l2n3(l,c) (((c)[0]=(unsigned char)(((l)>>16)&0xff), \
+ (c)[1]=(unsigned char)(((l)>> 8)&0xff), \
+ (c)[2]=(unsigned char)(((l) )&0xff)),(c)+=3)
+
+/*
+ * DTLS version numbers are strange because they're inverted. Except for
+ * DTLS1_BAD_VER, which should be considered "lower" than the rest.
+ */
+# define dtls_ver_ordinal(v1) (((v1) == DTLS1_BAD_VER) ? 0xff00 : (v1))
+# define DTLS_VERSION_GT(v1, v2) (dtls_ver_ordinal(v1) < dtls_ver_ordinal(v2))
+# define DTLS_VERSION_GE(v1, v2) (dtls_ver_ordinal(v1) <= dtls_ver_ordinal(v2))
+# define DTLS_VERSION_LT(v1, v2) (dtls_ver_ordinal(v1) > dtls_ver_ordinal(v2))
+# define DTLS_VERSION_LE(v1, v2) (dtls_ver_ordinal(v1) >= dtls_ver_ordinal(v2))
+
+
+/*
+ * Define the Bitmasks for SSL_CIPHER.algorithms.
+ * This bits are used packed as dense as possible. If new methods/ciphers
+ * etc will be added, the bits a likely to change, so this information
+ * is for internal library use only, even though SSL_CIPHER.algorithms
+ * can be publicly accessed.
+ * Use the according functions for cipher management instead.
+ *
+ * The bit mask handling in the selection and sorting scheme in
+ * ssl_create_cipher_list() has only limited capabilities, reflecting
+ * that the different entities within are mutually exclusive:
+ * ONLY ONE BIT PER MASK CAN BE SET AT A TIME.
+ */
+
+/* Bits for algorithm_mkey (key exchange algorithm) */
+/* RSA key exchange */
+# define SSL_kRSA 0x00000001U
+/* tmp DH key no DH cert */
+# define SSL_kDHE 0x00000002U
+/* synonym */
+# define SSL_kEDH SSL_kDHE
+/* ephemeral ECDH */
+# define SSL_kECDHE 0x00000004U
+/* synonym */
+# define SSL_kEECDH SSL_kECDHE
+/* PSK */
+# define SSL_kPSK 0x00000008U
+/* GOST key exchange */
+# define SSL_kGOST 0x00000010U
+/* SRP */
+# define SSL_kSRP 0x00000020U
+
+# define SSL_kRSAPSK 0x00000040U
+# define SSL_kECDHEPSK 0x00000080U
+# define SSL_kDHEPSK 0x00000100U
+
+/* all PSK */
+
+# define SSL_PSK (SSL_kPSK | SSL_kRSAPSK | SSL_kECDHEPSK | SSL_kDHEPSK)
+
+/* Any appropriate key exchange algorithm (for TLS 1.3 ciphersuites) */
+# define SSL_kANY 0x00000000U
+
+/* Bits for algorithm_auth (server authentication) */
+/* RSA auth */
+# define SSL_aRSA 0x00000001U
+/* DSS auth */
+# define SSL_aDSS 0x00000002U
+/* no auth (i.e. use ADH or AECDH) */
+# define SSL_aNULL 0x00000004U
+/* ECDSA auth*/
+# define SSL_aECDSA 0x00000008U
+/* PSK auth */
+# define SSL_aPSK 0x00000010U
+/* GOST R 34.10-2001 signature auth */
+# define SSL_aGOST01 0x00000020U
+/* SRP auth */
+# define SSL_aSRP 0x00000040U
+/* GOST R 34.10-2012 signature auth */
+# define SSL_aGOST12 0x00000080U
+/* Any appropriate signature auth (for TLS 1.3 ciphersuites) */
+# define SSL_aANY 0x00000000U
+/* All bits requiring a certificate */
+#define SSL_aCERT \
+ (SSL_aRSA | SSL_aDSS | SSL_aECDSA | SSL_aGOST01 | SSL_aGOST12)
+
+/* Bits for algorithm_enc (symmetric encryption) */
+# define SSL_DES 0x00000001U
+# define SSL_3DES 0x00000002U
+# define SSL_RC4 0x00000004U
+# define SSL_RC2 0x00000008U
+# define SSL_IDEA 0x00000010U
+# define SSL_eNULL 0x00000020U
+# define SSL_AES128 0x00000040U
+# define SSL_AES256 0x00000080U
+# define SSL_CAMELLIA128 0x00000100U
+# define SSL_CAMELLIA256 0x00000200U
+# define SSL_eGOST2814789CNT 0x00000400U
+# define SSL_SEED 0x00000800U
+# define SSL_AES128GCM 0x00001000U
+# define SSL_AES256GCM 0x00002000U
+# define SSL_AES128CCM 0x00004000U
+# define SSL_AES256CCM 0x00008000U
+# define SSL_AES128CCM8 0x00010000U
+# define SSL_AES256CCM8 0x00020000U
+# define SSL_eGOST2814789CNT12 0x00040000U
+# define SSL_CHACHA20POLY1305 0x00080000U
+# define SSL_ARIA128GCM 0x00100000U
+# define SSL_ARIA256GCM 0x00200000U
+
+# define SSL_AESGCM (SSL_AES128GCM | SSL_AES256GCM)
+# define SSL_AESCCM (SSL_AES128CCM | SSL_AES256CCM | SSL_AES128CCM8 | SSL_AES256CCM8)
+# define SSL_AES (SSL_AES128|SSL_AES256|SSL_AESGCM|SSL_AESCCM)
+# define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256)
+# define SSL_CHACHA20 (SSL_CHACHA20POLY1305)
+# define SSL_ARIAGCM (SSL_ARIA128GCM | SSL_ARIA256GCM)
+# define SSL_ARIA (SSL_ARIAGCM)
+
+/* Bits for algorithm_mac (symmetric authentication) */
+
+# define SSL_MD5 0x00000001U
+# define SSL_SHA1 0x00000002U
+# define SSL_GOST94 0x00000004U
+# define SSL_GOST89MAC 0x00000008U
+# define SSL_SHA256 0x00000010U
+# define SSL_SHA384 0x00000020U
+/* Not a real MAC, just an indication it is part of cipher */
+# define SSL_AEAD 0x00000040U
+# define SSL_GOST12_256 0x00000080U
+# define SSL_GOST89MAC12 0x00000100U
+# define SSL_GOST12_512 0x00000200U
+
+/*
+ * When adding new digest in the ssl_ciph.c and increment SSL_MD_NUM_IDX make
+ * sure to update this constant too
+ */
+
+# define SSL_MD_MD5_IDX 0
+# define SSL_MD_SHA1_IDX 1
+# define SSL_MD_GOST94_IDX 2
+# define SSL_MD_GOST89MAC_IDX 3
+# define SSL_MD_SHA256_IDX 4
+# define SSL_MD_SHA384_IDX 5
+# define SSL_MD_GOST12_256_IDX 6
+# define SSL_MD_GOST89MAC12_IDX 7
+# define SSL_MD_GOST12_512_IDX 8
+# define SSL_MD_MD5_SHA1_IDX 9
+# define SSL_MD_SHA224_IDX 10
+# define SSL_MD_SHA512_IDX 11
+# define SSL_MAX_DIGEST 12
+
+/* Bits for algorithm2 (handshake digests and other extra flags) */
+
+/* Bits 0-7 are handshake MAC */
+# define SSL_HANDSHAKE_MAC_MASK 0xFF
+# define SSL_HANDSHAKE_MAC_MD5_SHA1 SSL_MD_MD5_SHA1_IDX
+# define SSL_HANDSHAKE_MAC_SHA256 SSL_MD_SHA256_IDX
+# define SSL_HANDSHAKE_MAC_SHA384 SSL_MD_SHA384_IDX
+# define SSL_HANDSHAKE_MAC_GOST94 SSL_MD_GOST94_IDX
+# define SSL_HANDSHAKE_MAC_GOST12_256 SSL_MD_GOST12_256_IDX
+# define SSL_HANDSHAKE_MAC_GOST12_512 SSL_MD_GOST12_512_IDX
+# define SSL_HANDSHAKE_MAC_DEFAULT SSL_HANDSHAKE_MAC_MD5_SHA1
+
+/* Bits 8-15 bits are PRF */
+# define TLS1_PRF_DGST_SHIFT 8
+# define TLS1_PRF_SHA1_MD5 (SSL_MD_MD5_SHA1_IDX << TLS1_PRF_DGST_SHIFT)
+# define TLS1_PRF_SHA256 (SSL_MD_SHA256_IDX << TLS1_PRF_DGST_SHIFT)
+# define TLS1_PRF_SHA384 (SSL_MD_SHA384_IDX << TLS1_PRF_DGST_SHIFT)
+# define TLS1_PRF_GOST94 (SSL_MD_GOST94_IDX << TLS1_PRF_DGST_SHIFT)
+# define TLS1_PRF_GOST12_256 (SSL_MD_GOST12_256_IDX << TLS1_PRF_DGST_SHIFT)
+# define TLS1_PRF_GOST12_512 (SSL_MD_GOST12_512_IDX << TLS1_PRF_DGST_SHIFT)
+# define TLS1_PRF (SSL_MD_MD5_SHA1_IDX << TLS1_PRF_DGST_SHIFT)
+
+/*
+ * Stream MAC for GOST ciphersuites from cryptopro draft (currently this also
+ * goes into algorithm2)
+ */
+# define TLS1_STREAM_MAC 0x10000
+
+# define SSL_STRONG_MASK 0x0000001FU
+# define SSL_DEFAULT_MASK 0X00000020U
+
+# define SSL_STRONG_NONE 0x00000001U
+# define SSL_LOW 0x00000002U
+# define SSL_MEDIUM 0x00000004U
+# define SSL_HIGH 0x00000008U
+# define SSL_FIPS 0x00000010U
+# define SSL_NOT_DEFAULT 0x00000020U
+
+/* we have used 0000003f - 26 bits left to go */
+
+/* Flag used on OpenSSL ciphersuite ids to indicate they are for SSLv3+ */
+# define SSL3_CK_CIPHERSUITE_FLAG 0x03000000
+
+/* Check if an SSL structure is using DTLS */
+# define SSL_IS_DTLS(s) (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)
+
+/* Check if we are using TLSv1.3 */
+# define SSL_IS_TLS13(s) (!SSL_IS_DTLS(s) \
+ && (s)->method->version >= TLS1_3_VERSION \
+ && (s)->method->version != TLS_ANY_VERSION)
+
+# define SSL_TREAT_AS_TLS13(s) \
+ (SSL_IS_TLS13(s) || (s)->early_data_state == SSL_EARLY_DATA_CONNECTING \
+ || (s)->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY \
+ || (s)->early_data_state == SSL_EARLY_DATA_WRITING \
+ || (s)->early_data_state == SSL_EARLY_DATA_WRITE_RETRY \
+ || (s)->hello_retry_request == SSL_HRR_PENDING)
+
+# define SSL_IS_FIRST_HANDSHAKE(S) ((s)->s3->tmp.finish_md_len == 0 \
+ || (s)->s3->tmp.peer_finish_md_len == 0)
+
+/* See if we need explicit IV */
+# define SSL_USE_EXPLICIT_IV(s) \
+ (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_EXPLICIT_IV)
+/*
+ * See if we use signature algorithms extension and signature algorithm
+ * before signatures.
+ */
+# define SSL_USE_SIGALGS(s) \
+ (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SIGALGS)
+/*
+ * Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2: may
+ * apply to others in future.
+ */
+# define SSL_USE_TLS1_2_CIPHERS(s) \
+ (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS)
+/*
+ * Determine if a client can use TLS 1.2 ciphersuites: can't rely on method
+ * flags because it may not be set to correct version yet.
+ */
+# define SSL_CLIENT_USE_TLS1_2_CIPHERS(s) \
+ ((!SSL_IS_DTLS(s) && s->client_version >= TLS1_2_VERSION) || \
+ (SSL_IS_DTLS(s) && DTLS_VERSION_GE(s->client_version, DTLS1_2_VERSION)))
+/*
+ * Determine if a client should send signature algorithms extension:
+ * as with TLS1.2 cipher we can't rely on method flags.
+ */
+# define SSL_CLIENT_USE_SIGALGS(s) \
+ SSL_CLIENT_USE_TLS1_2_CIPHERS(s)
+
+# define IS_MAX_FRAGMENT_LENGTH_EXT_VALID(value) \
+ (((value) >= TLSEXT_max_fragment_length_512) && \
+ ((value) <= TLSEXT_max_fragment_length_4096))
+# define USE_MAX_FRAGMENT_LENGTH_EXT(session) \
+ IS_MAX_FRAGMENT_LENGTH_EXT_VALID(session->ext.max_fragment_len_mode)
+# define GET_MAX_FRAGMENT_LENGTH(session) \
+ (512U << (session->ext.max_fragment_len_mode - 1))
+
+# define SSL_READ_ETM(s) (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC_READ)
+# define SSL_WRITE_ETM(s) (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE)
+
+/* Mostly for SSLv3 */
+# define SSL_PKEY_RSA 0
+# define SSL_PKEY_RSA_PSS_SIGN 1
+# define SSL_PKEY_DSA_SIGN 2
+# define SSL_PKEY_ECC 3
+# define SSL_PKEY_GOST01 4
+# define SSL_PKEY_GOST12_256 5
+# define SSL_PKEY_GOST12_512 6
+# define SSL_PKEY_ED25519 7
+# define SSL_PKEY_ED448 8
+# define SSL_PKEY_NUM 9
+
+/*-
+ * SSL_kRSA <- RSA_ENC
+ * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)
+ * SSL_kDHE <- RSA_ENC | RSA_SIGN | DSA_SIGN
+ * SSL_aRSA <- RSA_ENC | RSA_SIGN
+ * SSL_aDSS <- DSA_SIGN
+ */
+
+/*-
+#define CERT_INVALID 0
+#define CERT_PUBLIC_KEY 1
+#define CERT_PRIVATE_KEY 2
+*/
+
+/* Post-Handshake Authentication state */
+typedef enum {
+ SSL_PHA_NONE = 0,
+ SSL_PHA_EXT_SENT, /* client-side only: extension sent */
+ SSL_PHA_EXT_RECEIVED, /* server-side only: extension received */
+ SSL_PHA_REQUEST_PENDING, /* server-side only: request pending */
+ SSL_PHA_REQUESTED /* request received by client, or sent by server */
+} SSL_PHA_STATE;
+
+/* CipherSuite length. SSLv3 and all TLS versions. */
+# define TLS_CIPHER_LEN 2
+/* used to hold info on the particular ciphers used */
+struct ssl_cipher_st {
+ uint32_t valid;
+ const char *name; /* text name */
+ const char *stdname; /* RFC name */
+ uint32_t id; /* id, 4 bytes, first is version */
+ /*
+ * changed in 1.0.0: these four used to be portions of a single value
+ * 'algorithms'
+ */
+ uint32_t algorithm_mkey; /* key exchange algorithm */
+ uint32_t algorithm_auth; /* server authentication */
+ uint32_t algorithm_enc; /* symmetric encryption */
+ uint32_t algorithm_mac; /* symmetric authentication */
+ int min_tls; /* minimum SSL/TLS protocol version */
+ int max_tls; /* maximum SSL/TLS protocol version */
+ int min_dtls; /* minimum DTLS protocol version */
+ int max_dtls; /* maximum DTLS protocol version */
+ uint32_t algo_strength; /* strength and export flags */
+ uint32_t algorithm2; /* Extra flags */
+ int32_t strength_bits; /* Number of bits really used */
+ uint32_t alg_bits; /* Number of bits for algorithm */
+};
+
+/* Used to hold SSL/TLS functions */
+struct ssl_method_st {
+ int version;
+ unsigned flags;
+ unsigned long mask;
+ int (*ssl_new) (SSL *s);
+ int (*ssl_clear) (SSL *s);
+ void (*ssl_free) (SSL *s);
+ int (*ssl_accept) (SSL *s);
+ int (*ssl_connect) (SSL *s);
+ int (*ssl_read) (SSL *s, void *buf, size_t len, size_t *readbytes);
+ int (*ssl_peek) (SSL *s, void *buf, size_t len, size_t *readbytes);
+ int (*ssl_write) (SSL *s, const void *buf, size_t len, size_t *written);
+ int (*ssl_shutdown) (SSL *s);
+ int (*ssl_renegotiate) (SSL *s);
+ int (*ssl_renegotiate_check) (SSL *s, int);
+ int (*ssl_read_bytes) (SSL *s, int type, int *recvd_type,
+ unsigned char *buf, size_t len, int peek,
+ size_t *readbytes);
+ int (*ssl_write_bytes) (SSL *s, int type, const void *buf_, size_t len,
+ size_t *written);
+ int (*ssl_dispatch_alert) (SSL *s);
+ long (*ssl_ctrl) (SSL *s, int cmd, long larg, void *parg);
+ long (*ssl_ctx_ctrl) (SSL_CTX *ctx, int cmd, long larg, void *parg);
+ const SSL_CIPHER *(*get_cipher_by_char) (const unsigned char *ptr);
+ int (*put_cipher_by_char) (const SSL_CIPHER *cipher, WPACKET *pkt,
+ size_t *len);
+ size_t (*ssl_pending) (const SSL *s);
+ int (*num_ciphers) (void);
+ const SSL_CIPHER *(*get_cipher) (unsigned ncipher);
+ long (*get_timeout) (void);
+ const struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
+ int (*ssl_version) (void);
+ long (*ssl_callback_ctrl) (SSL *s, int cb_id, void (*fp) (void));
+ long (*ssl_ctx_callback_ctrl) (SSL_CTX *s, int cb_id, void (*fp) (void));
+};
+
+/*
+ * Matches the length of PSK_MAX_PSK_LEN. We keep it the same value for
+ * consistency, even in the event of OPENSSL_NO_PSK being defined.
+ */
+# define TLS13_MAX_RESUMPTION_PSK_LENGTH 256
+
+/*-
+ * Lets make this into an ASN.1 type structure as follows
+ * SSL_SESSION_ID ::= SEQUENCE {
+ * version INTEGER, -- structure version number
+ * SSLversion INTEGER, -- SSL version number
+ * Cipher OCTET STRING, -- the 3 byte cipher ID
+ * Session_ID OCTET STRING, -- the Session ID
+ * Master_key OCTET STRING, -- the master key
+ * Key_Arg [ 0 ] IMPLICIT OCTET STRING, -- the optional Key argument
+ * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time
+ * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds
+ * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate
+ * Session_ID_context [ 4 ] EXPLICIT OCTET STRING, -- the Session ID context
+ * Verify_result [ 5 ] EXPLICIT INTEGER, -- X509_V_... code for `Peer'
+ * HostName [ 6 ] EXPLICIT OCTET STRING, -- optional HostName from servername TLS extension
+ * PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint
+ * PSK_identity [ 8 ] EXPLICIT OCTET STRING, -- optional PSK identity
+ * Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket
+ * Ticket [10] EXPLICIT OCTET STRING, -- session ticket (clients only)
+ * Compression_meth [11] EXPLICIT OCTET STRING, -- optional compression method
+ * SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username
+ * flags [ 13 ] EXPLICIT INTEGER -- optional flags
+ * }
+ * Look in ssl/ssl_asn1.c for more details
+ * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
+ */
+struct ssl_session_st {
+ int ssl_version; /* what ssl version session info is being kept
+ * in here? */
+ size_t master_key_length;
+
+ /* TLSv1.3 early_secret used for external PSKs */
+ unsigned char early_secret[EVP_MAX_MD_SIZE];
+ /*
+ * For <=TLS1.2 this is the master_key. For TLS1.3 this is the resumption
+ * PSK
+ */
+ unsigned char master_key[TLS13_MAX_RESUMPTION_PSK_LENGTH];
+ /* session_id - valid? */
+ size_t session_id_length;
+ unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
+ /*
+ * this is used to determine whether the session is being reused in the
+ * appropriate context. It is up to the application to set this, via
+ * SSL_new
+ */
+ size_t sid_ctx_length;
+ unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
+# ifndef OPENSSL_NO_PSK
+ char *psk_identity_hint;
+ char *psk_identity;
+# endif
+ /*
+ * Used to indicate that session resumption is not allowed. Applications
+ * can also set this bit for a new session via not_resumable_session_cb
+ * to disable session caching and tickets.
+ */
+ int not_resumable;
+ /* This is the cert and type for the other end. */
+ X509 *peer;
+ /* Certificate chain peer sent. */
+ STACK_OF(X509) *peer_chain;
+ /*
+ * when app_verify_callback accepts a session where the peer's
+ * certificate is not ok, we must remember the error for session reuse:
+ */
+ long verify_result; /* only for servers */
+ CRYPTO_REF_COUNT references;
+ long timeout;
+ long time;
+ unsigned int compress_meth; /* Need to lookup the method */
+ const SSL_CIPHER *cipher;
+ unsigned long cipher_id; /* when ASN.1 loaded, this needs to be used to
+ * load the 'cipher' structure */
+ CRYPTO_EX_DATA ex_data; /* application specific data */
+ /*
+ * These are used to make removal of session-ids more efficient and to
+ * implement a maximum cache size.
+ */
+ struct ssl_session_st *prev, *next;
+
+ struct {
+ char *hostname;
+ /* RFC4507 info */
+ unsigned char *tick; /* Session ticket */
+ size_t ticklen; /* Session ticket length */
+ /* Session lifetime hint in seconds */
+ unsigned long tick_lifetime_hint;
+ uint32_t tick_age_add;
+ /* Max number of bytes that can be sent as early data */
+ uint32_t max_early_data;
+ /* The ALPN protocol selected for this session */
+ unsigned char *alpn_selected;
+ size_t alpn_selected_len;
+ /*
+ * Maximum Fragment Length as per RFC 4366.
+ * If this value does not contain RFC 4366 allowed values (1-4) then
+ * either the Maximum Fragment Length Negotiation failed or was not
+ * performed at all.
+ */
+ uint8_t max_fragment_len_mode;
+ } ext;
+# ifndef OPENSSL_NO_SRP
+ char *srp_username;
+# endif
+ unsigned char *ticket_appdata;
+ size_t ticket_appdata_len;
+ uint32_t flags;
+ CRYPTO_RWLOCK *lock;
+};
+
+/* Extended master secret support */
+# define SSL_SESS_FLAG_EXTMS 0x1
+
+# ifndef OPENSSL_NO_SRP
+
+typedef struct srp_ctx_st {
+ /* param for all the callbacks */
+ void *SRP_cb_arg;
+ /* set client Hello login callback */
+ int (*TLS_ext_srp_username_callback) (SSL *, int *, void *);
+ /* set SRP N/g param callback for verification */
+ int (*SRP_verify_param_callback) (SSL *, void *);
+ /* set SRP client passwd callback */
+ char *(*SRP_give_srp_client_pwd_callback) (SSL *, void *);
+ char *login;
+ BIGNUM *N, *g, *s, *B, *A;
+ BIGNUM *a, *b, *v;
+ char *info;
+ int strength;
+ unsigned long srp_Mask;
+} SRP_CTX;
+
+# endif
+
+typedef enum {
+ SSL_EARLY_DATA_NONE = 0,
+ SSL_EARLY_DATA_CONNECT_RETRY,
+ SSL_EARLY_DATA_CONNECTING,
+ SSL_EARLY_DATA_WRITE_RETRY,
+ SSL_EARLY_DATA_WRITING,
+ SSL_EARLY_DATA_WRITE_FLUSH,
+ SSL_EARLY_DATA_UNAUTH_WRITING,
+ SSL_EARLY_DATA_FINISHED_WRITING,
+ SSL_EARLY_DATA_ACCEPT_RETRY,
+ SSL_EARLY_DATA_ACCEPTING,
+ SSL_EARLY_DATA_READ_RETRY,
+ SSL_EARLY_DATA_READING,
+ SSL_EARLY_DATA_FINISHED_READING
+} SSL_EARLY_DATA_STATE;
+
+/*
+ * We check that the amount of unreadable early data doesn't exceed
+ * max_early_data. max_early_data is given in plaintext bytes. However if it is
+ * unreadable then we only know the number of ciphertext bytes. We also don't
+ * know how much the overhead should be because it depends on the ciphersuite.
+ * We make a small allowance. We assume 5 records of actual data plus the end
+ * of early data alert record. Each record has a tag and a content type byte.
+ * The longest tag length we know of is EVP_GCM_TLS_TAG_LEN. We don't count the
+ * content of the alert record either which is 2 bytes.
+ */
+# define EARLY_DATA_CIPHERTEXT_OVERHEAD ((6 * (EVP_GCM_TLS_TAG_LEN + 1)) + 2)
+
+/*
+ * The allowance we have between the client's calculated ticket age and our own.
+ * We allow for 10 seconds (units are in ms). If a ticket is presented and the
+ * client's age calculation is different by more than this than our own then we
+ * do not allow that ticket for early_data.
+ */
+# define TICKET_AGE_ALLOWANCE (10 * 1000)
+
+#define MAX_COMPRESSIONS_SIZE 255
+
+struct ssl_comp_st {
+ int id;
+ const char *name;
+ COMP_METHOD *method;
+};
+
+typedef struct raw_extension_st {
+ /* Raw packet data for the extension */
+ PACKET data;
+ /* Set to 1 if the extension is present or 0 otherwise */
+ int present;
+ /* Set to 1 if we have already parsed the extension or 0 otherwise */
+ int parsed;
+ /* The type of this extension, i.e. a TLSEXT_TYPE_* value */
+ unsigned int type;
+ /* Track what order extensions are received in (0-based). */
+ size_t received_order;
+} RAW_EXTENSION;
+
+typedef struct {
+ unsigned int isv2;
+ unsigned int legacy_version;
+ unsigned char random[SSL3_RANDOM_SIZE];
+ size_t session_id_len;
+ unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
+ size_t dtls_cookie_len;
+ unsigned char dtls_cookie[DTLS1_COOKIE_LENGTH];
+ PACKET ciphersuites;
+ size_t compressions_len;
+ unsigned char compressions[MAX_COMPRESSIONS_SIZE];
+ PACKET extensions;
+ size_t pre_proc_exts_len;
+ RAW_EXTENSION *pre_proc_exts;
+} CLIENTHELLO_MSG;
+
+/*
+ * Extension index values NOTE: Any updates to these defines should be mirrored
+ * with equivalent updates to ext_defs in extensions.c
+ */
+typedef enum tlsext_index_en {
+ TLSEXT_IDX_renegotiate,
+ TLSEXT_IDX_server_name,
+ TLSEXT_IDX_max_fragment_length,
+ TLSEXT_IDX_srp,
+ TLSEXT_IDX_ec_point_formats,
+ TLSEXT_IDX_supported_groups,
+ TLSEXT_IDX_session_ticket,
+ TLSEXT_IDX_status_request,
+ TLSEXT_IDX_next_proto_neg,
+ TLSEXT_IDX_application_layer_protocol_negotiation,
+ TLSEXT_IDX_use_srtp,
+ TLSEXT_IDX_encrypt_then_mac,
+ TLSEXT_IDX_signed_certificate_timestamp,
+ TLSEXT_IDX_extended_master_secret,
+ TLSEXT_IDX_signature_algorithms_cert,
+ TLSEXT_IDX_post_handshake_auth,
+ TLSEXT_IDX_signature_algorithms,
+ TLSEXT_IDX_supported_versions,
+ TLSEXT_IDX_psk_kex_modes,
+ TLSEXT_IDX_key_share,
+ TLSEXT_IDX_cookie,
+ TLSEXT_IDX_cryptopro_bug,
+ TLSEXT_IDX_early_data,
+ TLSEXT_IDX_certificate_authorities,
+ TLSEXT_IDX_padding,
+ TLSEXT_IDX_psk,
+ /* Dummy index - must always be the last entry */
+ TLSEXT_IDX_num_builtins
+} TLSEXT_INDEX;
+
+DEFINE_LHASH_OF(SSL_SESSION);
+/* Needed in ssl_cert.c */
+DEFINE_LHASH_OF(X509_NAME);
+
+# define TLSEXT_KEYNAME_LENGTH 16
+# define TLSEXT_TICK_KEY_LENGTH 32
+
+typedef struct ssl_ctx_ext_secure_st {
+ unsigned char tick_hmac_key[TLSEXT_TICK_KEY_LENGTH];
+ unsigned char tick_aes_key[TLSEXT_TICK_KEY_LENGTH];
+} SSL_CTX_EXT_SECURE;
+
+struct ssl_ctx_st {
+ const SSL_METHOD *method;
+ STACK_OF(SSL_CIPHER) *cipher_list;
+ /* same as above but sorted for lookup */
+ STACK_OF(SSL_CIPHER) *cipher_list_by_id;
+ /* TLSv1.3 specific ciphersuites */
+ STACK_OF(SSL_CIPHER) *tls13_ciphersuites;
+ struct x509_store_st /* X509_STORE */ *cert_store;
+ LHASH_OF(SSL_SESSION) *sessions;
+ /*
+ * Most session-ids that will be cached, default is
+ * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited.
+ */
+ size_t session_cache_size;
+ struct ssl_session_st *session_cache_head;
+ struct ssl_session_st *session_cache_tail;
+ /*
+ * This can have one of 2 values, ored together, SSL_SESS_CACHE_CLIENT,
+ * SSL_SESS_CACHE_SERVER, Default is SSL_SESSION_CACHE_SERVER, which
+ * means only SSL_accept will cache SSL_SESSIONS.
+ */
+ uint32_t session_cache_mode;
+ /*
+ * If timeout is not 0, it is the default timeout value set when
+ * SSL_new() is called. This has been put in to make life easier to set
+ * things up
+ */
+ long session_timeout;
+ /*
+ * If this callback is not null, it will be called each time a session id
+ * is added to the cache. If this function returns 1, it means that the
+ * callback will do a SSL_SESSION_free() when it has finished using it.
+ * Otherwise, on 0, it means the callback has finished with it. If
+ * remove_session_cb is not null, it will be called when a session-id is
+ * removed from the cache. After the call, OpenSSL will
+ * SSL_SESSION_free() it.
+ */
+ int (*new_session_cb) (struct ssl_st *ssl, SSL_SESSION *sess);
+ void (*remove_session_cb) (struct ssl_ctx_st *ctx, SSL_SESSION *sess);
+ SSL_SESSION *(*get_session_cb) (struct ssl_st *ssl,
+ const unsigned char *data, int len,
+ int *copy);
+ struct {
+ TSAN_QUALIFIER int sess_connect; /* SSL new conn - started */
+ TSAN_QUALIFIER int sess_connect_renegotiate; /* SSL reneg - requested */
+ TSAN_QUALIFIER int sess_connect_good; /* SSL new conne/reneg - finished */
+ TSAN_QUALIFIER int sess_accept; /* SSL new accept - started */
+ TSAN_QUALIFIER int sess_accept_renegotiate; /* SSL reneg - requested */
+ TSAN_QUALIFIER int sess_accept_good; /* SSL accept/reneg - finished */
+ TSAN_QUALIFIER int sess_miss; /* session lookup misses */
+ TSAN_QUALIFIER int sess_timeout; /* reuse attempt on timeouted session */
+ TSAN_QUALIFIER int sess_cache_full; /* session removed due to full cache */
+ TSAN_QUALIFIER int sess_hit; /* session reuse actually done */
+ TSAN_QUALIFIER int sess_cb_hit; /* session-id that was not in
+ * the cache was passed back via
+ * the callback. This indicates
+ * that the application is
+ * supplying session-id's from
+ * other processes - spooky
+ * :-) */
+ } stats;
+
+ CRYPTO_REF_COUNT references;
+
+ /* if defined, these override the X509_verify_cert() calls */
+ int (*app_verify_callback) (X509_STORE_CTX *, void *);
+ void *app_verify_arg;
+ /*
+ * before OpenSSL 0.9.7, 'app_verify_arg' was ignored
+ * ('app_verify_callback' was called with just one argument)
+ */
+
+ /* Default password callback. */
+ pem_password_cb *default_passwd_callback;
+
+ /* Default password callback user data. */
+ void *default_passwd_callback_userdata;
+
+ /* get client cert callback */
+ int (*client_cert_cb) (SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+
+ /* cookie generate callback */
+ int (*app_gen_cookie_cb) (SSL *ssl, unsigned char *cookie,
+ unsigned int *cookie_len);
+
+ /* verify cookie callback */
+ int (*app_verify_cookie_cb) (SSL *ssl, const unsigned char *cookie,
+ unsigned int cookie_len);
+
+ /* TLS1.3 app-controlled cookie generate callback */
+ int (*gen_stateless_cookie_cb) (SSL *ssl, unsigned char *cookie,
+ size_t *cookie_len);
+
+ /* TLS1.3 verify app-controlled cookie callback */
+ int (*verify_stateless_cookie_cb) (SSL *ssl, const unsigned char *cookie,
+ size_t cookie_len);
+
+ CRYPTO_EX_DATA ex_data;
+
+ const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */
+ const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */
+
+ STACK_OF(X509) *extra_certs;
+ STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */
+
+ /* Default values used when no per-SSL value is defined follow */
+
+ /* used if SSL's info_callback is NULL */
+ void (*info_callback) (const SSL *ssl, int type, int val);
+
+ /*
+ * What we put in certificate_authorities extension for TLS 1.3
+ * (ClientHello and CertificateRequest) or just client cert requests for
+ * earlier versions. If client_ca_names is populated then it is only used
+ * for client cert requests, and in preference to ca_names.
+ */
+ STACK_OF(X509_NAME) *ca_names;
+ STACK_OF(X509_NAME) *client_ca_names;
+
+ /*
+ * Default values to use in SSL structures follow (these are copied by
+ * SSL_new)
+ */
+
+ uint32_t options;
+ uint32_t mode;
+ int min_proto_version;
+ int max_proto_version;
+ size_t max_cert_list;
+
+ struct cert_st /* CERT */ *cert;
+ int read_ahead;
+
+ /* callback that allows applications to peek at protocol messages */
+ void (*msg_callback) (int write_p, int version, int content_type,
+ const void *buf, size_t len, SSL *ssl, void *arg);
+ void *msg_callback_arg;
+
+ uint32_t verify_mode;
+ size_t sid_ctx_length;
+ unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
+ /* called 'verify_callback' in the SSL */
+ int (*default_verify_callback) (int ok, X509_STORE_CTX *ctx);
+
+ /* Default generate session ID callback. */
+ GEN_SESSION_CB generate_session_id;
+
+ X509_VERIFY_PARAM *param;
+
+ int quiet_shutdown;
+
+# ifndef OPENSSL_NO_CT
+ CTLOG_STORE *ctlog_store; /* CT Log Store */
+ /*
+ * Validates that the SCTs (Signed Certificate Timestamps) are sufficient.
+ * If they are not, the connection should be aborted.
+ */
+ ssl_ct_validation_cb ct_validation_callback;
+ void *ct_validation_callback_arg;
+# endif
+
+ /*
+ * If we're using more than one pipeline how should we divide the data
+ * up between the pipes?
+ */
+ size_t split_send_fragment;
+ /*
+ * Maximum amount of data to send in one fragment. actual record size can
+ * be more than this due to padding and MAC overheads.
+ */
+ size_t max_send_fragment;
+
+ /* Up to how many pipelines should we use? If 0 then 1 is assumed */
+ size_t max_pipelines;
+
+ /* The default read buffer length to use (0 means not set) */
+ size_t default_read_buf_len;
+
+# ifndef OPENSSL_NO_ENGINE
+ /*
+ * Engine to pass requests for client certs to
+ */
+ ENGINE *client_cert_engine;
+# endif
+
+ /* ClientHello callback. Mostly for extensions, but not entirely. */
+ SSL_client_hello_cb_fn client_hello_cb;
+ void *client_hello_cb_arg;
+
+ /* TLS extensions. */
+ struct {
+ /* TLS extensions servername callback */
+ int (*servername_cb) (SSL *, int *, void *);
+ void *servername_arg;
+ /* RFC 4507 session ticket keys */
+ unsigned char tick_key_name[TLSEXT_KEYNAME_LENGTH];
+ SSL_CTX_EXT_SECURE *secure;
+ /* Callback to support customisation of ticket key setting */
+ int (*ticket_key_cb) (SSL *ssl,
+ unsigned char *name, unsigned char *iv,
+ EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc);
+
+ /* certificate status request info */
+ /* Callback for status request */
+ int (*status_cb) (SSL *ssl, void *arg);
+ void *status_arg;
+ /* ext status type used for CSR extension (OCSP Stapling) */
+ int status_type;
+ /* RFC 4366 Maximum Fragment Length Negotiation */
+ uint8_t max_fragment_len_mode;
+
+# ifndef OPENSSL_NO_EC
+ /* EC extension values inherited by SSL structure */
+ size_t ecpointformats_len;
+ unsigned char *ecpointformats;
+ size_t supportedgroups_len;
+ uint16_t *supportedgroups;
+# endif /* OPENSSL_NO_EC */
+
+ /*
+ * ALPN information (we are in the process of transitioning from NPN to
+ * ALPN.)
+ */
+
+ /*-
+ * For a server, this contains a callback function that allows the
+ * server to select the protocol for the connection.
+ * out: on successful return, this must point to the raw protocol
+ * name (without the length prefix).
+ * outlen: on successful return, this contains the length of |*out|.
+ * in: points to the client's list of supported protocols in
+ * wire-format.
+ * inlen: the length of |in|.
+ */
+ int (*alpn_select_cb) (SSL *s,
+ const unsigned char **out,
+ unsigned char *outlen,
+ const unsigned char *in,
+ unsigned int inlen, void *arg);
+ void *alpn_select_cb_arg;
+
+ /*
+ * For a client, this contains the list of supported protocols in wire
+ * format.
+ */
+ unsigned char *alpn;
+ size_t alpn_len;
+
+# ifndef OPENSSL_NO_NEXTPROTONEG
+ /* Next protocol negotiation information */
+
+ /*
+ * For a server, this contains a callback function by which the set of
+ * advertised protocols can be provided.
+ */
+ SSL_CTX_npn_advertised_cb_func npn_advertised_cb;
+ void *npn_advertised_cb_arg;
+ /*
+ * For a client, this contains a callback function that selects the next
+ * protocol from the list provided by the server.
+ */
+ SSL_CTX_npn_select_cb_func npn_select_cb;
+ void *npn_select_cb_arg;
+# endif
+
+ unsigned char cookie_hmac_key[SHA256_DIGEST_LENGTH];
+ } ext;
+
+# ifndef OPENSSL_NO_PSK
+ SSL_psk_client_cb_func psk_client_callback;
+ SSL_psk_server_cb_func psk_server_callback;
+# endif
+ SSL_psk_find_session_cb_func psk_find_session_cb;
+ SSL_psk_use_session_cb_func psk_use_session_cb;
+
+# ifndef OPENSSL_NO_SRP
+ SRP_CTX srp_ctx; /* ctx for SRP authentication */
+# endif
+
+ /* Shared DANE context */
+ struct dane_ctx_st dane;
+
+# ifndef OPENSSL_NO_SRTP
+ /* SRTP profiles we are willing to do from RFC 5764 */
+ STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
+# endif
+ /*
+ * Callback for disabling session caching and ticket support on a session
+ * basis, depending on the chosen cipher.
+ */
+ int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure);
+
+ CRYPTO_RWLOCK *lock;
+
+ /*
+ * Callback for logging key material for use with debugging tools like
+ * Wireshark. The callback should log `line` followed by a newline.
+ */
+ SSL_CTX_keylog_cb_func keylog_callback;
+
+ /*
+ * The maximum number of bytes advertised in session tickets that can be
+ * sent as early data.
+ */
+ uint32_t max_early_data;
+
+ /*
+ * The maximum number of bytes of early data that a server will tolerate
+ * (which should be at least as much as max_early_data).
+ */
+ uint32_t recv_max_early_data;
+
+ /* TLS1.3 padding callback */
+ size_t (*record_padding_cb)(SSL *s, int type, size_t len, void *arg);
+ void *record_padding_arg;
+ size_t block_padding;
+
+ /* Session ticket appdata */
+ SSL_CTX_generate_session_ticket_fn generate_ticket_cb;
+ SSL_CTX_decrypt_session_ticket_fn decrypt_ticket_cb;
+ void *ticket_cb_data;
+
+ /* The number of TLS1.3 tickets to automatically send */
+ size_t num_tickets;
+
+ /* Callback to determine if early_data is acceptable or not */
+ SSL_allow_early_data_cb_fn allow_early_data_cb;
+ void *allow_early_data_cb_data;
+
+ /* Do we advertise Post-handshake auth support? */
+ int pha_enabled;
+};
+
+struct ssl_st {
+ /*
+ * protocol version (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION,
+ * DTLS1_VERSION)
+ */
+ int version;
+ /* SSLv3 */
+ const SSL_METHOD *method;
+ /*
+ * There are 2 BIO's even though they are normally both the same. This
+ * is so data can be read and written to different handlers
+ */
+ /* used by SSL_read */
+ BIO *rbio;
+ /* used by SSL_write */
+ BIO *wbio;
+ /* used during session-id reuse to concatenate messages */
+ BIO *bbio;
+ /*
+ * This holds a variable that indicates what we were doing when a 0 or -1
+ * is returned. This is needed for non-blocking IO so we know what
+ * request needs re-doing when in SSL_accept or SSL_connect
+ */
+ int rwstate;
+ int (*handshake_func) (SSL *);
+ /*
+ * Imagine that here's a boolean member "init" that is switched as soon
+ * as SSL_set_{accept/connect}_state is called for the first time, so
+ * that "state" and "handshake_func" are properly initialized. But as
+ * handshake_func is == 0 until then, we use this test instead of an
+ * "init" member.
+ */
+ /* are we the server side? */
+ int server;
+ /*
+ * Generate a new session or reuse an old one.
+ * NB: For servers, the 'new' session may actually be a previously
+ * cached session or even the previous session unless
+ * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set
+ */
+ int new_session;
+ /* don't send shutdown packets */
+ int quiet_shutdown;
+ /* we have shut things down, 0x01 sent, 0x02 for received */
+ int shutdown;
+ /* where we are */
+ OSSL_STATEM statem;
+ SSL_EARLY_DATA_STATE early_data_state;
+ BUF_MEM *init_buf; /* buffer used during init */
+ void *init_msg; /* pointer to handshake message body, set by
+ * ssl3_get_message() */
+ size_t init_num; /* amount read/written */
+ size_t init_off; /* amount read/written */
+ struct ssl3_state_st *s3; /* SSLv3 variables */
+ struct dtls1_state_st *d1; /* DTLSv1 variables */
+ /* callback that allows applications to peek at protocol messages */
+ void (*msg_callback) (int write_p, int version, int content_type,
+ const void *buf, size_t len, SSL *ssl, void *arg);
+ void *msg_callback_arg;
+ int hit; /* reusing a previous session */
+ X509_VERIFY_PARAM *param;
+ /* Per connection DANE state */
+ SSL_DANE dane;
+ /* crypto */
+ STACK_OF(SSL_CIPHER) *peer_ciphers;
+ STACK_OF(SSL_CIPHER) *cipher_list;
+ STACK_OF(SSL_CIPHER) *cipher_list_by_id;
+ /* TLSv1.3 specific ciphersuites */
+ STACK_OF(SSL_CIPHER) *tls13_ciphersuites;
+ /*
+ * These are the ones being used, the ones in SSL_SESSION are the ones to
+ * be 'copied' into these ones
+ */
+ uint32_t mac_flags;
+ /*
+ * The TLS1.3 secrets.
+ */
+ unsigned char early_secret[EVP_MAX_MD_SIZE];
+ unsigned char handshake_secret[EVP_MAX_MD_SIZE];
+ unsigned char master_secret[EVP_MAX_MD_SIZE];
+ unsigned char resumption_master_secret[EVP_MAX_MD_SIZE];
+ unsigned char client_finished_secret[EVP_MAX_MD_SIZE];
+ unsigned char server_finished_secret[EVP_MAX_MD_SIZE];
+ unsigned char server_finished_hash[EVP_MAX_MD_SIZE];
+ unsigned char handshake_traffic_hash[EVP_MAX_MD_SIZE];
+ unsigned char client_app_traffic_secret[EVP_MAX_MD_SIZE];
+ unsigned char server_app_traffic_secret[EVP_MAX_MD_SIZE];
+ unsigned char exporter_master_secret[EVP_MAX_MD_SIZE];
+ unsigned char early_exporter_master_secret[EVP_MAX_MD_SIZE];
+ EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
+ unsigned char read_iv[EVP_MAX_IV_LENGTH]; /* TLSv1.3 static read IV */
+ EVP_MD_CTX *read_hash; /* used for mac generation */
+ COMP_CTX *compress; /* compression */
+ COMP_CTX *expand; /* uncompress */
+ EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
+ unsigned char write_iv[EVP_MAX_IV_LENGTH]; /* TLSv1.3 static write IV */
+ EVP_MD_CTX *write_hash; /* used for mac generation */
+ /* session info */
+ /* client cert? */
+ /* This is used to hold the server certificate used */
+ struct cert_st /* CERT */ *cert;
+
+ /*
+ * The hash of all messages prior to the CertificateVerify, and the length
+ * of that hash.
+ */
+ unsigned char cert_verify_hash[EVP_MAX_MD_SIZE];
+ size_t cert_verify_hash_len;
+
+ /* Flag to indicate whether we should send a HelloRetryRequest or not */
+ enum {SSL_HRR_NONE = 0, SSL_HRR_PENDING, SSL_HRR_COMPLETE}
+ hello_retry_request;
+
+ /*
+ * the session_id_context is used to ensure sessions are only reused in
+ * the appropriate context
+ */
+ size_t sid_ctx_length;
+ unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
+ /* This can also be in the session once a session is established */
+ SSL_SESSION *session;
+ /* TLSv1.3 PSK session */
+ SSL_SESSION *psksession;
+ unsigned char *psksession_id;
+ size_t psksession_id_len;
+ /* Default generate session ID callback. */
+ GEN_SESSION_CB generate_session_id;
+ /*
+ * The temporary TLSv1.3 session id. This isn't really a session id at all
+ * but is a random value sent in the legacy session id field.
+ */
+ unsigned char tmp_session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
+ size_t tmp_session_id_len;
+ /* Used in SSL3 */
+ /*
+ * 0 don't care about verify failure.
+ * 1 fail if verify fails
+ */
+ uint32_t verify_mode;
+ /* fail if callback returns 0 */
+ int (*verify_callback) (int ok, X509_STORE_CTX *ctx);
+ /* optional informational callback */
+ void (*info_callback) (const SSL *ssl, int type, int val);
+ /* error bytes to be written */
+ int error;
+ /* actual code */
+ int error_code;
+# ifndef OPENSSL_NO_PSK
+ SSL_psk_client_cb_func psk_client_callback;
+ SSL_psk_server_cb_func psk_server_callback;
+# endif
+ SSL_psk_find_session_cb_func psk_find_session_cb;
+ SSL_psk_use_session_cb_func psk_use_session_cb;
+
+ SSL_CTX *ctx;
+ /* Verified chain of peer */
+ STACK_OF(X509) *verified_chain;
+ long verify_result;
+ /* extra application data */
+ CRYPTO_EX_DATA ex_data;
+ /*
+ * What we put in certificate_authorities extension for TLS 1.3
+ * (ClientHello and CertificateRequest) or just client cert requests for
+ * earlier versions. If client_ca_names is populated then it is only used
+ * for client cert requests, and in preference to ca_names.
+ */
+ STACK_OF(X509_NAME) *ca_names;
+ STACK_OF(X509_NAME) *client_ca_names;
+ CRYPTO_REF_COUNT references;
+ /* protocol behaviour */
+ uint32_t options;
+ /* API behaviour */
+ uint32_t mode;
+ int min_proto_version;
+ int max_proto_version;
+ size_t max_cert_list;
+ int first_packet;
+ /*
+ * What was passed in ClientHello.legacy_version. Used for RSA pre-master
+ * secret and SSLv3/TLS (<=1.2) rollback check
+ */
+ int client_version;
+ /*
+ * If we're using more than one pipeline how should we divide the data
+ * up between the pipes?
+ */
+ size_t split_send_fragment;
+ /*
+ * Maximum amount of data to send in one fragment. actual record size can
+ * be more than this due to padding and MAC overheads.
+ */
+ size_t max_send_fragment;
+ /* Up to how many pipelines should we use? If 0 then 1 is assumed */
+ size_t max_pipelines;
+
+ struct {
+ /* Built-in extension flags */
+ uint8_t extflags[TLSEXT_IDX_num_builtins];
+ /* TLS extension debug callback */
+ void (*debug_cb)(SSL *s, int client_server, int type,
+ const unsigned char *data, int len, void *arg);
+ void *debug_arg;
+ char *hostname;
+ /* certificate status request info */
+ /* Status type or -1 if no status type */
+ int status_type;
+ /* Raw extension data, if seen */
+ unsigned char *scts;
+ /* Length of raw extension data, if seen */
+ uint16_t scts_len;
+ /* Expect OCSP CertificateStatus message */
+ int status_expected;
+
+ struct {
+ /* OCSP status request only */
+ STACK_OF(OCSP_RESPID) *ids;
+ X509_EXTENSIONS *exts;
+ /* OCSP response received or to be sent */
+ unsigned char *resp;
+ size_t resp_len;
+ } ocsp;
+
+ /* RFC4507 session ticket expected to be received or sent */
+ int ticket_expected;
+# ifndef OPENSSL_NO_EC
+ size_t ecpointformats_len;
+ /* our list */
+ unsigned char *ecpointformats;
+
+ size_t peer_ecpointformats_len;
+ /* peer's list */
+ unsigned char *peer_ecpointformats;
+# endif /* OPENSSL_NO_EC */
+ size_t supportedgroups_len;
+ /* our list */
+ uint16_t *supportedgroups;
+
+ size_t peer_supportedgroups_len;
+ /* peer's list */
+ uint16_t *peer_supportedgroups;
+
+ /* TLS Session Ticket extension override */
+ TLS_SESSION_TICKET_EXT *session_ticket;
+ /* TLS Session Ticket extension callback */
+ tls_session_ticket_ext_cb_fn session_ticket_cb;
+ void *session_ticket_cb_arg;
+ /* TLS pre-shared secret session resumption */
+ tls_session_secret_cb_fn session_secret_cb;
+ void *session_secret_cb_arg;
+ /*
+ * For a client, this contains the list of supported protocols in wire
+ * format.
+ */
+ unsigned char *alpn;
+ size_t alpn_len;
+ /*
+ * Next protocol negotiation. For the client, this is the protocol that
+ * we sent in NextProtocol and is set when handling ServerHello
+ * extensions. For a server, this is the client's selected_protocol from
+ * NextProtocol and is set when handling the NextProtocol message, before
+ * the Finished message.
+ */
+ unsigned char *npn;
+ size_t npn_len;
+
+ /* The available PSK key exchange modes */
+ int psk_kex_mode;
+
+ /* Set to one if we have negotiated ETM */
+ int use_etm;
+
+ /* Are we expecting to receive early data? */
+ int early_data;
+ /* Is the session suitable for early data? */
+ int early_data_ok;
+
+ /* May be sent by a server in HRR. Must be echoed back in ClientHello */
+ unsigned char *tls13_cookie;
+ size_t tls13_cookie_len;
+ /* Have we received a cookie from the client? */
+ int cookieok;
+
+ /*
+ * Maximum Fragment Length as per RFC 4366.
+ * If this member contains one of the allowed values (1-4)
+ * then we should include Maximum Fragment Length Negotiation
+ * extension in Client Hello.
+ * Please note that value of this member does not have direct
+ * effect. The actual (binding) value is stored in SSL_SESSION,
+ * as this extension is optional on server side.
+ */
+ uint8_t max_fragment_len_mode;
+
+ /*
+ * On the client side the number of ticket identities we sent in the
+ * ClientHello. On the server side the identity of the ticket we
+ * selected.
+ */
+ int tick_identity;
+ } ext;
+
+ /*
+ * Parsed form of the ClientHello, kept around across client_hello_cb
+ * calls.
+ */
+ CLIENTHELLO_MSG *clienthello;
+
+ /*-
+ * no further mod of servername
+ * 0 : call the servername extension callback.
+ * 1 : prepare 2, allow last ack just after in server callback.
+ * 2 : don't call servername callback, no ack in server hello
+ */
+ int servername_done;
+# ifndef OPENSSL_NO_CT
+ /*
+ * Validates that the SCTs (Signed Certificate Timestamps) are sufficient.
+ * If they are not, the connection should be aborted.
+ */
+ ssl_ct_validation_cb ct_validation_callback;
+ /* User-supplied argument that is passed to the ct_validation_callback */
+ void *ct_validation_callback_arg;
+ /*
+ * Consolidated stack of SCTs from all sources.
+ * Lazily populated by CT_get_peer_scts(SSL*)
+ */
+ STACK_OF(SCT) *scts;
+ /* Have we attempted to find/parse SCTs yet? */
+ int scts_parsed;
+# endif
+ SSL_CTX *session_ctx; /* initial ctx, used to store sessions */
+# ifndef OPENSSL_NO_SRTP
+ /* What we'll do */
+ STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
+ /* What's been chosen */
+ SRTP_PROTECTION_PROFILE *srtp_profile;
+# endif
+ /*-
+ * 1 if we are renegotiating.
+ * 2 if we are a server and are inside a handshake
+ * (i.e. not just sending a HelloRequest)
+ */
+ int renegotiate;
+ /* If sending a KeyUpdate is pending */
+ int key_update;
+ /* Post-handshake authentication state */
+ SSL_PHA_STATE post_handshake_auth;
+ int pha_enabled;
+ uint8_t* pha_context;
+ size_t pha_context_len;
+ int certreqs_sent;
+ EVP_MD_CTX *pha_dgst; /* this is just the digest through ClientFinished */
+
+# ifndef OPENSSL_NO_SRP
+ /* ctx for SRP authentication */
+ SRP_CTX srp_ctx;
+# endif
+ /*
+ * Callback for disabling session caching and ticket support on a session
+ * basis, depending on the chosen cipher.
+ */
+ int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure);
+ RECORD_LAYER rlayer;
+ /* Default password callback. */
+ pem_password_cb *default_passwd_callback;
+ /* Default password callback user data. */
+ void *default_passwd_callback_userdata;
+ /* Async Job info */
+ ASYNC_JOB *job;
+ ASYNC_WAIT_CTX *waitctx;
+ size_t asyncrw;
+
+ /*
+ * The maximum number of bytes advertised in session tickets that can be
+ * sent as early data.
+ */
+ uint32_t max_early_data;
+ /*
+ * The maximum number of bytes of early data that a server will tolerate
+ * (which should be at least as much as max_early_data).
+ */
+ uint32_t recv_max_early_data;
+
+ /*
+ * The number of bytes of early data received so far. If we accepted early
+ * data then this is a count of the plaintext bytes. If we rejected it then
+ * this is a count of the ciphertext bytes.
+ */
+ uint32_t early_data_count;
+
+ /* TLS1.3 padding callback */
+ size_t (*record_padding_cb)(SSL *s, int type, size_t len, void *arg);
+ void *record_padding_arg;
+ size_t block_padding;
+
+ CRYPTO_RWLOCK *lock;
+
+ /* The number of TLS1.3 tickets to automatically send */
+ size_t num_tickets;
+ /* The number of TLS1.3 tickets actually sent so far */
+ size_t sent_tickets;
+ /* The next nonce value to use when we send a ticket on this connection */
+ uint64_t next_ticket_nonce;
+
+ /* Callback to determine if early_data is acceptable or not */
+ SSL_allow_early_data_cb_fn allow_early_data_cb;
+ void *allow_early_data_cb_data;
+
+ /*
+ * Signature algorithms shared by client and server: cached because these
+ * are used most often.
+ */
+ const struct sigalg_lookup_st **shared_sigalgs;
+ size_t shared_sigalgslen;
+};
+
+/*
+ * Structure containing table entry of values associated with the signature
+ * algorithms (signature scheme) extension
+*/
+typedef struct sigalg_lookup_st {
+ /* TLS 1.3 signature scheme name */
+ const char *name;
+ /* Raw value used in extension */
+ uint16_t sigalg;
+ /* NID of hash algorithm or NID_undef if no hash */
+ int hash;
+ /* Index of hash algorithm or -1 if no hash algorithm */
+ int hash_idx;
+ /* NID of signature algorithm */
+ int sig;
+ /* Index of signature algorithm */
+ int sig_idx;
+ /* Combined hash and signature NID, if any */
+ int sigandhash;
+ /* Required public key curve (ECDSA only) */
+ int curve;
+} SIGALG_LOOKUP;
+
+typedef struct tls_group_info_st {
+ int nid; /* Curve NID */
+ int secbits; /* Bits of security (from SP800-57) */
+ uint16_t flags; /* Flags: currently just group type */
+} TLS_GROUP_INFO;
+
+/* flags values */
+# define TLS_CURVE_TYPE 0x3 /* Mask for group type */
+# define TLS_CURVE_PRIME 0x0
+# define TLS_CURVE_CHAR2 0x1
+# define TLS_CURVE_CUSTOM 0x2
+
+typedef struct cert_pkey_st CERT_PKEY;
+
+/*
+ * Structure containing table entry of certificate info corresponding to
+ * CERT_PKEY entries
+ */
+typedef struct {
+ int nid; /* NID of public key algorithm */
+ uint32_t amask; /* authmask corresponding to key type */
+} SSL_CERT_LOOKUP;
+
+typedef struct ssl3_state_st {
+ long flags;
+ size_t read_mac_secret_size;
+ unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
+ size_t write_mac_secret_size;
+ unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
+ unsigned char server_random[SSL3_RANDOM_SIZE];
+ unsigned char client_random[SSL3_RANDOM_SIZE];
+ /* flags for countermeasure against known-IV weakness */
+ int need_empty_fragments;
+ int empty_fragment_done;
+ /* used during startup, digest all incoming/outgoing packets */
+ BIO *handshake_buffer;
+ /*
+ * When handshake digest is determined, buffer is hashed and
+ * freed and MD_CTX for the required digest is stored here.
+ */
+ EVP_MD_CTX *handshake_dgst;
+ /*
+ * Set whenever an expected ChangeCipherSpec message is processed.
+ * Unset when the peer's Finished message is received.
+ * Unexpected ChangeCipherSpec messages trigger a fatal alert.
+ */
+ int change_cipher_spec;
+ int warn_alert;
+ int fatal_alert;
+ /*
+ * we allow one fatal and one warning alert to be outstanding, send close
+ * alert via the warning alert
+ */
+ int alert_dispatch;
+ unsigned char send_alert[2];
+ /*
+ * This flag is set when we should renegotiate ASAP, basically when there
+ * is no more data in the read or write buffers
+ */
+ int renegotiate;
+ int total_renegotiations;
+ int num_renegotiations;
+ int in_read_app_data;
+ struct {
+ /* actually only need to be 16+20 for SSLv3 and 12 for TLS */
+ unsigned char finish_md[EVP_MAX_MD_SIZE * 2];
+ size_t finish_md_len;
+ unsigned char peer_finish_md[EVP_MAX_MD_SIZE * 2];
+ size_t peer_finish_md_len;
+ size_t message_size;
+ int message_type;
+ /* used to hold the new cipher we are going to use */
+ const SSL_CIPHER *new_cipher;
+# if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
+ EVP_PKEY *pkey; /* holds short lived DH/ECDH key */
+# endif
+ /* used for certificate requests */
+ int cert_req;
+ /* Certificate types in certificate request message. */
+ uint8_t *ctype;
+ size_t ctype_len;
+ /* Certificate authorities list peer sent */
+ STACK_OF(X509_NAME) *peer_ca_names;
+ size_t key_block_length;
+ unsigned char *key_block;
+ const EVP_CIPHER *new_sym_enc;
+ const EVP_MD *new_hash;
+ int new_mac_pkey_type;
+ size_t new_mac_secret_size;
+# ifndef OPENSSL_NO_COMP
+ const SSL_COMP *new_compression;
+# else
+ char *new_compression;
+# endif
+ int cert_request;
+ /* Raw values of the cipher list from a client */
+ unsigned char *ciphers_raw;
+ size_t ciphers_rawlen;
+ /* Temporary storage for premaster secret */
+ unsigned char *pms;
+ size_t pmslen;
+# ifndef OPENSSL_NO_PSK
+ /* Temporary storage for PSK key */
+ unsigned char *psk;
+ size_t psklen;
+# endif
+ /* Signature algorithm we actually use */
+ const SIGALG_LOOKUP *sigalg;
+ /* Pointer to certificate we use */
+ CERT_PKEY *cert;
+ /*
+ * signature algorithms peer reports: e.g. supported signature
+ * algorithms extension for server or as part of a certificate
+ * request for client.
+ * Keep track of the algorithms for TLS and X.509 usage separately.
+ */
+ uint16_t *peer_sigalgs;
+ uint16_t *peer_cert_sigalgs;
+ /* Size of above arrays */
+ size_t peer_sigalgslen;
+ size_t peer_cert_sigalgslen;
+ /* Sigalg peer actually uses */
+ const SIGALG_LOOKUP *peer_sigalg;
+ /*
+ * Set if corresponding CERT_PKEY can be used with current
+ * SSL session: e.g. appropriate curve, signature algorithms etc.
+ * If zero it can't be used at all.
+ */
+ uint32_t valid_flags[SSL_PKEY_NUM];
+ /*
+ * For servers the following masks are for the key and auth algorithms
+ * that are supported by the certs below. For clients they are masks of
+ * *disabled* algorithms based on the current session.
+ */
+ uint32_t mask_k;
+ uint32_t mask_a;
+ /*
+ * The following are used by the client to see if a cipher is allowed or
+ * not. It contains the minimum and maximum version the client's using
+ * based on what it knows so far.
+ */
+ int min_ver;
+ int max_ver;
+ } tmp;
+
+ /* Connection binding to prevent renegotiation attacks */
+ unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
+ size_t previous_client_finished_len;
+ unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
+ size_t previous_server_finished_len;
+ int send_connection_binding; /* TODOEKR */
+
+# ifndef OPENSSL_NO_NEXTPROTONEG
+ /*
+ * Set if we saw the Next Protocol Negotiation extension from our peer.
+ */
+ int npn_seen;
+# endif
+
+ /*
+ * ALPN information (we are in the process of transitioning from NPN to
+ * ALPN.)
+ */
+
+ /*
+ * In a server these point to the selected ALPN protocol after the
+ * ClientHello has been processed. In a client these contain the protocol
+ * that the server selected once the ServerHello has been processed.
+ */
+ unsigned char *alpn_selected;
+ size_t alpn_selected_len;
+ /* used by the server to know what options were proposed */
+ unsigned char *alpn_proposed;
+ size_t alpn_proposed_len;
+ /* used by the client to know if it actually sent alpn */
+ int alpn_sent;
+
+# ifndef OPENSSL_NO_EC
+ /*
+ * This is set to true if we believe that this is a version of Safari
+ * running on OS X 10.6 or newer. We wish to know this because Safari on
+ * 10.8 .. 10.8.3 has broken ECDHE-ECDSA support.
+ */
+ char is_probably_safari;
+# endif /* !OPENSSL_NO_EC */
+
+ /* For clients: peer temporary key */
+# if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
+ /* The group_id for the DH/ECDH key */
+ uint16_t group_id;
+ EVP_PKEY *peer_tmp;
+# endif
+
+} SSL3_STATE;
+
+/* DTLS structures */
+
+# ifndef OPENSSL_NO_SCTP
+# define DTLS1_SCTP_AUTH_LABEL "EXPORTER_DTLS_OVER_SCTP"
+# endif
+
+/* Max MTU overhead we know about so far is 40 for IPv6 + 8 for UDP */
+# define DTLS1_MAX_MTU_OVERHEAD 48
+
+/*
+ * Flag used in message reuse to indicate the buffer contains the record
+ * header as well as the handshake message header.
+ */
+# define DTLS1_SKIP_RECORD_HEADER 2
+
+struct dtls1_retransmit_state {
+ EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
+ EVP_MD_CTX *write_hash; /* used for mac generation */
+ COMP_CTX *compress; /* compression */
+ SSL_SESSION *session;
+ unsigned short epoch;
+};
+
+struct hm_header_st {
+ unsigned char type;
+ size_t msg_len;
+ unsigned short seq;
+ size_t frag_off;
+ size_t frag_len;
+ unsigned int is_ccs;
+ struct dtls1_retransmit_state saved_retransmit_state;
+};
+
+struct dtls1_timeout_st {
+ /* Number of read timeouts so far */
+ unsigned int read_timeouts;
+ /* Number of write timeouts so far */
+ unsigned int write_timeouts;
+ /* Number of alerts received so far */
+ unsigned int num_alerts;
+};
+
+typedef struct hm_fragment_st {
+ struct hm_header_st msg_header;
+ unsigned char *fragment;
+ unsigned char *reassembly;
+} hm_fragment;
+
+typedef struct pqueue_st pqueue;
+typedef struct pitem_st pitem;
+
+struct pitem_st {
+ unsigned char priority[8]; /* 64-bit value in big-endian encoding */
+ void *data;
+ pitem *next;
+};
+
+typedef struct pitem_st *piterator;
+
+pitem *pitem_new(unsigned char *prio64be, void *data);
+void pitem_free(pitem *item);
+pqueue *pqueue_new(void);
+void pqueue_free(pqueue *pq);
+pitem *pqueue_insert(pqueue *pq, pitem *item);
+pitem *pqueue_peek(pqueue *pq);
+pitem *pqueue_pop(pqueue *pq);
+pitem *pqueue_find(pqueue *pq, unsigned char *prio64be);
+pitem *pqueue_iterator(pqueue *pq);
+pitem *pqueue_next(piterator *iter);
+size_t pqueue_size(pqueue *pq);
+
+typedef struct dtls1_state_st {
+ unsigned char cookie[DTLS1_COOKIE_LENGTH];
+ size_t cookie_len;
+ unsigned int cookie_verified;
+ /* handshake message numbers */
+ unsigned short handshake_write_seq;
+ unsigned short next_handshake_write_seq;
+ unsigned short handshake_read_seq;
+ /* Buffered handshake messages */
+ pqueue *buffered_messages;
+ /* Buffered (sent) handshake records */
+ pqueue *sent_messages;
+ size_t link_mtu; /* max on-the-wire DTLS packet size */
+ size_t mtu; /* max DTLS packet size */
+ struct hm_header_st w_msg_hdr;
+ struct hm_header_st r_msg_hdr;
+ struct dtls1_timeout_st timeout;
+ /*
+ * Indicates when the last handshake msg sent will timeout
+ */
+ struct timeval next_timeout;
+ /* Timeout duration */
+ unsigned int timeout_duration_us;
+
+ unsigned int retransmitting;
+# ifndef OPENSSL_NO_SCTP
+ int shutdown_received;
+# endif
+
+ DTLS_timer_cb timer_cb;
+
+} DTLS1_STATE;
+
+# ifndef OPENSSL_NO_EC
+/*
+ * From ECC-TLS draft, used in encoding the curve type in ECParameters
+ */
+# define EXPLICIT_PRIME_CURVE_TYPE 1
+# define EXPLICIT_CHAR2_CURVE_TYPE 2
+# define NAMED_CURVE_TYPE 3
+# endif /* OPENSSL_NO_EC */
+
+struct cert_pkey_st {
+ X509 *x509;
+ EVP_PKEY *privatekey;
+ /* Chain for this certificate */
+ STACK_OF(X509) *chain;
+ /*-
+ * serverinfo data for this certificate. The data is in TLS Extension
+ * wire format, specifically it's a series of records like:
+ * uint16_t extension_type; // (RFC 5246, 7.4.1.4, Extension)
+ * uint16_t length;
+ * uint8_t data[length];
+ */
+ unsigned char *serverinfo;
+ size_t serverinfo_length;
+};
+/* Retrieve Suite B flags */
+# define tls1_suiteb(s) (s->cert->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS)
+/* Uses to check strict mode: suite B modes are always strict */
+# define SSL_CERT_FLAGS_CHECK_TLS_STRICT \
+ (SSL_CERT_FLAG_SUITEB_128_LOS|SSL_CERT_FLAG_TLS_STRICT)
+
+typedef enum {
+ ENDPOINT_CLIENT = 0,
+ ENDPOINT_SERVER,
+ ENDPOINT_BOTH
+} ENDPOINT;
+
+
+typedef struct {
+ unsigned short ext_type;
+ ENDPOINT role;
+ /* The context which this extension applies to */
+ unsigned int context;
+ /*
+ * Per-connection flags relating to this extension type: not used if
+ * part of an SSL_CTX structure.
+ */
+ uint32_t ext_flags;
+ SSL_custom_ext_add_cb_ex add_cb;
+ SSL_custom_ext_free_cb_ex free_cb;
+ void *add_arg;
+ SSL_custom_ext_parse_cb_ex parse_cb;
+ void *parse_arg;
+} custom_ext_method;
+
+/* ext_flags values */
+
+/*
+ * Indicates an extension has been received. Used to check for unsolicited or
+ * duplicate extensions.
+ */
+# define SSL_EXT_FLAG_RECEIVED 0x1
+/*
+ * Indicates an extension has been sent: used to enable sending of
+ * corresponding ServerHello extension.
+ */
+# define SSL_EXT_FLAG_SENT 0x2
+
+typedef struct {
+ custom_ext_method *meths;
+ size_t meths_count;
+} custom_ext_methods;
+
+typedef struct cert_st {
+ /* Current active set */
+ /*
+ * ALWAYS points to an element of the pkeys array
+ * Probably it would make more sense to store
+ * an index, not a pointer.
+ */
+ CERT_PKEY *key;
+# ifndef OPENSSL_NO_DH
+ EVP_PKEY *dh_tmp;
+ DH *(*dh_tmp_cb) (SSL *ssl, int is_export, int keysize);
+ int dh_tmp_auto;
+# endif
+ /* Flags related to certificates */
+ uint32_t cert_flags;
+ CERT_PKEY pkeys[SSL_PKEY_NUM];
+ /* Custom certificate types sent in certificate request message. */
+ uint8_t *ctype;
+ size_t ctype_len;
+ /*
+ * supported signature algorithms. When set on a client this is sent in
+ * the client hello as the supported signature algorithms extension. For
+ * servers it represents the signature algorithms we are willing to use.
+ */
+ uint16_t *conf_sigalgs;
+ /* Size of above array */
+ size_t conf_sigalgslen;
+ /*
+ * Client authentication signature algorithms, if not set then uses
+ * conf_sigalgs. On servers these will be the signature algorithms sent
+ * to the client in a certificate request for TLS 1.2. On a client this
+ * represents the signature algorithms we are willing to use for client
+ * authentication.
+ */
+ uint16_t *client_sigalgs;
+ /* Size of above array */
+ size_t client_sigalgslen;
+ /*
+ * Certificate setup callback: if set is called whenever a certificate
+ * may be required (client or server). the callback can then examine any
+ * appropriate parameters and setup any certificates required. This
+ * allows advanced applications to select certificates on the fly: for
+ * example based on supported signature algorithms or curves.
+ */
+ int (*cert_cb) (SSL *ssl, void *arg);
+ void *cert_cb_arg;
+ /*
+ * Optional X509_STORE for chain building or certificate validation If
+ * NULL the parent SSL_CTX store is used instead.
+ */
+ X509_STORE *chain_store;
+ X509_STORE *verify_store;
+ /* Custom extensions */
+ custom_ext_methods custext;
+ /* Security callback */
+ int (*sec_cb) (const SSL *s, const SSL_CTX *ctx, int op, int bits, int nid,
+ void *other, void *ex);
+ /* Security level */
+ int sec_level;
+ void *sec_ex;
+# ifndef OPENSSL_NO_PSK
+ /* If not NULL psk identity hint to use for servers */
+ char *psk_identity_hint;
+# endif
+ CRYPTO_REF_COUNT references; /* >1 only if SSL_copy_session_id is used */
+ CRYPTO_RWLOCK *lock;
+} CERT;
+
+# define FP_ICC (int (*)(const void *,const void *))
+
+/*
+ * This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff It is a bit
+ * of a mess of functions, but hell, think of it as an opaque structure :-)
+ */
+typedef struct ssl3_enc_method {
+ int (*enc) (SSL *, SSL3_RECORD *, size_t, int);
+ int (*mac) (SSL *, SSL3_RECORD *, unsigned char *, int);
+ int (*setup_key_block) (SSL *);
+ int (*generate_master_secret) (SSL *, unsigned char *, unsigned char *,
+ size_t, size_t *);
+ int (*change_cipher_state) (SSL *, int);
+ size_t (*final_finish_mac) (SSL *, const char *, size_t, unsigned char *);
+ const char *client_finished_label;
+ size_t client_finished_label_len;
+ const char *server_finished_label;
+ size_t server_finished_label_len;
+ int (*alert_value) (int);
+ int (*export_keying_material) (SSL *, unsigned char *, size_t,
+ const char *, size_t,
+ const unsigned char *, size_t,
+ int use_context);
+ /* Various flags indicating protocol version requirements */
+ uint32_t enc_flags;
+ /* Set the handshake header */
+ int (*set_handshake_header) (SSL *s, WPACKET *pkt, int type);
+ /* Close construction of the handshake message */
+ int (*close_construct_packet) (SSL *s, WPACKET *pkt, int htype);
+ /* Write out handshake message */
+ int (*do_write) (SSL *s);
+} SSL3_ENC_METHOD;
+
+# define ssl_set_handshake_header(s, pkt, htype) \
+ s->method->ssl3_enc->set_handshake_header((s), (pkt), (htype))
+# define ssl_close_construct_packet(s, pkt, htype) \
+ s->method->ssl3_enc->close_construct_packet((s), (pkt), (htype))
+# define ssl_do_write(s) s->method->ssl3_enc->do_write(s)
+
+/* Values for enc_flags */
+
+/* Uses explicit IV for CBC mode */
+# define SSL_ENC_FLAG_EXPLICIT_IV 0x1
+/* Uses signature algorithms extension */
+# define SSL_ENC_FLAG_SIGALGS 0x2
+/* Uses SHA256 default PRF */
+# define SSL_ENC_FLAG_SHA256_PRF 0x4
+/* Is DTLS */
+# define SSL_ENC_FLAG_DTLS 0x8
+/*
+ * Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2: may
+ * apply to others in future.
+ */
+# define SSL_ENC_FLAG_TLS1_2_CIPHERS 0x10
+
+# ifndef OPENSSL_NO_COMP
+/* Used for holding the relevant compression methods loaded into SSL_CTX */
+typedef struct ssl3_comp_st {
+ int comp_id; /* The identifier byte for this compression
+ * type */
+ char *name; /* Text name used for the compression type */
+ COMP_METHOD *method; /* The method :-) */
+} SSL3_COMP;
+# endif
+
+typedef enum downgrade_en {
+ DOWNGRADE_NONE,
+ DOWNGRADE_TO_1_2,
+ DOWNGRADE_TO_1_1
+} DOWNGRADE;
+
+/*
+ * Dummy status type for the status_type extension. Indicates no status type
+ * set
+ */
+#define TLSEXT_STATUSTYPE_nothing -1
+
+/* Sigalgs values */
+#define TLSEXT_SIGALG_ecdsa_secp256r1_sha256 0x0403
+#define TLSEXT_SIGALG_ecdsa_secp384r1_sha384 0x0503
+#define TLSEXT_SIGALG_ecdsa_secp521r1_sha512 0x0603
+#define TLSEXT_SIGALG_ecdsa_sha224 0x0303
+#define TLSEXT_SIGALG_ecdsa_sha1 0x0203
+#define TLSEXT_SIGALG_rsa_pss_rsae_sha256 0x0804
+#define TLSEXT_SIGALG_rsa_pss_rsae_sha384 0x0805
+#define TLSEXT_SIGALG_rsa_pss_rsae_sha512 0x0806
+#define TLSEXT_SIGALG_rsa_pss_pss_sha256 0x0809
+#define TLSEXT_SIGALG_rsa_pss_pss_sha384 0x080a
+#define TLSEXT_SIGALG_rsa_pss_pss_sha512 0x080b
+#define TLSEXT_SIGALG_rsa_pkcs1_sha256 0x0401
+#define TLSEXT_SIGALG_rsa_pkcs1_sha384 0x0501
+#define TLSEXT_SIGALG_rsa_pkcs1_sha512 0x0601
+#define TLSEXT_SIGALG_rsa_pkcs1_sha224 0x0301
+#define TLSEXT_SIGALG_rsa_pkcs1_sha1 0x0201
+#define TLSEXT_SIGALG_dsa_sha256 0x0402
+#define TLSEXT_SIGALG_dsa_sha384 0x0502
+#define TLSEXT_SIGALG_dsa_sha512 0x0602
+#define TLSEXT_SIGALG_dsa_sha224 0x0302
+#define TLSEXT_SIGALG_dsa_sha1 0x0202
+#define TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256 0xeeee
+#define TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512 0xefef
+#define TLSEXT_SIGALG_gostr34102001_gostr3411 0xeded
+
+#define TLSEXT_SIGALG_ed25519 0x0807
+#define TLSEXT_SIGALG_ed448 0x0808
+
+/* Known PSK key exchange modes */
+#define TLSEXT_KEX_MODE_KE 0x00
+#define TLSEXT_KEX_MODE_KE_DHE 0x01
+
+/*
+ * Internal representations of key exchange modes
+ */
+#define TLSEXT_KEX_MODE_FLAG_NONE 0
+#define TLSEXT_KEX_MODE_FLAG_KE 1
+#define TLSEXT_KEX_MODE_FLAG_KE_DHE 2
+
+#define SSL_USE_PSS(s) (s->s3->tmp.peer_sigalg != NULL && \
+ s->s3->tmp.peer_sigalg->sig == EVP_PKEY_RSA_PSS)
+
+/* A dummy signature value not valid for TLSv1.2 signature algs */
+#define TLSEXT_signature_rsa_pss 0x0101
+
+/* TLSv1.3 downgrade protection sentinel values */
+extern const unsigned char tls11downgrade[8];
+extern const unsigned char tls12downgrade[8];
+
+extern SSL3_ENC_METHOD ssl3_undef_enc_method;
+
+__owur const SSL_METHOD *ssl_bad_method(int ver);
+__owur const SSL_METHOD *sslv3_method(void);
+__owur const SSL_METHOD *sslv3_server_method(void);
+__owur const SSL_METHOD *sslv3_client_method(void);
+__owur const SSL_METHOD *tlsv1_method(void);
+__owur const SSL_METHOD *tlsv1_server_method(void);
+__owur const SSL_METHOD *tlsv1_client_method(void);
+__owur const SSL_METHOD *tlsv1_1_method(void);
+__owur const SSL_METHOD *tlsv1_1_server_method(void);
+__owur const SSL_METHOD *tlsv1_1_client_method(void);
+__owur const SSL_METHOD *tlsv1_2_method(void);
+__owur const SSL_METHOD *tlsv1_2_server_method(void);
+__owur const SSL_METHOD *tlsv1_2_client_method(void);
+__owur const SSL_METHOD *tlsv1_3_method(void);
+__owur const SSL_METHOD *tlsv1_3_server_method(void);
+__owur const SSL_METHOD *tlsv1_3_client_method(void);
+__owur const SSL_METHOD *dtlsv1_method(void);
+__owur const SSL_METHOD *dtlsv1_server_method(void);
+__owur const SSL_METHOD *dtlsv1_client_method(void);
+__owur const SSL_METHOD *dtls_bad_ver_client_method(void);
+__owur const SSL_METHOD *dtlsv1_2_method(void);
+__owur const SSL_METHOD *dtlsv1_2_server_method(void);
+__owur const SSL_METHOD *dtlsv1_2_client_method(void);
+
+extern const SSL3_ENC_METHOD TLSv1_enc_data;
+extern const SSL3_ENC_METHOD TLSv1_1_enc_data;
+extern const SSL3_ENC_METHOD TLSv1_2_enc_data;
+extern const SSL3_ENC_METHOD TLSv1_3_enc_data;
+extern const SSL3_ENC_METHOD SSLv3_enc_data;
+extern const SSL3_ENC_METHOD DTLSv1_enc_data;
+extern const SSL3_ENC_METHOD DTLSv1_2_enc_data;
+
+/*
+ * Flags for SSL methods
+ */
+# define SSL_METHOD_NO_FIPS (1U<<0)
+# define SSL_METHOD_NO_SUITEB (1U<<1)
+
+# define IMPLEMENT_tls_meth_func(version, flags, mask, func_name, s_accept, \
+ s_connect, enc_data) \
+const SSL_METHOD *func_name(void) \
+ { \
+ static const SSL_METHOD func_name##_data= { \
+ version, \
+ flags, \
+ mask, \
+ tls1_new, \
+ tls1_clear, \
+ tls1_free, \
+ s_accept, \
+ s_connect, \
+ ssl3_read, \
+ ssl3_peek, \
+ ssl3_write, \
+ ssl3_shutdown, \
+ ssl3_renegotiate, \
+ ssl3_renegotiate_check, \
+ ssl3_read_bytes, \
+ ssl3_write_bytes, \
+ ssl3_dispatch_alert, \
+ ssl3_ctrl, \
+ ssl3_ctx_ctrl, \
+ ssl3_get_cipher_by_char, \
+ ssl3_put_cipher_by_char, \
+ ssl3_pending, \
+ ssl3_num_ciphers, \
+ ssl3_get_cipher, \
+ tls1_default_timeout, \
+ &enc_data, \
+ ssl_undefined_void_function, \
+ ssl3_callback_ctrl, \
+ ssl3_ctx_callback_ctrl, \
+ }; \
+ return &func_name##_data; \
+ }
+
+# define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect) \
+const SSL_METHOD *func_name(void) \
+ { \
+ static const SSL_METHOD func_name##_data= { \
+ SSL3_VERSION, \
+ SSL_METHOD_NO_FIPS | SSL_METHOD_NO_SUITEB, \
+ SSL_OP_NO_SSLv3, \
+ ssl3_new, \
+ ssl3_clear, \
+ ssl3_free, \
+ s_accept, \
+ s_connect, \
+ ssl3_read, \
+ ssl3_peek, \
+ ssl3_write, \
+ ssl3_shutdown, \
+ ssl3_renegotiate, \
+ ssl3_renegotiate_check, \
+ ssl3_read_bytes, \
+ ssl3_write_bytes, \
+ ssl3_dispatch_alert, \
+ ssl3_ctrl, \
+ ssl3_ctx_ctrl, \
+ ssl3_get_cipher_by_char, \
+ ssl3_put_cipher_by_char, \
+ ssl3_pending, \
+ ssl3_num_ciphers, \
+ ssl3_get_cipher, \
+ ssl3_default_timeout, \
+ &SSLv3_enc_data, \
+ ssl_undefined_void_function, \
+ ssl3_callback_ctrl, \
+ ssl3_ctx_callback_ctrl, \
+ }; \
+ return &func_name##_data; \
+ }
+
+# define IMPLEMENT_dtls1_meth_func(version, flags, mask, func_name, s_accept, \
+ s_connect, enc_data) \
+const SSL_METHOD *func_name(void) \
+ { \
+ static const SSL_METHOD func_name##_data= { \
+ version, \
+ flags, \
+ mask, \
+ dtls1_new, \
+ dtls1_clear, \
+ dtls1_free, \
+ s_accept, \
+ s_connect, \
+ ssl3_read, \
+ ssl3_peek, \
+ ssl3_write, \
+ dtls1_shutdown, \
+ ssl3_renegotiate, \
+ ssl3_renegotiate_check, \
+ dtls1_read_bytes, \
+ dtls1_write_app_data_bytes, \
+ dtls1_dispatch_alert, \
+ dtls1_ctrl, \
+ ssl3_ctx_ctrl, \
+ ssl3_get_cipher_by_char, \
+ ssl3_put_cipher_by_char, \
+ ssl3_pending, \
+ ssl3_num_ciphers, \
+ ssl3_get_cipher, \
+ dtls1_default_timeout, \
+ &enc_data, \
+ ssl_undefined_void_function, \
+ ssl3_callback_ctrl, \
+ ssl3_ctx_callback_ctrl, \
+ }; \
+ return &func_name##_data; \
+ }
+
+struct openssl_ssl_test_functions {
+ int (*p_ssl_init_wbio_buffer) (SSL *s);
+ int (*p_ssl3_setup_buffers) (SSL *s);
+};
+
+const char *ssl_protocol_to_string(int version);
+
+/* Returns true if certificate and private key for 'idx' are present */
+static ossl_inline int ssl_has_cert(const SSL *s, int idx)
+{
+ if (idx < 0 || idx >= SSL_PKEY_NUM)
+ return 0;
+ return s->cert->pkeys[idx].x509 != NULL
+ && s->cert->pkeys[idx].privatekey != NULL;
+}
+
+static ossl_inline void tls1_get_peer_groups(SSL *s, const uint16_t **pgroups,
+ size_t *pgroupslen)
+{
+ *pgroups = s->ext.peer_supportedgroups;
+ *pgroupslen = s->ext.peer_supportedgroups_len;
+}
+
+# ifndef OPENSSL_UNIT_TEST
+
+__owur int ssl_read_internal(SSL *s, void *buf, size_t num, size_t *readbytes);
+__owur int ssl_write_internal(SSL *s, const void *buf, size_t num, size_t *written);
+void ssl_clear_cipher_ctx(SSL *s);
+int ssl_clear_bad_session(SSL *s);
+__owur CERT *ssl_cert_new(void);
+__owur CERT *ssl_cert_dup(CERT *cert);
+void ssl_cert_clear_certs(CERT *c);
+void ssl_cert_free(CERT *c);
+__owur int ssl_generate_session_id(SSL *s, SSL_SESSION *ss);
+__owur int ssl_get_new_session(SSL *s, int session);
+__owur SSL_SESSION *lookup_sess_in_cache(SSL *s, const unsigned char *sess_id,
+ size_t sess_id_len);
+__owur int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello);
+__owur SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket);
+__owur int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b);
+DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
+__owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
+ const SSL_CIPHER *const *bp);
+__owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
+ STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
+ STACK_OF(SSL_CIPHER) **cipher_list,
+ STACK_OF(SSL_CIPHER) **cipher_list_by_id,
+ const char *rule_str,
+ CERT *c);
+__owur int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format);
+__owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
+ STACK_OF(SSL_CIPHER) **skp,
+ STACK_OF(SSL_CIPHER) **scsvs, int sslv2format,
+ int fatal);
+void ssl_update_cache(SSL *s, int mode);
+__owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
+ const EVP_MD **md, int *mac_pkey_type,
+ size_t *mac_secret_size, SSL_COMP **comp,
+ int use_etm);
+__owur int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead,
+ size_t *int_overhead, size_t *blocksize,
+ size_t *ext_overhead);
+__owur int ssl_cert_is_disabled(size_t idx);
+__owur const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl,
+ const unsigned char *ptr,
+ int all);
+__owur int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain);
+__owur int ssl_cert_set1_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain);
+__owur int ssl_cert_add0_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x);
+__owur int ssl_cert_add1_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x);
+__owur int ssl_cert_select_current(CERT *c, X509 *x);
+__owur int ssl_cert_set_current(CERT *c, long arg);
+void ssl_cert_set_cert_cb(CERT *c, int (*cb) (SSL *ssl, void *arg), void *arg);
+
+__owur int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk);
+__owur int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags);
+__owur int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain,
+ int ref);
+__owur int ssl_cert_get_cert_store(CERT *c, X509_STORE **pstore, int chain);
+
+__owur int ssl_security(const SSL *s, int op, int bits, int nid, void *other);
+__owur int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid,
+ void *other);
+int ssl_get_security_level_bits(const SSL *s, const SSL_CTX *ctx, int *levelp);
+
+__owur int ssl_cert_lookup_by_nid(int nid, size_t *pidx);
+__owur const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk,
+ size_t *pidx);
+__owur const SSL_CERT_LOOKUP *ssl_cert_lookup_by_idx(size_t idx);
+
+int ssl_undefined_function(SSL *s);
+__owur int ssl_undefined_void_function(void);
+__owur int ssl_undefined_const_function(const SSL *s);
+__owur int ssl_get_server_cert_serverinfo(SSL *s,
+ const unsigned char **serverinfo,
+ size_t *serverinfo_length);
+void ssl_set_masks(SSL *s);
+__owur STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
+__owur int ssl_x509err2alert(int type);
+void ssl_sort_cipher_list(void);
+int ssl_load_ciphers(void);
+__owur int ssl_fill_hello_random(SSL *s, int server, unsigned char *field,
+ size_t len, DOWNGRADE dgrd);
+__owur int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
+ int free_pms);
+__owur EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm);
+__owur int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey,
+ int genmaster);
+__owur EVP_PKEY *ssl_dh_to_pkey(DH *dh);
+__owur unsigned int ssl_get_max_send_fragment(const SSL *ssl);
+__owur unsigned int ssl_get_split_send_fragment(const SSL *ssl);
+
+__owur const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id);
+__owur const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname);
+__owur const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
+__owur int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt,
+ size_t *len);
+int ssl3_init_finished_mac(SSL *s);
+__owur int ssl3_setup_key_block(SSL *s);
+__owur int ssl3_change_cipher_state(SSL *s, int which);
+void ssl3_cleanup_key_block(SSL *s);
+__owur int ssl3_do_write(SSL *s, int type);
+int ssl3_send_alert(SSL *s, int level, int desc);
+__owur int ssl3_generate_master_secret(SSL *s, unsigned char *out,
+ unsigned char *p, size_t len,
+ size_t *secret_size);
+__owur int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt);
+__owur int ssl3_num_ciphers(void);
+__owur const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
+int ssl3_renegotiate(SSL *ssl);
+int ssl3_renegotiate_check(SSL *ssl, int initok);
+__owur int ssl3_dispatch_alert(SSL *s);
+__owur size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t slen,
+ unsigned char *p);
+__owur int ssl3_finish_mac(SSL *s, const unsigned char *buf, size_t len);
+void ssl3_free_digest_list(SSL *s);
+__owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt,
+ CERT_PKEY *cpk);
+__owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,
+ STACK_OF(SSL_CIPHER) *clnt,
+ STACK_OF(SSL_CIPHER) *srvr);
+__owur int ssl3_digest_cached_records(SSL *s, int keep);
+__owur int ssl3_new(SSL *s);
+void ssl3_free(SSL *s);
+__owur int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes);
+__owur int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes);
+__owur int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written);
+__owur int ssl3_shutdown(SSL *s);
+int ssl3_clear(SSL *s);
+__owur long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg);
+__owur long ssl3_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg);
+__owur long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void));
+__owur long ssl3_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp) (void));
+
+__owur int ssl3_do_change_cipher_spec(SSL *ssl);
+__owur long ssl3_default_timeout(void);
+
+__owur int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype);
+__owur int tls_close_construct_packet(SSL *s, WPACKET *pkt, int htype);
+__owur int tls_setup_handshake(SSL *s);
+__owur int dtls1_set_handshake_header(SSL *s, WPACKET *pkt, int htype);
+__owur int dtls1_close_construct_packet(SSL *s, WPACKET *pkt, int htype);
+__owur int ssl3_handshake_write(SSL *s);
+
+__owur int ssl_allow_compression(SSL *s);
+
+__owur int ssl_version_supported(const SSL *s, int version,
+ const SSL_METHOD **meth);
+
+__owur int ssl_set_client_hello_version(SSL *s);
+__owur int ssl_check_version_downgrade(SSL *s);
+__owur int ssl_set_version_bound(int method_version, int version, int *bound);
+__owur int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello,
+ DOWNGRADE *dgrd);
+__owur int ssl_choose_client_version(SSL *s, int version,
+ RAW_EXTENSION *extensions);
+__owur int ssl_get_min_max_version(const SSL *s, int *min_version,
+ int *max_version, int *real_max);
+
+__owur long tls1_default_timeout(void);
+__owur int dtls1_do_write(SSL *s, int type);
+void dtls1_set_message_header(SSL *s,
+ unsigned char mt,
+ size_t len,
+ size_t frag_off, size_t frag_len);
+
+int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, size_t len,
+ size_t *written);
+
+__owur int dtls1_read_failed(SSL *s, int code);
+__owur int dtls1_buffer_message(SSL *s, int ccs);
+__owur int dtls1_retransmit_message(SSL *s, unsigned short seq, int *found);
+__owur int dtls1_get_queue_priority(unsigned short seq, int is_ccs);
+int dtls1_retransmit_buffered_messages(SSL *s);
+void dtls1_clear_received_buffer(SSL *s);
+void dtls1_clear_sent_buffer(SSL *s);
+void dtls1_get_message_header(unsigned char *data,
+ struct hm_header_st *msg_hdr);
+__owur long dtls1_default_timeout(void);
+__owur struct timeval *dtls1_get_timeout(SSL *s, struct timeval *timeleft);
+__owur int dtls1_check_timeout_num(SSL *s);
+__owur int dtls1_handle_timeout(SSL *s);
+void dtls1_start_timer(SSL *s);
+void dtls1_stop_timer(SSL *s);
+__owur int dtls1_is_timer_expired(SSL *s);
+__owur int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie,
+ size_t cookie_len);
+__owur size_t dtls1_min_mtu(SSL *s);
+void dtls1_hm_fragment_free(hm_fragment *frag);
+__owur int dtls1_query_mtu(SSL *s);
+
+__owur int tls1_new(SSL *s);
+void tls1_free(SSL *s);
+int tls1_clear(SSL *s);
+
+__owur int dtls1_new(SSL *s);
+void dtls1_free(SSL *s);
+int dtls1_clear(SSL *s);
+long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg);
+__owur int dtls1_shutdown(SSL *s);
+
+__owur int dtls1_dispatch_alert(SSL *s);
+
+__owur int ssl_init_wbio_buffer(SSL *s);
+int ssl_free_wbio_buffer(SSL *s);
+
+__owur int tls1_change_cipher_state(SSL *s, int which);
+__owur int tls1_setup_key_block(SSL *s);
+__owur size_t tls1_final_finish_mac(SSL *s, const char *str, size_t slen,
+ unsigned char *p);
+__owur int tls1_generate_master_secret(SSL *s, unsigned char *out,
+ unsigned char *p, size_t len,
+ size_t *secret_size);
+__owur int tls13_setup_key_block(SSL *s);
+__owur size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen,
+ unsigned char *p);
+__owur int tls13_change_cipher_state(SSL *s, int which);
+__owur int tls13_update_key(SSL *s, int send);
+__owur int tls13_hkdf_expand(SSL *s, const EVP_MD *md,
+ const unsigned char *secret,
+ const unsigned char *label, size_t labellen,
+ const unsigned char *data, size_t datalen,
+ unsigned char *out, size_t outlen, int fatal);
+__owur int tls13_derive_key(SSL *s, const EVP_MD *md,
+ const unsigned char *secret, unsigned char *key,
+ size_t keylen);
+__owur int tls13_derive_iv(SSL *s, const EVP_MD *md,
+ const unsigned char *secret, unsigned char *iv,
+ size_t ivlen);
+__owur int tls13_derive_finishedkey(SSL *s, const EVP_MD *md,
+ const unsigned char *secret,
+ unsigned char *fin, size_t finlen);
+int tls13_generate_secret(SSL *s, const EVP_MD *md,
+ const unsigned char *prevsecret,
+ const unsigned char *insecret,
+ size_t insecretlen,
+ unsigned char *outsecret);
+__owur int tls13_generate_handshake_secret(SSL *s,
+ const unsigned char *insecret,
+ size_t insecretlen);
+__owur int tls13_generate_master_secret(SSL *s, unsigned char *out,
+ unsigned char *prev, size_t prevlen,
+ size_t *secret_size);
+__owur int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
+ const char *label, size_t llen,
+ const unsigned char *p, size_t plen,
+ int use_context);
+__owur int tls13_export_keying_material(SSL *s, unsigned char *out, size_t olen,
+ const char *label, size_t llen,
+ const unsigned char *context,
+ size_t contextlen, int use_context);
+__owur int tls13_export_keying_material_early(SSL *s, unsigned char *out,
+ size_t olen, const char *label,
+ size_t llen,
+ const unsigned char *context,
+ size_t contextlen);
+__owur int tls1_alert_code(int code);
+__owur int tls13_alert_code(int code);
+__owur int ssl3_alert_code(int code);
+
+# ifndef OPENSSL_NO_EC
+__owur int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s);
+# endif
+
+SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
+
+# ifndef OPENSSL_NO_EC
+
+__owur const TLS_GROUP_INFO *tls1_group_id_lookup(uint16_t curve_id);
+__owur int tls1_check_group_id(SSL *s, uint16_t group_id, int check_own_curves);
+__owur uint16_t tls1_shared_group(SSL *s, int nmatch);
+__owur int tls1_set_groups(uint16_t **pext, size_t *pextlen,
+ int *curves, size_t ncurves);
+__owur int tls1_set_groups_list(uint16_t **pext, size_t *pextlen,
+ const char *str);
+void tls1_get_formatlist(SSL *s, const unsigned char **pformats,
+ size_t *num_formats);
+__owur int tls1_check_ec_tmp_key(SSL *s, unsigned long id);
+__owur EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id);
+__owur EVP_PKEY *ssl_generate_param_group(uint16_t id);
+# endif /* OPENSSL_NO_EC */
+
+__owur int tls_curve_allowed(SSL *s, uint16_t curve, int op);
+void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups,
+ size_t *pgroupslen);
+
+__owur int tls1_set_server_sigalgs(SSL *s);
+
+__owur SSL_TICKET_STATUS tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello,
+ SSL_SESSION **ret);
+__owur SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick,
+ size_t eticklen,
+ const unsigned char *sess_id,
+ size_t sesslen, SSL_SESSION **psess);
+
+__owur int tls_use_ticket(SSL *s);
+
+void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op);
+
+__owur int tls1_set_sigalgs_list(CERT *c, const char *str, int client);
+__owur int tls1_set_raw_sigalgs(CERT *c, const uint16_t *psigs, size_t salglen,
+ int client);
+__owur int tls1_set_sigalgs(CERT *c, const int *salg, size_t salglen,
+ int client);
+int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
+ int idx);
+void tls1_set_cert_validity(SSL *s);
+
+# ifndef OPENSSL_NO_CT
+__owur int ssl_validate_ct(SSL *s);
+# endif
+
+# ifndef OPENSSL_NO_DH
+__owur DH *ssl_get_auto_dh(SSL *s);
+# endif
+
+__owur int ssl_security_cert(SSL *s, SSL_CTX *ctx, X509 *x, int vfy, int is_ee);
+__owur int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *ex,
+ int vfy);
+
+int tls_choose_sigalg(SSL *s, int fatalerrs);
+
+__owur EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md);
+void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
+__owur long ssl_get_algorithm2(SSL *s);
+__owur int tls12_copy_sigalgs(SSL *s, WPACKET *pkt,
+ const uint16_t *psig, size_t psiglen);
+__owur int tls1_save_u16(PACKET *pkt, uint16_t **pdest, size_t *pdestlen);
+__owur int tls1_save_sigalgs(SSL *s, PACKET *pkt, int cert);
+__owur int tls1_process_sigalgs(SSL *s);
+__owur int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey);
+__owur int tls1_lookup_md(const SIGALG_LOOKUP *lu, const EVP_MD **pmd);
+__owur size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs);
+# ifndef OPENSSL_NO_EC
+__owur int tls_check_sigalg_curve(const SSL *s, int curve);
+# endif
+__owur int tls12_check_peer_sigalg(SSL *s, uint16_t, EVP_PKEY *pkey);
+__owur int ssl_set_client_disabled(SSL *s);
+__owur int ssl_cipher_disabled(const SSL *s, const SSL_CIPHER *c, int op, int echde);
+
+__owur int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen,
+ size_t *hashlen);
+__owur const EVP_MD *ssl_md(int idx);
+__owur const EVP_MD *ssl_handshake_md(SSL *s);
+__owur const EVP_MD *ssl_prf_md(SSL *s);
+
+/*
+ * ssl_log_rsa_client_key_exchange logs |premaster| to the SSL_CTX associated
+ * with |ssl|, if logging is enabled. It returns one on success and zero on
+ * failure. The entry is identified by the first 8 bytes of
+ * |encrypted_premaster|.
+ */
+__owur int ssl_log_rsa_client_key_exchange(SSL *ssl,
+ const uint8_t *encrypted_premaster,
+ size_t encrypted_premaster_len,
+ const uint8_t *premaster,
+ size_t premaster_len);
+
+/*
+ * ssl_log_secret logs |secret| to the SSL_CTX associated with |ssl|, if
+ * logging is available. It returns one on success and zero on failure. It tags
+ * the entry with |label|.
+ */
+__owur int ssl_log_secret(SSL *ssl, const char *label,
+ const uint8_t *secret, size_t secret_len);
+
+#define MASTER_SECRET_LABEL "CLIENT_RANDOM"
+#define CLIENT_EARLY_LABEL "CLIENT_EARLY_TRAFFIC_SECRET"
+#define CLIENT_HANDSHAKE_LABEL "CLIENT_HANDSHAKE_TRAFFIC_SECRET"
+#define SERVER_HANDSHAKE_LABEL "SERVER_HANDSHAKE_TRAFFIC_SECRET"
+#define CLIENT_APPLICATION_LABEL "CLIENT_TRAFFIC_SECRET_0"
+#define SERVER_APPLICATION_LABEL "SERVER_TRAFFIC_SECRET_0"
+#define EARLY_EXPORTER_SECRET_LABEL "EARLY_EXPORTER_SECRET"
+#define EXPORTER_SECRET_LABEL "EXPORTER_SECRET"
+
+/* s3_cbc.c */
+__owur char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
+__owur int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
+ unsigned char *md_out,
+ size_t *md_out_size,
+ const unsigned char *header,
+ const unsigned char *data,
+ size_t data_plus_mac_size,
+ size_t data_plus_mac_plus_padding_size,
+ const unsigned char *mac_secret,
+ size_t mac_secret_length, char is_sslv3);
+
+__owur int srp_generate_server_master_secret(SSL *s);
+__owur int srp_generate_client_master_secret(SSL *s);
+__owur int srp_verify_server_param(SSL *s);
+
+/* statem/statem_srvr.c */
+
+__owur int send_certificate_request(SSL *s);
+
+/* statem/extensions_cust.c */
+
+custom_ext_method *custom_ext_find(const custom_ext_methods *exts,
+ ENDPOINT role, unsigned int ext_type,
+ size_t *idx);
+
+void custom_ext_init(custom_ext_methods *meths);
+
+__owur int custom_ext_parse(SSL *s, unsigned int context, unsigned int ext_type,
+ const unsigned char *ext_data, size_t ext_size,
+ X509 *x, size_t chainidx);
+__owur int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x,
+ size_t chainidx, int maxversion);
+
+__owur int custom_exts_copy(custom_ext_methods *dst,
+ const custom_ext_methods *src);
+__owur int custom_exts_copy_flags(custom_ext_methods *dst,
+ const custom_ext_methods *src);
+void custom_exts_free(custom_ext_methods *exts);
+
+void ssl_comp_free_compression_methods_int(void);
+
+/* ssl_mcnf.c */
+void ssl_ctx_system_config(SSL_CTX *ctx);
+
+# else /* OPENSSL_UNIT_TEST */
+
+# define ssl_init_wbio_buffer SSL_test_functions()->p_ssl_init_wbio_buffer
+# define ssl3_setup_buffers SSL_test_functions()->p_ssl3_setup_buffers
+
+# endif
+#endif
Index: sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/ssl/ssl_sess.c
===================================================================
--- sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/ssl/ssl_sess.c (nonexistent)
+++ sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/ssl/ssl_sess.c (revision 420)
@@ -0,0 +1,1299 @@
+/*
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/rand.h>
+#include <openssl/engine.h>
+#include "internal/refcount.h"
+#include "internal/cryptlib.h"
+#include "ssl_local.h"
+#include "statem/statem_local.h"
+
+static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
+static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s);
+static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);
+
+/*
+ * SSL_get_session() and SSL_get1_session() are problematic in TLS1.3 because,
+ * unlike in earlier protocol versions, the session ticket may not have been
+ * sent yet even though a handshake has finished. The session ticket data could
+ * come in sometime later...or even change if multiple session ticket messages
+ * are sent from the server. The preferred way for applications to obtain
+ * a resumable session is to use SSL_CTX_sess_set_new_cb().
+ */
+
+SSL_SESSION *SSL_get_session(const SSL *ssl)
+/* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */
+{
+ return ssl->session;
+}
+
+SSL_SESSION *SSL_get1_session(SSL *ssl)
+/* variant of SSL_get_session: caller really gets something */
+{
+ SSL_SESSION *sess;
+ /*
+ * Need to lock this all up rather than just use CRYPTO_add so that
+ * somebody doesn't free ssl->session between when we check it's non-null
+ * and when we up the reference count.
+ */
+ CRYPTO_THREAD_read_lock(ssl->lock);
+ sess = ssl->session;
+ if (sess)
+ SSL_SESSION_up_ref(sess);
+ CRYPTO_THREAD_unlock(ssl->lock);
+ return sess;
+}
+
+int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg)
+{
+ return CRYPTO_set_ex_data(&s->ex_data, idx, arg);
+}
+
+void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx)
+{
+ return CRYPTO_get_ex_data(&s->ex_data, idx);
+}
+
+SSL_SESSION *SSL_SESSION_new(void)
+{
+ SSL_SESSION *ss;
+
+ if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL))
+ return NULL;
+
+ ss = OPENSSL_zalloc(sizeof(*ss));
+ if (ss == NULL) {
+ SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+
+ ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */
+ ss->references = 1;
+ ss->timeout = 60 * 5 + 4; /* 5 minute timeout by default */
+ ss->time = (unsigned long)time(NULL);
+ ss->lock = CRYPTO_THREAD_lock_new();
+ if (ss->lock == NULL) {
+ SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE);
+ OPENSSL_free(ss);
+ return NULL;
+ }
+
+ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data)) {
+ CRYPTO_THREAD_lock_free(ss->lock);
+ OPENSSL_free(ss);
+ return NULL;
+ }
+ return ss;
+}
+
+/*
+ * Create a new SSL_SESSION and duplicate the contents of |src| into it. If
+ * ticket == 0 then no ticket information is duplicated, otherwise it is.
+ */
+static SSL_SESSION *ssl_session_dup_intern(const SSL_SESSION *src, int ticket)
+{
+ SSL_SESSION *dest;
+
+ dest = OPENSSL_malloc(sizeof(*dest));
+ if (dest == NULL) {
+ goto err;
+ }
+ memcpy(dest, src, sizeof(*dest));
+
+ /*
+ * Set the various pointers to NULL so that we can call SSL_SESSION_free in
+ * the case of an error whilst halfway through constructing dest
+ */
+#ifndef OPENSSL_NO_PSK
+ dest->psk_identity_hint = NULL;
+ dest->psk_identity = NULL;
+#endif
+ dest->ext.hostname = NULL;
+ dest->ext.tick = NULL;
+ dest->ext.alpn_selected = NULL;
+#ifndef OPENSSL_NO_SRP
+ dest->srp_username = NULL;
+#endif
+ dest->peer_chain = NULL;
+ dest->peer = NULL;
+ dest->ticket_appdata = NULL;
+ memset(&dest->ex_data, 0, sizeof(dest->ex_data));
+
+ /* We deliberately don't copy the prev and next pointers */
+ dest->prev = NULL;
+ dest->next = NULL;
+
+ dest->references = 1;
+
+ dest->lock = CRYPTO_THREAD_lock_new();
+ if (dest->lock == NULL) {
+ OPENSSL_free(dest);
+ dest = NULL;
+ goto err;
+ }
+
+ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, dest, &dest->ex_data))
+ goto err;
+
+ if (src->peer != NULL) {
+ if (!X509_up_ref(src->peer))
+ goto err;
+ dest->peer = src->peer;
+ }
+
+ if (src->peer_chain != NULL) {
+ dest->peer_chain = X509_chain_up_ref(src->peer_chain);
+ if (dest->peer_chain == NULL)
+ goto err;
+ }
+#ifndef OPENSSL_NO_PSK
+ if (src->psk_identity_hint) {
+ dest->psk_identity_hint = OPENSSL_strdup(src->psk_identity_hint);
+ if (dest->psk_identity_hint == NULL) {
+ goto err;
+ }
+ }
+ if (src->psk_identity) {
+ dest->psk_identity = OPENSSL_strdup(src->psk_identity);
+ if (dest->psk_identity == NULL) {
+ goto err;
+ }
+ }
+#endif
+
+ if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION,
+ &dest->ex_data, &src->ex_data)) {
+ goto err;
+ }
+
+ if (src->ext.hostname) {
+ dest->ext.hostname = OPENSSL_strdup(src->ext.hostname);
+ if (dest->ext.hostname == NULL) {
+ goto err;
+ }
+ }
+
+ if (ticket != 0 && src->ext.tick != NULL) {
+ dest->ext.tick =
+ OPENSSL_memdup(src->ext.tick, src->ext.ticklen);
+ if (dest->ext.tick == NULL)
+ goto err;
+ } else {
+ dest->ext.tick_lifetime_hint = 0;
+ dest->ext.ticklen = 0;
+ }
+
+ if (src->ext.alpn_selected != NULL) {
+ dest->ext.alpn_selected = OPENSSL_memdup(src->ext.alpn_selected,
+ src->ext.alpn_selected_len);
+ if (dest->ext.alpn_selected == NULL)
+ goto err;
+ }
+
+#ifndef OPENSSL_NO_SRP
+ if (src->srp_username) {
+ dest->srp_username = OPENSSL_strdup(src->srp_username);
+ if (dest->srp_username == NULL) {
+ goto err;
+ }
+ }
+#endif
+
+ if (src->ticket_appdata != NULL) {
+ dest->ticket_appdata =
+ OPENSSL_memdup(src->ticket_appdata, src->ticket_appdata_len);
+ if (dest->ticket_appdata == NULL)
+ goto err;
+ }
+
+ return dest;
+ err:
+ SSLerr(SSL_F_SSL_SESSION_DUP, ERR_R_MALLOC_FAILURE);
+ SSL_SESSION_free(dest);
+ return NULL;
+}
+
+SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src)
+{
+ return ssl_session_dup_intern(src, 1);
+}
+
+/*
+ * Used internally when duplicating a session which might be already shared.
+ * We will have resumed the original session. Subsequently we might have marked
+ * it as non-resumable (e.g. in another thread) - but this copy should be ok to
+ * resume from.
+ */
+SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
+{
+ SSL_SESSION *sess = ssl_session_dup_intern(src, ticket);
+
+ if (sess != NULL)
+ sess->not_resumable = 0;
+
+ return sess;
+}
+
+const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
+{
+ if (len)
+ *len = (unsigned int)s->session_id_length;
+ return s->session_id;
+}
+const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s,
+ unsigned int *len)
+{
+ if (len != NULL)
+ *len = (unsigned int)s->sid_ctx_length;
+ return s->sid_ctx;
+}
+
+unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s)
+{
+ return s->compress_meth;
+}
+
+/*
+ * SSLv3/TLSv1 has 32 bytes (256 bits) of session ID space. As such, filling
+ * the ID with random junk repeatedly until we have no conflict is going to
+ * complete in one iteration pretty much "most" of the time (btw:
+ * understatement). So, if it takes us 10 iterations and we still can't avoid
+ * a conflict - well that's a reasonable point to call it quits. Either the
+ * RAND code is broken or someone is trying to open roughly very close to
+ * 2^256 SSL sessions to our server. How you might store that many sessions
+ * is perhaps a more interesting question ...
+ */
+
+#define MAX_SESS_ID_ATTEMPTS 10
+static int def_generate_session_id(SSL *ssl, unsigned char *id,
+ unsigned int *id_len)
+{
+ unsigned int retry = 0;
+ do
+ if (RAND_bytes(id, *id_len) <= 0)
+ return 0;
+ while (SSL_has_matching_session_id(ssl, id, *id_len) &&
+ (++retry < MAX_SESS_ID_ATTEMPTS)) ;
+ if (retry < MAX_SESS_ID_ATTEMPTS)
+ return 1;
+ /* else - woops a session_id match */
+ /*
+ * XXX We should also check the external cache -- but the probability of
+ * a collision is negligible, and we could not prevent the concurrent
+ * creation of sessions with identical IDs since we currently don't have
+ * means to atomically check whether a session ID already exists and make
+ * a reservation for it if it does not (this problem applies to the
+ * internal cache as well).
+ */
+ return 0;
+}
+
+int ssl_generate_session_id(SSL *s, SSL_SESSION *ss)
+{
+ unsigned int tmp;
+ GEN_SESSION_CB cb = def_generate_session_id;
+
+ switch (s->version) {
+ case SSL3_VERSION:
+ case TLS1_VERSION:
+ case TLS1_1_VERSION:
+ case TLS1_2_VERSION:
+ case TLS1_3_VERSION:
+ case DTLS1_BAD_VER:
+ case DTLS1_VERSION:
+ case DTLS1_2_VERSION:
+ ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
+ break;
+ default:
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_SESSION_ID,
+ SSL_R_UNSUPPORTED_SSL_VERSION);
+ return 0;
+ }
+
+ /*-
+ * If RFC5077 ticket, use empty session ID (as server).
+ * Note that:
+ * (a) ssl_get_prev_session() does lookahead into the
+ * ClientHello extensions to find the session ticket.
+ * When ssl_get_prev_session() fails, statem_srvr.c calls
+ * ssl_get_new_session() in tls_process_client_hello().
+ * At that point, it has not yet parsed the extensions,
+ * however, because of the lookahead, it already knows
+ * whether a ticket is expected or not.
+ *
+ * (b) statem_clnt.c calls ssl_get_new_session() before parsing
+ * ServerHello extensions, and before recording the session
+ * ID received from the server, so this block is a noop.
+ */
+ if (s->ext.ticket_expected) {
+ ss->session_id_length = 0;
+ return 1;
+ }
+
+ /* Choose which callback will set the session ID */
+ CRYPTO_THREAD_read_lock(s->lock);
+ CRYPTO_THREAD_read_lock(s->session_ctx->lock);
+ if (s->generate_session_id)
+ cb = s->generate_session_id;
+ else if (s->session_ctx->generate_session_id)
+ cb = s->session_ctx->generate_session_id;
+ CRYPTO_THREAD_unlock(s->session_ctx->lock);
+ CRYPTO_THREAD_unlock(s->lock);
+ /* Choose a session ID */
+ memset(ss->session_id, 0, ss->session_id_length);
+ tmp = (int)ss->session_id_length;
+ if (!cb(s, ss->session_id, &tmp)) {
+ /* The callback failed */
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_SESSION_ID,
+ SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);
+ return 0;
+ }
+ /*
+ * Don't allow the callback to set the session length to zero. nor
+ * set it higher than it was.
+ */
+ if (tmp == 0 || tmp > ss->session_id_length) {
+ /* The callback set an illegal length */
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_SESSION_ID,
+ SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH);
+ return 0;
+ }
+ ss->session_id_length = tmp;
+ /* Finally, check for a conflict */
+ if (SSL_has_matching_session_id(s, ss->session_id,
+ (unsigned int)ss->session_id_length)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_SESSION_ID,
+ SSL_R_SSL_SESSION_ID_CONFLICT);
+ return 0;
+ }
+
+ return 1;
+}
+
+int ssl_get_new_session(SSL *s, int session)
+{
+ /* This gets used by clients and servers. */
+
+ SSL_SESSION *ss = NULL;
+
+ if ((ss = SSL_SESSION_new()) == NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GET_NEW_SESSION,
+ ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
+ /* If the context has a default timeout, use it */
+ if (s->session_ctx->session_timeout == 0)
+ ss->timeout = SSL_get_default_timeout(s);
+ else
+ ss->timeout = s->session_ctx->session_timeout;
+
+ SSL_SESSION_free(s->session);
+ s->session = NULL;
+
+ if (session) {
+ if (SSL_IS_TLS13(s)) {
+ /*
+ * We generate the session id while constructing the
+ * NewSessionTicket in TLSv1.3.
+ */
+ ss->session_id_length = 0;
+ } else if (!ssl_generate_session_id(s, ss)) {
+ /* SSLfatal() already called */
+ SSL_SESSION_free(ss);
+ return 0;
+ }
+
+ } else {
+ ss->session_id_length = 0;
+ }
+
+ if (s->sid_ctx_length > sizeof(ss->sid_ctx)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GET_NEW_SESSION,
+ ERR_R_INTERNAL_ERROR);
+ SSL_SESSION_free(ss);
+ return 0;
+ }
+ memcpy(ss->sid_ctx, s->sid_ctx, s->sid_ctx_length);
+ ss->sid_ctx_length = s->sid_ctx_length;
+ s->session = ss;
+ ss->ssl_version = s->version;
+ ss->verify_result = X509_V_OK;
+
+ /* If client supports extended master secret set it in session */
+ if (s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS)
+ ss->flags |= SSL_SESS_FLAG_EXTMS;
+
+ return 1;
+}
+
+SSL_SESSION *lookup_sess_in_cache(SSL *s, const unsigned char *sess_id,
+ size_t sess_id_len)
+{
+ SSL_SESSION *ret = NULL;
+
+ if ((s->session_ctx->session_cache_mode
+ & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP) == 0) {
+ SSL_SESSION data;
+
+ data.ssl_version = s->version;
+ if (!ossl_assert(sess_id_len <= SSL_MAX_SSL_SESSION_ID_LENGTH))
+ return NULL;
+
+ memcpy(data.session_id, sess_id, sess_id_len);
+ data.session_id_length = sess_id_len;
+
+ CRYPTO_THREAD_read_lock(s->session_ctx->lock);
+ ret = lh_SSL_SESSION_retrieve(s->session_ctx->sessions, &data);
+ if (ret != NULL) {
+ /* don't allow other threads to steal it: */
+ SSL_SESSION_up_ref(ret);
+ }
+ CRYPTO_THREAD_unlock(s->session_ctx->lock);
+ if (ret == NULL)
+ tsan_counter(&s->session_ctx->stats.sess_miss);
+ }
+
+ if (ret == NULL && s->session_ctx->get_session_cb != NULL) {
+ int copy = 1;
+
+ ret = s->session_ctx->get_session_cb(s, sess_id, sess_id_len, ©);
+
+ if (ret != NULL) {
+ tsan_counter(&s->session_ctx->stats.sess_cb_hit);
+
+ /*
+ * Increment reference count now if the session callback asks us
+ * to do so (note that if the session structures returned by the
+ * callback are shared between threads, it must handle the
+ * reference count itself [i.e. copy == 0], or things won't be
+ * thread-safe).
+ */
+ if (copy)
+ SSL_SESSION_up_ref(ret);
+
+ /*
+ * Add the externally cached session to the internal cache as
+ * well if and only if we are supposed to.
+ */
+ if ((s->session_ctx->session_cache_mode &
+ SSL_SESS_CACHE_NO_INTERNAL_STORE) == 0) {
+ /*
+ * Either return value of SSL_CTX_add_session should not
+ * interrupt the session resumption process. The return
+ * value is intentionally ignored.
+ */
+ (void)SSL_CTX_add_session(s->session_ctx, ret);
+ }
+ }
+ }
+
+ return ret;
+}
+
+/*-
+ * ssl_get_prev attempts to find an SSL_SESSION to be used to resume this
+ * connection. It is only called by servers.
+ *
+ * hello: The parsed ClientHello data
+ *
+ * Returns:
+ * -1: fatal error
+ * 0: no session found
+ * 1: a session may have been found.
+ *
+ * Side effects:
+ * - If a session is found then s->session is pointed at it (after freeing an
+ * existing session if need be) and s->verify_result is set from the session.
+ * - Both for new and resumed sessions, s->ext.ticket_expected is set to 1
+ * if the server should issue a new session ticket (to 0 otherwise).
+ */
+int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello)
+{
+ /* This is used only by servers. */
+
+ SSL_SESSION *ret = NULL;
+ int fatal = 0;
+ int try_session_cache = 0;
+ SSL_TICKET_STATUS r;
+
+ if (SSL_IS_TLS13(s)) {
+ /*
+ * By default we will send a new ticket. This can be overridden in the
+ * ticket processing.
+ */
+ s->ext.ticket_expected = 1;
+ if (!tls_parse_extension(s, TLSEXT_IDX_psk_kex_modes,
+ SSL_EXT_CLIENT_HELLO, hello->pre_proc_exts,
+ NULL, 0)
+ || !tls_parse_extension(s, TLSEXT_IDX_psk, SSL_EXT_CLIENT_HELLO,
+ hello->pre_proc_exts, NULL, 0))
+ return -1;
+
+ ret = s->session;
+ } else {
+ /* sets s->ext.ticket_expected */
+ r = tls_get_ticket_from_client(s, hello, &ret);
+ switch (r) {
+ case SSL_TICKET_FATAL_ERR_MALLOC:
+ case SSL_TICKET_FATAL_ERR_OTHER:
+ fatal = 1;
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GET_PREV_SESSION,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ case SSL_TICKET_NONE:
+ case SSL_TICKET_EMPTY:
+ if (hello->session_id_len > 0) {
+ try_session_cache = 1;
+ ret = lookup_sess_in_cache(s, hello->session_id,
+ hello->session_id_len);
+ }
+ break;
+ case SSL_TICKET_NO_DECRYPT:
+ case SSL_TICKET_SUCCESS:
+ case SSL_TICKET_SUCCESS_RENEW:
+ break;
+ }
+ }
+
+ if (ret == NULL)
+ goto err;
+
+ /* Now ret is non-NULL and we own one of its reference counts. */
+
+ /* Check TLS version consistency */
+ if (ret->ssl_version != s->version)
+ goto err;
+
+ if (ret->sid_ctx_length != s->sid_ctx_length
+ || memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) {
+ /*
+ * We have the session requested by the client, but we don't want to
+ * use it in this context.
+ */
+ goto err; /* treat like cache miss */
+ }
+
+ if ((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) {
+ /*
+ * We can't be sure if this session is being used out of context,
+ * which is especially important for SSL_VERIFY_PEER. The application
+ * should have used SSL[_CTX]_set_session_id_context. For this error
+ * case, we generate an error instead of treating the event like a
+ * cache miss (otherwise it would be easy for applications to
+ * effectively disable the session cache by accident without anyone
+ * noticing).
+ */
+
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GET_PREV_SESSION,
+ SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
+ fatal = 1;
+ goto err;
+ }
+
+ if (ret->timeout < (long)(time(NULL) - ret->time)) { /* timeout */
+ tsan_counter(&s->session_ctx->stats.sess_timeout);
+ if (try_session_cache) {
+ /* session was from the cache, so remove it */
+ SSL_CTX_remove_session(s->session_ctx, ret);
+ }
+ goto err;
+ }
+
+ /* Check extended master secret extension consistency */
+ if (ret->flags & SSL_SESS_FLAG_EXTMS) {
+ /* If old session includes extms, but new does not: abort handshake */
+ if (!(s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS)) {
+ SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SSL_GET_PREV_SESSION,
+ SSL_R_INCONSISTENT_EXTMS);
+ fatal = 1;
+ goto err;
+ }
+ } else if (s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) {
+ /* If new session includes extms, but old does not: do not resume */
+ goto err;
+ }
+
+ if (!SSL_IS_TLS13(s)) {
+ /* We already did this for TLS1.3 */
+ SSL_SESSION_free(s->session);
+ s->session = ret;
+ }
+
+ tsan_counter(&s->session_ctx->stats.sess_hit);
+ s->verify_result = s->session->verify_result;
+ return 1;
+
+ err:
+ if (ret != NULL) {
+ SSL_SESSION_free(ret);
+ /* In TLSv1.3 s->session was already set to ret, so we NULL it out */
+ if (SSL_IS_TLS13(s))
+ s->session = NULL;
+
+ if (!try_session_cache) {
+ /*
+ * The session was from a ticket, so we should issue a ticket for
+ * the new session
+ */
+ s->ext.ticket_expected = 1;
+ }
+ }
+ if (fatal)
+ return -1;
+
+ return 0;
+}
+
+int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
+{
+ int ret = 0;
+ SSL_SESSION *s;
+
+ /*
+ * add just 1 reference count for the SSL_CTX's session cache even though
+ * it has two ways of access: each session is in a doubly linked list and
+ * an lhash
+ */
+ SSL_SESSION_up_ref(c);
+ /*
+ * if session c is in already in cache, we take back the increment later
+ */
+
+ CRYPTO_THREAD_write_lock(ctx->lock);
+ s = lh_SSL_SESSION_insert(ctx->sessions, c);
+
+ /*
+ * s != NULL iff we already had a session with the given PID. In this
+ * case, s == c should hold (then we did not really modify
+ * ctx->sessions), or we're in trouble.
+ */
+ if (s != NULL && s != c) {
+ /* We *are* in trouble ... */
+ SSL_SESSION_list_remove(ctx, s);
+ SSL_SESSION_free(s);
+ /*
+ * ... so pretend the other session did not exist in cache (we cannot
+ * handle two SSL_SESSION structures with identical session ID in the
+ * same cache, which could happen e.g. when two threads concurrently
+ * obtain the same session from an external cache)
+ */
+ s = NULL;
+ } else if (s == NULL &&
+ lh_SSL_SESSION_retrieve(ctx->sessions, c) == NULL) {
+ /* s == NULL can also mean OOM error in lh_SSL_SESSION_insert ... */
+
+ /*
+ * ... so take back the extra reference and also don't add
+ * the session to the SSL_SESSION_list at this time
+ */
+ s = c;
+ }
+
+ /* Put at the head of the queue unless it is already in the cache */
+ if (s == NULL)
+ SSL_SESSION_list_add(ctx, c);
+
+ if (s != NULL) {
+ /*
+ * existing cache entry -- decrement previously incremented reference
+ * count because it already takes into account the cache
+ */
+
+ SSL_SESSION_free(s); /* s == c */
+ ret = 0;
+ } else {
+ /*
+ * new cache entry -- remove old ones if cache has become too large
+ */
+
+ ret = 1;
+
+ if (SSL_CTX_sess_get_cache_size(ctx) > 0) {
+ while (SSL_CTX_sess_number(ctx) > SSL_CTX_sess_get_cache_size(ctx)) {
+ if (!remove_session_lock(ctx, ctx->session_cache_tail, 0))
+ break;
+ else
+ tsan_counter(&ctx->stats.sess_cache_full);
+ }
+ }
+ }
+ CRYPTO_THREAD_unlock(ctx->lock);
+ return ret;
+}
+
+int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c)
+{
+ return remove_session_lock(ctx, c, 1);
+}
+
+static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
+{
+ SSL_SESSION *r;
+ int ret = 0;
+
+ if ((c != NULL) && (c->session_id_length != 0)) {
+ if (lck)
+ CRYPTO_THREAD_write_lock(ctx->lock);
+ if ((r = lh_SSL_SESSION_retrieve(ctx->sessions, c)) != NULL) {
+ ret = 1;
+ r = lh_SSL_SESSION_delete(ctx->sessions, r);
+ SSL_SESSION_list_remove(ctx, r);
+ }
+ c->not_resumable = 1;
+
+ if (lck)
+ CRYPTO_THREAD_unlock(ctx->lock);
+
+ if (ctx->remove_session_cb != NULL)
+ ctx->remove_session_cb(ctx, c);
+
+ if (ret)
+ SSL_SESSION_free(r);
+ } else
+ ret = 0;
+ return ret;
+}
+
+void SSL_SESSION_free(SSL_SESSION *ss)
+{
+ int i;
+
+ if (ss == NULL)
+ return;
+ CRYPTO_DOWN_REF(&ss->references, &i, ss->lock);
+ REF_PRINT_COUNT("SSL_SESSION", ss);
+ if (i > 0)
+ return;
+ REF_ASSERT_ISNT(i < 0);
+
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
+
+ OPENSSL_cleanse(ss->master_key, sizeof(ss->master_key));
+ OPENSSL_cleanse(ss->session_id, sizeof(ss->session_id));
+ X509_free(ss->peer);
+ sk_X509_pop_free(ss->peer_chain, X509_free);
+ OPENSSL_free(ss->ext.hostname);
+ OPENSSL_free(ss->ext.tick);
+#ifndef OPENSSL_NO_PSK
+ OPENSSL_free(ss->psk_identity_hint);
+ OPENSSL_free(ss->psk_identity);
+#endif
+#ifndef OPENSSL_NO_SRP
+ OPENSSL_free(ss->srp_username);
+#endif
+ OPENSSL_free(ss->ext.alpn_selected);
+ OPENSSL_free(ss->ticket_appdata);
+ CRYPTO_THREAD_lock_free(ss->lock);
+ OPENSSL_clear_free(ss, sizeof(*ss));
+}
+
+int SSL_SESSION_up_ref(SSL_SESSION *ss)
+{
+ int i;
+
+ if (CRYPTO_UP_REF(&ss->references, &i, ss->lock) <= 0)
+ return 0;
+
+ REF_PRINT_COUNT("SSL_SESSION", ss);
+ REF_ASSERT_ISNT(i < 2);
+ return ((i > 1) ? 1 : 0);
+}
+
+int SSL_set_session(SSL *s, SSL_SESSION *session)
+{
+ ssl_clear_bad_session(s);
+ if (s->ctx->method != s->method) {
+ if (!SSL_set_ssl_method(s, s->ctx->method))
+ return 0;
+ }
+
+ if (session != NULL) {
+ SSL_SESSION_up_ref(session);
+ s->verify_result = session->verify_result;
+ }
+ SSL_SESSION_free(s->session);
+ s->session = session;
+
+ return 1;
+}
+
+int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,
+ unsigned int sid_len)
+{
+ if (sid_len > SSL_MAX_SSL_SESSION_ID_LENGTH) {
+ SSLerr(SSL_F_SSL_SESSION_SET1_ID,
+ SSL_R_SSL_SESSION_ID_TOO_LONG);
+ return 0;
+ }
+ s->session_id_length = sid_len;
+ if (sid != s->session_id)
+ memcpy(s->session_id, sid, sid_len);
+ return 1;
+}
+
+long SSL_SESSION_set_timeout(SSL_SESSION *s, long t)
+{
+ if (s == NULL)
+ return 0;
+ s->timeout = t;
+ return 1;
+}
+
+long SSL_SESSION_get_timeout(const SSL_SESSION *s)
+{
+ if (s == NULL)
+ return 0;
+ return s->timeout;
+}
+
+long SSL_SESSION_get_time(const SSL_SESSION *s)
+{
+ if (s == NULL)
+ return 0;
+ return s->time;
+}
+
+long SSL_SESSION_set_time(SSL_SESSION *s, long t)
+{
+ if (s == NULL)
+ return 0;
+ s->time = t;
+ return t;
+}
+
+int SSL_SESSION_get_protocol_version(const SSL_SESSION *s)
+{
+ return s->ssl_version;
+}
+
+int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version)
+{
+ s->ssl_version = version;
+ return 1;
+}
+
+const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s)
+{
+ return s->cipher;
+}
+
+int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher)
+{
+ s->cipher = cipher;
+ return 1;
+}
+
+const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s)
+{
+ return s->ext.hostname;
+}
+
+int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname)
+{
+ OPENSSL_free(s->ext.hostname);
+ if (hostname == NULL) {
+ s->ext.hostname = NULL;
+ return 1;
+ }
+ s->ext.hostname = OPENSSL_strdup(hostname);
+
+ return s->ext.hostname != NULL;
+}
+
+int SSL_SESSION_has_ticket(const SSL_SESSION *s)
+{
+ return (s->ext.ticklen > 0) ? 1 : 0;
+}
+
+unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s)
+{
+ return s->ext.tick_lifetime_hint;
+}
+
+void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick,
+ size_t *len)
+{
+ *len = s->ext.ticklen;
+ if (tick != NULL)
+ *tick = s->ext.tick;
+}
+
+uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s)
+{
+ return s->ext.max_early_data;
+}
+
+int SSL_SESSION_set_max_early_data(SSL_SESSION *s, uint32_t max_early_data)
+{
+ s->ext.max_early_data = max_early_data;
+
+ return 1;
+}
+
+void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s,
+ const unsigned char **alpn,
+ size_t *len)
+{
+ *alpn = s->ext.alpn_selected;
+ *len = s->ext.alpn_selected_len;
+}
+
+int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, const unsigned char *alpn,
+ size_t len)
+{
+ OPENSSL_free(s->ext.alpn_selected);
+ if (alpn == NULL || len == 0) {
+ s->ext.alpn_selected = NULL;
+ s->ext.alpn_selected_len = 0;
+ return 1;
+ }
+ s->ext.alpn_selected = OPENSSL_memdup(alpn, len);
+ if (s->ext.alpn_selected == NULL) {
+ s->ext.alpn_selected_len = 0;
+ return 0;
+ }
+ s->ext.alpn_selected_len = len;
+
+ return 1;
+}
+
+X509 *SSL_SESSION_get0_peer(SSL_SESSION *s)
+{
+ return s->peer;
+}
+
+int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
+ unsigned int sid_ctx_len)
+{
+ if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
+ SSLerr(SSL_F_SSL_SESSION_SET1_ID_CONTEXT,
+ SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
+ return 0;
+ }
+ s->sid_ctx_length = sid_ctx_len;
+ if (sid_ctx != s->sid_ctx)
+ memcpy(s->sid_ctx, sid_ctx, sid_ctx_len);
+
+ return 1;
+}
+
+int SSL_SESSION_is_resumable(const SSL_SESSION *s)
+{
+ /*
+ * In the case of EAP-FAST, we can have a pre-shared "ticket" without a
+ * session ID.
+ */
+ return !s->not_resumable
+ && (s->session_id_length > 0 || s->ext.ticklen > 0);
+}
+
+long SSL_CTX_set_timeout(SSL_CTX *s, long t)
+{
+ long l;
+ if (s == NULL)
+ return 0;
+ l = s->session_timeout;
+ s->session_timeout = t;
+ return l;
+}
+
+long SSL_CTX_get_timeout(const SSL_CTX *s)
+{
+ if (s == NULL)
+ return 0;
+ return s->session_timeout;
+}
+
+int SSL_set_session_secret_cb(SSL *s,
+ tls_session_secret_cb_fn tls_session_secret_cb,
+ void *arg)
+{
+ if (s == NULL)
+ return 0;
+ s->ext.session_secret_cb = tls_session_secret_cb;
+ s->ext.session_secret_cb_arg = arg;
+ return 1;
+}
+
+int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
+ void *arg)
+{
+ if (s == NULL)
+ return 0;
+ s->ext.session_ticket_cb = cb;
+ s->ext.session_ticket_cb_arg = arg;
+ return 1;
+}
+
+int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len)
+{
+ if (s->version >= TLS1_VERSION) {
+ OPENSSL_free(s->ext.session_ticket);
+ s->ext.session_ticket = NULL;
+ s->ext.session_ticket =
+ OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);
+ if (s->ext.session_ticket == NULL) {
+ SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
+ if (ext_data != NULL) {
+ s->ext.session_ticket->length = ext_len;
+ s->ext.session_ticket->data = s->ext.session_ticket + 1;
+ memcpy(s->ext.session_ticket->data, ext_data, ext_len);
+ } else {
+ s->ext.session_ticket->length = 0;
+ s->ext.session_ticket->data = NULL;
+ }
+
+ return 1;
+ }
+
+ return 0;
+}
+
+typedef struct timeout_param_st {
+ SSL_CTX *ctx;
+ long time;
+ LHASH_OF(SSL_SESSION) *cache;
+} TIMEOUT_PARAM;
+
+static void timeout_cb(SSL_SESSION *s, TIMEOUT_PARAM *p)
+{
+ if ((p->time == 0) || (p->time > (s->time + s->timeout))) { /* timeout */
+ /*
+ * The reason we don't call SSL_CTX_remove_session() is to save on
+ * locking overhead
+ */
+ (void)lh_SSL_SESSION_delete(p->cache, s);
+ SSL_SESSION_list_remove(p->ctx, s);
+ s->not_resumable = 1;
+ if (p->ctx->remove_session_cb != NULL)
+ p->ctx->remove_session_cb(p->ctx, s);
+ SSL_SESSION_free(s);
+ }
+}
+
+IMPLEMENT_LHASH_DOALL_ARG(SSL_SESSION, TIMEOUT_PARAM);
+
+void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
+{
+ unsigned long i;
+ TIMEOUT_PARAM tp;
+
+ tp.ctx = s;
+ tp.cache = s->sessions;
+ if (tp.cache == NULL)
+ return;
+ tp.time = t;
+ CRYPTO_THREAD_write_lock(s->lock);
+ i = lh_SSL_SESSION_get_down_load(s->sessions);
+ lh_SSL_SESSION_set_down_load(s->sessions, 0);
+ lh_SSL_SESSION_doall_TIMEOUT_PARAM(tp.cache, timeout_cb, &tp);
+ lh_SSL_SESSION_set_down_load(s->sessions, i);
+ CRYPTO_THREAD_unlock(s->lock);
+}
+
+int ssl_clear_bad_session(SSL *s)
+{
+ if ((s->session != NULL) &&
+ !(s->shutdown & SSL_SENT_SHUTDOWN) &&
+ !(SSL_in_init(s) || SSL_in_before(s))) {
+ SSL_CTX_remove_session(s->session_ctx, s->session);
+ return 1;
+ } else
+ return 0;
+}
+
+/* locked by SSL_CTX in the calling function */
+static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s)
+{
+ if ((s->next == NULL) || (s->prev == NULL))
+ return;
+
+ if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail)) {
+ /* last element in list */
+ if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) {
+ /* only one element in list */
+ ctx->session_cache_head = NULL;
+ ctx->session_cache_tail = NULL;
+ } else {
+ ctx->session_cache_tail = s->prev;
+ s->prev->next = (SSL_SESSION *)&(ctx->session_cache_tail);
+ }
+ } else {
+ if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) {
+ /* first element in list */
+ ctx->session_cache_head = s->next;
+ s->next->prev = (SSL_SESSION *)&(ctx->session_cache_head);
+ } else {
+ /* middle of list */
+ s->next->prev = s->prev;
+ s->prev->next = s->next;
+ }
+ }
+ s->prev = s->next = NULL;
+}
+
+static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s)
+{
+ if ((s->next != NULL) && (s->prev != NULL))
+ SSL_SESSION_list_remove(ctx, s);
+
+ if (ctx->session_cache_head == NULL) {
+ ctx->session_cache_head = s;
+ ctx->session_cache_tail = s;
+ s->prev = (SSL_SESSION *)&(ctx->session_cache_head);
+ s->next = (SSL_SESSION *)&(ctx->session_cache_tail);
+ } else {
+ s->next = ctx->session_cache_head;
+ s->next->prev = s;
+ s->prev = (SSL_SESSION *)&(ctx->session_cache_head);
+ ctx->session_cache_head = s;
+ }
+}
+
+void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
+ int (*cb) (struct ssl_st *ssl, SSL_SESSION *sess))
+{
+ ctx->new_session_cb = cb;
+}
+
+int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (SSL *ssl, SSL_SESSION *sess) {
+ return ctx->new_session_cb;
+}
+
+void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
+ void (*cb) (SSL_CTX *ctx, SSL_SESSION *sess))
+{
+ ctx->remove_session_cb = cb;
+}
+
+void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (SSL_CTX *ctx,
+ SSL_SESSION *sess) {
+ return ctx->remove_session_cb;
+}
+
+void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
+ SSL_SESSION *(*cb) (struct ssl_st *ssl,
+ const unsigned char *data,
+ int len, int *copy))
+{
+ ctx->get_session_cb = cb;
+}
+
+SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (SSL *ssl,
+ const unsigned char
+ *data, int len,
+ int *copy) {
+ return ctx->get_session_cb;
+}
+
+void SSL_CTX_set_info_callback(SSL_CTX *ctx,
+ void (*cb) (const SSL *ssl, int type, int val))
+{
+ ctx->info_callback = cb;
+}
+
+void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type,
+ int val) {
+ return ctx->info_callback;
+}
+
+void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
+ int (*cb) (SSL *ssl, X509 **x509,
+ EVP_PKEY **pkey))
+{
+ ctx->client_cert_cb = cb;
+}
+
+int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509,
+ EVP_PKEY **pkey) {
+ return ctx->client_cert_cb;
+}
+
+#ifndef OPENSSL_NO_ENGINE
+int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e)
+{
+ if (!ENGINE_init(e)) {
+ SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, ERR_R_ENGINE_LIB);
+ return 0;
+ }
+ if (!ENGINE_get_ssl_client_cert_function(e)) {
+ SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE,
+ SSL_R_NO_CLIENT_CERT_METHOD);
+ ENGINE_finish(e);
+ return 0;
+ }
+ ctx->client_cert_engine = e;
+ return 1;
+}
+#endif
+
+void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
+ int (*cb) (SSL *ssl,
+ unsigned char *cookie,
+ unsigned int *cookie_len))
+{
+ ctx->app_gen_cookie_cb = cb;
+}
+
+void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
+ int (*cb) (SSL *ssl,
+ const unsigned char *cookie,
+ unsigned int cookie_len))
+{
+ ctx->app_verify_cookie_cb = cb;
+}
+
+int SSL_SESSION_set1_ticket_appdata(SSL_SESSION *ss, const void *data, size_t len)
+{
+ OPENSSL_free(ss->ticket_appdata);
+ ss->ticket_appdata_len = 0;
+ if (data == NULL || len == 0) {
+ ss->ticket_appdata = NULL;
+ return 1;
+ }
+ ss->ticket_appdata = OPENSSL_memdup(data, len);
+ if (ss->ticket_appdata != NULL) {
+ ss->ticket_appdata_len = len;
+ return 1;
+ }
+ return 0;
+}
+
+int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len)
+{
+ *data = ss->ticket_appdata;
+ *len = ss->ticket_appdata_len;
+ return 1;
+}
+
+void SSL_CTX_set_stateless_cookie_generate_cb(
+ SSL_CTX *ctx,
+ int (*cb) (SSL *ssl,
+ unsigned char *cookie,
+ size_t *cookie_len))
+{
+ ctx->gen_stateless_cookie_cb = cb;
+}
+
+void SSL_CTX_set_stateless_cookie_verify_cb(
+ SSL_CTX *ctx,
+ int (*cb) (SSL *ssl,
+ const unsigned char *cookie,
+ size_t cookie_len))
+{
+ ctx->verify_stateless_cookie_cb = cb;
+}
+
+IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION)
Index: sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/ssl/statem/statem_srvr.c
===================================================================
--- sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/ssl/statem/statem_srvr.c (nonexistent)
+++ sources/packages/n/openssl11/create-1.1.1w-CVE-2024-5535-patch/openssl-1.1.1w-new/ssl/statem/statem_srvr.c (revision 420)
@@ -0,0 +1,4307 @@
+/*
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "../ssl_local.h"
+#include "statem_local.h"
+#include "internal/constant_time.h"
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/x509.h>
+#include <openssl/dh.h>
+#include <openssl/bn.h>
+#include <openssl/md5.h>
+#include <openssl/asn1t.h>
+
+#define TICKET_NONCE_SIZE 8
+
+typedef struct {
+ ASN1_TYPE *kxBlob;
+ ASN1_TYPE *opaqueBlob;
+} GOST_KX_MESSAGE;
+
+DECLARE_ASN1_FUNCTIONS(GOST_KX_MESSAGE)
+
+ASN1_SEQUENCE(GOST_KX_MESSAGE) = {
+ ASN1_SIMPLE(GOST_KX_MESSAGE, kxBlob, ASN1_ANY),
+ ASN1_OPT(GOST_KX_MESSAGE, opaqueBlob, ASN1_ANY),
+} ASN1_SEQUENCE_END(GOST_KX_MESSAGE)
+
+IMPLEMENT_ASN1_FUNCTIONS(GOST_KX_MESSAGE)
+
+static int tls_construct_encrypted_extensions(SSL *s, WPACKET *pkt);
+
+/*
+ * ossl_statem_server13_read_transition() encapsulates the logic for the allowed
+ * handshake state transitions when a TLSv1.3 server is reading messages from
+ * the client. The message type that the client has sent is provided in |mt|.
+ * The current state is in |s->statem.hand_state|.
+ *
+ * Return values are 1 for success (transition allowed) and 0 on error
+ * (transition not allowed)
+ */
+static int ossl_statem_server13_read_transition(SSL *s, int mt)
+{
+ OSSL_STATEM *st = &s->statem;
+
+ /*
+ * Note: There is no case for TLS_ST_BEFORE because at that stage we have
+ * not negotiated TLSv1.3 yet, so that case is handled by
+ * ossl_statem_server_read_transition()
+ */
+ switch (st->hand_state) {
+ default:
+ break;
+
+ case TLS_ST_EARLY_DATA:
+ if (s->hello_retry_request == SSL_HRR_PENDING) {
+ if (mt == SSL3_MT_CLIENT_HELLO) {
+ st->hand_state = TLS_ST_SR_CLNT_HELLO;
+ return 1;
+ }
+ break;
+ } else if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
+ if (mt == SSL3_MT_END_OF_EARLY_DATA) {
+ st->hand_state = TLS_ST_SR_END_OF_EARLY_DATA;
+ return 1;
+ }
+ break;
+ }
+ /* Fall through */
+
+ case TLS_ST_SR_END_OF_EARLY_DATA:
+ case TLS_ST_SW_FINISHED:
+ if (s->s3->tmp.cert_request) {
+ if (mt == SSL3_MT_CERTIFICATE) {
+ st->hand_state = TLS_ST_SR_CERT;
+ return 1;
+ }
+ } else {
+ if (mt == SSL3_MT_FINISHED) {
+ st->hand_state = TLS_ST_SR_FINISHED;
+ return 1;
+ }
+ }
+ break;
+
+ case TLS_ST_SR_CERT:
+ if (s->session->peer == NULL) {
+ if (mt == SSL3_MT_FINISHED) {
+ st->hand_state = TLS_ST_SR_FINISHED;
+ return 1;
+ }
+ } else {
+ if (mt == SSL3_MT_CERTIFICATE_VERIFY) {
+ st->hand_state = TLS_ST_SR_CERT_VRFY;
+ return 1;
+ }
+ }
+ break;
+
+ case TLS_ST_SR_CERT_VRFY:
+ if (mt == SSL3_MT_FINISHED) {
+ st->hand_state = TLS_ST_SR_FINISHED;
+ return 1;
+ }
+ break;
+
+ case TLS_ST_OK:
+ /*
+ * Its never ok to start processing handshake messages in the middle of
+ * early data (i.e. before we've received the end of early data alert)
+ */
+ if (s->early_data_state == SSL_EARLY_DATA_READING)
+ break;
+
+ if (mt == SSL3_MT_CERTIFICATE
+ && s->post_handshake_auth == SSL_PHA_REQUESTED) {
+ st->hand_state = TLS_ST_SR_CERT;
+ return 1;
+ }
+
+ if (mt == SSL3_MT_KEY_UPDATE) {
+ st->hand_state = TLS_ST_SR_KEY_UPDATE;
+ return 1;
+ }
+ break;
+ }
+
+ /* No valid transition found */
+ return 0;
+}
+
+/*
+ * ossl_statem_server_read_transition() encapsulates the logic for the allowed
+ * handshake state transitions when the server is reading messages from the
+ * client. The message type that the client has sent is provided in |mt|. The
+ * current state is in |s->statem.hand_state|.
+ *
+ * Return values are 1 for success (transition allowed) and 0 on error
+ * (transition not allowed)
+ */
+int ossl_statem_server_read_transition(SSL *s, int mt)
+{
+ OSSL_STATEM *st = &s->statem;
+
+ if (SSL_IS_TLS13(s)) {
+ if (!ossl_statem_server13_read_transition(s, mt))
+ goto err;
+ return 1;
+ }
+
+ switch (st->hand_state) {
+ default:
+ break;
+
+ case TLS_ST_BEFORE:
+ case TLS_ST_OK:
+ case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
+ if (mt == SSL3_MT_CLIENT_HELLO) {
+ st->hand_state = TLS_ST_SR_CLNT_HELLO;
+ return 1;
+ }
+ break;
+
+ case TLS_ST_SW_SRVR_DONE:
+ /*
+ * If we get a CKE message after a ServerDone then either
+ * 1) We didn't request a Certificate
+ * OR
+ * 2) If we did request one then
+ * a) We allow no Certificate to be returned
+ * AND
+ * b) We are running SSL3 (in TLS1.0+ the client must return a 0
+ * list if we requested a certificate)
+ */
+ if (mt == SSL3_MT_CLIENT_KEY_EXCHANGE) {
+ if (s->s3->tmp.cert_request) {
+ if (s->version == SSL3_VERSION) {
+ if ((s->verify_mode & SSL_VERIFY_PEER)
+ && (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
+ /*
+ * This isn't an unexpected message as such - we're just
+ * not going to accept it because we require a client
+ * cert.
+ */
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+ SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION,
+ SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
+ return 0;
+ }
+ st->hand_state = TLS_ST_SR_KEY_EXCH;
+ return 1;
+ }
+ } else {
+ st->hand_state = TLS_ST_SR_KEY_EXCH;
+ return 1;
+ }
+ } else if (s->s3->tmp.cert_request) {
+ if (mt == SSL3_MT_CERTIFICATE) {
+ st->hand_state = TLS_ST_SR_CERT;
+ return 1;
+ }
+ }
+ break;
+
+ case TLS_ST_SR_CERT:
+ if (mt == SSL3_MT_CLIENT_KEY_EXCHANGE) {
+ st->hand_state = TLS_ST_SR_KEY_EXCH;
+ return 1;
+ }
+ break;
+
+ case TLS_ST_SR_KEY_EXCH:
+ /*
+ * We should only process a CertificateVerify message if we have
+ * received a Certificate from the client. If so then |s->session->peer|
+ * will be non NULL. In some instances a CertificateVerify message is
+ * not required even if the peer has sent a Certificate (e.g. such as in
+ * the case of static DH). In that case |st->no_cert_verify| should be
+ * set.
+ */
+ if (s->session->peer == NULL || st->no_cert_verify) {
+ if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
+ /*
+ * For the ECDH ciphersuites when the client sends its ECDH
+ * pub key in a certificate, the CertificateVerify message is
+ * not sent. Also for GOST ciphersuites when the client uses
+ * its key from the certificate for key exchange.
+ */
+ st->hand_state = TLS_ST_SR_CHANGE;
+ return 1;
+ }
+ } else {
+ if (mt == SSL3_MT_CERTIFICATE_VERIFY) {
+ st->hand_state = TLS_ST_SR_CERT_VRFY;
+ return 1;
+ }
+ }
+ break;
+
+ case TLS_ST_SR_CERT_VRFY:
+ if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
+ st->hand_state = TLS_ST_SR_CHANGE;
+ return 1;
+ }
+ break;
+
+ case TLS_ST_SR_CHANGE:
+#ifndef OPENSSL_NO_NEXTPROTONEG
+ if (s->s3->npn_seen) {
+ if (mt == SSL3_MT_NEXT_PROTO) {
+ st->hand_state = TLS_ST_SR_NEXT_PROTO;
+ return 1;
+ }
+ } else {
+#endif
+ if (mt == SSL3_MT_FINISHED) {
+ st->hand_state = TLS_ST_SR_FINISHED;
+ return 1;
+ }
+#ifndef OPENSSL_NO_NEXTPROTONEG
+ }
+#endif
+ break;
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+ case TLS_ST_SR_NEXT_PROTO:
+ if (mt == SSL3_MT_FINISHED) {
+ st->hand_state = TLS_ST_SR_FINISHED;
+ return 1;
+ }
+ break;
+#endif
+
+ case TLS_ST_SW_FINISHED:
+ if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
+ st->hand_state = TLS_ST_SR_CHANGE;
+ return 1;
+ }
+ break;
+ }
+
+ err:
+ /* No valid transition found */
+ if (SSL_IS_DTLS(s) && mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
+ BIO *rbio;
+
+ /*
+ * CCS messages don't have a message sequence number so this is probably
+ * because of an out-of-order CCS. We'll just drop it.
+ */
+ s->init_num = 0;
+ s->rwstate = SSL_READING;
+ rbio = SSL_get_rbio(s);
+ BIO_clear_retry_flags(rbio);
+ BIO_set_retry_read(rbio);
+ return 0;
+ }
+ SSLfatal(s, SSL3_AD_UNEXPECTED_MESSAGE,
+ SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION,
+ SSL_R_UNEXPECTED_MESSAGE);
+ return 0;
+}
+
+/*
+ * Should we send a ServerKeyExchange message?
+ *
+ * Valid return values are:
+ * 1: Yes
+ * 0: No
+ */
+static int send_server_key_exchange(SSL *s)
+{
+ unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+
+ /*
+ * only send a ServerKeyExchange if DH or fortezza but we have a
+ * sign only certificate PSK: may send PSK identity hints For
+ * ECC ciphersuites, we send a serverKeyExchange message only if
+ * the cipher suite is either ECDH-anon or ECDHE. In other cases,
+ * the server certificate contains the server's public key for
+ * key exchange.
+ */
+ if (alg_k & (SSL_kDHE | SSL_kECDHE)
+ /*
+ * PSK: send ServerKeyExchange if PSK identity hint if
+ * provided
+ */
+#ifndef OPENSSL_NO_PSK
+ /* Only send SKE if we have identity hint for plain PSK */
+ || ((alg_k & (SSL_kPSK | SSL_kRSAPSK))
+ && s->cert->psk_identity_hint)
+ /* For other PSK always send SKE */
+ || (alg_k & (SSL_PSK & (SSL_kDHEPSK | SSL_kECDHEPSK)))
+#endif
+#ifndef OPENSSL_NO_SRP
+ /* SRP: send ServerKeyExchange */
+ || (alg_k & SSL_kSRP)
+#endif
+ ) {
+ return 1;
+ }
+
+ return 0;
+}
+
+/*
+ * Should we send a CertificateRequest message?
+ *
+ * Valid return values are:
+ * 1: Yes
+ * 0: No
+ */
+int send_certificate_request(SSL *s)
+{
+ if (
+ /* don't request cert unless asked for it: */
+ s->verify_mode & SSL_VERIFY_PEER
+ /*
+ * don't request if post-handshake-only unless doing
+ * post-handshake in TLSv1.3:
+ */
+ && (!SSL_IS_TLS13(s) || !(s->verify_mode & SSL_VERIFY_POST_HANDSHAKE)
+ || s->post_handshake_auth == SSL_PHA_REQUEST_PENDING)
+ /*
+ * if SSL_VERIFY_CLIENT_ONCE is set, don't request cert
+ * a second time:
+ */
+ && (s->certreqs_sent < 1 ||
+ !(s->verify_mode & SSL_VERIFY_CLIENT_ONCE))
+ /*
+ * never request cert in anonymous ciphersuites (see
+ * section "Certificate request" in SSL 3 drafts and in
+ * RFC 2246):
+ */
+ && (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
+ /*
+ * ... except when the application insists on
+ * verification (against the specs, but statem_clnt.c accepts
+ * this for SSL 3)
+ */
+ || (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))
+ /* don't request certificate for SRP auth */
+ && !(s->s3->tmp.new_cipher->algorithm_auth & SSL_aSRP)
+ /*
+ * With normal PSK Certificates and Certificate Requests
+ * are omitted
+ */
+ && !(s->s3->tmp.new_cipher->algorithm_auth & SSL_aPSK)) {
+ return 1;
+ }
+
+ return 0;
+}
+
+/*
+ * ossl_statem_server13_write_transition() works out what handshake state to
+ * move to next when a TLSv1.3 server is writing messages to be sent to the
+ * client.
+ */
+static WRITE_TRAN ossl_statem_server13_write_transition(SSL *s)
+{
+ OSSL_STATEM *st = &s->statem;
+
+ /*
+ * No case for TLS_ST_BEFORE, because at that stage we have not negotiated
+ * TLSv1.3 yet, so that is handled by ossl_statem_server_write_transition()
+ */
+
+ switch (st->hand_state) {
+ default:
+ /* Shouldn't happen */
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_OSSL_STATEM_SERVER13_WRITE_TRANSITION,
+ ERR_R_INTERNAL_ERROR);
+ return WRITE_TRAN_ERROR;
+
+ case TLS_ST_OK:
+ if (s->key_update != SSL_KEY_UPDATE_NONE) {
+ st->hand_state = TLS_ST_SW_KEY_UPDATE;
+ return WRITE_TRAN_CONTINUE;
+ }
+ if (s->post_handshake_auth == SSL_PHA_REQUEST_PENDING) {
+ st->hand_state = TLS_ST_SW_CERT_REQ;
+ return WRITE_TRAN_CONTINUE;
+ }
+ /* Try to read from the client instead */
+ return WRITE_TRAN_FINISHED;
+
+ case TLS_ST_SR_CLNT_HELLO:
+ st->hand_state = TLS_ST_SW_SRVR_HELLO;
+ return WRITE_TRAN_CONTINUE;
+
+ case TLS_ST_SW_SRVR_HELLO:
+ if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0
+ && s->hello_retry_request != SSL_HRR_COMPLETE)
+ st->hand_state = TLS_ST_SW_CHANGE;
+ else if (s->hello_retry_request == SSL_HRR_PENDING)
+ st->hand_state = TLS_ST_EARLY_DATA;
+ else
+ st->hand_state = TLS_ST_SW_ENCRYPTED_EXTENSIONS;
+ return WRITE_TRAN_CONTINUE;
+
+ case TLS_ST_SW_CHANGE:
+ if (s->hello_retry_request == SSL_HRR_PENDING)
+ st->hand_state = TLS_ST_EARLY_DATA;
+ else
+ st->hand_state = TLS_ST_SW_ENCRYPTED_EXTENSIONS;
+ return WRITE_TRAN_CONTINUE;
+
+ case TLS_ST_SW_ENCRYPTED_EXTENSIONS:
+ if (s->hit)
+ st->hand_state = TLS_ST_SW_FINISHED;
+ else if (send_certificate_request(s))
+ st->hand_state = TLS_ST_SW_CERT_REQ;
+ else
+ st->hand_state = TLS_ST_SW_CERT;
+
+ return WRITE_TRAN_CONTINUE;
+
+ case TLS_ST_SW_CERT_REQ:
+ if (s->post_handshake_auth == SSL_PHA_REQUEST_PENDING) {
+ s->post_handshake_auth = SSL_PHA_REQUESTED;
+ st->hand_state = TLS_ST_OK;
+ } else {
+ st->hand_state = TLS_ST_SW_CERT;
+ }
+ return WRITE_TRAN_CONTINUE;
+
+ case TLS_ST_SW_CERT:
+ st->hand_state = TLS_ST_SW_CERT_VRFY;
+ return WRITE_TRAN_CONTINUE;
+
+ case TLS_ST_SW_CERT_VRFY:
+ st->hand_state = TLS_ST_SW_FINISHED;
+ return WRITE_TRAN_CONTINUE;
+
+ case TLS_ST_SW_FINISHED:
+ st->hand_state = TLS_ST_EARLY_DATA;
+ return WRITE_TRAN_CONTINUE;
+
+ case TLS_ST_EARLY_DATA:
+ return WRITE_TRAN_FINISHED;
+
+ case TLS_ST_SR_FINISHED:
+ /*
+ * Technically we have finished the handshake at this point, but we're
+ * going to remain "in_init" for now and write out any session tickets
+ * immediately.
+ */
+ if (s->post_handshake_auth == SSL_PHA_REQUESTED) {
+ s->post_handshake_auth = SSL_PHA_EXT_RECEIVED;
+ } else if (!s->ext.ticket_expected) {
+ /*
+ * If we're not going to renew the ticket then we just finish the
+ * handshake at this point.
+ */
+ st->hand_state = TLS_ST_OK;
+ return WRITE_TRAN_CONTINUE;
+ }
+ if (s->num_tickets > s->sent_tickets)
+ st->hand_state = TLS_ST_SW_SESSION_TICKET;
+ else
+ st->hand_state = TLS_ST_OK;
+ return WRITE_TRAN_CONTINUE;
+
+ case TLS_ST_SR_KEY_UPDATE:
+ case TLS_ST_SW_KEY_UPDATE:
+ st->hand_state = TLS_ST_OK;
+ return WRITE_TRAN_CONTINUE;
+
+ case TLS_ST_SW_SESSION_TICKET:
+ /* In a resumption we only ever send a maximum of one new ticket.
+ * Following an initial handshake we send the number of tickets we have
+ * been configured for.
+ */
+ if (s->hit || s->num_tickets <= s->sent_tickets) {
+ /* We've written enough tickets out. */
+ st->hand_state = TLS_ST_OK;
+ }
+ return WRITE_TRAN_CONTINUE;
+ }
+}
+
+/*
+ * ossl_statem_server_write_transition() works out what handshake state to move
+ * to next when the server is writing messages to be sent to the client.
+ */
+WRITE_TRAN ossl_statem_server_write_transition(SSL *s)
+{
+ OSSL_STATEM *st = &s->statem;
+
+ /*
+ * Note that before the ClientHello we don't know what version we are going
+ * to negotiate yet, so we don't take this branch until later
+ */
+
+ if (SSL_IS_TLS13(s))
+ return ossl_statem_server13_write_transition(s);
+
+ switch (st->hand_state) {
+ default:
+ /* Shouldn't happen */
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_OSSL_STATEM_SERVER_WRITE_TRANSITION,
+ ERR_R_INTERNAL_ERROR);
+ return WRITE_TRAN_ERROR;
+
+ case TLS_ST_OK:
+ if (st->request_state == TLS_ST_SW_HELLO_REQ) {
+ /* We must be trying to renegotiate */
+ st->hand_state = TLS_ST_SW_HELLO_REQ;
+ st->request_state = TLS_ST_BEFORE;
+ return WRITE_TRAN_CONTINUE;
+ }
+ /* Must be an incoming ClientHello */
+ if (!tls_setup_handshake(s)) {
+ /* SSLfatal() already called */
+ return WRITE_TRAN_ERROR;
+ }
+ /* Fall through */
+
+ case TLS_ST_BEFORE:
+ /* Just go straight to trying to read from the client */
+ return WRITE_TRAN_FINISHED;
+
+ case TLS_ST_SW_HELLO_REQ:
+ st->hand_state = TLS_ST_OK;
+ return WRITE_TRAN_CONTINUE;
+
+ case TLS_ST_SR_CLNT_HELLO:
+ if (SSL_IS_DTLS(s) && !s->d1->cookie_verified
+ && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE)) {
+ st->hand_state = DTLS_ST_SW_HELLO_VERIFY_REQUEST;
+ } else if (s->renegotiate == 0 && !SSL_IS_FIRST_HANDSHAKE(s)) {
+ /* We must have rejected the renegotiation */
+ st->hand_state = TLS_ST_OK;
+ return WRITE_TRAN_CONTINUE;
+ } else {
+ st->hand_state = TLS_ST_SW_SRVR_HELLO;
+ }
+ return WRITE_TRAN_CONTINUE;
+
+ case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
+ return WRITE_TRAN_FINISHED;
+
+ case TLS_ST_SW_SRVR_HELLO:
+ if (s->hit) {
+ if (s->ext.ticket_expected)
+ st->hand_state = TLS_ST_SW_SESSION_TICKET;
+ else
+ st->hand_state = TLS_ST_SW_CHANGE;
+ } else {
+ /* Check if it is anon DH or anon ECDH, */
+ /* normal PSK or SRP */
+ if (!(s->s3->tmp.new_cipher->algorithm_auth &
+ (SSL_aNULL | SSL_aSRP | SSL_aPSK))) {
+ st->hand_state = TLS_ST_SW_CERT;
+ } else if (send_server_key_exchange(s)) {
+ st->hand_state = TLS_ST_SW_KEY_EXCH;
+ } else if (send_certificate_request(s)) {
+ st->hand_state = TLS_ST_SW_CERT_REQ;
+ } else {
+ st->hand_state = TLS_ST_SW_SRVR_DONE;
+ }
+ }
+ return WRITE_TRAN_CONTINUE;
+
+ case TLS_ST_SW_CERT:
+ if (s->ext.status_expected) {
+ st->hand_state = TLS_ST_SW_CERT_STATUS;
+ return WRITE_TRAN_CONTINUE;
+ }
+ /* Fall through */
+
+ case TLS_ST_SW_CERT_STATUS:
+ if (send_server_key_exchange(s)) {
+ st->hand_state = TLS_ST_SW_KEY_EXCH;
+ return WRITE_TRAN_CONTINUE;
+ }
+ /* Fall through */
+
+ case TLS_ST_SW_KEY_EXCH:
+ if (send_certificate_request(s)) {
+ st->hand_state = TLS_ST_SW_CERT_REQ;
+ return WRITE_TRAN_CONTINUE;
+ }
+ /* Fall through */
+
+ case TLS_ST_SW_CERT_REQ:
+ st->hand_state = TLS_ST_SW_SRVR_DONE;
+ return WRITE_TRAN_CONTINUE;
+
+ case TLS_ST_SW_SRVR_DONE:
+ return WRITE_TRAN_FINISHED;
+
+ case TLS_ST_SR_FINISHED:
+ if (s->hit) {
+ st->hand_state = TLS_ST_OK;
+ return WRITE_TRAN_CONTINUE;
+ } else if (s->ext.ticket_expected) {
+ st->hand_state = TLS_ST_SW_SESSION_TICKET;
+ } else {
+ st->hand_state = TLS_ST_SW_CHANGE;
+ }
+ return WRITE_TRAN_CONTINUE;
+
+ case TLS_ST_SW_SESSION_TICKET:
+ st->hand_state = TLS_ST_SW_CHANGE;
+ return WRITE_TRAN_CONTINUE;
+
+ case TLS_ST_SW_CHANGE:
+ st->hand_state = TLS_ST_SW_FINISHED;
+ return WRITE_TRAN_CONTINUE;
+
+ case TLS_ST_SW_FINISHED:
+ if (s->hit) {
+ return WRITE_TRAN_FINISHED;
+ }
+ st->hand_state = TLS_ST_OK;
+ return WRITE_TRAN_CONTINUE;
+ }
+}
+
+/*
+ * Perform any pre work that needs to be done prior to sending a message from
+ * the server to the client.
+ */
+WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst)
+{
+ OSSL_STATEM *st = &s->statem;
+
+ switch (st->hand_state) {
+ default:
+ /* No pre work to be done */
+ break;
+
+ case TLS_ST_SW_HELLO_REQ:
+ s->shutdown = 0;
+ if (SSL_IS_DTLS(s))
+ dtls1_clear_sent_buffer(s);
+ break;
+
+ case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
+ s->shutdown = 0;
+ if (SSL_IS_DTLS(s)) {
+ dtls1_clear_sent_buffer(s);
+ /* We don't buffer this message so don't use the timer */
+ st->use_timer = 0;
+ }
+ break;
+
+ case TLS_ST_SW_SRVR_HELLO:
+ if (SSL_IS_DTLS(s)) {
+ /*
+ * Messages we write from now on should be buffered and
+ * retransmitted if necessary, so we need to use the timer now
+ */
+ st->use_timer = 1;
+ }
+ break;
+
+ case TLS_ST_SW_SRVR_DONE:
+#ifndef OPENSSL_NO_SCTP
+ if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))) {
+ /* Calls SSLfatal() as required */
+ return dtls_wait_for_dry(s);
+ }
+#endif
+ return WORK_FINISHED_CONTINUE;
+
+ case TLS_ST_SW_SESSION_TICKET:
+ if (SSL_IS_TLS13(s) && s->sent_tickets == 0) {
+ /*
+ * Actually this is the end of the handshake, but we're going
+ * straight into writing the session ticket out. So we finish off
+ * the handshake, but keep the various buffers active.
+ *
+ * Calls SSLfatal as required.
+ */
+ return tls_finish_handshake(s, wst, 0, 0);
+ } if (SSL_IS_DTLS(s)) {
+ /*
+ * We're into the last flight. We don't retransmit the last flight
+ * unless we need to, so we don't use the timer
+ */
+ st->use_timer = 0;
+ }
+ break;
+
+ case TLS_ST_SW_CHANGE:
+ if (SSL_IS_TLS13(s))
+ break;
+ /* Writes to s->session are only safe for initial handshakes */
+ if (s->session->cipher == NULL) {
+ s->session->cipher = s->s3->tmp.new_cipher;
+ } else if (s->session->cipher != s->s3->tmp.new_cipher) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_OSSL_STATEM_SERVER_PRE_WORK,
+ ERR_R_INTERNAL_ERROR);
+ return WORK_ERROR;
+ }
+ if (!s->method->ssl3_enc->setup_key_block(s)) {
+ /* SSLfatal() already called */
+ return WORK_ERROR;
+ }
+ if (SSL_IS_DTLS(s)) {
+ /*
+ * We're into the last flight. We don't retransmit the last flight
+ * unless we need to, so we don't use the timer. This might have
+ * already been set to 0 if we sent a NewSessionTicket message,
+ * but we'll set it again here in case we didn't.
+ */
+ st->use_timer = 0;
+ }
+ return WORK_FINISHED_CONTINUE;
+
+ case TLS_ST_EARLY_DATA:
+ if (s->early_data_state != SSL_EARLY_DATA_ACCEPTING
+ && (s->s3->flags & TLS1_FLAGS_STATELESS) == 0)
+ return WORK_FINISHED_CONTINUE;
+ /* Fall through */
+
+ case TLS_ST_OK:
+ /* Calls SSLfatal() as required */
+ return tls_finish_handshake(s, wst, 1, 1);
+ }
+
+ return WORK_FINISHED_CONTINUE;
+}
+
+static ossl_inline int conn_is_closed(void)
+{
+ switch (get_last_sys_error()) {
+#if defined(EPIPE)
+ case EPIPE:
+ return 1;
+#endif
+#if defined(ECONNRESET)
+ case ECONNRESET:
+ return 1;
+#endif
+#if defined(WSAECONNRESET)
+ case WSAECONNRESET:
+ return 1;
+#endif
+ default:
+ return 0;
+ }
+}
+
+/*
+ * Perform any work that needs to be done after sending a message from the
+ * server to the client.
+ */
+WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst)
+{
+ OSSL_STATEM *st = &s->statem;
+
+ s->init_num = 0;
+
+ switch (st->hand_state) {
+ default:
+ /* No post work to be done */
+ break;
+
+ case TLS_ST_SW_HELLO_REQ:
+ if (statem_flush(s) != 1)
+ return WORK_MORE_A;
+ if (!ssl3_init_finished_mac(s)) {
+ /* SSLfatal() already called */
+ return WORK_ERROR;
+ }
+ break;
+
+ case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
+ if (statem_flush(s) != 1)
+ return WORK_MORE_A;
+ /* HelloVerifyRequest resets Finished MAC */
+ if (s->version != DTLS1_BAD_VER && !ssl3_init_finished_mac(s)) {
+ /* SSLfatal() already called */
+ return WORK_ERROR;
+ }
+ /*
+ * The next message should be another ClientHello which we need to
+ * treat like it was the first packet
+ */
+ s->first_packet = 1;
+ break;
+
+ case TLS_ST_SW_SRVR_HELLO:
+ if (SSL_IS_TLS13(s) && s->hello_retry_request == SSL_HRR_PENDING) {
+ if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) == 0
+ && statem_flush(s) != 1)
+ return WORK_MORE_A;
+ break;
+ }
+#ifndef OPENSSL_NO_SCTP
+ if (SSL_IS_DTLS(s) && s->hit) {
+ unsigned char sctpauthkey[64];
+ char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
+ size_t labellen;
+
+ /*
+ * Add new shared key for SCTP-Auth, will be ignored if no
+ * SCTP used.
+ */
+ memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL,
+ sizeof(DTLS1_SCTP_AUTH_LABEL));
+
+ /* Don't include the terminating zero. */
+ labellen = sizeof(labelbuffer) - 1;
+ if (s->mode & SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG)
+ labellen += 1;
+
+ if (SSL_export_keying_material(s, sctpauthkey,
+ sizeof(sctpauthkey), labelbuffer,
+ labellen, NULL, 0,
+ 0) <= 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_OSSL_STATEM_SERVER_POST_WORK,
+ ERR_R_INTERNAL_ERROR);
+ return WORK_ERROR;
+ }
+
+ BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
+ sizeof(sctpauthkey), sctpauthkey);
+ }
+#endif
+ if (!SSL_IS_TLS13(s)
+ || ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0
+ && s->hello_retry_request != SSL_HRR_COMPLETE))
+ break;
+ /* Fall through */
+
+ case TLS_ST_SW_CHANGE:
+ if (s->hello_retry_request == SSL_HRR_PENDING) {
+ if (!statem_flush(s))
+ return WORK_MORE_A;
+ break;
+ }
+
+ if (SSL_IS_TLS13(s)) {
+ if (!s->method->ssl3_enc->setup_key_block(s)
+ || !s->method->ssl3_enc->change_cipher_state(s,
+ SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_SERVER_WRITE)) {
+ /* SSLfatal() already called */
+ return WORK_ERROR;
+ }
+
+ if (s->ext.early_data != SSL_EARLY_DATA_ACCEPTED
+ && !s->method->ssl3_enc->change_cipher_state(s,
+ SSL3_CC_HANDSHAKE |SSL3_CHANGE_CIPHER_SERVER_READ)) {
+ /* SSLfatal() already called */
+ return WORK_ERROR;
+ }
+ /*
+ * We don't yet know whether the next record we are going to receive
+ * is an unencrypted alert, an encrypted alert, or an encrypted
+ * handshake message. We temporarily tolerate unencrypted alerts.
+ */
+ s->statem.enc_read_state = ENC_READ_STATE_ALLOW_PLAIN_ALERTS;
+ break;
+ }
+
+#ifndef OPENSSL_NO_SCTP
+ if (SSL_IS_DTLS(s) && !s->hit) {
+ /*
+ * Change to new shared key of SCTP-Auth, will be ignored if
+ * no SCTP used.
+ */
+ BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY,
+ 0, NULL);
+ }
+#endif
+ if (!s->method->ssl3_enc->change_cipher_state(s,
+ SSL3_CHANGE_CIPHER_SERVER_WRITE))
+ {
+ /* SSLfatal() already called */
+ return WORK_ERROR;
+ }
+
+ if (SSL_IS_DTLS(s))
+ dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
+ break;
+
+ case TLS_ST_SW_SRVR_DONE:
+ if (statem_flush(s) != 1)
+ return WORK_MORE_A;
+ break;
+
+ case TLS_ST_SW_FINISHED:
+ if (statem_flush(s) != 1)
+ return WORK_MORE_A;
+#ifndef OPENSSL_NO_SCTP
+ if (SSL_IS_DTLS(s) && s->hit) {
+ /*
+ * Change to new shared key of SCTP-Auth, will be ignored if
+ * no SCTP used.
+ */
+ BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY,
+ 0, NULL);
+ }
+#endif
+ if (SSL_IS_TLS13(s)) {
+ /* TLS 1.3 gets the secret size from the handshake md */
+ size_t dummy;
+ if (!s->method->ssl3_enc->generate_master_secret(s,
+ s->master_secret, s->handshake_secret, 0,
+ &dummy)
+ || !s->method->ssl3_enc->change_cipher_state(s,
+ SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_SERVER_WRITE))
+ /* SSLfatal() already called */
+ return WORK_ERROR;
+ }
+ break;
+
+ case TLS_ST_SW_CERT_REQ:
+ if (s->post_handshake_auth == SSL_PHA_REQUEST_PENDING) {
+ if (statem_flush(s) != 1)
+ return WORK_MORE_A;
+ }
+ break;
+
+ case TLS_ST_SW_KEY_UPDATE:
+ if (statem_flush(s) != 1)
+ return WORK_MORE_A;
+ if (!tls13_update_key(s, 1)) {
+ /* SSLfatal() already called */
+ return WORK_ERROR;
+ }
+ break;
+
+ case TLS_ST_SW_SESSION_TICKET:
+ clear_sys_error();
+ if (SSL_IS_TLS13(s) && statem_flush(s) != 1) {
+ if (SSL_get_error(s, 0) == SSL_ERROR_SYSCALL
+ && conn_is_closed()) {
+ /*
+ * We ignore connection closed errors in TLSv1.3 when sending a
+ * NewSessionTicket and behave as if we were successful. This is
+ * so that we are still able to read data sent to us by a client
+ * that closes soon after the end of the handshake without
+ * waiting to read our post-handshake NewSessionTickets.
+ */
+ s->rwstate = SSL_NOTHING;
+ break;
+ }
+
+ return WORK_MORE_A;
+ }
+ break;
+ }
+
+ return WORK_FINISHED_CONTINUE;
+}
+
+/*
+ * Get the message construction function and message type for sending from the
+ * server
+ *
+ * Valid return values are:
+ * 1: Success
+ * 0: Error
+ */
+int ossl_statem_server_construct_message(SSL *s, WPACKET *pkt,
+ confunc_f *confunc, int *mt)
+{
+ OSSL_STATEM *st = &s->statem;
+
+ switch (st->hand_state) {
+ default:
+ /* Shouldn't happen */
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE,
+ SSL_R_BAD_HANDSHAKE_STATE);
+ return 0;
+
+ case TLS_ST_SW_CHANGE:
+ if (SSL_IS_DTLS(s))
+ *confunc = dtls_construct_change_cipher_spec;
+ else
+ *confunc = tls_construct_change_cipher_spec;
+ *mt = SSL3_MT_CHANGE_CIPHER_SPEC;
+ break;
+
+ case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
+ *confunc = dtls_construct_hello_verify_request;
+ *mt = DTLS1_MT_HELLO_VERIFY_REQUEST;
+ break;
+
+ case TLS_ST_SW_HELLO_REQ:
+ /* No construction function needed */
+ *confunc = NULL;
+ *mt = SSL3_MT_HELLO_REQUEST;
+ break;
+
+ case TLS_ST_SW_SRVR_HELLO:
+ *confunc = tls_construct_server_hello;
+ *mt = SSL3_MT_SERVER_HELLO;
+ break;
+
+ case TLS_ST_SW_CERT:
+ *confunc = tls_construct_server_certificate;
+ *mt = SSL3_MT_CERTIFICATE;
+ break;
+
+ case TLS_ST_SW_CERT_VRFY:
+ *confunc = tls_construct_cert_verify;
+ *mt = SSL3_MT_CERTIFICATE_VERIFY;
+ break;
+
+
+ case TLS_ST_SW_KEY_EXCH:
+ *confunc = tls_construct_server_key_exchange;
+ *mt = SSL3_MT_SERVER_KEY_EXCHANGE;
+ break;
+
+ case TLS_ST_SW_CERT_REQ:
+ *confunc = tls_construct_certificate_request;
+ *mt = SSL3_MT_CERTIFICATE_REQUEST;
+ break;
+
+ case TLS_ST_SW_SRVR_DONE:
+ *confunc = tls_construct_server_done;
+ *mt = SSL3_MT_SERVER_DONE;
+ break;
+
+ case TLS_ST_SW_SESSION_TICKET:
+ *confunc = tls_construct_new_session_ticket;
+ *mt = SSL3_MT_NEWSESSION_TICKET;
+ break;
+
+ case TLS_ST_SW_CERT_STATUS:
+ *confunc = tls_construct_cert_status;
+ *mt = SSL3_MT_CERTIFICATE_STATUS;
+ break;
+
+ case TLS_ST_SW_FINISHED:
+ *confunc = tls_construct_finished;
+ *mt = SSL3_MT_FINISHED;
+ break;
+
+ case TLS_ST_EARLY_DATA:
+ *confunc = NULL;
+ *mt = SSL3_MT_DUMMY;
+ break;
+
+ case TLS_ST_SW_ENCRYPTED_EXTENSIONS:
+ *confunc = tls_construct_encrypted_extensions;
+ *mt = SSL3_MT_ENCRYPTED_EXTENSIONS;
+ break;
+
+ case TLS_ST_SW_KEY_UPDATE:
+ *confunc = tls_construct_key_update;
+ *mt = SSL3_MT_KEY_UPDATE;
+ break;
+ }
+
+ return 1;
+}
+
+/*
+ * Maximum size (excluding the Handshake header) of a ClientHello message,
+ * calculated as follows:
+ *
+ * 2 + # client_version
+ * 32 + # only valid length for random
+ * 1 + # length of session_id
+ * 32 + # maximum size for session_id
+ * 2 + # length of cipher suites
+ * 2^16-2 + # maximum length of cipher suites array
+ * 1 + # length of compression_methods
+ * 2^8-1 + # maximum length of compression methods
+ * 2 + # length of extensions
+ * 2^16-1 # maximum length of extensions
+ */
+#define CLIENT_HELLO_MAX_LENGTH 131396
+
+#define CLIENT_KEY_EXCH_MAX_LENGTH 2048
+#define NEXT_PROTO_MAX_LENGTH 514
+
+/*
+ * Returns the maximum allowed length for the current message that we are
+ * reading. Excludes the message header.
+ */
+size_t ossl_statem_server_max_message_size(SSL *s)
+{
+ OSSL_STATEM *st = &s->statem;
+
+ switch (st->hand_state) {
+ default:
+ /* Shouldn't happen */
+ return 0;
+
+ case TLS_ST_SR_CLNT_HELLO:
+ return CLIENT_HELLO_MAX_LENGTH;
+
+ case TLS_ST_SR_END_OF_EARLY_DATA:
+ return END_OF_EARLY_DATA_MAX_LENGTH;
+
+ case TLS_ST_SR_CERT:
+ return s->max_cert_list;
+
+ case TLS_ST_SR_KEY_EXCH:
+ return CLIENT_KEY_EXCH_MAX_LENGTH;
+
+ case TLS_ST_SR_CERT_VRFY:
+ return SSL3_RT_MAX_PLAIN_LENGTH;
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+ case TLS_ST_SR_NEXT_PROTO:
+ return NEXT_PROTO_MAX_LENGTH;
+#endif
+
+ case TLS_ST_SR_CHANGE:
+ return CCS_MAX_LENGTH;
+
+ case TLS_ST_SR_FINISHED:
+ return FINISHED_MAX_LENGTH;
+
+ case TLS_ST_SR_KEY_UPDATE:
+ return KEY_UPDATE_MAX_LENGTH;
+ }
+}
+
+/*
+ * Process a message that the server has received from the client.
+ */
+MSG_PROCESS_RETURN ossl_statem_server_process_message(SSL *s, PACKET *pkt)
+{
+ OSSL_STATEM *st = &s->statem;
+
+ switch (st->hand_state) {
+ default:
+ /* Shouldn't happen */
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_OSSL_STATEM_SERVER_PROCESS_MESSAGE,
+ ERR_R_INTERNAL_ERROR);
+ return MSG_PROCESS_ERROR;
+
+ case TLS_ST_SR_CLNT_HELLO:
+ return tls_process_client_hello(s, pkt);
+
+ case TLS_ST_SR_END_OF_EARLY_DATA:
+ return tls_process_end_of_early_data(s, pkt);
+
+ case TLS_ST_SR_CERT:
+ return tls_process_client_certificate(s, pkt);
+
+ case TLS_ST_SR_KEY_EXCH:
+ return tls_process_client_key_exchange(s, pkt);
+
+ case TLS_ST_SR_CERT_VRFY:
+ return tls_process_cert_verify(s, pkt);
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+ case TLS_ST_SR_NEXT_PROTO:
+ return tls_process_next_proto(s, pkt);
+#endif
+
+ case TLS_ST_SR_CHANGE:
+ return tls_process_change_cipher_spec(s, pkt);
+
+ case TLS_ST_SR_FINISHED:
+ return tls_process_finished(s, pkt);
+
+ case TLS_ST_SR_KEY_UPDATE:
+ return tls_process_key_update(s, pkt);
+
+ }
+}
+
+/*
+ * Perform any further processing required following the receipt of a message
+ * from the client
+ */
+WORK_STATE ossl_statem_server_post_process_message(SSL *s, WORK_STATE wst)
+{
+ OSSL_STATEM *st = &s->statem;
+
+ switch (st->hand_state) {
+ default:
+ /* Shouldn't happen */
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_OSSL_STATEM_SERVER_POST_PROCESS_MESSAGE,
+ ERR_R_INTERNAL_ERROR);
+ return WORK_ERROR;
+
+ case TLS_ST_SR_CLNT_HELLO:
+ return tls_post_process_client_hello(s, wst);
+
+ case TLS_ST_SR_KEY_EXCH:
+ return tls_post_process_client_key_exchange(s, wst);
+ }
+}
+
+#ifndef OPENSSL_NO_SRP
+/* Returns 1 on success, 0 for retryable error, -1 for fatal error */
+static int ssl_check_srp_ext_ClientHello(SSL *s)
+{
+ int ret;
+ int al = SSL_AD_UNRECOGNIZED_NAME;
+
+ if ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) &&
+ (s->srp_ctx.TLS_ext_srp_username_callback != NULL)) {
+ if (s->srp_ctx.login == NULL) {
+ /*
+ * RFC 5054 says SHOULD reject, we do so if There is no srp
+ * login name
+ */
+ SSLfatal(s, SSL_AD_UNKNOWN_PSK_IDENTITY,
+ SSL_F_SSL_CHECK_SRP_EXT_CLIENTHELLO,
+ SSL_R_PSK_IDENTITY_NOT_FOUND);
+ return -1;
+ } else {
+ ret = SSL_srp_server_param_with_username(s, &al);
+ if (ret < 0)
+ return 0;
+ if (ret == SSL3_AL_FATAL) {
+ SSLfatal(s, al, SSL_F_SSL_CHECK_SRP_EXT_CLIENTHELLO,
+ al == SSL_AD_UNKNOWN_PSK_IDENTITY
+ ? SSL_R_PSK_IDENTITY_NOT_FOUND
+ : SSL_R_CLIENTHELLO_TLSEXT);
+ return -1;
+ }
+ }
+ }
+ return 1;
+}
+#endif
+
+int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie,
+ size_t cookie_len)
+{
+ /* Always use DTLS 1.0 version: see RFC 6347 */
+ if (!WPACKET_put_bytes_u16(pkt, DTLS1_VERSION)
+ || !WPACKET_sub_memcpy_u8(pkt, cookie, cookie_len))
+ return 0;
+
+ return 1;
+}
+
+int dtls_construct_hello_verify_request(SSL *s, WPACKET *pkt)
+{
+ unsigned int cookie_leni;
+ if (s->ctx->app_gen_cookie_cb == NULL ||
+ s->ctx->app_gen_cookie_cb(s, s->d1->cookie,
+ &cookie_leni) == 0 ||
+ cookie_leni > 255) {
+ SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST,
+ SSL_R_COOKIE_GEN_CALLBACK_FAILURE);
+ return 0;
+ }
+ s->d1->cookie_len = cookie_leni;
+
+ if (!dtls_raw_hello_verify_request(pkt, s->d1->cookie,
+ s->d1->cookie_len)) {
+ SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
+ return 1;
+}
+
+#ifndef OPENSSL_NO_EC
+/*-
+ * ssl_check_for_safari attempts to fingerprint Safari using OS X
+ * SecureTransport using the TLS extension block in |hello|.
+ * Safari, since 10.6, sends exactly these extensions, in this order:
+ * SNI,
+ * elliptic_curves
+ * ec_point_formats
+ * signature_algorithms (for TLSv1.2 only)
+ *
+ * We wish to fingerprint Safari because they broke ECDHE-ECDSA support in 10.8,
+ * but they advertise support. So enabling ECDHE-ECDSA ciphers breaks them.
+ * Sadly we cannot differentiate 10.6, 10.7 and 10.8.4 (which work), from
+ * 10.8..10.8.3 (which don't work).
+ */
+static void ssl_check_for_safari(SSL *s, const CLIENTHELLO_MSG *hello)
+{
+ static const unsigned char kSafariExtensionsBlock[] = {
+ 0x00, 0x0a, /* elliptic_curves extension */
+ 0x00, 0x08, /* 8 bytes */
+ 0x00, 0x06, /* 6 bytes of curve ids */
+ 0x00, 0x17, /* P-256 */
+ 0x00, 0x18, /* P-384 */
+ 0x00, 0x19, /* P-521 */
+
+ 0x00, 0x0b, /* ec_point_formats */
+ 0x00, 0x02, /* 2 bytes */
+ 0x01, /* 1 point format */
+ 0x00, /* uncompressed */
+ /* The following is only present in TLS 1.2 */
+ 0x00, 0x0d, /* signature_algorithms */
+ 0x00, 0x0c, /* 12 bytes */
+ 0x00, 0x0a, /* 10 bytes */
+ 0x05, 0x01, /* SHA-384/RSA */
+ 0x04, 0x01, /* SHA-256/RSA */
+ 0x02, 0x01, /* SHA-1/RSA */
+ 0x04, 0x03, /* SHA-256/ECDSA */
+ 0x02, 0x03, /* SHA-1/ECDSA */
+ };
+ /* Length of the common prefix (first two extensions). */
+ static const size_t kSafariCommonExtensionsLength = 18;
+ unsigned int type;
+ PACKET sni, tmppkt;
+ size_t ext_len;
+
+ tmppkt = hello->extensions;
+
+ if (!PACKET_forward(&tmppkt, 2)
+ || !PACKET_get_net_2(&tmppkt, &type)
+ || !PACKET_get_length_prefixed_2(&tmppkt, &sni)) {
+ return;
+ }
+
+ if (type != TLSEXT_TYPE_server_name)
+ return;
+
+ ext_len = TLS1_get_client_version(s) >= TLS1_2_VERSION ?
+ sizeof(kSafariExtensionsBlock) : kSafariCommonExtensionsLength;
+
+ s->s3->is_probably_safari = PACKET_equal(&tmppkt, kSafariExtensionsBlock,
+ ext_len);
+}
+#endif /* !OPENSSL_NO_EC */
+
+MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
+{
+ /* |cookie| will only be initialized for DTLS. */
+ PACKET session_id, compression, extensions, cookie;
+ static const unsigned char null_compression = 0;
+ CLIENTHELLO_MSG *clienthello = NULL;
+
+ /* Check if this is actually an unexpected renegotiation ClientHello */
+ if (s->renegotiate == 0 && !SSL_IS_FIRST_HANDSHAKE(s)) {
+ if (!ossl_assert(!SSL_IS_TLS13(s))) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ if ((s->options & SSL_OP_NO_RENEGOTIATION) != 0
+ || (!s->s3->send_connection_binding
+ && (s->options
+ & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) == 0)) {
+ ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
+ return MSG_PROCESS_FINISHED_READING;
+ }
+ s->renegotiate = 1;
+ s->new_session = 1;
+ }
+
+ clienthello = OPENSSL_zalloc(sizeof(*clienthello));
+ if (clienthello == NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ /*
+ * First, parse the raw ClientHello data into the CLIENTHELLO_MSG structure.
+ */
+ clienthello->isv2 = RECORD_LAYER_is_sslv2_record(&s->rlayer);
+ PACKET_null_init(&cookie);
+
+ if (clienthello->isv2) {
+ unsigned int mt;
+
+ if (!SSL_IS_FIRST_HANDSHAKE(s)
+ || s->hello_retry_request != SSL_HRR_NONE) {
+ SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
+ SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_UNEXPECTED_MESSAGE);
+ goto err;
+ }
+
+ /*-
+ * An SSLv3/TLSv1 backwards-compatible CLIENT-HELLO in an SSLv2
+ * header is sent directly on the wire, not wrapped as a TLS
+ * record. Our record layer just processes the message length and passes
+ * the rest right through. Its format is:
+ * Byte Content
+ * 0-1 msg_length - decoded by the record layer
+ * 2 msg_type - s->init_msg points here
+ * 3-4 version
+ * 5-6 cipher_spec_length
+ * 7-8 session_id_length
+ * 9-10 challenge_length
+ * ... ...
+ */
+
+ if (!PACKET_get_1(pkt, &mt)
+ || mt != SSL2_MT_CLIENT_HELLO) {
+ /*
+ * Should never happen. We should have tested this in the record
+ * layer in order to have determined that this is a SSLv2 record
+ * in the first place
+ */
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ }
+
+ if (!PACKET_get_net_2(pkt, &clienthello->legacy_version)) {
+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+ SSL_R_LENGTH_TOO_SHORT);
+ goto err;
+ }
+
+ /* Parse the message and load client random. */
+ if (clienthello->isv2) {
+ /*
+ * Handle an SSLv2 backwards compatible ClientHello
+ * Note, this is only for SSLv3+ using the backward compatible format.
+ * Real SSLv2 is not supported, and is rejected below.
+ */
+ unsigned int ciphersuite_len, session_id_len, challenge_len;
+ PACKET challenge;
+
+ if (!PACKET_get_net_2(pkt, &ciphersuite_len)
+ || !PACKET_get_net_2(pkt, &session_id_len)
+ || !PACKET_get_net_2(pkt, &challenge_len)) {
+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+ SSL_R_RECORD_LENGTH_MISMATCH);
+ goto err;
+ }
+
+ if (session_id_len > SSL_MAX_SSL_SESSION_ID_LENGTH) {
+ SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+ SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
+ goto err;
+ }
+
+ if (!PACKET_get_sub_packet(pkt, &clienthello->ciphersuites,
+ ciphersuite_len)
+ || !PACKET_copy_bytes(pkt, clienthello->session_id, session_id_len)
+ || !PACKET_get_sub_packet(pkt, &challenge, challenge_len)
+ /* No extensions. */
+ || PACKET_remaining(pkt) != 0) {
+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+ SSL_R_RECORD_LENGTH_MISMATCH);
+ goto err;
+ }
+ clienthello->session_id_len = session_id_len;
+
+ /* Load the client random and compression list. We use SSL3_RANDOM_SIZE
+ * here rather than sizeof(clienthello->random) because that is the limit
+ * for SSLv3 and it is fixed. It won't change even if
+ * sizeof(clienthello->random) does.
+ */
+ challenge_len = challenge_len > SSL3_RANDOM_SIZE
+ ? SSL3_RANDOM_SIZE : challenge_len;
+ memset(clienthello->random, 0, SSL3_RANDOM_SIZE);
+ if (!PACKET_copy_bytes(&challenge,
+ clienthello->random + SSL3_RANDOM_SIZE -
+ challenge_len, challenge_len)
+ /* Advertise only null compression. */
+ || !PACKET_buf_init(&compression, &null_compression, 1)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ PACKET_null_init(&clienthello->extensions);
+ } else {
+ /* Regular ClientHello. */
+ if (!PACKET_copy_bytes(pkt, clienthello->random, SSL3_RANDOM_SIZE)
+ || !PACKET_get_length_prefixed_1(pkt, &session_id)
+ || !PACKET_copy_all(&session_id, clienthello->session_id,
+ SSL_MAX_SSL_SESSION_ID_LENGTH,
+ &clienthello->session_id_len)) {
+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+ SSL_R_LENGTH_MISMATCH);
+ goto err;
+ }
+
+ if (SSL_IS_DTLS(s)) {
+ if (!PACKET_get_length_prefixed_1(pkt, &cookie)) {
+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+ SSL_R_LENGTH_MISMATCH);
+ goto err;
+ }
+ if (!PACKET_copy_all(&cookie, clienthello->dtls_cookie,
+ DTLS1_COOKIE_LENGTH,
+ &clienthello->dtls_cookie_len)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_PROCESS_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ /*
+ * If we require cookies and this ClientHello doesn't contain one,
+ * just return since we do not want to allocate any memory yet.
+ * So check cookie length...
+ */
+ if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) {
+ if (clienthello->dtls_cookie_len == 0) {
+ OPENSSL_free(clienthello);
+ return MSG_PROCESS_FINISHED_READING;
+ }
+ }
+ }
+
+ if (!PACKET_get_length_prefixed_2(pkt, &clienthello->ciphersuites)) {
+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+ SSL_R_LENGTH_MISMATCH);
+ goto err;
+ }
+
+ if (!PACKET_get_length_prefixed_1(pkt, &compression)) {
+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+ SSL_R_LENGTH_MISMATCH);
+ goto err;
+ }
+
+ /* Could be empty. */
+ if (PACKET_remaining(pkt) == 0) {
+ PACKET_null_init(&clienthello->extensions);
+ } else {
+ if (!PACKET_get_length_prefixed_2(pkt, &clienthello->extensions)
+ || PACKET_remaining(pkt) != 0) {
+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+ SSL_R_LENGTH_MISMATCH);
+ goto err;
+ }
+ }
+ }
+
+ if (!PACKET_copy_all(&compression, clienthello->compressions,
+ MAX_COMPRESSIONS_SIZE,
+ &clienthello->compressions_len)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ /* Preserve the raw extensions PACKET for later use */
+ extensions = clienthello->extensions;
+ if (!tls_collect_extensions(s, &extensions, SSL_EXT_CLIENT_HELLO,
+ &clienthello->pre_proc_exts,
+ &clienthello->pre_proc_exts_len, 1)) {
+ /* SSLfatal already been called */
+ goto err;
+ }
+ s->clienthello = clienthello;
+
+ return MSG_PROCESS_CONTINUE_PROCESSING;
+
+ err:
+ if (clienthello != NULL)
+ OPENSSL_free(clienthello->pre_proc_exts);
+ OPENSSL_free(clienthello);
+
+ return MSG_PROCESS_ERROR;
+}
+
+static int tls_early_post_process_client_hello(SSL *s)
+{
+ unsigned int j;
+ int i, al = SSL_AD_INTERNAL_ERROR;
+ int protverr;
+ size_t loop;
+ unsigned long id;
+#ifndef OPENSSL_NO_COMP
+ SSL_COMP *comp = NULL;
+#endif
+ const SSL_CIPHER *c;
+ STACK_OF(SSL_CIPHER) *ciphers = NULL;
+ STACK_OF(SSL_CIPHER) *scsvs = NULL;
+ CLIENTHELLO_MSG *clienthello = s->clienthello;
+ DOWNGRADE dgrd = DOWNGRADE_NONE;
+
+ /* Finished parsing the ClientHello, now we can start processing it */
+ /* Give the ClientHello callback a crack at things */
+ if (s->ctx->client_hello_cb != NULL) {
+ /* A failure in the ClientHello callback terminates the connection. */
+ switch (s->ctx->client_hello_cb(s, &al, s->ctx->client_hello_cb_arg)) {
+ case SSL_CLIENT_HELLO_SUCCESS:
+ break;
+ case SSL_CLIENT_HELLO_RETRY:
+ s->rwstate = SSL_CLIENT_HELLO_CB;
+ return -1;
+ case SSL_CLIENT_HELLO_ERROR:
+ default:
+ SSLfatal(s, al,
+ SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+ SSL_R_CALLBACK_FAILED);
+ goto err;
+ }
+ }
+
+ /* Set up the client_random */
+ memcpy(s->s3->client_random, clienthello->random, SSL3_RANDOM_SIZE);
+
+ /* Choose the version */
+
+ if (clienthello->isv2) {
+ if (clienthello->legacy_version == SSL2_VERSION
+ || (clienthello->legacy_version & 0xff00)
+ != (SSL3_VERSION_MAJOR << 8)) {
+ /*
+ * This is real SSLv2 or something completely unknown. We don't
+ * support it.
+ */
+ SSLfatal(s, SSL_AD_PROTOCOL_VERSION,
+ SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+ SSL_R_UNKNOWN_PROTOCOL);
+ goto err;
+ }
+ /* SSLv3/TLS */
+ s->client_version = clienthello->legacy_version;
+ }
+ /*
+ * Do SSL/TLS version negotiation if applicable. For DTLS we just check
+ * versions are potentially compatible. Version negotiation comes later.
+ */
+ if (!SSL_IS_DTLS(s)) {
+ protverr = ssl_choose_server_version(s, clienthello, &dgrd);
+ } else if (s->method->version != DTLS_ANY_VERSION &&
+ DTLS_VERSION_LT((int)clienthello->legacy_version, s->version)) {
+ protverr = SSL_R_VERSION_TOO_LOW;
+ } else {
+ protverr = 0;
+ }
+
+ if (protverr) {
+ if (SSL_IS_FIRST_HANDSHAKE(s)) {
+ /* like ssl3_get_record, send alert using remote version number */
+ s->version = s->client_version = clienthello->legacy_version;
+ }
+ SSLfatal(s, SSL_AD_PROTOCOL_VERSION,
+ SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, protverr);
+ goto err;
+ }
+
+ /* TLSv1.3 specifies that a ClientHello must end on a record boundary */
+ if (SSL_IS_TLS13(s) && RECORD_LAYER_processed_read_pending(&s->rlayer)) {
+ SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
+ SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+ SSL_R_NOT_ON_RECORD_BOUNDARY);
+ goto err;
+ }
+
+ if (SSL_IS_DTLS(s)) {
+ /* Empty cookie was already handled above by returning early. */
+ if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) {
+ if (s->ctx->app_verify_cookie_cb != NULL) {
+ if (s->ctx->app_verify_cookie_cb(s, clienthello->dtls_cookie,
+ clienthello->dtls_cookie_len) == 0) {
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+ SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+ SSL_R_COOKIE_MISMATCH);
+ goto err;
+ /* else cookie verification succeeded */
+ }
+ /* default verification */
+ } else if (s->d1->cookie_len != clienthello->dtls_cookie_len
+ || memcmp(clienthello->dtls_cookie, s->d1->cookie,
+ s->d1->cookie_len) != 0) {
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+ SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+ SSL_R_COOKIE_MISMATCH);
+ goto err;
+ }
+ s->d1->cookie_verified = 1;
+ }
+ if (s->method->version == DTLS_ANY_VERSION) {
+ protverr = ssl_choose_server_version(s, clienthello, &dgrd);
+ if (protverr != 0) {
+ s->version = s->client_version;
+ SSLfatal(s, SSL_AD_PROTOCOL_VERSION,
+ SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, protverr);
+ goto err;
+ }
+ }
+ }
+
+ s->hit = 0;
+
+ if (!ssl_cache_cipherlist(s, &clienthello->ciphersuites,
+ clienthello->isv2) ||
+ !bytes_to_cipher_list(s, &clienthello->ciphersuites, &ciphers, &scsvs,
+ clienthello->isv2, 1)) {
+ /* SSLfatal() already called */
+ goto err;
+ }
+
+ s->s3->send_connection_binding = 0;
+ /* Check what signalling cipher-suite values were received. */
+ if (scsvs != NULL) {
+ for(i = 0; i < sk_SSL_CIPHER_num(scsvs); i++) {
+ c = sk_SSL_CIPHER_value(scsvs, i);
+ if (SSL_CIPHER_get_id(c) == SSL3_CK_SCSV) {
+ if (s->renegotiate) {
+ /* SCSV is fatal if renegotiating */
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+ SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+ SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
+ goto err;
+ }
+ s->s3->send_connection_binding = 1;
+ } else if (SSL_CIPHER_get_id(c) == SSL3_CK_FALLBACK_SCSV &&
+ !ssl_check_version_downgrade(s)) {
+ /*
+ * This SCSV indicates that the client previously tried
+ * a higher version. We should fail if the current version
+ * is an unexpected downgrade, as that indicates that the first
+ * connection may have been tampered with in order to trigger
+ * an insecure downgrade.
+ */
+ SSLfatal(s, SSL_AD_INAPPROPRIATE_FALLBACK,
+ SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+ SSL_R_INAPPROPRIATE_FALLBACK);
+ goto err;
+ }
+ }
+ }
+
+ /* For TLSv1.3 we must select the ciphersuite *before* session resumption */
+ if (SSL_IS_TLS13(s)) {
+ const SSL_CIPHER *cipher =
+ ssl3_choose_cipher(s, ciphers, SSL_get_ciphers(s));
+
+ if (cipher == NULL) {
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+ SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+ SSL_R_NO_SHARED_CIPHER);
+ goto err;
+ }
+ if (s->hello_retry_request == SSL_HRR_PENDING
+ && (s->s3->tmp.new_cipher == NULL
+ || s->s3->tmp.new_cipher->id != cipher->id)) {
+ /*
+ * A previous HRR picked a different ciphersuite to the one we
+ * just selected. Something must have changed.
+ */
+ SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+ SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+ SSL_R_BAD_CIPHER);
+ goto err;
+ }
+ s->s3->tmp.new_cipher = cipher;
+ }
+
+ /* We need to do this before getting the session */
+ if (!tls_parse_extension(s, TLSEXT_IDX_extended_master_secret,
+ SSL_EXT_CLIENT_HELLO,
+ clienthello->pre_proc_exts, NULL, 0)) {
+ /* SSLfatal() already called */
+ goto err;
+ }
+
+ /*
+ * We don't allow resumption in a backwards compatible ClientHello.
+ * TODO(openssl-team): in TLS1.1+, session_id MUST be empty.
+ *
+ * Versions before 0.9.7 always allow clients to resume sessions in
+ * renegotiation. 0.9.7 and later allow this by default, but optionally
+ * ignore resumption requests with flag
+ * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION (it's a new flag rather
+ * than a change to default behavior so that applications relying on
+ * this for security won't even compile against older library versions).
+ * 1.0.1 and later also have a function SSL_renegotiate_abbreviated() to
+ * request renegotiation but not a new session (s->new_session remains
+ * unset): for servers, this essentially just means that the
+ * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION setting will be
+ * ignored.
+ */
+ if (clienthello->isv2 ||
+ (s->new_session &&
+ (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) {
+ if (!ssl_get_new_session(s, 1)) {
+ /* SSLfatal() already called */
+ goto err;
+ }
+ } else {
+ i = ssl_get_prev_session(s, clienthello);
+ if (i == 1) {
+ /* previous session */
+ s->hit = 1;
+ } else if (i == -1) {
+ /* SSLfatal() already called */
+ goto err;
+ } else {
+ /* i == 0 */
+ if (!ssl_get_new_session(s, 1)) {
+ /* SSLfatal() already called */
+ goto err;
+ }
+ }
+ }
+
+ if (SSL_IS_TLS13(s)) {
+ memcpy(s->tmp_session_id, s->clienthello->session_id,
+ s->clienthello->session_id_len);
+ s->tmp_session_id_len = s->clienthello->session_id_len;
+ }
+
+ /*
+ * If it is a hit, check that the cipher is in the list. In TLSv1.3 we check
+ * ciphersuite compatibility with the session as part of resumption.
+ */
+ if (!SSL_IS_TLS13(s) && s->hit) {
+ j = 0;
+ id = s->session->cipher->id;
+
+#ifdef CIPHER_DEBUG
+ fprintf(stderr, "client sent %d ciphers\n", sk_SSL_CIPHER_num(ciphers));
+#endif
+ for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
+ c = sk_SSL_CIPHER_value(ciphers, i);
+#ifdef CIPHER_DEBUG
+ fprintf(stderr, "client [%2d of %2d]:%s\n",
+ i, sk_SSL_CIPHER_num(ciphers), SSL_CIPHER_get_name(c));
+#endif
+ if (c->id == id) {
+ j = 1;
+ break;
+ }
+ }
+ if (j == 0) {
+ /*
+ * we need to have the cipher in the cipher list if we are asked
+ * to reuse it
+ */
+ SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+ SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+ SSL_R_REQUIRED_CIPHER_MISSING);
+ goto err;
+ }
+ }
+
+ for (loop = 0; loop < clienthello->compressions_len; loop++) {
+ if (clienthello->compressions[loop] == 0)
+ break;
+ }
+
+ if (loop >= clienthello->compressions_len) {
+ /* no compress */
+ SSLfatal(s, SSL_AD_DECODE_ERROR,
+ SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+ SSL_R_NO_COMPRESSION_SPECIFIED);
+ goto err;
+ }
+
+#ifndef OPENSSL_NO_EC
+ if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
+ ssl_check_for_safari(s, clienthello);
+#endif /* !OPENSSL_NO_EC */
+
+ /* TLS extensions */
+ if (!tls_parse_all_extensions(s, SSL_EXT_CLIENT_HELLO,
+ clienthello->pre_proc_exts, NULL, 0, 1)) {
+ /* SSLfatal() already called */
+ goto err;
+ }
+
+ /*
+ * Check if we want to use external pre-shared secret for this handshake
+ * for not reused session only. We need to generate server_random before
+ * calling tls_session_secret_cb in order to allow SessionTicket
+ * processing to use it in key derivation.
+ */
+ {
+ unsigned char *pos;
+ pos = s->s3->server_random;
+ if (ssl_fill_hello_random(s, 1, pos, SSL3_RANDOM_SIZE, dgrd) <= 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ }
+
+ if (!s->hit
+ && s->version >= TLS1_VERSION
+ && !SSL_IS_TLS13(s)
+ && !SSL_IS_DTLS(s)
+ && s->ext.session_secret_cb) {
+ const SSL_CIPHER *pref_cipher = NULL;
+ /*
+ * s->session->master_key_length is a size_t, but this is an int for
+ * backwards compat reasons
+ */
+ int master_key_length;
+
+ master_key_length = sizeof(s->session->master_key);
+ if (s->ext.session_secret_cb(s, s->session->master_key,
+ &master_key_length, ciphers,
+ &pref_cipher,
+ s->ext.session_secret_cb_arg)
+ && master_key_length > 0) {
+ s->session->master_key_length = master_key_length;
+ s->hit = 1;
+ s->peer_ciphers = ciphers;
+ s->session->verify_result = X509_V_OK;
+
+ ciphers = NULL;
+
+ /* check if some cipher was preferred by call back */
+ if (pref_cipher == NULL)
+ pref_cipher = ssl3_choose_cipher(s, s->peer_ciphers,
+ SSL_get_ciphers(s));
+ if (pref_cipher == NULL) {
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+ SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+ SSL_R_NO_SHARED_CIPHER);
+ goto err;
+ }
+
+ s->session->cipher = pref_cipher;
+ sk_SSL_CIPHER_free(s->cipher_list);
+ s->cipher_list = sk_SSL_CIPHER_dup(s->peer_ciphers);
+ sk_SSL_CIPHER_free(s->cipher_list_by_id);
+ s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->peer_ciphers);
+ }
+ }
+
+ /*
+ * Worst case, we will use the NULL compression, but if we have other
+ * options, we will now look for them. We have complen-1 compression
+ * algorithms from the client, starting at q.
+ */
+ s->s3->tmp.new_compression = NULL;
+ if (SSL_IS_TLS13(s)) {
+ /*
+ * We already checked above that the NULL compression method appears in
+ * the list. Now we check there aren't any others (which is illegal in
+ * a TLSv1.3 ClientHello.
+ */
+ if (clienthello->compressions_len != 1) {
+ SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+ SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+ SSL_R_INVALID_COMPRESSION_ALGORITHM);
+ goto err;
+ }
+ }
+#ifndef OPENSSL_NO_COMP
+ /* This only happens if we have a cache hit */
+ else if (s->session->compress_meth != 0) {
+ int m, comp_id = s->session->compress_meth;
+ unsigned int k;
+ /* Perform sanity checks on resumed compression algorithm */
+ /* Can't disable compression */
+ if (!ssl_allow_compression(s)) {
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+ SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+ SSL_R_INCONSISTENT_COMPRESSION);
+ goto err;
+ }
+ /* Look for resumed compression method */
+ for (m = 0; m < sk_SSL_COMP_num(s->ctx->comp_methods); m++) {
+ comp = sk_SSL_COMP_value(s->ctx->comp_methods, m);
+ if (comp_id == comp->id) {
+ s->s3->tmp.new_compression = comp;
+ break;
+ }
+ }
+ if (s->s3->tmp.new_compression == NULL) {
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+ SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+ SSL_R_INVALID_COMPRESSION_ALGORITHM);
+ goto err;
+ }
+ /* Look for resumed method in compression list */
+ for (k = 0; k < clienthello->compressions_len; k++) {
+ if (clienthello->compressions[k] == comp_id)
+ break;
+ }
+ if (k >= clienthello->compressions_len) {
+ SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+ SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+ SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING);
+ goto err;
+ }
+ } else if (s->hit) {
+ comp = NULL;
+ } else if (ssl_allow_compression(s) && s->ctx->comp_methods) {
+ /* See if we have a match */
+ int m, nn, v, done = 0;
+ unsigned int o;
+
+ nn = sk_SSL_COMP_num(s->ctx->comp_methods);
+ for (m = 0; m < nn; m++) {
+ comp = sk_SSL_COMP_value(s->ctx->comp_methods, m);
+ v = comp->id;
+ for (o = 0; o < clienthello->compressions_len; o++) {
+ if (v == clienthello->compressions[o]) {
+ done = 1;
+ break;
+ }
+ }
+ if (done)
+ break;
+ }
+ if (done)
+ s->s3->tmp.new_compression = comp;
+ else
+ comp = NULL;
+ }
+#else
+ /*
+ * If compression is disabled we'd better not try to resume a session
+ * using compression.
+ */
+ if (s->session->compress_meth != 0) {
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+ SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+ SSL_R_INCONSISTENT_COMPRESSION);
+ goto err;
+ }
+#endif
+
+ /*
+ * Given s->peer_ciphers and SSL_get_ciphers, we must pick a cipher
+ */
+
+ if (!s->hit || SSL_IS_TLS13(s)) {
+ sk_SSL_CIPHER_free(s->peer_ciphers);
+ s->peer_ciphers = ciphers;
+ if (ciphers == NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ ciphers = NULL;
+ }
+
+ if (!s->hit) {
+#ifdef OPENSSL_NO_COMP
+ s->session->compress_meth = 0;
+#else
+ s->session->compress_meth = (comp == NULL) ? 0 : comp->id;
+#endif
+ if (!tls1_set_server_sigalgs(s)) {
+ /* SSLfatal() already called */
+ goto err;
+ }
+ }
+
+ sk_SSL_CIPHER_free(ciphers);
+ sk_SSL_CIPHER_free(scsvs);
+ OPENSSL_free(clienthello->pre_proc_exts);
+ OPENSSL_free(s->clienthello);
+ s->clienthello = NULL;
+ return 1;
+ err:
+ sk_SSL_CIPHER_free(ciphers);
+ sk_SSL_CIPHER_free(scsvs);
+ OPENSSL_free(clienthello->pre_proc_exts);
+ OPENSSL_free(s->clienthello);
+ s->clienthello = NULL;
+
+ return 0;
+}
+
+/*
+ * Call the status request callback if needed. Upon success, returns 1.
+ * Upon failure, returns 0.
+ */
+static int tls_handle_status_request(SSL *s)
+{
+ s->ext.status_expected = 0;
+
+ /*
+ * If status request then ask callback what to do. Note: this must be
+ * called after servername callbacks in case the certificate has changed,
+ * and must be called after the cipher has been chosen because this may
+ * influence which certificate is sent
+ */
+ if (s->ext.status_type != TLSEXT_STATUSTYPE_nothing && s->ctx != NULL
+ && s->ctx->ext.status_cb != NULL) {
+ int ret;
+
+ /* If no certificate can't return certificate status */
+ if (s->s3->tmp.cert != NULL) {
+ /*
+ * Set current certificate to one we will use so SSL_get_certificate
+ * et al can pick it up.
+ */
+ s->cert->key = s->s3->tmp.cert;
+ ret = s->ctx->ext.status_cb(s, s->ctx->ext.status_arg);
+ switch (ret) {
+ /* We don't want to send a status request response */
+ case SSL_TLSEXT_ERR_NOACK:
+ s->ext.status_expected = 0;
+ break;
+ /* status request response should be sent */
+ case SSL_TLSEXT_ERR_OK:
+ if (s->ext.ocsp.resp)
+ s->ext.status_expected = 1;
+ break;
+ /* something bad happened */
+ case SSL_TLSEXT_ERR_ALERT_FATAL:
+ default:
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_HANDLE_STATUS_REQUEST,
+ SSL_R_CLIENTHELLO_TLSEXT);
+ return 0;
+ }
+ }
+ }
+
+ return 1;
+}
+
+/*
+ * Call the alpn_select callback if needed. Upon success, returns 1.
+ * Upon failure, returns 0.
+ */
+int tls_handle_alpn(SSL *s)
+{
+ const unsigned char *selected = NULL;
+ unsigned char selected_len = 0;
+
+ if (s->ctx->ext.alpn_select_cb != NULL && s->s3->alpn_proposed != NULL) {
+ int r = s->ctx->ext.alpn_select_cb(s, &selected, &selected_len,
+ s->s3->alpn_proposed,
+ (unsigned int)s->s3->alpn_proposed_len,
+ s->ctx->ext.alpn_select_cb_arg);
+
+ if (r == SSL_TLSEXT_ERR_OK) {
+ OPENSSL_free(s->s3->alpn_selected);
+ s->s3->alpn_selected = OPENSSL_memdup(selected, selected_len);
+ if (s->s3->alpn_selected == NULL) {
+ s->s3->alpn_selected_len = 0;
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_HANDLE_ALPN,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+ s->s3->alpn_selected_len = selected_len;
+#ifndef OPENSSL_NO_NEXTPROTONEG
+ /* ALPN takes precedence over NPN. */
+ s->s3->npn_seen = 0;
+#endif
+
+ /* Check ALPN is consistent with session */
+ if (s->session->ext.alpn_selected == NULL
+ || selected_len != s->session->ext.alpn_selected_len
+ || memcmp(selected, s->session->ext.alpn_selected,
+ selected_len) != 0) {
+ /* Not consistent so can't be used for early_data */
+ s->ext.early_data_ok = 0;
+
+ if (!s->hit) {
+ /*
+ * This is a new session and so alpn_selected should have
+ * been initialised to NULL. We should update it with the
+ * selected ALPN.
+ */
+ if (!ossl_assert(s->session->ext.alpn_selected == NULL)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_HANDLE_ALPN,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+ s->session->ext.alpn_selected = OPENSSL_memdup(selected,
+ selected_len);
+ if (s->session->ext.alpn_selected == NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_HANDLE_ALPN,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+ s->session->ext.alpn_selected_len = selected_len;
+ }
+ }
+
+ return 1;
+ } else if (r != SSL_TLSEXT_ERR_NOACK) {
+ SSLfatal(s, SSL_AD_NO_APPLICATION_PROTOCOL, SSL_F_TLS_HANDLE_ALPN,
+ SSL_R_NO_APPLICATION_PROTOCOL);
+ return 0;
+ }
+ /*
+ * If r == SSL_TLSEXT_ERR_NOACK then behave as if no callback was
+ * present.
+ */
+ }
+
+ /* Check ALPN is consistent with session */
+ if (s->session->ext.alpn_selected != NULL) {
+ /* Not consistent so can't be used for early_data */
+ s->ext.early_data_ok = 0;
+ }
+
+ return 1;
+}
+
+WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
+{
+ const SSL_CIPHER *cipher;
+
+ if (wst == WORK_MORE_A) {
+ int rv = tls_early_post_process_client_hello(s);
+ if (rv == 0) {
+ /* SSLfatal() was already called */
+ goto err;
+ }
+ if (rv < 0)
+ return WORK_MORE_A;
+ wst = WORK_MORE_B;
+ }
+ if (wst == WORK_MORE_B) {
+ if (!s->hit || SSL_IS_TLS13(s)) {
+ /* Let cert callback update server certificates if required */
+ if (!s->hit && s->cert->cert_cb != NULL) {
+ int rv = s->cert->cert_cb(s, s->cert->cert_cb_arg);
+ if (rv == 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_POST_PROCESS_CLIENT_HELLO,
+ SSL_R_CERT_CB_ERROR);
+ goto err;
+ }
+ if (rv < 0) {
+ s->rwstate = SSL_X509_LOOKUP;
+ return WORK_MORE_B;
+ }
+ s->rwstate = SSL_NOTHING;
+ }
+
+ /* In TLSv1.3 we selected the ciphersuite before resumption */
+ if (!SSL_IS_TLS13(s)) {
+ cipher =
+ ssl3_choose_cipher(s, s->peer_ciphers, SSL_get_ciphers(s));
+
+ if (cipher == NULL) {
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+ SSL_F_TLS_POST_PROCESS_CLIENT_HELLO,
+ SSL_R_NO_SHARED_CIPHER);
+ goto err;
+ }
+ s->s3->tmp.new_cipher = cipher;
+ }
+ if (!s->hit) {
+ if (!tls_choose_sigalg(s, 1)) {
+ /* SSLfatal already called */
+ goto err;
+ }
+ /* check whether we should disable session resumption */
+ if (s->not_resumable_session_cb != NULL)
+ s->session->not_resumable =
+ s->not_resumable_session_cb(s,
+ ((s->s3->tmp.new_cipher->algorithm_mkey
+ & (SSL_kDHE | SSL_kECDHE)) != 0));
+ if (s->session->not_resumable)
+ /* do not send a session ticket */
+ s->ext.ticket_expected = 0;
+ }
+ } else {
+ /* Session-id reuse */
+ s->s3->tmp.new_cipher = s->session->cipher;
+ }
+
+ /*-
+ * we now have the following setup.
+ * client_random
+ * cipher_list - our preferred list of ciphers
+ * ciphers - the clients preferred list of ciphers
+ * compression - basically ignored right now
+ * ssl version is set - sslv3
+ * s->session - The ssl session has been setup.
+ * s->hit - session reuse flag
+ * s->s3->tmp.new_cipher- the new cipher to use.
+ */
+
+ /*
+ * Call status_request callback if needed. Has to be done after the
+ * certificate callbacks etc above.
+ */
+ if (!tls_handle_status_request(s)) {
+ /* SSLfatal() already called */
+ goto err;
+ }
+ /*
+ * Call alpn_select callback if needed. Has to be done after SNI and
+ * cipher negotiation (HTTP/2 restricts permitted ciphers). In TLSv1.3
+ * we already did this because cipher negotiation happens earlier, and
+ * we must handle ALPN before we decide whether to accept early_data.
+ */
+ if (!SSL_IS_TLS13(s) && !tls_handle_alpn(s)) {
+ /* SSLfatal() already called */
+ goto err;
+ }
+
+ wst = WORK_MORE_C;
+ }
+#ifndef OPENSSL_NO_SRP
+ if (wst == WORK_MORE_C) {
+ int ret;
+ if ((ret = ssl_check_srp_ext_ClientHello(s)) == 0) {
+ /*
+ * callback indicates further work to be done
+ */
+ s->rwstate = SSL_X509_LOOKUP;
+ return WORK_MORE_C;
+ }
+ if (ret < 0) {
+ /* SSLfatal() already called */
+ goto err;
+ }
+ }
+#endif
+
+ return WORK_FINISHED_STOP;
+ err:
+ return WORK_ERROR;
+}
+
+int tls_construct_server_hello(SSL *s, WPACKET *pkt)
+{
+ int compm;
+ size_t sl, len;
+ int version;
+ unsigned char *session_id;
+ int usetls13 = SSL_IS_TLS13(s) || s->hello_retry_request == SSL_HRR_PENDING;
+
+ version = usetls13 ? TLS1_2_VERSION : s->version;
+ if (!WPACKET_put_bytes_u16(pkt, version)
+ /*
+ * Random stuff. Filling of the server_random takes place in
+ * tls_process_client_hello()
+ */
+ || !WPACKET_memcpy(pkt,
+ s->hello_retry_request == SSL_HRR_PENDING
+ ? hrrrandom : s->s3->server_random,
+ SSL3_RANDOM_SIZE)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_SERVER_HELLO,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
+ /*-
+ * There are several cases for the session ID to send
+ * back in the server hello:
+ * - For session reuse from the session cache,
+ * we send back the old session ID.
+ * - If stateless session reuse (using a session ticket)
+ * is successful, we send back the client's "session ID"
+ * (which doesn't actually identify the session).
+ * - If it is a new session, we send back the new
+ * session ID.
+ * - However, if we want the new session to be single-use,
+ * we send back a 0-length session ID.
+ * - In TLSv1.3 we echo back the session id sent to us by the client
+ * regardless
+ * s->hit is non-zero in either case of session reuse,
+ * so the following won't overwrite an ID that we're supposed
+ * to send back.
+ */
+ if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
+ && !s->hit)
+ s->session->session_id_length = 0;
+
+ if (usetls13) {
+ sl = s->tmp_session_id_len;
+ session_id = s->tmp_session_id;
+ } else {
+ sl = s->session->session_id_length;
+ session_id = s->session->session_id;
+ }
+
+ if (sl > sizeof(s->session->session_id)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_SERVER_HELLO,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
+ /* set up the compression method */
+#ifdef OPENSSL_NO_COMP
+ compm = 0;
+#else
+ if (usetls13 || s->s3->tmp.new_compression == NULL)
+ compm = 0;
+ else
+ compm = s->s3->tmp.new_compression->id;
+#endif
+
+ if (!WPACKET_sub_memcpy_u8(pkt, session_id, sl)
+ || !s->method->put_cipher_by_char(s->s3->tmp.new_cipher, pkt, &len)
+ || !WPACKET_put_bytes_u8(pkt, compm)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_SERVER_HELLO,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
+ if (!tls_construct_extensions(s, pkt,
+ s->hello_retry_request == SSL_HRR_PENDING
+ ? SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST
+ : (SSL_IS_TLS13(s)
+ ? SSL_EXT_TLS1_3_SERVER_HELLO
+ : SSL_EXT_TLS1_2_SERVER_HELLO),
+ NULL, 0)) {
+ /* SSLfatal() already called */
+ return 0;
+ }
+
+ if (s->hello_retry_request == SSL_HRR_PENDING) {
+ /* Ditch the session. We'll create a new one next time around */
+ SSL_SESSION_free(s->session);
+ s->session = NULL;
+ s->hit = 0;
+
+ /*
+ * Re-initialise the Transcript Hash. We're going to prepopulate it with
+ * a synthetic message_hash in place of ClientHello1.
+ */
+ if (!create_synthetic_message_hash(s, NULL, 0, NULL, 0)) {
+ /* SSLfatal() already called */
+ return 0;
+ }
+ } else if (!(s->verify_mode & SSL_VERIFY_PEER)
+ && !ssl3_digest_cached_records(s, 0)) {
+ /* SSLfatal() already called */;
+ return 0;
+ }
+
+ return 1;
+}
+
+int tls_construct_server_done(SSL *s, WPACKET *pkt)
+{
+ if (!s->s3->tmp.cert_request) {
+ if (!ssl3_digest_cached_records(s, 0)) {
+ /* SSLfatal() already called */
+ return 0;
+ }
+ }
+ return 1;
+}
+
+int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt)
+{
+#ifndef OPENSSL_NO_DH
+ EVP_PKEY *pkdh = NULL;
+#endif
+#ifndef OPENSSL_NO_EC
+ unsigned char *encodedPoint = NULL;
+ size_t encodedlen = 0;
+ int curve_id = 0;
+#endif
+ const SIGALG_LOOKUP *lu = s->s3->tmp.sigalg;
+ int i;
+ unsigned long type;
+ const BIGNUM *r[4];
+ EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();
+ EVP_PKEY_CTX *pctx = NULL;
+ size_t paramlen, paramoffset;
+
+ if (!WPACKET_get_total_written(pkt, ¶moffset)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ if (md_ctx == NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ type = s->s3->tmp.new_cipher->algorithm_mkey;
+
+ r[0] = r[1] = r[2] = r[3] = NULL;
+#ifndef OPENSSL_NO_PSK
+ /* Plain PSK or RSAPSK nothing to do */
+ if (type & (SSL_kPSK | SSL_kRSAPSK)) {
+ } else
+#endif /* !OPENSSL_NO_PSK */
+#ifndef OPENSSL_NO_DH
+ if (type & (SSL_kDHE | SSL_kDHEPSK)) {
+ CERT *cert = s->cert;
+
+ EVP_PKEY *pkdhp = NULL;
+ DH *dh;
+
+ if (s->cert->dh_tmp_auto) {
+ DH *dhp = ssl_get_auto_dh(s);
+ pkdh = EVP_PKEY_new();
+ if (pkdh == NULL || dhp == NULL) {
+ DH_free(dhp);
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ EVP_PKEY_assign_DH(pkdh, dhp);
+ pkdhp = pkdh;
+ } else {
+ pkdhp = cert->dh_tmp;
+ }
+ if ((pkdhp == NULL) && (s->cert->dh_tmp_cb != NULL)) {
+ DH *dhp = s->cert->dh_tmp_cb(s, 0, 1024);
+ pkdh = ssl_dh_to_pkey(dhp);
+ if (pkdh == NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ pkdhp = pkdh;
+ }
+ if (pkdhp == NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+ SSL_R_MISSING_TMP_DH_KEY);
+ goto err;
+ }
+ if (!ssl_security(s, SSL_SECOP_TMP_DH,
+ EVP_PKEY_security_bits(pkdhp), 0, pkdhp)) {
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+ SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+ SSL_R_DH_KEY_TOO_SMALL);
+ goto err;
+ }
+ if (s->s3->tmp.pkey != NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ s->s3->tmp.pkey = ssl_generate_pkey(pkdhp);
+ if (s->s3->tmp.pkey == NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, 0, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ dh = EVP_PKEY_get0_DH(s->s3->tmp.pkey);
+ if (dh == NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ EVP_PKEY_free(pkdh);
+ pkdh = NULL;
+
+ DH_get0_pqg(dh, &r[0], NULL, &r[1]);
+ DH_get0_key(dh, &r[2], NULL);
+ } else
+#endif
+#ifndef OPENSSL_NO_EC
+ if (type & (SSL_kECDHE | SSL_kECDHEPSK)) {
+
+ if (s->s3->tmp.pkey != NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ /* Get NID of appropriate shared curve */
+ curve_id = tls1_shared_group(s, -2);
+ if (curve_id == 0) {
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+ SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+ SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
+ goto err;
+ }
+ s->s3->tmp.pkey = ssl_generate_pkey_group(s, curve_id);
+ /* Generate a new key for this curve */
+ if (s->s3->tmp.pkey == NULL) {
+ /* SSLfatal() already called */
+ goto err;
+ }
+
+ /* Encode the public key. */
+ encodedlen = EVP_PKEY_get1_tls_encodedpoint(s->s3->tmp.pkey,
+ &encodedPoint);
+ if (encodedlen == 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_EC_LIB);
+ goto err;
+ }
+
+ /*
+ * We'll generate the serverKeyExchange message explicitly so we
+ * can set these to NULLs
+ */
+ r[0] = NULL;
+ r[1] = NULL;
+ r[2] = NULL;
+ r[3] = NULL;
+ } else
+#endif /* !OPENSSL_NO_EC */
+#ifndef OPENSSL_NO_SRP
+ if (type & SSL_kSRP) {
+ if ((s->srp_ctx.N == NULL) ||
+ (s->srp_ctx.g == NULL) ||
+ (s->srp_ctx.s == NULL) || (s->srp_ctx.B == NULL)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+ SSL_R_MISSING_SRP_PARAM);
+ goto err;
+ }
+ r[0] = s->srp_ctx.N;
+ r[1] = s->srp_ctx.g;
+ r[2] = s->srp_ctx.s;
+ r[3] = s->srp_ctx.B;
+ } else
+#endif
+ {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+ SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
+ goto err;
+ }
+
+ if (((s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP)) != 0)
+ || ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK)) != 0) {
+ lu = NULL;
+ } else if (lu == NULL) {
+ SSLfatal(s, SSL_AD_DECODE_ERROR,
+ SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+#ifndef OPENSSL_NO_PSK
+ if (type & SSL_PSK) {
+ size_t len = (s->cert->psk_identity_hint == NULL)
+ ? 0 : strlen(s->cert->psk_identity_hint);
+
+ /*
+ * It should not happen that len > PSK_MAX_IDENTITY_LEN - we already
+ * checked this when we set the identity hint - but just in case
+ */
+ if (len > PSK_MAX_IDENTITY_LEN
+ || !WPACKET_sub_memcpy_u16(pkt, s->cert->psk_identity_hint,
+ len)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ }
+#endif
+
+ for (i = 0; i < 4 && r[i] != NULL; i++) {
+ unsigned char *binval;
+ int res;
+
+#ifndef OPENSSL_NO_SRP
+ if ((i == 2) && (type & SSL_kSRP)) {
+ res = WPACKET_start_sub_packet_u8(pkt);
+ } else
+#endif
+ res = WPACKET_start_sub_packet_u16(pkt);
+
+ if (!res) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+#ifndef OPENSSL_NO_DH
+ /*-
+ * for interoperability with some versions of the Microsoft TLS
+ * stack, we need to zero pad the DHE pub key to the same length
+ * as the prime
+ */
+ if ((i == 2) && (type & (SSL_kDHE | SSL_kDHEPSK))) {
+ size_t len = BN_num_bytes(r[0]) - BN_num_bytes(r[2]);
+
+ if (len > 0) {
+ if (!WPACKET_allocate_bytes(pkt, len, &binval)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ memset(binval, 0, len);
+ }
+ }
+#endif
+ if (!WPACKET_allocate_bytes(pkt, BN_num_bytes(r[i]), &binval)
+ || !WPACKET_close(pkt)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ BN_bn2bin(r[i], binval);
+ }
+
+#ifndef OPENSSL_NO_EC
+ if (type & (SSL_kECDHE | SSL_kECDHEPSK)) {
+ /*
+ * We only support named (not generic) curves. In this situation, the
+ * ServerKeyExchange message has: [1 byte CurveType], [2 byte CurveName]
+ * [1 byte length of encoded point], followed by the actual encoded
+ * point itself
+ */
+ if (!WPACKET_put_bytes_u8(pkt, NAMED_CURVE_TYPE)
+ || !WPACKET_put_bytes_u8(pkt, 0)
+ || !WPACKET_put_bytes_u8(pkt, curve_id)
+ || !WPACKET_sub_memcpy_u8(pkt, encodedPoint, encodedlen)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ OPENSSL_free(encodedPoint);
+ encodedPoint = NULL;
+ }
+#endif
+
+ /* not anonymous */
+ if (lu != NULL) {
+ EVP_PKEY *pkey = s->s3->tmp.cert->privatekey;
+ const EVP_MD *md;
+ unsigned char *sigbytes1, *sigbytes2, *tbs;
+ size_t siglen, tbslen;
+ int rv;
+
+ if (pkey == NULL || !tls1_lookup_md(lu, &md)) {
+ /* Should never happen */
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ /* Get length of the parameters we have written above */
+ if (!WPACKET_get_length(pkt, ¶mlen)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ /* send signature algorithm */
+ if (SSL_USE_SIGALGS(s) && !WPACKET_put_bytes_u16(pkt, lu->sigalg)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ /*
+ * Create the signature. We don't know the actual length of the sig
+ * until after we've created it, so we reserve enough bytes for it
+ * up front, and then properly allocate them in the WPACKET
+ * afterwards.
+ */
+ siglen = EVP_PKEY_size(pkey);
+ if (!WPACKET_sub_reserve_bytes_u16(pkt, siglen, &sigbytes1)
+ || EVP_DigestSignInit(md_ctx, &pctx, md, NULL, pkey) <= 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ if (lu->sig == EVP_PKEY_RSA_PSS) {
+ if (EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) <= 0
+ || EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, RSA_PSS_SALTLEN_DIGEST) <= 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+ ERR_R_EVP_LIB);
+ goto err;
+ }
+ }
+ tbslen = construct_key_exchange_tbs(s, &tbs,
+ s->init_buf->data + paramoffset,
+ paramlen);
+ if (tbslen == 0) {
+ /* SSLfatal() already called */
+ goto err;
+ }
+ rv = EVP_DigestSign(md_ctx, sigbytes1, &siglen, tbs, tbslen);
+ OPENSSL_free(tbs);
+ if (rv <= 0 || !WPACKET_sub_allocate_bytes_u16(pkt, siglen, &sigbytes2)
+ || sigbytes1 != sigbytes2) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ }
+
+ EVP_MD_CTX_free(md_ctx);
+ return 1;
+ err:
+#ifndef OPENSSL_NO_DH
+ EVP_PKEY_free(pkdh);
+#endif
+#ifndef OPENSSL_NO_EC
+ OPENSSL_free(encodedPoint);
+#endif
+ EVP_MD_CTX_free(md_ctx);
+ return 0;
+}
+
+int tls_construct_certificate_request(SSL *s, WPACKET *pkt)
+{
+ if (SSL_IS_TLS13(s)) {
+ /* Send random context when doing post-handshake auth */
+ if (s->post_handshake_auth == SSL_PHA_REQUEST_PENDING) {
+ OPENSSL_free(s->pha_context);
+ s->pha_context_len = 32;
+ if ((s->pha_context = OPENSSL_malloc(s->pha_context_len)) == NULL) {
+ s->pha_context_len = 0;
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+ if (RAND_bytes(s->pha_context, s->pha_context_len) <= 0
+ || !WPACKET_sub_memcpy_u8(pkt, s->pha_context,
+ s->pha_context_len)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+ /* reset the handshake hash back to just after the ClientFinished */
+ if (!tls13_restore_handshake_digest_for_pha(s)) {
+ /* SSLfatal() already called */
+ return 0;
+ }
+ } else {
+ if (!WPACKET_put_bytes_u8(pkt, 0)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+ }
+
+ if (!tls_construct_extensions(s, pkt,
+ SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, NULL,
+ 0)) {
+ /* SSLfatal() already called */
+ return 0;
+ }
+ goto done;
+ }
+
+ /* get the list of acceptable cert types */
+ if (!WPACKET_start_sub_packet_u8(pkt)
+ || !ssl3_get_req_cert_type(s, pkt) || !WPACKET_close(pkt)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
+ if (SSL_USE_SIGALGS(s)) {
+ const uint16_t *psigs;
+ size_t nl = tls12_get_psigalgs(s, 1, &psigs);
+
+ if (!WPACKET_start_sub_packet_u16(pkt)
+ || !WPACKET_set_flags(pkt, WPACKET_FLAGS_NON_ZERO_LENGTH)
+ || !tls12_copy_sigalgs(s, pkt, psigs, nl)
+ || !WPACKET_close(pkt)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+ }
+
+ if (!construct_ca_names(s, get_ca_names(s), pkt)) {
+ /* SSLfatal() already called */
+ return 0;
+ }
+
+ done:
+ s->certreqs_sent++;
+ s->s3->tmp.cert_request = 1;
+ return 1;
+}
+
+static int tls_process_cke_psk_preamble(SSL *s, PACKET *pkt)
+{
+#ifndef OPENSSL_NO_PSK
+ unsigned char psk[PSK_MAX_PSK_LEN];
+ size_t psklen;
+ PACKET psk_identity;
+
+ if (!PACKET_get_length_prefixed_2(pkt, &psk_identity)) {
+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE,
+ SSL_R_LENGTH_MISMATCH);
+ return 0;
+ }
+ if (PACKET_remaining(&psk_identity) > PSK_MAX_IDENTITY_LEN) {
+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE,
+ SSL_R_DATA_LENGTH_TOO_LONG);
+ return 0;
+ }
+ if (s->psk_server_callback == NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE,
+ SSL_R_PSK_NO_SERVER_CB);
+ return 0;
+ }
+
+ if (!PACKET_strndup(&psk_identity, &s->session->psk_identity)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
+ psklen = s->psk_server_callback(s, s->session->psk_identity,
+ psk, sizeof(psk));
+
+ if (psklen > PSK_MAX_PSK_LEN) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+ } else if (psklen == 0) {
+ /*
+ * PSK related to the given identity not found
+ */
+ SSLfatal(s, SSL_AD_UNKNOWN_PSK_IDENTITY,
+ SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE,
+ SSL_R_PSK_IDENTITY_NOT_FOUND);
+ return 0;
+ }
+
+ OPENSSL_free(s->s3->tmp.psk);
+ s->s3->tmp.psk = OPENSSL_memdup(psk, psklen);
+ OPENSSL_cleanse(psk, psklen);
+
+ if (s->s3->tmp.psk == NULL) {
+ s->s3->tmp.psklen = 0;
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
+ s->s3->tmp.psklen = psklen;
+
+ return 1;
+#else
+ /* Should never happen */
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+#endif
+}
+
+static int tls_process_cke_rsa(SSL *s, PACKET *pkt)
+{
+#ifndef OPENSSL_NO_RSA
+ unsigned char rand_premaster_secret[SSL_MAX_MASTER_KEY_LENGTH];
+ int decrypt_len;
+ unsigned char decrypt_good, version_good;
+ size_t j, padding_len;
+ PACKET enc_premaster;
+ RSA *rsa = NULL;
+ unsigned char *rsa_decrypt = NULL;
+ int ret = 0;
+
+ rsa = EVP_PKEY_get0_RSA(s->cert->pkeys[SSL_PKEY_RSA].privatekey);
+ if (rsa == NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_RSA,
+ SSL_R_MISSING_RSA_CERTIFICATE);
+ return 0;
+ }
+
+ /* SSLv3 and pre-standard DTLS omit the length bytes. */
+ if (s->version == SSL3_VERSION || s->version == DTLS1_BAD_VER) {
+ enc_premaster = *pkt;
+ } else {
+ if (!PACKET_get_length_prefixed_2(pkt, &enc_premaster)
+ || PACKET_remaining(pkt) != 0) {
+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_RSA,
+ SSL_R_LENGTH_MISMATCH);
+ return 0;
+ }
+ }
+
+ /*
+ * We want to be sure that the plaintext buffer size makes it safe to
+ * iterate over the entire size of a premaster secret
+ * (SSL_MAX_MASTER_KEY_LENGTH). Reject overly short RSA keys because
+ * their ciphertext cannot accommodate a premaster secret anyway.
+ */
+ if (RSA_size(rsa) < SSL_MAX_MASTER_KEY_LENGTH) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_RSA,
+ RSA_R_KEY_SIZE_TOO_SMALL);
+ return 0;
+ }
+
+ rsa_decrypt = OPENSSL_malloc(RSA_size(rsa));
+ if (rsa_decrypt == NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_RSA,
+ ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
+ /*
+ * We must not leak whether a decryption failure occurs because of
+ * Bleichenbacher's attack on PKCS #1 v1.5 RSA padding (see RFC 2246,
+ * section 7.4.7.1). The code follows that advice of the TLS RFC and
+ * generates a random premaster secret for the case that the decrypt
+ * fails. See https://tools.ietf.org/html/rfc5246#section-7.4.7.1
+ */
+
+ if (RAND_priv_bytes(rand_premaster_secret,
+ sizeof(rand_premaster_secret)) <= 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_RSA,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ /*
+ * Decrypt with no padding. PKCS#1 padding will be removed as part of
+ * the timing-sensitive code below.
+ */
+ /* TODO(size_t): Convert this function */
+ decrypt_len = (int)RSA_private_decrypt((int)PACKET_remaining(&enc_premaster),
+ PACKET_data(&enc_premaster),
+ rsa_decrypt, rsa, RSA_NO_PADDING);
+ if (decrypt_len < 0) {
+ SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_F_TLS_PROCESS_CKE_RSA,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ /* Check the padding. See RFC 3447, section 7.2.2. */
+
+ /*
+ * The smallest padded premaster is 11 bytes of overhead. Small keys
+ * are publicly invalid, so this may return immediately. This ensures
+ * PS is at least 8 bytes.
+ */
+ if (decrypt_len < 11 + SSL_MAX_MASTER_KEY_LENGTH) {
+ SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_F_TLS_PROCESS_CKE_RSA,
+ SSL_R_DECRYPTION_FAILED);
+ goto err;
+ }
+
+ padding_len = decrypt_len - SSL_MAX_MASTER_KEY_LENGTH;
+ decrypt_good = constant_time_eq_int_8(rsa_decrypt[0], 0) &
+ constant_time_eq_int_8(rsa_decrypt[1], 2);
+ for (j = 2; j < padding_len - 1; j++) {
+ decrypt_good &= ~constant_time_is_zero_8(rsa_decrypt[j]);
+ }
+ decrypt_good &= constant_time_is_zero_8(rsa_decrypt[padding_len - 1]);
+
+ /*
+ * If the version in the decrypted pre-master secret is correct then
+ * version_good will be 0xff, otherwise it'll be zero. The
+ * Klima-Pokorny-Rosa extension of Bleichenbacher's attack
+ * (http://eprint.iacr.org/2003/052/) exploits the version number
+ * check as a "bad version oracle". Thus version checks are done in
+ * constant time and are treated like any other decryption error.
+ */
+ version_good =
+ constant_time_eq_8(rsa_decrypt[padding_len],
+ (unsigned)(s->client_version >> 8));
+ version_good &=
+ constant_time_eq_8(rsa_decrypt[padding_len + 1],
+ (unsigned)(s->client_version & 0xff));
+
+ /*
+ * The premaster secret must contain the same version number as the
+ * ClientHello to detect version rollback attacks (strangely, the
+ * protocol does not offer such protection for DH ciphersuites).
+ * However, buggy clients exist that send the negotiated protocol
+ * version instead if the server does not support the requested
+ * protocol version. If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such
+ * clients.
+ */
+ if (s->options & SSL_OP_TLS_ROLLBACK_BUG) {
+ unsigned char workaround_good;
+ workaround_good = constant_time_eq_8(rsa_decrypt[padding_len],
+ (unsigned)(s->version >> 8));
+ workaround_good &=
+ constant_time_eq_8(rsa_decrypt[padding_len + 1],
+ (unsigned)(s->version & 0xff));
+ version_good |= workaround_good;
+ }
+
+ /*
+ * Both decryption and version must be good for decrypt_good to
+ * remain non-zero (0xff).
+ */
+ decrypt_good &= version_good;
+
+ /*
+ * Now copy rand_premaster_secret over from p using
+ * decrypt_good_mask. If decryption failed, then p does not
+ * contain valid plaintext, however, a check above guarantees
+ * it is still sufficiently large to read from.
+ */
+ for (j = 0; j < sizeof(rand_premaster_secret); j++) {
+ rsa_decrypt[padding_len + j] =
+ constant_time_select_8(decrypt_good,
+ rsa_decrypt[padding_len + j],
+ rand_premaster_secret[j]);
+ }
+
+ if (!ssl_generate_master_secret(s, rsa_decrypt + padding_len,
+ sizeof(rand_premaster_secret), 0)) {
+ /* SSLfatal() already called */
+ goto err;
+ }
+
+ ret = 1;
+ err:
+ OPENSSL_free(rsa_decrypt);
+ return ret;
+#else
+ /* Should never happen */
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_RSA,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+#endif
+}
+
+static int tls_process_cke_dhe(SSL *s, PACKET *pkt)
+{
+#ifndef OPENSSL_NO_DH
+ EVP_PKEY *skey = NULL;
+ DH *cdh;
+ unsigned int i;
+ BIGNUM *pub_key;
+ const unsigned char *data;
+ EVP_PKEY *ckey = NULL;
+ int ret = 0;
+
+ if (!PACKET_get_net_2(pkt, &i) || PACKET_remaining(pkt) != i) {
+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_DHE,
+ SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
+ goto err;
+ }
+ skey = s->s3->tmp.pkey;
+ if (skey == NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_DHE,
+ SSL_R_MISSING_TMP_DH_KEY);
+ goto err;
+ }
+
+ if (PACKET_remaining(pkt) == 0L) {
+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_DHE,
+ SSL_R_MISSING_TMP_DH_KEY);
+ goto err;
+ }
+ if (!PACKET_get_bytes(pkt, &data, i)) {
+ /* We already checked we have enough data */
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_DHE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ ckey = EVP_PKEY_new();
+ if (ckey == NULL || EVP_PKEY_copy_parameters(ckey, skey) == 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_DHE,
+ SSL_R_BN_LIB);
+ goto err;
+ }
+
+ cdh = EVP_PKEY_get0_DH(ckey);
+ pub_key = BN_bin2bn(data, i, NULL);
+ if (pub_key == NULL || cdh == NULL || !DH_set0_key(cdh, pub_key, NULL)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_DHE,
+ ERR_R_INTERNAL_ERROR);
+ BN_free(pub_key);
+ goto err;
+ }
+
+ if (ssl_derive(s, skey, ckey, 1) == 0) {
+ /* SSLfatal() already called */
+ goto err;
+ }
+
+ ret = 1;
+ EVP_PKEY_free(s->s3->tmp.pkey);
+ s->s3->tmp.pkey = NULL;
+ err:
+ EVP_PKEY_free(ckey);
+ return ret;
+#else
+ /* Should never happen */
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_DHE,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+#endif
+}
+
+static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt)
+{
+#ifndef OPENSSL_NO_EC
+ EVP_PKEY *skey = s->s3->tmp.pkey;
+ EVP_PKEY *ckey = NULL;
+ int ret = 0;
+
+ if (PACKET_remaining(pkt) == 0L) {
+ /* We don't support ECDH client auth */
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PROCESS_CKE_ECDHE,
+ SSL_R_MISSING_TMP_ECDH_KEY);
+ goto err;
+ } else {
+ unsigned int i;
+ const unsigned char *data;
+
+ /*
+ * Get client's public key from encoded point in the
+ * ClientKeyExchange message.
+ */
+
+ /* Get encoded point length */
+ if (!PACKET_get_1(pkt, &i) || !PACKET_get_bytes(pkt, &data, i)
+ || PACKET_remaining(pkt) != 0) {
+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_ECDHE,
+ SSL_R_LENGTH_MISMATCH);
+ goto err;
+ }
+ if (skey == NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_ECDHE,
+ SSL_R_MISSING_TMP_ECDH_KEY);
+ goto err;
+ }
+
+ ckey = EVP_PKEY_new();
+ if (ckey == NULL || EVP_PKEY_copy_parameters(ckey, skey) <= 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_ECDHE,
+ ERR_R_EVP_LIB);
+ goto err;
+ }
+ if (EVP_PKEY_set1_tls_encodedpoint(ckey, data, i) == 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_ECDHE,
+ ERR_R_EC_LIB);
+ goto err;
+ }
+ }
+
+ if (ssl_derive(s, skey, ckey, 1) == 0) {
+ /* SSLfatal() already called */
+ goto err;
+ }
+
+ ret = 1;
+ EVP_PKEY_free(s->s3->tmp.pkey);
+ s->s3->tmp.pkey = NULL;
+ err:
+ EVP_PKEY_free(ckey);
+
+ return ret;
+#else
+ /* Should never happen */
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_ECDHE,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+#endif
+}
+
+static int tls_process_cke_srp(SSL *s, PACKET *pkt)
+{
+#ifndef OPENSSL_NO_SRP
+ unsigned int i;
+ const unsigned char *data;
+
+ if (!PACKET_get_net_2(pkt, &i)
+ || !PACKET_get_bytes(pkt, &data, i)) {
+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_SRP,
+ SSL_R_BAD_SRP_A_LENGTH);
+ return 0;
+ }
+ if ((s->srp_ctx.A = BN_bin2bn(data, i, NULL)) == NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_SRP,
+ ERR_R_BN_LIB);
+ return 0;
+ }
+ if (BN_ucmp(s->srp_ctx.A, s->srp_ctx.N) >= 0 || BN_is_zero(s->srp_ctx.A)) {
+ SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_CKE_SRP,
+ SSL_R_BAD_SRP_PARAMETERS);
+ return 0;
+ }
+ OPENSSL_free(s->session->srp_username);
+ s->session->srp_username = OPENSSL_strdup(s->srp_ctx.login);
+ if (s->session->srp_username == NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_SRP,
+ ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
+ if (!srp_generate_server_master_secret(s)) {
+ /* SSLfatal() already called */
+ return 0;
+ }
+
+ return 1;
+#else
+ /* Should never happen */
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_SRP,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+#endif
+}
+
+static int tls_process_cke_gost(SSL *s, PACKET *pkt)
+{
+#ifndef OPENSSL_NO_GOST
+ EVP_PKEY_CTX *pkey_ctx;
+ EVP_PKEY *client_pub_pkey = NULL, *pk = NULL;
+ unsigned char premaster_secret[32];
+ const unsigned char *start;
+ size_t outlen = 32, inlen;
+ unsigned long alg_a;
+ GOST_KX_MESSAGE *pKX = NULL;
+ const unsigned char *ptr;
+ int ret = 0;
+
+ /* Get our certificate private key */
+ alg_a = s->s3->tmp.new_cipher->algorithm_auth;
+ if (alg_a & SSL_aGOST12) {
+ /*
+ * New GOST ciphersuites have SSL_aGOST01 bit too
+ */
+ pk = s->cert->pkeys[SSL_PKEY_GOST12_512].privatekey;
+ if (pk == NULL) {
+ pk = s->cert->pkeys[SSL_PKEY_GOST12_256].privatekey;
+ }
+ if (pk == NULL) {
+ pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
+ }
+ } else if (alg_a & SSL_aGOST01) {
+ pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
+ }
+
+ pkey_ctx = EVP_PKEY_CTX_new(pk, NULL);
+ if (pkey_ctx == NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
+ ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ if (EVP_PKEY_decrypt_init(pkey_ctx) <= 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+ /*
+ * If client certificate is present and is of the same type, maybe
+ * use it for key exchange. Don't mind errors from
+ * EVP_PKEY_derive_set_peer, because it is completely valid to use a
+ * client certificate for authorization only.
+ */
+ client_pub_pkey = X509_get0_pubkey(s->session->peer);
+ if (client_pub_pkey) {
+ if (EVP_PKEY_derive_set_peer(pkey_ctx, client_pub_pkey) <= 0)
+ ERR_clear_error();
+ }
+
+ ptr = PACKET_data(pkt);
+ /* Some implementations provide extra data in the opaqueBlob
+ * We have nothing to do with this blob so we just skip it */
+ pKX = d2i_GOST_KX_MESSAGE(NULL, &ptr, PACKET_remaining(pkt));
+ if (pKX == NULL
+ || pKX->kxBlob == NULL
+ || ASN1_TYPE_get(pKX->kxBlob) != V_ASN1_SEQUENCE) {
+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
+ SSL_R_DECRYPTION_FAILED);
+ goto err;
+ }
+
+ if (!PACKET_forward(pkt, ptr - PACKET_data(pkt))) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
+ SSL_R_DECRYPTION_FAILED);
+ goto err;
+ }
+
+ if (PACKET_remaining(pkt) != 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
+ SSL_R_DECRYPTION_FAILED);
+ goto err;
+ }
+
+ inlen = pKX->kxBlob->value.sequence->length;
+ start = pKX->kxBlob->value.sequence->data;
+
+ if (EVP_PKEY_decrypt(pkey_ctx, premaster_secret, &outlen, start,
+ inlen) <= 0) {
+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
+ SSL_R_DECRYPTION_FAILED);
+ goto err;
+ }
+ /* Generate master secret */
+ if (!ssl_generate_master_secret(s, premaster_secret,
+ sizeof(premaster_secret), 0)) {
+ /* SSLfatal() already called */
+ goto err;
+ }
+ /* Check if pubkey from client certificate was used */
+ if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2,
+ NULL) > 0)
+ s->statem.no_cert_verify = 1;
+
+ ret = 1;
+ err:
+ EVP_PKEY_CTX_free(pkey_ctx);
+ GOST_KX_MESSAGE_free(pKX);
+ return ret;
+#else
+ /* Should never happen */
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+#endif
+}
+
+MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
+{
+ unsigned long alg_k;
+
+ alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+
+ /* For PSK parse and retrieve identity, obtain PSK key */
+ if ((alg_k & SSL_PSK) && !tls_process_cke_psk_preamble(s, pkt)) {
+ /* SSLfatal() already called */
+ goto err;
+ }
+
+ if (alg_k & SSL_kPSK) {
+ /* Identity extracted earlier: should be nothing left */
+ if (PACKET_remaining(pkt) != 0) {
+ SSLfatal(s, SSL_AD_DECODE_ERROR,
+ SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
+ SSL_R_LENGTH_MISMATCH);
+ goto err;
+ }
+ /* PSK handled by ssl_generate_master_secret */
+ if (!ssl_generate_master_secret(s, NULL, 0, 0)) {
+ /* SSLfatal() already called */
+ goto err;
+ }
+ } else if (alg_k & (SSL_kRSA | SSL_kRSAPSK)) {
+ if (!tls_process_cke_rsa(s, pkt)) {
+ /* SSLfatal() already called */
+ goto err;
+ }
+ } else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
+ if (!tls_process_cke_dhe(s, pkt)) {
+ /* SSLfatal() already called */
+ goto err;
+ }
+ } else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {
+ if (!tls_process_cke_ecdhe(s, pkt)) {
+ /* SSLfatal() already called */
+ goto err;
+ }
+ } else if (alg_k & SSL_kSRP) {
+ if (!tls_process_cke_srp(s, pkt)) {
+ /* SSLfatal() already called */
+ goto err;
+ }
+ } else if (alg_k & SSL_kGOST) {
+ if (!tls_process_cke_gost(s, pkt)) {
+ /* SSLfatal() already called */
+ goto err;
+ }
+ } else {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
+ SSL_R_UNKNOWN_CIPHER_TYPE);
+ goto err;
+ }
+
+ return MSG_PROCESS_CONTINUE_PROCESSING;
+ err:
+#ifndef OPENSSL_NO_PSK
+ OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen);
+ s->s3->tmp.psk = NULL;
+ s->s3->tmp.psklen = 0;
+#endif
+ return MSG_PROCESS_ERROR;
+}
+
+WORK_STATE tls_post_process_client_key_exchange(SSL *s, WORK_STATE wst)
+{
+#ifndef OPENSSL_NO_SCTP
+ if (wst == WORK_MORE_A) {
+ if (SSL_IS_DTLS(s)) {
+ unsigned char sctpauthkey[64];
+ char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
+ size_t labellen;
+ /*
+ * Add new shared key for SCTP-Auth, will be ignored if no SCTP
+ * used.
+ */
+ memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL,
+ sizeof(DTLS1_SCTP_AUTH_LABEL));
+
+ /* Don't include the terminating zero. */
+ labellen = sizeof(labelbuffer) - 1;
+ if (s->mode & SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG)
+ labellen += 1;
+
+ if (SSL_export_keying_material(s, sctpauthkey,
+ sizeof(sctpauthkey), labelbuffer,
+ labellen, NULL, 0,
+ 0) <= 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ return WORK_ERROR;
+ }
+
+ BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
+ sizeof(sctpauthkey), sctpauthkey);
+ }
+ }
+#endif
+
+ if (s->statem.no_cert_verify || !s->session->peer) {
+ /*
+ * No certificate verify or no peer certificate so we no longer need
+ * the handshake_buffer
+ */
+ if (!ssl3_digest_cached_records(s, 0)) {
+ /* SSLfatal() already called */
+ return WORK_ERROR;
+ }
+ return WORK_FINISHED_CONTINUE;
+ } else {
+ if (!s->s3->handshake_buffer) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ return WORK_ERROR;
+ }
+ /*
+ * For sigalgs freeze the handshake buffer. If we support
+ * extms we've done this already so this is a no-op
+ */
+ if (!ssl3_digest_cached_records(s, 1)) {
+ /* SSLfatal() already called */
+ return WORK_ERROR;
+ }
+ }
+
+ return WORK_FINISHED_CONTINUE;
+}
+
+MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt)
+{
+ int i;
+ MSG_PROCESS_RETURN ret = MSG_PROCESS_ERROR;
+ X509 *x = NULL;
+ unsigned long l;
+ const unsigned char *certstart, *certbytes;
+ STACK_OF(X509) *sk = NULL;
+ PACKET spkt, context;
+ size_t chainidx;
+ SSL_SESSION *new_sess = NULL;
+
+ /*
+ * To get this far we must have read encrypted data from the client. We no
+ * longer tolerate unencrypted alerts. This value is ignored if less than
+ * TLSv1.3
+ */
+ s->statem.enc_read_state = ENC_READ_STATE_VALID;
+
+ if ((sk = sk_X509_new_null()) == NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (SSL_IS_TLS13(s) && (!PACKET_get_length_prefixed_1(pkt, &context)
+ || (s->pha_context == NULL && PACKET_remaining(&context) != 0)
+ || (s->pha_context != NULL &&
+ !PACKET_equal(&context, s->pha_context, s->pha_context_len)))) {
+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+ SSL_R_INVALID_CONTEXT);
+ goto err;
+ }
+
+ if (!PACKET_get_length_prefixed_3(pkt, &spkt)
+ || PACKET_remaining(pkt) != 0) {
+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+ SSL_R_LENGTH_MISMATCH);
+ goto err;
+ }
+
+ for (chainidx = 0; PACKET_remaining(&spkt) > 0; chainidx++) {
+ if (!PACKET_get_net_3(&spkt, &l)
+ || !PACKET_get_bytes(&spkt, &certbytes, l)) {
+ SSLfatal(s, SSL_AD_DECODE_ERROR,
+ SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+ SSL_R_CERT_LENGTH_MISMATCH);
+ goto err;
+ }
+
+ certstart = certbytes;
+ x = d2i_X509(NULL, (const unsigned char **)&certbytes, l);
+ if (x == NULL) {
+ SSLfatal(s, SSL_AD_DECODE_ERROR,
+ SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, ERR_R_ASN1_LIB);
+ goto err;
+ }
+ if (certbytes != (certstart + l)) {
+ SSLfatal(s, SSL_AD_DECODE_ERROR,
+ SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+ SSL_R_CERT_LENGTH_MISMATCH);
+ goto err;
+ }
+
+ if (SSL_IS_TLS13(s)) {
+ RAW_EXTENSION *rawexts = NULL;
+ PACKET extensions;
+
+ if (!PACKET_get_length_prefixed_2(&spkt, &extensions)) {
+ SSLfatal(s, SSL_AD_DECODE_ERROR,
+ SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+ SSL_R_BAD_LENGTH);
+ goto err;
+ }
+ if (!tls_collect_extensions(s, &extensions,
+ SSL_EXT_TLS1_3_CERTIFICATE, &rawexts,
+ NULL, chainidx == 0)
+ || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_CERTIFICATE,
+ rawexts, x, chainidx,
+ PACKET_remaining(&spkt) == 0)) {
+ OPENSSL_free(rawexts);
+ goto err;
+ }
+ OPENSSL_free(rawexts);
+ }
+
+ if (!sk_X509_push(sk, x)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ x = NULL;
+ }
+
+ if (sk_X509_num(sk) <= 0) {
+ /* TLS does not mind 0 certs returned */
+ if (s->version == SSL3_VERSION) {
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+ SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+ SSL_R_NO_CERTIFICATES_RETURNED);
+ goto err;
+ }
+ /* Fail for TLS only if we required a certificate */
+ else if ((s->verify_mode & SSL_VERIFY_PEER) &&
+ (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
+ SSLfatal(s, SSL_AD_CERTIFICATE_REQUIRED,
+ SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+ SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
+ goto err;
+ }
+ /* No client certificate so digest cached records */
+ if (s->s3->handshake_buffer && !ssl3_digest_cached_records(s, 0)) {
+ /* SSLfatal() already called */
+ goto err;
+ }
+ } else {
+ EVP_PKEY *pkey;
+ i = ssl_verify_cert_chain(s, sk);
+ if (i <= 0) {
+ SSLfatal(s, ssl_x509err2alert(s->verify_result),
+ SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+ SSL_R_CERTIFICATE_VERIFY_FAILED);
+ goto err;
+ }
+ if (i > 1) {
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+ SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, i);
+ goto err;
+ }
+ pkey = X509_get0_pubkey(sk_X509_value(sk, 0));
+ if (pkey == NULL) {
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+ SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+ SSL_R_UNKNOWN_CERTIFICATE_TYPE);
+ goto err;
+ }
+ }
+
+ /*
+ * Sessions must be immutable once they go into the session cache. Otherwise
+ * we can get multi-thread problems. Therefore we don't "update" sessions,
+ * we replace them with a duplicate. Here, we need to do this every time
+ * a new certificate is received via post-handshake authentication, as the
+ * session may have already gone into the session cache.
+ */
+
+ if (s->post_handshake_auth == SSL_PHA_REQUESTED) {
+ if ((new_sess = ssl_session_dup(s->session, 0)) == 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ SSL_SESSION_free(s->session);
+ s->session = new_sess;
+ }
+
+ X509_free(s->session->peer);
+ s->session->peer = sk_X509_shift(sk);
+ s->session->verify_result = s->verify_result;
+
+ sk_X509_pop_free(s->session->peer_chain, X509_free);
+ s->session->peer_chain = sk;
+ sk = NULL;
+
+ /*
+ * Freeze the handshake buffer. For <TLS1.3 we do this after the CKE
+ * message
+ */
+ if (SSL_IS_TLS13(s) && !ssl3_digest_cached_records(s, 1)) {
+ /* SSLfatal() already called */
+ goto err;
+ }
+
+ /*
+ * Inconsistency alert: cert_chain does *not* include the peer's own
+ * certificate, while we do include it in statem_clnt.c
+ */
+
+ /* Save the current hash state for when we receive the CertificateVerify */
+ if (SSL_IS_TLS13(s)) {
+ if (!ssl_handshake_hash(s, s->cert_verify_hash,
+ sizeof(s->cert_verify_hash),
+ &s->cert_verify_hash_len)) {
+ /* SSLfatal() already called */
+ goto err;
+ }
+
+ /* Resend session tickets */
+ s->sent_tickets = 0;
+ }
+
+ ret = MSG_PROCESS_CONTINUE_READING;
+
+ err:
+ X509_free(x);
+ sk_X509_pop_free(sk, X509_free);
+ return ret;
+}
+
+int tls_construct_server_certificate(SSL *s, WPACKET *pkt)
+{
+ CERT_PKEY *cpk = s->s3->tmp.cert;
+
+ if (cpk == NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
+ /*
+ * In TLSv1.3 the certificate chain is always preceded by a 0 length context
+ * for the server Certificate message
+ */
+ if (SSL_IS_TLS13(s) && !WPACKET_put_bytes_u8(pkt, 0)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+ if (!ssl3_output_cert_chain(s, pkt, cpk)) {
+ /* SSLfatal() already called */
+ return 0;
+ }
+
+ return 1;
+}
+
+static int create_ticket_prequel(SSL *s, WPACKET *pkt, uint32_t age_add,
+ unsigned char *tick_nonce)
+{
+ uint32_t timeout = (uint32_t)s->session->timeout;
+
+ /*
+ * Ticket lifetime hint:
+ * In TLSv1.3 we reset the "time" field above, and always specify the
+ * timeout, limited to a 1 week period per RFC8446.
+ * For TLSv1.2 this is advisory only and we leave this unspecified for
+ * resumed session (for simplicity).
+ */
+#define ONE_WEEK_SEC (7 * 24 * 60 * 60)
+
+ if (SSL_IS_TLS13(s)) {
+ if (s->session->timeout > ONE_WEEK_SEC)
+ timeout = ONE_WEEK_SEC;
+ } else if (s->hit)
+ timeout = 0;
+
+ if (!WPACKET_put_bytes_u32(pkt, timeout)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CREATE_TICKET_PREQUEL,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
+ if (SSL_IS_TLS13(s)) {
+ if (!WPACKET_put_bytes_u32(pkt, age_add)
+ || !WPACKET_sub_memcpy_u8(pkt, tick_nonce, TICKET_NONCE_SIZE)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CREATE_TICKET_PREQUEL,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+ }
+
+ /* Start the sub-packet for the actual ticket data */
+ if (!WPACKET_start_sub_packet_u16(pkt)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CREATE_TICKET_PREQUEL,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
+ return 1;
+}
+
+static int construct_stateless_ticket(SSL *s, WPACKET *pkt, uint32_t age_add,
+ unsigned char *tick_nonce)
+{
+ unsigned char *senc = NULL;
+ EVP_CIPHER_CTX *ctx = NULL;
+ HMAC_CTX *hctx = NULL;
+ unsigned char *p, *encdata1, *encdata2, *macdata1, *macdata2;
+ const unsigned char *const_p;
+ int len, slen_full, slen, lenfinal;
+ SSL_SESSION *sess;
+ unsigned int hlen;
+ SSL_CTX *tctx = s->session_ctx;
+ unsigned char iv[EVP_MAX_IV_LENGTH];
+ unsigned char key_name[TLSEXT_KEYNAME_LENGTH];
+ int iv_len, ok = 0;
+ size_t macoffset, macendoffset;
+
+ /* get session encoding length */
+ slen_full = i2d_SSL_SESSION(s->session, NULL);
+ /*
+ * Some length values are 16 bits, so forget it if session is too
+ * long
+ */
+ if (slen_full == 0 || slen_full > 0xFF00) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ senc = OPENSSL_malloc(slen_full);
+ if (senc == NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_CONSTRUCT_STATELESS_TICKET, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ ctx = EVP_CIPHER_CTX_new();
+ hctx = HMAC_CTX_new();
+ if (ctx == NULL || hctx == NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ p = senc;
+ if (!i2d_SSL_SESSION(s->session, &p)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ /*
+ * create a fresh copy (not shared with other threads) to clean up
+ */
+ const_p = senc;
+ sess = d2i_SSL_SESSION(NULL, &const_p, slen_full);
+ if (sess == NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ slen = i2d_SSL_SESSION(sess, NULL);
+ if (slen == 0 || slen > slen_full) {
+ /* shouldn't ever happen */
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,
+ ERR_R_INTERNAL_ERROR);
+ SSL_SESSION_free(sess);
+ goto err;
+ }
+ p = senc;
+ if (!i2d_SSL_SESSION(sess, &p)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,
+ ERR_R_INTERNAL_ERROR);
+ SSL_SESSION_free(sess);
+ goto err;
+ }
+ SSL_SESSION_free(sess);
+
+ /*
+ * Initialize HMAC and cipher contexts. If callback present it does
+ * all the work otherwise use generated values from parent ctx.
+ */
+ if (tctx->ext.ticket_key_cb) {
+ /* if 0 is returned, write an empty ticket */
+ int ret = tctx->ext.ticket_key_cb(s, key_name, iv, ctx,
+ hctx, 1);
+
+ if (ret == 0) {
+
+ /* Put timeout and length */
+ if (!WPACKET_put_bytes_u32(pkt, 0)
+ || !WPACKET_put_bytes_u16(pkt, 0)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_CONSTRUCT_STATELESS_TICKET,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ OPENSSL_free(senc);
+ EVP_CIPHER_CTX_free(ctx);
+ HMAC_CTX_free(hctx);
+ return 1;
+ }
+ if (ret < 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,
+ SSL_R_CALLBACK_FAILED);
+ goto err;
+ }
+ iv_len = EVP_CIPHER_CTX_iv_length(ctx);
+ } else {
+ const EVP_CIPHER *cipher = EVP_aes_256_cbc();
+
+ iv_len = EVP_CIPHER_iv_length(cipher);
+ if (RAND_bytes(iv, iv_len) <= 0
+ || !EVP_EncryptInit_ex(ctx, cipher, NULL,
+ tctx->ext.secure->tick_aes_key, iv)
+ || !HMAC_Init_ex(hctx, tctx->ext.secure->tick_hmac_key,
+ sizeof(tctx->ext.secure->tick_hmac_key),
+ EVP_sha256(), NULL)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ memcpy(key_name, tctx->ext.tick_key_name,
+ sizeof(tctx->ext.tick_key_name));
+ }
+
+ if (!create_ticket_prequel(s, pkt, age_add, tick_nonce)) {
+ /* SSLfatal() already called */
+ goto err;
+ }
+
+ if (!WPACKET_get_total_written(pkt, &macoffset)
+ /* Output key name */
+ || !WPACKET_memcpy(pkt, key_name, sizeof(key_name))
+ /* output IV */
+ || !WPACKET_memcpy(pkt, iv, iv_len)
+ || !WPACKET_reserve_bytes(pkt, slen + EVP_MAX_BLOCK_LENGTH,
+ &encdata1)
+ /* Encrypt session data */
+ || !EVP_EncryptUpdate(ctx, encdata1, &len, senc, slen)
+ || !WPACKET_allocate_bytes(pkt, len, &encdata2)
+ || encdata1 != encdata2
+ || !EVP_EncryptFinal(ctx, encdata1 + len, &lenfinal)
+ || !WPACKET_allocate_bytes(pkt, lenfinal, &encdata2)
+ || encdata1 + len != encdata2
+ || len + lenfinal > slen + EVP_MAX_BLOCK_LENGTH
+ || !WPACKET_get_total_written(pkt, &macendoffset)
+ || !HMAC_Update(hctx,
+ (unsigned char *)s->init_buf->data + macoffset,
+ macendoffset - macoffset)
+ || !WPACKET_reserve_bytes(pkt, EVP_MAX_MD_SIZE, &macdata1)
+ || !HMAC_Final(hctx, macdata1, &hlen)
+ || hlen > EVP_MAX_MD_SIZE
+ || !WPACKET_allocate_bytes(pkt, hlen, &macdata2)
+ || macdata1 != macdata2) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_CONSTRUCT_STATELESS_TICKET, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ /* Close the sub-packet created by create_ticket_prequel() */
+ if (!WPACKET_close(pkt)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ ok = 1;
+ err:
+ OPENSSL_free(senc);
+ EVP_CIPHER_CTX_free(ctx);
+ HMAC_CTX_free(hctx);
+ return ok;
+}
+
+static int construct_stateful_ticket(SSL *s, WPACKET *pkt, uint32_t age_add,
+ unsigned char *tick_nonce)
+{
+ if (!create_ticket_prequel(s, pkt, age_add, tick_nonce)) {
+ /* SSLfatal() already called */
+ return 0;
+ }
+
+ if (!WPACKET_memcpy(pkt, s->session->session_id,
+ s->session->session_id_length)
+ || !WPACKET_close(pkt)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATEFUL_TICKET,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
+ return 1;
+}
+
+int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt)
+{
+ SSL_CTX *tctx = s->session_ctx;
+ unsigned char tick_nonce[TICKET_NONCE_SIZE];
+ union {
+ unsigned char age_add_c[sizeof(uint32_t)];
+ uint32_t age_add;
+ } age_add_u;
+
+ age_add_u.age_add = 0;
+
+ if (SSL_IS_TLS13(s)) {
+ size_t i, hashlen;
+ uint64_t nonce;
+ static const unsigned char nonce_label[] = "resumption";
+ const EVP_MD *md = ssl_handshake_md(s);
+ int hashleni = EVP_MD_size(md);
+
+ /* Ensure cast to size_t is safe */
+ if (!ossl_assert(hashleni >= 0)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ hashlen = (size_t)hashleni;
+
+ /*
+ * If we already sent one NewSessionTicket, or we resumed then
+ * s->session may already be in a cache and so we must not modify it.
+ * Instead we need to take a copy of it and modify that.
+ */
+ if (s->sent_tickets != 0 || s->hit) {
+ SSL_SESSION *new_sess = ssl_session_dup(s->session, 0);
+
+ if (new_sess == NULL) {
+ /* SSLfatal already called */
+ goto err;
+ }
+
+ SSL_SESSION_free(s->session);
+ s->session = new_sess;
+ }
+
+ if (!ssl_generate_session_id(s, s->session)) {
+ /* SSLfatal() already called */
+ goto err;
+ }
+ if (RAND_bytes(age_add_u.age_add_c, sizeof(age_add_u)) <= 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ s->session->ext.tick_age_add = age_add_u.age_add;
+
+ nonce = s->next_ticket_nonce;
+ for (i = TICKET_NONCE_SIZE; i > 0; i--) {
+ tick_nonce[i - 1] = (unsigned char)(nonce & 0xff);
+ nonce >>= 8;
+ }
+
+ if (!tls13_hkdf_expand(s, md, s->resumption_master_secret,
+ nonce_label,
+ sizeof(nonce_label) - 1,
+ tick_nonce,
+ TICKET_NONCE_SIZE,
+ s->session->master_key,
+ hashlen, 1)) {
+ /* SSLfatal() already called */
+ goto err;
+ }
+ s->session->master_key_length = hashlen;
+
+ s->session->time = (long)time(NULL);
+ if (s->s3->alpn_selected != NULL) {
+ OPENSSL_free(s->session->ext.alpn_selected);
+ s->session->ext.alpn_selected =
+ OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len);
+ if (s->session->ext.alpn_selected == NULL) {
+ s->session->ext.alpn_selected_len = 0;
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ s->session->ext.alpn_selected_len = s->s3->alpn_selected_len;
+ }
+ s->session->ext.max_early_data = s->max_early_data;
+ }
+
+ if (tctx->generate_ticket_cb != NULL &&
+ tctx->generate_ticket_cb(s, tctx->ticket_cb_data) == 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ /*
+ * If we are using anti-replay protection then we behave as if
+ * SSL_OP_NO_TICKET is set - we are caching tickets anyway so there
+ * is no point in using full stateless tickets.
+ */
+ if (SSL_IS_TLS13(s)
+ && ((s->options & SSL_OP_NO_TICKET) != 0
+ || (s->max_early_data > 0
+ && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0))) {
+ if (!construct_stateful_ticket(s, pkt, age_add_u.age_add, tick_nonce)) {
+ /* SSLfatal() already called */
+ goto err;
+ }
+ } else if (!construct_stateless_ticket(s, pkt, age_add_u.age_add,
+ tick_nonce)) {
+ /* SSLfatal() already called */
+ goto err;
+ }
+
+ if (SSL_IS_TLS13(s)) {
+ if (!tls_construct_extensions(s, pkt,
+ SSL_EXT_TLS1_3_NEW_SESSION_TICKET,
+ NULL, 0)) {
+ /* SSLfatal() already called */
+ goto err;
+ }
+ /*
+ * Increment both |sent_tickets| and |next_ticket_nonce|. |sent_tickets|
+ * gets reset to 0 if we send more tickets following a post-handshake
+ * auth, but |next_ticket_nonce| does not.
+ */
+ s->sent_tickets++;
+ s->next_ticket_nonce++;
+ ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
+ }
+
+ return 1;
+ err:
+ return 0;
+}
+
+/*
+ * In TLSv1.3 this is called from the extensions code, otherwise it is used to
+ * create a separate message. Returns 1 on success or 0 on failure.
+ */
+int tls_construct_cert_status_body(SSL *s, WPACKET *pkt)
+{
+ if (!WPACKET_put_bytes_u8(pkt, s->ext.status_type)
+ || !WPACKET_sub_memcpy_u24(pkt, s->ext.ocsp.resp,
+ s->ext.ocsp.resp_len)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_STATUS_BODY,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
+ return 1;
+}
+
+int tls_construct_cert_status(SSL *s, WPACKET *pkt)
+{
+ if (!tls_construct_cert_status_body(s, pkt)) {
+ /* SSLfatal() already called */
+ return 0;
+ }
+
+ return 1;
+}
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+/*
+ * tls_process_next_proto reads a Next Protocol Negotiation handshake message.
+ * It sets the next_proto member in s if found
+ */
+MSG_PROCESS_RETURN tls_process_next_proto(SSL *s, PACKET *pkt)
+{
+ PACKET next_proto, padding;
+ size_t next_proto_len;
+
+ /*-
+ * The payload looks like:
+ * uint8 proto_len;
+ * uint8 proto[proto_len];
+ * uint8 padding_len;
+ * uint8 padding[padding_len];
+ */
+ if (!PACKET_get_length_prefixed_1(pkt, &next_proto)
+ || !PACKET_get_length_prefixed_1(pkt, &padding)
+ || PACKET_remaining(pkt) > 0) {
+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_NEXT_PROTO,
+ SSL_R_LENGTH_MISMATCH);
+ return MSG_PROCESS_ERROR;
+ }
+
+ if (!PACKET_memdup(&next_proto, &s->ext.npn, &next_proto_len)) {
+ s->ext.npn_len = 0;
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_NEXT_PROTO,
+ ERR_R_INTERNAL_ERROR);
+ return MSG_PROCESS_ERROR;
+ }
+
+ s->ext.npn_len = (unsigned char)next_proto_len;
+
+ return MSG_PROCESS_CONTINUE_READING;
+}
+#endif
+
+static int tls_construct_encrypted_extensions(SSL *s, WPACKET *pkt)
+{
+ if (!tls_construct_extensions(s, pkt, SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS,
+ NULL, 0)) {
+ /* SSLfatal() already called */
+ return 0;
+ }
+
+ return 1;
+}
+
+MSG_PROCESS_RETURN tls_process_end_of_early_data(SSL *s, PACKET *pkt)
+{
+ if (PACKET_remaining(pkt) != 0) {
+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_END_OF_EARLY_DATA,
+ SSL_R_LENGTH_MISMATCH);
+ return MSG_PROCESS_ERROR;
+ }
+
+ if (s->early_data_state != SSL_EARLY_DATA_READING
+ && s->early_data_state != SSL_EARLY_DATA_READ_RETRY) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_END_OF_EARLY_DATA,
+ ERR_R_INTERNAL_ERROR);
+ return MSG_PROCESS_ERROR;
+ }
+
+ /*
+ * EndOfEarlyData signals a key change so the end of the message must be on
+ * a record boundary.
+ */
+ if (RECORD_LAYER_processed_read_pending(&s->rlayer)) {
+ SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
+ SSL_F_TLS_PROCESS_END_OF_EARLY_DATA,
+ SSL_R_NOT_ON_RECORD_BOUNDARY);
+ return MSG_PROCESS_ERROR;
+ }
+
+ s->early_data_state = SSL_EARLY_DATA_FINISHED_READING;
+ if (!s->method->ssl3_enc->change_cipher_state(s,
+ SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_SERVER_READ)) {
+ /* SSLfatal() already called */
+ return MSG_PROCESS_ERROR;
+ }
+
+ return MSG_PROCESS_CONTINUE_READING;
+}
Index: sources/packages/n/openssl11/patches/README
===================================================================
--- sources/packages/n/openssl11/patches/README (nonexistent)
+++ sources/packages/n/openssl11/patches/README (revision 420)
@@ -0,0 +1,8 @@
+
+/* begin *
+
+ openssl-1.1.1w-CVE-2024-5535.patch - CVE-2023-5678, CVE-2024-0727,
+ CVE-2024-2511, CVE-2024-4741,
+ CVE-2024-5535.
+
+ * end */
Index: sources/packages/n/openssl11/patches
===================================================================
--- sources/packages/n/openssl11/patches (nonexistent)
+++ sources/packages/n/openssl11/patches (revision 420)
Property changes on: sources/packages/n/openssl11/patches
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,74 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.rk358x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: sources/packages/n/openssl11
===================================================================
--- sources/packages/n/openssl11 (nonexistent)
+++ sources/packages/n/openssl11 (revision 420)
Property changes on: sources/packages/n/openssl11
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,74 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.rk358x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Radix cross Linux
The main Radix cross Linux repository contains the build scripts of packages, which have the most complete and common functionality for desktop machines
452 Commits
2 Branches
1 Tag