archive/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2025-08-15 13:48:44 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

deps: upgrade openssl sources to 1.1.0h

Browse source 
This updates all sources in deps/openssl/openssl with openssl-1.1.0h.

Fixes: https://github.com/nodejs/node/issues/4270
PR-URL: https://github.com/nodejs/node/pull/19794
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
This commit is contained in:
Shigeki Ohtsu 2018-03-29 16:39:12 +09:00
parent 38c97f5dc7
commit 66cb29e646
3133 changed files with 305943 additions and 352014 deletions
Download patch file Download diff file Expand all files Collapse all files

3
deps/openssl/openssl/.gitattributes vendored Normal file
View file

@ -0,0 +1,3 @@
*.der binary
/fuzz/corpora/** binary
*.pfx binary

174
deps/openssl/openssl/.gitignore vendored Normal file
View file

@ -0,0 +1,174 @@
# Ignore editor artefacts
/.dir-locals.el
# Top level excludes
/Makefile.orig
/MINFO
/TABLE
/*.a
/*.pc
/rehash.time
/inc.*
/makefile.*
/out.*
/tmp.*
/configdata.pm
# *all* Makefiles
Makefile
# ... except in demos
!/demos/*/Makefile
# Links under apps
/apps/CA.pl
/apps/tsget
/apps/tsget.pl
/apps/md4.c
# Auto generated headers
/crypto/buildinf.h
/apps/progs.h
/crypto/include/internal/*_conf.h
/openssl/include/opensslconf.h
/util/domd
# Executables
/apps/openssl
/test/sha256t
/test/sha512t
/test/gost2814789t
/test/ssltest_old
/test/*test
/test/fips_aesavs
/test/fips_desmovs
/test/fips_dhvs
/test/fips_drbgvs
/test/fips_dssvs
/test/fips_ecdhvs
/test/fips_ecdsavs
/test/fips_rngvs
/test/fips_test_suite
/test/ssltest_old
/test/x509aux
/test/v3ext
# Certain files that get created by tests on the fly
/test/test-runs
/test/buildtest_*
# Fuzz stuff.
# Anything without an extension is an executable on Unix, so we keep files
# with extensions. And we keep the corpora subddir versioned as well.
# Anything more generic with extensions that should be ignored will be taken
# care of by general ignores for those extensions (*.o, *.obj, *.exe, ...)
/fuzz/*
!/fuzz/README*
!/fuzz/corpora
!/fuzz/*.*
# Misc auto generated files
/include/openssl/opensslconf.h
/tools/c_rehash
/tools/c_rehash.pl
/util/shlib_wrap.sh
/tags
/TAGS
/crypto.map
/ssl.map
# Windows (legacy)
/tmp32
/tmp32.dbg
/tmp32dll
/tmp32dll.dbg
/out32
/out32.dbg
/out32dll
/out32dll.dbg
/inc32
/MINFO
/ms/.rnd
/ms/bcb.mak
/ms/libeay32.def
/ms/nt.mak
/ms/ntdll.mak
/ms/ssleay32.def
/ms/version32.rc
# Files created on other branches that are not held in git, and are not
# needed on this branch
/include/openssl/asn1_mac.h
/include/openssl/des_old.h
/include/openssl/fips.h
/include/openssl/fips_rand.h
/include/openssl/krb5_asn.h
/include/openssl/kssl.h
/include/openssl/pq_compat.h
/include/openssl/ssl23.h
/include/openssl/tmdiff.h
/include/openssl/ui_compat.h
/test/fips_aesavs.c
/test/fips_desmovs.c
/test/fips_dsatest.c
/test/fips_dssvs.c
/test/fips_hmactest.c
/test/fips_randtest.c
/test/fips_rngvs.c
/test/fips_rsagtest.c
/test/fips_rsastest.c
/test/fips_rsavtest.c
/test/fips_shatest.c
/test/fips_test_suite.c
/test/shatest.c
##### Generic patterns
# Auto generated assembly language source files
*.s
!/crypto/*/asm/*.s
/crypto/arm*.S
/crypto/*/*.S
*.asm
!/crypto/*/asm/*.asm
# Object files
*.o
*.obj
# editor artefacts
*.swp
.#*
\#*#
*~
# Certificate symbolic links
*.0
# All kinds of executables
*.so
*.so.*
*.dylib
*.dylib.*
*.dll
*.dll.*
*.exe
*.pyc
*.exp
*.lib
*.pdb
*.ilk
*.def
*.rc
*.res
# Misc generated stuff
Makefile.save
/crypto/**/lib
/engines/**/lib
/ssl/**/lib
*.bak
cscope.*
*.d
pod2htmd.tmp
# Windows manifest files
*.manifest

15
deps/openssl/openssl/.travis-apt-pin.preferences vendored Normal file
View file

@ -0,0 +1,15 @@
Package: clang-3.9
Pin: release o=Ubuntu
Pin-Priority: -1
Package: libclang-common-3.9-dev
Pin: release o=Ubuntu
Pin-Priority: -1
Package: libclang1-3.9
Pin: release o=Ubuntu
Pin-Priority: -1
Package: libllvm3.9v4
Pin: release o=Ubuntu
Pin-Priority: -1

11
deps/openssl/openssl/.travis-create-release.sh vendored Normal file
View file

@ -0,0 +1,11 @@
#! /bin/sh
# $1 is expected to be $TRAVIS_OS_NAME
./Configure dist
if [ "$1" == osx ]; then
make NAME='_srcdist' TARFILE='_srcdist.tar' \
TAR_COMMAND='$(TAR) $(TARFLAGS) -cvf -' tar
else
make TARFILE='_srcdist.tar' NAME='_srcdist' dist
fi

204
deps/openssl/openssl/.travis.yml vendored Normal file
View file

@ -0,0 +1,204 @@
dist: trusty
sudo: required
language: c
cache: ccache
before_install:
- if [ -n "$COVERALLS" ]; then
pip install --user cpp-coveralls;
fi;
addons:
apt:
packages:
- ccache
os:
- linux
compiler:
- clang
- gcc
env:
- CONFIG_OPTS="" DESTDIR="_install"
- CONFIG_OPTS="--debug no-shared enable-crypto-mdebug enable-rc5 enable-md2"
- CONFIG_OPTS="no-pic --strict-warnings" BUILDONLY="yes"
- CONFIG_OPTS="no-engine no-shared --strict-warnings" BUILDONLY="yes"
- CONFIG_OPTS="no-stdio --strict-warnings" BUILDONLY="yes"
- CONFIG_OPTS="no-ec" BUILDONLY="yes"
- CONFIG_OPTS="no-asm --strict-warnings" BUILDONLY="yes" CHECKDOCS="yes"
matrix:
include:
- os: linux
compiler: clang-3.9
env: CONFIG_OPTS="--strict-warnings no-deprecated" BUILDONLY="yes"
- os: linux
compiler: gcc
env: CONFIG_OPTS="--debug --coverage no-asm enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers" COVERALLS="yes"
- os: linux
compiler: clang-3.9
env: CONFIG_OPTS="enable-asan"
- os: linux
compiler: clang-3.9
env: CONFIG_OPTS="enable-msan"
- os: linux
compiler: clang-3.9
env: CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method -fno-sanitize=alignment"
- os: linux
compiler: clang-3.9
env: CONFIG_OPTS="no-asm enable-asan enable-rc5 enable-md2"
- os: linux
compiler: clang-3.9
env: CONFIG_OPTS="no-stdio"
- os: linux
addons:
apt:
packages:
- gcc-5
sources:
- ubuntu-toolchain-r-test
compiler: gcc-5
env: CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 -DPEDANTIC"
- os: linux
addons:
apt:
packages:
- binutils-mingw-w64
- gcc-mingw-w64
compiler: i686-w64-mingw32-gcc
env: CONFIG_OPTS="no-pic" TESTS="-test_fuzz"
- os: linux
addons:
apt:
packages:
- binutils-mingw-w64
- gcc-mingw-w64
compiler: i686-w64-mingw32-gcc
env: CONFIG_OPTS="no-stdio" BUILDONLY="yes"
- os: linux
addons:
apt:
packages:
- binutils-mingw-w64
- gcc-mingw-w64
compiler: x86_64-w64-mingw32-gcc
env: CONFIG_OPTS="no-pic" TESTS="-test_fuzz"
- os: linux
addons:
apt:
packages:
- binutils-mingw-w64
- gcc-mingw-w64
compiler: x86_64-w64-mingw32-gcc
env: CONFIG_OPTS="no-stdio" BUILDONLY="yes"
exclude:
- os: linux
compiler: clang
- os: osx
compiler: gcc
before_script:
- if [ -n "$DESTDIR" ]; then
sh .travis-create-release.sh $TRAVIS_OS_NAME;
tar -xvzf _srcdist.tar.gz;
mkdir _build;
cd _build;
srcdir=../_srcdist;
top=..;
else
srcdir=.;
top=.;
fi
- if [ "$CC" == i686-w64-mingw32-gcc ]; then
export CROSS_COMPILE=${CC%%gcc}; unset CC;
$srcdir/Configure mingw $CONFIG_OPTS -Wno-pedantic-ms-format;
elif [ "$CC" == x86_64-w64-mingw32-gcc ]; then
export CROSS_COMPILE=${CC%%gcc}; unset CC;
$srcdir/Configure mingw64 $CONFIG_OPTS -Wno-pedantic-ms-format;
else
if [ "$CC" == clang-3.9 ]; then
sudo cp .travis-apt-pin.preferences /etc/apt/preferences.d/no-ubuntu-clang;
curl -sSL "http://apt.llvm.org/llvm-snapshot.gpg.key" | sudo -E apt-key add -;
echo "deb http://apt.llvm.org/trusty/ llvm-toolchain-trusty-3.9 main" | sudo tee -a /etc/apt/sources.list > /dev/null;
sudo -E apt-add-repository -y "ppa:ubuntu-toolchain-r/test";
sudo -E apt-get -yq update;
sudo -E apt-get -yq --no-install-suggests --no-install-recommends --force-yes install clang-3.9;
elif which ccache >/dev/null; then
CC="ccache $CC";
fi;
$srcdir/config -v $CONFIG_OPTS;
fi
- if [ -z "$BUILDONLY" ]; then
if [ -n "$CROSS_COMPILE" ]; then
if [ "$TRAVIS_OS_NAME" == "linux" ]; then
sudo dpkg --add-architecture i386;
sudo apt-get update;
fi;
fi;
fi
- cd $top
script:
- if [ -z "$BUILDONLY" ]; then
make="make -s";
else
make="make";
fi
- if [ -n "$DESTDIR" ]; then
cd _build;
top=..;
else
top=.;
fi
- if $make update; then
echo -e '+\057 MAKE UPDATE OK';
else
echo -e '+\057 MAKE UPDATE FAILED'; false;
fi;
git diff --exit-code
- if [ -n "$CHECKDOCS" ]; then
if $make doc-nits; then
echo -e '+\057\057 MAKE DOC-NITS OK';
else
echo -e '+\057\057 MAKE DOC-NITS FAILED'; false;
fi;
fi
- if $make ; then
echo -e '+\057\057\057 MAKE OK';
else
echo -e '+\057\057\057 MAKE FAILED'; false;
fi;
- if [ -z "$BUILDONLY" ]; then
if [ -n "$CROSS_COMPILE" ]; then
sudo apt-get -yq install wine;
export EXE_SHELL="wine" WINEPREFIX=`pwd`;
fi;
HARNESS_VERBOSE=yes make test;
else
if $make build_tests; then
echo -e '+\057\057\075 MAKE BUILD_TESTS OK';
else
echo -e '+\057\057\075 MAKE BUILD_TESTS FAILEd'; false;
fi;
fi
- if [ -n "$DESTDIR" ]; then
mkdir "../$DESTDIR";
if $make install install_docs DESTDIR="../$DESTDIR"; then
echo -e '+\057\057\057\057\057 MAKE INSTALL_DOCS OK';
else
echo -e '+\057\057\057\057\057 MAKE INSTALL_DOCS FAILED'; false;
fi;
fi
- cd $top
after_success:
- if [ -n "$COVERALLS" ]; then
coveralls -b . --gcov-options '\-lp';
fi;
notifications:
email:
secure: "xeGNgWO7aoaDgRvcZubposqMsj36aU8c6F0oHfw+rUqltCQ14IgYCUwzocmR2O+Pa7B3Cx5VjMfBFHbQaajZsfod8vu7g+aGq/zkjwbhsr/SR4dljJjFJXLGZjIalm9KgP6KInmVDuINfCqP+MHIY5lZkNI7DMcyHDhVc5nSKvCXV7xTDNgmstvh8rB/z51WfHDqGqfBtiuK5FDNxmvYK8OFJ5W94Lu9LDlizcxwK3GAj7arOui7Z5w8bQ6p4seUE3IvJL1Zbj0pZHxvNb6Zeb2Pn8QF1qLlN8YmBktD4aiw0ce4wYRiL87uLgcOxZY7SVXtv2XYFIYWapU/FKjCqa6vK93V/H9eZWEIYNMKnN3wXm2beqVdnKek3OeGJ8v0y7MbSfuLfRtBqbTSNYnpU1Zuo4MQAvHvEPuwCAYkYQajOSRplMH5sULFKptuVqNtOMfjL8jHb8AEoL1acYIk43ydxeYrzzas4fqgCDJ52573/u0RNdF1lkQBLkuM365OB8VRqtpnoxcdEIY/qBc/8TzZ24fxyrs5qdHFcxGSgpN2EP6cJMqpvkemnCNSdhxUqfzm22N7a3O8+4LFSBGOnHto/PwdsvF/01yGYL0LoZTnoO1i6x7AMJPBh+eyDU0ZjGhj/msjmqeb9C8vRqQ+1WjHrIS1iqCD0Czib8tUPD4="

0
deps/openssl/openssl/ACKNOWLEDGMENTS → deps/openssl/openssl/ACKNOWLEDGEMENTS vendored
View file

21
deps/openssl/openssl/AUTHORS vendored Normal file
View file

@ -0,0 +1,21 @@
Andy Polyakov
Ben Laurie
Bodo Möller
Emilia Käsper
Eric Young
Geoff Thorpe
Holger Reif
Kurt Roeckx
Lutz Jänicke
Mark J. Cox
Matt Caswell
Nils Larsch
Paul C. Sutton
Ralf S. Engelschall
Rich Salz
Richard Levitte
Stephen Henson
Steve Marquess
Tim Hudson
Ulf Möller
Viktor Dukhovni

1551
deps/openssl/openssl/CHANGES vendored
View file

File diff suppressed because it is too large Load diff

968
deps/openssl/openssl/CHANGES.SSLeay vendored
View file

@ -1,968 +0,0 @@
This file contains the changes for the SSLeay library up to version
0.9.0b. For later changes, see the file "CHANGES".
SSLeay CHANGES
______________
Changes between 0.8.x and 0.9.0b
10-Apr-1998
I said the next version would go out at easter, and so it shall.
I expect a 0.9.1 will follow with portability fixes in the next few weeks.
This is a quick, meet the deadline. Look to ssl-users for comments on what
is new etc.
eric (about to go bushwalking for the 4 day easter break :-)
16-Mar-98
- Patch for Cray T90 from Wayne Schroeder <schroede@SDSC.EDU>
- Lots and lots of changes
29-Jan-98
- ASN1_BIT_STRING_set_bit()/ASN1_BIT_STRING_get_bit() from
Goetz Babin-Ebell <babinebell@trustcenter.de>.
- SSL_version() now returns SSL2_VERSION, SSL3_VERSION or
TLS1_VERSION.
7-Jan-98
- Finally reworked the cipher string to ciphers again, so it
works correctly
- All the app_data stuff is now ex_data with funcion calls to access.
The index is supplied by a function and 'methods' can be setup
for the types that are called on XXX_new/XXX_free. This lets
applications get notified on creation and destruction. Some of
the RSA methods could be implemented this way and I may do so.
- Oh yes, SSL under perl5 is working at the basic level.
15-Dec-97
- Warning - the gethostbyname cache is not fully thread safe,
but it should work well enough.
- Major internal reworking of the app_data stuff. More functions
but if you were accessing ->app_data directly, things will
stop working.
- The perlv5 stuff is working. Currently on message digests,
ciphers and the bignum library.
9-Dec-97
- Modified re-negotiation so that server initated re-neg
will cause a SSL_read() to return -1 should retry.
The danger otherwise was that the server and the
client could end up both trying to read when using non-blocking
sockets.
4-Dec-97
- Lots of small changes
- Fix for binaray mode in Windows for the FILE BIO, thanks to
Bob Denny <rdenny@dc3.com>
17-Nov-97
- Quite a few internal cleanups, (removal of errno, and using macros
defined in e_os.h).
- A bug in ca.c, pointed out by yasuyuki-ito@d-cruise.co.jp, where
the automactic naming out output files was being stuffed up.
29-Oct-97
- The Cast5 cipher has been added. MD5 and SHA-1 are now in assember
for x86.
21-Oct-97
- Fixed a bug in the BIO_gethostbyname() cache.
15-Oct-97
- cbc mode for blowfish/des/3des is now in assember. Blowfish asm
has also been improved. At this point in time, on the pentium,
md5 is %80 faster, the unoptimesed sha-1 is %79 faster,
des-cbc is %28 faster, des-ede3-cbc is %9 faster and blowfish-cbc
is %62 faster.
12-Oct-97
- MEM_BUF_grow() has been fixed so that it always sets the buf->length
to the value we are 'growing' to. Think of MEM_BUF_grow() as the
way to set the length value correctly.
10-Oct-97
- I now hash for certificate lookup on the raw DER encoded RDN (md5).
This breaks things again :-(. This is efficent since I cache
the DER encoding of the RDN.
- The text DN now puts in the numeric OID instead of UNKNOWN.
- req can now process arbitary OIDs in the config file.
- I've been implementing md5 in x86 asm, much faster :-).
- Started sha1 in x86 asm, needs more work.
- Quite a few speedups in the BN stuff. RSA public operation
has been made faster by caching the BN_MONT_CTX structure.
The calulating of the Ai where A*Ai === 1 mod m was rather
expensive. Basically a 40-50% speedup on public operations.
The RSA speedup is now 15% on pentiums and %20 on pentium
pro.
30-Sep-97
- After doing some profiling, I added x86 adm for bn_add_words(),
which just adds 2 arrays of longs together. A %10 speedup
for 512 and 1024 bit RSA on the pentium pro.
29-Sep-97
- Converted the x86 bignum assembler to us the perl scripts
for generation.
23-Sep-97
- If SSL_set_session() is passed a NULL session, it now clears the
current session-id.
22-Sep-97
- Added a '-ss_cert file' to apps/ca.c. This will sign selfsigned
certificates.
- Bug in crypto/evp/encode.c where by decoding of 65 base64
encoded lines, one line at a time (via a memory BIO) would report
EOF after the first line was decoded.
- Fix in X509_find_by_issuer_and_serial() from
Dr Stephen Henson <shenson@bigfoot.com>
19-Sep-97
- NO_FP_API and NO_STDIO added.
- Put in sh config command. It auto runs Configure with the correct
parameters.
18-Sep-97
- Fix x509.c so if a DSA cert has different parameters to its parent,
they are left in place. Not tested yet.
16-Sep-97
- ssl_create_cipher_list() had some bugs, fixes from
Patrick Eisenacher <eisenach@stud.uni-frankfurt.de>
- Fixed a bug in the Base64 BIO, where it would return 1 instead
of -1 when end of input was encountered but should retry.
Basically a Base64/Memory BIO interaction problem.
- Added a HMAC set of functions in preporarion for TLS work.
15-Sep-97
- Top level makefile tweak - Cameron Simpson <cs@zip.com.au>
- Prime generation spead up %25 (512 bit prime, pentium pro linux)
by using montgomery multiplication in the prime number test.
11-Sep-97
- Ugly bug in ssl3_write_bytes(). Basically if application land
does a SSL_write(ssl,buf,len) where len > 16k, the SSLv3 write code
did not check the size and tried to copy the entire buffer.
This would tend to cause memory overwrites since SSLv3 has
a maximum packet size of 16k. If your program uses
buffers <= 16k, you would probably never see this problem.
- Fixed a few errors that were cause by malloc() not returning
0 initialised memory..
- SSL_OP_NETSCAPE_CA_DN_BUG was being switched on when using
SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); which was a bad thing
since this flags stops SSLeay being able to handle client
cert requests correctly.
08-Sep-97
- SSL_SESS_CACHE_NO_INTERNAL_LOOKUP option added. When switched
on, the SSL server routines will not use a SSL_SESSION that is
held in it's cache. This in intended to be used with the session-id
callbacks so that while the session-ids are still stored in the
cache, the decision to use them and how to look them up can be
done by the callbacks. The are the 'new', 'get' and 'remove'
callbacks. This can be used to determine the session-id
to use depending on information like which port/host the connection
is coming from. Since the are also SSL_SESSION_set_app_data() and
SSL_SESSION_get_app_data() functions, the application can hold
information against the session-id as well.
03-Sep-97
- Added lookup of CRLs to the by_dir method,
X509_load_crl_file() also added. Basically it means you can
lookup CRLs via the same system used to lookup certificates.
- Changed things so that the X509_NAME structure can contain
ASN.1 BIT_STRINGS which is required for the unique
identifier OID.
- Fixed some problems with the auto flushing of the session-id
cache. It was not occuring on the server side.
02-Sep-97
- Added SSL_CTX_sess_cache_size(SSL_CTX *ctx,unsigned long size)
which is the maximum number of entries allowed in the
session-id cache. This is enforced with a simple FIFO list.
The default size is 20*1024 entries which is rather large :-).
The Timeout code is still always operating.
01-Sep-97
- Added an argument to all the 'generate private key/prime`
callbacks. It is the last parameter so this should not
break existing code but it is needed for C++.
- Added the BIO_FLAGS_BASE64_NO_NL flag for the BIO_f_base64()
BIO. This lets the BIO read and write base64 encoded data
without inserting or looking for '\n' characters. The '-A'
flag turns this on when using apps/enc.c.
- RSA_NO_PADDING added to help BSAFE functionality. This is a
very dangerous thing to use, since RSA private key
operations without random padding bytes (as PKCS#1 adds) can
be attacked such that the private key can be revealed.
- ASN.1 bug and rc2-40-cbc and rc4-40 added by
Dr Stephen Henson <shenson@bigfoot.com>
31-Aug-97 (stuff added while I was away)
- Linux pthreads by Tim Hudson (tjh@cryptsoft.com).
- RSA_flags() added allowing bypass of pub/priv match check
in ssl/ssl_rsa.c - Tim Hudson.
- A few minor bugs.
SSLeay 0.8.1 released.
19-Jul-97
- Server side initated dynamic renegotiation is broken. I will fix
it when I get back from holidays.
15-Jul-97
- Quite a few small changes.
- INVALID_SOCKET usage cleanups from Alex Kiernan <alex@hisoft.co.uk>
09-Jul-97
- Added 2 new values to the SSL info callback.
SSL_CB_START which is passed when the SSL protocol is started
and SSL_CB_DONE when it has finished sucsessfully.
08-Jul-97
- Fixed a few bugs problems in apps/req.c and crypto/asn1/x_pkey.c
that related to DSA public/private keys.
- Added all the relevent PEM and normal IO functions to support
reading and writing RSAPublic keys.
- Changed makefiles to use ${AR} instead of 'ar r'
07-Jul-97
- Error in ERR_remove_state() that would leave a dangling reference
to a free()ed location - thanks to Alex Kiernan <alex@hisoft.co.uk>
- s_client now prints the X509_NAMEs passed from the server
when requesting a client cert.
- Added a ssl->type, which is one of SSL_ST_CONNECT or
SSL_ST_ACCEPT. I had to add it so I could tell if I was
a connect or an accept after the handshake had finished.
- SSL_get_client_CA_list(SSL *s) now returns the CA names
passed by the server if called by a client side SSL.
05-Jul-97
- Bug in X509_NAME_get_text_by_OBJ(), looking starting at index
0, not -1 :-( Fix from Tim Hudson (tjh@cryptsoft.com).
04-Jul-97
- Fixed some things in X509_NAME_add_entry(), thanks to
Matthew Donald <matthew@world.net>.
- I had a look at the cipher section and though that it was a
bit confused, so I've changed it.
- I was not setting up the RC4-64-MD5 cipher correctly. It is
a MS special that appears in exported MS Money.
- Error in all my DH ciphers. Section 7.6.7.3 of the SSLv3
spec. I was missing the two byte length header for the
ClientDiffieHellmanPublic value. This is a packet sent from
the client to the server. The SSL_OP_SSLEAY_080_CLIENT_DH_BUG
option will enable SSLeay server side SSLv3 accept either
the correct or my 080 packet format.
- Fixed a few typos in crypto/pem.org.
02-Jul-97
- Alias mapping for EVP_get_(digest|cipher)byname is now
performed before a lookup for actual cipher. This means
that an alias can be used to 're-direct' a cipher or a
digest.
- ASN1_read_bio() had a bug that only showed up when using a
memory BIO. When EOF is reached in the memory BIO, it is
reported as a -1 with BIO_should_retry() set to true.
01-Jul-97
- Fixed an error in X509_verify_cert() caused by my
miss-understanding how 'do { contine } while(0);' works.
Thanks to Emil Sit <sit@mit.edu> for educating me :-)
30-Jun-97
- Base64 decoding error. If the last data line did not end with
a '=', sometimes extra data would be returned.
- Another 'cut and paste' bug in x509.c related to setting up the
STDout BIO.
27-Jun-97
- apps/ciphers.c was not printing due to an editing error.
- Alex Kiernan <alex@hisoft.co.uk> send in a nice fix for
a library build error in util/mk1mf.pl
26-Jun-97
- Still did not have the auto 'experimental' code removal
script correct.
- A few header tweaks for Watcom 11.0 under Win32 from
Rolf Lindemann <Lindemann@maz-hh.de>
- 0 length OCTET_STRING bug in asn1_parse
- A minor fix with an non-existent function in the MS .def files.
- A few changes to the PKCS7 stuff.
25-Jun-97
SSLeay 0.8.0 finally it gets released.
24-Jun-97
Added a SSL_OP_EPHEMERAL_RSA option which causes all SSLv3 RSA keys to
use a temporary RSA key. This is experimental and needs some more work.
Fixed a few Win16 build problems.
23-Jun-97
SSLv3 bug. I was not doing the 'lookup' of the CERT structure
correctly. I was taking the SSL->ctx->default_cert when I should
have been using SSL->cert. The bug was in ssl/s3_srvr.c
20-Jun-97
X509_ATTRIBUTES were being encoded wrongly by apps/reg.c and the
rest of the library. Even though I had the code required to do
it correctly, apps/req.c was doing the wrong thing. I have fixed
and tested everything.
Missing a few #ifdef FIONBIO sections in crypto/bio/bss_acpt.c.
19-Jun-97
Fixed a bug in the SSLv2 server side first packet handling. When
using the non-blocking test BIO, the ssl->s2->first_packet flag
was being reset when a would-block failure occurred when reading
the first 5 bytes of the first packet. This caused the checking
logic to run at the wrong time and cause an error.
Fixed a problem with specifying cipher. If RC4-MD5 were used,
only the SSLv3 version would be picked up. Now this will pick
up both SSLv2 and SSLv3 versions. This required changing the
SSL_CIPHER->mask values so that they only mask the ciphers,
digests, authentication, export type and key-exchange algorithms.
I found that when a SSLv23 session is established, a reused
session, of type SSLv3 was attempting to write the SSLv2
ciphers, which were invalid. The SSL_METHOD->put_cipher_by_char
method has been modified so it will only write out cipher which
that method knows about.
Changes between 0.8.0 and 0.8.1
*) Mostly bug fixes.
There is an Ephemeral DH cipher problem which is fixed.
SSLeay 0.8.0
This version of SSLeay has quite a lot of things different from the
previous version.
Basically check all callback parameters, I will be producing documentation
about how to use things in th future. Currently I'm just getting 080 out
the door. Please not that there are several ways to do everything, and
most of the applications in the apps directory are hybrids, some using old
methods and some using new methods.
Have a look in demos/bio for some very simple programs and
apps/s_client.c and apps/s_server.c for some more advanced versions.
Notes are definitly needed but they are a week or so away.
Anyway, some quick nots from Tim Hudson (tjh@cryptsoft.com)
---
Quick porting notes for moving from SSLeay-0.6.x to SSLeay-0.8.x to
get those people that want to move to using the new code base off to
a quick start.
Note that Eric has tidied up a lot of the areas of the API that were
less than desirable and renamed quite a few things (as he had to break
the API in lots of places anyrate). There are a whole pile of additional
functions for making dealing with (and creating) certificates a lot
cleaner.
01-Jul-97
Tim Hudson
tjh@cryptsoft.com
---8<---
To maintain code that uses both SSLeay-0.6.x and SSLeay-0.8.x you could
use something like the following (assuming you #include "crypto.h" which
is something that you really should be doing).
#if SSLEAY_VERSION_NUMBER >= 0x0800
#define SSLEAY8
#endif
buffer.h -> splits into buffer.h and bio.h so you need to include bio.h
too if you are working with BIO internal stuff (as distinct
from simply using the interface in an opaque manner)
#include "bio.h" - required along with "buffer.h" if you write
your own BIO routines as the buffer and bio
stuff that was intermixed has been separated
out
envelope.h -> evp.h (which should have been done ages ago)
Initialisation ... don't forget these or you end up with code that
is missing the bits required to do useful things (like ciphers):
SSLeay_add_ssl_algorithms()
(probably also want SSL_load_error_strings() too but you should have
already had that call in place)
SSL_CTX_new() - requires an extra method parameter
SSL_CTX_new(SSLv23_method())
SSL_CTX_new(SSLv2_method())
SSL_CTX_new(SSLv3_method())
OR to only have the server or the client code
SSL_CTX_new(SSLv23_server_method())
SSL_CTX_new(SSLv2_server_method())
SSL_CTX_new(SSLv3_server_method())
or
SSL_CTX_new(SSLv23_client_method())
SSL_CTX_new(SSLv2_client_method())
SSL_CTX_new(SSLv3_client_method())
SSL_set_default_verify_paths() ... renamed to the more appropriate
SSL_CTX_set_default_verify_paths()
If you want to use client certificates then you have to add in a bit
of extra stuff in that a SSLv3 server sends a list of those CAs that
it will accept certificates from ... so you have to provide a list to
SSLeay otherwise certain browsers will not send client certs.
SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file));
X509_NAME_oneline(X) -> X509_NAME_oneline(X,NULL,0)
or provide a buffer and size to copy the
result into
X509_add_cert -> X509_STORE_add_cert (and you might want to read the
notes on X509_NAME structure changes too)
VERIFICATION CODE
=================
The codes have all be renamed from VERIFY_ERR_* to X509_V_ERR_* to
more accurately reflect things.
The verification callback args are now packaged differently so that
extra fields for verification can be added easily in future without
having to break things by adding extra parameters each release :-)
X509_cert_verify_error_string -> X509_verify_cert_error_string
BIO INTERNALS
=============
Eric has fixed things so that extra flags can be introduced in
the BIO layer in future without having to play with all the BIO
modules by adding in some macros.
The ugly stuff using
b->flags ~= (BIO_FLAGS_RW|BIO_FLAGS_SHOULD_RETRY)
becomes
BIO_clear_retry_flags(b)
b->flags |= (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)
becomes
BIO_set_retry_read(b)
Also ... BIO_get_retry_flags(b), BIO_set_flags(b)
OTHER THINGS
============
X509_NAME has been altered so that it isn't just a STACK ... the STACK
is now in the "entries" field ... and there are a pile of nice functions
for getting at the details in a much cleaner manner.
SSL_CTX has been altered ... "cert" is no longer a direct member of this
structure ... things are now down under "cert_store" (see x509_vfy.h) and
things are no longer in a CERTIFICATE_CTX but instead in a X509_STORE.
If your code "knows" about this level of detail then it will need some
surgery.
If you depending on the incorrect spelling of a number of the error codes
then you will have to change your code as these have been fixed.
ENV_CIPHER "type" got renamed to "nid" and as that is what it actually
has been all along so this makes things clearer.
ify_cert_error_string(ctx->error));
SSL_R_NO_CIPHER_WE_TRUST -> SSL_R_NO_CIPHER_LIST
and SSL_R_REUSE_CIPHER_LIST_NOT_ZERO
Changes between 0.7.x and 0.8.0
*) There have been lots of changes, mostly the addition of SSLv3.
There have been many additions from people and amongst
others, C2Net has assisted greatly.
Changes between 0.7.x and 0.7.x
*) Internal development version only
SSLeay 0.6.6 13-Jan-1997
The main additions are
- assember for x86 DES improvments.
From 191,000 per second on a pentium 100, I now get 281,000. The inner
loop and the IP/FP modifications are from
Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>. Many thanks for his
contribution.
- The 'DES macros' introduced in 0.6.5 now have 3 types.
DES_PTR1, DES_PTR2 and 'normal'. As per before, des_opts reports which
is best and there is a summery of mine in crypto/des/options.txt
- A few bug fixes.
- Added blowfish. It is not used by SSL but all the other stuff that
deals with ciphers can use it in either ecb, cbc, cfb64 or ofb64 modes.
There are 3 options for optimising Blowfish. BF_PTR, BF_PTR2 and 'normal'.
BF_PTR2 is pentium/x86 specific. The correct option is setup in
the 'Configure' script.
- There is now a 'get client certificate' callback which can be
'non-blocking'. If more details are required, let me know. It will
documented more in SSLv3 when I finish it.
- Bug fixes from 0.6.5 including the infamous 'ca' bug. The 'make test'
now tests the ca program.
- Lots of little things modified and tweaked.
SSLeay 0.6.5
After quite some time (3 months), the new release. I have been very busy
for the last few months and so this is mostly bug fixes and improvments.
The main additions are
- assember for x86 DES. For all those gcc based systems, this is a big
improvement. From 117,000 DES operation a second on a pentium 100,
I now get 191,000. I have also reworked the C version so it
now gives 148,000 DESs per second.
- As mentioned above, the inner DES macros now have some more variant that
sometimes help, sometimes hinder performance. There are now 3 options
DES_PTR (ptr vs array lookup), DES_UNROLL (full vs partial loop unrolling)
and DES_RISC (a more register intensive version of the inner macro).
The crypto/des/des_opts.c program, when compiled and run, will give
an indication of the correct options to use.
- The BIO stuff has been improved. Read doc/bio.doc. There are now
modules for encryption and base64 encoding and a BIO_printf() function.
- The CA program will accept simple one line X509v3 extensions in the
ssleay.cnf file. Have a look at the example. Currently this just
puts the text into the certificate as an OCTET_STRING so currently
the more advanced X509v3 data types are not handled but this is enough
for the netscape extensions.
- There is the start of a nicer higher level interface to the X509
strucutre.
- Quite a lot of bug fixes.
- CRYPTO_malloc_init() (or CRYPTO_set_mem_functions()) can be used
to define the malloc(), free() and realloc() routines to use
(look in crypto/crypto.h). This is mostly needed for Windows NT/95 when
using DLLs and mixing CRT libraries.
In general, read the 'VERSION' file for changes and be aware that some of
the new stuff may not have been tested quite enough yet, so don't just plonk
in SSLeay 0.6.5 when 0.6.4 used to work and expect nothing to break.
SSLeay 0.6.4 30/08/96 eay
I've just finished some test builds on Windows NT, Windows 3.1, Solaris 2.3,
Solaris 2.5, Linux, IRIX, HPUX 10 and everthing seems to work :-).
The main changes in this release
- Thread safe. have a read of doc/threads.doc and play in the mt directory.
For anyone using 0.6.3 with threads, I found 2 major errors so consider
moving to 0.6.4. I have a test program that builds under NT and
solaris.
- The get session-id callback has changed. Have a read of doc/callback.doc.
- The X509_cert_verify callback (the SSL_verify callback) now
has another argument. Have a read of doc/callback.doc
- 'ca -preserve', sign without re-ordering the DN. Not tested much.
- VMS support.
- Compile time memory leak detection can now be built into SSLeay.
Read doc/memory.doc
- CONF routines now understand '\', '\n', '\r' etc. What this means is that
the SPKAC object mentioned in doc/ns-ca.doc can be on multiple lines.
- 'ssleay ciphers' added, lists the default cipher list for SSLeay.
- RC2 key setup is now compatable with Netscape.
- Modifed server side of SSL implementation, big performance difference when
using session-id reuse.
0.6.3
Bug fixes and the addition of some nice stuff to the 'ca' program.
Have a read of doc/ns-ca.doc for how hit has been modified so
it can be driven from a CGI script. The CGI script is not provided,
but that is just being left as an excersize for the reader :-).
0.6.2
This is most bug fixes and functionality improvements.
Additions are
- More thread debugging patches, the thread stuff is still being
tested, but for those keep to play with stuff, have a look in
crypto/cryptlib.c. The application needs to define 1 (or optionaly
a second) callback that is used to implement locking. Compiling
with LOCK_DEBUG spits out lots of locking crud :-).
This is what I'm currently working on.
- SSL_CTX_set_default_passwd_cb() can be used to define the callback
function used in the SSL*_file() functions used to load keys. I was
always of the opinion that people should call
PEM_read_RSAPrivateKey() and pass the callback they want to use, but
it appears they just want to use the SSL_*_file() function() :-(.
- 'enc' now has a -kfile so a key can be read from a file. This is
mostly used so that the passwd does not appear when using 'ps',
which appears imposible to stop under solaris.
- X509v3 certificates now work correctly. I even have more examples
in my tests :-). There is now a X509_EXTENSION type that is used in
X509v3 certificates and CRLv2.
- Fixed that signature type error :-(
- Fixed quite a few potential memory leaks and problems when reusing
X509, CRL and REQ structures.
- EVP_set_pw_prompt() now sets the library wide default password
prompt.
- The 'pkcs7' command will now, given the -print_certs flag, output in
pem format, all certificates and CRL contained within. This is more
of a pre-emtive thing for the new verisign distribution method. I
should also note, that this also gives and example in code, of how
to do this :-), or for that matter, what is involved in going the
other way (list of certs and crl -> pkcs7).
- Added RSA's DESX to the DES library. It is also available via the
EVP_desx_cbc() method and via 'enc desx'.
SSLeay 0.6.1
The main functional changes since 0.6.0 are as follows
- Bad news, the Microsoft 060 DLL's are not compatable, but the good news is
that from now on, I'll keep the .def numbers the same so they will be.
- RSA private key operations are about 2 times faster that 0.6.0
- The SSL_CTX now has more fields so default values can be put against
it. When an SSL structure is created, these default values are used
but can be overwritten. There are defaults for cipher, certificate,
private key, verify mode and callback. This means SSL session
creation can now be
ssl=SSL_new()
SSL_set_fd(ssl,sock);
SSL_accept(ssl)
....
All the other uglyness with having to keep a global copy of the
private key and certificate/verify mode in the server is now gone.
- ssl/ssltest.c - one process talking SSL to its self for testing.
- Storage of Session-id's can be controled via a session_cache_mode
flag. There is also now an automatic default flushing of
old session-id's.
- The X509_cert_verify() function now has another parameter, this
should not effect most people but it now means that the reason for
the failure to verify is now available via SSL_get_verify_result(ssl).
You don't have to use a global variable.
- SSL_get_app_data() and SSL_set_app_data() can be used to keep some
application data against the SSL structure. It is upto the application
to free the data. I don't use it, but it is available.
- SSL_CTX_set_cert_verify_callback() can be used to specify a
verify callback function that completly replaces my certificate
verification code. Xcert should be able to use this :-).
The callback is of the form int app_verify_callback(arg,ssl,cert).
This needs to be documented more.
- I have started playing with shared library builds, have a look in
the shlib directory. It is very simple. If you need a numbered
list of functions, have a look at misc/crypto.num and misc/ssl.num.
- There is some stuff to do locking to make the library thread safe.
I have only started this stuff and have not finished. If anyone is
keen to do so, please send me the patches when finished.
So I have finally made most of the additions to the SSL interface that
I thought were needed.
There will probably be a pause before I make any non-bug/documentation
related changes to SSLeay since I'm feeling like a bit of a break.
eric - 12 Jul 1996
I saw recently a comment by some-one that we now seem to be entering
the age of perpetual Beta software.
Pioneered by packages like linux but refined to an art form by
netscape.
I too wish to join this trend with the anouncement of SSLeay 0.6.0 :-).
There are quite a large number of sections that are 'works in
progress' in this package. I will also list the major changes and
what files you should read.
BIO - this is the new IO structure being used everywhere in SSLeay. I
started out developing this because of microsoft, I wanted a mechanism
to callback to the application for all IO, so Windows 3.1 DLL
perversion could be hidden from me and the 15 different ways to write
to a file under NT would also not be dictated by me at library build
time. What the 'package' is is an API for a data structure containing
functions. IO interfaces can be written to conform to the
specification. This in not intended to hide the underlying data type
from the application, but to hide it from SSLeay :-).
I have only really finished testing the FILE * and socket/fd modules.
There are also 'filter' BIO's. Currently I have only implemented
message digests, and it is in use in the dgst application. This
functionality will allow base64/encrypto/buffering modules to be
'push' into a BIO without it affecting the semantics. I'm also
working on an SSL BIO which will hide the SSL_accept()/SLL_connet()
from an event loop which uses the interface.
It is also possible to 'attach' callbacks to a BIO so they get called
before and after each operation, alowing extensive debug output
to be generated (try running dgst with -d).
Unfortunaly in the conversion from 0.5.x to 0.6.0, quite a few
functions that used to take FILE *, now take BIO *.
The wrappers are easy to write
function_fp(fp,x)
FILE *fp;
{
BIO *b;
int ret;
if ((b=BIO_new(BIO_s_file())) == NULL) error.....
BIO_set_fp(b,fp,BIO_NOCLOSE);
ret=function_bio(b,x);
BIO_free(b);
return(ret);
}
Remember, there are no functions that take FILE * in SSLeay when
compiled for Windows 3.1 DLL's.
--
I have added a general EVP_PKEY type that can hold a public/private
key. This is now what is used by the EVP_ functions and is passed
around internally. I still have not done the PKCS#8 stuff, but
X509_PKEY is defined and waiting :-)
--
For a full function name listings, have a look at ms/crypt32.def and
ms/ssl32.def. These are auto-generated but are complete.
Things like ASN1_INTEGER_get() have been added and are in here if you
look. I have renamed a few things, again, have a look through the
function list and you will probably find what you are after. I intend
to at least put a one line descrition for each one.....
--
Microsoft - thats what this release is about, read the MICROSOFT file.
--
Multi-threading support. I have started hunting through the code and
flaging where things need to be done. In a state of work but high on
the list.
--
For random numbers, edit e_os.h and set DEVRANDOM (it's near the top)
be be you random data device, otherwise 'RFILE' in e_os.h
will be used, in your home directory. It will be updated
periodically. The environment variable RANDFILE will override this
choice and read/write to that file instead. DEVRANDOM is used in
conjunction to the RFILE/RANDFILE. If you wish to 'seed' the random
number generator, pick on one of these files.
--
The list of things to read and do
dgst -d
s_client -state (this uses a callback placed in the SSL state loop and
will be used else-where to help debug/monitor what
is happening.)
doc/why.doc
doc/bio.doc <- hmmm, needs lots of work.
doc/bss_file.doc <- one that is working :-)
doc/session.doc <- it has changed
doc/speed.doc
also play with ssleay version -a. I have now added a SSLeay()
function that returns a version number, eg 0600 for this release
which is primarily to be used to check DLL version against the
application.
util/* Quite a few will not interest people, but some may, like
mk1mf.pl, mkdef.pl,
util/do_ms.sh
try
cc -Iinclude -Icrypto -c crypto/crypto.c
cc -Iinclude -Issl -c ssl/ssl.c
You have just built the SSLeay libraries as 2 object files :-)
Have a general rummage around in the bin stall directory and look at
what is in there, like CA.sh and c_rehash
There are lots more things but it is 12:30am on a Friday night and I'm
heading home :-).
eric 22-Jun-1996
This version has quite a few major bug fixes and improvements. It DOES NOT
do SSLv3 yet.
The main things changed
- A Few days ago I added the s_mult application to ssleay which is
a demo of an SSL server running in an event loop type thing.
It supports non-blocking IO, I have finally gotten it right, SSL_accept()
can operate in non-blocking IO mode, look at the code to see how :-).
Have a read of doc/s_mult as well. This program leaks memory and
file descriptors everywhere but I have not cleaned it up yet.
This is a demo of how to do non-blocking IO.
- The SSL session management has been 'worked over' and there is now
quite an expansive set of functions to manipulate them. Have a read of
doc/session.doc for some-things I quickly whipped up about how it now works.
This assume you know the SSLv2 protocol :-)
- I can now read/write the netscape certificate format, use the
-inform/-outform 'net' options to the x509 command. I have not put support
for this type in the other demo programs, but it would be easy to add.
- asn1parse and 'enc' have been modified so that when reading base64
encoded files (pem format), they do not require '-----BEGIN' header lines.
The 'enc' program had a buffering bug fixed, it can be used as a general
base64 -> binary -> base64 filter by doing 'enc -a -e' and 'enc -a -d'
respecivly. Leaving out the '-a' flag in this case makes the 'enc' command
into a form of 'cat'.
- The 'x509' and 'req' programs have been fixed and modified a little so
that they generate self-signed certificates correctly. The test
script actually generates a 'CA' certificate and then 'signs' a
'user' certificate. Have a look at this shell script (test/sstest)
to see how things work, it tests most possible combinations of what can
be done.
- The 'SSL_set_pref_cipher()' function has been 'fixed' and the prefered name
of SSL_set_cipher_list() is now the correct API (stops confusion :-).
If this function is used in the client, only the specified ciphers can
be used, with preference given to the order the ciphers were listed.
For the server, if this is used, only the specified ciphers will be used
to accept connections. If this 'option' is not used, a default set of
ciphers will be used. The SSL_CTX_set_cipher_list(SSL_CTX *ctx) sets this
list for all ciphers started against the SSL_CTX. So the order is
SSL cipher_list, if not present, SSL_CTX cipher list, if not
present, then the library default.
What this means is that normally ciphers like
NULL-MD5 will never be used. The only way this cipher can be used
for both ends to specify to use it.
To enable or disable ciphers in the library at build time, modify the
first field for the cipher in the ssl_ciphers array in ssl/ssl_lib.c.
This file also contains the 'pref_cipher' list which is the default
cipher preference order.
- I'm not currently sure if the 'rsa -inform net' and the 'rsa -outform net'
options work. They should, and they enable loading and writing the
netscape rsa private key format. I will be re-working this section of
SSLeay for the next version. What is currently in place is a quick and
dirty hack.
- I've re-written parts of the bignum library. This gives speedups
for all platforms. I now provide assembler for use under Windows NT.
I have not tested the Windows 3.1 assembler but it is quite simple code.
This gives RSAprivate_key operation encryption times of 0.047s (512bit key)
and 0.230s (1024bit key) on a pentium 100 which I consider reasonable.
Basically the times available under linux/solaris x86 can be achieve under
Windows NT. I still don't know how these times compare to RSA's BSAFE
library but I have been emailing with people and with their help, I should
be able to get my library's quite a bit faster still (more algorithm changes).
The object file crypto/bn/asm/x86-32.obj should be used when linking
under NT.
- 'make makefile.one' in the top directory will generate a single makefile
called 'makefile.one' This makefile contains no perl references and
will build the SSLeay library into the 'tmp' and 'out' directories.
util/mk1mf.pl >makefile.one is how this makefile is
generated. The mk1mf.pl command take several option to generate the
makefile for use with cc, gcc, Visual C++ and Borland C++. This is
still under development. I have only build .lib's for NT and MSDOS
I will be working on this more. I still need to play with the
correct compiler setups for these compilers and add some more stuff but
basically if you just want to compile the library
on a 'non-unix' platform, this is a very very good file to start with :-).
Have a look in the 'microsoft' directory for my current makefiles.
I have not yet modified things to link with sockets under Windows NT.
You guys should be able to do this since this is actually outside of the
SSLeay scope :-). I will be doing it for myself soon.
util/mk1mf.pl takes quite a few options including no-rc, rsaref and no-sock
to build without RC2/RC4, to require RSAref for linking, and to
build with no socket code.
- Oh yes, the cipher that was reported to be compatible with RSA's RC2 cipher
that was posted to sci.crypt has been added to the library and SSL.
I take the view that if RC2 is going to be included in a standard,
I'll include the cipher to make my package complete.
There are NO_RC2, NO_RC4 and NO_IDEA macros to remove these ciphers
at compile time. I have not tested this recently but it should all work
and if you are in the USA and don't want RSA threatening to sue you,
you could probably remove the RC4/RC2 code inside these sections.
I may in the future include a perl script that does this code
removal automatically for those in the USA :-).
- I have removed all references to sed in the makefiles. So basically,
the development environment requires perl and sh. The build environment
does not (use the makefile.one makefile).
The Configure script still requires perl, this will probably stay that way
since I have perl for Windows NT :-).
eric (03-May-1996)
PS Have a look in the VERSION file for more details on the changes and
bug fixes.
I have fixed a few bugs, added alpha and x86 assembler and generally cleaned
things up. This version will be quite stable, mostly because I'm on
holidays until 10-March-1996. For any problems in the interum, send email
to Tim Hudson <tjh@mincom.oz.au>.
SSLeay 0.5.0
12-12-95
This is going out before it should really be released.
I leave for 11 weeks holidays on the 22-12-95 and so I either sit on
this for 11 weeks or get things out. It is still going to change a
lot in the next week so if you do grab this version, please test and
give me feed back ASAP, inculuding questions on how to do things with
the library. This will prompt me to write documentation so I don't
have to answer the same question again :-).
This 'pre' release version is for people who are interested in the
library. The applications will have to be changed to use
the new version of the SSL interface. I intend to finish more
documentation before I leave but until then, look at the programs in
the apps directory. As far as code goes, it is much much nicer than
the old version.
The current library works, has no memory leaks (as far as I can tell)
and is far more bug free that 0.4.5d. There are no global variable of
consequence (I believe) and I will produce some documentation that
tell where to look for those people that do want to do multi-threaded
stuff.
There should be more documentation. Have a look in the
doc directory. I'll be adding more before I leave, it is a start
by mostly documents the crypto library. Tim Hudson will update
the web page ASAP. The spelling and grammar are crap but
it is better than nothing :-)
Reasons to start playing with version 0.5.0
- All the programs in the apps directory build into one ssleay binary.
- There is a new version of the 'req' program that generates certificate
requests, there is even documentation for this one :-)
- There is a demo certification authorithy program. Currently it will
look at the simple database and update it. It will generate CRL from
the data base. You need to edit the database by hand to revoke a
certificate, it is my aim to use perl5/Tk but I don't have time to do
this right now. It will generate the certificates but the management
scripts still need to be written. This is not a hard task.
- Things have been cleaned up alot.
- Have a look at the enc and dgst programs in the apps directory.
- It supports v3 of x509 certiticates.
Major things missing.
- I have been working on (and thinging about) the distributed x509
hierachy problem. I have not had time to put my solution in place.
It will have to wait until I come back.
- I have not put in CRL checking in the certificate verification but
it would not be hard to do. I was waiting until I could generate my
own CRL (which has only been in the last week) and I don't have time
to put it in correctly.
- Montgomery multiplication need to be implemented. I know the
algorithm, just ran out of time.
- PKCS#7. I can load and write the DER version. I need to re-work
things to support BER (if that means nothing, read the ASN1 spec :-).
- Testing of the higher level digital envelope routines. I have not
played with the *_seal() and *_open() type functions. They are
written but need testing. The *_sign() and *_verify() functions are
rock solid.
- PEM. Doing this and PKCS#7 have been dependant on the distributed
x509 heirachy problem. I started implementing my ideas, got
distracted writing a CA program and then ran out of time. I provide
the functionality of RSAref at least.
- Re work the asm. code for the x86. I've changed by low level bignum
interface again, so I really need to tweak the x86 stuff. gcc is
good enough for the other boxes.

2
deps/openssl/openssl/CONTRIBUTING vendored
View file

@ -39,7 +39,7 @@ acceptance and review process faster:
4. Patches should follow our coding style (see
https://www.openssl.org/policies/codingstyle.html) and compile without
warnings. Where gcc or clang is availble you should use the
warnings. Where gcc or clang is available you should use the
--strict-warnings Configure option. OpenSSL compiles on many varied
platforms: try to ensure you only use portable features.
Clean builds via Travis and AppVeyor are expected, and done whenever

293
deps/openssl/openssl/Configurations/00-base-templates.conf vendored Normal file
View file

@ -0,0 +1,293 @@
# -*- Mode: perl -*-
%targets=(
DEFAULTS => {
template => 1,
cflags => "",
defines => [],
thread_scheme => "(unknown)", # Assume we don't know
thread_defines => [],
apps_aux_src => "",
cpuid_asm_src => "mem_clr.c",
uplink_aux_src => "",
bn_asm_src => "bn_asm.c",
ec_asm_src => "",
des_asm_src => "des_enc.c fcrypt_b.c",
aes_asm_src => "aes_core.c aes_cbc.c",
bf_asm_src => "bf_enc.c",
md5_asm_src => "",
cast_asm_src => "c_enc.c",
rc4_asm_src => "rc4_enc.c rc4_skey.c",
rmd160_asm_src => "",
rc5_asm_src => "rc5_enc.c",
wp_asm_src => "wp_block.c",
cmll_asm_src => "camellia.c cmll_misc.c cmll_cbc.c",
modes_asm_src => "",
padlock_asm_src => "",
chacha_asm_src => "chacha_enc.c",
poly1305_asm_src => "",
unistd => "<unistd.h>",
shared_target => "",
shared_cflag => "",
shared_defines => [],
shared_ldflag => "",
shared_rcflag => "",
shared_extension => "",
build_scheme => [ "unified", "unix" ],
build_file => "Makefile",
},
BASE_common => {
template => 1,
defines =>
sub {
my @defs = ();
push @defs, "ZLIB" unless $disabled{zlib};
push @defs, "ZLIB_SHARED" unless $disabled{"zlib-dynamic"};
return [ @defs ];
},
},
BASE_unix => {
inherit_from => [ "BASE_common" ],
template => 1,
ex_libs =>
sub {
unless ($disabled{zlib}) {
if (defined($disabled{"zlib-dynamic"})) {
if (defined($withargs{zlib_lib})) {
return "-L".$withargs{zlib_lib}." -lz";
} else {
return "-lz";
}
}
}
return (); },
build_scheme => [ "unified", "unix" ],
build_file => "Makefile",
},
BASE_Windows => {
inherit_from => [ "BASE_common" ],
template => 1,
ex_libs =>
sub {
unless ($disabled{zlib}) {
if (defined($disabled{"zlib-dynamic"})) {
return $withargs{zlib_lib} // "ZLIB1";
}
}
return ();
},
ld => "link",
lflags => "/nologo",
loutflag => "/out:",
ar => "lib",
arflags => "/nologo",
aroutflag => "/out:",
rc => "rc",
rcoutflag => "/fo",
mt => "mt",
mtflags => "-nologo",
mtinflag => "-manifest ",
mtoutflag => "-outputresource:",
build_file => "makefile",
build_scheme => [ "unified", "windows" ],
},
BASE_VMS => {
inherit_from => [ "BASE_common" ],
template => 1,
build_file => "descrip.mms",
build_scheme => [ "unified", "VMS" ],
},
uplink_common => {
template => 1,
apps_aux_src => add("../ms/applink.c"),
uplink_aux_src => add("../ms/uplink.c"),
defines => add("OPENSSL_USE_APPLINK"),
},
x86_uplink => {
inherit_from => [ "uplink_common" ],
template => 1,
uplink_aux_src => add("uplink-x86.s"),
},
x86_64_uplink => {
inherit_from => [ "uplink_common" ],
template => 1,
uplink_aux_src => add("uplink-x86_64.s"),
},
ia64_uplink => {
inherit_from => [ "uplink_common" ],
template => 1,
uplink_aux_src => add("uplink-ia64.s"),
},
x86_asm => {
template => 1,
cpuid_asm_src => "x86cpuid.s",
bn_asm_src => "bn-586.s co-586.s x86-mont.s x86-gf2m.s",
ec_asm_src => "ecp_nistz256.c ecp_nistz256-x86.s",
des_asm_src => "des-586.s crypt586.s",
aes_asm_src => "aes-586.s vpaes-x86.s aesni-x86.s",
bf_asm_src => "bf-586.s",
md5_asm_src => "md5-586.s",
cast_asm_src => "cast-586.s",
sha1_asm_src => "sha1-586.s sha256-586.s sha512-586.s",
rc4_asm_src => "rc4-586.s",
rmd160_asm_src => "rmd-586.s",
rc5_asm_src => "rc5-586.s",
wp_asm_src => "wp_block.c wp-mmx.s",
cmll_asm_src => "cmll-x86.s",
modes_asm_src => "ghash-x86.s",
padlock_asm_src => "e_padlock-x86.s",
chacha_asm_src => "chacha-x86.s",
poly1305_asm_src=> "poly1305-x86.s",
},
x86_elf_asm => {
template => 1,
inherit_from => [ "x86_asm" ],
perlasm_scheme => "elf"
},
x86_64_asm => {
template => 1,
cpuid_asm_src => "x86_64cpuid.s",
bn_asm_src => "asm/x86_64-gcc.c x86_64-mont.s x86_64-mont5.s x86_64-gf2m.s rsaz_exp.c rsaz-x86_64.s rsaz-avx2.s",
ec_asm_src => "ecp_nistz256.c ecp_nistz256-x86_64.s",
aes_asm_src => "aes-x86_64.s vpaes-x86_64.s bsaes-x86_64.s aesni-x86_64.s aesni-sha1-x86_64.s aesni-sha256-x86_64.s aesni-mb-x86_64.s",
md5_asm_src => "md5-x86_64.s",
sha1_asm_src => "sha1-x86_64.s sha256-x86_64.s sha512-x86_64.s sha1-mb-x86_64.s sha256-mb-x86_64.s",
rc4_asm_src => "rc4-x86_64.s rc4-md5-x86_64.s",
wp_asm_src => "wp-x86_64.s",
cmll_asm_src => "cmll-x86_64.s cmll_misc.c",
modes_asm_src => "ghash-x86_64.s aesni-gcm-x86_64.s",
padlock_asm_src => "e_padlock-x86_64.s",
chacha_asm_src => "chacha-x86_64.s",
poly1305_asm_src=> "poly1305-x86_64.s",
},
ia64_asm => {
template => 1,
cpuid_asm_src => "ia64cpuid.s",
bn_asm_src => "bn-ia64.s ia64-mont.s",
aes_asm_src => "aes_core.c aes_cbc.c aes-ia64.s",
md5_asm_src => "md5-ia64.s",
sha1_asm_src => "sha1-ia64.s sha256-ia64.s sha512-ia64.s",
rc4_asm_src => "rc4-ia64.s rc4_skey.c",
modes_asm_src => "ghash-ia64.s",
perlasm_scheme => "void"
},
sparcv9_asm => {
template => 1,
cpuid_asm_src => "sparcv9cap.c sparccpuid.S",
bn_asm_src => "asm/sparcv8plus.S sparcv9-mont.S sparcv9a-mont.S vis3-mont.S sparct4-mont.S sparcv9-gf2m.S",
ec_asm_src => "ecp_nistz256.c ecp_nistz256-sparcv9.S",
des_asm_src => "des_enc-sparc.S fcrypt_b.c dest4-sparcv9.S",
aes_asm_src => "aes_core.c aes_cbc.c aes-sparcv9.S aest4-sparcv9.S aesfx-sparcv9.S",
md5_asm_src => "md5-sparcv9.S",
sha1_asm_src => "sha1-sparcv9.S sha256-sparcv9.S sha512-sparcv9.S",
cmll_asm_src => "camellia.c cmll_misc.c cmll_cbc.c cmllt4-sparcv9.S",
modes_asm_src => "ghash-sparcv9.S",
poly1305_asm_src=> "poly1305-sparcv9.S",
perlasm_scheme => "void"
},
sparcv8_asm => {
template => 1,
cpuid_asm_src => "",
bn_asm_src => "asm/sparcv8.S",
des_asm_src => "des_enc-sparc.S fcrypt_b.c",
perlasm_scheme => "void"
},
alpha_asm => {
template => 1,
cpuid_asm_src => "alphacpuid.s",
bn_asm_src => "bn_asm.c alpha-mont.S",
sha1_asm_src => "sha1-alpha.S",
modes_asm_src => "ghash-alpha.S",
perlasm_scheme => "void"
},
mips32_asm => {
template => 1,
bn_asm_src => "bn-mips.s mips-mont.s",
aes_asm_src => "aes_cbc.c aes-mips.S",
sha1_asm_src => "sha1-mips.S sha256-mips.S",
},
mips64_asm => {
inherit_from => [ "mips32_asm" ],
template => 1,
sha1_asm_src => add("sha512-mips.S"),
poly1305_asm_src=> "poly1305-mips.S",
},
s390x_asm => {
template => 1,
cpuid_asm_src => "s390xcap.c s390xcpuid.S",
bn_asm_src => "asm/s390x.S s390x-mont.S s390x-gf2m.s",
aes_asm_src => "aes-s390x.S aes-ctr.fake aes-xts.fake",
sha1_asm_src => "sha1-s390x.S sha256-s390x.S sha512-s390x.S",
rc4_asm_src => "rc4-s390x.s",
modes_asm_src => "ghash-s390x.S",
chacha_asm_src => "chacha-s390x.S",
poly1305_asm_src=> "poly1305-s390x.S",
},
armv4_asm => {
template => 1,
cpuid_asm_src => "armcap.c armv4cpuid.S",
bn_asm_src => "bn_asm.c armv4-mont.S armv4-gf2m.S",
ec_asm_src => "ecp_nistz256.c ecp_nistz256-armv4.S",
aes_asm_src => "aes_cbc.c aes-armv4.S bsaes-armv7.S aesv8-armx.S",
sha1_asm_src => "sha1-armv4-large.S sha256-armv4.S sha512-armv4.S",
modes_asm_src => "ghash-armv4.S ghashv8-armx.S",
chacha_asm_src => "chacha-armv4.S",
poly1305_asm_src=> "poly1305-armv4.S",
perlasm_scheme => "void"
},
aarch64_asm => {
template => 1,
cpuid_asm_src => "armcap.c arm64cpuid.S",
ec_asm_src => "ecp_nistz256.c ecp_nistz256-armv8.S",
bn_asm_src => "bn_asm.c armv8-mont.S",
aes_asm_src => "aes_core.c aes_cbc.c aesv8-armx.S vpaes-armv8.S",
sha1_asm_src => "sha1-armv8.S sha256-armv8.S sha512-armv8.S",
modes_asm_src => "ghashv8-armx.S",
chacha_asm_src => "chacha-armv8.S",
poly1305_asm_src=> "poly1305-armv8.S",
},
parisc11_asm => {
template => 1,
cpuid_asm_src => "pariscid.s",
bn_asm_src => "bn_asm.c parisc-mont.s",
aes_asm_src => "aes_core.c aes_cbc.c aes-parisc.s",
sha1_asm_src => "sha1-parisc.s sha256-parisc.s sha512-parisc.s",
rc4_asm_src => "rc4-parisc.s",
modes_asm_src => "ghash-parisc.s",
perlasm_scheme => "32"
},
parisc20_64_asm => {
template => 1,
inherit_from => [ "parisc11_asm" ],
perlasm_scheme => "64",
},
ppc64_asm => {
template => 1,
cpuid_asm_src => "ppccpuid.s ppccap.c",
bn_asm_src => "bn-ppc.s ppc-mont.s ppc64-mont.s",
aes_asm_src => "aes_core.c aes_cbc.c aes-ppc.s vpaes-ppc.s aesp8-ppc.s",
sha1_asm_src => "sha1-ppc.s sha256-ppc.s sha512-ppc.s sha256p8-ppc.s sha512p8-ppc.s",
modes_asm_src => "ghashp8-ppc.s",
chacha_asm_src => "chacha-ppc.s",
poly1305_asm_src=> "poly1305-ppc.s poly1305-ppcfp.s",
},
ppc32_asm => {
inherit_from => [ "ppc64_asm" ],
template => 1
},
);

1884
deps/openssl/openssl/Configurations/10-main.conf vendored Normal file
View file

File diff suppressed because it is too large Load diff

15
deps/openssl/openssl/Configurations/50-djgpp.conf vendored Normal file
View file

@ -0,0 +1,15 @@
# We can't make any commitment to support the DJGPP platform,
# and rely entirely on the OpenSSL community to help is fine
# tune and test.
%targets = (
"DJGPP" => {
inherit_from => [ asm("x86_asm") ],
cc => "gcc",
cflags => "-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall",
sys_id => "MSDOS",
ex_libs => add("-L/dev/env/WATT_ROOT/lib -lwatt"),
bn_ops => "BN_LLONG",
perlasm_scheme => "a.out",
},
);

29
deps/openssl/openssl/Configurations/50-haiku.conf vendored Normal file
View file

@ -0,0 +1,29 @@
%targets = (
"haiku-common" => {
template => 1,
cc => "cc",
cflags => add_before(picker(default => "-DL_ENDIAN -Wall -include \$(SRCDIR)/os-dep/haiku.h",
debug => "-g -O0",
release => "-O2"),
threads("-D_REENTRANT")),
sys_id => "HAIKU",
ex_libs => "-lnetwork",
perlasm_scheme => "elf",
thread_scheme => "pthreads",
dso_scheme => "dlfcn",
shared_target => "gnu-shared",
shared_cflag => "-fPIC",
shared_ldflag => "-shared",
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
},
"haiku-x86" => {
inherit_from => [ "haiku-common", asm("x86_elf_asm") ],
cflags => add(picker(release => "-fomit-frame-pointer")),
bn_ops => "BN_LLONG",
},
"haiku-x86_64" => {
inherit_from => [ "haiku-common" ],
cflags => add("-m64"),
bn_ops => "SIXTY_FOUR_BIT_LONG",
},
);

17
deps/openssl/openssl/Configurations/50-masm.conf vendored Normal file
View file

@ -0,0 +1,17 @@
# We can't make commitment to supporting Microsoft assembler,
# because it would mean supporting all masm versions. This in
# in turn is because masm is not really an interchangeable option,
# while users tend to have reasons to stick with specific Visual
# Studio versions. It's usually lesser hassle to make it work
# with latest assembler, but tweaking for older versions had
# proven to be daunting task. This is experimental target, for
# production builds stick with [up-to-date version of] nasm.
%targets = (
"VC-WIN64A-masm" => {
inherit_from => [ "VC-WIN64A" ],
as => "ml64",
asflags => "/c /Cp /Cx /Zi",
asoutflag => "/Fo",
},
);

112
deps/openssl/openssl/Configurations/90-team.conf vendored Normal file
View file

@ -0,0 +1,112 @@
## -*- mode: perl; -*-
## Build configuration targets for openssl-team members
%targets = (
"purify" => {
cc => "purify gcc",
cflags => "-g -Wall",
thread_scheme => "(unknown)",
ex_libs => add(" ","-lsocket -lnsl"),
},
"debug" => {
cc => "gcc",
cflags => "-DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror",
thread_scheme => "(unknown)",
},
"debug-erbridge" => {
inherit_from => [ "x86_64_asm" ],
cc => "gcc",
cflags => combine("$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -m64 -DL_ENDIAN -DTERMIO -g",
threads("-D_REENTRANT")),
ex_libs => add(" ","-ldl"),
bn_ops => "SIXTY_FOUR_BIT_LONG",
thread_scheme => "pthreads",
perlasm_scheme => "elf",
dso_scheme => "dlfcn",
shared_target => "linux-shared",
shared_cflag => "-fPIC",
shared_ldflag => "-m64",
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
multilib => "64",
},
"debug-linux-pentium" => {
inherit_from => [ "x86_elf_asm" ],
cc => "gcc",
cflags => combine("-DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DL_ENDIAN -g -mcpu=pentium -Wall",
threads("-D_REENTRANT")),
ex_libs => add(" ","-ldl"),
bn_ops => "BN_LLONG",
thread_scheme => "pthreads",
dso_scheme => "dlfcn",
},
"debug-linux-ppro" => {
inherit_from => [ "x86_elf_asm" ],
cc => "gcc",
cflags => combine("-DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall",
threads("-D_REENTRANT")),
ex_libs => add(" ","-ldl"),
bn_ops => "BN_LLONG",
thread_scheme => "pthreads",
dso_scheme => "dlfcn",
},
"debug-linux-ia32-aes" => {
cc => "gcc",
cflags => combine("-DL_ENDIAN -O3 -fomit-frame-pointer -Wall",
threads("-D_REENTRANT")),
ex_libs => add(" ","-ldl"),
bn_ops => "BN_LLONG",
cpuid_asm_src => "x86cpuid.s",
bn_asm_src => "bn-586.s co-586.s x86-mont.s",
des_asm_src => "des-586.s crypt586.s",
aes_asm_src => "aes_x86core.s aes_cbc.s aesni-x86.s",
bf_asm_src => "bf-586.s",
md5_asm_src => "md5-586.s",
sha1_asm_src => "sha1-586.s sha256-586.s sha512-586.s",
cast_asm_src => "cast-586.s",
rc4_asm_src => "rc4-586.s",
rmd160_asm_src => "rmd-586.s",
rc5_asm_src => "rc5-586.s",
wp_asm_src => "wp_block.s wp-mmx.s",
modes_asm_src => "ghash-x86.s",
padlock_asm_src => "e_padlock-x86.s",
thread_scheme => "pthreads",
perlasm_scheme => "elf",
dso_scheme => "dlfcn",
shared_target => "linux-shared",
shared_cflag => "-fPIC",
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
},
"dist" => {
cc => "cc",
cflags => "-O",
thread_scheme => "(unknown)",
},
"debug-test-64-clang" => {
inherit_from => [ "x86_64_asm" ],
cc => "clang",
cflags => combine("$gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe",
threads("${BSDthreads}")),
bn_ops => "SIXTY_FOUR_BIT_LONG",
thread_scheme => "pthreads",
perlasm_scheme => "elf",
dso_scheme => "dlfcn",
shared_target => "bsd-gcc-shared",
shared_cflag => "-fPIC",
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
},
"darwin64-debug-test-64-clang" => {
inherit_from => [ "x86_64_asm" ],
cc => "clang",
cflags => combine("-arch x86_64 -DL_ENDIAN $gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe",
threads("${BSDthreads}")),
sys_id => "MACOSX",
bn_ops => "SIXTY_FOUR_BIT_LONG",
thread_scheme => "pthreads",
perlasm_scheme => "macosx",
dso_scheme => "dlfcn",
shared_target => "darwin-shared",
shared_cflag => "-fPIC -fno-common",
shared_ldflag => "-arch x86_64 -dynamiclib",
shared_extension => ".\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
},
);

135
deps/openssl/openssl/Configurations/INTERNALS.Configure vendored Normal file
View file

@ -0,0 +1,135 @@
Configure Internals
===================
[ note: this file uses markdown for formatting ]
Intro
-----
This is a collection of notes that are hopefully of interest to those
who decide to dive into Configure and what it does. This is a living
document and anyone is encouraged to add to it and submit changes.
There's no claim for this document to be complete at any time, but it
will hopefully reach such a point in time.
----------------------------------------------------------------------
Parsing build.info files, processing conditions
-----------------------------------------------
Processing conditions in build.info files is done with the help of a
condition stack that tell if a build.info should be processed or if it
should just be skipped over. The possible states of the stack top are
expressed in the following comment from Configure:
# The top item of this stack has the following values
# -2 positive already run and we found ELSE (following ELSIF should fail)
# -1 positive already run (skip until ENDIF)
# 0 negatives so far (if we're at a condition, check it)
# 1 last was positive (don't skip lines until next ELSE, ELSIF or ENDIF)
# 2 positive ELSE (following ELSIF should fail)
Ground rule is that non-condition lines are skipped over if the
stack top is > 0. Condition lines (IF, ELSIF, ELSE and ENDIF
statements) need to be processed either way to keep track of the skip
stack states, so they are a little more intricate.
Instead of trying to describe in words, here are some example of what
the skip stack should look like after each line is processed:
Example 1:
| IF[1] | 1 | |
| ... whatever ... | | this line is processed |
| IF[1] | 1 1 | |
| ... whatever ... | | this line is processed |
| ELSIF[1] | 1 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSE | 1 -2 | |
| ... whatever ... | | this line is skipped over |
| ENDIF | 1 | |
| ... whatever ... | | this line is processed |
| ELSIF[1] | -1 | |
| ... whatever ... | | this line is skipped over |
| IF[1] | -1 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[1] | -1 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSE | -1 -2 | |
| ... whatever ... | | this line is skipped over |
| ENDIF | -1 | |
| ... whatever ... | | this line is skipped over |
| ENDIF | | |
Example 2:
| IF[0] | 0 | |
| ... whatever ... | | this line is skipped over |
| IF[1] | 0 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[1] | 0 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSE | 0 -2 | |
| ... whatever ... | | this line is skipped over |
| ENDIF | 0 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[1] | 1 | |
| ... whatever ... | | this line is processed |
| IF[1] | 1 1 | |
| ... whatever ... | | this line is processed |
| ELSIF[1] | 1 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSE | 1 -2 | |
| ... whatever ... | | this line is skipped over |
| ENDIF | 1 | |
| ... whatever ... | | this line is processed |
| ENDIF | | |
Example 3:
| IF[0] | 0 | |
| ... whatever ... | | this line is skipped over |
| IF[0] | 0 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[1] | 0 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSE | 0 -2 | |
| ... whatever ... | | this line is skipped over |
| ENDIF | 0 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[1] | 1 | |
| ... whatever ... | | this line is processed |
| IF[0] | 1 0 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[1] | 1 1 | |
| ... whatever ... | | this line is processed |
| ELSE | 1 -2 | |
| ... whatever ... | | this line is skipped over |
| ENDIF | 1 | |
| ... whatever ... | | this line is processed |
| ENDIF | | |
Example 4:
| IF[0] | 0 | |
| ... whatever ... | | this line is skipped over |
| IF[0] | 0 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[0] | 0 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSE | 0 -2 | |
| ... whatever ... | | this line is skipped over |
| ENDIF | 0 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[1] | 1 | |
| ... whatever ... | | this line is processed |
| IF[0] | 1 0 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[0] | 1 0 | |
| ... whatever ... | | this line is skipped over |
| ELSE | 1 2 | |
| ... whatever ... | | this line is processed |
| ENDIF | 1 | |
| ... whatever ... | | this line is processed |
| ENDIF | | |

721
deps/openssl/openssl/Configurations/README vendored Normal file
View file

@ -0,0 +1,721 @@
Intro
=====
This directory contains a few sets of files that are used for
configuration in diverse ways:
*.conf Target platform configurations, please read
'Configurations of OpenSSL target platforms' for more
information.
*.tmpl Build file templates, please read 'Build-file
programming with the "unified" build system' as well
as 'Build info files' for more information.
*.pm Helper scripts / modules for the main `Configure`
script. See 'Configure helper scripts for more
information.
Configurations of OpenSSL target platforms
==========================================
Configuration targets are a collection of facts that we know about
different platforms and their capabilities. We organise them in a
hash table, where each entry represent a specific target.
Note that configuration target names must be unique across all config
files. The Configure script does check that a config file doesn't
have config targets that shadow config targets from other files.
In each table entry, the following keys are significant:
inherit_from => Other targets to inherit values from.
Explained further below. [1]
template => Set to 1 if this isn't really a platform
target. Instead, this target is a template
upon which other targets can be built.
Explained further below. [1]
sys_id => System identity for systems where that
is difficult to determine automatically.
cc => The compiler command, usually one of "cc",
"gcc" or "clang". This command is normally
also used to link object files and
libraries into the final program.
cflags => Flags that are used at all times when
compiling.
defines => As an alternative, macro definitions may be
present here instead of in `cflags'. If
given here, they MUST be as an array of the
string such as "MACRO=value", or just
"MACRO" for definitions without value.
shared_cflag => Extra compilation flags used when
compiling for shared libraries, typically
something like "-fPIC".
(linking is a complex thing, see [3] below)
ld => Linker command, usually not defined
(meaning the compiler command is used
instead).
(NOTE: this is here for future use, it's
not implemented yet)
lflags => Flags that are used when linking apps.
shared_ldflag => Flags that are used when linking shared
or dynamic libraries.
plib_lflags => Extra linking flags to appear just before
the libraries on the command line.
ex_libs => Extra libraries that are needed when
linking.
ar => The library archive command, the default is
"ar".
(NOTE: this is here for future use, it's
not implemented yet)
arflags => Flags to be used with the library archive
command.
ranlib => The library archive indexing command, the
default is 'ranlib' it it exists.
unistd => An alternative header to the typical
'<unistd.h>'. This is very rarely needed.
shared_extension => File name extension used for shared
libraries.
obj_extension => File name extension used for object files.
On unix, this defaults to ".o" (NOTE: this
is here for future use, it's not
implemented yet)
exe_extension => File name extension used for executable
files. On unix, this defaults to "" (NOTE:
this is here for future use, it's not
implemented yet)
shlib_variant => A "variant" identifier inserted between the base
shared library name and the extension. On "unixy"
platforms (BSD, Linux, Solaris, MacOS/X, ...) this
supports installation of custom OpenSSL libraries
that don't conflict with other builds of OpenSSL
installed on the system. The variant identifier
becomes part of the SONAME of the library and also
any symbol versions (symbol versions are not used or
needed with MacOS/X). For example, on a system
where a default build would normally create the SSL
shared library as 'libssl.so -> libssl.so.1.1' with
the value of the symlink as the SONAME, a target
definition that sets 'shlib_variant => "-abc"' will
create 'libssl.so -> libssl-abc.so.1.1', again with
an SONAME equal to the value of the symlink. The
symbol versions associated with the variant library
would then be 'OPENSSL_ABC_<version>' rather than
the default 'OPENSSL_<version>'. The string inserted
into symbol versions is obtained by mapping all
letters in the "variant" identifier to upper case
and all non-alphanumeric characters to '_'.
thread_scheme => The type of threads is used on the
configured platform. Currently known
values are "(unknown)", "pthreads",
"uithreads" (a.k.a solaris threads) and
"winthreads". Except for "(unknown)", the
actual value is currently ignored but may
be used in the future. See further notes
below [2].
dso_scheme => The type of dynamic shared objects to build
for. This mostly comes into play with
engines, but can be used for other purposes
as well. Valid values are "DLFCN"
(dlopen() et al), "DLFCN_NO_H" (for systems
that use dlopen() et al but do not have
fcntl.h), "DL" (shl_load() et al), "WIN32"
and "VMS".
perlasm_scheme => The perlasm method used to created the
assembler files used when compiling with
assembler implementations.
shared_target => The shared library building method used.
This is a target found in Makefile.shared.
build_scheme => The scheme used to build up a Makefile.
In its simplest form, the value is a string
with the name of the build scheme.
The value may also take the form of a list
of strings, if the build_scheme is to have
some options. In this case, the first
string in the list is the name of the build
scheme.
Currently recognised build scheme is "unified".
For the "unified" build scheme, this item
*must* be an array with the first being the
word "unified" and the second being a word
to identify the platform family.
multilib => On systems that support having multiple
implementations of a library (typically a
32-bit and a 64-bit variant), this is used
to have the different variants in different
directories.
bn_ops => Building options (was just bignum options in
the earlier history of this option, hence the
name). This is a string of words that describe
algorithms' implementation parameters that
are optimal for the designated target platform,
such as the type of integers used to build up
the bignum, different ways to implement certain
ciphers and so on. To fully comprehend the
meaning, the best is to read the affected
source.
The valid words are:
THIRTY_TWO_BIT bignum limbs are 32 bits,
this is default if no
option is specified, it
works on any supported
system [unless "wider"
limb size is implied in
assembly code];
BN_LLONG bignum limbs are 32 bits,
but 64-bit 'unsigned long
long' is used internally
in calculations;
SIXTY_FOUR_BIT_LONG bignum limbs are 64 bits
and sizeof(long) is 8;
SIXTY_FOUR_BIT bignums limbs are 64 bits,
but execution environment
is ILP32;
RC4_CHAR RC4 key schedule is made
up of 'unsigned char's;
RC4_INT RC4 key schedule is made
up of 'unsigned int's;
EXPORT_VAR_AS_FN for shared libraries,
export vars as
accessor functions.
apps_extra_src => Extra source to build apps/openssl, as
needed by the target.
cpuid_asm_src => assembler implementation of cpuid code as
well as OPENSSL_cleanse().
Default to mem_clr.c
bn_asm_src => Assembler implementation of core bignum
functions.
Defaults to bn_asm.c
ec_asm_src => Assembler implementation of core EC
functions.
des_asm_src => Assembler implementation of core DES
encryption functions.
Defaults to 'des_enc.c fcrypt_b.c'
aes_asm_src => Assembler implementation of core AES
functions.
Defaults to 'aes_core.c aes_cbc.c'
bf_asm_src => Assembler implementation of core BlowFish
functions.
Defaults to 'bf_enc.c'
md5_asm_src => Assembler implementation of core MD5
functions.
sha1_asm_src => Assembler implementation of core SHA1,
functions, and also possibly SHA256 and
SHA512 ones.
cast_asm_src => Assembler implementation of core CAST
functions.
Defaults to 'c_enc.c'
rc4_asm_src => Assembler implementation of core RC4
functions.
Defaults to 'rc4_enc.c rc4_skey.c'
rmd160_asm_src => Assembler implementation of core RMD160
functions.
rc5_asm_src => Assembler implementation of core RC5
functions.
Defaults to 'rc5_enc.c'
wp_asm_src => Assembler implementation of core WHIRLPOOL
functions.
cmll_asm_src => Assembler implementation of core CAMELLIA
functions.
Defaults to 'camellia.c cmll_misc.c cmll_cbc.c'
modes_asm_src => Assembler implementation of cipher modes,
currently the functions gcm_gmult_4bit and
gcm_ghash_4bit.
padlock_asm_src => Assembler implementation of core parts of
the padlock engine. This is mandatory on
any platform where the padlock engine might
actually be built.
[1] as part of the target configuration, one can have a key called
'inherit_from' that indicate what other configurations to inherit
data from. These are resolved recursively.
Inheritance works as a set of default values that can be overridden
by corresponding key values in the inheriting configuration.
Note 1: any configuration table can be used as a template.
Note 2: pure templates have the attribute 'template => 1' and
cannot be used as build targets.
If several configurations are given in the 'inherit_from' array,
the values of same attribute are concatenated with space
separation. With this, it's possible to have several smaller
templates for different configuration aspects that can be combined
into a complete configuration.
instead of a scalar value or an array, a value can be a code block
of the form 'sub { /* your code here */ }'. This code block will
be called with the list of inherited values for that key as
arguments. In fact, the concatenation of strings is really done
by using 'sub { join(" ",@_) }' on the list of inherited values.
An example:
"foo" => {
template => 1,
haha => "ha ha",
hoho => "ho",
ignored => "This should not appear in the end result",
},
"bar" => {
template => 1,
haha => "ah",
hoho => "haho",
hehe => "hehe"
},
"laughter" => {
inherit_from => [ "foo", "bar" ],
hehe => sub { join(" ",(@_,"!!!")) },
ignored => "",
}
The entry for "laughter" will become as follows after processing:
"laughter" => {
haha => "ha ha ah",
hoho => "ho haho",
hehe => "hehe !!!",
ignored => ""
}
[2] OpenSSL is built with threading capabilities unless the user
specifies 'no-threads'. The value of the key 'thread_scheme' may
be "(unknown)", in which case the user MUST give some compilation
flags to Configure.
[3] OpenSSL has three types of things to link from object files or
static libraries:
- shared libraries; that would be libcrypto and libssl.
- shared objects (sometimes called dynamic libraries); that would
be the engines.
- applications; those are apps/openssl and all the test apps.
Very roughly speaking, linking is done like this (words in braces
represent the configuration settings documented at the beginning
of this file):
shared libraries:
{ld} $(CFLAGS) {shared_ldflag} -shared -o libfoo.so \
-Wl,--whole-archive libfoo.a -Wl,--no-whole-archive \
{plib_lflags} -lcrypto {ex_libs}
shared objects:
{ld} $(CFLAGS) {shared_ldflag} -shared -o libeng.so \
blah1.o blah2.o {plib_lflags} -lcrypto {ex_libs}
applications:
{ld} $(CFLAGS) {lflags} -o app \
app1.o utils.o {plib_lflags} -lssl -lcrypto {ex_libs}
Historically, the target configurations came in form of a string with
values separated by colons. This use is deprecated. The string form
looked like this:
"target" => "{cc}:{cflags}:{unistd}:{thread_cflag}:{sys_id}:{lflags}:{bn_ops}:{cpuid_obj}:{bn_obj}:{ec_obj}:{des_obj}:{aes_obj}:{bf_obj}:{md5_obj}:{sha1_obj}:{cast_obj}:{rc4_obj}:{rmd160_obj}:{rc5_obj}:{wp_obj}:{cmll_obj}:{modes_obj}:{padlock_obj}:{perlasm_scheme}:{dso_scheme}:{shared_target}:{shared_cflag}:{shared_ldflag}:{shared_extension}:{ranlib}:{arflags}:{multilib}"
Build info files
================
The build.info files that are spread over the source tree contain the
minimum information needed to build and distribute OpenSSL. It uses a
simple and yet fairly powerful language to determine what needs to be
built, from what sources, and other relationships between files.
For every build.info file, all file references are relative to the
directory of the build.info file for source files, and the
corresponding build directory for built files if the build tree
differs from the source tree.
When processed, every line is processed with the perl module
Text::Template, using the delimiters "{-" and "-}". The hashes
%config and %target are passed to the perl fragments, along with
$sourcedir and $builddir, which are the locations of the source
directory for the current build.info file and the corresponding build
directory, all relative to the top of the build tree.
To begin with, things to be built are declared by setting specific
variables:
PROGRAMS=foo bar
LIBS=libsomething
ENGINES=libeng
SCRIPTS=myhack
EXTRA=file1 file2
Note that the files mentioned for PROGRAMS, LIBS and ENGINES *must* be
without extensions. The build file templates will figure them out.
For each thing to be built, it is then possible to say what sources
they are built from:
PROGRAMS=foo bar
SOURCE[foo]=foo.c common.c
SOURCE[bar]=bar.c extra.c common.c
It's also possible to tell some other dependencies:
DEPEND[foo]=libsomething
DEPEND[libbar]=libsomethingelse
(it could be argued that 'libsomething' and 'libsomethingelse' are
source as well. However, the files given through SOURCE are expected
to be located in the source tree while files given through DEPEND are
expected to be located in the build tree)
For some libraries, we maintain files with public symbols and their
slot in a transfer vector (important on some platforms). It can be
declared like this:
ORDINALS[libcrypto]=crypto
The value is not the name of the file in question, but rather the
argument to util/mkdef.pl that indicates which file to use.
One some platforms, shared libraries come with a name that's different
from their static counterpart. That's declared as follows:
SHARED_NAME[libfoo]=cygfoo-{- $config{shlibver} -}
The example is from Cygwin, which has a required naming convention.
Sometimes, it makes sense to rename an output file, for example a
library:
RENAME[libfoo]=libbar
That lines has "libfoo" get renamed to "libbar". While it makes no
sense at all to just have a rename like that (why not just use
"libbar" everywhere?), it does make sense when it can be used
conditionally. See a little further below for an example.
In some cases, it's desirable to include some source files in the
shared form of a library only:
SHARED_SOURCE[libfoo]=dllmain.c
For any file to be built, it's also possible to tell what extra
include paths the build of their source files should use:
INCLUDE[foo]=include
In some cases, one might want to generate some source files from
others, that's done as follows:
GENERATE[foo.s]=asm/something.pl $(CFLAGS)
GENERATE[bar.s]=asm/bar.S
The value of each GENERATE line is a command line or part of it.
Configure places no rules on the command line, except the the first
item muct be the generator file. It is, however, entirely up to the
build file template to define exactly how those command lines should
be handled, how the output is captured and so on.
Sometimes, the generator file itself depends on other files, for
example if it is a perl script that depends on other perl modules.
This can be expressed using DEPEND like this:
DEPEND[asm/something.pl]=../perlasm/Foo.pm
There may also be cases where the exact file isn't easily specified,
but an inclusion directory still needs to be specified. INCLUDE can
be used in that case:
INCLUDE[asm/something.pl]=../perlasm
NOTE: GENERATE lines are limited to one command only per GENERATE.
As a last resort, it's possible to have raw build file lines, between
BEGINRAW and ENDRAW lines as follows:
BEGINRAW[Makefile(unix)]
haha.h: {- $builddir -}/Makefile
echo "/* haha */" > haha.h
ENDRAW[Makefile(unix)]
The word within square brackets is the build_file configuration item
or the build_file configuration item followed by the second word in the
build_scheme configuration item for the configured target within
parenthesis as shown above. For example, with the following relevant
configuration items:
build_file => "build.ninja"
build_scheme => [ "unified", "unix" ]
... these lines will be considered:
BEGINRAW[build.ninja]
build haha.h: echo "/* haha */" > haha.h
ENDRAW[build.ninja]
BEGINRAW[build.ninja(unix)]
build hoho.h: echo "/* hoho */" > hoho.h
ENDRAW[build.ninja(unix)]
Should it be needed because the recipes within a RAW section might
clash with those generated by Configure, it's possible to tell it
not to generate them with the use of OVERRIDES, for example:
SOURCE[libfoo]=foo.c bar.c
OVERRIDES=bar.o
BEGINRAW[Makefile(unix)]
bar.o: bar.c
$(CC) $(CFLAGS) -DSPECIAL -c -o $@ $<
ENDRAW[Makefile(unix)]
See the documentation further up for more information on configuration
items.
Finally, you can have some simple conditional use of the build.info
information, looking like this:
IF[1]
something
ELSIF[2]
something other
ELSE
something else
ENDIF
The expression in square brackets is interpreted as a string in perl,
and will be seen as true if perl thinks it is, otherwise false. For
example, the above would have "something" used, since 1 is true.
Together with the use of Text::Template, this can be used as
conditions based on something in the passed variables, for example:
IF[{- $disabled{shared} -}]
LIBS=libcrypto
SOURCE[libcrypto]=...
ELSE
LIBS=libfoo
SOURCE[libfoo]=...
ENDIF
or:
# VMS has a cultural standard where all libraries are prefixed.
# For OpenSSL, the choice is 'ossl_'
IF[{- $config{target} =~ /^vms/ -}]
RENAME[libcrypto]=ossl_libcrypto
RENAME[libssl]=ossl_libssl
ENDIF
Build-file programming with the "unified" build system
======================================================
"Build files" are called "Makefile" on Unix-like operating systems,
"descrip.mms" for MMS on VMS, "makefile" for nmake on Windows, etc.
To use the "unified" build system, the target configuration needs to
set the three items 'build_scheme', 'build_file' and 'build_command'.
In the rest of this section, we will assume that 'build_scheme' is set
to "unified" (see the configurations documentation above for the
details).
For any name given by 'build_file', the "unified" system expects a
template file in Configurations/ named like the build file, with
".tmpl" appended, or in case of possible ambiguity, a combination of
the second 'build_scheme' list item and the 'build_file' name. For
example, if 'build_file' is set to "Makefile", the template could be
Configurations/Makefile.tmpl or Configurations/unix-Makefile.tmpl.
In case both Configurations/unix-Makefile.tmpl and
Configurations/Makefile.tmpl are present, the former takes
precedence.
The build-file template is processed with the perl module
Text::Template, using "{-" and "-}" as delimiters that enclose the
perl code fragments that generate configuration-dependent content.
Those perl fragments have access to all the hash variables from
configdata.pem.
The build-file template is expected to define at least the following
perl functions in a perl code fragment enclosed with "{-" and "-}".
They are all expected to return a string with the lines they produce.
generatesrc - function that produces build file lines to generate
a source file from some input.
It's called like this:
generatesrc(src => "PATH/TO/tobegenerated",
generator => [ "generatingfile", ... ]
generator_incs => [ "INCL/PATH", ... ]
generator_deps => [ "dep1", ... ]
generator => [ "generatingfile", ... ]
incs => [ "INCL/PATH", ... ],
deps => [ "dep1", ... ],
intent => one of "libs", "dso", "bin" );
'src' has the name of the file to be generated.
'generator' is the command or part of command to
generate the file, of which the first item is
expected to be the file to generate from.
generatesrc() is expected to analyse and figure out
exactly how to apply that file and how to capture
the result. 'generator_incs' and 'generator_deps'
are include directories and files that the generator
file itself depends on. 'incs' and 'deps' are
include directories and files that are used if $(CC)
is used as an intermediary step when generating the
end product (the file indicated by 'src'). 'intent'
indicates what the generated file is going to be
used for.
src2obj - function that produces build file lines to build an
object file from source files and associated data.
It's called like this:
src2obj(obj => "PATH/TO/objectfile",
srcs => [ "PATH/TO/sourcefile", ... ],
deps => [ "dep1", ... ],
incs => [ "INCL/PATH", ... ]
intent => one of "lib", "dso", "bin" );
'obj' has the intended object file *without*
extension, src2obj() is expected to add that.
'srcs' has the list of source files to build the
object file, with the first item being the source
file that directly corresponds to the object file.
'deps' is a list of explicit dependencies. 'incs'
is a list of include file directories. Finally,
'intent' indicates what this object file is going
to be used for.
obj2lib - function that produces build file lines to build a
static library file ("libfoo.a" in Unix terms) from
object files.
called like this:
obj2lib(lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ]);
'lib' has the intended library file name *without*
extension, obj2lib is expected to add that. 'objs'
has the list of object files (also *without*
extension) to build this library.
libobj2shlib - function that produces build file lines to build a
shareable object library file ("libfoo.so" in Unix
terms) from the corresponding static library file
or object files.
called like this:
libobj2shlib(shlib => "PATH/TO/shlibfile",
lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/otherlibfile", ... ],
ordinals => [ "word", "/PATH/TO/ordfile" ]);
'lib' has the intended library file name *without*
extension, libobj2shlib is expected to add that.
'shlib' has the corresponding shared library name
*without* extension. 'deps' has the list of other
libraries (also *without* extension) this library
needs to be linked with. 'objs' has the list of
object files (also *without* extension) to build
this library. 'ordinals' MAY be present, and when
it is, its value is an array where the word is
"crypto" or "ssl" and the file is one of the ordinal
files util/libeay.num or util/ssleay.num in the
source directory.
This function has a choice; it can use the
corresponding static library as input to make the
shared library, or the list of object files.
obj2dso - function that produces build file lines to build a
dynamic shared object file from object files.
called like this:
obj2dso(lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/otherlibfile",
... ]);
This is almost the same as libobj2shlib, but the
intent is to build a shareable library that can be
loaded in runtime (a "plugin"...). The differences
are subtle, one of the most visible ones is that the
resulting shareable library is produced from object
files only.
obj2bin - function that produces build file lines to build an
executable file from object files.
called like this:
obj2bin(bin => "PATH/TO/binfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/libfile", ... ]);
'bin' has the intended executable file name
*without* extension, obj2bin is expected to add
that. 'objs' has the list of object files (also
*without* extension) to build this library. 'deps'
has the list of library files (also *without*
extension) that the programs needs to be linked
with.
in2script - function that produces build file lines to build a
script file from some input.
called like this:
in2script(script => "PATH/TO/scriptfile",
sources => [ "PATH/TO/infile", ... ]);
'script' has the intended script file name.
'sources' has the list of source files to build the
resulting script from.
In all cases, file file paths are relative to the build tree top, and
the build file actions run with the build tree top as current working
directory.
Make sure to end the section with these functions with a string that
you thing is appropriate for the resulting build file. If nothing
else, end it like this:
""; # Make sure no lingering values end up in the Makefile
-}
Configure helper scripts
========================
Configure uses helper scripts in this directory:
Checker scripts
---------------
These scripts are per platform family, to check the integrity of the
tools used for configuration and building. The checker script used is
either {build_platform}-{build_file}-checker.pm or
{build_platform}-checker.pm, where {build_platform} is the second
'build_scheme' list element from the configuration target data, and
{build_file} is 'build_file' from the same target data.
If the check succeeds, the script is expected to end with a non-zero
expression. If the check fails, the script can end with a zero, or
with a `die`.

641
deps/openssl/openssl/Configurations/README.design vendored Normal file
View file

@ -0,0 +1,641 @@
Design document for the unified scheme data
===========================================
How are things connected?
-------------------------
The unified scheme takes all its data from the build.info files seen
throughout the source tree. These files hold the minimum information
needed to build end product files from diverse sources. See the
section on build.info files below.
From the information in build.info files, Configure builds up an
information database as a hash table called %unified_info, which is
stored in configdata.pm, found at the top of the build tree (which may
or may not be the same as the source tree).
Configurations/common.tmpl uses the data from %unified_info to
generate the rules for building end product files as well as
intermediary files with the help of a few functions found in the
build-file templates. See the section on build-file templates further
down for more information.
build.info files
----------------
As mentioned earlier, build.info files are meant to hold the minimum
information needed to build output files, and therefore only (with a
few possible exceptions [1]) have information about end products (such
as scripts, library files and programs) and source files (such as C
files, C header files, assembler files, etc). Intermediate files such
as object files are rarely directly referred to in build.info files (and
when they are, it's always with the file name extension .o), they are
inferred by Configure. By the same rule of minimalism, end product
file name extensions (such as .so, .a, .exe, etc) are never mentioned
in build.info. Their file name extensions will be inferred by the
build-file templates, adapted for the platform they are meant for (see
sections on %unified_info and build-file templates further down).
The variables PROGRAMS, LIBS, ENGINES and SCRIPTS are used to declare
end products. There are variants for them with '_NO_INST' as suffix
(PROGRAM_NO_INST etc) to specify end products that shouldn't get
installed.
The variables SOURCE, DEPEND, INCLUDE and ORDINALS are indexed by a
produced file, and their values are the source used to produce that
particular produced file, extra dependencies, include directories
needed, and ordinal files (explained further below.
All their values in all the build.info throughout the source tree are
collected together and form a set of programs, libraries, engines and
scripts to be produced, source files, dependencies, etc etc etc.
Let's have a pretend example, a very limited contraption of OpenSSL,
composed of the program 'apps/openssl', the libraries 'libssl' and
'libcrypto', an engine 'engines/ossltest' and their sources and
dependencies.
# build.info
LIBS=libcrypto libssl
ORDINALS[libcrypto]=crypto
ORDINALS[libssl]=ssl
INCLUDE[libcrypto]=include
INCLUDE[libssl]=include
DEPEND[libssl]=libcrypto
This is the top directory build.info file, and it tells us that two
libraries are to be built, there are some ordinals to be used to
declare what symbols in those libraries are seen as public, the
include directory 'include/' shall be used throughout when building
anything that will end up in each library, and that the library
'libssl' depend on the library 'libcrypto' to function properly.
# apps/build.info
PROGRAMS=openssl
SOURCE[openssl]=openssl.c
INCLUDE[openssl]=.. ../include
DEPEND[openssl]=../libssl
This is the build.info file in 'apps/', one may notice that all file
paths mentioned are relative to the directory the build.info file is
located in. This one tells us that there's a program to be built
called 'apps/openssl' (the file name extension will depend on the
platform and is therefore not mentioned in the build.info file). It's
built from one source file, 'apps/openssl.c', and building it requires
the use of '.' and 'include' include directories (both are declared
from the point of view of the 'apps/' directory), and that the program
depends on the library 'libssl' to function properly.
# crypto/build.info
LIBS=../libcrypto
SOURCE[../libcrypto]=aes.c evp.c cversion.c
DEPEND[cversion.o]=buildinf.h
GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)"
DEPEND[buildinf.h]=../Makefile
DEPEND[../util/mkbuildinf.pl]=../util/Foo.pm
This is the build.info file in 'crypto', and it tells us a little more
about what's needed to produce 'libcrypto'. LIBS is used again to
declare that 'libcrypto' is to be produced. This declaration is
really unnecessary as it's already mentioned in the top build.info
file, but can make the info file easier to understand. This is to
show that duplicate information isn't an issue.
This build.info file informs us that 'libcrypto' is built from a few
source files, 'crypto/aes.c', 'crypto/evp.c' and 'crypto/cversion.c'.
It also shows us that building the object file inferred from
'crypto/cversion.c' depends on 'crypto/buildinf.h'. Finally, it
also shows the possibility to declare how some files are generated
using some script, in this case a perl script, and how such scripts
can be declared to depend on other files, in this case a perl module.
Two things are worth an extra note:
'DEPEND[cversion.o]' mentions an object file. DEPEND indexes is the
only location where it's valid to mention them
Lines in 'BEGINRAW'..'ENDRAW' sections must always mention files as
seen from the top directory, no exception.
# ssl/build.info
LIBS=../libssl
SOURCE[../libssl]=tls.c
This is the build.info file in 'ssl/', and it tells us that the
library 'libssl' is built from the source file 'ssl/tls.c'.
# engines/build.info
ENGINES=dasync
SOURCE[dasync]=e_dasync.c
DEPEND[dasync]=../libcrypto
INCLUDE[dasync]=../include
ENGINES_NO_INST=ossltest
SOURCE[ossltest]=e_ossltest.c
DEPEND[ossltest]=../libcrypto
INCLUDE[ossltest]=../include
This is the build.info file in 'engines/', telling us that two engines
called 'engines/dasync' and 'engines/ossltest' shall be built, that
dasync's source is 'engines/e_dasync.c' and ossltest's source is
'engines/e_ossltest.c' and that the include directory 'include/' may
be used when building anything that will be part of these engines.
Also, both engines depend on the library 'libcrypto' to function
properly. Finally, only dasync is being installed, as ossltest is
only for internal testing.
When Configure digests these build.info files, the accumulated
information comes down to this:
LIBS=libcrypto libssl
ORDINALS[libcrypto]=crypto
SOURCE[libcrypto]=crypto/aes.c crypto/evp.c crypto/cversion.c
DEPEND[crypto/cversion.o]=crypto/buildinf.h
INCLUDE[libcrypto]=include
ORDINALS[libssl]=ssl
SOURCE[libssl]=ssl/tls.c
INCLUDE[libssl]=include
DEPEND[libssl]=libcrypto
PROGRAMS=apps/openssl
SOURCE[apps/openssl]=apps/openssl.c
INCLUDE[apps/openssl]=. include
DEPEND[apps/openssl]=libssl
ENGINES=engines/dasync
SOURCE[engines/dasync]=engines/e_dasync.c
DEPEND[engines/dasync]=libcrypto
INCLUDE[engines/dasync]=include
ENGINES_NO_INST=engines/ossltest
SOURCE[engines/ossltest]=engines/e_ossltest.c
DEPEND[engines/ossltest]=libcrypto
INCLUDE[engines/ossltest]=include
GENERATE[crypto/buildinf.h]=util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)"
DEPEND[crypto/buildinf.h]=Makefile
DEPEND[util/mkbuildinf.pl]=util/Foo.pm
A few notes worth mentioning:
LIBS may be used to declare routine libraries only.
PROGRAMS may be used to declare programs only.
ENGINES may be used to declare engines only.
The indexes for SOURCE and ORDINALS must only be end product files,
such as libraries, programs or engines. The values of SOURCE
variables must only be source files (possibly generated)
INCLUDE and DEPEND shows a relationship between different files
(usually produced files) or between files and directories, such as a
program depending on a library, or between an object file and some
extra source file.
When Configure processes the build.info files, it will take it as
truth without question, and will therefore perform very few checks.
If the build tree is separate from the source tree, it will assume
that all built files and up in the build directory and that all source
files are to be found in the source tree, if they can be found there.
Configure will assume that source files that can't be found in the
source tree (such as 'crypto/bildinf.h' in the example above) are
generated and will be found in the build tree.
The %unified_info database
--------------------------
The information in all the build.info get digested by Configure and
collected into the %unified_info database, divided into the following
indexes:
depends => a hash table containing 'file' => [ 'dependency' ... ]
pairs. These are directly inferred from the DEPEND
variables in build.info files.
engines => a list of engines. These are directly inferred from
the ENGINES variable in build.info files.
generate => a hash table containing 'file' => [ 'generator' ... ]
pairs. These are directly inferred from the GENERATE
variables in build.info files.
includes => a hash table containing 'file' => [ 'include' ... ]
pairs. These are directly inferred from the INCLUDE
variables in build.info files.
install => a hash table containing 'type' => [ 'file' ... ] pairs.
The types are 'programs', 'libraries', 'engines' and
'scripts', and the array of files list the files of
that type that should be installed.
libraries => a list of libraries. These are directly inferred from
the LIBS variable in build.info files.
ordinals => a hash table containing 'file' => [ 'word', 'ordfile' ]
pairs. 'file' and 'word' are directly inferred from
the ORDINALS variables in build.info files, while the
file 'ofile' comes from internal knowledge in
Configure.
programs => a list of programs. These are directly inferred from
the PROGRAMS variable in build.info files.
rawlines => a list of build-file lines. These are a direct copy of
the BEGINRAW..ENDRAW lines in build.info files. Note:
only the BEGINRAW..ENDRAW section for the current
platform are copied, the rest are ignored.
scripts => a list of scripts. There are directly inferred from
the SCRIPTS variable in build.info files.
sources => a hash table containing 'file' => [ 'sourcefile' ... ]
pairs. These are indirectly inferred from the SOURCE
variables in build.info files. Object files are
mentioned in this hash table, with source files from
SOURCE variables, and AS source files for programs and
libraries.
shared_sources =>
a hash table just like 'sources', but only as source
files (object files) for building shared libraries.
As an example, here is how the build.info files example from the
section above would be digested into a %unified_info table:
our %unified_info = (
"depends" =>
{
"apps/openssl" =>
[
"libssl",
],
"crypto/buildinf.h" =>
[
"Makefile",
],
"crypto/cversion.o" =>
[
"crypto/buildinf.h",
],
"engines/ossltest" =>
[
"libcrypto",
],
"libssl" =>
[
"libcrypto",
],
"util/mkbuildinf.pl" =>
[
"util/Foo.pm",
],
},
"engines" =>
[
"engines/dasync",
"engines/ossltest",
],
"generate" =>
{
"crypto/buildinf.h" =>
[
"util/mkbuildinf.pl",
"\"\$(CC)",
"\$(CFLAGS)\"",
"\"$(PLATFORM)\"",
],
},
"includes" =>
{
"apps/openssl" =>
[
".",
"include",
],
"engines/ossltest" =>
[
"include"
],
"libcrypto" =>
[
"include",
],
"libssl" =>
[
"include",
],
"util/mkbuildinf.pl" =>
[
"util",
],
}
"install" =>
{
"engines" =>
[
"engines/dasync",
],
"libraries" =>
[
"libcrypto",
"libssl",
],
"programs" =>
[
"apps/openssl",
],
},
"libraries" =>
[
"libcrypto",
"libssl",
],
"ordinals" =>
{
"libcrypto" =>
[
"crypto",
"util/libcrypto.num",
],
"libssl" =>
[
"ssl",
"util/libssl.num",
],
},
"programs" =>
[
"apps/openssl",
],
"rawlines" =>
[
],
"sources" =>
{
"apps/openssl" =>
[
"apps/openssl.o",
],
"apps/openssl.o" =>
[
"apps/openssl.c",
],
"crypto/aes.o" =>
[
"crypto/aes.c",
],
"crypto/cversion.o" =>
[
"crypto/cversion.c",
],
"crypto/evp.o" =>
[
"crypto/evp.c",
],
"engines/e_ossltest.o" =>
[
"engines/e_ossltest.c",
],
"engines/ossltest" =>
[
"engines/e_ossltest.o",
],
"libcrypto" =>
[
"crypto/aes.c",
"crypto/cversion.c",
"crypto/evp.c",
],
"libssl" =>
[
"ssl/tls.c",
],
"ssl/tls.o" =>
[
"ssl/tls.c",
],
},
);
As can be seen, everything in %unified_info is fairly simple suggest
of information. Still, it tells us that to build all programs, we
must build 'apps/openssl', and to build the latter, we will need to
build all its sources ('apps/openssl.o' in this case) and all the
other things it depends on (such as 'libssl'). All those dependencies
need to be built as well, using the same logic, so to build 'libssl',
we need to build 'ssl/tls.o' as well as 'libcrypto', and to build the
latter...
Build-file templates
--------------------
Build-file templates are essentially build-files (such as Makefile on
Unix) with perl code fragments mixed in. Those perl code fragment
will generate all the configuration dependent data, including all the
rules needed to build end product files and intermediary files alike.
At a minimum, there must be a perl code fragment that defines a set of
functions that are used to generates specific build-file rules, to
build static libraries from object files, to build shared libraries
from static libraries, to programs from object files and libraries,
etc.
generatesrc - function that produces build file lines to generate
a source file from some input.
It's called like this:
generatesrc(src => "PATH/TO/tobegenerated",
generator => [ "generatingfile", ... ]
generator_incs => [ "INCL/PATH", ... ]
generator_deps => [ "dep1", ... ]
incs => [ "INCL/PATH", ... ],
deps => [ "dep1", ... ],
intent => one of "libs", "dso", "bin" );
'src' has the name of the file to be generated.
'generator' is the command or part of command to
generate the file, of which the first item is
expected to be the file to generate from.
generatesrc() is expected to analyse and figure out
exactly how to apply that file and how to capture
the result. 'generator_incs' and 'generator_deps'
are include directories and files that the generator
file itself depends on. 'incs' and 'deps' are
include directories and files that are used if $(CC)
is used as an intermediary step when generating the
end product (the file indicated by 'src'). 'intent'
indicates what the generated file is going to be
used for.
src2obj - function that produces build file lines to build an
object file from source files and associated data.
It's called like this:
src2obj(obj => "PATH/TO/objectfile",
srcs => [ "PATH/TO/sourcefile", ... ],
deps => [ "dep1", ... ],
incs => [ "INCL/PATH", ... ]
intent => one of "lib", "dso", "bin" );
'obj' has the intended object file *without*
extension, src2obj() is expected to add that.
'srcs' has the list of source files to build the
object file, with the first item being the source
file that directly corresponds to the object file.
'deps' is a list of explicit dependencies. 'incs'
is a list of include file directories. Finally,
'intent' indicates what this object file is going
to be used for.
obj2lib - function that produces build file lines to build a
static library file ("libfoo.a" in Unix terms) from
object files.
called like this:
obj2lib(lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ]);
'lib' has the intended library file name *without*
extension, obj2lib is expected to add that. 'objs'
has the list of object files (also *without*
extension) to build this library.
libobj2shlib - function that produces build file lines to build a
shareable object library file ("libfoo.so" in Unix
terms) from the corresponding static library file
or object files.
called like this:
libobj2shlib(shlib => "PATH/TO/shlibfile",
lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/otherlibfile", ... ],
ordinals => [ "word", "/PATH/TO/ordfile" ]);
'lib' has the intended library file name *without*
extension, libobj2shlib is expected to add that.
'shlib' has the corresponding shared library name
*without* extension. 'deps' has the list of other
libraries (also *without* extension) this library
needs to be linked with. 'objs' has the list of
object files (also *without* extension) to build
this library. 'ordinals' MAY be present, and when
it is, its value is an array where the word is
"crypto" or "ssl" and the file is one of the ordinal
files util/libcrypto.num or util/libssl.num in the
source directory.
This function has a choice; it can use the
corresponding static library as input to make the
shared library, or the list of object files.
obj2dynlib - function that produces build file lines to build a
dynamically loadable library file ("libfoo.so" on
Unix) from object files.
called like this:
obj2dynlib(lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/otherlibfile",
... ]);
This is almost the same as libobj2shlib, but the
intent is to build a shareable library that can be
loaded in runtime (a "plugin"...). The differences
are subtle, one of the most visible ones is that the
resulting shareable library is produced from object
files only.
obj2bin - function that produces build file lines to build an
executable file from object files.
called like this:
obj2bin(bin => "PATH/TO/binfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/libfile", ... ]);
'bin' has the intended executable file name
*without* extension, obj2bin is expected to add
that. 'objs' has the list of object files (also
*without* extension) to build this library. 'deps'
has the list of library files (also *without*
extension) that the programs needs to be linked
with.
in2script - function that produces build file lines to build a
script file from some input.
called like this:
in2script(script => "PATH/TO/scriptfile",
sources => [ "PATH/TO/infile", ... ]);
'script' has the intended script file name.
'sources' has the list of source files to build the
resulting script from.
Along with the build-file templates is the driving engine
Configurations/common.tmpl, which looks through all the information in
%unified_info and generates all the rulesets to build libraries,
programs and all intermediate files, using the rule generating
functions defined in the build-file template.
As an example with the smaller build.info set we've seen as an
example, producing the rules to build 'libcrypto' would result in the
following calls:
# Note: libobj2shlib will only be called if shared libraries are
# to be produced.
# Note 2: libobj2shlib gets both the name of the static library
# and the names of all the object files that go into it. It's up
# to the implementation to decide which to use as input.
# Note 3: common.tmpl peals off the ".o" extension from all object
# files, as the platform at hand may have a different one.
libobj2shlib(shlib => "libcrypto",
lib => "libcrypto",
objs => [ "crypto/aes", "crypto/evp", "crypto/cversion" ],
deps => [ ]
ordinals => [ "crypto", "util/libcrypto.num" ]);
obj2lib(lib => "libcrypto"
objs => [ "crypto/aes", "crypto/evp", "crypto/cversion" ]);
src2obj(obj => "crypto/aes"
srcs => [ "crypto/aes.c" ],
deps => [ ],
incs => [ "include" ],
intent => "lib");
src2obj(obj => "crypto/evp"
srcs => [ "crypto/evp.c" ],
deps => [ ],
incs => [ "include" ],
intent => "lib");
src2obj(obj => "crypto/cversion"
srcs => [ "crypto/cversion.c" ],
deps => [ "crypto/buildinf.h" ],
incs => [ "include" ],
intent => "lib");
generatesrc(src => "crypto/buildinf.h",
generator => [ "util/mkbuildinf.pl", "\"$(CC)",
"$(CFLAGS)\"", "\"$(PLATFORM)\"" ],
generator_incs => [ "util" ],
generator_deps => [ "util/Foo.pm" ],
incs => [ ],
deps => [ ],
intent => "lib");
The returned strings from all those calls are then concatenated
together and written to the resulting build-file.

229
deps/openssl/openssl/Configurations/common.tmpl vendored Normal file
View file

@ -0,0 +1,229 @@
{- # -*- Mode: perl -*-
use File::Basename;
# A cache of objects for which a recipe has already been generated
my %cache;
# resolvedepends and reducedepends work in tandem to make sure
# there are no duplicate dependencies and that they are in the
# right order. This is especially used to sort the list of
# libraries that a build depends on.
sub resolvedepends {
my $thing = shift;
my @listsofar = @_; # to check if we're looping
my @list = @{$unified_info{depends}->{$thing}};
my @newlist = ();
if (scalar @list) {
foreach my $item (@list) {
# It's time to break off when the dependency list starts looping
next if grep { $_ eq $item } @listsofar;
push @newlist, $item, resolvedepends($item, @listsofar, $item);
}
}
@newlist;
}
sub reducedepends {
my @list = @_;
my @newlist = ();
while (@list) {
my $item = shift @list;
push @newlist, $item
unless grep { $item eq $_ } @list;
}
@newlist;
}
# dogenerate is responsible for producing all the recipes that build
# generated source files. It recurses in case a dependency is also a
# generated source file.
sub dogenerate {
my $src = shift;
return "" if $cache{$src};
my $obj = shift;
my $bin = shift;
my %opts = @_;
if ($unified_info{generate}->{$src}) {
die "$src is generated by Configure, should not appear in build file\n"
if ref $unified_info{generate}->{$src} eq "";
my $script = $unified_info{generate}->{$src}->[0];
$OUT .= generatesrc(src => $src,
generator => $unified_info{generate}->{$src},
generator_incs => $unified_info{includes}->{$script},
generator_deps => $unified_info{depends}->{$script},
deps => $unified_info{depends}->{$src},
incs => $unified_info{includes}->{$obj},
%opts);
foreach (@{$unified_info{depends}->{$src}}) {
dogenerate($_, $obj, $bin, %opts);
}
}
$cache{$src} = 1;
}
# doobj is responsible for producing all the recipes that build
# object files as well as dependency files.
sub doobj {
my $obj = shift;
return "" if $cache{$obj};
(my $obj_no_o = $obj) =~ s|\.o$||;
my $bin = shift;
my %opts = @_;
if (@{$unified_info{sources}->{$obj}}) {
$OUT .= src2obj(obj => $obj_no_o,
srcs => $unified_info{sources}->{$obj},
deps => $unified_info{depends}->{$obj},
incs => $unified_info{includes}->{$obj},
%opts);
foreach ((@{$unified_info{sources}->{$obj}},
@{$unified_info{depends}->{$obj}})) {
dogenerate($_, $obj, $bin, %opts);
}
}
$cache{$obj} = 1;
}
# dolib is responsible for building libraries. It will call
# libobj2shlib is shared libraries are produced, and obj2lib in all
# cases. It also makes sure all object files for the library are
# built.
sub dolib {
my $lib = shift;
return "" if $cache{$lib};
unless ($disabled{shared}) {
my %ordinals =
$unified_info{ordinals}->{$lib}
? (ordinals => $unified_info{ordinals}->{$lib}) : ();
$OUT .= libobj2shlib(shlib => $unified_info{sharednames}->{$lib},
lib => $lib,
objs => [ map { (my $x = $_) =~ s|\.o$||; $x }
(@{$unified_info{sources}->{$lib}},
@{$unified_info{shared_sources}->{$lib}}) ],
deps => [ reducedepends(resolvedepends($lib)) ],
%ordinals);
foreach (@{$unified_info{shared_sources}->{$lib}}) {
doobj($_, $lib, intent => "lib");
}
}
$OUT .= obj2lib(lib => $lib,
objs => [ map { (my $x = $_) =~ s|\.o$||; $x }
@{$unified_info{sources}->{$lib}} ]);
foreach (@{$unified_info{sources}->{$lib}}) {
doobj($_, $lib, intent => "lib");
}
$cache{$lib} = 1;
}
# doengine is responsible for building engines. It will call
# obj2dso, and also makes sure all object files for the library
# are built.
sub doengine {
my $lib = shift;
return "" if $cache{$lib};
$OUT .= obj2dso(lib => $lib,
objs => [ map { (my $x = $_) =~ s|\.o$||; $x }
(@{$unified_info{sources}->{$lib}},
@{$unified_info{shared_sources}->{$lib}}) ],
deps => [ resolvedepends($lib) ]);
foreach ((@{$unified_info{sources}->{$lib}},
@{$unified_info{shared_sources}->{$lib}})) {
doobj($_, $lib, intent => "dso");
}
$cache{$lib} = 1;
}
# dobin is responsible for building programs. It will call obj2bin,
# and also makes sure all object files for the library are built.
sub dobin {
my $bin = shift;
return "" if $cache{$bin};
my $deps = [ reducedepends(resolvedepends($bin)) ];
$OUT .= obj2bin(bin => $bin,
objs => [ map { (my $x = $_) =~ s|\.o$||; $x }
@{$unified_info{sources}->{$bin}} ],
deps => $deps);
foreach (@{$unified_info{sources}->{$bin}}) {
doobj($_, $bin, intent => "bin");
}
$cache{$bin} = 1;
}
# dobin is responsible for building scripts from templates. It will
# call in2script.
sub doscript {
my $script = shift;
return "" if $cache{$script};
$OUT .= in2script(script => $script,
sources => $unified_info{sources}->{$script});
$cache{$script} = 1;
}
sub dodir {
my $dir = shift;
return "" if !exists(&generatedir) or $cache{$dir};
$OUT .= generatedir(dir => $dir,
deps => $unified_info{dirinfo}->{$dir}->{deps},
%{$unified_info{dirinfo}->{$_}->{products}});
$cache{$dir} = 1;
}
# Start with populating the cache with all the overrides
%cache = map { $_ => 1 } @{$unified_info{overrides}};
# For convenience collect information regarding directories where
# files are generated, those generated files and the end product
# they end up in where applicable. Then, add build rules for those
# directories
if (exists &generatedir) {
my %loopinfo = ( "dso" => [ @{$unified_info{engines}} ],
"lib" => [ @{$unified_info{libraries}} ],
"bin" => [ @{$unified_info{programs}} ],
"script" => [ @{$unified_info{scripts}} ] );
foreach my $type (keys %loopinfo) {
foreach my $product (@{$loopinfo{$type}}) {
my %dirs = ();
my $pd = dirname($product);
# We already have a "test" target, and the current directory
# is just silly to make a target for
$dirs{$pd} = 1 unless $pd eq "test" || $pd eq ".";
foreach (@{$unified_info{sources}->{$product}}) {
my $d = dirname($_);
# We don't want to create targets for source directories
# when building out of source
next if ($config{sourcedir} ne $config{builddir}
&& $d =~ m|^\Q$config{sourcedir}\E|);
# We already have a "test" target, and the current directory
# is just silly to make a target for
next if $d eq "test" || $d eq ".";
$dirs{$d} = 1;
push @{$unified_info{dirinfo}->{$d}->{deps}}, $_
if $d ne $pd;
}
foreach (keys %dirs) {
push @{$unified_info{dirinfo}->{$_}->{products}->{$type}},
$product;
}
}
}
}
# Build mandatory generated headers
foreach (@{$unified_info{depends}->{""}}) { dogenerate($_); }
# Build all known libraries, engines, programs and scripts.
# Everything else will be handled as a consequence.
foreach (@{$unified_info{libraries}}) { dolib($_); }
foreach (@{$unified_info{engines}}) { doengine($_); }
foreach (@{$unified_info{programs}}) { dobin($_); }
foreach (@{$unified_info{scripts}}) { doscript($_); }
foreach (sort keys %{$unified_info{dirinfo}}) { dodir($_); }
# Finally, should there be any applicable BEGINRAW/ENDRAW sections,
# they are added here.
$OUT .= $_."\n" foreach @{$unified_info{rawlines}};
-}

780
deps/openssl/openssl/Configurations/descrip.mms.tmpl vendored Normal file
View file

@ -0,0 +1,780 @@
## descrip.mms to build OpenSSL on OpenVMS
##
## {- join("\n## ", @autowarntext) -}
{-
use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs/;
# Our prefix, claimed when speaking with the VSI folks Tuesday
# January 26th 2016
our $osslprefix = 'OSSL$';
(our $osslprefix_q = $osslprefix) =~ s/\$/\\\$/;
our $sover = sprintf "%02d%02d", $config{shlib_major}, $config{shlib_minor};
our $osslver = sprintf "%02d%02d", split(/\./, $config{version});
our $sourcedir = $config{sourcedir};
our $builddir = $config{builddir};
sub sourcefile {
catfile($sourcedir, @_);
}
sub buildfile {
catfile($builddir, @_);
}
sub sourcedir {
catdir($sourcedir, @_);
}
sub builddir {
catdir($builddir, @_);
}
sub tree {
(my $x = shift) =~ s|\]$|...]|;
$x
}
sub move {
my $f = catdir(@_);
my $b = abs2rel(rel2abs("."),rel2abs($f));
$sourcedir = catdir($b,$sourcedir)
if !file_name_is_absolute($sourcedir);
$builddir = catdir($b,$builddir)
if !file_name_is_absolute($builddir);
"";
}
# Because we need to make two computations of these data,
# we store them in arrays for reuse
our @shlibs = map { $unified_info{sharednames}->{$_} || () } @{$unified_info{libraries}};
our @install_shlibs = map { $unified_info{sharednames}->{$_} || () } @{$unified_info{install}->{libraries}};
our @generated = ( ( map { (my $x = $_) =~ s|\.S$|\.s|; $x }
grep { defined $unified_info{generate}->{$_} }
map { @{$unified_info{sources}->{$_}} }
grep { /\.o$/ } keys %{$unified_info{sources}} ),
( grep { /\.h$/ } keys %{$unified_info{generate}} ) );
# This is a horrible hack, but is needed because recursive inclusion of files
# in different directories does not work well with HP C.
my $sd = sourcedir("crypto", "async", "arch");
foreach (grep /\[\.crypto\.async\.arch\].*\.o$/, keys %{$unified_info{sources}}) {
(my $x = $_) =~ s|\.o$|.OBJ|;
$unified_info{before}->{$x}
= qq(arch_include = F\$PARSE("$sd","A.;",,,"SYNTAX_ONLY") - "A.;"
define arch 'arch_include');
$unified_info{after}->{$x}
= qq(deassign arch);
}
my $sd1 = sourcedir("ssl","record");
my $sd2 = sourcedir("ssl","statem");
$unified_info{before}->{"[.test]heartbeat_test.OBJ"}
= $unified_info{before}->{"[.test]ssltest_old.OBJ"}
= qq(record_include = F\$PARSE("$sd1","A.;",,,"SYNTAX_ONLY") - "A.;"
define record 'record_include'
statem_include = F\$PARSE("$sd2","A.;",,,"SYNTAX_ONLY") - "A.;"
define statem 'statem_include');
$unified_info{after}->{"[.test]heartbeat_test.OBJ"}
= $unified_info{after}->{"[.test]ssltest.OBJ"}
= qq(deassign statem
deassign record);
foreach (grep /^\[\.ssl\.(?:record|statem)\].*\.o$/, keys %{$unified_info{sources}}) {
(my $x = $_) =~ s|\.o$|.OBJ|;
$unified_info{before}->{$x}
= qq(record_include = F\$PARSE("$sd1","A.;",,,"SYNTAX_ONLY") - "A.;"
define record 'record_include'
statem_include = F\$PARSE("$sd2","A.;",,,"SYNTAX_ONLY") - "A.;"
define statem 'statem_include');
$unified_info{after}->{$x}
= qq(deassign statem
deassign record);
}
# This makes sure things get built in the order they need
# to. You're welcome.
sub dependmagic {
my $target = shift;
return "$target : build_generated\n\t\pipe \$(MMS) \$(MMSQUALIFIERS) depend && \$(MMS) \$(MMSQUALIFIERS) _$target\n_$target";
}
#use Data::Dumper;
#print STDERR "DEBUG: before:\n", Dumper($unified_info{before});
#print STDERR "DEBUG: after:\n", Dumper($unified_info{after});
"";
-}
PLATFORM={- $config{target} -}
OPTIONS={- $config{options} -}
CONFIGURE_ARGS=({- join(", ",quotify_l(@{$config{perlargv}})) -})
SRCDIR={- $config{sourcedir} -}
BLDDIR={- $config{builddir} -}
# Allow both V and VERBOSE to indicate verbosity. This only applies
# to testing.
VERBOSE=$(V)
VERSION={- $config{version} -}
MAJOR={- $config{major} -}
MINOR={- $config{minor} -}
SHLIB_VERSION_NUMBER={- $config{shlib_version_number} -}
SHLIB_VERSION_HISTORY={- $config{shlib_version_history} -}
SHLIB_MAJOR={- $config{shlib_major} -}
SHLIB_MINOR={- $config{shlib_minor} -}
SHLIB_TARGET={- $target{shared_target} -}
EXE_EXT=.EXE
LIB_EXT=.OLB
SHLIB_EXT=.EXE
OBJ_EXT=.OBJ
DEP_EXT=.D
LIBS={- join(", ", map { "-\n\t".$_.".OLB" } @{$unified_info{libraries}}) -}
SHLIBS={- join(", ", map { "-\n\t".$_.".EXE" } @shlibs) -}
ENGINES={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{engines}}) -}
PROGRAMS={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{programs}}) -}
SCRIPTS={- join(", ", map { "-\n\t".$_ } @{$unified_info{scripts}}) -}
{- output_off() if $disabled{makedepend}; "" -}
DEPS={- our @deps = map { (my $x = $_) =~ s|\.o$|\$(DEP_EXT)|; $x; }
grep { $unified_info{sources}->{$_}->[0] =~ /\.c$/ }
keys %{$unified_info{sources}};
join(", ", map { "-\n\t".$_ } @deps); -}
{- output_on() if $disabled{makedepend}; "" -}
GENERATED_MANDATORY={- join(", ", map { "-\n\t".$_ } @{$unified_info{depends}->{""}} ) -}
GENERATED={- join(", ", map { "-\n\t".$_ } @generated) -}
INSTALL_LIBS={- join(", ", map { "-\n\t".$_.".OLB" } @{$unified_info{install}->{libraries}}) -}
INSTALL_SHLIBS={- join(", ", map { "-\n\t".$_.".EXE" } @install_shlibs) -}
INSTALL_ENGINES={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{install}->{engines}}) -}
INSTALL_PROGRAMS={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{install}->{programs}}) -}
{- output_off() if $disabled{apps}; "" -}
BIN_SCRIPTS=[.tools]c_rehash.pl
MISC_SCRIPTS=[.apps]CA.pl, [.apps]tsget.pl
{- output_on() if $disabled{apps}; "" -}
APPS_OPENSSL={- use File::Spec::Functions;
catfile("apps","openssl") -}
# DESTDIR is for package builders so that they can configure for, say,
# SYS$COMMON:[OPENSSL] and yet have everything installed in STAGING:[USER].
# In that case, configure with --prefix=SYS$COMMON:[OPENSSL] and then run
# MMS with /MACROS=(DESTDIR=STAGING:[USER]). The result will end up in
# STAGING:[USER.OPENSSL].
# Normally it is left empty.
DESTDIR=
# Do not edit this manually. Use Configure --prefix=DIR to change this!
INSTALLTOP={- our $installtop =
catdir($config{prefix}) || "SYS\$COMMON:[OPENSSL]";
$installtop -}
SYSTARTUP={- catdir($installtop, '[.SYS$STARTUP]'); -}
# This is the standard central area to store certificates, private keys...
OPENSSLDIR={- catdir($config{openssldir}) or
$config{prefix} ? catdir($config{prefix},"COMMON")
: "SYS\$COMMON:[OPENSSL-COMMON]" -}
# The same, but for C
OPENSSLDIR_C={- $osslprefix -}DATAROOT:[000000]
# Where installed engines reside, for C
ENGINESDIR_C={- $osslprefix -}ENGINES{- $sover.$target{pointer_size} -}:
CC= {- $target{cc} -}
CFLAGS= /DEFINE=({- join(",", @{$target{defines}}, @{$config{defines}},"OPENSSLDIR=\"\"\"\$(OPENSSLDIR_C)\"\"\"","ENGINESDIR=\"\"\"\$(ENGINESDIR_C)\"\"\"") -}) {- $target{cflags} -} {- $config{cflags} -}
CFLAGS_Q=$(CFLAGS)
DEPFLAG= /DEFINE=({- join(",", @{$config{depdefines}}) -})
LDFLAGS= {- $target{lflags} -}
EX_LIBS= {- $target{ex_libs} ? ",".$target{ex_libs} : "" -}{- $config{ex_libs} ? ",".$config{ex_libs} : "" -}
LIB_CFLAGS={- $target{lib_cflags} || "" -}
DSO_CFLAGS={- $target{dso_cflags} || "" -}
BIN_CFLAGS={- $target{bin_cflags} || "" -}
PERL={- $config{perl} -}
# We let the C compiler driver to take care of .s files. This is done in
# order to be excused from maintaining a separate set of architecture
# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
# gcc, then the driver will automatically translate it to -xarch=v8plus
# and pass it down to assembler.
AS={- $target{as} -}
ASFLAG={- $target{asflags} -}
# .FIRST and .LAST are special targets with MMS and MMK.
# The defines in there are for C. includes that look like
# this:
#
# #include <openssl/foo.h>
# #include "internal/bar.h"
#
# will use the logical names to find the files. Expecting
# DECompHP C to find files in subdirectories of whatever was
# given with /INCLUDE is a fantasy, unfortunately.
NODEBUG=@
.FIRST :
$(NODEBUG) openssl_inc1 = F$PARSE("[.include.openssl]","A.;",,,"syntax_only") - "A.;"
$(NODEBUG) openssl_inc2 = F$PARSE("{- catdir($config{sourcedir},"[.include.openssl]") -}","A.;",,,"SYNTAX_ONLY") - "A.;"
$(NODEBUG) internal_inc1 = F$PARSE("[.crypto.include.internal]","A.;",,,"SYNTAX_ONLY") - "A.;"
$(NODEBUG) internal_inc2 = F$PARSE("{- catdir($config{sourcedir},"[.include.internal]") -}","A.;",,,"SYNTAX_ONLY") - "A.;"
$(NODEBUG) internal_inc3 = F$PARSE("{- catdir($config{sourcedir},"[.crypto.include.internal]") -}","A.;",,,"SYNTAX_ONLY") - "A.;"
$(NODEBUG) DEFINE openssl 'openssl_inc1','openssl_inc2'
$(NODEBUG) DEFINE internal 'internal_inc1','internal_inc2','internal_inc3'
$(NODEBUG) staging_dir = "$(DESTDIR)"
$(NODEBUG) staging_instdir = ""
$(NODEBUG) staging_datadir = ""
$(NODEBUG) IF staging_dir .NES. "" THEN -
staging_instdir = F$PARSE("A.;",staging_dir,"[]",,"SYNTAX_ONLY")
$(NODEBUG) IF staging_instdir - "]A.;" .NES. staging_instdir THEN -
staging_instdir = staging_instdir - "]A.;" + ".OPENSSL-INSTALL]"
$(NODEBUG) IF staging_instdir - "A.;" .NES. staging_instdir THEN -
staging_instdir = staging_instdir - "A.;" + "[OPENSSL-INSTALL]"
$(NODEBUG) IF staging_dir .NES. "" THEN -
staging_datadir = F$PARSE("A.;",staging_dir,"[]",,"SYNTAX_ONLY")
$(NODEBUG) IF staging_datadir - "]A.;" .NES. staging_datadir THEN -
staging_datadir = staging_datadir - "]A.;" + ".OPENSSL-COMMON]"
$(NODEBUG) IF staging_datadir - "A.;" .NES. staging_datadir THEN -
staging_datadir = staging_datadir - "A.;" + "[OPENSSL-COMMON]"
$(NODEBUG) !
$(NODEBUG) ! Installation logical names
$(NODEBUG) !
$(NODEBUG) installtop = F$PARSE(staging_instdir,"$(INSTALLTOP)","[]A.;",,"SYNTAX_ONLY,NO_CONCEAL") - ".][000000" - "[000000." - "][" - "]A.;" + ".]"
$(NODEBUG) datatop = F$PARSE(staging_datadir,"$(OPENSSLDIR)","[]A.;",,"SYNTAX_ONLY,NO_CONCEAL") - ".][000000" - "[000000." - "][" - "]A.;" + ".]"
$(NODEBUG) DEFINE ossl_installroot 'installtop'
$(NODEBUG) DEFINE ossl_dataroot 'datatop'
$(NODEBUG) !
$(NODEBUG) ! Figure out the architecture
$(NODEBUG) !
$(NODEBUG) arch = f$edit( f$getsyi( "arch_name"), "upcase")
$(NODEBUG) !
$(NODEBUG) ! Set up logical names for the libraries, so LINK and
$(NODEBUG) ! running programs can use them.
$(NODEBUG) !
$(NODEBUG) {- join("\n\t\$(NODEBUG) ", map { "DEFINE ".uc($_)." 'F\$ENV(\"DEFAULT\")'".uc($_)."\$(SHLIB_EXT)" } map { $unified_info{sharednames}->{$_} || () } @{$unified_info{libraries}}) || "!" -}
.LAST :
$(NODEBUG) {- join("\n\t\$(NODEBUG) ", map { "DEASSIGN ".uc($_) } map { $unified_info{sharednames}->{$_} || () } @{$unified_info{libraries}}) || "!" -}
$(NODEBUG) DEASSIGN ossl_dataroot
$(NODEBUG) DEASSIGN ossl_installroot
$(NODEBUG) DEASSIGN internal
$(NODEBUG) DEASSIGN openssl
.DEFAULT :
@ ! MMS cannot handle no actions...
# The main targets ###################################################
{- dependmagic('all'); -} : build_libs_nodep, build_engines_nodep, build_programs_nodep
{- dependmagic('build_libs'); -} : build_libs_nodep
{- dependmagic('build_engines'); -} : build_engines_nodep
{- dependmagic('build_programs'); -} : build_programs_nodep
build_generated : $(GENERATED_MANDATORY)
build_libs_nodep : $(LIBS), $(SHLIBS)
build_engines_nodep : $(ENGINES)
build_programs_nodep : $(PROGRAMS), $(SCRIPTS)
# Kept around for backward compatibility
build_apps build_tests : build_programs
# Convenience target to prebuild all generated files, not just the mandatory
# ones
build_all_generated : $(GENERATED_MANDATORY) $(GENERATED)
test : tests
{- dependmagic('tests'); -} : build_programs_nodep, build_engines_nodep
@ ! {- output_off() if $disabled{tests}; "" -}
SET DEFAULT [.test]{- move("test") -}
CREATE/DIR [.test-runs]
DEFINE SRCTOP {- sourcedir() -}
DEFINE BLDTOP {- builddir() -}
DEFINE RESULT_D {- builddir(qw(test test-runs)) -}
DEFINE OPENSSL_ENGINES {- builddir("engines") -}
DEFINE OPENSSL_DEBUG_MEMORY "on"
IF "$(VERBOSE)" .NES. "" THEN DEFINE VERBOSE "$(VERBOSE)"
$(PERL) {- sourcefile("test", "run_tests.pl") -} $(TESTS)
DEASSIGN OPENSSL_DEBUG_MEMORY
DEASSIGN OPENSSL_ENGINES
DEASSIGN BLDTOP
DEASSIGN SRCTOP
SET DEFAULT [-]{- move("..") -}
@ ! {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
@ WRITE SYS$OUTPUT "Tests are not supported with your chosen Configure options"
@ ! {- output_on() if !$disabled{tests}; "" -}
list-tests :
@ ! {- output_off() if $disabled{tests}; "" -}
@ DEFINE SRCTOP {- sourcedir() -}
@ $(PERL) {- sourcefile("test", "run_tests.pl") -} list
@ DEASSIGN SRCTOP
@ ! {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
@ WRITE SYS$OUTPUT "Tests are not supported with your chosen Configure options"
@ ! {- output_on() if !$disabled{tests}; "" -}
install : install_sw install_ssldirs install_docs
@ WRITE SYS$OUTPUT ""
@ WRITE SYS$OUTPUT "######################################################################"
@ WRITE SYS$OUTPUT ""
@ IF "$(DESTDIR)" .EQS. "" THEN -
PIPE ( WRITE SYS$OUTPUT "Installation complete" ; -
WRITE SYS$OUTPUT "" ; -
WRITE SYS$OUTPUT "Run @$(SYSTARTUP)openssl_startup{- $osslver -} to set up logical names" ; -
WRITE SYS$OUTPUT "then run @$(SYSTARTUP)openssl_utils{- $osslver -} to define commands" ; -
WRITE SYS$OUTPUT "" )
@ IF "$(DESTDIR)" .NES. "" THEN -
PIPE ( WRITE SYS$OUTPUT "Staging installation complete" ; -
WRITE SYS$OUTPUT "" ; -
WRITE SYS$OUTPUT "Finish or package in such a way that the contents of the directory tree" ; -
WRITE SYS$OUTPUT staging_instdir ; -
WRITE SYS$OUTPUT "ends up in $(INSTALLTOP)," ; -
WRITE SYS$OUTPUT "and that the contents of the contents of the directory tree" ; -
WRITE SYS$OUTPUT staging_datadir ; -
WRITE SYS$OUTPUT "ends up in $(OPENSSLDIR)" ; -
WRITE SYS$OUTPUT "" ; -
WRITE SYS$OUTPUT "When in its final destination," ; -
WRITE SYS$OUTPUT "Run @$(SYSTARTUP)openssl_startup{- $osslver -} to set up logical names" ; -
WRITE SYS$OUTPUT "then run @$(SYSTARTUP)openssl_utils{- $osslver -} to define commands" ; -
WRITE SYS$OUTPUT "" )
check_install :
spawn/nolog @ossl_installroot:[SYSTEST]openssl_ivp{- $osslver -}.com
uninstall : uninstall_docs uninstall_sw
# Because VMS wants the generation number (or *) to delete files, we can't
# use $(LIBS), $(PROGRAMS), $(GENERATED) and $(ENGINES)directly.
libclean :
{- join("\n\t", map { "- DELETE $_.OLB;*" } @{$unified_info{libraries}}) || "@ !" -}
{- join("\n\t", map { "- DELETE $_.EXE;*,$_.MAP;*,$_.OPT;*" } @shlibs) || "@ !" -}
clean : libclean
{- join("\n\t", map { "- DELETE $_.EXE;*,$_.OPT;*" } @{$unified_info{programs}}) || "@ !" -}
{- join("\n\t", map { "- DELETE $_.EXE;*,$_.OPT;*" } @{$unified_info{engines}}) || "@ !" -}
{- join("\n\t", map { "- DELETE $_;*" } @{$unified_info{scripts}}) || "@ !" -}
{- join("\n\t", map { "- DELETE $_;*" } @generated) || "@ !" -}
- DELETE [...]*.MAP;*
- DELETE [...]*.D;*
- DELETE [...]*.OBJ;*,*.LIS;*
- DELETE []CXX$DEMANGLER_DB.;*
- DELETE [.VMS]openssl_startup.com;*
- DELETE [.VMS]openssl_shutdown.com;*
- DELETE []vmsconfig.pm;*
distclean : clean
- DELETE configdata.pm;*
- DELETE descrip.mms;*
depend : descrip.mms
descrip.mms : FORCE
@ ! {- output_off() if $disabled{makedepend}; "" -}
@ $(PERL) -pe "if (/^# DO NOT DELETE.*/) { exit(0); }" -
< descrip.mms > descrip.mms-new
@ OPEN/APPEND DESCRIP descrip.mms-new
@ WRITE DESCRIP "# DO NOT DELETE THIS LINE -- make depend depends on it."
{- join("\n\t", map { "\@ IF F\$SEARCH(\"$_\") .NES. \"\" THEN TYPE $_ /OUTPUT=DESCRIP:" } @deps); -}
@ CLOSE DESCRIP
@ PIPE ( $(PERL) -e "use File::Compare qw/compare_text/; my $x = compare_text(""descrip.mms"",""descrip.mms-new""); exit(0x10000000 + ($x == 0));" || -
RENAME descrip.mms-new descrip.mms )
@ IF F$SEARCH("descrip.mms-new") .NES. "" THEN DELETE descrip.mms-new;*
-@ SPAWN/OUTPUT=NLA0: PURGE/NOLOG descrip.mms
@ ! {- output_on() if $disabled{makedepend}; "" -}
# Install helper targets #############################################
install_sw : all install_shared _install_dev_ns -
install_engines _install_runtime_ns -
install_startup install_ivp
uninstall_sw : uninstall_shared _uninstall_dev_ns -
uninstall_engines _uninstall_runtime_ns -
uninstall_startup uninstall_ivp
install_docs : install_html_docs
uninstall_docs : uninstall_html_docs
install_ssldirs : check_INSTALLTOP
- CREATE/DIR/PROT=(S:RWED,O:RWE,G:RE,W:RE) OSSL_DATAROOT:[000000]
IF F$SEARCH("OSSL_DATAROOT:[000000]CERTS.DIR;1") .EQS. "" THEN -
CREATE/DIR/PROT=(S:RWED,O:RWE,G:RE,W:RE) OSSL_DATAROOT:[CERTS]
IF F$SEARCH("OSSL_DATAROOT:[000000]PRIVATE.DIR;1") .EQS. "" THEN -
CREATE/DIR/PROT=(S:RWED,O:RWE,G,W) OSSL_DATAROOT:[PRIVATE]
IF F$SEARCH("OSSL_DATAROOT:[000000]MISC.DIR;1") .EQS. "" THEN -
CREATE/DIR/PROT=(S:RWED,O:RWE,G,W) OSSL_DATAROOT:[MISC]
COPY/PROT=W:RE $(MISC_SCRIPTS) OSSL_DATAROOT:[MISC]
@ ! Install configuration file
COPY/PROT=W:R {- sourcefile("apps", "openssl-vms.cnf") -} -
ossl_dataroot:[000000]openssl.cnf-dist
IF F$SEARCH("OSSL_DATAROOT:[000000]openssl.cnf") .EQS. "" THEN -
COPY/PROT=W:R {- sourcefile("apps", "openssl-vms.cnf") -} -
ossl_dataroot:[000000]openssl.cnf
install_shared : check_INSTALLTOP
@ {- output_off() if $disabled{shared}; "" -} !
@ WRITE SYS$OUTPUT "*** Installing shareable images"
@ ! Install shared (runtime) libraries
- CREATE/DIR ossl_installroot:[LIB.'arch']
{- join("\n ",
map { "COPY/PROT=W:R $_.EXE ossl_installroot:[LIB.'arch']" }
@install_shlibs) -}
@ {- output_on() if $disabled{shared}; "" -} !
_install_dev_ns : check_INSTALLTOP
@ WRITE SYS$OUTPUT "*** Installing development files"
@ ! Install header files
- CREATE/DIR ossl_installroot:[include.openssl]
COPY/PROT=W:R openssl:*.h ossl_installroot:[include.openssl]
@ ! Install static (development) libraries
- CREATE/DIR ossl_installroot:[LIB.'arch']
{- join("\n ",
map { "COPY/PROT=W:R $_.OLB ossl_installroot:[LIB.'arch']" }
@{$unified_info{install}->{libraries}}) -}
install_dev : install_shared _install_dev_ns
_install_runtime_ns : check_INSTALLTOP
@ ! Install the main program
- CREATE/DIR ossl_installroot:[EXE.'arch']
COPY/PROT=W:RE [.APPS]openssl.EXE -
ossl_installroot:[EXE.'arch']openssl{- $osslver -}.EXE
@ ! Install scripts
COPY/PROT=W:RE $(BIN_SCRIPTS) ossl_installroot:[EXE]
@ ! {- output_on() if $disabled{apps}; "" -}
install_runtime : install_shared _install_runtime_ns
install_engines : check_INSTALLTOP
@ {- output_off() unless scalar @{$unified_info{engines}}; "" -} !
@ WRITE SYS$OUTPUT "*** Installing engines"
- CREATE/DIR ossl_installroot:[ENGINES{- $sover.$target{pointer_size} -}.'arch']
{- join("\n ",
map { "COPY/PROT=W:RE $_.EXE ossl_installroot:[ENGINES$sover$target{pointer_size}.'arch']" }
@{$unified_info{install}->{engines}}) -}
@ {- output_on() unless scalar @{$unified_info{engines}}; "" -} !
install_startup : [.VMS]openssl_startup.com [.VMS]openssl_shutdown.com -
[.VMS]openssl_utils.com, check_INSTALLTOP
- CREATE/DIR ossl_installroot:[SYS$STARTUP]
COPY/PROT=W:RE [.VMS]openssl_startup.com -
ossl_installroot:[SYS$STARTUP]openssl_startup{- $osslver -}.com
COPY/PROT=W:RE [.VMS]openssl_shutdown.com -
ossl_installroot:[SYS$STARTUP]openssl_shutdown{- $osslver -}.com
COPY/PROT=W:RE [.VMS]openssl_utils.com -
ossl_installroot:[SYS$STARTUP]openssl_utils{- $osslver -}.com
install_ivp : [.VMS]openssl_ivp.com check_INSTALLTOP
- CREATE/DIR ossl_installroot:[SYSTEST]
COPY/PROT=W:RE [.VMS]openssl_ivp.com -
ossl_installroot:[SYSTEST]openssl_ivp{- $osslver -}.com
[.VMS]openssl_startup.com : vmsconfig.pm {- sourcefile("VMS", "openssl_startup.com.in") -}
- CREATE/DIR [.VMS]
$(PERL) "-I." "-Mvmsconfig" {- sourcefile("util", "dofile.pl") -} -
{- sourcefile("VMS", "openssl_startup.com.in") -} -
> [.VMS]openssl_startup.com
[.VMS]openssl_utils.com : vmsconfig.pm {- sourcefile("VMS", "openssl_utils.com.in") -}
- CREATE/DIR [.VMS]
$(PERL) "-I." "-Mvmsconfig" {- sourcefile("util", "dofile.pl") -} -
{- sourcefile("VMS", "openssl_utils.com.in") -} -
> [.VMS]openssl_utils.com
[.VMS]openssl_shutdown.com : vmsconfig.pm {- sourcefile("VMS", "openssl_shutdown.com.in") -}
- CREATE/DIR [.VMS]
$(PERL) "-I." "-Mvmsconfig" {- sourcefile("util", "dofile.pl") -} -
{- sourcefile("VMS", "openssl_shutdown.com.in") -} -
> [.VMS]openssl_shutdown.com
[.VMS]openssl_ivp.com : vmsconfig.pm {- sourcefile("VMS", "openssl_ivp.com.in") -}
- CREATE/DIR [.VMS]
$(PERL) "-I." "-Mvmsconfig" {- sourcefile("util", "dofile.pl") -} -
{- sourcefile("VMS", "openssl_ivp.com.in") -} -
> [.VMS]openssl_ivp.com
vmsconfig.pm : configdata.pm
OPEN/WRITE/SHARE=READ CONFIG []vmsconfig.pm
WRITE CONFIG "package vmsconfig;"
WRITE CONFIG "use strict; use warnings;"
WRITE CONFIG "use Exporter;"
WRITE CONFIG "our @ISA = qw(Exporter);"
WRITE CONFIG "our @EXPORT = qw(%config %target %withargs %unified_info %disabled);"
WRITE CONFIG "our %config = ("
WRITE CONFIG " target => '","{- $config{target} -}","',"
WRITE CONFIG " version => '","{- $config{version} -}","',"
WRITE CONFIG " shlib_major => '","{- $config{shlib_major} -}","',"
WRITE CONFIG " shlib_minor => '","{- $config{shlib_minor} -}","',"
WRITE CONFIG " no_shared => '","{- $disabled{shared} -}","',"
WRITE CONFIG " INSTALLTOP => '$(INSTALLTOP)',"
WRITE CONFIG " OPENSSLDIR => '$(OPENSSLDIR)',"
WRITE CONFIG " pointer_size => '","{- $target{pointer_size} -}","',"
WRITE CONFIG ");"
WRITE CONFIG "our %target = ();"
WRITE CONFIG "our %disabled = ();"
WRITE CONFIG "our %withargs = ();"
WRITE CONFIG "our %unified_info = ();"
WRITE CONFIG "1;"
CLOSE CONFIG
install_html_docs : check_INSTALLTOP
sourcedir = F$PARSE("{- $sourcedir -}A.;","[]") - "]A.;" + ".DOC]"
$(PERL) {- sourcefile("util", "process_docs.pl") -} -
--sourcedir='sourcedir' --destdir=ossl_installroot:[HTML] -
--type=html
check_INSTALLTOP :
@ IF "$(INSTALLTOP)" .EQS. "" THEN -
WRITE SYS$ERROR "INSTALLTOP should not be empty"
@ IF "$(INSTALLTOP)" .EQS. "" THEN -
EXIT %x10000002
# Helper targets #####################################################
# Developer targets ##################################################
debug_logicals :
SH LOGICAL/PROC openssl,internal,ossl_installroot,ossl_dataroot
# Building targets ###################################################
configdata.pm : $(SRCDIR)Configure $(SRCDIR)config.com {- join(" ", @{$config{build_file_templates}}, @{$config{build_infos}}, @{$config{conf_files}}) -}
@ WRITE SYS$OUTPUT "Reconfiguring..."
perl $(SRCDIR)Configure reconf
@ WRITE SYS$OUTPUT "*************************************************"
@ WRITE SYS$OUTPUT "*** ***"
@ WRITE SYS$OUTPUT "*** Please run the same mms command again ***"
@ WRITE SYS$OUTPUT "*** ***"
@ WRITE SYS$OUTPUT "*************************************************"
@ PIPE ( EXIT %X10000000 )
{-
use File::Basename;
use File::Spec::Functions qw/abs2rel rel2abs catfile catdir/;
sub generatesrc {
my %args = @_;
my $generator = join(" ", @{$args{generator}});
my $generator_incs = join("", map { ' "-I'.$_.'"' } @{$args{generator_incs}});
my $deps = join(", -\n\t\t", @{$args{generator_deps}}, @{$args{deps}});
if ($args{src} !~ /\.[sS]$/) {
if ($args{generator}->[0] =~ m|^.*\.in$|) {
my $dofile = abs2rel(rel2abs(catfile($config{sourcedir},
"util", "dofile.pl")),
rel2abs($config{builddir}));
return <<"EOF";
$args{src} : $args{generator}->[0] $deps
\$(PERL) "-I\$(BLDDIR)" "-Mconfigdata" $dofile \\
"-o$target{build_file}" $generator > \$@
EOF
} else {
return <<"EOF";
$args{src} : $args{generator}->[0] $deps
\$(PERL)$generator_incs $generator > \$@
EOF
}
} else {
die "No method to generate assembler source present.\n";
}
}
sub src2obj {
my %args = @_;
my $obj = $args{obj};
my $deps = join(", -\n\t\t", @{$args{srcs}}, @{$args{deps}});
# Because VMS C isn't very good at combining a /INCLUDE path with
# #includes having a relative directory (like '#include "../foo.h"),
# the best choice is to move to the first source file's intended
# directory before compiling, and make sure to write the object file
# in the correct position (important when the object tree is other
# than the source tree).
my $forward = dirname($args{srcs}->[0]);
my $backward = abs2rel(rel2abs("."), rel2abs($forward));
my $objd = abs2rel(rel2abs(dirname($obj)), rel2abs($forward));
my $objn = basename($obj);
my $srcs =
join(", ",
map { abs2rel(rel2abs($_), rel2abs($forward)) } @{$args{srcs}});
my $ecflags = { lib => '$(LIB_CFLAGS)',
dso => '$(DSO_CFLAGS)',
bin => '$(BIN_CFLAGS)' } -> {$args{intent}};
my $incs_on = "\@ !";
my $incs_off = "\@ !";
my $incs = "";
my @incs = ();
push @incs, @{$args{incs}} if @{$args{incs}};
unless ($disabled{zlib}) {
# GNV$ZLIB_INCLUDE is the standard logical name for later zlib
# incarnations.
push @incs, ($withargs{zlib_include} || 'GNV$ZLIB_INCLUDE:');
}
if (@incs) {
$incs_on =
"DEFINE tmp_includes "
.join(",-\n\t\t\t", map {
file_name_is_absolute($_)
? $_ : catdir($backward,$_)
} @incs);
$incs_off = "DEASSIGN tmp_includes";
$incs = " /INCLUDE=(tmp_includes:)";
}
my $before = $unified_info{before}->{$obj.".OBJ"} || "\@ !";
my $after = $unified_info{after}->{$obj.".OBJ"} || "\@ !";
my $depbuild = $disabled{makedepend} ? ""
: " /MMS=(FILE=${objd}${objn}.tmp-D,TARGET=$obj.OBJ)";
return <<"EOF";
$obj.OBJ : $deps
${before}
SET DEFAULT $forward
$incs_on
\$(CC) \$(CFLAGS)${ecflags}${incs}${depbuild} /OBJECT=${objd}${objn}.OBJ /REPOSITORY=$backward $srcs
$incs_off
SET DEFAULT $backward
${after}
\@ PIPE ( \$(PERL) -e "use File::Compare qw/compare_text/; my \$x = compare_text(""$obj.D"",""$obj.tmp-D""); exit(0x10000000 + (\$x == 0));" || -
RENAME $obj.tmp-D $obj.d )
\@ IF F\$SEARCH("$obj.tmp-D") .NES. "" THEN DELETE $obj.tmp-D;*
- PURGE $obj.OBJ
EOF
}
sub libobj2shlib {
my %args = @_;
my $lib = $args{lib};
my $shlib = $args{shlib};
my $libd = dirname($lib);
my $libn = basename($lib);
(my $mkdef_key = $libn) =~ s/^${osslprefix_q}lib([^0-9]*)\d*/$1/i;
my @deps = map {
$disabled{shared} ? $_.".OLB"
: $unified_info{sharednames}->{$_}.".EXE"; } @{$args{deps}};
my $deps = join(", -\n\t\t", @deps);
my $shlib_target = $disabled{shared} ? "" : $target{shared_target};
my $ordinalsfile = defined($args{ordinals}) ? $args{ordinals}->[1] : "";
my $engine_opt = abs2rel(rel2abs(catfile($config{sourcedir},
"VMS", "engine.opt")),
rel2abs($config{builddir}));
my $mkdef_pl = abs2rel(rel2abs(catfile($config{sourcedir},
"util", "mkdef.pl")),
rel2abs($config{builddir}));
my $translatesyms_pl = abs2rel(rel2abs(catfile($config{sourcedir},
"VMS", "translatesyms.pl")),
rel2abs($config{builddir}));
# The "[]" hack is because in .OPT files, each line inherits the
# previous line's file spec as default, so if no directory spec
# is present in the current line and the previous line has one that
# doesn't apply, you're in for a surprise.
my $write_opt =
join("\n\t", map { my $x = $_ =~ /\[/ ? $_ : "[]".$_;
$x =~ s|(\.EXE)|$1/SHARE|;
$x =~ s|(\.OLB)|$1/LIB|;
"WRITE OPT_FILE \"$x\"" } @deps)
|| "\@ !";
return <<"EOF";
$shlib.EXE : $lib.OLB $deps $ordinalsfile
\$(PERL) $mkdef_pl "$mkdef_key" "VMS" > $shlib.SYMVEC-tmp
\$(PERL) $translatesyms_pl \$(BLDDIR)CXX\$DEMANGLER_DB. < $shlib.SYMVEC-tmp > $shlib.SYMVEC
DELETE $shlib.SYMVEC-tmp;*
OPEN/WRITE/SHARE=READ OPT_FILE $shlib.OPT
WRITE OPT_FILE "IDENTIFICATION=""V$config{version}"""
TYPE $shlib.SYMVEC /OUTPUT=OPT_FILE:
WRITE OPT_FILE "$lib.OLB/LIBRARY"
$write_opt
CLOSE OPT_FILE
LINK /MAP=$shlib.MAP /FULL/SHARE=$shlib.EXE $shlib.OPT/OPT \$(EX_LIBS)
DELETE $shlib.SYMVEC;*
PURGE $shlib.EXE,$shlib.OPT,$shlib.MAP
EOF
}
sub obj2dso {
my %args = @_;
my $lib = $args{lib};
my $libd = dirname($lib);
my $libn = basename($lib);
(my $libn_nolib = $libn) =~ s/^lib//;
my @objs = map { "$_.OBJ" } @{$args{objs}};
my @deps = map {
$disabled{shared} ? $_.".OLB"
: $unified_info{sharednames}->{$_}.".EXE"; } @{$args{deps}};
my $deps = join(", -\n\t\t", @objs, @deps);
my $shlib_target = $disabled{shared} ? "" : $target{shared_target};
my $engine_opt = abs2rel(rel2abs(catfile($config{sourcedir},
"VMS", "engine.opt")),
rel2abs($config{builddir}));
# The "[]" hack is because in .OPT files, each line inherits the
# previous line's file spec as default, so if no directory spec
# is present in the current line and the previous line has one that
# doesn't apply, you're in for a surprise.
my $write_opt1 =
join(",-\"\n\t", map { my $x = $_ =~ /\[/ ? $_ : "[]".$_;
"WRITE OPT_FILE \"$x" } @objs).
"\"";
my $write_opt2 =
join("\n\t", map { my $x = $_ =~ /\[/ ? $_ : "[]".$_;
$x =~ s|(\.EXE)|$1/SHARE|;
$x =~ s|(\.OLB)|$1/LIB|;
"WRITE OPT_FILE \"$x\"" } @deps)
|| "\@ !";
return <<"EOF";
$lib.EXE : $deps
OPEN/WRITE/SHARE=READ OPT_FILE $lib.OPT
TYPE $engine_opt /OUTPUT=OPT_FILE:
$write_opt1
$write_opt2
CLOSE OPT_FILE
LINK /MAP=$lib.MAP /FULL/SHARE=$lib.EXE $lib.OPT/OPT \$(EX_LIBS)
- PURGE $lib.EXE,$lib.OPT,$lib.MAP
EOF
}
sub obj2lib {
my %args = @_;
my $lib = $args{lib};
my $objs = join(", -\n\t\t", map { $_.".OBJ" } (@{$args{objs}}));
my $fill_lib = join("\n\t", (map { "LIBRARY/REPLACE $lib.OLB $_.OBJ" }
@{$args{objs}}));
return <<"EOF";
$lib.OLB : $objs
LIBRARY/CREATE/OBJECT $lib.OLB
$fill_lib
- PURGE $lib.OLB
EOF
}
sub obj2bin {
my %args = @_;
my $bin = $args{bin};
my $bind = dirname($bin);
my $binn = basename($bin);
my @objs = map { "$_.OBJ" } @{$args{objs}};
my @deps = map {
$disabled{shared} ? $_.".OLB"
: $unified_info{sharednames}->{$_}.".EXE"; } @{$args{deps}};
my $deps = join(", -\n\t\t", @objs, @deps);
# The "[]" hack is because in .OPT files, each line inherits the
# previous line's file spec as default, so if no directory spec
# is present in the current line and the previous line has one that
# doesn't apply, you're in for a surprise.
my $write_opt1 =
join(",-\"\n\t", map { my $x = $_ =~ /\[/ ? $_ : "[]".$_;
"WRITE OPT_FILE \"$x" } @objs).
"\"";
my $write_opt2 =
join("\n\t", map { my $x = $_ =~ /\[/ ? $_ : "[]".$_;
$x =~ s|(\.EXE)|$1/SHARE|;
$x =~ s|(\.OLB)|$1/LIB|;
"WRITE OPT_FILE \"$x\"" } @deps)
|| "\@ !";
return <<"EOF";
$bin.EXE : $deps
OPEN/WRITE/SHARE=READ OPT_FILE $bin.OPT
$write_opt1
$write_opt2
CLOSE OPT_FILE
LINK/EXEC=$bin.EXE \$(LDFLAGS) $bin.OPT/OPT \$(EX_LIBS)
- PURGE $bin.EXE,$bin.OPT
EOF
}
sub in2script {
my %args = @_;
my $script = $args{script};
return "" if grep { $_ eq $script } @{$args{sources}}; # No overwrite!
my $sources = join(" ", @{$args{sources}});
my $dofile = abs2rel(rel2abs(catfile($config{sourcedir},
"util", "dofile.pl")),
rel2abs($config{builddir}));
return <<"EOF";
$script : $sources
\$(PERL) "-I\$(BLDDIR)" "-Mconfigdata" $dofile -
"-o$target{build_file}" $sources > $script
SET FILE/PROT=(S:RWED,O:RWED,G:RE,W:RE) $script
PURGE $script
EOF
}
"" # Important! This becomes part of the template result.
-}

1044
deps/openssl/openssl/Configurations/unix-Makefile.tmpl vendored Normal file
View file

File diff suppressed because it is too large Load diff

22
deps/openssl/openssl/Configurations/unix-checker.pm vendored Normal file
View file

@ -0,0 +1,22 @@
#! /usr/bin/perl
use Config;
# Check that the perl implementation file modules generate paths that
# we expect for the platform
use File::Spec::Functions qw(:DEFAULT rel2abs);
if (rel2abs('.') !~ m|/|) {
die <<EOF;
******************************************************************************
This perl implementation doesn't produce Unix like paths (with forward slash
directory separators). Please use an implementation that matches your
building platform.
This Perl version: $Config{version} for $Config{archname}
******************************************************************************
EOF
}
1;

22
deps/openssl/openssl/Configurations/windows-checker.pm vendored Normal file
View file

@ -0,0 +1,22 @@
#! /usr/bin/perl
use Config;
# Check that the perl implementation file modules generate paths that
# we expect for the platform
use File::Spec::Functions qw(:DEFAULT rel2abs);
if (rel2abs('.') !~ m|\\|) {
die <<EOF;
******************************************************************************
This perl implementation doesn't produce Windows like paths (with backward
slash directory separators). Please use an implementation that matches your
building platform.
This Perl version: $Config{version} for $Config{archname}
******************************************************************************
EOF
}
1;

621
deps/openssl/openssl/Configurations/windows-makefile.tmpl vendored Normal file
View file

@ -0,0 +1,621 @@
##
## Makefile for OpenSSL
##
## {- join("\n## ", @autowarntext) -}
{-
our $objext = $target{obj_extension} || ".obj";
our $depext = $target{dep_extension} || ".d";
our $exeext = $target{exe_extension} || ".exe";
our $libext = $target{lib_extension} || ".lib";
our $shlibext = $target{shared_extension} || ".dll";
our $shlibextimport = $target{shared_import_extension} || ".lib";
our $dsoext = $target{dso_extension} || ".dll";
our $sover = $config{shlib_major}."_".$config{shlib_minor};
my $win_installenv =
$target{build_scheme}->[2] eq "VC-W32" ?
"ProgramFiles(x86)" : "ProgramW6432";
my $win_commonenv =
$target{build_scheme}->[2] eq "VC-W32"
? "CommonProgramFiles(x86)" : "CommonProgramW6432";
our $win_installroot =
defined($ENV{$win_installenv})
? $win_installenv : 'ProgramFiles';
our $win_commonroot =
defined($ENV{$win_commonenv})
? $win_commonenv : 'CommonProgramFiles';
# expand variables early
$win_installroot = $ENV{$win_installroot};
$win_commonroot = $ENV{$win_commonroot};
sub shlib {
return () if $disabled{shared};
my $lib = shift;
return $unified_info{sharednames}->{$lib} . $shlibext;
}
sub shlib_import {
return () if $disabled{shared};
my $lib = shift;
return $lib . $shlibextimport;
}
sub dso {
my $dso = shift;
return $dso . $dsoext;
}
# This makes sure things get built in the order they need
# to. You're welcome.
sub dependmagic {
my $target = shift;
return "$target: build_generated\n\t\$(MAKE) depend && \$(MAKE) _$target\n_$target";
}
'';
-}
PLATFORM={- $config{target} -}
SRCDIR={- $config{sourcedir} -}
BLDDIR={- $config{builddir} -}
VERSION={- $config{version} -}
MAJOR={- $config{major} -}
MINOR={- $config{minor} -}
SHLIB_VERSION_NUMBER={- $config{shlib_version_number} -}
LIBS={- join(" ", map { $_.$libext } @{$unified_info{libraries}}) -}
SHLIBS={- join(" ", map { shlib($_) } @{$unified_info{libraries}}) -}
SHLIBPDBS={- join(" ", map { local $shlibext = ".pdb"; shlib($_) } @{$unified_info{libraries}}) -}
ENGINES={- join(" ", map { dso($_) } @{$unified_info{engines}}) -}
ENGINEPDBS={- join(" ", map { local $dsoext = ".pdb"; dso($_) } @{$unified_info{engines}}) -}
PROGRAMS={- our @PROGRAMS = map { $_.$exeext } @{$unified_info{programs}}; join(" ", @PROGRAMS) -}
PROGRAMPDBS={- join(" ", map { $_.".pdb" } @{$unified_info{programs}}) -}
SCRIPTS={- join(" ", @{$unified_info{scripts}}) -}
{- output_off() if $disabled{makedepend}; "" -}
DEPS={- join(" ", map { (my $x = $_) =~ s|\.o$|$depext|; $x; }
grep { $unified_info{sources}->{$_}->[0] =~ /\.c$/ }
keys %{$unified_info{sources}}); -}
{- output_on() if $disabled{makedepend}; "" -}
GENERATED_MANDATORY={- join(" ", @{$unified_info{depends}->{""}} ) -}
GENERATED={- join(" ",
( map { (my $x = $_) =~ s|\.[sS]$|\.asm|; $x }
grep { defined $unified_info{generate}->{$_} }
map { @{$unified_info{sources}->{$_}} }
grep { /\.o$/ } keys %{$unified_info{sources}} ),
( grep { /\.h$/ } keys %{$unified_info{generate}} )) -}
INSTALL_LIBS={- join(" ", map { $_.$libext } @{$unified_info{install}->{libraries}}) -}
INSTALL_SHLIBS={- join(" ", map { shlib($_) } @{$unified_info{install}->{libraries}}) -}
INSTALL_SHLIBPDBS={- join(" ", map { local $shlibext = ".pdb"; shlib($_) } @{$unified_info{install}->{libraries}}) -}
INSTALL_ENGINES={- join(" ", map { dso($_) } @{$unified_info{install}->{engines}}) -}
INSTALL_ENGINEPDBS={- join(" ", map { local $dsoext = ".pdb"; dso($_) } @{$unified_info{install}->{engines}}) -}
INSTALL_PROGRAMS={- join(" ", map { $_.$exeext } grep { !m|^test\\| } @{$unified_info{install}->{programs}}) -}
INSTALL_PROGRAMPDBS={- join(" ", map { $_.".pdb" } grep { !m|^test\\| } @{$unified_info{install}->{programs}}) -}
{- output_off() if $disabled{apps}; "" -}
BIN_SCRIPTS=$(BLDDIR)\tools\c_rehash.pl
MISC_SCRIPTS=$(BLDDIR)\apps\CA.pl $(BLDDIR)\apps\tsget.pl
{- output_on() if $disabled{apps}; "" -}
APPS_OPENSSL={- use File::Spec::Functions;
catfile("apps","openssl") -}
# Do not edit these manually. Use Configure with --prefix or --openssldir
# to change this! Short explanation in the top comment in Configure
INSTALLTOP_dev={- # $prefix is used in the OPENSSLDIR perl snippet
#
use File::Spec::Functions qw(:DEFAULT splitpath);
our $prefix = canonpath($config{prefix}
|| "$win_installroot\\OpenSSL");
our ($prefix_dev, $prefix_dir, $prefix_file) =
splitpath($prefix, 1);
$prefix_dev -}
INSTALLTOP_dir={- canonpath($prefix_dir) -}
OPENSSLDIR_dev={- #
# The logic here is that if no --openssldir was given,
# OPENSSLDIR will get the value from $prefix plus "/ssl".
# If --openssldir was given and the value is an absolute
# path, OPENSSLDIR will get its value without change.
# If the value from --openssldir is a relative path,
# OPENSSLDIR will get $prefix with the --openssldir
# value appended as a subdirectory.
#
use File::Spec::Functions qw(:DEFAULT splitpath);
our $openssldir =
$config{openssldir} ?
(file_name_is_absolute($config{openssldir}) ?
canonpath($config{openssldir})
: catdir($prefix, $config{openssldir}))
: canonpath("$win_commonroot\\SSL");
our ($openssldir_dev, $openssldir_dir, $openssldir_file) =
splitpath($openssldir, 1);
$openssldir_dev -}
OPENSSLDIR_dir={- canonpath($openssldir_dir) -}
LIBDIR={- our $libdir = $config{libdir} || "lib";
$libdir -}
ENGINESDIR_dev={- use File::Spec::Functions qw(:DEFAULT splitpath);
our $enginesdir = catdir($prefix,$libdir,"engines-$sover");
our ($enginesdir_dev, $enginesdir_dir, $enginesdir_file) =
splitpath($enginesdir, 1);
$enginesdir_dev -}
ENGINESDIR_dir={- canonpath($enginesdir_dir) -}
!IF "$(DESTDIR)" != ""
INSTALLTOP=$(DESTDIR)$(INSTALLTOP_dir)
OPENSSLDIR=$(DESTDIR)$(OPENSSLDIR_dir)
ENGINESDIR=$(DESTDIR)$(ENGINESDIR_dir)
!ELSE
INSTALLTOP=$(INSTALLTOP_dev)$(INSTALLTOP_dir)
OPENSSLDIR=$(OPENSSLDIR_dev)$(OPENSSLDIR_dir)
ENGINESDIR=$(ENGINESDIR_dev)$(ENGINESDIR_dir)
!ENDIF
CC={- $target{cc} -}
CFLAGS={- join(" ",(map { "-D".$_} @{$target{defines}}, @{$config{defines}})) -} {- join(" ", quotify_l("-DENGINESDIR=\"$enginesdir\"", "-DOPENSSLDIR=\"$openssldir\"")) -} {- $target{cflags} -} {- $config{cflags} -}
COUTFLAG={- $target{coutflag} || "/Fo" -}$(OSSL_EMPTY)
RC={- $target{rc} || "rc" -}
RCOUTFLAG={- $target{rcoutflag} || "/fo" -}$(OSSL_EMPTY)
LD={- $target{ld} || "link" -}
LDFLAGS={- $target{lflags} -}
LDOUTFLAG={- $target{loutflag} || "/out:" -}$(OSSL_EMPTY)
EX_LIBS={- $target{ex_libs} -}
LIB_CFLAGS={- join(" ", $target{lib_cflags}, $target{shared_cflag}) || "" -}
LIB_LDFLAGS={- $target{shared_ldflag} || "" -}
DSO_CFLAGS={- join(" ", $target{dso_cflags}, $target{shared_cflag}) || "" -}
DSO_LDFLAGS={- join(" ", $target{dso_lflags}, $target{shared_ldflag}) || "" -}
BIN_CFLAGS={- $target{bin_cflags} -}
BIN_LDFLAGS={- $target{bin_lflags} -}
PERL={- $config{perl} -}
AR={- $target{ar} -}
ARFLAGS= {- $target{arflags} -}
AROUTFLAG={- $target{aroutflag} || "/out:" -}$(OSSL_EMPTY)
MT={- $target{mt} -}
MTFLAGS= {- $target{mtflags} -}
MTINFLAG={- $target{mtinflag} || "-manifest " -}$(OSSL_EMPTY)
MTOUTFLAG={- $target{mtoutflag} || "-outputresource:" -}$(OSSL_EMPTY)
AS={- $target{as} -}
ASFLAGS={- $target{asflags} -}
ASOUTFLAG={- $target{asoutflag} -}$(OSSL_EMPTY)
PERLASM_SCHEME= {- $target{perlasm_scheme} -}
PROCESSOR= {- $config{processor} -}
# The main targets ###################################################
{- dependmagic('all'); -}: build_libs_nodep build_engines_nodep build_programs_nodep
{- dependmagic('build_libs'); -}: build_libs_nodep
{- dependmagic('build_engines'); -}: build_engines_nodep
{- dependmagic('build_programs'); -}: build_programs_nodep
build_generated: $(GENERATED_MANDATORY)
build_libs_nodep: $(LIBS) {- join(" ",map { shlib_import($_) } @{$unified_info{libraries}}) -}
build_engines_nodep: $(ENGINES)
build_programs_nodep: $(PROGRAMS) $(SCRIPTS)
# Kept around for backward compatibility
build_apps build_tests: build_programs
# Convenience target to prebuild all generated files, not just the mandatory
# ones
build_all_generated: $(GENERATED_MANDATORY) $(GENERATED)
test: tests
{- dependmagic('tests'); -}: build_programs_nodep build_engines_nodep
@rem {- output_off() if $disabled{tests}; "" -}
-mkdir $(BLDDIR)\test\test-runs
set SRCTOP=$(SRCDIR)
set BLDTOP=$(BLDDIR)
set RESULT_D=$(BLDDIR)\test\test-runs
set PERL=$(PERL)
set OPENSSL_ENGINES=$(MAKEDIR)\engines
set OPENSSL_DEBUG_MEMORY=on
"$(PERL)" "$(SRCDIR)\test\run_tests.pl" $(TESTS)
@rem {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
@echo "Tests are not supported with your chosen Configure options"
@rem {- output_on() if !$disabled{tests}; "" -}
list-tests:
@rem {- output_off() if $disabled{tests}; "" -}
@set SRCTOP=$(SRCDIR)
@"$(PERL)" "$(SRCDIR)\test\run_tests.pl" list
@rem {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
@echo "Tests are not supported with your chosen Configure options"
@rem {- output_on() if !$disabled{tests}; "" -}
install: install_sw install_ssldirs install_docs
uninstall: uninstall_docs uninstall_sw
libclean:
"$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """$$1.*"""; } @ARGV" $(SHLIBS)
"$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """apps/$$1.*"""; } @ARGV" $(SHLIBS)
"$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """test/$$1.*"""; } @ARGV" $(SHLIBS)
"$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """fuzz/$$1.*"""; } @ARGV" $(SHLIBS)
-del /Q /F $(LIBS)
-del /Q ossl_static.pdb
clean: libclean
{- join("\n\t", map { "-del /Q /F $_" } @PROGRAMS) -}
-del /Q /F $(ENGINES)
-del /Q /F $(SCRIPTS)
-del /Q /F $(GENERATED)
-del /Q /S /F *.d
-del /Q /S /F *.obj
-del /Q /S /F *.pdb
-del /Q /S /F *.exp
-del /Q /S /F engines\*.ilk
-del /Q /S /F engines\*.lib
-del /Q /S /F apps\*.lib
-del /Q /S /F engines\*.manifest
-del /Q /S /F apps\*.manifest
-del /Q /S /F test\*.manifest
distclean: clean
-del /Q /F configdata.pm
-del /Q /F makefile
depend:
# Install helper targets #############################################
install_sw: all install_dev install_engines install_runtime
uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev
install_docs: install_html_docs
uninstall_docs: uninstall_html_docs
install_ssldirs:
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(OPENSSLDIR)\certs"
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(OPENSSLDIR)\private"
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(OPENSSLDIR)\misc"
@"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\apps\openssl.cnf" \
"$(OPENSSLDIR)\openssl.cnf.dist"
@IF NOT EXIST "$(OPENSSLDIR)\openssl.cnf" \
"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\apps\openssl.cnf" \
"$(OPENSSLDIR)\openssl.cnf"
@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(MISC_SCRIPTS) \
"$(OPENSSLDIR)\misc"
install_dev:
@if "$(INSTALLTOP)"=="" ( echo INSTALLTOP should not be empty & exit 1 )
@echo *** Installing development files
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\include\openssl"
@rem {- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -}
@"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\ms\applink.c" \
"$(INSTALLTOP)\include\openssl"
@rem {- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -}
@"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\include\openssl\*.h" \
"$(INSTALLTOP)\include\openssl"
@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(BLDDIR)\include\openssl\*.h \
"$(INSTALLTOP)\include\openssl"
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\$(LIBDIR)"
@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_LIBS) \
"$(INSTALLTOP)\$(LIBDIR)"
@if "$(SHLIBS)"=="" \
"$(PERL)" "$(SRCDIR)\util\copy.pl" ossl_static.pdb \
"$(INSTALLTOP)\$(LIBDIR)"
uninstall_dev:
install_engines:
@if "$(INSTALLTOP)"=="" ( echo INSTALLTOP should not be empty & exit 1 )
@echo *** Installing engines
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(ENGINESDIR)"
@if not "$(ENGINES)"=="" \
"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_ENGINES) "$(ENGINESDIR)"
@if not "$(ENGINES)"=="" \
"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_ENGINEPDBS) "$(ENGINESDIR)"
uninstall_engines:
install_runtime:
@if "$(INSTALLTOP)"=="" ( echo INSTALLTOP should not be empty & exit 1 )
@echo *** Installing runtime files
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\bin"
@if not "$(SHLIBS)"=="" \
"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_SHLIBS) "$(INSTALLTOP)\bin"
@if not "$(SHLIBS)"=="" \
"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_SHLIBPDBS) \
"$(INSTALLTOP)\bin"
@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_PROGRAMS) \
"$(INSTALLTOP)\bin"
@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_PROGRAMPDBS) \
"$(INSTALLTOP)\bin"
@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(BIN_SCRIPTS) \
"$(INSTALLTOP)\bin"
uninstall_runtime:
install_html_docs:
"$(PERL)" "$(SRCDIR)\util\process_docs.pl" \
"--destdir=$(INSTALLTOP)\html" --type=html
uninstall_html_docs:
# Building targets ###################################################
configdata.pm: "$(SRCDIR)\Configure" {- join(" ", map { '"'.$_.'"' } @{$config{build_file_templates}}, @{$config{build_infos}}, @{$config{conf_files}}) -}
@echo "Detected changed: $?"
@echo "Reconfiguring..."
"$(PERL)" "$(SRCDIR)\Configure" reconf
@echo "**************************************************"
@echo "*** ***"
@echo "*** Please run the same make command again ***"
@echo "*** ***"
@echo "**************************************************"
@exit 1
{-
use File::Basename;
use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs/;
# Helper function to figure out dependencies on libraries
# It takes a list of library names and outputs a list of dependencies
sub compute_lib_depends {
if ($disabled{shared}) {
return map { $_.$libext } @_;
}
return map { shlib_import($_) } @_;
}
sub generatesrc {
my %args = @_;
(my $target = $args{src}) =~ s/\.[sS]$/.asm/;
my ($gen0, @gens) = @{$args{generator}};
my $generator = '"'.$gen0.'"'.join('', map { " $_" } @gens);
my $generator_incs = join("", map { " -I \"$_\"" } @{$args{generator_incs}});
my $incs = join("", map { " /I \"$_\"" } @{$args{incs}});
my $deps = @{$args{deps}} ?
'"'.join('" "', @{$args{generator_deps}}, @{$args{deps}}).'"' : '';
if ($target !~ /\.asm$/) {
if ($args{generator}->[0] =~ m|^.*\.in$|) {
my $dofile = abs2rel(rel2abs(catfile($config{sourcedir},
"util", "dofile.pl")),
rel2abs($config{builddir}));
return <<"EOF";
$target: "$args{generator}->[0]" $deps
"\$(PERL)" "-I\$(BLDDIR)" -Mconfigdata "$dofile" \\
"-o$target{build_file}" $generator > \$@
EOF
} else {
return <<"EOF";
$target: "$args{generator}->[0]" $deps
"\$(PERL)"$generator_incs $generator > \$@
EOF
}
} else {
if ($args{generator}->[0] =~ /\.pl$/) {
$generator = '"$(PERL)"'.$generator_incs.' '.$generator;
} elsif ($args{generator}->[0] =~ /\.S$/) {
$generator = undef;
} else {
die "Generator type for $src unknown: $generator\n";
}
if (defined($generator)) {
# If the target is named foo.S in build.info, we want to
# end up generating foo.s in two steps.
if ($args{src} =~ /\.S$/) {
return <<"EOF";
$target: "$args{generator}->[0]" $deps
set ASM=\$(AS)
$generator \$@.S
\$(CC) $incs \$(CFLAGS) /EP /C \$@.S > \$@.i && move /Y \$@.i \$@
del /Q \$@.S
EOF
}
# Otherwise....
return <<"EOF";
$target: "$args{generator}->[0]" $deps
set ASM=\$(AS)
$generator \$@
EOF
}
return <<"EOF";
$target: "$args{generator}->[0]" $deps
\$(CC) $incs \$(CFLAGS) /EP /C "$args{generator}->[0]" > \$@.i && move /Y \$@.i \$@
EOF
}
}
sub src2obj {
my %args = @_;
my $obj = $args{obj};
my @srcs = map { (my $x = $_) =~ s/\.s$/.asm/; $x
} ( @{$args{srcs}} );
my $srcs = '"'.join('" "', @srcs).'"';
my $deps = '"'.join('" "', @srcs, @{$args{deps}}).'"';
my $incs = join("", map { ' /I "'.$_.'"' } @{$args{incs}});
unless ($disabled{zlib}) {
if ($withargs{zlib_include}) {
$incs .= ' /I "'.$withargs{zlib_include}.'"';
}
}
my $ecflags = { lib => '$(LIB_CFLAGS)',
dso => '$(DSO_CFLAGS)',
bin => '$(BIN_CFLAGS)' } -> {$args{intent}};
my $makedepprog = $config{makedepprog};
if ($srcs[0] =~ /\.asm$/) {
return <<"EOF";
$obj$objext: $deps
\$(AS) \$(ASFLAGS) \$(ASOUTFLAG)\$\@ $srcs
EOF
}
return <<"EOF" if (!$disabled{makedepend});
$obj$depext: $deps
\$(CC) \$(CFLAGS) $ecflags$inc /Zs /showIncludes $srcs 2>&1 | \\
"\$(PERL)" -n << > $obj$depext
chomp;
s/^Note: including file: *//;
\$\$collect{\$\$_} = 1;
END { print '$obj$objext: ',join(" ", sort keys \%collect),"\\n" }
<<
$obj$objext: $obj$depext
\$(CC) $incs \$(CFLAGS) $ecflags -c \$(COUTFLAG)\$\@ $srcs
EOF
return <<"EOF" if ($disabled{makedepend});
$obj$objext: $deps
\$(CC) $incs \$(CFLAGS) $ecflags -c \$(COUTFLAG)\$\@ $srcs
EOF
}
# On Unix, we build shlibs from static libs, so we're ignoring the
# object file array. We *know* this routine is only called when we've
# configure 'shared'.
sub libobj2shlib {
my %args = @_;
my $lib = $args{lib};
my $shlib = $args{shlib};
(my $mkdef_key = $lib) =~ s/^lib//i;
my $objs = join("\n", map { $_.$objext } @{$args{objs}});
my $linklibs = join("",
map { "\n$_" } compute_lib_depends(@{$args{deps}}));
my $deps = join(" ",
(map { $_.$objext } @{$args{objs}}),
compute_lib_depends(@{$args{deps}}));
my $ordinalsfile = defined($args{ordinals}) ? $args{ordinals}->[1] : "";
my $mkdef_pl = abs2rel(rel2abs(catfile($config{sourcedir},
"util", "mkdef.pl")),
rel2abs($config{builddir}));
my $mkrc_pl = abs2rel(rel2abs(catfile($config{sourcedir},
"util", "mkrc.pl")),
rel2abs($config{builddir}));
my $target = shlib_import($lib);
return <<"EOF"
$target: $deps "$ordinalsfile" "$mkdef_pl"
"\$(PERL)" "$mkdef_pl" "$mkdef_key" 32 > $shlib.def
"\$(PERL)" -i.tmp -pe "s|^LIBRARY\\s+${mkdef_key}32|LIBRARY $shlib|;" $shlib.def
DEL $shlib.def.tmp
"\$(PERL)" "$mkrc_pl" $shlib$shlibext > $shlib.rc
\$(RC) \$(RCOUTFLAG)$shlib.res $shlib.rc
IF EXIST $shlib$shlibext.manifest DEL /F /Q $shlib$shlibext.manifest
\$(LD) \$(LDFLAGS) \$(LIB_LDFLAGS) \\
/implib:\$@ \$(LDOUTFLAG)$shlib$shlibext /def:$shlib.def @<< || (DEL /Q \$(\@B).* $shlib.* && EXIT 1)
$objs $shlib.res$linklibs \$(EX_LIBS)
<<
IF EXIST $shlib$shlibext.manifest \\
\$(MT) \$(MTFLAGS) \$(MTINFLAG)$shlib$shlibext.manifest \$(MTOUTFLAG)$shlib$shlibext
IF EXIST apps\\$shlib$shlibext DEL /Q /F apps\\$shlib$shlibext
IF EXIST test\\$shlib$shlibext DEL /Q /F test\\$shlib$shlibext
IF EXIST fuzz\\$shlib$shlibext DEL /Q /F fuzz\\$shlib$shlibext
COPY $shlib$shlibext apps
COPY $shlib$shlibext test
COPY $shlib$shlibext fuzz
EOF
}
sub obj2dso {
my %args = @_;
my $dso = $args{lib};
my $dso_n = basename($dso);
my $objs = join("\n", map { $_.$objext } @{$args{objs}});
my $linklibs = join("",
map { "\n$_" } compute_lib_depends(@{$args{deps}}));
my $deps = join(" ",
(map { $_.$objext } @{$args{objs}}),
compute_lib_depends(@{$args{deps}}));
return <<"EOF";
$dso$dsoext: $deps
IF EXIST $dso$dsoext.manifest DEL /F /Q $dso$dsoext.manifest
\$(LD) \$(LDFLAGS) \$(DSO_LDFLAGS) \$(LDOUTFLAG)$dso$dsoext /def:<< @<<
LIBRARY $dso_n
EXPORTS
bind_engine @1
v_check @2
<<
$objs$linklibs \$(EX_LIBS)
<<
IF EXIST $dso$dsoext.manifest \\
\$(MT) \$(MTFLAGS) \$(MTINFLAG)$dso$dsoext.manifest \$(MTOUTFLAG)$dso$dsoext
EOF
}
sub obj2lib {
# Because static libs and import libs are both named the same in native
# Windows, we can't have both. We skip the static lib in that case,
# as the shared libs are what we use anyway.
return "" unless $disabled{"shared"};
my %args = @_;
my $lib = $args{lib};
my $objs = join("\n", map { $_.$objext } @{$args{objs}});
my $deps = join(" ", map { $_.$objext } @{$args{objs}});
return <<"EOF";
$lib$libext: $deps
\$(AR) \$(ARFLAGS) \$(AROUTFLAG)$lib$libext @<<
\$**
<<
EOF
}
sub obj2bin {
my %args = @_;
my $bin = $args{bin};
my $objs = join("\n", map { $_.$objext } @{$args{objs}});
my $linklibs = join("",
map { "\n$_" } compute_lib_depends(@{$args{deps}}));
my $deps = join(" ",
(map { $_.$objext } @{$args{objs}}),
compute_lib_depends(@{$args{deps}}));
return <<"EOF";
$bin$exeext: $deps
IF EXIST $bin$exeext.manifest DEL /F /Q $bin$exeext.manifest
\$(LD) \$(LDFLAGS) \$(BIN_LDFLAGS) \$(LDOUTFLAG)$bin$exeext @<<
$objs setargv.obj$linklibs \$(EX_LIBS)
<<
IF EXIST $bin$exeext.manifest \\
\$(MT) \$(MTFLAGS) \$(MTINFLAG)$bin$exeext.manifest \$(MTOUTFLAG)$bin$exeext
EOF
}
sub in2script {
my %args = @_;
my $script = $args{script};
my $sources = '"'.join('" "', @{$args{sources}}).'"';
my $dofile = abs2rel(rel2abs(catfile($config{sourcedir},
"util", "dofile.pl")),
rel2abs($config{builddir}));
return <<"EOF";
$script: $sources
"\$(PERL)" "-I\$(BLDDIR)" -Mconfigdata "$dofile" \\
"-o$target{build_file}" $sources > "$script"
EOF
}
sub generatedir {
my %args = @_;
my $dir = $args{dir};
my @deps = map { s|\.o$|$objext|; $_ } @{$args{deps}};
my @actions = ();
my %extinfo = ( dso => $dsoext,
lib => $libext,
bin => $exeext );
foreach my $type (("dso", "lib", "bin", "script")) {
next unless defined($unified_info{dirinfo}->{$dir}->{products}->{$type});
# For lib object files, we could update the library. However,
# LIB on Windows doesn't work that way, so we won't create any
# actions for it, and the dependencies are already taken care of.
if ($type ne "lib") {
foreach my $prod (@{$unified_info{dirinfo}->{$dir}->{products}->{$type}}) {
if (dirname($prod) eq $dir) {
push @deps, $prod.$extinfo{$type};
} else {
push @actions, "\t@rem No support to produce $type ".join(", ", @{$unified_info{dirinfo}->{$dir}->{products}->{$type}});
}
}
}
}
my $deps = join(" ", @deps);
my $actions = join("\n", "", @actions);
return <<"EOF";
$args{dir} $args{dir}\\ : $deps$actions
EOF
}
"" # Important! This becomes part of the template result.
-}

4526
deps/openssl/openssl/Configure vendored
View file

File diff suppressed because it is too large Load diff

8
deps/openssl/openssl/GitConfigure vendored
View file

@ -1,8 +0,0 @@
#!/bin/sh
BRANCH=`git rev-parse --abbrev-ref HEAD`
./Configure $@ no-symlinks
make files
util/mk1mf.pl OUT=out.$BRANCH TMP=tmp.$BRANCH INC=inc.$BRANCH copy > makefile.$BRANCH
make -f makefile.$BRANCH init

5
deps/openssl/openssl/GitMake vendored
View file

@ -1,5 +0,0 @@
#!/bin/sh
BRANCH=`git rev-parse --abbrev-ref HEAD`
make -f makefile.$BRANCH $@

1025
deps/openssl/openssl/INSTALL vendored
View file

File diff suppressed because it is too large Load diff

72
deps/openssl/openssl/INSTALL.MacOS vendored
View file

@ -1,72 +0,0 @@
OpenSSL - Port To The Macintosh OS 9 or Earlier
===============================================
Thanks to Roy Wood <roy@centricsystems.ca> initial support for Mac OS (pre
X) is now provided. "Initial" means that unlike other platforms where you
get an SDK and a "swiss army" openssl application, on Macintosh you only
get one sample application which fetches a page over HTTPS(*) and dumps it
in a window. We don't even build the test applications so that we can't
guarantee that all algorithms are operational.
Required software:
- StuffIt Expander 5.5 or later, alternatively MacGzip and SUNtar;
- Scriptable Finder;
- CodeWarrior Pro 5;
Installation procedure:
- fetch the source at ftp://ftp.openssl.org/ (well, you probably already
did, huh?)
- unpack the .tar.gz file:
- if you have StuffIt Expander then just drag it over it;
- otherwise uncompress it with MacGzip and then unpack with SUNtar;
- locate MacOS folder in OpenSSL source tree and open it;
- unbinhex mklinks.as.hqx and OpenSSL.mcp.hqx if present (**), do it
"in-place", i.e. unpacked files should end-up in the very same folder;
- execute mklinks.as;
- open OpenSSL.mcp(***) and build 'GetHTTPS PPC' target(****);
- that's it for now;
(*) URL is hardcoded into ./MacOS/GetHTTPS.src/GetHTTPS.cpp, lines 40
to 42, change appropriately.
(**) If you use SUNtar, then it might have already unbinhexed the files
in question.
(***) The project file was saved with CW Pro 5.3. If you have an earlier
version and it refuses to open it, then download
http://www.openssl.org/~appro/OpenSSL.mcp.xml and import it
overwriting the original OpenSSL.mcp.
(****) Other targets are works in progress. If you feel like giving 'em a
shot, then you should know that OpenSSL* and Lib* targets are
supposed to be built with the GUSI, MacOS library which mimics
BSD sockets and some other POSIX APIs. The GUSI distribution is
expected to be found in the same directory as the openssl source tree,
i.e., in the parent directory to the one where this very file,
namely INSTALL.MacOS, resides. For more information about GUSI, see
http://www.iis.ee.ethz.ch/~neeri/macintosh/gusi-qa.html
Finally some essential comments from our generous contributor:-)
"I've gotten OpenSSL working on the Macintosh. It's probably a bit of a
hack, but it works for what I'm doing. If you don't like the way I've done
it, then feel free to change what I've done. I freely admit that I've done
some less-than-ideal things in my port, and if you don't like the way I've
done something, then feel free to change it-- I won't be offended!
... I've tweaked "bss_sock.c" a little to call routines in a "MacSocket"
library I wrote. My MacSocket library is a wrapper around OpenTransport,
handling stuff like endpoint creation, reading, writing, etc. It is not
designed as a high-performance package such as you'd use in a webserver,
but is fine for lots of other applications. MacSocket also uses some other
code libraries I've written to deal with string manipulations and error
handling. Feel free to use these things in your own code, but give me
credit and/or send me free stuff in appreciation! :-)
...
If you have any questions, feel free to email me as the following:
roy@centricsystems.ca
-Roy Wood"

454
deps/openssl/openssl/INSTALL.NW vendored
View file

@ -1,454 +0,0 @@
INSTALLATION ON THE NETWARE PLATFORM
------------------------------------
Notes about building OpenSSL for NetWare.
BUILD PLATFORM:
---------------
The build scripts (batch files, perl scripts, etc) have been developed and
tested on W2K. The scripts should run fine on other Windows platforms
(NT, Win9x, WinXP) but they have not been tested. They may require some
modifications.
Supported NetWare Platforms - NetWare 5.x, NetWare 6.x:
-------------------------------------------------------
OpenSSL can either use the WinSock interfaces introduced in NetWare 5,
or the BSD socket interface. Previous versions of NetWare, 4.x and 3.x,
are only supported if OpenSSL is build for CLIB and BSD sockets;
WinSock builds only support NetWare 5 and up.
On NetWare there are two c-runtime libraries. There is the legacy CLIB
interfaces and the newer LIBC interfaces. Being ANSI-C libraries, the
functionality in CLIB and LIBC is similar but the LIBC interfaces are built
using Novell Kernal Services (NKS) which is designed to leverage
multi-processor environments.
The NetWare port of OpenSSL can be configured to build using CLIB or LIBC.
The CLIB build was developed and tested using NetWare 5.0 sp6.0a. The LIBC
build was developed and tested using the NetWare 6.0 FCS.
The necessary LIBC functionality ships with NetWare 6. However, earlier
NetWare 5.x versions will require updates in order to run the OpenSSL LIBC
build (NetWare 5.1 SP8 is known to work).
As of June 2005, the LIBC build can be configured to use BSD sockets instead
of WinSock sockets. Call Configure (usually through netware\build.bat) using
a target of "netware-libc-bsdsock" instead of "netware-libc".
As of June 2007, support for CLIB and BSD sockets is also now available
using a target of "netware-clib-bsdsock" instead of "netware-clib";
also gcc builds are now supported on both Linux and Win32 (post 0.9.8e).
REQUIRED TOOLS:
---------------
Based upon the configuration and build options used, some or all of the
following tools may be required:
* Perl for Win32 - required (http://www.activestate.com/ActivePerl)
Used to run the various perl scripts on the build platform.
* Perl 5.8.0 for NetWare v3.20 (or later) - required
(http://developer.novell.com) Used to run the test script on NetWare
after building.
* Compiler / Linker - required:
Metrowerks CodeWarrior PDK 2.1 (or later) for NetWare (commercial):
Provides command line tools used for building.
Tools:
mwccnlm.exe - C/C++ Compiler for NetWare
mwldnlm.exe - Linker for NetWare
mwasmnlm.exe - x86 assembler for NetWare (if using assembly option)
gcc / nlmconv Cross-Compiler, available from Novell Forge (free):
http://forge.novell.com/modules/xfmod/project/?aunixnw
* Assemblers - optional:
If you intend to build using the assembly options you will need an
assembler. Work has been completed to support two assemblers, Metrowerks
and NASM. However, during development, a bug was found in the Metrowerks
assembler which generates incorrect code. Until this problem is fixed,
the Metrowerks assembler cannot be used.
mwasmnlm.exe - Metrowerks x86 assembler - part of CodeWarrior tools.
(version 2.2 Built Aug 23, 1999 - not useable due to code
generation bug)
nasmw.exe - Netwide Assembler NASM
version 0.98 was used in development and testing
* Make Tool - required:
In order to build you will need a make tool. Two make tools are
supported, GNU make (gmake.exe) or Microsoft nmake.exe.
make.exe - GNU make for Windows (version 3.75 used for development)
http://gnuwin32.sourceforge.net/packages/make.htm
nmake.exe - Microsoft make (Version 6.00.8168.0 used for development)
http://support.microsoft.com/kb/132084/EN-US/
* Novell Developer Kit (NDK) - required: (http://developer.novell.com)
CLIB - BUILDS:
WinSock2 Developer Components for NetWare:
For initial development, the October 27, 2000 version was used.
However, future versions should also work.
NOTE: The WinSock2 components include headers & import files for
NetWare, but you will also need the winsock2.h and supporting
headers (pshpack4.h, poppack.h, qos.h) delivered in the
Microsoft SDK. Note: The winsock2.h support headers may change
with various versions of winsock2.h. Check the dependencies
section on the NDK WinSock2 download page for the latest
information on dependencies. These components are unsupported by
Novell. They are provided as a courtesy, but it is strongly
suggested that all development be done using LIBC, not CLIB.
As of June 2005, the WinSock2 components are available at:
http://forgeftp.novell.com//ws2comp/
NLM and NetWare libraries for C (including CLIB and XPlat):
If you are going to build a CLIB version of OpenSSL, you will
need the CLIB headers and imports. The March, 2001 NDK release or
later is recommended.
Earlier versions should work but haven't been tested. In recent
versions the import files have been consolidated and function
names moved. This means you may run into link problems
(undefined symbols) when using earlier versions. The functions
are available in earlier versions, but you will have to modifiy
the make files to include additional import files (see
openssl\util\pl\netware.pl).
LIBC - BUILDS:
Libraries for C (LIBC) - LIBC headers and import files
If you are going to build a LIBC version of OpenSSL, you will
need the LIBC headers and imports. The March 14, 2002 NDK release or
later is required.
NOTE: The LIBC SDK includes the necessary WinSock2 support.
It is not necessary to download the WinSock2 NDK when building for
LIBC. The LIBC SDK also includes the appropriate BSD socket support
if configuring to use BSD sockets.
BUILDING:
---------
Before building, you will need to set a few environment variables. You can
set them manually or you can modify the "netware\set_env.bat" file.
The set_env.bat file is a template you can use to set up the path
and environment variables you will need to build. Modify the
various lines to point to YOUR tools and run set_env.bat.
netware\set_env.bat <target> [compiler]
target - "netware-clib" - CLIB NetWare build
- "netware-libc" - LIBC NetWare build
compiler - "gnuc" - GNU GCC Compiler
- "codewarrior" - MetroWerks CodeWarrior (default)
If you don't use set_env.bat, you will need to set up the following
environment variables:
PATH - Set PATH to point to the tools you will use.
INCLUDE - The location of the NDK include files.
CLIB ex: set INCLUDE=c:\ndk\nwsdk\include\nlm
LIBC ex: set INCLUDE=c:\ndk\libc\include
PRELUDE - The absolute path of the prelude object to link with. For
a CLIB build it is recommended you use the "clibpre.o" files shipped
with the Metrowerks PDK for NetWare. For a LIBC build you should
use the "libcpre.o" file delivered with the LIBC NDK components.
CLIB ex: set PRELUDE=c:\ndk\nwsdk\imports\clibpre.o
LIBC ex: set PRELUDE=c:\ndk\libc\imports\libcpre.o
IMPORTS - The locaton of the NDK import files.
CLIB ex: set IMPORTS=c:\ndk\nwsdk\imports
LIBC ex: set IMPORTS=c:\ndk\libc\imports
In order to build, you need to run the Perl scripts to configure the build
process and generate a make file. There is a batch file,
"netware\build.bat", to automate the process.
Build.bat runs the build configuration scripts and generates a make file.
If an assembly option is specified, it also runs the scripts to generate
the assembly code. Always run build.bat from the "openssl" directory.
netware\build [target] [debug opts] [assembly opts] [configure opts]
target - "netware-clib" - CLIB NetWare build (WinSock Sockets)
- "netware-clib-bsdsock" - CLIB NetWare build (BSD Sockets)
- "netware-libc" - LIBC NetWare build (WinSock Sockets)
- "netware-libc-bsdsock" - LIBC NetWare build (BSD Sockets)
debug opts - "debug" - build debug
assembly opts - "nw-mwasm" - use Metrowerks assembler
"nw-nasm" - use NASM assembler
"no-asm" - don't use assembly
configure opts- all unrecognized arguments are passed to the
perl 'configure' script. See that script for
internal documentation regarding options that
are available.
examples:
CLIB build, debug, without assembly:
netware\build.bat netware-clib debug no-asm
LIBC build, non-debug, using NASM assembly, add mdc2 support:
netware\build.bat netware-libc nw-nasm enable-mdc2
LIBC build, BSD sockets, non-debug, without assembly:
netware\build.bat netware-libc-bsdsock no-asm
Running build.bat generates a make file to be processed by your make
tool (gmake or nmake):
CLIB ex: gmake -f netware\nlm_clib_dbg.mak
LIBC ex: gmake -f netware\nlm_libc.mak
LIBC ex: gmake -f netware\nlm_libc_bsdsock.mak
You can also run the build scripts manually if you do not want to use the
build.bat file. Run the following scripts in the "\openssl"
subdirectory (in the order listed below):
perl configure no-asm [other config opts] [netware-clib|netware-libc|netware-libc-bsdsock]
configures no assembly build for specified netware environment
(CLIB or LIBC).
perl util\mkfiles.pl >MINFO
generates a listing of source files (used by mk1mf)
perl util\mk1mf.pl no-asm [other config opts] [netware-clib|netware-libc|netware-libc-bsdsock >netware\nlm.mak
generates the makefile for NetWare
gmake -f netware\nlm.mak
build with the make tool (nmake.exe also works)
NOTE: If you are building using the assembly option, you must also run the
various Perl scripts to generate the assembly files. See build.bat
for an example of running the various assembly scripts. You must use the
"no-asm" option to build without assembly. The configure and mk1mf scripts
also have various other options. See the scripts for more information.
The output from the build is placed in the following directories:
CLIB Debug build:
out_nw_clib.dbg - static libs & test nlm(s)
tmp_nw_clib.dbg - temporary build files
outinc_nw_clib - necessary include files
CLIB Non-debug build:
out_nw_clib - static libs & test nlm(s)
tmp_nw_clib - temporary build files
outinc_nw_clib - necesary include files
LIBC Debug build:
out_nw_libc.dbg - static libs & test nlm(s)
tmp_nw_libc.dbg - temporary build files
outinc_nw_libc - necessary include files
LIBC Non-debug build:
out_nw_libc - static libs & test nlm(s)
tmp_nw_libc - temporary build files
outinc_nw_libc - necesary include files
TESTING:
--------
The build process creates the OpenSSL static libs ( crypto.lib, ssl.lib,
rsaglue.lib ) and several test programs. You should copy the test programs
to your NetWare server and run the tests.
The batch file "netware\cpy_tests.bat" will copy all the necessary files
to your server for testing. In order to run the batch file, you need a
drive mapped to your target server. It will create an "OpenSSL" directory
on the drive and copy the test files to it. CAUTION: If a directory with the
name of "OpenSSL" already exists, it will be deleted.
To run cpy_tests.bat:
netware\cpy_tests [output directory] [NetWare drive]
output directory - "out_nw_clib.dbg", "out_nw_libc", etc.
NetWare drive - drive letter of mapped drive
CLIB ex: netware\cpy_tests out_nw_clib m:
LIBC ex: netware\cpy_tests out_nw_libc m:
The Perl script, "do_tests.pl", in the "OpenSSL" directory on the server
should be used to execute the tests. Before running the script, make sure
your SEARCH PATH includes the "OpenSSL" directory. For example, if you
copied the files to the "sys:" volume you use the command:
SEARCH ADD SYS:\OPENSSL
To run do_tests.pl type (at the console prompt):
perl \openssl\do_tests.pl [options]
options:
-p - pause after executing each test
The do_tests.pl script generates a log file "\openssl\test_out\tests.log"
which should be reviewed for errors. Any errors will be denoted by the word
"ERROR" in the log.
DEVELOPING WITH THE OPENSSL SDK:
--------------------------------
Now that everything is built and tested, you are ready to use the OpenSSL
libraries in your development.
There is no real installation procedure, just copy the static libs and
headers to your build location. The libs (crypto.lib & ssl.lib) are
located in the appropriate "out_nw_XXXX" directory
(out_nw_clib, out_nw_libc, etc).
The headers are located in the appropriate "outinc_nw_XXX" directory
(outinc_nw_clib, outinc_nw_libc).
One suggestion is to create the following directory
structure for the OpenSSL SDK:
\openssl
|- bin
| |- openssl.nlm
| |- (other tests you want)
|
|- lib
| | - crypto.lib
| | - ssl.lib
|
|- include
| | - openssl
| | | - (all the headers in "outinc_nw\openssl")
The program "openssl.nlm" can be very useful. It has dozens of
options and you may want to keep it handy for debugging, testing, etc.
When building your apps using OpenSSL, define "NETWARE". It is needed by
some of the OpenSSL headers. One way to do this is with a compile option,
for example "-DNETWARE".
NOTES:
------
Resource leaks in Tests
------------------------
Some OpenSSL tests do not clean up resources and NetWare reports
the resource leaks when the tests unload. If this really bugs you,
you can stop the messages by setting the developer option off at the console
prompt (set developer option = off). Or better yet, fix the tests to
clean up the resources!
Multi-threaded Development
---------------------------
The NetWare version of OpenSSL is thread-safe, however multi-threaded
applications must provide the necessary locking function callbacks. This
is described in doc\threads.doc. The file "openssl-x.x.x\crypto\threads\mttest.c"
is a multi-threaded test program and demonstrates the locking functions.
What is openssl2.nlm?
---------------------
The openssl program has numerous options and can be used for many different
things. Many of the options operate in an interactive mode requiring the
user to enter data. Because of this, a default screen is created for the
program. However, when running the test script it is not desirable to
have a seperate screen. Therefore, the build also creates openssl2.nlm.
Openssl2.nlm is functionally identical but uses the console screen.
Openssl2 can be used when a non-interactive mode is desired.
NOTE: There are may other possibilities (command line options, etc)
which could have been used to address the screen issue. The openssl2.nlm
option was chosen because it impacted only the build not the code.
Why only static libraries?
--------------------------
Globals, globals, and more globals. The OpenSSL code uses many global
variables that are allocated and initialized when used for the first time.
On NetWare, most applications (at least historically) run in the kernel.
When running in the kernel, there is one instance of global variables.
For regular application type NLM(s) this isn't a problem because they are
the only ones using the globals. However, for a library NLM (an NLM which
exposes functions and has no threads of execution), the globals cause
problems. Applications could inadvertently step on each other if they
change some globals. Even worse, the first application that triggers a
global to be allocated and initialized has the allocated memory charged to
itself. Now when that application unloads, NetWare will clean up all the
applicaton's memory. The global pointer variables inside OpenSSL now
point to freed memory. An abend waiting to happen!
To work correctly in the kernel, library NLM(s) that use globals need to
provide a set of globals (instance data) for each application. Another
option is to require the library only be loaded in a protected address
space along with the application using it.
Modifying the OpenSSL code to provide a set of globals (instance data) for
each application isn't technically difficult, but due to the large number
globals it would require substantial code changes and it wasn't done. Hence,
the build currently only builds static libraries which are then linked
into each application.
NOTE: If you are building a library NLM that uses the OpenSSL static
libraries, you will still have to deal with the global variable issue.
This is because when you link in the OpenSSL code you bring in all the
globals. One possible solution for the global pointer variables is to
register memory functions with OpenSSL which allocate memory and charge it
to your library NLM (see the function CRYPTO_set_mem_functions). However,
be aware that now all memory allocated by OpenSSL is charged to your NLM.
CodeWarrior Tools and W2K
---------------------------
There have been problems reported with the CodeWarrior Linker
(mwldnlm.exe) in the PDK 2.1 for NetWare when running on Windows 2000. The
problems cause the link step to fail. The only work around is to obtain an
updated linker from Metrowerks. It is expected Metrowerks will release
PDK 3.0 (in beta testing at this time - May, 2001) in the near future which
will fix these problems.
Makefile "vclean"
------------------
The generated makefile has a "vclean" target which cleans up the build
directories. If you have been building successfully and suddenly
experience problems, use "vclean" (gmake -f netware\nlm_xxxx.mak vclean) and retry.
"Undefined Symbol" Linker errors
--------------------------------
There have been linker errors reported when doing a CLIB build. The problems
occur because some versions of the CLIB SDK import files inadvertently
left out some symbols. One symbol in particular is "_lrotl". The missing
functions are actually delivered in the binaries, but they were left out of
the import files. The issues should be fixed in the September 2001 release
of the NDK. If you experience the problems you can temporarily
work around it by manually adding the missing symbols to your version of
"clib.imp".

31
deps/openssl/openssl/INSTALL.OS2 vendored
View file

@ -1,31 +0,0 @@
Installation on OS/2
--------------------
You need to have the following tools installed:
* EMX GCC
* PERL
* GNU make
To build the makefile, run
> os2\os2-emx
This will configure OpenSSL and create OS2-EMX.mak which you then use to
build the OpenSSL libraries & programs by running
> make -f os2-emx.mak
If that finishes successfully you will find the libraries and programs in the
"out" directory.
Alternatively, you can make a dynamic build that puts the library code into
crypto.dll and ssl.dll by running
> make -f os2-emx-dll.mak
This will build the above mentioned dlls and a matching pair of import
libraries in the "out_dll" directory along with the set of test programs
and the openssl application.

293
deps/openssl/openssl/INSTALL.VMS vendored
View file

@ -1,293 +0,0 @@
VMS Installation instructions
written by Richard Levitte
<richard@levitte.org>
Intro:
======
This file is divided in the following parts:
Requirements - Mandatory reading.
Checking the distribution - Mandatory reading.
Compilation - Mandatory reading.
Logical names - Mandatory reading.
Test - Mandatory reading.
Installation - Mandatory reading.
Backward portability - Read if it's an issue.
Possible bugs or quirks - A few warnings on things that
may go wrong or may surprise you.
TODO - Things that are to come.
Requirements:
=============
To build and install OpenSSL, you will need:
* DEC C or some other ANSI C compiler. VAX C is *not* supported.
[Note: OpenSSL has only been tested with DEC C. Compiling with
a different ANSI C compiler may require some work]
Checking the distribution:
==========================
There have been reports of places where the distribution didn't quite get
through, for example if you've copied the tree from a NFS-mounted Unix
mount point.
The easiest way to check if everything got through as it should is to check
for one of the following files:
[.CRYPTO]OPENSSLCONF.H_IN
[.CRYPTO]OPENSSLCONF_H.IN
They should never exist both at once, but one of them should (preferably
the first variant). If you can't find any of those two, something went
wrong.
The best way to get a correct distribution is to download the gzipped tar
file from ftp://ftp.openssl.org/source/, use GUNZIP to uncompress it and
use VMSTAR to unpack the resulting tar file.
GUNZIP is available in many places on the net. One of the distribution
points is the WKU software archive, ftp://ftp.wku.edu/vms/fileserv/ .
VMSTAR is also available in many places on the net. The recommended place
to find information about it is http://www.free.lp.se/vmstar/ .
Compilation:
============
I've used the very good command procedures written by Robert Byer
<byer@mail.all-net.net>, and just slightly modified them, making
them slightly more general and easier to maintain.
You can actually compile in almost any directory separately. Look
for a command procedure name xxx-LIB.COM (in the library directories)
or MAKExxx.COM (in the program directories) and read the comments at
the top to understand how to use them. However, if you want to
compile all you can get, the simplest is to use MAKEVMS.COM in the top
directory. The syntax is the following:
@MAKEVMS <option> <bits> <debug-p> [<compiler>]
<option> must be one of the following:
ALL Just build "everything".
CONFIG Just build the "[.CRYPTO]OPENSSLCONF.H" file.
BUILDINF Just build the "[.INCLUDE]BUILDINF.H" file.
SOFTLINKS Just copies some files, to simulate Unix soft links.
BUILDALL Same as ALL, except CONFIG, BUILDINF and SOFTLINKS aren't done.
RSAREF Just build the "[.xxx.EXE.RSAREF]LIBRSAGLUE.OLB" library.
CRYPTO Just build the "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" library.
SSL Just build the "[.xxx.EXE.SSL]LIBSSL.OLB" library.
SSL_TASK Just build the "[.xxx.EXE.SSL]SSL_TASK.EXE" program.
TEST Just build the "[.xxx.EXE.TEST]" test programs for OpenSSL.
APPS Just build the "[.xxx.EXE.APPS]" application programs for OpenSSL.
<bits> must be one of the following:
"" compile using default pointer size
32 compile using 32 bit pointer size
64 compile using 64 bit pointer size
<debug-p> must be one of the following:
DEBUG compile with debugging info (will not optimize)
NODEBUG compile without debugging info (will optimize)
<compiler> must be one of the following:
DECC For DEC C.
GNUC For GNU C.
You will find the crypto library in [.xxx.EXE.CRYPTO] (where xxx is VAX,
ALPHA or IA64), called SSL_LIBCRYPTO32.OLB or SSL_LIBCRYPTO.OLB depending
on how it was built. You will find the SSL library in [.xxx.EXE.SSL],
named SSL_LIBSSL32.OLB or SSL_LIBSSL.OLB, and you will find a bunch of
useful programs in [.xxx.EXE.APPS]. However, these shouldn't be used
right off unless it's just to test them. For production use, make sure
you install first, see Installation below.
Note 1: Some programs in this package require a TCP/IP library.
Note 2: if you want to compile the crypto library only, please make sure
you have at least done a @MAKEVMS CONFIG, a @MAKEVMS BUILDINF and
a @MAKEVMS SOFTLINKS. A lot of things will break if you don't.
Logical names:
==============
There are a few things that can't currently be given through the command
line. Instead, logical names are used.
Currently, the logical names supported are:
OPENSSL_NO_ASM with value YES, the assembler parts of OpenSSL will
not be used. Instead, plain C implementations are
used. This is good to try if something doesn't work.
OPENSSL_NO_'alg' with value YES, the corresponding crypto algorithm
will not be implemented. Supported algorithms to
do this with are: RSA, DSA, DH, MD2, MD4, MD5, RIPEMD,
SHA, DES, MDC2, CR2, RC4, RC5, IDEA, BF, CAST, HMAC,
SSL2. So, for example, having the logical name
OPENSSL_NO_RSA with the value YES means that the
LIBCRYPTO.OLB library will not contain an RSA
implementation.
Test:
=====
Testing is very simple, just do the following:
@[.TEST]TESTS
If a test fails, try with defining the logical name OPENSSL_NO_ASM (yes,
it's an ugly hack!) and rebuild. Please send a bug report to
<openssl-bugs@openssl.org>, including the output of "openssl version -a"
and of the failed test.
Installation:
=============
Installation is easy, just do the following:
@INSTALL <root> <bits>
<root> is the directory in which everything will be installed,
subdirectories, libraries, header files, programs and startup command
procedures.
<bits> works the same way as for MAKEVMS.COM
N.B.: INSTALL.COM builds a new directory structure, different from
the directory tree where you have now build OpenSSL.
In the [.VMS] subdirectory of the installation, you will find the
following command procedures:
OPENSSL_STARTUP.COM
defines all needed logical names. Takes one argument that
tells it in what logical name table to insert the logical
names. If you insert if it SYS$MANAGER:SYSTARTUP_VMS.COM, the
call should look like this:
@openssldev:[openssldir.VMS]OPENSSL_STARTUP "/SYSTEM"
OPENSSL_UTILS.COM
sets up the symbols to the applications. Should be called
from for example SYS$MANAGER:SYLOGIN.COM
OPENSSL_UNDO.COM
deassigns the logical names created with OPENSSL_STARTUP.COM.
The logical names that are set up are the following:
SSLROOT a dotted concealed logical name pointing at the
root directory.
SSLCERTS Initially an empty directory, this is the default
location for certificate files.
SSLPRIVATE Initially an empty directory, this is the default
location for private key files.
SSLEXE Contains the openssl binary and a few other utility
programs.
SSLINCLUDE Contains the header files needed if you want to
compile programs with libcrypto or libssl.
SSLLIB Contains the OpenSSL library files themselves:
- SSL_LIBCRYPTO32.OLB and SSL_LIBSSL32.OLB or
- SSL_LIBCRYPTO.OLB and SSL_LIBSSL.OLB
OPENSSL Same as SSLINCLUDE. This is because the standard
way to include OpenSSL header files from version
0.9.3 and on is:
#include <openssl/header.h>
For more info on this issue, see the INSTALL. file
(the NOTE in section 4 of "Installation in Detail").
You don't need to "deleting old header files"!!!
Backward portability:
=====================
One great problem when you build a library is making sure it will work
on as many versions of VMS as possible. Especially, code compiled on
OpenVMS version 7.x and above tend to be unusable in version 6.x or
lower, because some C library routines have changed names internally
(the C programmer won't usually see it, because the old name is
maintained through C macros). One obvious solution is to make sure
you have a development machine with an old enough version of OpenVMS.
However, if you are stuck with a bunch of Alphas running OpenVMS version
7.1, you seem to be out of luck. Fortunately, the DEC C header files
are cluttered with conditionals that make some declarations and definitions
dependent on the OpenVMS version or the C library version, *and* you
can use those macros to simulate older OpenVMS or C library versions,
by defining the macros _VMS_V6_SOURCE, __VMS_VER and __CTRL_VER with
correct values. In the compilation scripts, I've provided the possibility
for the user to influence the creation of such macros, through a bunch of
symbols, all having names starting with USER_. Here's the list of them:
USER_CCFLAGS - Used to give additional qualifiers to the
compiler. It can't be used to define macros
since the scripts will do such things as well.
To do such things, use USER_CCDEFS.
USER_CCDEFS - Used to define macros on the command line. The
value of this symbol will be inserted inside a
/DEFINE=(...).
USER_CCDISABLEWARNINGS - Used to disable some warnings. The value is
inserted inside a /DISABLE=WARNING=(...).
So, to maintain backward compatibility with older VMS versions, do the
following before you start compiling:
$ USER_CCDEFS := _VMS_V6_SOURCE=1,__VMS_VER=60000000,__CRTL_VER=60000000
$ USER_CCDISABLEWARNINGS := PREOPTW
The USER_CCDISABLEWARNINGS is there because otherwise, DEC C will complain
that those macros have been changed.
Note: Currently, this is only useful for library compilation. The
programs will still be linked with the current version of the
C library shareable image, and will thus complain if they are
faced with an older version of the same C library shareable image.
This will probably be fixed in a future revision of OpenSSL.
Possible bugs or quirks:
========================
I'm not perfectly sure all the programs will use the SSLCERTS:
directory by default, it may very well be that you have to give them
extra arguments. Please experiment.
TODO:
=====
There are a few things that need to be worked out in the VMS version of
OpenSSL, still:
- Description files. ("Makefile's" :-))
- Script code to link an already compiled build tree.
- A VMSINSTALlable version (way in the future, unless someone else hacks).
- shareable images (DLL for you Windows folks).
There may be other things that I have missed and that may be desirable.
Please send mail to <openssl-users@openssl.org> or to me directly if you
have any ideas.
--
Richard Levitte <richard@levitte.org>
2000-02-27, 2011-03-18

325
deps/openssl/openssl/INSTALL.W32 vendored
View file

@ -1,325 +0,0 @@
INSTALLATION ON THE WIN32 PLATFORM
----------------------------------
[Instructions for building for Windows CE can be found in INSTALL.WCE]
[Instructions for building for Win64 can be found in INSTALL.W64]
Here are a few comments about building OpenSSL for Win32 environments,
such as Windows NT and Windows 9x. It should be noted though that
Windows 9x are not ordinarily tested. Its mention merely means that we
attempt to maintain certain programming discipline and pay attention
to backward compatibility issues, in other words it's kind of expected
to work on Windows 9x, but no regression tests are actually performed.
On additional note newer OpenSSL versions are compiled and linked with
Winsock 2. This means that minimum OS requirement was elevated to NT 4
and Windows 98 [there is Winsock 2 update for Windows 95 though].
- you need Perl for Win32. Unless you will build on Cygwin, you will need
ActiveState Perl, available from http://www.activestate.com/ActivePerl.
- one of the following C compilers:
* Visual C++
* Borland C
* GNU C (Cygwin or MinGW)
- Netwide Assembler, a.k.a. NASM, available from http://nasm.sourceforge.net/
is required if you intend to utilize assembler modules. Note that NASM
is now the only supported assembler.
If you are compiling from a tarball or a Git snapshot then the Win32 files
may well be not up to date. This may mean that some "tweaking" is required to
get it all to work. See the trouble shooting section later on for if (when?)
it goes wrong.
Visual C++
----------
If you want to compile in the assembly language routines with Visual
C++, then you will need already mentioned Netwide Assembler binary,
nasmw.exe or nasm.exe, to be available on your %PATH%.
Firstly you should run Configure with platform VC-WIN32:
> perl Configure VC-WIN32 --prefix=c:\some\openssl\dir
Where the prefix argument specifies where OpenSSL will be installed to.
Next you need to build the Makefiles and optionally the assembly
language files:
- If you are using NASM then run:
> ms\do_nasm
- If you don't want to use the assembly language files at all then run:
> perl Configure VC-WIN32 no-asm --prefix=c:/some/openssl/dir
> ms\do_ms
If you get errors about things not having numbers assigned then check the
troubleshooting section: you probably won't be able to compile it as it
stands.
Then from the VC++ environment at a prompt do:
> nmake -f ms\ntdll.mak
If all is well it should compile and you will have some DLLs and
executables in out32dll. If you want to try the tests then do:
> nmake -f ms\ntdll.mak test
To install OpenSSL to the specified location do:
> nmake -f ms\ntdll.mak install
Tweaks:
There are various changes you can make to the Win32 compile
environment. By default the library is not compiled with debugging
symbols. If you use the platform debug-VC-WIN32 instead of VC-WIN32
then debugging symbols will be compiled in.
By default in 1.0.0 OpenSSL will compile builtin ENGINES into the
separate shared librariesy. If you specify the "enable-static-engine"
option on the command line to Configure the shared library build
(ms\ntdll.mak) will compile the engines into libeay32.dll instead.
The default Win32 environment is to leave out any Windows NT specific
features.
If you want to enable the NT specific features of OpenSSL (currently
only the logging BIO) follow the instructions above but call the batch
file do_nt.bat instead of do_ms.bat.
You can also build a static version of the library using the Makefile
ms\nt.mak
Borland C++ builder 5
---------------------
* Configure for building with Borland Builder:
> perl Configure BC-32
* Create the appropriate makefile
> ms\do_nasm
* Build
> make -f ms\bcb.mak
Borland C++ builder 3 and 4
---------------------------
* Setup PATH. First must be GNU make then bcb4/bin
* Run ms\bcb4.bat
* Run make:
> make -f bcb.mak
GNU C (Cygwin)
--------------
Cygwin implements a Posix/Unix runtime system (cygwin1.dll) on top of
Win32 subsystem and provides a bash shell and GNU tools environment.
Consequently, a make of OpenSSL with Cygwin is virtually identical to
Unix procedure. It is also possible to create Win32 binaries that only
use the Microsoft C runtime system (msvcrt.dll or crtdll.dll) using
MinGW. MinGW can be used in the Cygwin development environment or in a
standalone setup as described in the following section.
To build OpenSSL using Cygwin:
* Install Cygwin (see http://cygwin.com/)
* Install Perl and ensure it is in the path. Both Cygwin perl
(5.6.1-2 or newer) and ActivePerl work.
* Run the Cygwin bash shell
* $ tar zxvf openssl-x.x.x.tar.gz
$ cd openssl-x.x.x
To build the Cygwin version of OpenSSL:
$ ./config
[...]
$ make
[...]
$ make test
$ make install
This will create a default install in /usr/local/ssl.
To build the MinGW version (native Windows) in Cygwin:
$ ./Configure mingw
[...]
$ make
[...]
$ make test
$ make install
Cygwin Notes:
"make test" and normal file operations may fail in directories
mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin
stripping of carriage returns. To avoid this ensure that a binary
mount is used, e.g. mount -b c:\somewhere /home.
"bc" is not provided in older Cygwin distribution. This causes a
non-fatal error in "make test" but is otherwise harmless. If
desired and needed, GNU bc can be built with Cygwin without change.
GNU C (MinGW/MSYS)
-------------
* Compiler and shell environment installation:
MinGW and MSYS are available from http://www.mingw.org/, both are
required. Run the installers and do whatever magic they say it takes
to start MSYS bash shell with GNU tools on its PATH.
N.B. Since source tar-ball can contain symbolic links, it's essential
that you use accompanying MSYS tar to unpack the source. It will
either handle them in one way or another or fail to extract them,
which does the trick too. Latter means that you may safely ignore all
"cannot create symlink" messages, as they will be "re-created" at
configure stage by copying corresponding files. Alternative programs
were observed to create empty files instead, which results in build
failure.
* Compile OpenSSL:
$ ./config
[...]
$ make
[...]
$ make test
This will create the library and binaries in root source directory
and openssl.exe application in apps directory.
It is also possible to cross-compile it on Linux by configuring
with './Configure --cross-compile-prefix=i386-mingw32- mingw ...'.
'make test' is naturally not applicable then.
libcrypto.a and libssl.a are the static libraries. To use the DLLs,
link with libeay32.a and libssl32.a instead.
See troubleshooting if you get error messages about functions not
having a number assigned.
Installation
------------
If you used the Cygwin procedure above, you have already installed and
can skip this section. For all other procedures, there's currently no real
installation procedure for Win32. There are, however, some suggestions:
- do nothing. The include files are found in the inc32/ subdirectory,
all binaries are found in out32dll/ or out32/ depending if you built
dynamic or static libraries.
- do as is written in INSTALL.Win32 that comes with modssl:
$ md c:\openssl
$ md c:\openssl\bin
$ md c:\openssl\lib
$ md c:\openssl\include
$ md c:\openssl\include\openssl
$ copy /b inc32\openssl\* c:\openssl\include\openssl
$ copy /b out32dll\ssleay32.lib c:\openssl\lib
$ copy /b out32dll\libeay32.lib c:\openssl\lib
$ copy /b out32dll\ssleay32.dll c:\openssl\bin
$ copy /b out32dll\libeay32.dll c:\openssl\bin
$ copy /b out32dll\openssl.exe c:\openssl\bin
Of course, you can choose another device than c:. C: is used here
because that's usually the first (and often only) harddisk device.
Note: in the modssl INSTALL.Win32, p: is used rather than c:.
Troubleshooting
---------------
Since the Win32 build is only occasionally tested it may not always compile
cleanly. If you get an error about functions not having numbers assigned
when you run ms\do_ms then this means the Win32 ordinal files are not up to
date. You can do:
> perl util\mkdef.pl crypto ssl update
then ms\do_XXX should not give a warning any more. However the numbers that
get assigned by this technique may not match those that eventually get
assigned in the Git tree: so anything linked against this version of the
library may need to be recompiled.
If you get errors about unresolved symbols there are several possible
causes.
If this happens when the DLL is being linked and you have disabled some
ciphers then it is possible the DEF file generator hasn't removed all
the disabled symbols: the easiest solution is to edit the DEF files manually
to delete them. The DEF files are ms\libeay32.def ms\ssleay32.def.
Another cause is if you missed or ignored the errors about missing numbers
mentioned above.
If you get warnings in the code then the compilation will halt.
The default Makefile for Win32 halts whenever any warnings occur. Since VC++
has its own ideas about warnings which don't always match up to other
environments this can happen. The best fix is to edit the file with the
warning in and fix it. Alternatively you can turn off the halt on warnings by
editing the CFLAG line in the Makefile and deleting the /WX option.
You might get compilation errors. Again you will have to fix these or report
them.
One final comment about compiling applications linked to the OpenSSL library.
If you don't use the multithreaded DLL runtime library (/MD option) your
program will almost certainly crash because malloc gets confused -- the
OpenSSL DLLs are statically linked to one version, the application must
not use a different one. You might be able to work around such problems
by adding CRYPTO_malloc_init() to your program before any calls to the
OpenSSL libraries: This tells the OpenSSL libraries to use the same
malloc(), free() and realloc() as the application. However there are many
standard library functions used by OpenSSL that call malloc() internally
(e.g. fopen()), and OpenSSL cannot change these; so in general you cannot
rely on CRYPTO_malloc_init() solving your problem, and you should
consistently use the multithreaded library.
Linking your application
------------------------
If you link with static OpenSSL libraries [those built with ms/nt.mak],
then you're expected to additionally link your application with
WS2_32.LIB, GDI32.LIB, ADVAPI32.LIB, CRYPT32.LIB and USER32.LIB. Those
developing non-interactive service applications might feel concerned about
linking with GDI32.LIB and USER32.LIB, as they are justly associated with
interactive desktop, which is not available to service processes. The toolkit
is designed to detect in which context it's currently executed, GUI, console
app or service, and act accordingly, namely whether or not to actually make
GUI calls. Additionally those who wish to /DELAYLOAD:GDI32.DLL and
/DELAYLOAD:USER32.DLL and actually keep them off service process should
consider implementing and exporting from .exe image in question own
_OPENSSL_isservice not relying on USER32.DLL. E.g., on Windows Vista and
later you could:
__declspec(dllexport) __cdecl BOOL _OPENSSL_isservice(void)
{ DWORD sess;
if (ProcessIdToSessionId(GetCurrentProcessId(),&sess))
return sess==0;
return FALSE;
}
If you link with OpenSSL .DLLs, then you're expected to include into
your application code small "shim" snippet, which provides glue between
OpenSSL BIO layer and your compiler run-time. Look up OPENSSL_Applink
reference page for further details.

66
deps/openssl/openssl/INSTALL.W64 vendored
View file

@ -1,66 +0,0 @@
INSTALLATION ON THE WIN64 PLATFORM
----------------------------------
Caveat lector
-------------
As of moment of this writing Win64 support is classified "initial"
for the following reasons.
- No assembler modules are engaged upon initial 0.9.8 release.
- API might change within 0.9.8 life-span, *but* in a manner which
doesn't break backward binary compatibility. Or in other words,
application programs compiled with initial 0.9.8 headers will
be expected to work with future minor release .DLL without need
to re-compile, even if future minor release features modified API.
- Above mentioned API modifications have everything to do with
elimination of a number of limitations, which are normally
considered inherent to 32-bit platforms. Which in turn is why they
are treated as limitations on 64-bit platform such as Win64:-)
The current list comprises [but not necessarily limited to]:
- null-terminated strings may not be longer than 2G-1 bytes,
longer strings are treated as zero-length;
- dynamically and *internally* allocated chunks can't be larger
than 2G-1 bytes;
- inability to encrypt/decrypt chunks of data larger than 4GB
[it's possibly to *hash* chunks of arbitrary size through];
Neither of these is actually big deal and hardly encountered
in real-life applications.
Compiling procedure
-------------------
You will need Perl. You can run under Cygwin or you can download
ActiveState Perl from http://www.activestate.com/ActivePerl.
You will need Microsoft Platform SDK, available for download at
http://www.microsoft.com/msdownload/platformsdk/sdkupdate/. As per
April 2005 Platform SDK is equipped with Win64 compilers, as well
as assemblers, but it might change in the future.
To build for Win64/x64:
> perl Configure VC-WIN64A
> ms\do_win64a
> nmake -f ms\ntdll.mak
> cd out32dll
> ..\ms\test
To build for Win64/IA64:
> perl Configure VC-WIN64I
> ms\do_win64i
> nmake -f ms\ntdll.mak
> cd out32dll
> ..\ms\test
Naturally test-suite itself has to be executed on the target platform.
Installation
------------
TBD, for now see INSTALL.W32.

95
deps/openssl/openssl/INSTALL.WCE vendored
View file

@ -1,95 +0,0 @@
INSTALLATION FOR THE WINDOWS CE PLATFORM
----------------------------------------
Building OpenSSL for Windows CE requires the following external tools:
* Microsoft eMbedded Visual C++ 3.0 or later
* Appropriate SDK might be required
* Perl for Win32 [commonly recommended ActiveState Perl is available
from http://www.activestate.com/Products/ActivePerl/]
* wcecompat compatibility library available at
http://www.essemer.com.au/windowsce/
* Optionally ceutils for running automated tests (same location)
_or_
* PocketConsole driver and PortSDK available at
http://www.symbolictools.de/public/pocketconsole/
* CMD command interpreter (same location)
As Windows CE support in OpenSSL relies on 3rd party compatibility
library, it's appropriate to check corresponding URL for updates. For
example if you choose wcecompat, note that as for the moment of this
writing version 1.2 is available and actually required for WCE 4.2
and newer platforms. All wcecompat issues should be directed to
www.essemer.com.au.
Why compatibility library at all? The C Runtime Library implementation
for Windows CE that is included with Microsoft eMbedded Visual C++ is
incomplete and in some places incorrect. Compatibility library plugs
the holes and tries to bring the Windows CE CRT to [more] usable level.
Most gaping hole in CRT is support for stdin/stdout/stderr IO, which
proposed compatibility libraries solve in two different ways: wcecompat
redirects IO to active sync link, while PortSDK - to NT-like console
driver on the handheld itself.
Building
--------
Setup the eMbedded Visual C++ environment. There are batch files for doing
this installed with eVC++. For an ARM processor, for example, execute:
> "C:\Program Files\Microsoft eMbedded Tools\EVC\WCE300\BIN\WCEARM.BAT"
Next pick compatibility library according to your preferences.
1. To choose wcecompat set up WCECOMPAT environment variable pointing
at the location of wcecompat tree "root":
> set WCECOMPAT=C:\wcecompat
> set PORTSDK_LIBPATH=
2. To choose PortSDK set up PORTSDK_LIBPATH to point at hardware-
specific location where your portlib.lib is installed:
> set PORTSDK_LIBPATH=C:\PortSDK\lib\ARM
> set WCECOMPAT=
Note that you may not set both variables.
Next you should run Configure:
> perl Configure VC-CE
Next you need to build the Makefiles:
> ms\do_ms
If you get errors about things not having numbers assigned then check the
troubleshooting section in INSTALL.W32: you probably won't be able to compile
it as it stands.
Then from the VC++ environment at a prompt do:
> nmake -f ms\cedll.mak
[note that static builds are not supported under CE]
If all is well it should compile and you will have some DLLs and executables
in out32dll*.
<<< everyting below needs revision in respect to wcecompat vs. PortSDK >>>
If you want
to try the tests then make sure the ceutils are in the path and do:
> cd out32
> ..\ms\testce
This will copy each of the test programs to the Windows CE device and execute
them, displaying the output of the tests on this computer. The output should
look similar to the output produced by running the tests for a regular Windows
build.

4
deps/openssl/openssl/LICENSE vendored
View file

@ -4,9 +4,7 @@
The OpenSSL toolkit stays under a double license, i.e. both the conditions of
the OpenSSL License and the original SSLeay license apply to the toolkit.
See below for the actual license texts. Actually both licenses are BSD-style
Open Source licenses. In case of any license issues related to OpenSSL
please contact openssl-core@openssl.org.
See below for the actual license texts.
OpenSSL License
---------------

62
deps/openssl/openssl/MacOS/GUSI_Init.cpp vendored
View file

@ -1,62 +0,0 @@
/**************** BEGIN GUSI CONFIGURATION ****************************
*
* GUSI Configuration section generated by GUSI Configurator
* last modified: Wed Jan 5 20:33:51 2000
*
* This section will be overwritten by the next run of Configurator.
*/
#define GUSI_SOURCE
#include <GUSIConfig.h>
#include <sys/cdefs.h>
/* Declarations of Socket Factories */
__BEGIN_DECLS
void GUSIwithInetSockets();
void GUSIwithLocalSockets();
void GUSIwithMTInetSockets();
void GUSIwithMTTcpSockets();
void GUSIwithMTUdpSockets();
void GUSIwithOTInetSockets();
void GUSIwithOTTcpSockets();
void GUSIwithOTUdpSockets();
void GUSIwithPPCSockets();
void GUSISetupFactories();
__END_DECLS
/* Configure Socket Factories */
void GUSISetupFactories()
{
#ifdef GUSISetupFactories_BeginHook
GUSISetupFactories_BeginHook
#endif
GUSIwithInetSockets();
#ifdef GUSISetupFactories_EndHook
GUSISetupFactories_EndHook
#endif
}
/* Declarations of File Devices */
__BEGIN_DECLS
void GUSIwithDConSockets();
void GUSIwithNullSockets();
void GUSISetupDevices();
__END_DECLS
/* Configure File Devices */
void GUSISetupDevices()
{
#ifdef GUSISetupDevices_BeginHook
GUSISetupDevices_BeginHook
#endif
GUSIwithNullSockets();
#ifdef GUSISetupDevices_EndHook
GUSISetupDevices_EndHook
#endif
}
/**************** END GUSI CONFIGURATION *************************/

2753
deps/openssl/openssl/MacOS/GetHTTPS.src/CPStringUtils.cpp vendored
View file

File diff suppressed because it is too large Load diff

104
deps/openssl/openssl/MacOS/GetHTTPS.src/CPStringUtils.hpp vendored
View file

@ -1,104 +0,0 @@
#pragma once
#ifdef __cplusplus
extern "C" {
#endif
void CopyPStrToCStr(const unsigned char *thePStr,char *theCStr,const int maxCStrLength);
void CopyPStrToPStr(const unsigned char *theSrcPStr,unsigned char *theDstPStr,const int maxDstStrLength);
void CopyCStrToCStr(const char *theSrcCStr,char *theDstCStr,const int maxDstStrLength);
void CopyCStrToPStr(const char *theSrcCStr,unsigned char *theDstPStr,const int maxDstStrLength);
void ConcatPStrToCStr(const unsigned char *thePStr,char *theCStr,const int maxCStrLength);
void ConcatPStrToPStr(const unsigned char *theSrcPStr,unsigned char *theDstPStr,const int maxDstStrLength);
void ConcatCStrToPStr(const char *theSrcCStr,unsigned char *theDstPStr,const int maxDstStrLength);
void ConcatCStrToCStr(const char *theSrcCStr,char *theDstCStr,const int maxCStrLength);
void ConcatCharToCStr(const char theChar,char *theDstCStr,const int maxCStrLength);
void ConcatCharToPStr(const char theChar,unsigned char *theDstPStr,const int maxPStrLength);
int ComparePStrs(const unsigned char *theFirstPStr,const unsigned char *theSecondPStr,const Boolean ignoreCase = true);
int CompareCStrs(const char *theFirstCStr,const char *theSecondCStr,const Boolean ignoreCase = true);
int CompareCStrToPStr(const char *theCStr,const unsigned char *thePStr,const Boolean ignoreCase = true);
Boolean CStrsAreEqual(const char *theFirstCStr,const char *theSecondCStr,const Boolean ignoreCase = true);
Boolean PStrsAreEqual(const unsigned char *theFirstCStr,const unsigned char *theSecondCStr,const Boolean ignoreCase = true);
void CopyLongIntToCStr(const long theNum,char *theCStr,const int maxCStrLength,const int numDigits = -1);
void CopyUnsignedLongIntToCStr(const unsigned long theNum,char *theCStr,const int maxCStrLength);
void ConcatLongIntToCStr(const long theNum,char *theCStr,const int maxCStrLength,const int numDigits = -1);
void CopyCStrAndConcatLongIntToCStr(const char *theSrcCStr,const long theNum,char *theDstCStr,const int maxDstStrLength);
void CopyLongIntToPStr(const long theNum,unsigned char *thePStr,const int maxPStrLength,const int numDigits = -1);
void ConcatLongIntToPStr(const long theNum,unsigned char *thePStr,const int maxPStrLength,const int numDigits = -1);
long CStrLength(const char *theCString);
long PStrLength(const unsigned char *thePString);
OSErr CopyCStrToExistingHandle(const char *theCString,Handle theHandle);
OSErr CopyLongIntToExistingHandle(const long inTheLongInt,Handle theHandle);
OSErr CopyCStrToNewHandle(const char *theCString,Handle *theHandle);
OSErr CopyPStrToNewHandle(const unsigned char *thePString,Handle *theHandle);
OSErr CopyLongIntToNewHandle(const long inTheLongInt,Handle *theHandle);
OSErr AppendCStrToHandle(const char *theCString,Handle theHandle,long *currentLength = nil,long *maxLength = nil);
OSErr AppendCharsToHandle(const char *theChars,const int numChars,Handle theHandle,long *currentLength = nil,long *maxLength = nil);
OSErr AppendPStrToHandle(const unsigned char *thePString,Handle theHandle,long *currentLength = nil);
OSErr AppendLongIntToHandle(const long inTheLongInt,Handle theHandle,long *currentLength = nil);
void ZeroMem(void *theMemPtr,const unsigned long numBytes);
char *FindCharInCStr(const char theChar,const char *theCString);
long FindCharOffsetInCStr(const char theChar,const char *theCString,const Boolean inIgnoreCase = false);
long FindCStrOffsetInCStr(const char *theCSubstring,const char *theCString,const Boolean inIgnoreCase = false);
void CopyCSubstrToCStr(const char *theSrcCStr,const int maxCharsToCopy,char *theDstCStr,const int maxDstStrLength);
void CopyCSubstrToPStr(const char *theSrcCStr,const int maxCharsToCopy,unsigned char *theDstPStr,const int maxDstStrLength);
void InsertCStrIntoCStr(const char *theSrcCStr,const int theInsertionOffset,char *theDstCStr,const int maxDstStrLength);
void InsertPStrIntoCStr(const unsigned char *theSrcPStr,const int theInsertionOffset,char *theDstCStr,const int maxDstStrLength);
OSErr InsertCStrIntoHandle(const char *theCString,Handle theHandle,const long inInsertOffset);
void CopyCStrAndInsertCStrIntoCStr(const char *theSrcCStr,const char *theInsertCStr,char *theDstCStr,const int maxDstStrLength);
void CopyCStrAndInsertCStrsLongIntsIntoCStr(const char *theSrcCStr,const char **theInsertCStrs,const long *theLongInts,char *theDstCStr,const int maxDstStrLength);
void CopyCStrAndInsert1LongIntIntoCStr(const char *theSrcCStr,const long theNum,char *theDstCStr,const int maxDstStrLength);
void CopyCStrAndInsert2LongIntsIntoCStr(const char *theSrcCStr,const long long1,const long long2,char *theDstCStr,const int maxDstStrLength);
void CopyCStrAndInsert3LongIntsIntoCStr(const char *theSrcCStr,const long long1,const long long2,const long long3,char *theDstCStr,const int maxDstStrLength);
void CopyCStrAndInsertCStrLongIntIntoCStr(const char *theSrcCStr,const char *theInsertCStr,const long theNum,char *theDstCStr,const int maxDstStrLength);
OSErr CopyCStrAndInsertCStrLongIntIntoHandle(const char *theSrcCStr,const char *theInsertCStr,const long theNum,Handle *theHandle);
OSErr CopyIndexedWordToCStr(char *theSrcCStr,int whichWord,char *theDstCStr,int maxDstCStrLength);
OSErr CopyIndexedWordToNewHandle(char *theSrcCStr,int whichWord,Handle *outTheHandle);
OSErr CopyIndexedLineToCStr(const char *theSrcCStr,int inWhichLine,int *lineEndIndex,Boolean *gotLastLine,char *theDstCStr,const int maxDstCStrLength);
OSErr CopyIndexedLineToNewHandle(const char *theSrcCStr,int inWhichLine,Handle *outNewHandle);
OSErr ExtractIntFromCStr(const char *theSrcCStr,int *outInt,Boolean skipLeadingSpaces = true);
OSErr ExtractIntFromPStr(const unsigned char *theSrcPStr,int *outInt,Boolean skipLeadingSpaces = true);
void ConvertCStrToUpperCase(char *theSrcCStr);
int CountOccurencesOfCharInCStr(const char inChar,const char *inSrcCStr);
int CountWordsInCStr(const char *inSrcCStr);
OSErr CountDigits(const char *inCStr,int *outNumIntegerDigits,int *outNumFractDigits);
void ExtractCStrItemFromCStr(const char *inSrcCStr,const char inItemDelimiter,const int inItemNumber,Boolean *foundItem,char *outDstCharPtr,const int inDstCharPtrMaxLength,const Boolean inTreatMultipleDelimsAsSingleDelim = false);
OSErr ExtractCStrItemFromCStrIntoNewHandle(const char *inSrcCStr,const char inItemDelimiter,const int inItemNumber,Boolean *foundItem,Handle *outNewHandle,const Boolean inTreatMultipleDelimsAsSingleDelim = false);
OSErr ExtractFloatFromCStr(const char *inCString,extended80 *outFloat);
OSErr CopyFloatToCStr(const extended80 *theFloat,char *theCStr,const int maxCStrLength,const int inMaxNumIntDigits = -1,const int inMaxNumFractDigits = -1);
void SkipWhiteSpace(char **ioSrcCharPtr,const Boolean inStopAtEOL = false);
#ifdef __cplusplus
}
#endif

170
deps/openssl/openssl/MacOS/GetHTTPS.src/ErrorHandling.cpp vendored
View file

@ -1,170 +0,0 @@
/* ====================================================================
* Copyright (c) 1998-1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include "ErrorHandling.hpp"
#include "CPStringUtils.hpp"
#ifdef __EXCEPTIONS_ENABLED__
#include "CMyException.hpp"
#endif
static char gErrorMessageBuffer[512];
char *gErrorMessage = gErrorMessageBuffer;
int gErrorMessageMaxLength = sizeof(gErrorMessageBuffer);
void SetErrorMessage(const char *theErrorMessage)
{
if (theErrorMessage != nil)
{
CopyCStrToCStr(theErrorMessage,gErrorMessage,gErrorMessageMaxLength);
}
}
void SetErrorMessageAndAppendLongInt(const char *theErrorMessage,const long theLongInt)
{
if (theErrorMessage != nil)
{
CopyCStrAndConcatLongIntToCStr(theErrorMessage,theLongInt,gErrorMessage,gErrorMessageMaxLength);
}
}
void SetErrorMessageAndCStrAndLongInt(const char *theErrorMessage,const char * theCStr,const long theLongInt)
{
if (theErrorMessage != nil)
{
CopyCStrAndInsertCStrLongIntIntoCStr(theErrorMessage,theCStr,theLongInt,gErrorMessage,gErrorMessageMaxLength);
}
}
void SetErrorMessageAndCStr(const char *theErrorMessage,const char * theCStr)
{
if (theErrorMessage != nil)
{
CopyCStrAndInsertCStrLongIntIntoCStr(theErrorMessage,theCStr,-1,gErrorMessage,gErrorMessageMaxLength);
}
}
void AppendCStrToErrorMessage(const char *theErrorMessage)
{
if (theErrorMessage != nil)
{
ConcatCStrToCStr(theErrorMessage,gErrorMessage,gErrorMessageMaxLength);
}
}
void AppendLongIntToErrorMessage(const long theLongInt)
{
ConcatLongIntToCStr(theLongInt,gErrorMessage,gErrorMessageMaxLength);
}
char *GetErrorMessage(void)
{
return gErrorMessage;
}
OSErr GetErrorMessageInNewHandle(Handle *inoutHandle)
{
OSErr errCode;
errCode = CopyCStrToNewHandle(gErrorMessage,inoutHandle);
return(errCode);
}
OSErr GetErrorMessageInExistingHandle(Handle inoutHandle)
{
OSErr errCode;
errCode = CopyCStrToExistingHandle(gErrorMessage,inoutHandle);
return(errCode);
}
OSErr AppendErrorMessageToHandle(Handle inoutHandle)
{
OSErr errCode;
errCode = AppendCStrToHandle(gErrorMessage,inoutHandle,nil);
return(errCode);
}
#ifdef __EXCEPTIONS_ENABLED__
void ThrowErrorMessageException(void)
{
ThrowDescriptiveException(gErrorMessage);
}
#endif

147
deps/openssl/openssl/MacOS/GetHTTPS.src/ErrorHandling.hpp vendored
View file

@ -1,147 +0,0 @@
#ifdef __cplusplus
extern "C" {
#endif
#ifndef kGenericError
#define kGenericError -1
#endif
extern char *gErrorMessage;
void SetErrorMessage(const char *theErrorMessage);
void SetErrorMessageAndAppendLongInt(const char *theErrorMessage,const long theLongInt);
void SetErrorMessageAndCStrAndLongInt(const char *theErrorMessage,const char * theCStr,const long theLongInt);
void SetErrorMessageAndCStr(const char *theErrorMessage,const char * theCStr);
void AppendCStrToErrorMessage(const char *theErrorMessage);
void AppendLongIntToErrorMessage(const long theLongInt);
char *GetErrorMessage(void);
OSErr GetErrorMessageInNewHandle(Handle *inoutHandle);
OSErr GetErrorMessageInExistingHandle(Handle inoutHandle);
OSErr AppendErrorMessageToHandle(Handle inoutHandle);
#ifdef __EXCEPTIONS_ENABLED__
void ThrowErrorMessageException(void);
#endif
// A bunch of evil macros that would be unnecessary if I were always using C++ !
#define SetErrorMessageAndBailIfNil(theArg,theMessage) \
{ \
if (theArg == nil) \
{ \
SetErrorMessage(theMessage); \
errCode = kGenericError; \
goto EXITPOINT; \
} \
}
#define SetErrorMessageAndBail(theMessage) \
{ \
SetErrorMessage(theMessage); \
errCode = kGenericError; \
goto EXITPOINT; \
}
#define SetErrorMessageAndLongIntAndBail(theMessage,theLongInt) \
{ \
SetErrorMessageAndAppendLongInt(theMessage,theLongInt); \
errCode = kGenericError; \
goto EXITPOINT; \
}
#define SetErrorMessageAndLongIntAndBailIfError(theErrCode,theMessage,theLongInt) \
{ \
if (theErrCode != noErr) \
{ \
SetErrorMessageAndAppendLongInt(theMessage,theLongInt); \
errCode = theErrCode; \
goto EXITPOINT; \
} \
}
#define SetErrorMessageCStrLongIntAndBailIfError(theErrCode,theMessage,theCStr,theLongInt) \
{ \
if (theErrCode != noErr) \
{ \
SetErrorMessageAndCStrAndLongInt(theMessage,theCStr,theLongInt); \
errCode = theErrCode; \
goto EXITPOINT; \
} \
}
#define SetErrorMessageAndCStrAndBail(theMessage,theCStr) \
{ \
SetErrorMessageAndCStr(theMessage,theCStr); \
errCode = kGenericError; \
goto EXITPOINT; \
}
#define SetErrorMessageAndBailIfError(theErrCode,theMessage) \
{ \
if (theErrCode != noErr) \
{ \
SetErrorMessage(theMessage); \
errCode = theErrCode; \
goto EXITPOINT; \
} \
}
#define SetErrorMessageAndLongIntAndBailIfNil(theArg,theMessage,theLongInt) \
{ \
if (theArg == nil) \
{ \
SetErrorMessageAndAppendLongInt(theMessage,theLongInt); \
errCode = kGenericError; \
goto EXITPOINT; \
} \
}
#define BailIfError(theErrCode) \
{ \
if ((theErrCode) != noErr) \
{ \
goto EXITPOINT; \
} \
}
#define SetErrCodeAndBail(theErrCode) \
{ \
errCode = theErrCode; \
\
goto EXITPOINT; \
}
#define SetErrorCodeAndMessageAndBail(theErrCode,theMessage) \
{ \
SetErrorMessage(theMessage); \
errCode = theErrCode; \
goto EXITPOINT; \
}
#define BailNow() \
{ \
errCode = kGenericError; \
goto EXITPOINT; \
}
#ifdef __cplusplus
}
#endif

209
deps/openssl/openssl/MacOS/GetHTTPS.src/GetHTTPS.cpp vendored
View file

@ -1,209 +0,0 @@
/*
* An demo illustrating how to retrieve a URI from a secure HTTP server.
*
* Author: Roy Wood
* Date: September 7, 1999
* Comments: This relies heavily on my MacSockets library.
* This project is also set up so that it expects the OpenSSL source folder (0.9.4 as I write this)
* to live in a folder called "OpenSSL-0.9.4" in this project's parent folder. For example:
*
* Macintosh HD:
* Development:
* OpenSSL-0.9.4:
* (OpenSSL sources here)
* OpenSSL Example:
* (OpenSSL example junk here)
*
*
* Also-- before attempting to compile this, make sure the aliases in "OpenSSL-0.9.4:include:openssl"
* are installed! Use the AppleScript applet in the "openssl-0.9.4" folder to do this!
*/
/* modified to seed the PRNG */
/* modified to use CRandomizer for seeding */
// Include some funky libs I've developed over time
#include "CPStringUtils.hpp"
#include "ErrorHandling.hpp"
#include "MacSocket.h"
#include "Randomizer.h"
// We use the OpenSSL implementation of SSL....
// This was a lot of work to finally get going, though you wouldn't know it by the results!
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <timer.h>
// Let's try grabbing some data from here:
#define kHTTPS_DNS "www.apache-ssl.org"
#define kHTTPS_Port 443
#define kHTTPS_URI "/"
// Forward-declare this
OSErr MyMacSocket_IdleWaitCallback(void *inUserRefPtr);
// My idle-wait callback. Doesn't do much, does it? Silly cooperative multitasking.
OSErr MyMacSocket_IdleWaitCallback(void *inUserRefPtr)
{
#pragma unused(inUserRefPtr)
EventRecord theEvent;
::EventAvail(everyEvent,&theEvent);
CRandomizer *randomizer = (CRandomizer*)inUserRefPtr;
if (randomizer)
randomizer->PeriodicAction();
return(noErr);
}
// Finally!
void main(void)
{
OSErr errCode;
int theSocket = -1;
int theTimeout = 30;
SSL_CTX *ssl_ctx = nil;
SSL *ssl = nil;
char tempString[256];
UnsignedWide microTickCount;
CRandomizer randomizer;
printf("OpenSSL Demo by Roy Wood, roy@centricsystems.ca\n\n");
BailIfError(errCode = MacSocket_Startup());
// Create a socket-like object
BailIfError(errCode = MacSocket_socket(&theSocket,false,theTimeout * 60,MyMacSocket_IdleWaitCallback,&randomizer));
// Set up the connect string and try to connect
CopyCStrAndInsertCStrLongIntIntoCStr("%s:%ld",kHTTPS_DNS,kHTTPS_Port,tempString,sizeof(tempString));
printf("Connecting to %s....\n",tempString);
BailIfError(errCode = MacSocket_connect(theSocket,tempString));
// Init SSL stuff
SSL_load_error_strings();
SSLeay_add_ssl_algorithms();
// Pick the SSL method
// ssl_ctx = SSL_CTX_new(SSLv2_client_method());
ssl_ctx = SSL_CTX_new(SSLv23_client_method());
// ssl_ctx = SSL_CTX_new(SSLv3_client_method());
// Create an SSL thingey and try to negotiate the connection
ssl = SSL_new(ssl_ctx);
SSL_set_fd(ssl,theSocket);
errCode = SSL_connect(ssl);
if (errCode < 0)
{
SetErrorMessageAndLongIntAndBail("OpenSSL: Can't initiate SSL connection, SSL_connect() = ",errCode);
}
// Request the URI from the host
CopyCStrToCStr("GET ",tempString,sizeof(tempString));
ConcatCStrToCStr(kHTTPS_URI,tempString,sizeof(tempString));
ConcatCStrToCStr(" HTTP/1.0\r\n\r\n",tempString,sizeof(tempString));
errCode = SSL_write(ssl,tempString,CStrLength(tempString));
if (errCode < 0)
{
SetErrorMessageAndLongIntAndBail("OpenSSL: Error writing data via ssl, SSL_write() = ",errCode);
}
for (;;)
{
char tempString[256];
int bytesRead;
// Read some bytes and dump them to the console
bytesRead = SSL_read(ssl,tempString,sizeof(tempString) - 1);
if (bytesRead == 0 && MacSocket_RemoteEndIsClosing(theSocket))
{
break;
}
else if (bytesRead < 0)
{
SetErrorMessageAndLongIntAndBail("OpenSSL: Error reading data via ssl, SSL_read() = ",bytesRead);
}
tempString[bytesRead] = '\0';
printf("%s", tempString);
}
printf("\n\n\n");
// All done!
errCode = noErr;
EXITPOINT:
// Clean up and go home
if (theSocket >= 0)
{
MacSocket_close(theSocket);
}
if (ssl != nil)
{
SSL_free(ssl);
}
if (ssl_ctx != nil)
{
SSL_CTX_free(ssl_ctx);
}
if (errCode != noErr)
{
printf("An error occurred:\n");
printf("%s",GetErrorMessage());
}
MacSocket_Shutdown();
}

1607
deps/openssl/openssl/MacOS/GetHTTPS.src/MacSocket.cpp vendored
View file

File diff suppressed because it is too large Load diff

104
deps/openssl/openssl/MacOS/GetHTTPS.src/MacSocket.h vendored
View file

@ -1,104 +0,0 @@
#pragma once
#ifdef __cplusplus
extern "C" {
#endif
enum {
kMacSocket_TimeoutErr = -2
};
// Since MacSocket does busy waiting, I do a callback while waiting
typedef OSErr(*MacSocket_IdleWaitCallback) (void *);
// Call this before anything else!
OSErr MacSocket_Startup(void);
// Call this to cleanup before quitting
OSErr MacSocket_Shutdown(void);
// Call this to allocate a "socket" (reference number is returned in
// outSocketNum)
// Note that inDoThreadSwitching is pretty much irrelevant right now, since I
// ignore it
// The inTimeoutTicks parameter is applied during reads/writes of data
// The inIdleWaitCallback parameter specifies a callback which is called
// during busy-waiting periods
// The inUserRefPtr parameter is passed back to the idle-wait callback
OSErr MacSocket_socket(int *outSocketNum, const Boolean inDoThreadSwitching,
const long inTimeoutTicks,
MacSocket_IdleWaitCallback inIdleWaitCallback,
void *inUserRefPtr);
// Call this to connect to an IP/DNS address
// Note that inTargetAddressAndPort is in "IP:port" format-- e.g.
// 10.1.1.1:123
OSErr MacSocket_connect(const int inSocketNum, char *inTargetAddressAndPort);
// Call this to listen on a port
// Since this a low-performance implementation, I allow a maximum of 1 (one!)
// incoming request when I listen
OSErr MacSocket_listen(const int inSocketNum, const int inPortNum);
// Call this to close a socket
OSErr MacSocket_close(const int inSocketNum);
// Call this to receive data on a socket
// Most parameters' purpose are obvious-- except maybe "inBlock" which
// controls whether I wait for data or return immediately
int MacSocket_recv(const int inSocketNum, void *outBuff, int outBuffLength,
const Boolean inBlock);
// Call this to send data on a socket
int MacSocket_send(const int inSocketNum, const void *inBuff,
int inBuffLength);
// If zero bytes were read in a call to MacSocket_recv(), it may be that the
// remote end has done a half-close
// This function will let you check whether that's true or not
Boolean MacSocket_RemoteEndIsClosing(const int inSocketNum);
// Call this to see if the listen has completed after a call to
// MacSocket_listen()
Boolean MacSocket_ListenCompleted(const int inSocketNum);
// These really aren't very useful anymore
Boolean MacSocket_LocalEndIsOpen(const int inSocketNum);
Boolean MacSocket_RemoteEndIsOpen(const int inSocketNum);
// You may wish to change the userRefPtr for a socket callback-- use this to
// do it
void MacSocket_SetUserRefPtr(const int inSocketNum, void *inNewRefPtr);
// Call these to get the socket's IP:port descriptor
void MacSocket_GetLocalIPAndPort(const int inSocketNum, char *outIPAndPort,
const int inIPAndPortLength);
void MacSocket_GetRemoteIPAndPort(const int inSocketNum, char *outIPAndPort,
const int inIPAndPortLength);
// Call this to get error info from a socket
void MacSocket_GetSocketErrorInfo(const int inSocketNum,
int *outSocketErrCode,
char *outSocketErrString,
const int inSocketErrStringMaxLength);
#ifdef __cplusplus
}
#endif

4940
deps/openssl/openssl/MacOS/OpenSSL.mcp.hqx vendored
View file

File diff suppressed because it is too large Load diff

476
deps/openssl/openssl/MacOS/Randomizer.cpp vendored
View file

@ -1,476 +0,0 @@
/*
------- Strong random data generation on a Macintosh (pre - OS X) ------
-- GENERAL: We aim to generate unpredictable bits without explicit
user interaction. A general review of the problem may be found
in RFC 1750, "Randomness Recommendations for Security", and some
more discussion, of general and Mac-specific issues has appeared
in "Using and Creating Cryptographic- Quality Random Numbers" by
Jon Callas (www.merrymeet.com/jon/usingrandom.html).
The data and entropy estimates provided below are based on my
limited experimentation and estimates, rather than by any
rigorous study, and the entropy estimates tend to be optimistic.
They should not be considered absolute.
Some of the information being collected may be correlated in
subtle ways. That includes mouse positions, timings, and disk
size measurements. Some obvious correlations will be eliminated
by the programmer, but other, weaker ones may remain. The
reliability of the code depends on such correlations being
poorly understood, both by us and by potential interceptors.
This package has been planned to be used with OpenSSL, v. 0.9.5.
It requires the OpenSSL function RAND_add.
-- OTHER WORK: Some source code and other details have been
published elsewhere, but I haven't found any to be satisfactory
for the Mac per se:
* The Linux random number generator (by Theodore Ts'o, in
drivers/char/random.c), is a carefully designed open-source
crypto random number package. It collects data from a variety
of sources, including mouse, keyboard and other interrupts.
One nice feature is that it explicitly estimates the entropy
of the data it collects. Some of its features (e.g. interrupt
timing) cannot be reliably exported to the Mac without using
undocumented APIs.
* Truerand by Don P. Mitchell and Matt Blaze uses variations
between different timing mechanisms on the same system. This
has not been tested on the Mac, but requires preemptive
multitasking, and is hardware-dependent, and can't be relied
on to work well if only one oscillator is present.
* Cryptlib's RNG for the Mac (RNDMAC.C by Peter Gutmann),
gathers a lot of information about the machine and system
environment. Unfortunately, much of it is constant from one
startup to the next. In other words, the random seed could be
the same from one day to the next. Some of the APIs are
hardware-dependent, and not all are compatible with Carbon (OS
X). Incidentally, the EGD library is based on the UNIX entropy
gathering methods in cryptlib, and isn't suitable for MacOS
either.
* Mozilla (and perhaps earlier versions of Netscape) uses the
time of day (in seconds) and an uninitialized local variable
to seed the random number generator. The time of day is known
to an outside interceptor (to within the accuracy of the
system clock). The uninitialized variable could easily be
identical between subsequent launches of an application, if it
is reached through the same path.
* OpenSSL provides the function RAND_screen(), by G. van
Oosten, which hashes the contents of the screen to generate a
seed. This is not useful for an extension or for an
application which launches at startup time, since the screen
is likely to look identical from one launch to the next. This
method is also rather slow.
* Using variations in disk drive seek times has been proposed
(Davis, Ihaka and Fenstermacher, world.std.com/~dtd/;
Jakobsson, Shriver, Hillyer and Juels,
www.bell-labs.com/user/shriver/random.html). These variations
appear to be due to air turbulence inside the disk drive
mechanism, and are very strongly unpredictable. Unfortunately
this technique is slow, and some implementations of it may be
patented (see Shriver's page above.) It of course cannot be
used with a RAM disk.
-- TIMING: On the 601 PowerPC the time base register is guaranteed
to change at least once every 10 addi instructions, i.e. 10
cycles. On a 60 MHz machine (slowest PowerPC) this translates to
a resolution of 1/6 usec. Newer machines seem to be using a 10
cycle resolution as well.
For 68K Macs, the Microseconds() call may be used. See Develop
issue 29 on the Apple developer site
(developer.apple.com/dev/techsupport/develop/issue29/minow.html)
for information on its accuracy and resolution. The code below
has been tested only on PowerPC based machines.
The time from machine startup to the launch of an application in
the startup folder has a variance of about 1.6 msec on a new G4
machine with a defragmented and optimized disk, most extensions
off and no icons on the desktop. This can be reasonably taken as
a lower bound on the variance. Most of this variation is likely
due to disk seek time variability. The distribution of startup
times is probably not entirely even or uncorrelated. This needs
to be investigated, but I am guessing that it not a majpor
problem. Entropy = log2 (1600/0.166) ~= 13 bits on a 60 MHz
machine, ~16 bits for a 450 MHz machine.
User-launched application startup times will have a variance of
a second or more relative to machine startup time. Entropy >~22
bits.
Machine startup time is available with a 1-second resolution. It
is predictable to no better a minute or two, in the case of
people who show up punctually to work at the same time and
immediately start their computer. Using the scheduled startup
feature (when available) will cause the machine to start up at
the same time every day, making the value predictable. Entropy
>~7 bits, or 0 bits with scheduled startup.
The time of day is of course known to an outsider and thus has 0
entropy if the system clock is regularly calibrated.
-- KEY TIMING: A very fast typist (120 wpm) will have a typical
inter-key timing interval of 100 msec. We can assume a variance
of no less than 2 msec -- maybe. Do good typists have a constant
rhythm, like drummers? Since what we measure is not the
key-generated interrupt but the time at which the key event was
taken off the event queue, our resolution is roughly the time
between process switches, at best 1 tick (17 msec). I therefore
consider this technique questionable and not very useful for
obtaining high entropy data on the Mac.
-- MOUSE POSITION AND TIMING: The high bits of the mouse position
are far from arbitrary, since the mouse tends to stay in a few
limited areas of the screen. I am guessing that the position of
the mouse is arbitrary within a 6 pixel square. Since the mouse
stays still for long periods of time, it should be sampled only
after it was moved, to avoid correlated data. This gives an
entropy of log2(6*6) ~= 5 bits per measurement.
The time during which the mouse stays still can vary from zero
to, say, 5 seconds (occasionally longer). If the still time is
measured by sampling the mouse during null events, and null
events are received once per tick, its resolution is 1/60th of a
second, giving an entropy of log2 (60*5) ~= 8 bits per
measurement. Since the distribution of still times is uneven,
this estimate is on the high side.
For simplicity and compatibility across system versions, the
mouse is to be sampled explicitly (e.g. in the event loop),
rather than in a time manager task.
-- STARTUP DISK TOTAL FILE SIZE: Varies typically by at least 20k
from one startup to the next, with 'minimal' computer use. Won't
vary at all if machine is started again immediately after
startup (unless virtual memory is on), but any application which
uses the web and caches information to disk is likely to cause
this much variation or more. The variation is probably not
random, but I don't know in what way. File sizes tend to be
divisible by 4 bytes since file format fields are often
long-aligned. Entropy > log2 (20000/4) ~= 12 bits.
-- STARTUP DISK FIRST AVAILABLE ALLOCATION BLOCK: As the volume
gets fragmented this could be anywhere in principle. In a
perfectly unfragmented volume this will be strongly correlated
with the total file size on the disk. With more fragmentation
comes less certainty. I took the variation in this value to be
1/8 of the total file size on the volume.
-- SYSTEM REQUIREMENTS: The code here requires System 7.0 and above
(for Gestalt and Microseconds calls). All the calls used are
Carbon-compatible.
*/
/*------------------------------ Includes ----------------------------*/
#include "Randomizer.h"
// Mac OS API
#include <Files.h>
#include <Folders.h>
#include <Events.h>
#include <Processes.h>
#include <Gestalt.h>
#include <Resources.h>
#include <LowMem.h>
// Standard C library
#include <stdlib.h>
#include <math.h>
/*---------------------- Function declarations -----------------------*/
// declared in OpenSSL/crypto/rand/rand.h
extern "C" void RAND_add (const void *buf, int num, double entropy);
unsigned long GetPPCTimer (bool is601); // Make it global if needed
// elsewhere
/*---------------------------- Constants -----------------------------*/
#define kMouseResolution 6 // Mouse position has to differ
// from the last one by this
// much to be entered
#define kMousePositionEntropy 5.16 // log2 (kMouseResolution**2)
#define kTypicalMouseIdleTicks 300.0 // I am guessing that a typical
// amount of time between mouse
// moves is 5 seconds
#define kVolumeBytesEntropy 12.0 // about log2 (20000/4),
// assuming a variation of 20K
// in total file size and
// long-aligned file formats.
#define kApplicationUpTimeEntropy 6.0 // Variance > 1 second, uptime
// in ticks
#define kSysStartupEntropy 7.0 // Entropy for machine startup
// time
/*------------------------ Function definitions ----------------------*/
CRandomizer::CRandomizer (void)
{
long result;
mSupportsLargeVolumes =
(Gestalt(gestaltFSAttr, &result) == noErr) &&
((result & (1L << gestaltFSSupports2TBVols)) != 0);
if (Gestalt (gestaltNativeCPUtype, &result) != noErr)
{
mIsPowerPC = false;
mIs601 = false;
}
else
{
mIs601 = (result == gestaltCPU601);
mIsPowerPC = (result >= gestaltCPU601);
}
mLastMouse.h = mLastMouse.v = -10; // First mouse will
// always be recorded
mLastPeriodicTicks = TickCount();
GetTimeBaseResolution ();
// Add initial entropy
AddTimeSinceMachineStartup ();
AddAbsoluteSystemStartupTime ();
AddStartupVolumeInfo ();
AddFiller ();
}
void CRandomizer::PeriodicAction (void)
{
AddCurrentMouse ();
AddNow (0.0); // Should have a better entropy estimate here
mLastPeriodicTicks = TickCount();
}
/*------------------------- Private Methods --------------------------*/
void CRandomizer::AddCurrentMouse (void)
{
Point mouseLoc;
unsigned long lastCheck; // Ticks since mouse was last
// sampled
#if TARGET_API_MAC_CARBON
GetGlobalMouse (&mouseLoc);
#else
mouseLoc = LMGetMouseLocation();
#endif
if (labs (mLastMouse.h - mouseLoc.h) > kMouseResolution/2 &&
labs (mLastMouse.v - mouseLoc.v) > kMouseResolution/2)
AddBytes (&mouseLoc, sizeof(mouseLoc),
kMousePositionEntropy);
if (mLastMouse.h == mouseLoc.h && mLastMouse.v == mouseLoc.v)
mMouseStill ++;
else
{
double entropy;
// Mouse has moved. Add the number of measurements for
// which it's been still. If the resolution is too
// coarse, assume the entropy is 0.
lastCheck = TickCount() - mLastPeriodicTicks;
if (lastCheck <= 0)
lastCheck = 1;
entropy = log2l
(kTypicalMouseIdleTicks/(double)lastCheck);
if (entropy < 0.0)
entropy = 0.0;
AddBytes (&mMouseStill, sizeof(mMouseStill), entropy);
mMouseStill = 0;
}
mLastMouse = mouseLoc;
}
void CRandomizer::AddAbsoluteSystemStartupTime (void)
{
unsigned long now; // Time in seconds since
// 1/1/1904
GetDateTime (&now);
now -= TickCount() / 60; // Time in ticks since machine
// startup
AddBytes (&now, sizeof(now), kSysStartupEntropy);
}
void CRandomizer::AddTimeSinceMachineStartup (void)
{
AddNow (1.5); // Uncertainty in app startup
// time is > 1.5 msec (for
// automated app startup).
}
void CRandomizer::AddAppRunningTime (void)
{
ProcessSerialNumber PSN;
ProcessInfoRec ProcessInfo;
ProcessInfo.processInfoLength = sizeof(ProcessInfoRec);
ProcessInfo.processName = nil;
ProcessInfo.processAppSpec = nil;
GetCurrentProcess (&PSN);
GetProcessInformation (&PSN, &ProcessInfo);
// Now add the amount of time in ticks that the current process
// has been active
AddBytes (&ProcessInfo, sizeof(ProcessInfoRec),
kApplicationUpTimeEntropy);
}
void CRandomizer::AddStartupVolumeInfo (void)
{
short vRefNum;
long dirID;
XVolumeParam pb;
OSErr err;
if (!mSupportsLargeVolumes)
return;
FindFolder (kOnSystemDisk, kSystemFolderType, kDontCreateFolder,
&vRefNum, &dirID);
pb.ioVRefNum = vRefNum;
pb.ioCompletion = 0;
pb.ioNamePtr = 0;
pb.ioVolIndex = 0;
err = PBXGetVolInfoSync (&pb);
if (err != noErr)
return;
// Base the entropy on the amount of space used on the disk and
// on the next available allocation block. A lot else might be
// unpredictable, so might as well toss the whole block in. See
// comments for entropy estimate justifications.
AddBytes (&pb, sizeof(pb),
kVolumeBytesEntropy +
log2l (((pb.ioVTotalBytes.hi - pb.ioVFreeBytes.hi)
* 4294967296.0D +
(pb.ioVTotalBytes.lo - pb.ioVFreeBytes.lo))
/ pb.ioVAlBlkSiz - 3.0));
}
/*
On a typical startup CRandomizer will come up with about 60
bits of good, unpredictable data. Assuming no more input will
be available, we'll need some more lower-quality data to give
OpenSSL the 128 bits of entropy it desires. AddFiller adds some
relatively predictable data into the soup.
*/
void CRandomizer::AddFiller (void)
{
struct
{
ProcessSerialNumber psn; // Front process serial
// number
RGBColor hiliteRGBValue; // User-selected
// highlight color
long processCount; // Number of active
// processes
long cpuSpeed; // Processor speed
long totalMemory; // Total logical memory
// (incl. virtual one)
long systemVersion; // OS version
short resFile; // Current resource file
} data;
GetNextProcess ((ProcessSerialNumber*) kNoProcess);
while (GetNextProcess (&data.psn) == noErr)
data.processCount++;
GetFrontProcess (&data.psn);
LMGetHiliteRGB (&data.hiliteRGBValue);
Gestalt (gestaltProcClkSpeed, &data.cpuSpeed);
Gestalt (gestaltLogicalRAMSize, &data.totalMemory);
Gestalt (gestaltSystemVersion, &data.systemVersion);
data.resFile = CurResFile ();
// Here we pretend to feed the PRNG completely random data. This
// is of course false, as much of the above data is predictable
// by an outsider. At this point we don't have any more
// randomness to add, but with OpenSSL we must have a 128 bit
// seed before we can start. We just add what we can, without a
// real entropy estimate, and hope for the best.
AddBytes (&data, sizeof(data), 8.0 * sizeof(data));
AddCurrentMouse ();
AddNow (1.0);
}
//------------------- LOW LEVEL ---------------------
void CRandomizer::AddBytes (void *data, long size, double entropy)
{
RAND_add (data, size, entropy * 0.125); // Convert entropy bits
// to bytes
}
void CRandomizer::AddNow (double millisecondUncertainty)
{
long time = SysTimer();
AddBytes (&time, sizeof(time), log2l (millisecondUncertainty *
mTimebaseTicksPerMillisec));
}
//----------------- TIMING SUPPORT ------------------
void CRandomizer::GetTimeBaseResolution (void)
{
#ifdef __powerc
long speed;
// gestaltProcClkSpeed available on System 7.5.2 and above
if (Gestalt (gestaltProcClkSpeed, &speed) != noErr)
// Only PowerPCs running pre-7.5.2 are 60-80 MHz
// machines.
mTimebaseTicksPerMillisec = 6000.0D;
// Assume 10 cycles per clock update, as in 601 spec. Seems true
// for later chips as well.
mTimebaseTicksPerMillisec = speed / 1.0e4D;
#else
// 68K VIA-based machines (see Develop Magazine no. 29)
mTimebaseTicksPerMillisec = 783.360D;
#endif
}
unsigned long CRandomizer::SysTimer (void) // returns the lower 32
// bit of the chip timer
{
#ifdef __powerc
return GetPPCTimer (mIs601);
#else
UnsignedWide usec;
Microseconds (&usec);
return usec.lo;
#endif
}
#ifdef __powerc
// The timebase is available through mfspr on 601, mftb on later chips.
// Motorola recommends that an 601 implementation map mftb to mfspr
// through an exception, but I haven't tested to see if MacOS actually
// does this. We only sample the lower 32 bits of the timer (i.e. a
// few minutes of resolution)
asm unsigned long GetPPCTimer (register bool is601)
{
cmplwi is601, 0 // Check if 601
bne _601 // if non-zero goto _601
mftb r3 // Available on 603 and later.
blr // return with result in r3
_601:
mfspr r3, spr5 // Available on 601 only.
// blr inserted automatically
}
#endif

42
deps/openssl/openssl/MacOS/Randomizer.h vendored
View file

@ -1,42 +0,0 @@
// Gathers unpredictable system data to be used for generating
// random bits
#include <MacTypes.h>
class CRandomizer {
public:
CRandomizer(void);
void PeriodicAction(void);
private:
// Private calls
void AddTimeSinceMachineStartup(void);
void AddAbsoluteSystemStartupTime(void);
void AddAppRunningTime(void);
void AddStartupVolumeInfo(void);
void AddFiller(void);
void AddCurrentMouse(void);
void AddNow(double millisecondUncertainty);
void AddBytes(void *data, long size, double entropy);
void GetTimeBaseResolution(void);
unsigned long SysTimer(void);
// System Info
bool mSupportsLargeVolumes;
bool mIsPowerPC;
bool mIs601;
// Time info
double mTimebaseTicksPerMillisec;
unsigned long mLastPeriodicTicks;
// Mouse info
long mSamplePeriod;
Point mLastMouse;
long mMouseStill;
};

18
deps/openssl/openssl/MacOS/TODO vendored
View file

@ -1,18 +0,0 @@
-------------------------------------------------------------------
Verify server certificate
-------------------------------------------------------------------
Currently omitted from the project:
crypto/tmdiff.c
crypto/bio/bss_conn.c
crypto/bio/b_sock.c
crypto/bio/bss_acpt.c
crypto/bio/bss_log.h
-------------------------------------------------------------------
Build libraries to link with...
-------------------------------------------------------------------
Port openssl application.
-------------------------------------------------------------------
BN optimizations (currently PPC version is compiled with BN_LLONG)
-------------------------------------------------------------------

9
deps/openssl/openssl/MacOS/_MWERKS_GUSI_prefix.h vendored
View file

@ -1,9 +0,0 @@
#include <MacHeaders.h>
#define B_ENDIAN
#ifdef __POWERPC__
# pragma longlong on
#endif
#if 1
# define MAC_OS_GUSI_SOURCE
#endif
#define MONOLITH

9
deps/openssl/openssl/MacOS/_MWERKS_prefix.h vendored
View file

@ -1,9 +0,0 @@
#include <MacHeaders.h>
#define B_ENDIAN
#ifdef __POWERPC__
# pragma longlong on
#endif
#if 0
# define MAC_OS_GUSI_SOURCE
#endif
#define MONOLITH

5
deps/openssl/openssl/MacOS/buildinf.h vendored
View file

@ -1,5 +0,0 @@
#ifndef MK1MF_BUILD
# define CFLAGS "-DB_ENDIAN"
# define PLATFORM "macos"
# define DATE "Sun Feb 27 19:44:16 MET 2000"
#endif

820
deps/openssl/openssl/MacOS/mklinks.as.hqx vendored
View file

@ -1,820 +0,0 @@
(This file must be converted with BinHex 4.0)
:#QeVE'PZDh-ZBA-!39"36'&`E(3J!!!!!!!!!*LiI6m!!!!!!3!!!*G#!!#@3J!
!!AChFQPd!!!!K3)"!3m(Fh9`F'pbG!!!!)B#!3%$"(0eFQ8!!!#(!J-%"!3("3C
cGfPdBfJ!!!#)!J%"#39cH@jMD!!!!)N#"J%$!`-&"3-'FhPcG'9Y!!!!LJ)&"3)
%!J8("!-#!`4dB@*X!!!!L`))!3-$!`-$!`-$"(4PE'`!!!#-!J)"#38$G'KP!!!
!M3))(J)@!Ki#!J))!K)#!`)B!Kd%G'KPE3!!!)i#!J%&#`4dD'9j!!!!M`)#!J)
#$3TdD(*[G@GSEh9d!!!!N!!#!3%&"(4TCQB!!!#4!J%"!`4dD@eP!!!!NJ)"!JS
#!h4T!!!!'N!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!H!!!!!!!#!!!!!!
!!!!!!!!!!!!!rrrrr`!!!$3!!!!N!!!!!#"[!!5JAb"[!!5K++!M6R9$9'mJFR9
Z)(4SDA-JFf0bDA"d)'&`F'aTBf&dD@pZ,#"jEh8JEA9cG#"QDA*cG#"TER0dB@a
X)%&`F'aP8f0bDA"d,J!!!)C8D'Pc)(0MFQP`G#"MFQ9KG'9c)#iZ,fPZBfaeC'8
[Eh"PER0cE#"KEQ3JCQPXE(-JDA3JGfPdD#"ZC@0PFh0KFRNJB@aTBA0PFbi0$8P
d)'eTCfKd)(4KDf8JB5"hD'PXC5"dEb"MEfe`E'9dC5"cEb"`E'9KFf8JBQ8JF'&
dD@9ZG$SY+3!!!#S!!J!!!!!!$3!+!"!!!!!-!!!!!!!!!!!!63!0!!S!%!%!!!`
!!!!!!!!!!!!B!!!!+!!!!!!!!!!)!!!!)!#N2c`!!DR`!!!!l!!!!!&19[ri,`0
f!#m$-$bKVDG'*KmY52ri,`-`2+LITdBQ(b!ZrrLa`'FJ,`-J2'0`ER4"l[rm)NL
KV5+)*Kp+3'B)5Ulrr'F#GJ%3!bBZrr41ANje6PB!!#m-@Bm[2%j29%Nr2!#!U"m
SAb!-CJK`!cm!UFKJ+#m-UC)J9#!)d+J!'#&!!"JJ9#!)d+J!(#&!!"a9Mbm8)&q
JAMk!9%mSE[rm6Pj1G8j@!!![$%kkre4+!'FU@Bm[2'&`E(3[2(0MF(4`)DJU+&m
J$'F5@Bm[$#mm!!!!!A!!U#UTp&K26VVrG#KZrra1ANje!!!!('&`E(3!!!!"4P*
&4J!!!!!!J%P$6L-!!!!!!*B!!!!"!!!!!!G"8&"-!!!!!!!"!!!"!!!!!S!!!!4
!!!"i)!!!K"!!!3))!!)#"!!%"!)!#!J"!"!8!)!J)J"!3%%!)2#!J"#*!%!)KJ!
J")3!)!*!!"!")!!3!K!!%!3)!"!)"!!J%!)!3#!"!)"!!S%!J!5#!3!)4!)!#%J
%!!KB#!!%C"!!!m)J!!!"3!!!!)!!!!%!!!!$J!!!"m!!!(rJ!!$rm!!"rrJ!!rr
m!!IrrJ!2rrm!(rrrJ$rrrm"rrrrJrrrrm2rrrrMrrrrmrrrrrRrrrrmrrrrq(rr
rr!rrrrJ(rrr`!rrri!(rrm!$rrq!"rrr!!rrrJ!2rr`!$rri!!IRm!!$`q!!!!(
!!!!!J!!!!!)!!!!!!!!!!!m!!!!!!!!!!!!!!!!!!!$`m!!!!!!!!!!!!!!!!!!
2!!m!!!!!!!!!!!!!!!rrm!!!m!!!!!!!!!!!!!$`c0m!!!m!!!!!!!!!!!!2!!c
-m!!!m!!!!!!!!!!!m!$-cI!!!!m!!!!!!!!!$`!-c0m!!!!!m!!!!!!!!2!!c-h
`!!!!!!m!!!!!!!m!$-cIh`!!!!!!m!!!!!$`!-c0rGh`!!!!!!m!!!!2!!c-hph
-h`!!!!!!m!!!rrr-cIhF`-h`!!!!!!m!!2lFr0rGc!`-h`!!!!!!m!$pc-rph-$
!`-h`!!!!!!m!r-`2cF`-$!!-r3!!!!!!m!m!`-c!`-!!$0m!!!!!$-m!m!`-$!`
!!-cI!!!!!-c`!!m!`-$!!!`-h`!!!!c2!!!!m!`-!!$!c0m!!!$-m!!!!!m!`!!
-$-hm!!!-c`!!!!!!m!!!`-cIc!!!c2!!!!!!!!m!$!c0r-`!$-m!!!!!!!$pm-$
-hmc!!-c`!!!!!!!2hI`-cIc-!!c2!!!!!!!!rGc2c0r-`!$-m!!!!!!!!2h-cmh
mc!!-c`!!!!!!!!$mc!rIr-!!c2!!!!!!!!!!$m$2m!r-$-m!!!!!!!!!!!$rr`!
!r-c`!!!!!!!!!!!!!!!!!!r2!!!!!!!!!!!!!!!!!!!!m!!!!!!!!!!!!!"!!B!
13"%J)4"##18%Q)+3!%&!)5!L%%3BL#83*L!G3!#!!B!2`"rJ2r"rq2rmrrlrrhr
r2riIr"ri2r!ri"h!!)!!!!#!!!!!$r!!!!!!!2r`$`!!!!!2$!m!m!!!!2$!c`!
2!!!2$!c`!!$`!2r`cpm!!!m!rGrpc2!!!2$p$p`-c`!!$`m!`-$0m!$2!2!-$-h
`$2!!$`$-hm$2!!!2m-hm$2!!!2h2hm$2!!!!r-rm$2!!!!!2r`r2!!!!!!!!!2!
!!!!!!!#D8f0bDA"d)%&`F'aTBf&dD@pZ$3e8D'Pc)(0MFQP`G#"MFQ9KG'9c)#i
Z,fPZBfaeC'8[Eh"PER0cE#"KEQ3JCQPXE(-JDA3JGfPdD#"ZC@0PFh0KFRNJB@a
TBA0PFbi0$8Pd)'eTCfKd)(4KDf8JB5"hD'PXC5"dEb"MEfe`E'9dC5"cEb"`E'9
KFf8JBQ8JF'&dD@9ZG$SY+3!!!")!!J!!!!!!!!!!!!%!"J!'%iN!!!!+@1!!!b!
!!!-J!!!!!"3!+`!(!Cm#@!!V!!F"f!*B!!!!!3!!M`C'BA0N98&6)$%Z-6!a,M%
`$J!!!!32rrm!!3!#!!-"rrm!!!d!!3!"D`!!!!!!!!!%!J!%!!)!"3!'$3!&!!*
X!!)!!!U`!!IrrJd!"`!#6`!!!!!+X!!)!!N0!!J!!@X!!!!%#Um!#J)!#J!#!!X
!$!d!#`!#E!!#!!3!"2rprr`"rrd!!!(rr!!!!J!-!!)!$3!1$3!0!!*X!!%!"!!
%rrX!$`(rq`!!$!!2!&N!8b"(CA3JF'&dD#"dEb"dD'Pc)%&`F'aP8f0bDA"d)'&
`F'aPG$XJGA0P)'Pd)(4[)'C[FQdJG'KP)("KG'JJG'mJG'KP)'PZBfaeC'8JCQp
XC'9b!!)!!!)!$J!#!"!!%3d!%!!#E!!"!!3!"2rk!")"rrS!!!`!%J!Q!#!JB@j
N)(4SC5"[G'KPFL"bC@aPGQ&ZG#"QEfaNCA*c,J!#!!!#!"%!!J!6!"30!"-!!R-
!!!!%!"%!&3!@$3!9!!*M!!!!"!!1!"F!'!d!&`!#E!!&!!3!$!!CrrN0!"N!!Qi
!!!!%!!`!'J!E$3!D!!)d!!!!"3!-rrJ!(!Vrq!!%#Q0[BQS0!"`!!Q`!"3!'!!X
!(Irh$3!G!!0*!!)!"J!,rrB!([re#[rf!"JZC@&bFfCQC(*KE'Pc!!!!!!!!)!"
KCQ4b$3!H!!"Q!!!!"J!(![re!!!"rrF!!!d!'`!"E3!!!!3!"3!I$`!I!6J)ER9
XE!!!!!!!!Gq!rrm!!!!A"NCTEQ4PFJ!!(`*[Me!!ASfm!Qq,i!"HA[!!I&M!!!!
!!!!!'mi!!JN#!Qq-1!!!Kb%#Ei`J!!!!!%C14&*038e"3e-!!"%!B@aTF`!!!!!
!fJ!#!!!-6@&MD@jdEh0S)%K%!!!!!!!!!!!!!!!!!!!!XSA5h%*%!!!!!!!A"NC
TEQ4PFJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!3rLc#@a!4Nj%8Ne"3e2rrrrr!!!!!!!!!!!!!!!!!!!
!!!!!!!e6HA0dC@dJ4QpXC'9b!!!"!!3!!!!A!!)!)8eKBfPZG'pcD#")4$T6HA0
dC@dJ4QpXC'9b1NCTEQ4PFJ$rr`!!!Irj!!!0!"J!!@d!!!!-!!hrp!Vrp!!%#Q0
dH(30!"B!!@m!!!!!!!$rm`[rm`!5-!!(G'KPF'&dD!!(G'KP8'&dD!)!&!!#!#!
!)3d!)!!#E!!#!")!%[rbrr%"rr)!!!(rm3!!!J!K!!)!)J!M$3!L!!*b!!!!%J!
A!#3!*3d!*!!#EJ!$!")!&3!Q!#F0!#B!!6%!!!!6!"Arm!Vrm!!%#R4iC'`0!#F
!!6%!!!!5!"2rl`Vrl`!%#Q&cBh)0!#8!!@m!!!!!!!$rlJ[rlJ!F-!!-G'KPEfa
NC'9XD@ec!!adD'92E'4%C@aTEA-#!#-!!J!S!#N0!#J!!R)!!!!B!"d!+J!V$3!
U!!&Y!!!!'!!C!#`-!#`!"`!"1J!#!!!0!#X!!Qi!!`!!!!!!,3!Z$3!Y!!%a!!!
!'J!Frqd+rqd!"!TdH'4X$3!Z!!%a!!!!'3!Drq`+rq`!"!TKFf0b!J!T!!)!,`!
`$3![!!*X!!)!(J!Hrq[rkJ(rk`!!!IrU!!!#!$!!!J!a!$)0!$%!!R)!!!!H!#X
!-`!d$3!c!!*X!!8!(J!T!$Ark3d!03!#EJ!!!"i!+3!f!$F0!$B!!cF"!!!I!#R
rk!!i!$N+rqJ!"!TMDA4Y$3!i!!&Y!!!!)`!PrqF$rqF!!3d!13!"E3!!!#B!+2r
Q!rrQrrd0!$F!!@m!!!!H!"rrj3[rj3!5-!!(G'KPF'&dD!!(G'KP8'&dD!(rk3!
!$3!d!!&[!!!!!!!!rq3,rq3!)$!!$R4SCA"bEfTPBh4`BA4S!!jdD'93FQpUC@0
d8'&dD!)!-J!#!$S!1`d!1J!#FJ!!!#`!1`!m!$d0!$`!!Q-!!!!X!$N!2J!r$3!
q!!*X!!8!,!!h!%$ri`d!3!!#EJ!!!#`!0`""!%)0!%%!!cF"!!!Y!$IriJ"$!%3
+rq)!"!TMDA4Y$3"$!!&Y!!!!-3!crq%$rq%!!3d!4!!"E3!!!$3!0[rJ!rrJrri
0!%)!!@m!!!!X!#hrh`[rh`!5-!!(G'KPF'&dD!!(G'KP8'&dD!(ri`!!$3!r!!&
Y!!!!0`!irpi+rpi!"!T849K8$3!p!!&[!!!!!!!!rpd,rpd!&M!!#A4SC@ePF'&
dD!!*G'KP6@93BA4S!J!l!!)!43"'$3"&!!*X!!)!2!!mrpcrf`(rh!!!!IrE!!!
#!%B!!J"(!%J0!%F!!R)!!!!m!%8!53"+$3"*!!*M!!!!2!""!%X!6!d!5`!#BJ!
!!$`!2`"0!%i0!%d!!@m!!!!m!$hrfJ[rfJ!J-!!1G'KPF(*[DQ9MG("KG'J!$R4
SC9"bEfTPBh43BA4S$3"1!!&Y!!!!23!q!%m-!%m!$3!(D@jME(9NC3!#!!!0!%`
!!@d!!!!r!%$rf3Vrf3!%#P4&@&30!%S!!@m!!!!!!!$rf![rf!!Q-!!4D@jME(9
NC@C[E'4PFR"KG'J!%@PZBfaeC'9'EfaNCA*3BA4S!J")!!)!8!"4$3"3!!*b!!!
!4J"9!&)!8`d!8J!#B`!!!%B!83"8!&80!&3!!Q)!!!"'!%m!9J"A$3"@!!*L!!!
!4J",!&J!@3d!@!!"E`!!!%B!4rrA#rrA!#!`!!jdD'9`FQpUC@0dF'&dD!!1G'K
P8(*[DQ9MG&"KG'J0!&N!!@d!!!"(!%S!@J`!@J!0!!GTEQ0XG@4P!!)!!!d!9`!
"E3!!!%X!6J"E$!"E!!d!"fp`C@jcFf`!!J!!$3"9!!&Y!!!!6`"3rpB+rpB!"!T
849K8$3"6!!&[!!!!!!!!rp8,rp8!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&
dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S!J"4!!)!A!"G$3"F!!*b!!!!9J"
K!&i!A`d!AJ!#B`!!!&B!A3"J!'%0!'!!!Q)!!!"@!&X!BJ"M$3"L!!&[!!!!9J"
Arp3,rp3!)$!!$R4SCA"bEfTPBh4`BA4S!!jdD'93FQpUC@0d8'&dD!d!B`!"E3!
!!&F!@J"N$!"N!!`!"Q0bHA"dE`!#!!!0!'%!!@d!!!"E!&crd`Vrd`!%#P4&@&3
0!&m!!@m!!!!!!!$rdJ[rdJ!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4Qp
XC'9b8'&dD!)!A3!#!'8!CJd!C3!#FJ!!!')!E3"R!'J0!'F!!Q-!!!"L!'N!D3"
U$3"T!!*L!!!!BJ"R!'X!E!d!D`!"E`!!!')!Brr4#rr4!#!`!!jdD'9`FQpUC@0
dF'&dD!!1G'KP8(*[DQ9MG&"KG'J0!'`!!@d!!!"M!'B!E3`!E3!*!!0cFf`!!J!
!$3"U!!&Y!!!!C`"Srp!+rp!!"!T849K8$3"S!!&[!!!!!!!!rmm,rmm!(M!!$A0
cE'C[E'4PFR"KG'J!$A0cE%C[E'4PFP"KG'J#!'B!!J"Z!'m0!'i!!R)!!!"Z!(8
!F!"a$3"`!!*M!!!!EJ"a!()!F`d!FJ!"E`!!!'i!Err1#rr1!#!`!!jdD'9`FQp
UC@0dF'&dD!!1G'KP8(*[DQ9MG&"KG'J0!(-!!@d!!!"[!($rc3Vrc3!%#P4&@&3
0!(%!!@m!!!!!!!$rc![rc!!Q-!!4Eh"PER0cE'C[E'4PFR"KG'J!%@p`C@jcFfa
'EfaNCA*3BA4S!J"[!!)!G!"e$3"d!!*X!!)!GJ"frm[rbJ(rb`!!!Ir+!!!#!(8
!!J"f!(F0!(B!!R)!!!"f!(X!H!"j$3"i!!&[!!!!GJ"hrmN,rmN!($!!$(4SC@p
XC'4PE'PYF`!-G'KP6faN4'9XD@ec$3"j!!*Z!!-!!!!!!(S!H`d!HJ!"-3!!!(J
!H[r)#[r)!!3+G(KNE!d!H`!"-3!!!(F!H2r(#[r(!!3+BA0MFJ)!G`!#!(`!I3d
!I!!#E!!#!(`!I2r'rm8"rmB!!!(ra3!!!J"p!!)!IJ"r$3"q!!*X!!%!I!"mrm3
!J!(ra!!!$!#!!%!!1L"NC@aPG'8JEfaN)'PZBfaeC'8kEh"PER0cE#"QEfaNCA)
JB@jN)(*PBh*PBA4P)'Pd)'0XC@&ZE(N!!J!!!J"r!!)!J3##$3#"!!*X!!)!I!"
mrm2r`J(r``!!!Ir#!!!#!))!!J#$!)30!)-!!e%!!!"m!+8!K3#'!)F0!)8!!@X
!!!"r!*`!L!)!L!!#!)N!LJd!L3!$53!#!(m!N[r"!)[r`!Vr`3!B,QeTFf0cE'0
d+LSU+J!!!!!!!*!!!#SU+LS0!)X!!Qi!!!"r!)i!M!#0$3#-!!)d!!!!K`#1rlm
!MJVr[`!%#Q0QEf`0!)i!!@d!!!#+!)d!M``!M`!0!!G[F'9ZFh0X!!)!!!d!M3!
#0!!!!(m!Krqq!*!!#[qq!!3+BfC[E!d!N!!!!@m!!!#$!)Er[3[r[3!Q-!!4D@j
ME(9NC@C[E'4PFR"KG'J!%@PZBfaeC'9'EfaNCA*3BA4S![r!!!!#!)S!!J#4rl`
0!*%!!dN!!J#6!*crZ`#5rlS+rlX!'#jMEh*PC'9XEbSU+LS!!!!!!!#3!!!U+LS
U$3#5!!%a!!!!N`#BrlN+rlN!"!TcC@aP![qk!!!#rl`!!!d!KJ!$8J!!!!!!!2q
irlIrYJVrZ!!B,Q&cBh*PFR)J+LSU+J!!!!!!!*!!!#SU+LS"rlF!!!,rYJ!!$3#
(!!*X!!%!T!#Nrl8!N`(rY3!!$!#6!"-!$5"TCfj[FQ8JCA*bEh)!!J!!!J#%!!)
!P!#9$3#8!!*X!!)!TJ#Qrl6rX`(rY!!!!Iqc!!!#!*8!!J#@!*F0!*B!!dN!!J#
Q!,lrX[qa!*J+rl)!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Iqa!!!'!*J
!!rq`!*N!QJVrX!!%#QY[Bf`0!*N!!@d!!!#U!+hrV`VrV`!%#Q0QEf`'!*S!!rq
Z!*[rV3VrVJ!%#QPZFfJ0!*X!!M3!!!#`!,MrV!#F#[qX!!3+BfC[E!d!R!!"E`!
!!,3!YrqV#rqV!#B`!"&TEQ0XG@4PCQpXC'9bF'&dD!!4D@jME(9NC8C[E'4PFP"
KG'J'rkd!!!)!P`!#!*d!RJd!R3!#FJ!!!,m!aJ#I!+!0!*m!!Q`"!!#r!-)!SIq
U$3#K!!%a!!!![`$#rkN+rkN!"!TbFfad!IqU!!!0!+!!!@m!!!!!!!$rU![rU!!
Z-!!9G'KPEQ9hCQpXC'9bFQ9QCA*PEQ0P!"9dD'91CAG'EfaNCA*5C@CPFQ9ZBf8
#!*i!!J#L!+-0!+)!!dN!!J$(!-lrT`#NrkB+rkF!'#jYDA0MFfaMG#SU+LS!!!!
!!!#3!!!U+LSU$3#N!!&[!!!!a`$+rk8,rk8!,M!!&A4SC@jPGfC[E'4PFR*PCQ9
bC@jMC3!9G'KP6Q9h4QpXC'9b8Q9QCA*PEQ0P![qQ!!!#!+-!!J#P!+B0!+8!!R)
!!!$2!0`!T`#S$3#R!!&Y!!!!c`$5!+N-!+N!$3!(Eh"PER0cE!!#!!!0!+J!!Qi
!!!!!!!!!UJ#V$3#U!!%a!!!!e`$Erk3+rk3!"!T`EQ&Y$3#V!!%a!!!!dJ$Ark-
+rk-!"!TcC@aP!J#Q!!)!V!#Y$3#X!!*X!!)!h3$Grk,rS3(rSJ!!!IqK!!!#!+d
!!J#Z!+m0!+i!!Q`!!3$G!0hrS!#`!IqJ!!!-!,!!(`!C)&0dBA*d)'eKDfPZCb"
dD'8JB@aTBA0PF`!#!!!#!+m!!J#a!,)0!,%!!dN!!J$G!3ArRrqH!,-+rjm!'#j
MEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!IqH!!!'!,-!!rqG!,3!Y3VrR3!%#QY
[Bf`0!,3!!@d!!!$K!16rR!VrR!!%#Q&XD@%'!,8!!rqE!,B!Y`VrQ`!%#QPZFfJ
0!,B!!M3!!!$R!1rrQJ#i#[qD!!3+BfC[E!d!Z!!"E`!!!1X!l[qC#rqC!$3`!"K
[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&
dD!B!Y`!$rjJ!ZIqA#[qB!!3+G'mJ)!d!Z3!#EJ!!!2)!r`#k!,X0!,S!!M3!!!$
i!2rrPJ#m#[q@!!3+CQPXC3d![!!"E3!!!2X!rJ#p$!#p!"-!$@p`C@jcFfaMEfj
Q,QJ!!J!!$3#l!!)d!!!!mJ$irj8![JVrP3!%#Q0QEf`0!,i!!@m!!!$f!2IrP![
rP!!@-!!*G'KPE@9`BA4S!!PdD'90C9"KG'J'rjF!!!)!XJ!#!,m!`!d![`!#E!!
#!3B""[q6rj)"rj-!!!(rNJ!!!J$!!!)!`3$#$3$"!!*b!!!""J%4!--!a!d!``!
#BJ!!!3B"$3$&!-B0!-8!!@m!!!%'!3RrN3[rN3!N-!!3Bh*jF(4[CQpXC'9bF'&
dD!!3Bh*jF(4[4QpXC'9b8'&dD!d!aJ!"E3!!!3N"$!$($!$(!!X!"6TKFfia!!)
!!!d!a!!"E`!!!!!!!2q3!![rN!!!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)!`J!
#!-J!b3d!b!!$53!#!4)"22q2rii!bJVrM`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!
!!'jeE'`"rii!!!B!bJ!$rid!b`$-#[q0!!3+DfpME!d!b`!"E3!!!4B"'Iq-#[q
-!!3+B@aTB3B!c!!$riX!c3$1#[q,!!3+D@jcD!d!c3!#0!!!!4`"*2q+!-m+riS
!"!TMCQpX$3$2!!&[!!!")!%MriN,riN!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9
bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J$1!!2rL!$3riF+riJ!"!T
dEb!J$3$3!!*Z!!!"*`%f!0%!dJd!d3!#0!!!!5m"0[q'!0-+riB!"!TQD@aP$3$
6!!&Y!!!"-J%e!03-!03!$!!'BA0Z-5jS!!)!!!d!dJ!#0!!!!5F",rq&!08+ri8
!"!TMCQpX$3$9!!&[!!!"+`%Zri3,ri3!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!E
rK`!!!J$*!!)!eJ$A$3$@!!0*!!)"23&Rri2rJJ$B#[q$!"JZBfpbC@0bC@`U+LS
U!!!!!!!!N!!!ER9XE!(rJJ!!"J$B!!2rJ3$C!0S+ri%!"!TVEf0X$3$C!!&Y!!!
"33&%ri!+ri!!"!TKE'PK"J$D!!2rI`$E!0`+rhm!"!TTER0S$3$E!!)d!!!"4`&
2rhi!h3VrIJ!%#Q0QEf`0!0d!!@m!!!&,!8lrI3[rI3!d-!!BEh"PER0cE'PZBfa
eC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!0`!!rpm!0l
rH`VrI!!%#R4[)#!0!0i!!Qi!!!&5!@%!h`$J$3$I!!)d!!!"@J&KrhS!i3VrHJ!
%#QCTE'80!1%!!@d!!!&G!@!!iJ`!iJ!3!!TKFfiaAfeKBbjS!!)!!!d!i!!#0!!
!!9)"@[pj!1-+rhN!"!TMCQpX$3$M!!&[!!!"9J&CrhJ,rhJ!&$!!#(4PEA"`BA4
S!!KdC@e`8'&dD!ErH`!!!J$A!!)!j!$P$3$N!!*X!!)"D!&SrhIrGJ(rG`!!!Ip
f!!!#!18!!J$Q!1F0!1B!!R)!!!&S!A-!k!$T$3$S!!*L!!!"D!&[!1S!k`d!kJ!
"E`!!!@J"Drpe#rpe!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*
3BA4S$3$V!!&Y!!!"D`&Z!1`-!1`!#J!%1Q*TE`!#!!!0!1N!!@m!!!!!!!$rG![
rG!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J$R!!)!l3$Z$3$Y!!0*!!)"G!'Hrh2
rFJ$[#[pc!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(rFJ!!"J$[!!2rF3$
`!2%+rh%!"!TVEf0X$3$`!!&Y!!!"H!&lrh!+rh!!"!TKE'PK"J$a!!2rE`$b!2-
+rfm!"!TTER0S$3$b!!)d!!!"IJ''rfi!p!VrEJ!%#Q0QEf`0!23!!@m!!!'#!BA
rE3[rE3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9
NC8C[E'4PFP"KG'J'!2-!!rpX!2ArD`VrE!!%#R4[)#!0!28!!Qi!!!'*!CJ!pJ$
h$3$f!!)d!!!"N3'BrfS!q!VrDJ!%#QCTE'80!2J!!@d!!!'8!CF!q3`!q3!,!!9
LD@mZD!!#!!!0!2F!!M3!!!'*!C(rD3$k#[pT!!3+BfC[E!d!qJ!"E`!!!Bd"N!$
rD![rD!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[pV!!!#!1i!!J$l!2`0!2X!!Q`
!!J'I!CrrCrpQ!IpR!!!"rfB!!!)!r!!#!2d!rJd!r3!#FJ!!!Cm"UJ$r!3!0!2m
!!Q)!!!'I!DB"!3%#$3%"!!&[!!!"R`'Lrf8,rf8!*$!!%'0bHA"dEfC[E'4PFR"
KG'J!%'0bHA"dEdC[E'4PFP"KG'J0!3)!!@d!!!'L!D8"!``"!`!*!!-kBQB!!J!
!$3%!!!&[!!!!!!!!rf3,rf3!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)!rJ!#!33
""3d""!!$53!#!DX"eIpMrf)""JVrB`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'j
eE'`"rf)!!!B""J!$rf%""`%)#[pK!!3+DfpME!d""`!"E3!!!Dm"X[pJ#[pJ!!3
+B@aTB3B"#!!$rem"#3%+#[pI!!3+D@jcD!d"#3!#0!!!!E8"[IpH!3X+rei!"!T
MCQpX$3%,!!&[!!!"Z3'mred,red!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&
dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J%+!!2rA!%-reX+re`!"!TdEb!
J$3%-!!*Z!!!"`!(2!3d"$Jd"$3!#0!!!!FJ"crpD!3m+reS!"!TQD@aP$3%2!!&
Y!!!"b`(1!4!-!4!!%!!+BQa[GfCTFfJZD!!#!!!0!3i!!M3!!!(!!FMr@3%4#[p
C!!3+BfC[E!d"%3!"E`!!!F3"arpB#rpB!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J
'reX!!!)""3!#!4)"%`d"%J!#E!!#!GB"e[pAreB"reF!!!(r9J!!!J%6!!)"&!%
9$3%8!!*b!!!"eJ(K!4B"&`d"&J!#BJ!!!GB"h3%B!4N0!4J!!@m!!!(@!GRr93[
r93!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d"'3!"E3!
!!GN"h!%D$!%D!!N!!cTLEJ!#!!!0!4F!!@m!!!!!!!$r9![r9!!8-!!)G'9YF("
KG'J!#(4PEA"3BA4S!J%9!!)"'`%F$3%E!!0*!!)"iJ)-re2r8J%G#[p6!"JZBfp
bC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(r8J!!"J%G!!2r83%H!4m+re%!"!TVEf0
X$3%H!!&Y!!!"jJ(Tre!+re!!"!TKE'PK"J%I!!2r6`%J!5%+rdm!"!TTER0S$3%
J!!)d!!!"l!(drdi")JVr6J!%#Q0QEf`0!5)!!@m!!!(`!I2r63[r63!d-!!BEh"
PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J
'!5%!!rp-!52r5`Vr6!!%#R4[)#!0!5-!!Qi!!!(h!JB"*!%P$3%N!!)d!!!"r`)
'rdS"*JVr5J!%#QCTE'80!5B!!@d!!!)#!J8"*``"*`!+!!4LELjS!!)!!!d"*3!
#0!!!!IF"rrp*!5J+rdN!"!TMCQpX$3%S!!&[!!!"q`(qrdJ,rdJ!&$!!#(4PEA"
`BA4S!!KdC@e`8'&dD!Er5`!!!J%F!!)"+3%U$3%T!!*X!!)#$3)0rdIr4J(r4`!
!!Ip'!!!#!5S!!J%V!5`0!5X!!R)!!!)0!KJ",3%Z$3%Y!!*L!!!#$3)8!5m"-!d
",`!"E`!!!Jd#%2p&#rp&!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'Efa
NCA*3BA4S$3%`!!&Y!!!#%!)6!6%-!6%!$3!(1Q*eCQCPFJ!#!!!0!5i!!@m!!!!
!!!$r4![r4!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J%X!!)"-J%c$3%b!!0*!!)
#'3*$rd2r3J%d#[p$!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(r3J!!"J%
d!!2r33%e!6B+rd%!"!TVEf0X$3%e!!&Y!!!#(3)Jrd!+rd!!"!TKE'PK"J%f!!2
r2`%h!6J+rcm!"!TTER0S$3%h!!)d!!!#)`)Vrci"13Vr2J!%#Q0QEf`0!6N!!@m
!!!)R!LVr23[r23!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0
-5@jME(9NC8C[E'4PFP"KG'J'!6J!!rmm!6Vr1`Vr2!!%#R4[)#!0!6S!!Qi!!!)
Z!Md"1`%m$3%l!!)d!!!#0J)prcS"23Vr1J!%#QCTE'80!6d!!@d!!!)j!M`"2J`
"2J!1!!KLG@CQCA)ZD!!#!!!0!6`!!M3!!!)Z!MEr13%r#[mj!!3+BfC[E!d"2`!
"E`!!!M)#0Imi#rmi!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'rcX!!!)"-`!#!8!
"33d"3!!#E!!#!N3#42mhrcB"rcF!!!(r0J!!!J&"!!)"3J&$$3&#!!*b!!!#4!*
2!83"43d"4!!#BJ!!!N3#5`&'!8F0!8B!!@m!!!*%!NIr03[r03!N-!!3Bh*jF(4
[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d"4`!"E3!!!NF#5J&)$!&)!!X
!"6TMBA0d!!)!!!d"43!"E`!!!!!!!2md#rmd!"3`!!KdC@e`F'&dD!!)G'9YF&"
KG'J#!8-!!J&*!8S0!8N!!dN!!J*3!RVr-rmb!8X+rc-!'#jMEh*PBh*PE#SU+LS
!!!!!!!#3!!"ZG@aX!Imb!!!'!8X!!rma!8`"63Vr-3!%#QY[Bf`0!8`!!@d!!!*
8!PIr-!Vr-!!%#Q&XD@%'!8d!!rm[!8i"6`Vr,`!%#QPZFfJ0!8i!!M3!!!*D!Q,
r,J&3#[mZ!!3+BfC[E!d"8!!"E`!!!Pi#BImY#rmY!$3`!"K[F'9ZFh0XD@jME(9
NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B"6`!$rb`"8Im
V#[mX!!3+G'mJ)!d"83!#EJ!!!Q8#G!&5!9-0!9)!!M3!!!*Y!R6r+J&8#[mU!!3
+CQPXC3d"9!!"E3!!!R!#F`&9$!&9!!`!"Q0KFh3ZD!!#!!!0!9-!!M3!!!*P!Qh
r+3&@#[mT!!3+BfC[E!d"9J!"E`!!!QN#E2mS#rmS!"3`!!KdC@e`F'&dD!!)G'9
YF&"KG'J'rbX!!!)"5J!#!9F"@!d"9`!#E!!#!RX#HrmRrbB"rbF!!!(r*J!!!J&
B!!)"@3&D$3&C!!*b!!!#H`+'!9X"A!d"@`!#BJ!!!RX#JJ&G!9i0!9d!!@m!!!*
l!Rlr*3[r*3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d
"AJ!"E3!!!Ri#J3&I$!&I!!X!"6TMEfe`!!)!!!d"A!!"E`!!!!!!!2mN#rmN!"3
`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!9S!!J&J!@%0!@!!!dN!!J+(!V(r)rmL!@)
+rb-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!ImL!!!'!@)!!rmK!@-"C!V
r)3!%#QY[Bf`0!@-!!@d!!!+,!Slr)!Vr)!!%#Q&XD@%'!@3!!rmI!@8"CJVr(`!
%#QPZFfJ0!@8!!M3!!!+4!TRr(J&R#[mH!!3+BfC[E!d"C`!"E`!!!T8#Q2mG#rm
G!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4Qp
XC'9b8'&dD!B"CJ!$ra`"D2mE#[mF!!3+G'mJ)!d"D!!#EJ!!!T`#U`&T!@S0!@N
!!M3!!!+N!U[r'J&V#[mD!!3+CQPXC3d"D`!"E3!!!UF#UJ&X$!&X!!`!"Q0[EA!
ZD!!#!!!0!@S!!M3!!!+F!U6r'3&Y#[mC!!3+BfC[E!d"E3!"E`!!!U!#SrmB#rm
B!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'raX!!!)"B3!#!@i"E`d"EJ!#E!!#!V)
#X[mAraB"raF!!!(r&J!!!J&[!!)"F!&a$3&`!!*b!!!#XJ+p!A)"F`d"FJ!#BJ!
!!V)#Z3&d!A80!A3!!@m!!!+b!VAr&3[r&3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!
3Bh*jF(4[4QpXC'9b8'&dD!d"G3!"E3!!!V8#Z!&f$!&f!!X!"6TMEfjQ!!)!!!d
"F`!"E`!!!!!!!2m8#rm8!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!A%!!J&h!AJ
0!AF!!dN!!J+q!ZMr%rm5!AN+ra-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@a
X!Im5!!!'!AN!!rm4!AS"H`Vr%3!%#QY[Bf`0!AS!!@d!!!,#!XAr%!Vr%!!%#Q&
XD@%'!AX!!rm2!A`"I3Vr$`!%#QPZFfJ0!A`!!M3!!!,)!Y$r$J&q#[m1!!3+BfC
[E!d"IJ!"E`!!!X`#crm0#rm0!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J
!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B"I3!$r``"Irm,#[m-!!3+G'mJ)!d
"I`!#EJ!!!Y-#iJ'!!B%0!B!!!M3!!!,E!Z,r#J'##[m+!!3+CQPXC3d"JJ!"E3!
!!Yi#i3'$$!'$!!`!"Q0[EQBZD!!#!!!0!B%!!M3!!!,6!Y[r#3'%#[m*!!3+BfC
[E!d"K!!"E`!!!YF#f[m)#rm)!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'r`X!!!)
"H!!#!B8"KJd"K3!#E!!#!ZN#kIm(r`B"r`F!!!(r"J!!!J''!!)"K`')$3'(!!*
b!!!#k3,d!BN"LJd"L3!#BJ!!!ZN#m!',!B`0!BX!!@m!!!,T!Zcr"3[r"3!N-!!
3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d"M!!"E3!!!Z`#l`'
0$!'0!!S!"$TNCA-!!J!!$3'+!!&[!!!!!!!!r`3,r`3!&$!!#(4PEA"`BA4S!!K
dC@e`8'&dD!)"L!!#!Bi"M`d"MJ!$53!#![8$(rm$r`)"N!!+r`-!'#jMEh*PBh*
PE#SU+LS!!!!!!!#3!!"ZG@aX!Im#!!!'!C!!!!2r!3'4!C)+r`%!"!TVEf0X$3'
4!!&Y!!!#q3,mr`!+r`!!"!TKE'PK"J'5!!2qr`'6!C3+r[m!"!TTER0S$3'6!!)
d!!!#r`-(r[i"P3VqrJ!%#Q0QEf`0!C8!!@m!!!-$!`Eqr3[qr3!d-!!BEh"PER0
cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!C3
!!rlm!CEqq`Vqr!!%#R4[)#!0!CB!!Qi!!!-+!aN"P`'B$3'A!!)d!!!$%J-Cr[S
"Q3VqqJ!%#QCTE'80!CN!!@d!!!-9!aJ"QJ`"QJ!,!!9NCA-ZD!!#!!!0!CJ!!M3
!!!-+!a,qq3'E#[lj!!3+BfC[E!d"Q`!"E`!!!`i$%Ili#rli!"3`!!KdC@e`F'&
dD!!)G'9YF&"KG'J'r[X!!!)"M`!#!C`"R3d"R!!#E!!#!b!$)2lhr[B"r[F!!!(
qpJ!!!J'G!!)"RJ'I$3'H!!*b!!!$)!-V!D!"S3d"S!!#BJ!!!b!$*`'L!D-0!D)
!!@m!!!-J!b2qp3[qp3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9
b8'&dD!d"S`!"E3!!!b-$*J'N$!'N!!N!!cTND!!#!!!0!D%!!@m!!!!!!!$qp![
qp!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J'I!!)"T3'Q$3'P!!0*!!)$,!0@r[2
qmJ'R#[lc!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(qmJ!!"J'R!!2qm3'
S!DN+r[%!"!TVEf0X$3'S!!&Y!!!$-!-cr[!+r[!!"!TKE'PK"J'T!!2ql`'U!DX
+rZm!"!TTER0S$3'U!!)d!!!$0J-qrZi"V!VqlJ!%#Q0QEf`0!D`!!@m!!!-k!ch
ql3[ql3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9
NC8C[E'4PFP"KG'J'!DX!!rlX!Dhqk`Vql!!%#R4[)#!0!Dd!!Qi!!!0"!e!"VJ'
[$3'Z!!)d!!!$5303rZS"X!VqkJ!%#QCTE'80!E!!!@d!!!0-!dm"X3`"X3!+!!4
ND#jS!!)!!!d"V`!#0!!!!d%$5IlT!E)+rZN!"!TMCQpX$3'b!!&[!!!$430)rZJ
,rZJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eqk`!!!J'Q!!)"X`'d$3'c!!*X!!)
$9`0ArZIqjJ(qj`!!!IlQ!!!#!E3!!J'e!EB0!E8!!R)!!!0A!f)"Y`'i$3'h!!*
L!!!$9`0H!EN"ZJd"Z3!"E`!!!eF$@[lP#rlP!#3`!""MFRP`G'pQEfaNCA*`BA4
S!""MFRP`G'p'EfaNCA*3BA4S$3'k!!&Y!!!$@J0G!EX-!EX!#J!%1Q4cB3!#!!!
0!EJ!!@m!!!!!!!$qj![qj!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J'f!!)"[!'
p$3'm!!0*!!)$B`10rZ2qiJ'q#[lM!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9
XE!(qiJ!!"J'q!!2qi3'r!F!+rZ%!"!TVEf0X$3'r!!&Y!!!$C`0UrZ!+rZ!!"!T
KE'PK"J(!!!2qh`("!F)+rYm!"!TTER0S$3("!!)d!!!$E30erYi"``VqhJ!%#Q0
QEf`0!F-!!@m!!!0a!h6qh3[qh3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4
S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!F)!!rlF!F6qf`Vqh!!%#R4[)#!
0!F3!!Qi!!!0i!iF"a3('$3(&!!)d!!!$J!1(rYS"a`VqfJ!%#QCTE'80!FF!!@d
!!!1$!iB"b!`"b!!,!!9NFf%ZD!!#!!!0!FB!!M3!!!0i!i$qf3(*#[lC!!3+BfC
[E!d"b3!"E`!!!h`$IrlB#rlB!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'rYX!!!)
"[3!#!FS"b`d"bJ!#E!!#!ii$M[lArYB"rYF!!!(qeJ!!!J(,!!)"c!(0$3(-!!*
b!!!$MJ1C!Fi"c`d"cJ!#BJ!!!ii$P3(3!G%0!G!!!@m!!!11!j(qe3[qe3!N-!!
3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d"d3!"E3!!!j%$P!(
5$!(5!!S!"$TPFR)!!J!!$3(2!!&[!!!!!!!!rY3,rY3!&$!!#(4PEA"`BA4S!!K
dC@e`8'&dD!)"c3!#!G-"e!d"d`!$53!#!jS$a2l6rY)"e3Vqd`!B,Q0[FQ9MFQ9
X+LSU+J!!!!!!!*!!!'jeE'`"rY)!!!B"e3!$rY%"eJ(A#[l4!!3+DfpME!d"eJ!
"E3!!!ji$SIl3#[l3!!3+B@aTB3B"e`!$rXm"f!(C#[l2!!3+D@jcD!d"f!!#0!!
!!k3$V2l1!GS+rXi!"!TMCQpX$3(D!!&[!!!$U!1VrXd,rXd!0$!!''p`C@jcFfa
TEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J(C!!2
qc!(ErXX+rX`!"!TdEb!J$3(E!!*Z!!!$V`1q!G`"h3d"h!!#0!!!!lF$[[l+!Gi
+rXS!"!TQD@aP$3(H!!&Y!!!$ZJ1p!Gm-!Gm!#`!&CA*b,QJ!!J!!$3(G!!)d!!!
$V`1hrXN"i!Vqb3!%#Q0QEf`0!H!!!@m!!!1c!lEqb![qb!!8-!!)G'9YF("KG'J
!#(4PEA"3BA4S"[l,!!!#!G3!!J(K!H)0!H%!!Q`!!J2&!mAqarl'!Il(!!!"rXB
!!!)"iJ!#!H-"j!d"i`!#FJ!!!m8$d!(P!HB0!H8!!Q)!!!2&!m`"j`(S$3(R!!&
[!!!$a32)rX8,rX8!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0bHA"dEdC[E'4PFP"
KG'J0!HJ!!@d!!!2)!mX"k3`"k3!+!!3kCAC`!!)!!!d"jJ!"E`!!!!!!!2l%#rl
%!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!H3!!J(U!HX0!HS!!dN!!J24!r[q`rl
#!H`+rX-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Il#!!!'!H`!!rl"!Hd
"lJVq`3!%#QY[Bf`0!Hd!!@d!!!29!pMq`!Vq`!!%#Q&XD@%'!Hi!!rkr!Hm"m!V
q[`!%#QPZFfJ0!Hm!!M3!!!2E!q2q[J(a#[kq!!3+BfC[E!d"m3!"E`!!!pm$i[k
p#rkp!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4
P4QpXC'9b8'&dD!B"m!!$rV`"m[kl#[km!!3+G'mJ)!d"mJ!#EJ!!!qB$p3(c!I3
0!I-!!M3!!!2Z!rAqZJ(e#[kk!!3+CQPXC3d"p3!"E3!!!r%$p!(f$!(f!!X!"@9
fF#jS!!)!!!d"p!!#0!!!!qB$l[kj!IF+rVN!"!TMCQpX$3(h!!&[!!!$kJ2YrVJ
,rVJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!EqZ`!!!J(V!!)"q!(j$3(i!!*X!!)
$r!2mrVIqYJ(qY`!!!Ikf!!!#!IN!!J(k!IX0!IS!!R)!!!2m"!F"r!(p$3(m!!*
L!!!$r!3$!Ii"r`d"rJ!"E`!!!r`$rrke#rke!#3`!""MFRP`G'pQEfaNCA*`BA4
S!""MFRP`G'p'EfaNCA*3BA4S$3(r!!&Y!!!$r`3#!J!-!J!!#`!&1QKYB@-!!J!
!$3(p!!&[!!!!!!!!rV3,rV3!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)"q`!#!J%
#!Jd#!3!$53!#"!J%-[kcrV)#!`VqX`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'j
eE'`"rV)!!!B#!`!$rV%#"!)&#[ka!!3+DfpME!d#"!!"E3!!"!`%$rk`#[k`!!3
+B@aTB3B#"3!$rUm#"J)(#[k[!!3+D@jcD!d#"J!#0!!!"")%'[kZ!JJ+rUi!"!T
MCQpX$3))!!&[!!!%&J3CrUd,rUd!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&
dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J)(!!2qV!)*rUX+rU`!"!TdEb!
J$3)*!!*Z!!!%(33X!JS##`d##J!#0!!!"#8%,2kU!J`+rUS!"!TQD@aP$3)-!!&
Y!!!%+!3V!Jd-!Jd!$!!'D'eKBbjS!!)!!!d##`!#0!!!""d%*IkT!Ji+rUN!"!T
MCQpX$3)1!!&[!!!%)33NrUJ,rUJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!EqU`!
!!J)#!!)#$`)3$3)2!!*X!!)%-`3crUIqTJ(qT`!!!IkQ!!!#!K!!!J)4!K)0!K%
!!R)!!!3c"$i#%`)8$3)6!!*L!!!%-`3k!K8#&Jd#&3!"E`!!"$-%0[kP#rkP!#3
`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3)@!!&Y!!!%0J3
j!KF-!KF!#`!&1QPNC@%!!J!!$3)8!!&[!!!!!!!!rU3,rU3!&$!!#(4PEA"`BA4
S!!KdC@e`8'&dD!)#%J!#!KJ#'3d#'!!$53!#"$m%DIkMrU)#'JVqS`!B,Q0[FQ9
MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rU)!!!B#'J!$rU%#'`)F#[kK!!3+DfpME!d
#'`!"E3!!"%-%4[kJ#[kJ!!3+B@aTB3B#(!!$rTm#(3)H#[kI!!3+D@jcD!d#(3!
#0!!!"%N%8IkH!Km+rTi!"!TMCQpX$3)I!!&[!!!%6343rTd,rTd!0$!!''p`C@j
cFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J)
H!!2qR!)JrTX+rT`!"!TdEb!J$3)J!!*Z!!!%9!4M!L%#)Jd#)3!#0!!!"&`%Brk
D!L-+rTS!"!TQD@aP$3)M!!&Y!!!%A`4L!L3-!L3!$!!'D@4PB5jS!!)!!!d#)J!
#0!!!"&3%A2kC!L8+rTN!"!TMCQpX$3)P!!&[!!!%@!4ErTJ,rTJ!&$!!#(4PEA"
`BA4S!!KdC@e`8'&dD!EqQ`!!!J)C!!)#*J)R$3)Q!!*X!!)%DJ4UrTIqPJ(qP`!
!!Ik@!!!#!LF!!J)S!LN0!LJ!!R)!!!4U"(8#+J)V$3)U!!*L!!!%DJ4a!L`#,3d
#,!!"E`!!"'S%EIk9#rk9!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'Efa
NCA*3BA4S$3)Y!!&Y!!!%E34`!Li-!Li!$!!'1QaSBA0S!!)!!!d#+`!"E`!!!!!
!!2k8#rk8!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!LN!!J)[!M!0!Lm!!dN!!J4
f"+$qNrk5!M%+rT-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Ik5!!!'!M%
!!rk4!M)#-`VqN3!%#QY[Bf`0!M)!!@d!!!4k"(hqN!!+rT!!!!3+B@aTB3B#-`!
$rSm#0!)e#[k2!!3+D@jcD!d#0!!#0!!!")!%L2k1!MB+rSi!"!TMCQpX$3)f!!&
[!!!%K!5(rSd,rSd!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP0
66%PZBfaeC'9'EfaNCA*3BA4S"J)e!!2qM!)hrSX+rS`!"!TdEb!J$3)h!!*Z!!!
%L`5D!MJ#13d#1!!#0!!!"*-%Q[k+!MS+rSS!"!TQD@aP$3)k!!&Y!!!%PJ5C!MX
-!MX!$3!(E'KKFfJZD!!#!!!0!MN!!M3!!!5,"*2qL3)m#[k*!!3+BfC[E!d#2!!
"E`!!")m%N[k)#rk)!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'rSX!!!)#-!!#!Md
#2Jd#23!#E!!#"+%%SIk(rSB"rSF!!!(qKJ!!!J)q!!)#2`*!$3)r!!*b!!!%S35
X!N%#3Jd#33!#BJ!!"+%%U!*$!N30!N-!!@m!!!5K"+6qK3[qK3!N-!!3Bh*jF(4
[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d#4!!"E3!!"+3%T`*&$!*&!!S
!"$TYC$)!!J!!$3*#!!&[!!!!!!!!rS3,rS3!&$!!#(4PEA"`BA4S!!KdC@e`8'&
dD!)#3!!#!NB#4`d#4J!$53!#"+d%erk$rS)#5!VqJ`!B,Q0[FQ9MFQ9X+LSU+J!
!!!!!!*!!!'jeE'`"rS)!!!B#5!!$rS%#53*+#[k"!!3+DfpME!d#53!"E3!!",%
%Y2k!#[k!!!3+B@aTB3B#5J!$rRm#5`*-#[jr!!3+D@jcD!d#5`!#0!!!",F%[rj
q!Nd+rRi!"!TMCQpX$3*0!!&[!!!%Z`5qrRd,rRd!0$!!''p`C@jcFfaTEQ0XG@4
PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J*-!!2qI!*1rRX
+rR`!"!TdEb!J$3*1!!*Z!!!%`J64!Nm#8!d#6`!#0!!!"-S%dIjk!P%+rRS!"!T
QD@aP$3*4!!&Y!!!%c363!P)-!P)!#`!&E@3b,QJ!!J!!$3*3!!)d!!!%`J6+rRN
#8`VqH3!%#Q0QEf`0!P-!!@m!!!6'"-RqH![qH!!8-!!)G'9YF("KG'J!#(4PEA"
3BA4S"[jl!!!#!NF!!J*8!P80!P3!!Q`!!J6B"0MqGrjf!Ijh!!!"rRB!!!)#93!
#!PB#9`d#9J!#FJ!!"0J%i`*B!PN0!PJ!!Q)!!!6B"0m#@J*E$3*D!!&[!!!%f!6
ErR8,rR8!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0bHA"dEdC[E'4PFP"KG'J0!PX
!!@d!!!6E"0i#A!`#A!!+!!3kE@3e!!)!!!d#@3!"E`!!!!!!!2jd#rjd!"3`!!K
dC@e`F'&dD!!)G'9YF&"KG'J#!PF!!J*G!Pi0!Pd!!dN!!J6N"3lqFrjb!Pm+rR-
!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Ijb!!!'!Pm!!rja!Q!#B3VqF3!
%#QY[Bf`0!Q!!!@d!!!6S"1[qF!VqF!!%#Q&XD@%'!Q%!!rj[!Q)#B`VqE`!%#QP
ZFfJ0!Q)!!M3!!!6Z"2EqEJ*N#[jZ!!3+BfC[E!d#C!!"E`!!"2)%pIjY#rjY!$3
`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9
b8'&dD!B#B`!$rQ`#CIjV#[jX!!3+G'mJ)!d#C3!#EJ!!"2N&#!*Q!QF0!QB!!M3
!!!8""3MqDJ*S#[jU!!3+CQPXC3d#D!!"E3!!"33&"`*T$!*T!!X!"@eN05jS!!)
!!!d#C`!#0!!!"2N&!IjT!QS+rQN!"!TMCQpX$3*U!!&[!!!%r38!rQJ,rQJ!&$!
!#(4PEA"`BA4S!!KdC@e`8'&dD!EqD`!!!J*H!!)#D`*X$3*V!!*X!!)&$`82rQI
qCJ(qC`!!!IjQ!!!#!Q`!!J*Y!Qi0!Qd!!R)!!!82"4S#E`*`$3*[!!*L!!!&$`8
@!R%#FJd#F3!"E`!!"3m&%[jP#rjP!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP
`G'p'EfaNCA*3BA4S$3*b!!&Y!!!&%J89!R--!R-!#`!&1QeNBc)!!J!!$3*`!!&
[!!!!!!!!rQ3,rQ3!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)#EJ!#!R3#G3d#G!!
$53!#"4X&4IjMrQ)#GJVqB`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rQ)
!!!B#GJ!$rQ%#G`*i#[jK!!3+DfpME!d#G`!"E3!!"4m&)[jJ#[jJ!!3+B@aTB3B
#H!!$rPm#H3*k#[jI!!3+D@jcD!d#H3!#0!!!"58&,IjH!RX+rPi!"!TMCQpX$3*
l!!&[!!!&+38XrPd,rPd!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"
PEP066%PZBfaeC'9'EfaNCA*3BA4S"J*k!!2qA!*mrPX+rP`!"!TdEb!J$3*m!!*
Z!!!&-!8r!Rd#IJd#I3!#0!!!"6J&2rjD!Rm+rPS!"!TQD@aP$3*r!!&Y!!!&1`8
q!S!-!S!!$!!'E@4M-LjS!!)!!!d#IJ!#0!!!"6!&12jC!S%+rPN!"!TMCQpX$3+
"!!&[!!!&0!8hrPJ,rPJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eq@`!!!J*e!!)
#JJ+$$3+#!!*X!!)&4J9'rPIq9J(q9`!!!Ij@!!!#!S-!!J+%!S80!S3!!R)!!!9
'"9%#KJ+($3+'!!*L!!!&4J90!SJ#L3d#L!!"E`!!"8B&5Ij9#rj9!#3`!""MFRP
`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3+*!!&Y!!!&539-!SS-!SS
!$J!)1QpLDQ9MG(-!!J!!$3+(!!&[!!!!!!!!rP3,rP3!&$!!#(4PEA"`BA4S!!K
dC@e`8'&dD!)#K3!#!SX#M!d#L`!$53!#"9)&I2j6rP)#M3Vq8`!B,Q0[FQ9MFQ9
X+LSU+J!!!!!!!*!!!'jeE'`"rP)!!!B#M3!$rP%#MJ+2#[j4!!3+DfpME!d#MJ!
"E3!!"9B&@Ij3#[j3!!3+B@aTB3B#M`!$rNm#N!!#N3Vq6`!%#QPZFfJ0!T!!!!)
d!!!&A!9NrNi#NJVq6J!%#Q0QEf`0!T)!!@m!!!9J"@2q63[q63!d-!!BEh"PER0
cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!T%
!!rj-!T2q5`Vq6!!%#R4[)#!0!T-!!Qi!!!9R"AB#P!+9$3+8!!)d!!!&E`9frNS
#PJVq5J!%#QCTE'80!TB!!@d!!!9b"A8#P``#P`!2!!P[BQTPBh4c,QJ!!J!!$3+
9!!)d!!!&C`9[rNN#Q!Vq53!%#Q0QEf`0!TJ!!@m!!!9V"@lq5![q5!!8-!!)G'9
YF("KG'J!#(4PEA"3BA4S"[j,!!!#!S`!!J+C!TS0!TN!!Q`!!J9p"Ahq4rj'!Ij
(!!!"rNB!!!)#QJ!#!TX#R!d#Q`!#FJ!!"Ad&L!+G!Ti0!Td!!Q)!!!9p"B3#R`+
J$3+I!!&[!!!&I3@!rN8,rN8!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0bHA"dEdC
[E'4PFP"KG'J0!U!!!@d!!!@!"B-#S3`#S3!+!!3kF'9Y!!)!!!d#RJ!"E`!!!!!
!!2j%#rj%!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!T`!!J+L!U-0!U)!!dN!!J@
*"E2q3rj#!U3+rN-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Ij#!!!'!U3
!!rj"!U8#TJVq33!%#QY[Bf`0!U8!!@d!!!@0"C!!rN!+rN!!"!TKE'PK"J+Q!!2
q2`+R!UJ+rMm!"!TTER0S$3+R!!)d!!!&N`@ErMi#U3Vq2J!%#Q0QEf`0!UN!!@m
!!!@A"CVq23[q23!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0
-5@jME(9NC8C[E'4PFP"KG'J'!UJ!!rim!UVq1`Vq2!!%#R4[)#!0!US!!Qi!!!@
H"Dd#U`+X$3+V!!)d!!!&TJ@YrMS#V3Vq1J!%#QCTE'80!Ud!!@d!!!@T"D`#VJ`
#VJ!,!!9`C@dZD!!#!!!0!U`!!M3!!!@H"DEq13+[#[ij!!3+BfC[E!d#V`!"E`!
!"D)&TIii#rii!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'rMX!!!)#S`!#!V!#X3d
#X!!$53!#"E3&h[ihrMB#XJVq0`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`
"rMB!!!B#XJ!$rM8#X`+d#[ie!!3+DfpME!d#X`!"E3!!"EJ&Zrid#[id!!3+B@a
TB3B#Y!!$rM-#Y3+f#[ic!!3+D@jcD!d#Y3!#0!!!"Ei&a[ib!VF+rM)!"!TMCQp
X$3+h!!&[!!!&`JA&rM%,rM%!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!
BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J+f!!2q-!+irLm+rM!!"!TdEb!J$3+
i!!*Z!!!&b3AB!VN#ZJd#Z3!#0!!!"G%&f2iZ!VX+rLi!"!TQD@aP$3+l!!&Y!!!
&e!AA!V`-!V`!$!!'F'9Y-LjS!!)!!!d#ZJ!#0!!!"FN&dIiY!Vd+rLd!"!TMCQp
X$3+p!!&[!!!&c3A3rL`,rL`!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eq,`!!!J+
a!!)#[J+r$3+q!!*X!!)&h`AIrL[q+J(q+`!!!IiU!!!#!Vm!!J,!!X%0!X!!!R)
!!!AI"HS#`J,$$3,#!!*L!!!&h`AQ!X3#a3d#a!!"E`!!"Gm&i[iT#riT!#3`!""
MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3,&!!&Y!!!&iJAP!XB
-!XB!$3!(1R"VBh-a-J!#!!!0!X-!!@m!!!!!!!$q+![q+!!8-!!)G'9YF("KG'J
!#(4PEA"3BA4S!J,"!!)#a`,)$3,(!!0*!!)&k`B9rLIq*J,*#[iR!"JZBfpbC@0
bC@`U+LSU!!!!!!!!N!!!ER9XE!(q*J!!"J,*!!2q*3,+!XX+rL8!"!TVEf0X$3,
+!!&Y!!!&l`AbrL3+rL3!"!TKE'PK"J,,!!2q)`,-!Xd+rL-!"!TTER0S$3,-!!)
d!!!&p3AprL)#cJVq)J!%#Q0QEf`0!Xi!!@m!!!Aj"Icq)3[q)3!d-!!BEh"PER0
cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!Xd
!!riJ!Xrq(`Vq)!!%#R4[)#!0!Xm!!Qi!!!B!"Jm#d!,4$3,3!!)d!!!'#!B2rKi
#dJVq(J!%#QCTE'80!Y)!!@d!!!B,"Ji#d``#d`!1!!K`Df0c-6)ZD!!#!!!0!Y%
!!M3!!!B!"JMq(3,8#[iG!!3+BfC[E!d#e!!"E`!!"J3'"riF#riF!"3`!!KdC@e
`F'&dD!!)G'9YF&"KG'J'rKm!!!)#b!!#!Y8#eJd#e3!#E!!#"KB'&[iErKS"rKX
!!!(q'J!!!J,@!!)#e`,B$3,A!!*b!!!'&JBK!YN#fJd#f3!#BJ!!"KB'(3,E!Y`
0!YX!!@m!!!B@"KRq'3[q'3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4Qp
XC'9b8'&dD!d#h!!"E3!!"KN'(!,G$!,G!!`!"MT`Df0c0`!#!!!0!YS!!@m!!!!
!!!$q'![q'!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J,B!!)#hJ,I$3,H!!0*!!)
')JC-rKIq&J,J#[iA!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(q&J!!"J,
J!!2q&3,K!Z)+rK8!"!TVEf0X$3,K!!&Y!!!'*JBTrK3+rK3!"!TKE'PK"J,L!!2
q%`,M!Z3+rK-!"!TTER0S$3,M!!)d!!!',!BdrK)#j3Vq%J!%#Q0QEf`0!Z8!!@m
!!!B`"M2q%3[q%3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0
-5@jME(9NC8C[E'4PFP"KG'J'!Z3!!ri3!ZEq$`Vq%!!%#R4[)#!0!ZB!!Qi!!!B
h"NB#j`,S$3,R!!)d!!!'2`C'rJi#k3Vq$J!%#QCTE'80!ZN!!@d!!!C#"N8#kJ`
#kJ!0!!G`Df0c0bjS!!)!!!d#k!!#0!!!"MF'2ri0!ZX+rJd!"!TMCQpX$3,V!!&
[!!!'1`BqrJ`,rJ`!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eq$`!!!J,I!!)#l!,
Y$3,X!!*X!!)'63C0rJ[q#J(q#`!!!Ii+!!!#!Zd!!J,Z!Zm0!Zi!!R)!!!C0"PJ
#m!,a$3,`!!*L!!!'63C8![)#m`d#mJ!"E`!!"Nd'82i*#ri*!#3`!""MFRP`G'p
QEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3,c!!&Y!!!'8!C6![3-![3!#`!
&1R*KEQ3!!J!!$3,a!!&[!!!!!!!!rJJ,rJJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&
dD!)#l`!#![8#pJd#p3!$53!#"PN'Jri(rJB#p`Vq"`!B,Q0[FQ9MFQ9X+LSU+J!
!!!!!!*!!!'jeE'`"rJB!!!B#p`!$rJ8#q!,j#[i&!!3+DfpME!d#q!!"E3!!"Pd
'B2i%#[i%!!3+B@aTB3B#q3!$rJ-#qJ,l#[i$!!3+D@jcD!d#qJ!#0!!!"Q-'Dri
#![`+rJ)!"!TMCQpX$3,m!!&[!!!'C`CUrJ%,rJ%!0$!!''p`C@jcFfaTEQ0XG@4
PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J,l!!2q!!,prIm
+rJ!!"!TdEb!J$3,p!!*Z!!!'EJCp![i#r`d#rJ!#0!!!"RB'IIhq!`!+rIi!"!T
QD@aP$3-!!!&Y!!!'H3Cm!`%-!`%!$!!'FQ&ZC#jS!!)!!!d#r`!#0!!!"Qi'G[h
p!`)+rId!"!TMCQpX$3-#!!&[!!!'FJCerI`,rI`!&$!!#(4PEA"`BA4S!!KdC@e
`8'&dD!Epr`!!!J,f!!)$!`-%$3-$!!*X!!)'K!D%rI[pqJ(pq`!!!Ihk!!!#!`3
!!J-&!`B0!`8!!R)!!!D%"Sm$"`-)$3-(!!*L!!!'K!D,!`N$#Jd$#3!"E`!!"S3
'Krhj#rhj!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3-
+!!&Y!!!'K`D+!`X-!`X!#J!%1R*M-J!#!!!0!`J!!@m!!!!!!!$pq![pq!!8-!!
)G'9YF("KG'J!#(4PEA"3BA4S!J-'!!)$$!-0$3--!!0*!!)'N!!'Z[hhrIB$$JV
pp`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rIB!!!B$$J!$rI8$$`-3#[h
e!!3+DfpME!d$$`!"E3!!"T3'Prhd#[hd!!3+B@aTB3B$%!!$rI-$%3-5#[hc!!3
+D@jcD!d$%3!#0!!!"TS'S[hb!a-+rI)!"!TMCQpX$3-6!!&[!!!'RJDKrI%,rI%
!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'Efa
NCA*3BA4S"J-5!!2pm!-8rHm+rI!!"!TdEb!J$3-8!!*Z!!!'T3Dd!a8$&Jd$&3!
#0!!!"Ud'Y2hZ!aF+rHi!"!TQD@aP$3-A!!&Y!!!'X!Dc!aJ-!aJ!#`!&FQ-b,QJ
!!J!!$3-@!!)d!!!'T3DYrHd$'3Vpl3!%#Q0QEf`0!aN!!@m!!!DT"Ucpl![pl!!
8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[h[!!!#!`d!!J-D!aX0!aS!!Q`!!JDl"V[
pkrhU!IhV!!!"rHS!!!)$'`!#!a`$(3d$(!!#FJ!!"VX'aJ-H!am0!ai!!Q)!!!D
l"X)$)!-K$3-J!!&[!!!'Z`DqrHN,rHN!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0
bHA"dEdC[E'4PFP"KG'J0!b%!!@d!!!Dq"X%$)J`$)J!+!!3kFQ-d!!)!!!d$(`!
"E`!!!!!!!2hS#rhS!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!ad!!J-M!b30!b-
!!dN!!JE("[(pjrhQ!b8+rHF!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Ih
Q!!!'!b8!!rhP!bB$*`Vpj3!%#QY[Bf`0!bB!!@d!!!E,"Xlpj!Vpj!!%#Q&XD@%
'!bF!!rhM!bJ$+3Vpi`!%#QPZFfJ0!bJ!!M3!!!E4"YRpiJ-U#[hL!!3+BfC[E!d
$+J!"E`!!"Y8'f2hK#rhK!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p
`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B$+3!$rH!$+rhI#[hJ!!3+G'mJ)!d$+`!
#EJ!!"Y`'k`-X!bd0!b`!!M3!!!EN"Z[phJ-Z#[hH!!3+CQPXC3d$,J!"E3!!"ZF
'kJ-[$!-[!!X!"A*M0#jS!!)!!!d$,3!#0!!!"Y`'j2hG!c!+rGd!"!TMCQpX$3-
`!!&[!!!'i!EMrG`,rG`!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eph`!!!J-N!!)
$-3-b$3-a!!*X!!)'mJEbrG[pfJ(pf`!!!IhD!!!#!c)!!J-c!c30!c-!!R)!!!E
b"[d$03-f$3-e!!*L!!!'mJEj!cF$1!d$0`!"E`!!"[)'pIhC#rhC!#3`!""MFRP
`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3-i!!&Y!!!'p3Ei!cN-!cN
!#J!%1R*M03!#!!!0!cB!!@m!!!!!!!$pf![pf!!8-!!)G'9YF("KG'J!#(4PEA"
3BA4S!J-d!!)$1J-l$3-k!!0*!!)'rJFSrGIpeJ-m#[hA!"JZBfpbC@0bC@`U+LS
U!!!!!!!!N!!!ER9XE!(peJ!!"J-m!!2pe3-p!ci+rG8!"!TVEf0X$3-p!!&Y!!!
(!JF&rG3+rG3!"!TKE'PK"J-q!!2pd`-r!d!+rG-!"!TTER0S$3-r!!)d!!!(#!F
3rG)$33VpdJ!%#Q0QEf`0!d%!!@m!!!F-"`rpd3[pd3!d-!!BEh"PER0cE'PZBfa
eC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!d!!!rh3!d,
pc`Vpd!!%#R4[)#!0!d)!!Qi!!!F6"b)$3`0%$30$!!)d!!!('`FLrFi$43VpcJ!
%#QCTE'80!d8!!@d!!!FH"b%$4J`$4J!,!!9bBc8ZD!!#!!!0!d3!!M3!!!F6"a[
pc30(#[h0!!3+BfC[E!d$4`!"E`!!"aF('[h-#rh-!"3`!!KdC@e`F'&dD!!)G'9
YF&"KG'J'rFm!!!)$1`!#!dJ$53d$5!!#E!!#"bN(+Ih,rFS"rFX!!!(pbJ!!!J0
*!!)$5J0,$30+!!*b!!!(+3Fd!d`$63d$6!!#BJ!!"bN(-!01!dm0!di!!@m!!!F
T"bcpb3[pb3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d
$6`!"E3!!"b`(,`03$!03!!d!"cTbDA"PE@3!!J!!$300!!&[!!!!!!!!rFJ,rFJ
!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)$5`!#!e%$8Jd$83!$53!#"c8(Arh(rFB
$8`Vpa`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rFB!!!B$8`!$rF8$9!0
9#[h&!!3+DfpME!d$9!!"E3!!"cN(22h%#[h%!!3+B@aTB3B$93!$rF-$9J0A#[h
$!!3+D@jcD!d$9J!#0!!!"cm(4rh#!eJ+rF)!"!TMCQpX$30B!!&[!!!(3`G'rF%
,rF%!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9
'EfaNCA*3BA4S"J0A!!2p`!0CrEm+rF!!"!TdEb!J$30C!!*Z!!!(5JGC!eS$@`d
$@J!#0!!!"e)(@Ifq!e`+rEi!"!TQD@aP$30F!!&Y!!!(93GB!ed-!ed!$J!)FQP
`C@eN,QJ!!J!!$30E!!)d!!!(5JG5rEd$AJVp[3!%#Q0QEf`0!ei!!@m!!!G1"e(
p[![p[!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[fr!!!#!e)!!J0I!f!0!em!!Q`
!!JGJ"f$pZrfk!Ifl!!!"rES!!!)$B!!#!f%$BJd$B3!#FJ!!"f!(D`0M!f30!f-
!!Q)!!!GJ"fF$C30Q$30P!!&[!!!(B!GMrEN,rEN!*$!!%'0bHA"dEfC[E'4PFR"
KG'J!%'0bHA"dEdC[E'4PFP"KG'J0!fB!!@d!!!GM"fB$C``$C`!+!!3kFR0K!!)
!!!d$C!!"E`!!!!!!!2fi#rfi!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!f)!!J0
S!fN0!fJ!!dN!!JGX"jEpYrff!fS+rEF!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"
ZG@aX!Iff!!!'!fS!!rfe!fX$E!VpY3!%#QY[Bf`0!fX!!@d!!!G`"h2pY!VpY!!
%#Q&XD@%'!f`!!rfc!fd$EJVpX`!%#QPZFfJ0!fd!!M3!!!Gf"hlpXJ0[#[fb!!3
+BfC[E!d$E`!"E`!!"hS(IIfa#rfa!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"
KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B$EJ!$rE!$F2f[#[f`!!3+G'm
J)!d$F!!#EJ!!"i%(N!!$F30b$30a!!)d!!!(L3H3!2fZ!h-+rDi!"!TQD@aP$30
c!!&Y!!!(M!H2!h3-!h3!#`!&FR0K,QJ!!J!!$30b!!)d!!!(J3H*rDd$G3VpV3!
%#Q0QEf`0!h8!!@m!!!H&"iMpV![pV!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[f
[!!!#!fN!!J0f!hF0!hB!!Q`!!JHA"jIpUrfU!IfV!!!"rDS!!!)$G`!#!hJ$H3d
$H!!#FJ!!"jF(SJ0k!hX0!hS!!Q)!!!HA"ji$I!0p$30m!!&[!!!(P`HDrDN,rDN
!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0bHA"dEdC[E'4PFP"KG'J0!hd!!@d!!!H
D"jd$IJ`$IJ!-!!BkFh4KBfX!!J!!$30l!!&[!!!!!!!!rDJ,rDJ!&$!!#(4PEA"
`BA4S!!KdC@e`8'&dD!)$H3!#!hm$J!d$I`!$53!#"k-(cIfRrDB$J3VpT`!B,Q0
[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rDB!!!B$J3!$rD8$JJ1$#[fP!!3+Dfp
ME!d$JJ!"E3!!"kF(U[fN#[fN!!3+B@aTB3B$J`!$rD-$K!1&#[fM!!3+D@jcD!d
$K!!#0!!!"kd(YIfL!iB+rD)!"!TMCQpX$31'!!&[!!!(X3HdrD%,rD%!0$!!''p
`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4
S"J1&!!2pS!1(rCm+rD!!"!TdEb!J$31(!!*Z!!!(Z!I(!iJ$L3d$L!!#0!!!"m!
(arfH!iS+rCi!"!TQD@aP$31+!!&Y!!!(``I'!iX-!iX!$3!(Fh4KBfXZD!!#!!!
0!iN!!M3!!!Hi"m$pR31-#[fG!!3+BfC[E!d$M!!"E`!!"l`([rfF#rfF!"3`!!K
dC@e`F'&dD!!)G'9YF&"KG'J'rCm!!!)$J!!#!id$MJd$M3!$53!#"mi(q2fErCS
$M`VpQ`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rCS!!!B$M`!$rCN$N!!
$N3VpQ3!%#QY[Bf`0!j!!!!&Y!!!(dJI9rCJ+rCJ!"!TKE'PK"J14!!2pP`15!j-
+rCF!"!TTER0S$315!!)d!!!(f!IJrCB$P!VpPJ!%#Q0QEf`0!j3!!@m!!!IF"pr
pP3[pP3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9
NC8C[E'4PFP"KG'J'!j-!!rf8!jApN`VpP!!%#R4[)#!0!j8!!Qi!!!IM"r)$PJ1
A$31@!!)d!!!(k`IbrC)$Q!VpNJ!%#QCTE'80!jJ!!@d!!!IZ"r%$Q3`$Q3!4!!Y
cB@CPFh4KBfXZD!!#!!!0!jF!!M3!!!IM"q[pN31D#[f4!!3+BfC[E!d$QJ!"E`!
!"qF(k[f3!![pN!!!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!EpN`!!!J11!!)$Q`1
F$31E!!*X!!)(q3IjrBrpMJ(pM`!!!If1!!!#!j`!!J1G!ji0!jd!!R)!!!Ij#!3
$R`1J$31I!!*L!!!(q3J!!k%$SJd$S3!"E`!!"rN(r2f0#rf0!#3`!""MFRP`G'p
QEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$31L!!&Y!!!(r!Ir!k--!k-!#J!
%1R0SB3!#!!!0!k!!!@m!!!!!!!$pM![pM!!8-!!)G'9YF("KG'J!#(4PEA"3BA4
S!J1H!!)$T!1P$31N!!0*!!))"3J[rB[pLJ1Q#[f,!"JZBfpbC@0bC@`U+LSU!!!
!!!!!N!!!ER9XE!(pLJ!!"J1Q!!2pL31R!kJ+rBN!"!TVEf0X$31R!!&Y!!!)#3J
-rBJ+rBJ!"!TKE'PK"J1S!!2pK`1T!kS+rBF!"!TTER0S$31T!!)d!!!)$`JArBB
$U`VpKJ!%#Q0QEf`0!kX!!@m!!!J6#"EpK3[pK3!d-!!BEh"PER0cE'PZBfaeC'9
QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!kS!!rf%!kcpJ`V
pK!!%#R4[)#!0!k`!!Qi!!!JD##N$V31Z$31Y!!)d!!!))JJTrB)$V`VpJJ!%#QC
TE'80!km!!@d!!!JP##J$X!`$X!!,!!9cD'%ZD!!#!!!0!ki!!M3!!!JD##,pJ31
a#[f"!!3+BfC[E!d$X3!"E`!!#"i))If!#rf!!"3`!!KdC@e`F'&dD!!)G'9YF&"
KG'J'rB-!!!)$T3!#!l)$X`d$XJ!#E!!##$!)-2errAi"rAm!!!(pIJ!!!J1c!!)
$Y!1e$31d!!*b!!!)-!Jl!lB$Y`d$YJ!#BJ!!#$!)0`1i!lN0!lJ!!@m!!!J`#$2
pI3[pI3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d$Z3!
"E3!!#$-)0J1k$!1k!!d!"cTdH(4IC')!!J!!$31h!!&[!!!!!!!!rA`,rA`!&$!
!#(4PEA"`BA4S!!KdC@e`8'&dD!)$Y3!#!lX$[!d$Z`!$53!##$`)C[elrAS$[3V
pH`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rAS!!!B$[3!$rAN$[J1r#[e
j!!3+DfpME!d$[J!"E3!!#%!)3rei#[ei!!3+B@aTB3B$[`!$rAF$`!2"#[eh!!3
+D@jcD!d$`!!#0!!!#%B)6[ef!m)+rAB!"!TMCQpX$32#!!&[!!!)5JK0rA8,rA8
!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'Efa
NCA*3BA4S"J2"!!2pG!2$rA-+rA3!"!TdEb!J$32$!!*Z!!!)83KJ!m3$a3d$a!!
#0!!!#&N)B2eb!mB+rA)!"!TQD@aP$32'!!&Y!!!)A!KI!mF-!mF!$J!)G(KdAf4
L,QJ!!J!!$32&!!)d!!!)83KCrA%$b!VpF3!%#Q0QEf`0!mJ!!@m!!!K9#&MpF![
pF!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[ec!!!#!l`!!J2*!mS0!mN!!Q`!!JK
R#'IpEreZ!Ie[!!!"r@i!!!)$bJ!#!mX$c!d$b`!#FJ!!#'F)FJ20!mi0!md!!Q)
!!!KR#'i$c`23$322!!&[!!!)C`KUr@d,r@d!*$!!%'0bHA"dEfC[E'4PFR"KG'J
!%'0bHA"dEdC[E'4PFP"KG'J0!p!!!@d!!!KU#'d$d3`$d3!,!!8kH$8`13!#!!!
0!mi!!@m!!!!!!!$pE![pE!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J2-!!)$dJ2
6$325!!0*!!))F`LGr@[pDJ28#[eV!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9
XE!(pDJ!!"J28!!2pD329!pB+r@N!"!TVEf0X$329!!&Y!!!)G`Kkr@J+r@J!"!T
KE'PK"J2@!!2pC`2A!pJ+r@F!"!TTER0S$32A!!)d!!!)I3L&r@B$f3VpCJ!%#Q0
QEf`0!pN!!@m!!!L"#)6pC3[pC3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4
S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!pJ!!reN!pVpB`VpC!!%#R4[)#!
0!pS!!Qi!!!L)#*F$f`2F$32E!!)d!!!)N!!)PreL!pd+r@)!"!TQD@aP$32G!!&
Y!!!)N`L@!pi-!pi!$!!'H$8`15jS!!)!!!d$h!!#0!!!#)J)N!$pB32I#[eK!!3
+BfC[E!d$h`!"E`!!#)`)MreJ#reJ!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'r@-
!!!)$d`!#!q!$i3d$i!!$53!##*i)b2eIr9i$iJVpA`!B,Q0[FQ9MFQ9X+LSU+J!
!!!!!!*!!!'jeE'`"r9i!!!B$iJ!$r9d$i`2N#[eG!!3+DfpME!d$i`!"E3!!#+)
)TIeF#[eF!!3+B@aTB3B$j!!$r9X$j32Q#[eE!!3+D@jcD!d$j3!#0!!!#+J)X2e
D!qF+r9S!"!TMCQpX$32R!!&[!!!)V!L[r9N,r9N!0$!!''p`C@jcFfaTEQ0XG@4
PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J2Q!!2p@!2Sr9F
+r9J!"!TdEb!J$32S!!*Z!!!)X`M#!qN$kJd$k3!#0!!!#,X)`[e@!qX+r9B!"!T
QD@aP$32V!!&Y!!!)[JM"!q`-!q`!%!!+H$8`19pfCRNZD!!#!!!0!qS!!M3!!!L
c#,[p932Y#[e9!!3+BfC[E!d$l3!"E`!!#,F)Z[e8#re8!"3`!!KdC@e`F'&dD!!
)G'9YF&"KG'J'r9F!!!)$i3!#!qi$l`d$lJ!#E!!##-N)bIe6r9)"r9-!!!(p8J!
!!J2[!!)$m!2a$32`!!*b!!!)b3M8!r)$m`d$mJ!#BJ!!#-N)d!2d!r80!r3!!@m
!!!M*#-cp83[p83!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&
dD!d$p3!"E3!!#-`)c`2f$!2f!!d!"cTi06!jGM-!!J!!$32c!!&[!!!!!!!!r9!
,r9!!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)$m3!#!rF$q!d$p`!$53!##08)rre
2r8i$q3Vp6`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r8i!!!B$q3!$r8d
$qJ2l#[e0!!3+DfpME!d$qJ!"E3!!#0N)h2e-#[e-!!3+B@aTB3B$q`!$r8X$r!2
p#[e,!!3+D@jcD!d$r!!#0!!!#0m)jre+!ri+r8S!"!TMCQpX$32q!!&[!!!)i`M
Qr8N,r8N!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfa
eC'9'EfaNCA*3BA4S"J2p!!2p5!2rr8F+r8J!"!TdEb!J$32r!!*Z!!!)kJMj"!!
%!3d%!!!#0!!!#2))qIe'"!)+r8B!"!TQD@aP$33#!!&Y!!!)p3Mi"!--"!-!$J!
)H$8`1ABc,QJ!!J!!$33"!!)d!!!)kJMbr88%"!Vp43!%#Q0QEf`0"!3!!@m!!!M
Z#2(p4![p4!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[e(!!!#!rJ!!J3&"!B0"!8
!!Q`!!JN!#3$p3re#!Ie$!!!"r8)!!!)%"J!#"!F%#!d%"`!$53!##3!*+[e"r8!
%#3Vp33!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r8!!!!B%#3!$r6m%#J3
,#[dr!!3+DfpME!d%#J!"E3!!#33*"rdq#[dq!!3+B@aTB3B%#`!$r6d%$!30#[d
p!!3+D@jcD!d%$!!#0!!!#3S*%[dm"!i+r6`!"!TMCQpX$331!!&[!!!*$JN4r6X
,r6X!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9
'EfaNCA*3BA4S"J30!!2p1J32r6N+r6S!"!TdEb!J$332!!*Z!!!*&3NN""!%%3d
%%!!#0!!!#4d**2di"")+r6J!"!TQD@aP$335!!&Y!!!*)!NM""--""-!#`!&Fh0
X,QJ!!J!!$334!!)d!!!*&3NGr6F%&!Vp0`!%#Q0QEf`0""3!!@m!!!NC#4cp0J[
p0J!H-!!0Fh0XCQpXC'9bF'&dD!!0Fh0X4QpXC'9b8'&dD!Ep13!!!J3)!!)%&33
@$339!!0*!!)*+`P9r6Ap0!3A#[de!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9
XE!(p0!!!"J3A!!2p-`3B""N+r6-!"!TVEf0X$33B!!&Y!!!*,`Nbr6)+r6)!"!T
KE'PK"J3C!!2p-33D""X+r6%!"!TTER0S$33D!!)d!!!*03Npr6!%(!Vp-!!%#Q0
QEf`0""`!!@m!!!Nj#6cp,`[p,`!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4
S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'""X!!rdZ""hp,3Vp,J!%#R4[)#!
0""d!!Qi!!!P!#8m%(J3I$33H!!)d!!!*5!P2r5`%)!Vp,!!%#QCTE'80"#!!!@d
!!!P,#8i%)3`%)3!-!!CcFf`b,QJ!!J!!$33I!!)d!!!*3!P)r5X%)JVp+`!%#Q0
QEf`0"#)!!@m!!!P%#8Ip+J[p+J!H-!!0Fh0XCQpXC'9bF'&dD!!0Fh0X4QpXC'9
b8'&dD!Ep,3!!!J3@!!)%)`3N$33M!!0*!!)*9JQ!r5Rp+!3P#[dT!"JZBfpbC@0
bC@`U+LSU!!!!!!!!N!!!ER9XE!(p+!!!"J3P!!2p*`3Q"#F+r5F!"!TVEf0X$33
Q!!&Y!!!*@JPGr5B+r5B!"!TKE'PK"J3R!!2p*33S"#N+r58!"!TTER0S$33S!!)
d!!!*B!PSr53%+JVp*!!%#Q0QEf`0"#S!!@m!!!PN#@Ip)`[p)`!d-!!BEh"PER0
cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'"#N
!!rdL"#[p)3Vp)J!%#R4[)#!0"#X!!Qi!!!PV#AS%,!3Y$33X!!)d!!!*F`Pkr5!
%,JVp)!!%#QCTE'80"#i!!@d!!!Pf#AN%,``%,`!0!!GcFf`b-bjS!!)!!!d%,3!
#0!!!#@X*FrdI"$!+r4m!"!TMCQpX$33`!!&[!!!*E`Pbr4i,r4i!(M!!$A0cE'C
[E'4PFR"KG'J!$A0cE%C[E'4PFP"KG'J'r5%!!!)%*!!#"$%%-Jd%-3!$53!##B%
*UrdGr4`%-`Vp(3!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r4`!!!B%-`!
$r4X%0!3e#[dE!!3+DfpME!d%0!!"E3!!#B8*L2dD#[dD!!3+B@aTB3B%03!$r4N
%0J3h#[dC!!3+D@jcD!d%0J!#0!!!#BX*NrdB"$J+r4J!"!TMCQpX$33i!!&[!!!
*M`Q5r4F,r4F!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%P
ZBfaeC'9'EfaNCA*3BA4S"J3h!!2p&J3jr48+r4B!"!TdEb!J$33j!!*Z!!!*PJQ
P"$S%1`d%1J!#0!!!#Ci*TId8"$`+r43!"!TQD@aP$33m!!&Y!!!*S3QN"$d-"$d
!$!!'Fh0X-bjS!!)!!!d%1`!#0!!!#CB*R[d6"$i+r4-!"!TMCQpX$33q!!&[!!!
*QJQGr4),r4)!(M!!$A0cE'C[E'4PFR"KG'J!$A0cE%C[E'4PFP"KG'J'r48!!!)
%-J!#"$m%3!d%2`!$53!##D`*e[d4r4!%33Vp%3!B,Q0[FQ9MFQ9X+LSU+J!!!!!
!!*!!!'jeE'`"r4!!!!B%33!$r3m%3J4$#[d2!!3+DfpME!d%3J!"E3!!#E!*Xrd
1#[d1!!3+B@aTB3B%3`!$r3d%4!4&#[d0!!3+D@jcD!d%4!!#0!!!#EB*[[d-"%B
+r3`!"!TMCQpX$34'!!&[!!!*ZJQpr3X,r3X!0$!!''p`C@jcFfaTEQ0XG@4PCQp
XC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J4&!!2p#J4(r3N+r3S
!"!TdEb!J$34(!!*Z!!!*`3R3"%J%53d%5!!#0!!!#FN*d2d)"%S+r3J!"!TQD@a
P$34+!!&Y!!!*c!R2"%X-"%X!$!!'G'ac-5jS!!)!!!d%53!#0!!!#F%*bId("%`
+r3F!"!TMCQpX$34-!!&[!!!*a3R)r3B,r3B!(M!!$A0cE'C[E'4PFR"KG'J!$A0
cE%C[E'4PFP"KG'J'r3N!!!)%3!!#"%d%6Jd%63!#E!!##GF*erd&r33"r38!!!(
p"!!!!J41!!)%6`43$342!!0*!!)*e`S"r32p!J44#[d$!"JZBfpbC@0bC@`U+LS
U!!!!!!!!N!!!ER9XE!(p!J!!"J44!!2p!345"&-+r3%!"!TVEf0X$345!!&Y!!!
*f`RHr3!+r3!!"!TKE'PK"J46!!2mr`48"&8+r2m!"!TTER0S$348!!)d!!!*i3R
Tr2i%9JVmrJ!%#Q0QEf`0"&B!!@m!!!RP#HMmr3[mr3!d-!!BEh"PER0cE'PZBfa
eC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'"&8!!rcm"&I
mq`Vmr!!%#R4[)#!0"&F!!Qi!!!RX#IX%@!4C$34B!!)d!!!*p!Rlr2S%@JVmqJ!
%#QCTE'80"&S!!@d!!!Rh#IS%@``%@`!1!!KMFRP`G'mZD!!#!!!0"&N!!M3!!!R
X#I6mq34F#[cj!!3+BfC[E!d%A!!"E`!!#I!*mrci#rci!#3`!""MFRP`G'pQEfa
NCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S"[cl!!!#"&!!!J4G"&i0"&d!!Q`!!JS
##J,mprcf!Ich!!!"r2B!!!)%AJ!#"&m%B!d%A`!$53!##J)+,2cer23%B3Vmp3!
B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r23!!!B%B3!$r2-%BJ4M#[cc!!3
+DfpME!d%BJ!"E3!!#JB+#Icb#[cb!!3+B@aTB3B%B`!$r2%%C!4P#[ca!!3+D@j
cD!d%C!!#0!!!#J`+&2c`"'B+r2!!"!TMCQpX$34Q!!&[!!!+%!S6r1m,r1m!0$!
!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*
3BA4S"J4P!!2mlJ4Rr1d+r1i!"!TdEb!J$34R!!*Z!!!+&`SQ"'J%D3d%D!!#0!!
!#Km+*[cX"'S+r1`!"!TQD@aP$34U!!&Y!!!+)JSP"'X-"'X!%!!+Eh"PER0cE(B
ZD!!#!!!0"'N!!M3!!!SA#Krmk`4X#[cV!!3+BfC[E!d%E!!"E`!!#KX+([cU#rc
U!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S"[cY!!!#"'!
!!J4Y"'i0"'d!!dN!!JSY#PImkIcS"'m+r1N!'#jMEh*PBh*PE#SU+LS!!!!!!!#
3!!"ZG@aX!IcS!!!'"'m!!rcR"(!%F3Vmj`!%#QY[Bf`0"(!!!@d!!!Sa#M6mjJV
mjJ!%#Q&XD@%'"(%!!rcP"()%F`Vmj3!%#QPZFfJ0"()!!M3!!!Sh#Mrmj!4d#[c
N!!3+BfC[E!d%G!!"E`!!#MX+2[cM#rcM!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4
PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B%F`!$r1)%GIcK#[cL!!3
+G'mJ)!d%G3!#EJ!!#N)+834f"(F0"(B!!M3!!!T+#P(mi!4i#[cJ!!3+CQPXC3d
%H!!"E3!!#Nd+8!4j$!4j!!i!#(4YC'PQCLjS!!)!!!d%G`!#0!!!#N)+5[cI"(S
+r0m!"!TMCQpX$34k!!&[!!!+4JT*r0i,r0i!*$!!%'0bHA"dEfC[E'4PFR"KG'J
!%'0bHA"dEdC[E'4PFP"KG'J'r1%!!!)%EJ!#"(X%I!d%H`!#E!!##PJ+@2cGr0`
"r0d!!!(mh!!!!J4m!!)%I34q$34p!!*X!!)+@!TBr0[mfJ(mf`!!!IcD!!!#"(i
!!J4r")!0"(m!!dN!!JTB#S,mfIcB")%+r0N!'#jMEh*PBh*PE#SU+LS!!!!!!!#
3!!"ZG@aX!IcB!!!'")%!!rcA"))%J`Vme`!%#QY[Bf`0"))!!@d!!!TF#PrmeJV
meJ!%#Q&XD@%'")-!!rc9")3%K3Vme3!%#QPZFfJ0")3!!M3!!!TL#QVme!5'#[c
8!!3+BfC[E!d%KJ!"E`!!#QB+DIc6#rc6!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4
PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B%K3!$r0)%Krc4#[c5!!3
+G'mJ)!d%K`!#EJ!!#Qd+I!5)")N0")J!!M3!!!Te#Rcmd!5+#[c3!!3+CQPXC3d
%LJ!"E3!!#RJ+H`5,$!5,!!`!"Q9IEh-ZD!!#!!!0")N!!M3!!!TY#RAmc`5-#[c
2!!3+BfC[E!d%M!!"E`!!#R%+G2c1#rc1!#B`!"&[F'9ZFh0XCQpXC'9bF'&dD!!
4Eh"PER0cE%C[E'4PFP"KG'J'r0%!!!)%J!!#")d%MJd%M3!$53!##S-+VIc0r-`
%M`Vmc3!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r-`!!!B%M`!$r-X%N!!
%N3Vmb`!%#QY[Bf`0"*!!!!&Y!!!+K`U+r-S+r-S!"!TKE'PK"J54!!2mb355"*-
+r-N!"!TTER0S$355!!)d!!!+M3U9r-J%P!Vmb!!%#Q0QEf`0"*3!!@m!!!U4#T6
ma`[ma`!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9
NC8C[E'4PFP"KG'J'"*-!!rc'"*Ama3VmaJ!%#R4[)#!0"*8!!Qi!!!UB#UF%PJ5
A$35@!!)d!!!+S!URr-3%Q!Vma!!%#QCTE'80"*J!!@d!!!UM#UB%Q3`%Q3!0!!G
PAfpc-LjS!!)!!!d%P`!#0!!!#TJ+S2c$"*S+r--!"!TMCQpX$35D!!&[!!!+R!U
Ir-),r-)!*M!!%@p`C@jcFfaQEfaNCA*`BA4S!"&[F'9ZFh0X4QpXC'9b8'&dD!E
ma3!!!J51!!)%Qrc"$35E!!*X!!)+VJUZr-$m[`(m`!!!!Ibr!!!#r-%!!!d!#3!
"E3!!!!!!!3!I!Irq!!!#!!B!!J5F"*d0"*`!!Q`!!J!!!!$m[[bp!Ibq!!!"r,d
!!!)%R3!#"*i%R`d%RJ!#E!!##V%+b!5Jr,`0"+!!!dN!!JUa#XMmZ`5K"+)+r,X
!'#jcHA0[C'a[Cf&cDh)!!!!!!!!!!&4&@&30"+%!!@d!!!Ua#V3%S``%S`!'!!!
!!J!!"J5L!!2mZJ5N"+8+r,S!"!TLG'jc$35N!!&+!!!+Y`Um"+B#"+B!!J5Rr,N
0"+F!!@d!!!Uh#VS%U!`%U!!+!!4%EfjP!!)!!!,mZ3!!"J5P!!2mZ!5Tr,F+r,J
!"!TRDACe$35T!!&Y!!!+[`V#r,B$r,B!"3EmY`!!!Ibm!!!#"*m!!J5Ur,80"+S
!!Q`!!J!!!!$mY2bc!Ibd!!!"r,-!!!,mY3!!$J!#!!!2%!!$!",mXJ5V"+`%V35
Z"+m%X!5a",)%X`5d",8%YJ5hr,(mX2b[r+i"r,)!!"!%U`!3r+hmV2bVr+VmUIb
Sr+ImT[bPr+6mSrbLr+(mS2bIr*i+r+d!'#jKCACdEf&`F'jeE'`!!)!!!!#3!!!
U+LSU#rbX!")`!!GdD'9`BA4S!!GdD'93BA4S#rbV!"``!!adD'9[E'4NC@aTEA-
!$(4SC8pXC%4PE'PYF`[mUJ!J-!!1G'KPF(*[DQ9MG("KG'J!$R4SC9"bEfTPBh4
3BA4S#rbT!"B`!!PdD'9YCA"KG'J!#A4SC8eP8'&dD![mU!!Q-!!4D@jME(9NC@C
[E'4PFR"KG'J!%@PZBfaeC'9'EfaNCA*3BA4S#rbR!$3`!"K[F'9ZFh0XD@jME(9
NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD![mTJ!N-!!3Bh*
jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD![mT3!H-!!0Fh0XCQpXC'9
bF'&dD!!0Fh0X4QpXC'9b8'&dD![mT!!Q-!!4Eh"PER0cE'C[E'4PFR"KG'J!%@p
`C@jcFfa'EfaNCA*3BA4S#rbM!#i`!"9dD'9ZCAGQEfaNCA*bC@CPFQ9ZBf8!&A4
SC8jPGdC[E'4PFP*PCQ9bC@jMC3[mSJ!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!Ib
K!!!"r+!!!!(mR`!!!IbH!!!1"+`!"a$mR35ir*cmQ`5j",VmQJVmR3!B,Q&PGR4
[BA"`ER9XE!!!J!!!!*!!!#SU+LS0",J!!@X!!!!!#XJ%Z`)%Z`!#!!8%[!)%[!!
#"*lmQ3,mQ3!!!IbF!!!#r*X!!"!%Z3!!%!5k!)B!(rbBr*ImP[b9r*6mNrb5!#c
mNIb3!2b2r)lmMIb-!%rmL`"D!&[mLJ"Nr)N!EIb)r)ImKJ#2r)AmK2b$r),mJIb
!r(rmI[apr(cmH`#Tr(VmHIair(F![Iaf!-ImG3$8!1)!l!$j!3-"%!%D!5F"-3%
q!8J"93&I!@`"GJ'$!Bd"QJ'N!E%"Z`()!G)"h`(T!IB#!!)0!KF#*!)Z!MX#43*
5!P`#D3*c!S!#LJ+A!U%#VJ+m!XB#d`,G!ZS#p!-"!`X$'!-L!bm$130'!e!$A30
R!h3$IJ1,!jN$S`1`!lS$a`24!pi$l!2f"!-%%`3K"#m%234,"&X%D`4j")X%Q35
Mr(3%U2acr(,mF3VmQ!!%#Q0[BQS+r*F!'#jPBA*cCQCNFQ&XDA-!!!!!!!!J!'&
QC()+r*B!"!TMG(Kd#rb9!")`!!GdD'9`BA4S!!GdD'93BA4S#[b8!!3+BA0MFJV
mN`!%#R4iC'`,r*)!($!!$(4SC@pXC'4PE'PYF`!-G'KP6faN4'9XD@ec#[b4!!3
+BfPdE32mN!$rr3[mM`!J-!!1G'KPF(*[DQ9MG("KG'J!$R4SC9"bEfTPBh43BA4
S!rb1rri+r)d!"!T849K8#rb-!"B`!!PdD'9YCA"KG'J!#A4SC8eP8'&dD![mL`!
Q-!!4D@jME(9NC@C[E'4PFR"KG'J!%@PZBfaeC'9'EfaNCA*3BA4S#rb+!$3`!"K
[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&
dD![mL3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD![mL!!
H-!!0Fh0XCQpXC'9bF'&dD!!0Fh0X4QpXC'9b8'&dD![mK`!Q-!!4Eh"PER0cE'C
[E'4PFR"KG'J!%@p`C@jcFfa'EfaNCA*3BA4S#[b'!!3+BfC[E!VmK3!B,QeTFf0
cE'0d+LSU+J!!!!!!!*!!!#SU+LS+r)3!"!TcC@aP#[b$!"JZBfpbC@4PE'mU+LS
U!!!!!!!!N!!!+LSU+J(mJJ!!![b"!!!+r)!!"!TVEf0X#[ar!!3+D@jcD!2mIJ!
%#[ap!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!VmI!!%#R*cE(3,r(X!,M!
!&A4SC@jPGfC[E'4PFR*PCQ9bC@jMC3!9G'KP6Q9h4QpXC'9b8Q9QCA*PEQ0P#[a
k!!3+F'jKE3VmH3!%#Q&XD@%+r(J!"!TdEb!J#[ah!!3+CQPXC32mGJ!'#rae!"3
`!!KdC@e`F'&dD!!)G'9YF&"KG'J+r(3!"!TLG'jc#[ac!!3+CfPfG32mFJ!&#[a
a!"JZFhPcEf4XEfGKFfYb!!!!!!!!!!"849K8%IbD#XRJ%JUYi1%TDJ`!!LrM*N9
4e%r&jLa&edrSaHBX4Nr%@qPF@eTVA&VU-NAE6m4Ek9aE@QYF@Z`bl5C&hNr,lbA
Y*N9J!""2bf%!%59K!")Pl5C&B!!66mYK!"3Pl5C&B!!96mYK!"BPl5C&B!!A6m[
Y*N9J!"K2amAQ,%C2&!!L+Q%!'9m!%#pK!"PK!"S[DJ`!'dmUB3!F,'S-!"eA!!K
B!"i!(fK2+Q%!)'%!'@%!)5TK!"PI!"![B3!L$!!M6em!*%9J!#92A`!PDJ`!'dp
K!#BUB3!F,'%!*ba'6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"R1,f%!+Q%!+bp
K!#`-!#02A`!9B3!Y*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,Lp
K!#TK!#m[B3!X$!!M6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3!
`,f%!,!`!)dpI!"9K!$%P4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!
Z,f%!+Q%!-LpK!#`-!#02A`!9B3!c*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!
T+Q%!'9m!,LpK!#TK!$3[B3!X$!!M6em!&@%!059&B!!Z6bTK!#"K!#KK!#%UB3!
CA`!6,f%!+5TK!"PI!#i[B3!UB3!f,f%!,!`!)dpI!"9K!$FP4@!!,NmUB3!JB3!
SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!1#pK!#`-!#02A`!9B3!j*89J!#j
2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!$S[B3!X$!!M6em!&@%
!1b9&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3!m,f%!,!`
!)dpI!"9K!$dP4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%
!2LpK!#`-!#02A`!9B3!r*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m
!,LpK!#TK!%![B3!X$!!M6em!&@%!359&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%
!+5TK!"PI!#i[B3!UB3"#,f%!,!`!)dpI!"9K!%-P4@!!,NmUB3!JB3!SB3!K+Q%
!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!4#pK!#`-!#02A`!9B3"&*89J!#j2+Q%!)'%
!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!%B[B3!X$!!M6em!&@%!4b9&B!!
Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"),f%!,!`!)dpI!"9
K!%NP4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!5LpK!#`
-!#02A`!9B3",*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#T
K!%`[B3!X$!!M6em!&@%!659&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"P
I!#i[B3!UB3"1,f%!,!`!)dpI!"9K!%mP4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bp
K!#NUB3!CA`!Z,f%!+Q%!8#pK!#`-!#02A`!9B3"4*89J!#j2+Q%!)'%!+'%!)5T
K!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!&)[B3!X$!!M6em!&@%!8b9&B!!Z6bTK!#"
K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"8,f%!,!`!)dpI!"9K!&8P4@!
!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!9LpK!#`-!#02A`!
9B3"A*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!&J[B3!
X$!!M6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"C,f%!,!`!)dp
I!"9K!&SP4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!@bp
K!#`-!#02A`!9B3"F*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,Lp
K!#TK!&d[B3!X$!!M6em!&@%!AL9&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5T
K!"PI!#i[B3!UB3"I,f%!,!`!)dpI!"9K!'!P4@!!,NmUB3!JB3!SB3!K+Q%!'9m
!%bpK!#NUB3!CA`!Z,f%!+Q%!B5pK!#`-!#02A`!9B3"L*89J!#j2+Q%!)'%!+'%
!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!'-[B3!X$!!M6em!&@%!C#9&B!!Z6bT
K!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"P,f%!,!`!)dpI!"9K!'B
P4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!CbpK!#`-!#0
2A`!9B3"S*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!'N
[B3!X$!!M6em!&@%!DL9&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i
[B3!UB3"V,f%!,!`!)dmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%
!E#pK!#`-!#02A`!9B3"Y*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m
!,LpK!#TK!'i[B3!X$!!M6em!&@%!Eb9&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%
!+5TK!"PI!#i[B3!UB3"`,f%!,!`!)dpI!"9K!(%P4@!!,NmUB3!JB3!SB3!K+Q%
!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!FLpK!#`-!#02+Q%!)'%!+'%!)5TK!"PI!"-
[B3!T+Q%!'9m!,LpK!#TK!(-[B3!X$!!M6em!&@%!G#9&B!!Z6bTK!#"K!#KK!#%
UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"e,f%!,!`!)dmUB3!JB3!SB3!K+Q%!'9m
!%bpK!#NUB3!CA`!A,f%!+Q%!GLpK!#`-!#02+Q%!)'%!+'%!)5TK!"PI!"-[B3!
T+Q%!'9m!&bpK!#TK!(F[B3!X$!!M6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"P
I!"F[B3!UB3"i,f%!,!`!)dmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!A,f%
!+Q%!H5pK!#`-!#02+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!&bpK!#TK!(S
[B3!X$!!M6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!"8[B3!UB3"l,f%!,!`
!)dmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!9,f%!+Q%!I#pK!#`-!#02+Q%
!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!&5pK!#TK!(d[B3!X$!!M6bTK!#"K!#K
K!#%UB3!CA`!6,f%!+5TK!"PI!"J[B3!UB3"q,f%!,!`!)dmUB3!JB3!SB3!K+Q%
!'9m!%bpK!#NUB3!CA`!B,f%!+Q%!IbpK!#`-!#028&92B3#!B3#"B3##DhCK!)0
K!)4K!#)-!)82$!5Y!&%!5deKBfPZG'pcD#")4$T%CA0VG'p`)%C[E'4PFMT*EQ0
[E@PZCcT[F'9ZFh0X,90139!Y-6Nj16%b-6%k6@&M6e-kE@YXD@jVFbjKF`!#!!!
1"+i!!J6mF!5p!ra`!!%1",d!!3!%[J`%[J!'!!!!!J!!$J5[!!)%r'm%[`2mE`!
%$J5r!!3!"-!%`36#"---"-!!%J!-6@&MD@jdEh0S)%K%!!)!!!`%`3!8!!j%CA0
VG'p`)%C[E'4PFJ!#!!!-"-)!$J!)5@jMEfeTEQF!!J!!$!6$!"X!&@p`C@jcFf`
Y8dj"8#da16Nj-6)a-3!#!!!-",!!4J"!6@&MD@jdEh0S)%K%1N4PFfYdEh!J4Qp
XC'9b1NPZBfpYD@jR1Qp`C@jcFf`Y8dj"8#da16Nj-6)a-6T0B@028`!#!!!-",%
!5!"#6@&MD@jdEh0S)%K%1N4PFfYdEh!J4QpXC'9b1NPZBfpYD@jR1Qp`C@jcFf`
Y8dj"8#da16Nj-6)a-6TTEQ0XG@4P!!)!!!`%XJ"3!%T0B@0TER4[FfJJ5%3k4'9
cDh4[F#"'EfaNCA)k5@jMEfeTEQFkEh"PER0cE#e66N&3,6%j16Na-M%a1QPZBfa
eC'8kEh"PER0cE!!#!!!-",-!4`""6@&MD@jdEh0S)%K%1N4PFfYdEh!J4QpXC'9
b1NPZBfpYD@jR1Qp`C@jcFf`Y8dj"8#da16Nj-6)a-6TMFRP`G'm!!J!!$!5d!%3
!2NeKBfPZG'pcD#")4$T%CA0VG'p`)%C[E'4PFMT*EQ0[E@PZCcT[F'9ZFh0X,90
139!Y-6Nj16%b-6%kFh0X!!)!!!`%Y3"!!$T0B@0TER4[FfJJ5%3k4'9cDh4[F#"
'EfaNCA)k5@jMEfeTEQFkEh"PER0cE#e66N&3,6%j16Na-M%a!!)!!!i%YJ!"&!6
%$J6%!!-B"-AmEJ6'$J6&!!-B"-ImE36)$J6(!!-B"-RmE!6+$J6*!!-B!"rmD`6
,#[aV!!3+BfC[E!`%b`!1!!K*EQ0[E@PZC`!#!!!+r'`!"!TMCQpX$!6+!"X!&@p
`C@jcFf`Y8dj"8#da16Nj-6)a-3!#!!!+r'd!"!TMCQpX$!6)!!d!"fPZBfaeC'8
!!J!!#[aZ!!3+BfC[E!`%aJ!9!!peER4TG'aPC#"QEfaNCA)!!J!!$!5h!%i!5%e
KBfPZG'pcD#")4$T%CA0VG'p`)%C[E'4PFMT*EQ0[E@PZCcT[F'9ZFh0X,90139!
Y-6Nj16%b-6%kBh*jF(4[1RJe-$Pf-`!#!!!"r,%!!!(mX!!!!Ib[!!!"r+i!!'&
cBh)!!3!-qYlHV3!!!3!!!*G#!!#@3J!!!AB!!$-8-0J!!!!F!AB!$h0MFhS!!!#
#6Np853!!!)jcBh"d!!!!QP4&@&3!!3#QFh4jE!!!!,j$6d4&!!%!bN*14%`!!!$
LBA"XG!!!!1j'8N9'!!!!qNP$6L-!!!%'D@0X0!!!!4*TBh-M!!!"(QPMFc3!!!%
UD'CNFJ!!!6C659T&!!!"3PG3Eh-!!!&1!!$rr`!!!!!!!!!!!)$rre!!!"i!!!!
!!)$rr`!!"cJ#DH#m"'Mrr`!!!*S!!!!!%iRrr`!!"Pi!!!!!"'Mrr`!!!53!!!!
!!!$rrb!!!9)!!!!!!!(rra3!!@i#DG`%!)$rr`!!!Pi#DH"X!!$rr`!!!Ri!!!!
!!)$rr`!!!S-#DH"d!*Err`!!!Si!!!!!!*Err`!!!j)!!!!!!*Err`!!"CB#DH%
i!*Err`!!"GS#DH%dkF$rr`!!"[`!!!!!rrrrr`!!"a)!!!!!!)$rr`!!"b!!!!!
!*4S:

126
deps/openssl/openssl/MacOS/opensslconf.h vendored
View file

@ -1,126 +0,0 @@
/* MacOS/opensslconf.h */
#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
# if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
# define OPENSSLDIR "/usr/local/ssl"
# endif
#endif
#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
# define IDEA_INT unsigned int
#endif
#if defined(HEADER_MD2_H) && !defined(MD2_INT)
# define MD2_INT unsigned int
#endif
#if defined(HEADER_RC2_H) && !defined(RC2_INT)
/* I need to put in a mod for the alpha - eay */
# define RC2_INT unsigned int
#endif
#if defined(HEADER_RC4_H)
# if !defined(RC4_INT)
/*
* using int types make the structure larger but make the code faster on most
* boxes I have tested - up to %20 faster.
*/
/*-
* I don't know what does "most" mean, but declaring "int" is a must on:
* - Intel P6 because partial register stalls are very expensive;
* - elder Alpha because it lacks byte load/store instructions;
*/
# define RC4_INT unsigned char
# endif
# if !defined(RC4_CHUNK)
/*
* This enables code handling data aligned at natural CPU word
* boundary. See crypto/rc4/rc4_enc.c for further details.
*/
# define RC4_CHUNK unsigned long
# endif
#endif
#if defined(HEADER_DES_H) && !defined(DES_LONG)
/*
* If this is set to 'unsigned int' on a DEC Alpha, this gives about a %20
* speed up (longs are 8 bytes, int's are 4).
*/
# ifndef DES_LONG
# define DES_LONG unsigned long
# endif
#endif
#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
# define CONFIG_HEADER_BN_H
# if __option(longlong)
# define BN_LLONG
# else
# undef BN_LLONG
# endif
/* Should we define BN_DIV2W here? */
/* Only one for the following should be defined */
/*
* The prime number generation stuff may not work when EIGHT_BIT but I don't
* care since I've only used this mode for debuging the bignum libraries
*/
# undef SIXTY_FOUR_BIT_LONG
# undef SIXTY_FOUR_BIT
# define THIRTY_TWO_BIT
# undef SIXTEEN_BIT
# undef EIGHT_BIT
#endif
#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
# define CONFIG_HEADER_RC4_LOCL_H
/*
* if this is defined data[i] is used instead of *data, this is a %20 speedup
* on x86
*/
# undef RC4_INDEX
#endif
#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
# define CONFIG_HEADER_BF_LOCL_H
# define BF_PTR
#endif /* HEADER_BF_LOCL_H */
#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
# define CONFIG_HEADER_DES_LOCL_H
/*
* the following is tweaked from a config script, that is why it is a
* protected undef/define
*/
# ifndef DES_PTR
# define DES_PTR
# endif
/*
* This helps C compiler generate the correct code for multiple functional
* units. It reduces register dependancies at the expense of 2 more
* registers
*/
# ifndef DES_RISC1
# define DES_RISC1
# endif
# ifndef DES_RISC2
# undef DES_RISC2
# endif
# if defined(DES_RISC1) && defined(DES_RISC2)
YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED ! !!!!
# endif
/*
* Unroll the inner loop, this sometimes helps, sometimes hinders. Very mucy
* CPU dependant
*/
# ifndef DES_UNROLL
# define DES_UNROLL
# endif
#endif /* HEADER_DES_LOCL_H */
#ifndef __POWERPC__
# define MD32_XARRAY
#endif

9465
deps/openssl/openssl/Makefile vendored
View file

File diff suppressed because one or more lines are too long

692
deps/openssl/openssl/Makefile.bak vendored
View file

@ -1,692 +0,0 @@
### Generated automatically from Makefile.org by Configure.
##
## Makefile for OpenSSL
##
VERSION=1.0.2o
MAJOR=1
MINOR=0.2
SHLIB_VERSION_NUMBER=1.0.0
SHLIB_VERSION_HISTORY=
SHLIB_MAJOR=1
SHLIB_MINOR=0.0
SHLIB_EXT=.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
PLATFORM=linux-x86_64
OPTIONS=-Wa,--noexecstack no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-libunbound no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-ssl-trace no-ssl2 no-store no-unit-test no-weak-ssl-ciphers no-zlib no-zlib-dynamic static-engine
CONFIGURE_ARGS=linux-x86_64 -Wa,--noexecstack
SHLIB_TARGET=linux-shared
# HERE indicates where this Makefile lives. This can be used to indicate
# where sub-Makefiles are expected to be. Currently has very limited usage,
# and should probably not be bothered with at all.
HERE=.
# INSTALL_PREFIX is for package builders so that they can configure
# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
# Normally it is left empty.
INSTALL_PREFIX=
INSTALLTOP=/usr/local/ssl
# Do not edit this manually. Use Configure --openssldir=DIR do change this!
OPENSSLDIR=/usr/local/ssl
# NO_IDEA - Define to build without the IDEA algorithm
# NO_RC4 - Define to build without the RC4 algorithm
# NO_RC2 - Define to build without the RC2 algorithm
# THREADS - Define when building with threads, you will probably also need any
# system defines as well, i.e. _REENTERANT for Solaris 2.[34]
# TERMIO - Define the termio terminal subsystem, needed if sgtty is missing.
# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
# DEVRANDOM - Give this the value of the 'random device' if your OS supports
# one. 32 bytes will be read from this when the random
# number generator is initalised.
# SSL_FORBID_ENULL - define if you want the server to be not able to use the
# NULL encryption ciphers.
#
# LOCK_DEBUG - turns on lots of lock debug output :-)
# REF_CHECK - turn on some xyz_free() assertions.
# REF_PRINT - prints some stuff on structure free.
# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff
# MFUNC - Make all Malloc/Free/Realloc calls call
# CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
# call application defined callbacks via CRYPTO_set_mem_functions()
# MD5_ASM needs to be defined to use the x86 assembler for MD5
# SHA1_ASM needs to be defined to use the x86 assembler for SHA1
# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160
# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8. It must
# equal 4.
# PKCS1_CHECK - pkcs1 tests.
CC= gcc
CFLAG= -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_LIBUNBOUND -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS
PEX_LIBS=
EX_LIBS= -ldl
EXE_EXT=
ARFLAGS=
AR= ar $(ARFLAGS) r
RANLIB= /usr/bin/ranlib
RC= windres
NM= nm
PERL= /usr/bin/perl
TAR= tar
TARFLAGS= --no-recursion
MAKEDEPPROG= gcc
LIBDIR=lib
# We let the C compiler driver to take care of .s files. This is done in
# order to be excused from maintaining a separate set of architecture
# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
# gcc, then the driver will automatically translate it to -xarch=v8plus
# and pass it down to assembler.
AS=$(CC) -c
ASFLAG=$(CFLAG)
# For x86 assembler: Set PROCESSOR to 386 if you want to support
# the 80386.
PROCESSOR=
# CPUID module collects small commonly used assembler snippets
CPUID_OBJ= x86_64cpuid.o
BN_ASM= x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o
EC_ASM= ecp_nistz256.o ecp_nistz256-x86_64.o
DES_ENC= des_enc.o fcrypt_b.o
AES_ENC= aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o
BF_ENC= bf_enc.o
CAST_ENC= c_enc.o
RC4_ENC= rc4-x86_64.o rc4-md5-x86_64.o
RC5_ENC= rc5_enc.o
MD5_ASM_OBJ= md5-x86_64.o
SHA1_ASM_OBJ= sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o
RMD160_ASM_OBJ=
WP_ASM_OBJ= wp-x86_64.o
CMLL_ENC= cmll-x86_64.o cmll_misc.o
MODES_ASM_OBJ= ghash-x86_64.o aesni-gcm-x86_64.o
ENGINES_ASM_OBJ=
PERLASM_SCHEME= elf
# KRB5 stuff
KRB5_INCLUDES=
LIBKRB5=
# Zlib stuff
ZLIB_INCLUDE=
LIBZLIB=
# TOP level FIPS install directory.
FIPSDIR=/usr/local/ssl/fips-2.0
# This is the location of fipscanister.o and friends.
# The FIPS module build will place it $(INSTALLTOP)/lib
# but since $(INSTALLTOP) can only take the default value
# when the module is built it will be in /usr/local/ssl/lib
# $(INSTALLTOP) for this build may be different so hard
# code the path.
FIPSLIBDIR=
# The location of the library which contains fipscanister.o
# normally it will be libcrypto unless fipsdso is set in which
# case it will be libfips. If not compiling in FIPS mode at all
# this is empty making it a useful test for a FIPS compile.
FIPSCANLIB=
# Shared library base address. Currently only used on Windows.
#
BASEADDR=0xFB00000
DIRS= crypto ssl engines apps test tools
ENGDIRS= ccgost
SHLIBDIRS= crypto ssl
# dirs in crypto to build
SDIRS= \
objects \
md4 md5 sha mdc2 hmac ripemd whrlpool \
des aes rc2 rc4 idea bf cast camellia seed modes \
bn ec rsa dsa ecdsa dh ecdh dso engine \
buffer bio stack lhash rand err \
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
cms pqueue ts srp cmac
# keep in mind that the above list is adjusted by ./Configure
# according to no-xxx arguments...
# tests to perform. "alltests" is a special word indicating that all tests
# should be performed.
TESTS = alltests
MAKEFILE= Makefile
MANDIR=$(OPENSSLDIR)/man
MAN1=1
MAN3=3
MANSUFFIX=
HTMLSUFFIX=html
HTMLDIR=$(OPENSSLDIR)/html
SHELL=/bin/sh
TOP= .
ONEDIRS=out tmp
EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS
WDIRS= windows
LIBS= libcrypto.a libssl.a
SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
SHARED_SSL=libssl$(SHLIB_EXT)
SHARED_LIBS=
SHARED_LIBS_LINK_EXTS=.so.$(SHLIB_MAJOR) .so
SHARED_LDFLAGS=-m64
GENERAL= Makefile
BASENAME= openssl
NAME= $(BASENAME)-$(VERSION)
TARFILE= ../$(NAME).tar
EXHEADER= e_os2.h
HEADER= e_os.h
all: Makefile build_all
# as we stick to -e, CLEARENV ensures that local variables in lower
# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
# shell, which [annoyingly enough] terminates unset with error if VAR
# is not present:-( TOP= && unset TOP is tribute to HP-UX /bin/sh,
# which terminates unset with error if no variable was present:-(
CLEARENV= TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS} \
$${INCLUDE+INCLUDE} $${INCLUDES+INCLUDES} \
$${DIR+DIR} $${DIRS+DIRS} $${SRC+SRC} \
$${LIBSRC+LIBSRC} $${LIBOBJ+LIBOBJ} $${ALL+ALL} \
$${EXHEADER+EXHEADER} $${HEADER+HEADER} \
$${GENERAL+GENERAL} $${CFLAGS+CFLAGS} \
$${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS} \
$${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} $${SCRIPTS+SCRIPTS} \
$${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \
$${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS} \
$${APPS+APPS}
# LC_ALL=C ensures that error [and other] messages are delivered in
# same language for uniform treatment.
BUILDENV= LC_ALL=C PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)'\
CC='$(CC)' CFLAG='$(CFLAG)' \
AS='$(CC)' ASFLAG='$(CFLAG) -c' \
AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)' \
RC='$(RC)' \
CROSS_COMPILE='$(CROSS_COMPILE)' \
PERL='$(PERL)' ENGDIRS='$(ENGDIRS)' \
SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/$(LIBDIR)' \
INSTALL_PREFIX='$(INSTALL_PREFIX)' \
INSTALLTOP='$(INSTALLTOP)' OPENSSLDIR='$(OPENSSLDIR)' \
LIBDIR='$(LIBDIR)' \
MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD $(MAKEDEPPROG)' \
DEPFLAG='-DOPENSSL_NO_DEPRECATED $(DEPFLAG)' \
MAKEDEPPROG='$(MAKEDEPPROG)' \
SHARED_LDFLAGS='$(SHARED_LDFLAGS)' \
KRB5_INCLUDES='$(KRB5_INCLUDES)' LIBKRB5='$(LIBKRB5)' \
ZLIB_INCLUDE='$(ZLIB_INCLUDE)' LIBZLIB='$(LIBZLIB)' \
EXE_EXT='$(EXE_EXT)' SHARED_LIBS='$(SHARED_LIBS)' \
SHLIB_EXT='$(SHLIB_EXT)' SHLIB_TARGET='$(SHLIB_TARGET)' \
PEX_LIBS='$(PEX_LIBS)' EX_LIBS='$(EX_LIBS)' \
CPUID_OBJ='$(CPUID_OBJ)' BN_ASM='$(BN_ASM)' \
EC_ASM='$(EC_ASM)' DES_ENC='$(DES_ENC)' \
AES_ENC='$(AES_ENC)' CMLL_ENC='$(CMLL_ENC)' \
BF_ENC='$(BF_ENC)' CAST_ENC='$(CAST_ENC)' \
RC4_ENC='$(RC4_ENC)' RC5_ENC='$(RC5_ENC)' \
SHA1_ASM_OBJ='$(SHA1_ASM_OBJ)' \
MD5_ASM_OBJ='$(MD5_ASM_OBJ)' \
RMD160_ASM_OBJ='$(RMD160_ASM_OBJ)' \
WP_ASM_OBJ='$(WP_ASM_OBJ)' \
MODES_ASM_OBJ='$(MODES_ASM_OBJ)' \
ENGINES_ASM_OBJ='$(ENGINES_ASM_OBJ)' \
PERLASM_SCHEME='$(PERLASM_SCHEME)' \
FIPSLIBDIR='${FIPSLIBDIR}' \
FIPSDIR='${FIPSDIR}' \
FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \
THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
# which in turn eliminates ambiguities in variable treatment with -e.
# BUILD_CMD is a generic macro to build a given target in a given
# subdirectory. The target must be given through the shell variable
# `target' and the subdirectory to build in must be given through `dir'.
# This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or
# BUILD_ONE_CMD instead.
#
# BUILD_ONE_CMD is a macro to build a given target in a given
# subdirectory if that subdirectory is part of $(DIRS). It requires
# exactly the same shell variables as BUILD_CMD.
#
# RECURSIVE_BUILD_CMD is a macro to build a given target in all
# subdirectories defined in $(DIRS). It requires that the target
# is given through the shell variable `target'.
BUILD_CMD= if [ -d "$$dir" ]; then \
( cd $$dir && echo "making $$target in $$dir..." && \
$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \
) || exit 1; \
fi
RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done
BUILD_ONE_CMD=\
if expr " $(DIRS) " : ".* $$dir " >/dev/null 2>&1; then \
$(BUILD_CMD); \
fi
reflect:
@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
sub_all: build_all
build_all: build_libs build_apps build_tests build_tools
build_libs: build_libcrypto build_libssl openssl.pc
build_libcrypto: build_crypto build_engines libcrypto.pc
build_libssl: build_ssl libssl.pc
build_crypto:
@dir=crypto; target=all; $(BUILD_ONE_CMD)
build_ssl: build_crypto
@dir=ssl; target=all; $(BUILD_ONE_CMD)
build_engines: build_crypto
@dir=engines; target=all; $(BUILD_ONE_CMD)
build_apps: build_libs
@dir=apps; target=all; $(BUILD_ONE_CMD)
build_tests: build_libs
@dir=test; target=all; $(BUILD_ONE_CMD)
build_tools: build_libs
@dir=tools; target=all; $(BUILD_ONE_CMD)
all_testapps: build_libs build_testapps
build_testapps:
@dir=crypto; target=testapps; $(BUILD_ONE_CMD)
fips_premain_dso$(EXE_EXT): libcrypto.a
[ -z "$(FIPSCANLIB)" ] || $(CC) $(CFLAG) -Iinclude \
-DFINGERPRINT_PREMAIN_DSO_LOAD -o $@ \
$(FIPSLIBDIR)fips_premain.c $(FIPSLIBDIR)fipscanister.o \
libcrypto.a $(EX_LIBS)
libcrypto$(SHLIB_EXT): libcrypto.a fips_premain_dso$(EXE_EXT)
@if [ "$(SHLIB_TARGET)" != "" ]; then \
if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \
FIPSLD_LIBCRYPTO=libcrypto.a ; \
FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \
export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \
fi; \
$(MAKE) -e SHLIBDIRS=crypto CC="$${CC:-$(CC)}" build-shared && \
(touch -c fips_premain_dso$(EXE_EXT) || :); \
else \
echo "There's no support for shared libraries on this platform" >&2; \
exit 1; \
fi
libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
@if [ "$(SHLIB_TARGET)" != "" ]; then \
$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
else \
echo "There's no support for shared libraries on this platform" >&2; \
exit 1; \
fi
clean-shared:
@set -e; for i in $(SHLIBDIRS); do \
if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
tmp="$(SHARED_LIBS_LINK_EXTS)"; \
for j in $${tmp:-x}; do \
( set -x; rm -f lib$$i$$j ); \
done; \
fi; \
( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
fi; \
done
link-shared:
@ set -e; for i in $(SHLIBDIRS); do \
$(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
symlink.$(SHLIB_TARGET); \
libs="$$libs -l$$i"; \
done
build-shared: do_$(SHLIB_TARGET) link-shared
do_$(SHLIB_TARGET):
@ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \
if [ "$$i" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
$(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
LIBDEPS="$$libs $(EX_LIBS)" \
link_a.$(SHLIB_TARGET); \
libs="-l$$i $$libs"; \
done
libcrypto.pc: Makefile
@ ( echo 'prefix=$(INSTALLTOP)'; \
echo 'exec_prefix=$${prefix}'; \
echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
echo 'includedir=$${prefix}/include'; \
echo 'enginesdir=$${libdir}/engines'; \
echo ''; \
echo 'Name: OpenSSL-libcrypto'; \
echo 'Description: OpenSSL cryptography library'; \
echo 'Version: '$(VERSION); \
echo 'Requires: '; \
echo 'Libs: -L$${libdir} -lcrypto'; \
echo 'Libs.private: $(EX_LIBS)'; \
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc
libssl.pc: Makefile
@ ( echo 'prefix=$(INSTALLTOP)'; \
echo 'exec_prefix=$${prefix}'; \
echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
echo 'includedir=$${prefix}/include'; \
echo ''; \
echo 'Name: OpenSSL-libssl'; \
echo 'Description: Secure Sockets Layer and cryptography libraries'; \
echo 'Version: '$(VERSION); \
echo 'Requires.private: libcrypto'; \
echo 'Libs: -L$${libdir} -lssl'; \
echo 'Libs.private: $(EX_LIBS)'; \
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
openssl.pc: Makefile
@ ( echo 'prefix=$(INSTALLTOP)'; \
echo 'exec_prefix=$${prefix}'; \
echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
echo 'includedir=$${prefix}/include'; \
echo ''; \
echo 'Name: OpenSSL'; \
echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
echo 'Version: '$(VERSION); \
echo 'Requires: libssl libcrypto' ) > openssl.pc
Makefile: Makefile.org Configure config
@echo "Makefile is older than Makefile.org, Configure or config."
@echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
@false
libclean:
rm -f *.map *.so *.so.* *.dylib *.dll engines/*.so engines/*.dll engines/*.dylib *.a engines/*.a */lib */*/lib
clean: libclean
rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c
@set -e; target=clean; $(RECURSIVE_BUILD_CMD)
rm -f $(LIBS)
rm -f openssl.pc libssl.pc libcrypto.pc
rm -f speed.* .pure
rm -f $(TARFILE)
@set -e; for i in $(ONEDIRS) ;\
do \
rm -fr $$i/*; \
done
distclean: clean
-$(RM) `find . -name .git -prune -o -type l -print`
$(RM) apps/CA.pl
$(RM) test/evptests.txt test/newkey.pem test/testkey.pem test/testreq.pem
$(RM) tools/c_rehash
$(RM) crypto/opensslconf.h
$(RM) Makefile Makefile.bak
makefile.one: files
$(PERL) util/mk1mf.pl >makefile.one; \
sh util/do_ms.sh
files:
$(PERL) $(TOP)/util/files.pl Makefile > $(TOP)/MINFO
@set -e; target=files; $(RECURSIVE_BUILD_CMD)
links:
@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
@set -e; target=links; $(RECURSIVE_BUILD_CMD)
gentests:
@(cd test && echo "generating dummy tests (if needed)..." && \
$(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on generate );
dclean:
rm -rf *.bak include/openssl certs/.0
@set -e; target=dclean; $(RECURSIVE_BUILD_CMD)
rehash: rehash.time
rehash.time: certs apps
@if [ -z "$(CROSS_COMPILE)" ]; then \
(OPENSSL="`pwd`/util/opensslwrap.sh"; \
[ -x "apps/openssl.exe" ] && OPENSSL="apps/openssl.exe" || :; \
OPENSSL_DEBUG_MEMORY=on; \
export OPENSSL OPENSSL_DEBUG_MEMORY; \
$(PERL) tools/c_rehash certs/demo) && \
touch rehash.time; \
else :; fi
test: tests
tests: rehash
@(cd test && echo "testing..." && \
$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf tests );
OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a
report:
@$(PERL) util/selftest.pl
update: errors stacks util/libeay.num util/ssleay.num TABLE
@set -e; target=update; $(RECURSIVE_BUILD_CMD)
depend:
@set -e; target=depend; $(RECURSIVE_BUILD_CMD)
lint:
@set -e; target=lint; $(RECURSIVE_BUILD_CMD)
tags:
rm -f TAGS
find . -name '[^.]*.[ch]' | xargs etags -a
errors:
$(PERL) util/ck_errf.pl -strict */*.c */*/*.c
$(PERL) util/mkerr.pl -recurse -write
(cd engines; $(MAKE) PERL=$(PERL) errors)
stacks:
$(PERL) util/mkstack.pl -write
util/libeay.num::
$(PERL) util/mkdef.pl crypto update
util/ssleay.num::
$(PERL) util/mkdef.pl ssl update
TABLE: Configure
(echo 'Output of `Configure TABLE'"':"; \
$(PERL) Configure TABLE) > TABLE
# Build distribution tar-file. As the list of files returned by "find" is
# pretty long, on several platforms a "too many arguments" error or similar
# would occur. Therefore the list of files is temporarily stored into a file
# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
# tar does not support the --files-from option.
TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \
--owner 0 --group 0 \
--transform 's|^|$(NAME)/|' \
-cvf -
$(TARFILE).list:
find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \
\! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \
\( \! -name '*test' -o -name bctest -o -name pod2mantest \) \
\! -name '.#*' \! -name '*~' \! -type l \
| sort > $(TARFILE).list
tar: $(TARFILE).list
find . -type d -print | xargs chmod 755
find . -type f -print | xargs chmod a+r
find . -type f -perm -0100 -print | xargs chmod a+x
$(TAR_COMMAND) | gzip --best > $(TARFILE).gz
rm -f $(TARFILE).list
ls -l $(TARFILE).gz
tar-snap: $(TARFILE).list
$(TAR_COMMAND) > $(TARFILE)
rm -f $(TARFILE).list
ls -l $(TARFILE)
dist:
$(PERL) Configure dist
@$(MAKE) SDIRS='$(SDIRS)' clean
@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
install: all install_docs install_sw
install_sw:
@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \
$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
$(INSTALL_PREFIX)$(OPENSSLDIR)/private
@set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done;
@set -e; target=install; $(RECURSIVE_BUILD_CMD)
@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
do \
if [ -f "$$i" ]; then \
( echo installing $$i; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \
fi; \
done;
@set -e; if [ -n "$(SHARED_LIBS)" ]; then \
tmp="$(SHARED_LIBS)"; \
for i in $${tmp:-x}; \
do \
if [ -f "$$i" -o -f "$$i.a" ]; then \
( echo installing $$i; \
if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
else \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
fi ); \
if expr $(PLATFORM) : 'mingw' > /dev/null; then \
( case $$i in \
*crypto*) i=libeay32.dll;; \
*ssl*) i=ssleay32.dll;; \
esac; \
echo installing $$i; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
fi; \
fi; \
done; \
( here="`pwd`"; \
cd $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR); \
$(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \
if [ "$(INSTALLTOP)" != "/usr" ]; then \
echo 'OpenSSL shared libraries have been installed in:'; \
echo ' $(INSTALLTOP)'; \
echo ''; \
sed -e '1,/^$$/d' doc/openssl-shared.txt; \
fi; \
fi
cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc
cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc
cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc
install_html_docs:
here="`pwd`"; \
filecase=; \
case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*|darwin*-*-cc) \
filecase=-i; \
esac; \
for subdir in apps crypto ssl; do \
mkdir -p $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \
for i in doc/$$subdir/*.pod; do \
fn=`basename $$i .pod`; \
echo "installing html/$$fn.$(HTMLSUFFIX)"; \
cat $$i \
| sed -r 's/L<([^)]*)(\([0-9]\))?\|([^)]*)(\([0-9]\))?>/L<\1|\3>/g' \
| pod2html --podroot=doc --htmlroot=.. --podpath=apps:crypto:ssl \
| sed -r 's/<!DOCTYPE.*//g' \
> $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir/$$fn.$(HTMLSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \
grep -v $$filecase "^$$fn\$$" | \
(cd $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \
while read n; do \
PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$(HTMLSUFFIX) "$$n".$(HTMLSUFFIX); \
done); \
done; \
done
install_docs:
@$(PERL) $(TOP)/util/mkdir-p.pl \
$(INSTALL_PREFIX)$(MANDIR)/man1 \
$(INSTALL_PREFIX)$(MANDIR)/man3 \
$(INSTALL_PREFIX)$(MANDIR)/man5 \
$(INSTALL_PREFIX)$(MANDIR)/man7
@pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
here="`pwd`"; \
filecase=; \
case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*|darwin*-*-cc) \
filecase=-i; \
esac; \
set -e; for i in doc/apps/*.pod; do \
fn=`basename $$i .pod`; \
sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
(cd `$(PERL) util/dirname.pl $$i`; \
sh -c "$$pod2man \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \
(grep -v $$filecase "^$$fn\$$"; true) | \
(grep -v "[ ]"; true) | \
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
while read n; do \
PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
done); \
done; \
set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \
fn=`basename $$i .pod`; \
sec=`$(PERL) util/extract-section.pl 3 < $$i`; \
echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
(cd `$(PERL) util/dirname.pl $$i`; \
sh -c "$$pod2man \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \
(grep -v $$filecase "^$$fn\$$"; true) | \
(grep -v "[ ]"; true) | \
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
while read n; do \
PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
done); \
done
# DO NOT DELETE THIS LINE -- make depend depends on it.

690
deps/openssl/openssl/Makefile.org vendored
View file

@ -1,690 +0,0 @@
##
## Makefile for OpenSSL
##
VERSION=
MAJOR=
MINOR=
SHLIB_VERSION_NUMBER=
SHLIB_VERSION_HISTORY=
SHLIB_MAJOR=
SHLIB_MINOR=
SHLIB_EXT=
PLATFORM=dist
OPTIONS=
CONFIGURE_ARGS=
SHLIB_TARGET=
# HERE indicates where this Makefile lives. This can be used to indicate
# where sub-Makefiles are expected to be. Currently has very limited usage,
# and should probably not be bothered with at all.
HERE=.
# INSTALL_PREFIX is for package builders so that they can configure
# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
# Normally it is left empty.
INSTALL_PREFIX=
INSTALLTOP=/usr/local/ssl
# Do not edit this manually. Use Configure --openssldir=DIR do change this!
OPENSSLDIR=/usr/local/ssl
# NO_IDEA - Define to build without the IDEA algorithm
# NO_RC4 - Define to build without the RC4 algorithm
# NO_RC2 - Define to build without the RC2 algorithm
# THREADS - Define when building with threads, you will probably also need any
# system defines as well, i.e. _REENTERANT for Solaris 2.[34]
# TERMIO - Define the termio terminal subsystem, needed if sgtty is missing.
# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
# DEVRANDOM - Give this the value of the 'random device' if your OS supports
# one. 32 bytes will be read from this when the random
# number generator is initalised.
# SSL_FORBID_ENULL - define if you want the server to be not able to use the
# NULL encryption ciphers.
#
# LOCK_DEBUG - turns on lots of lock debug output :-)
# REF_CHECK - turn on some xyz_free() assertions.
# REF_PRINT - prints some stuff on structure free.
# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff
# MFUNC - Make all Malloc/Free/Realloc calls call
# CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
# call application defined callbacks via CRYPTO_set_mem_functions()
# MD5_ASM needs to be defined to use the x86 assembler for MD5
# SHA1_ASM needs to be defined to use the x86 assembler for SHA1
# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160
# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8. It must
# equal 4.
# PKCS1_CHECK - pkcs1 tests.
CC= cc
CFLAG= -O
DEPFLAG=
PEX_LIBS=
EX_LIBS=
EXE_EXT=
ARFLAGS=
AR=ar $(ARFLAGS) r
RANLIB= ranlib
RC= windres
NM= nm
PERL= perl
TAR= tar
TARFLAGS= --no-recursion
MAKEDEPPROG=makedepend
LIBDIR=lib
# We let the C compiler driver to take care of .s files. This is done in
# order to be excused from maintaining a separate set of architecture
# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
# gcc, then the driver will automatically translate it to -xarch=v8plus
# and pass it down to assembler.
AS=$(CC) -c
ASFLAG=$(CFLAG)
# For x86 assembler: Set PROCESSOR to 386 if you want to support
# the 80386.
PROCESSOR=
# CPUID module collects small commonly used assembler snippets
CPUID_OBJ=
BN_ASM= bn_asm.o
EC_ASM=
DES_ENC= des_enc.o fcrypt_b.o
AES_ENC= aes_core.o aes_cbc.o
BF_ENC= bf_enc.o
CAST_ENC= c_enc.o
RC4_ENC= rc4_enc.o
RC5_ENC= rc5_enc.o
MD5_ASM_OBJ=
SHA1_ASM_OBJ=
RMD160_ASM_OBJ=
WP_ASM_OBJ=
CMLL_ENC=
MODES_ASM_OBJ=
ENGINES_ASM_OBJ=
PERLASM_SCHEME=
# KRB5 stuff
KRB5_INCLUDES=
LIBKRB5=
# Zlib stuff
ZLIB_INCLUDE=
LIBZLIB=
# TOP level FIPS install directory.
FIPSDIR=
# This is the location of fipscanister.o and friends.
# The FIPS module build will place it $(INSTALLTOP)/lib
# but since $(INSTALLTOP) can only take the default value
# when the module is built it will be in /usr/local/ssl/lib
# $(INSTALLTOP) for this build may be different so hard
# code the path.
FIPSLIBDIR=
# The location of the library which contains fipscanister.o
# normally it will be libcrypto unless fipsdso is set in which
# case it will be libfips. If not compiling in FIPS mode at all
# this is empty making it a useful test for a FIPS compile.
FIPSCANLIB=
# Shared library base address. Currently only used on Windows.
#
BASEADDR=
DIRS= crypto ssl engines apps test tools
ENGDIRS= ccgost
SHLIBDIRS= crypto ssl
# dirs in crypto to build
SDIRS= \
objects \
md2 md4 md5 sha mdc2 hmac ripemd whrlpool \
des aes rc2 rc4 rc5 idea bf cast camellia seed modes \
bn ec rsa dsa ecdsa dh ecdh dso engine \
buffer bio stack lhash rand err \
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
cms pqueue ts jpake srp store cmac
# keep in mind that the above list is adjusted by ./Configure
# according to no-xxx arguments...
# tests to perform. "alltests" is a special word indicating that all tests
# should be performed.
TESTS = alltests
MAKEFILE= Makefile
MANDIR=$(OPENSSLDIR)/man
MAN1=1
MAN3=3
MANSUFFIX=
HTMLSUFFIX=html
HTMLDIR=$(OPENSSLDIR)/html
SHELL=/bin/sh
TOP= .
ONEDIRS=out tmp
EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS
WDIRS= windows
LIBS= libcrypto.a libssl.a
SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
SHARED_SSL=libssl$(SHLIB_EXT)
SHARED_LIBS=
SHARED_LIBS_LINK_EXTS=
SHARED_LDFLAGS=
GENERAL= Makefile
BASENAME= openssl
NAME= $(BASENAME)-$(VERSION)
TARFILE= ../$(NAME).tar
EXHEADER= e_os2.h
HEADER= e_os.h
all: Makefile build_all
# as we stick to -e, CLEARENV ensures that local variables in lower
# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
# shell, which [annoyingly enough] terminates unset with error if VAR
# is not present:-( TOP= && unset TOP is tribute to HP-UX /bin/sh,
# which terminates unset with error if no variable was present:-(
CLEARENV= TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS} \
$${INCLUDE+INCLUDE} $${INCLUDES+INCLUDES} \
$${DIR+DIR} $${DIRS+DIRS} $${SRC+SRC} \
$${LIBSRC+LIBSRC} $${LIBOBJ+LIBOBJ} $${ALL+ALL} \
$${EXHEADER+EXHEADER} $${HEADER+HEADER} \
$${GENERAL+GENERAL} $${CFLAGS+CFLAGS} \
$${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS} \
$${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} $${SCRIPTS+SCRIPTS} \
$${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \
$${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS} \
$${APPS+APPS}
# LC_ALL=C ensures that error [and other] messages are delivered in
# same language for uniform treatment.
BUILDENV= LC_ALL=C PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)'\
CC='$(CC)' CFLAG='$(CFLAG)' \
AS='$(CC)' ASFLAG='$(CFLAG) -c' \
AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)' \
RC='$(RC)' \
CROSS_COMPILE='$(CROSS_COMPILE)' \
PERL='$(PERL)' ENGDIRS='$(ENGDIRS)' \
SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/$(LIBDIR)' \
INSTALL_PREFIX='$(INSTALL_PREFIX)' \
INSTALLTOP='$(INSTALLTOP)' OPENSSLDIR='$(OPENSSLDIR)' \
LIBDIR='$(LIBDIR)' \
MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD $(MAKEDEPPROG)' \
DEPFLAG='-DOPENSSL_NO_DEPRECATED $(DEPFLAG)' \
MAKEDEPPROG='$(MAKEDEPPROG)' \
SHARED_LDFLAGS='$(SHARED_LDFLAGS)' \
KRB5_INCLUDES='$(KRB5_INCLUDES)' LIBKRB5='$(LIBKRB5)' \
ZLIB_INCLUDE='$(ZLIB_INCLUDE)' LIBZLIB='$(LIBZLIB)' \
EXE_EXT='$(EXE_EXT)' SHARED_LIBS='$(SHARED_LIBS)' \
SHLIB_EXT='$(SHLIB_EXT)' SHLIB_TARGET='$(SHLIB_TARGET)' \
PEX_LIBS='$(PEX_LIBS)' EX_LIBS='$(EX_LIBS)' \
CPUID_OBJ='$(CPUID_OBJ)' BN_ASM='$(BN_ASM)' \
EC_ASM='$(EC_ASM)' DES_ENC='$(DES_ENC)' \
AES_ENC='$(AES_ENC)' CMLL_ENC='$(CMLL_ENC)' \
BF_ENC='$(BF_ENC)' CAST_ENC='$(CAST_ENC)' \
RC4_ENC='$(RC4_ENC)' RC5_ENC='$(RC5_ENC)' \
SHA1_ASM_OBJ='$(SHA1_ASM_OBJ)' \
MD5_ASM_OBJ='$(MD5_ASM_OBJ)' \
RMD160_ASM_OBJ='$(RMD160_ASM_OBJ)' \
WP_ASM_OBJ='$(WP_ASM_OBJ)' \
MODES_ASM_OBJ='$(MODES_ASM_OBJ)' \
ENGINES_ASM_OBJ='$(ENGINES_ASM_OBJ)' \
PERLASM_SCHEME='$(PERLASM_SCHEME)' \
FIPSLIBDIR='${FIPSLIBDIR}' \
FIPSDIR='${FIPSDIR}' \
FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \
THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
# which in turn eliminates ambiguities in variable treatment with -e.
# BUILD_CMD is a generic macro to build a given target in a given
# subdirectory. The target must be given through the shell variable
# `target' and the subdirectory to build in must be given through `dir'.
# This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or
# BUILD_ONE_CMD instead.
#
# BUILD_ONE_CMD is a macro to build a given target in a given
# subdirectory if that subdirectory is part of $(DIRS). It requires
# exactly the same shell variables as BUILD_CMD.
#
# RECURSIVE_BUILD_CMD is a macro to build a given target in all
# subdirectories defined in $(DIRS). It requires that the target
# is given through the shell variable `target'.
BUILD_CMD= if [ -d "$$dir" ]; then \
( cd $$dir && echo "making $$target in $$dir..." && \
$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \
) || exit 1; \
fi
RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done
BUILD_ONE_CMD=\
if expr " $(DIRS) " : ".* $$dir " >/dev/null 2>&1; then \
$(BUILD_CMD); \
fi
reflect:
@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
sub_all: build_all
build_all: build_libs build_apps build_tests build_tools
build_libs: build_libcrypto build_libssl openssl.pc
build_libcrypto: build_crypto build_engines libcrypto.pc
build_libssl: build_ssl libssl.pc
build_crypto:
@dir=crypto; target=all; $(BUILD_ONE_CMD)
build_ssl: build_crypto
@dir=ssl; target=all; $(BUILD_ONE_CMD)
build_engines: build_crypto
@dir=engines; target=all; $(BUILD_ONE_CMD)
build_apps: build_libs
@dir=apps; target=all; $(BUILD_ONE_CMD)
build_tests: build_libs
@dir=test; target=all; $(BUILD_ONE_CMD)
build_tools: build_libs
@dir=tools; target=all; $(BUILD_ONE_CMD)
all_testapps: build_libs build_testapps
build_testapps:
@dir=crypto; target=testapps; $(BUILD_ONE_CMD)
fips_premain_dso$(EXE_EXT): libcrypto.a
[ -z "$(FIPSCANLIB)" ] || $(CC) $(CFLAG) -Iinclude \
-DFINGERPRINT_PREMAIN_DSO_LOAD -o $@ \
$(FIPSLIBDIR)fips_premain.c $(FIPSLIBDIR)fipscanister.o \
libcrypto.a $(EX_LIBS)
libcrypto$(SHLIB_EXT): libcrypto.a fips_premain_dso$(EXE_EXT)
@if [ "$(SHLIB_TARGET)" != "" ]; then \
if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \
FIPSLD_LIBCRYPTO=libcrypto.a ; \
FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \
export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \
fi; \
$(MAKE) -e SHLIBDIRS=crypto CC="$${CC:-$(CC)}" build-shared && \
(touch -c fips_premain_dso$(EXE_EXT) || :); \
else \
echo "There's no support for shared libraries on this platform" >&2; \
exit 1; \
fi
libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
@if [ "$(SHLIB_TARGET)" != "" ]; then \
$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
else \
echo "There's no support for shared libraries on this platform" >&2; \
exit 1; \
fi
clean-shared:
@set -e; for i in $(SHLIBDIRS); do \
if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
tmp="$(SHARED_LIBS_LINK_EXTS)"; \
for j in $${tmp:-x}; do \
( set -x; rm -f lib$$i$$j ); \
done; \
fi; \
( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
fi; \
done
link-shared:
@ set -e; for i in $(SHLIBDIRS); do \
$(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
symlink.$(SHLIB_TARGET); \
libs="$$libs -l$$i"; \
done
build-shared: do_$(SHLIB_TARGET) link-shared
do_$(SHLIB_TARGET):
@ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \
if [ "$$i" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
$(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
LIBDEPS="$$libs $(EX_LIBS)" \
link_a.$(SHLIB_TARGET); \
libs="-l$$i $$libs"; \
done
libcrypto.pc: Makefile
@ ( echo 'prefix=$(INSTALLTOP)'; \
echo 'exec_prefix=$${prefix}'; \
echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
echo 'includedir=$${prefix}/include'; \
echo 'enginesdir=$${libdir}/engines'; \
echo ''; \
echo 'Name: OpenSSL-libcrypto'; \
echo 'Description: OpenSSL cryptography library'; \
echo 'Version: '$(VERSION); \
echo 'Requires: '; \
echo 'Libs: -L$${libdir} -lcrypto'; \
echo 'Libs.private: $(EX_LIBS)'; \
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc
libssl.pc: Makefile
@ ( echo 'prefix=$(INSTALLTOP)'; \
echo 'exec_prefix=$${prefix}'; \
echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
echo 'includedir=$${prefix}/include'; \
echo ''; \
echo 'Name: OpenSSL-libssl'; \
echo 'Description: Secure Sockets Layer and cryptography libraries'; \
echo 'Version: '$(VERSION); \
echo 'Requires.private: libcrypto'; \
echo 'Libs: -L$${libdir} -lssl'; \
echo 'Libs.private: $(EX_LIBS)'; \
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
openssl.pc: Makefile
@ ( echo 'prefix=$(INSTALLTOP)'; \
echo 'exec_prefix=$${prefix}'; \
echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
echo 'includedir=$${prefix}/include'; \
echo ''; \
echo 'Name: OpenSSL'; \
echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
echo 'Version: '$(VERSION); \
echo 'Requires: libssl libcrypto' ) > openssl.pc
Makefile: Makefile.org Configure config
@echo "Makefile is older than Makefile.org, Configure or config."
@echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
@false
libclean:
rm -f *.map *.so *.so.* *.dylib *.dll engines/*.so engines/*.dll engines/*.dylib *.a engines/*.a */lib */*/lib
clean: libclean
rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c
@set -e; target=clean; $(RECURSIVE_BUILD_CMD)
rm -f $(LIBS)
rm -f openssl.pc libssl.pc libcrypto.pc
rm -f speed.* .pure
rm -f $(TARFILE)
@set -e; for i in $(ONEDIRS) ;\
do \
rm -fr $$i/*; \
done
distclean: clean
-$(RM) `find . -name .git -prune -o -type l -print`
$(RM) apps/CA.pl
$(RM) test/evptests.txt test/newkey.pem test/testkey.pem test/testreq.pem
$(RM) tools/c_rehash
$(RM) crypto/opensslconf.h
$(RM) Makefile Makefile.bak
makefile.one: files
$(PERL) util/mk1mf.pl >makefile.one; \
sh util/do_ms.sh
files:
$(PERL) $(TOP)/util/files.pl Makefile > $(TOP)/MINFO
@set -e; target=files; $(RECURSIVE_BUILD_CMD)
links:
@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
@set -e; target=links; $(RECURSIVE_BUILD_CMD)
gentests:
@(cd test && echo "generating dummy tests (if needed)..." && \
$(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on generate );
dclean:
rm -rf *.bak include/openssl certs/.0
@set -e; target=dclean; $(RECURSIVE_BUILD_CMD)
rehash: rehash.time
rehash.time: certs apps
@if [ -z "$(CROSS_COMPILE)" ]; then \
(OPENSSL="`pwd`/util/opensslwrap.sh"; \
[ -x "apps/openssl.exe" ] && OPENSSL="apps/openssl.exe" || :; \
OPENSSL_DEBUG_MEMORY=on; \
export OPENSSL OPENSSL_DEBUG_MEMORY; \
$(PERL) tools/c_rehash certs/demo) && \
touch rehash.time; \
else :; fi
test: tests
tests: rehash
@(cd test && echo "testing..." && \
$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf tests );
OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a
report:
@$(PERL) util/selftest.pl
update: errors stacks util/libeay.num util/ssleay.num TABLE
@set -e; target=update; $(RECURSIVE_BUILD_CMD)
depend:
@set -e; target=depend; $(RECURSIVE_BUILD_CMD)
lint:
@set -e; target=lint; $(RECURSIVE_BUILD_CMD)
tags:
rm -f TAGS
find . -name '[^.]*.[ch]' | xargs etags -a
errors:
$(PERL) util/ck_errf.pl -strict */*.c */*/*.c
$(PERL) util/mkerr.pl -recurse -write
(cd engines; $(MAKE) PERL=$(PERL) errors)
stacks:
$(PERL) util/mkstack.pl -write
util/libeay.num::
$(PERL) util/mkdef.pl crypto update
util/ssleay.num::
$(PERL) util/mkdef.pl ssl update
TABLE: Configure
(echo 'Output of `Configure TABLE'"':"; \
$(PERL) Configure TABLE) > TABLE
# Build distribution tar-file. As the list of files returned by "find" is
# pretty long, on several platforms a "too many arguments" error or similar
# would occur. Therefore the list of files is temporarily stored into a file
# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
# tar does not support the --files-from option.
TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \
--owner 0 --group 0 \
--transform 's|^|$(NAME)/|' \
-cvf -
$(TARFILE).list:
find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \
\! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \
\( \! -name '*test' -o -name bctest -o -name pod2mantest \) \
\! -name '.#*' \! -name '*~' \! -type l \
| sort > $(TARFILE).list
tar: $(TARFILE).list
find . -type d -print | xargs chmod 755
find . -type f -print | xargs chmod a+r
find . -type f -perm -0100 -print | xargs chmod a+x
$(TAR_COMMAND) | gzip --best > $(TARFILE).gz
rm -f $(TARFILE).list
ls -l $(TARFILE).gz
tar-snap: $(TARFILE).list
$(TAR_COMMAND) > $(TARFILE)
rm -f $(TARFILE).list
ls -l $(TARFILE)
dist:
$(PERL) Configure dist
@$(MAKE) SDIRS='$(SDIRS)' clean
@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
install: all install_docs install_sw
install_sw:
@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \
$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
$(INSTALL_PREFIX)$(OPENSSLDIR)/private
@set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done;
@set -e; target=install; $(RECURSIVE_BUILD_CMD)
@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
do \
if [ -f "$$i" ]; then \
( echo installing $$i; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \
fi; \
done;
@set -e; if [ -n "$(SHARED_LIBS)" ]; then \
tmp="$(SHARED_LIBS)"; \
for i in $${tmp:-x}; \
do \
if [ -f "$$i" -o -f "$$i.a" ]; then \
( echo installing $$i; \
if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
else \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
fi ); \
if expr $(PLATFORM) : 'mingw' > /dev/null; then \
( case $$i in \
*crypto*) i=libeay32.dll;; \
*ssl*) i=ssleay32.dll;; \
esac; \
echo installing $$i; \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
fi; \
fi; \
done; \
( here="`pwd`"; \
cd $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR); \
$(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \
if [ "$(INSTALLTOP)" != "/usr" ]; then \
echo 'OpenSSL shared libraries have been installed in:'; \
echo ' $(INSTALLTOP)'; \
echo ''; \
sed -e '1,/^$$/d' doc/openssl-shared.txt; \
fi; \
fi
cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc
cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc
cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc
install_html_docs:
here="`pwd`"; \
filecase=; \
case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*|darwin*-*-cc) \
filecase=-i; \
esac; \
for subdir in apps crypto ssl; do \
mkdir -p $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \
for i in doc/$$subdir/*.pod; do \
fn=`basename $$i .pod`; \
echo "installing html/$$fn.$(HTMLSUFFIX)"; \
cat $$i \
| sed -r 's/L<([^)]*)(\([0-9]\))?\|([^)]*)(\([0-9]\))?>/L<\1|\3>/g' \
| pod2html --podroot=doc --htmlroot=.. --podpath=apps:crypto:ssl \
| sed -r 's/<!DOCTYPE.*//g' \
> $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir/$$fn.$(HTMLSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \
grep -v $$filecase "^$$fn\$$" | \
(cd $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \
while read n; do \
PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$(HTMLSUFFIX) "$$n".$(HTMLSUFFIX); \
done); \
done; \
done
install_docs:
@$(PERL) $(TOP)/util/mkdir-p.pl \
$(INSTALL_PREFIX)$(MANDIR)/man1 \
$(INSTALL_PREFIX)$(MANDIR)/man3 \
$(INSTALL_PREFIX)$(MANDIR)/man5 \
$(INSTALL_PREFIX)$(MANDIR)/man7
@pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
here="`pwd`"; \
filecase=; \
case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*|darwin*-*-cc) \
filecase=-i; \
esac; \
set -e; for i in doc/apps/*.pod; do \
fn=`basename $$i .pod`; \
sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
(cd `$(PERL) util/dirname.pl $$i`; \
sh -c "$$pod2man \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \
(grep -v $$filecase "^$$fn\$$"; true) | \
(grep -v "[ ]"; true) | \
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
while read n; do \
PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
done); \
done; \
set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \
fn=`basename $$i .pod`; \
sec=`$(PERL) util/extract-section.pl 3 < $$i`; \
echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
(cd `$(PERL) util/dirname.pl $$i`; \
sh -c "$$pod2man \
--section=$$sec --center=OpenSSL \
--release=$(VERSION) `basename $$i`") \
> $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \
(grep -v $$filecase "^$$fn\$$"; true) | \
(grep -v "[ ]"; true) | \
(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
while read n; do \
PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
done); \
done
# DO NOT DELETE THIS LINE -- make depend depends on it.

652
deps/openssl/openssl/Makefile.shared vendored
View file

@ -11,8 +11,13 @@ CFLAGS=$(CFLAG)
# LDFLAGS contains flags to be used when temporary object files (when building
# shared libraries) are created, or when an application is linked.
# SHARED_LDFLAGS contains flags to be used when the shared library is created.
LDFLAGS=
SHARED_LDFLAGS=
LDFLAGS=$(LDFLAG)
SHARED_LDFLAGS=$(SHARED_LDFLAG)
RC=windres
# SHARED_RCFLAGS are flags used with windres, i.e. when build for Cygwin
# or Mingw.
SHARED_RCFLAGS=$(SHARED_RCFLAG)
NM=nm
@ -24,6 +29,37 @@ NM=nm
#LIBNAME=foo
LIBNAME=
# STLIBNAME contains the path of the static library to build the shared
# library from, for example:
#STLIBNAME=libfoo.a
STLIBNAME=
# On most Unix platforms, SHLIBNAME contains the path of the short name of
# the shared library to build, for example
#SHLIBNAME=libfoo.so
# On Windows POSIX layers (cygwin and mingw), SHLIBNAME contains the import
# library name for the shared library to be built, for example:
#SHLIBNAME=libfoo.dll.a
# SHLIBNAME_FULL contains the path of the full name of the shared library to
# build, for example:
#SHLIBNAME_FULL=libfoo.so.1.2
# When building DSOs, SHLIBNAME_FULL contains path of the full DSO name, for
# example:
#SHLIBNAME_FULL=dir/dso.so
SHLIBNAME_FULL=
# SHLIBVERSION contains the current version of the shared library (not to
# be confused with the project version)
#SHLIBVERSION=1.2
SHLIBVERSION=
# NOTE: to build shared libraries, LIBNAME, STLIBNAME, SHLIBNAME and
# SHLIBNAME_FULL MUST have values when using this makefile, and in some
# cases, SHLIBVERSION as well. To build DSOs, SHLIBNAME_FULL MUST have
# a value, the rest can be left alone.
# APPNAME contains just the name of the application, without suffix (""
# on Unix, ".exe" on Windows, ...). This one MUST have a value when using
# this makefile to build applications.
@ -31,6 +67,9 @@ LIBNAME=
#APPNAME=foo
APPNAME=
# SRCDIR is the top directory of the source tree.
SRCDIR=.
# OBJECTS contains all the object files to link together into the application.
# This must contain at least one object file.
#OBJECTS=foo.o
@ -40,28 +79,10 @@ OBJECTS=
# For example, if a second library, say libbar.a needs to be linked into
# libfoo.so, you need to do the following:
#LIBEXTRAS=libbar.a
# Note that this MUST be used when using the link_o targets, to hold the
# names of all object files that go into the target library.
# Note that this MUST be used when using the link_dso targets, to hold the
# names of all object files that go into the target shared object.
LIBEXTRAS=
# LIBVERSION contains the current version of the library.
# For example, to build libfoo.so.1.2, you need to do the following:
#LIBVERSION=1.2
LIBVERSION=
# LIBCOMPATVERSIONS contains the compatibility versions (a list) of
# the library. They MUST be in decreasing order.
# For example, if libfoo.so.1.2.1 is backward compatible with libfoo.so.1.2
# and libfoo.so.1, you need to do the following:
#LIBCOMPATVERSIONS=1.2 1
# Note that on systems that use sonames, the last number will appear as
# part of it.
# It's also possible, for systems that support it (Tru64, for example),
# to add extra compatibility info with more precision, by adding a second
# list of versions, separated from the first with a semicolon, like this:
#LIBCOMPATVERSIONS=1.2 1;1.2.0 1.1.2 1.1.1 1.1.0 1.0.0
LIBCOMPATVERSIONS=
# LIBDEPS contains all the flags necessary to cover all necessary
# dependencies to other libraries.
LIBDEPS=
@ -75,26 +96,14 @@ SET_X=:
top:
echo "Trying to use this makefile interactively? Don't."
CALC_VERSIONS= \
SHLIB_COMPAT=; SHLIB_SOVER=; \
if [ -n "$(LIBVERSION)$(LIBCOMPATVERSIONS)" ]; then \
prev=""; \
for v in `echo "$(LIBVERSION) $(LIBCOMPATVERSIONS)" | cut -d';' -f1`; do \
SHLIB_SOVER_NODOT=$$v; \
SHLIB_SOVER=.$$v; \
if [ -n "$$prev" ]; then \
SHLIB_COMPAT="$$SHLIB_COMPAT .$$prev"; \
fi; \
prev=$$v; \
done; \
fi
LINK_APP= \
( $(SET_X); \
LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$${LDFLAGS:-$(CFLAGS)}"; \
LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$${LDFLAGS:-$(CFLAGS) $(LDFLAGS)}"; \
LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
echo LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
$${LDCMD} $${LDFLAGS} -o $${APPNAME:=$(APPNAME)} $(OBJECTS) $${LIBDEPS}; \
LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
$${LDCMD} $${LDFLAGS} -o $${APPNAME:=$(APPNAME)} $(OBJECTS) $${LIBDEPS} )
@ -105,55 +114,54 @@ LINK_SO= \
SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
echo LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
$${SHAREDCMD} $${SHAREDFLAGS} \
-o $(SHLIBNAME_FULL) \
$$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS; \
LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
$${SHAREDCMD} $${SHAREDFLAGS} \
-o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
-o $(SHLIBNAME_FULL) \
$$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS \
) && $(SYMLINK_SO)
SYMLINK_SO= \
if [ -n "$$INHIBIT_SYMLINKS" ]; then :; else \
prev=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
if [ -n "$$SHLIB_COMPAT" ]; then \
for x in $$SHLIB_COMPAT; do \
( $(SET_X); rm -f $$SHLIB$$x$$SHLIB_SUFFIX; \
ln -s $$prev $$SHLIB$$x$$SHLIB_SUFFIX ); \
prev=$$SHLIB$$x$$SHLIB_SUFFIX; \
done; \
fi; \
if [ -n "$$SHLIB_SOVER" ]; then \
( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
if [ -n "$(SHLIBNAME_FULL)" -a -n "$(SHLIBNAME)" -a \
"$(SHLIBNAME_FULL)" != "$(SHLIBNAME)" ]; then \
( $(SET_X); \
rm -f $(SHLIBNAME); \
ln -s $(SHLIBNAME_FULL) $(SHLIBNAME) ); \
fi; \
fi
LINK_SO_A= SHOBJECTS="lib$(LIBNAME).a $(LIBEXTRAS)"; $(LINK_SO)
LINK_SO_O= SHOBJECTS="$(LIBEXTRAS)"; $(LINK_SO)
LINK_SO_SHLIB= SHOBJECTS="$(STLIBNAME) $(LIBEXTRAS)"; $(LINK_SO)
LINK_SO_DSO= INHIBIT_SYMLINKS=yes; SHOBJECTS="$(LIBEXTRAS)"; $(LINK_SO)
LINK_SO_A_VIA_O= \
SHOBJECTS=lib$(LIBNAME).o; \
LINK_SO_SHLIB_VIA_O= \
SHOBJECTS=$(STLIBNAME).o; \
ALL=$$ALLSYMSFLAGS; ALLSYMSFLAGS=; NOALLSYMSFLAGS=; \
( $(SET_X); \
ld $(LDFLAGS) -r -o lib$(LIBNAME).o $$ALL lib$(LIBNAME).a $(LIBEXTRAS) ); \
$(LINK_SO) && rm -f lib$(LIBNAME).o
( echo ld $(LDFLAGS) -r -o $$SHOBJECTS $$ALL $(STLIBNAME) $(LIBEXTRAS); \
ld $(LDFLAGS) -r -o $$SHOBJECTS $$ALL $(STLIBNAME) $(LIBEXTRAS) ); \
$(LINK_SO) && ( echo rm -f $$SHOBJECTS; rm -f $$SHOBJECTS )
LINK_SO_A_UNPACKED= \
LINK_SO_SHLIB_UNPACKED= \
UNPACKDIR=link_tmp.$$$$; rm -rf $$UNPACKDIR; mkdir $$UNPACKDIR; \
(cd $$UNPACKDIR; ar x ../lib$(LIBNAME).a) && \
(cd $$UNPACKDIR; ar x ../$(STLIBNAME)) && \
([ -z "$(LIBEXTRAS)" ] || cp $(LIBEXTRAS) $$UNPACKDIR) && \
SHOBJECTS=$$UNPACKDIR/*.o; \
$(LINK_SO) && rm -rf $$UNPACKDIR
DETECT_GNU_LD=($(CC) -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null
DO_GNU_SO=$(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
DO_GNU_SO_COMMON=\
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$(SHLIBNAME_FULL)"
DO_GNU_DSO=\
$(DO_GNU_SO_COMMON)
DO_GNU_SO=\
ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
$(DO_GNU_SO_COMMON)
DO_GNU_APP=LDFLAGS="$(CFLAGS) $(LDFLAGS)"
#This is rather special. It's a special target with which one can link
#applications without bothering with any features that have anything to
@ -163,54 +171,43 @@ DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
link_app.:
$(LINK_APP)
link_o.gnu:
@ $(DO_GNU_SO); $(LINK_SO_O)
link_a.gnu:
@ $(DO_GNU_SO); $(LINK_SO_A)
link_dso.gnu:
@ $(DO_GNU_DSO); $(LINK_SO_DSO)
link_shlib.gnu:
@ $(DO_GNU_SO); $(LINK_SO_SHLIB)
link_app.gnu:
@ $(DO_GNU_APP); $(LINK_APP)
DO_BEOS_SO= SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SUFFIX"
link_shlib.linux-shared:
@$(PERL) $(SRCDIR)/util/mkdef.pl $(LIBNAME) linux >$(LIBNAME).map; \
$(DO_GNU_SO); \
ALLSYMSFLAGS='-Wl,--whole-archive,--version-script=$(LIBNAME).map'; \
$(LINK_SO_SHLIB)
link_o.beos:
@ $(DO_BEOS_SO); $(LINK_SO_O)
link_a.beos:
@ $(DO_BEOS_SO); $(LINK_SO_A)
link_o.bsd:
link_dso.bsd:
@if $(DETECT_GNU_LD); then $(DO_GNU_DSO); else \
LIBDEPS=" "; \
ALLSYMSFLAGS=; \
NOALLSYMSFLAGS=; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -nostdlib"; \
fi; $(LINK_SO_DSO)
link_shlib.bsd:
@if $(DETECT_GNU_LD); then $(DO_GNU_SO); else \
$(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
LIBDEPS=" "; \
ALLSYMSFLAGS="-Wl,-Bforcearchive"; \
NOALLSYMSFLAGS=; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -nostdlib"; \
fi; $(LINK_SO_O)
link_a.bsd:
@if $(DETECT_GNU_LD); then $(DO_GNU_SO); else \
$(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
LIBDEPS=" "; \
ALLSYMSFLAGS="-Wl,-Bforcearchive"; \
NOALLSYMSFLAGS=; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -nostdlib"; \
fi; $(LINK_SO_A)
fi; $(LINK_SO_SHLIB)
link_app.bsd:
@if $(DETECT_GNU_LD); then $(DO_GNU_APP); else \
LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBPATH)"; \
LDFLAGS="$(CFLAGS) $(LDFLAGS)"; \
fi; $(LINK_APP)
# For Darwin AKA Mac OS/X (dyld)
# Originally link_o.darwin produced .so, because it was hard-coded
# Originally link_dso.darwin produced .so, because it was hard-coded
# in dso_dlfcn module. At later point dso_dlfcn switched to .dylib
# extension in order to allow for run-time linking with vendor-
# supplied shared libraries such as libz, so that link_o.darwin had
# supplied shared libraries such as libz, so that link_dso.darwin had
# to be harmonized with it. This caused minor controversy, because
# it was believed that dlopen can't be used to dynamically load
# .dylib-s, only so called bundle modules (ones linked with -bundle
@ -223,272 +220,182 @@ link_app.bsd:
# It works, because dlopen is [and always was] extension-agnostic.
# Alternative to this heuristic approach is to develop specific
# MacOS X dso module relying on whichever "native" dyld interface.
link_o.darwin:
@ $(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME); \
SHLIB_SUFFIX=.dylib; \
ALLSYMSFLAGS='-all_load'; \
link_dso.darwin:
@ ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) `echo $(SHARED_LDFLAGS) | sed s/dynamiclib/bundle/`"; \
if [ -n "$(LIBVERSION)" ]; then \
SHAREDFLAGS="$$SHAREDFLAGS -current_version $(LIBVERSION)"; \
fi; \
if [ -n "$$SHLIB_SOVER_NODOT" ]; then \
SHAREDFLAGS="$$SHAREDFLAGS -compatibility_version $$SHLIB_SOVER_NODOT"; \
fi; \
$(LINK_SO_O)
link_a.darwin:
@ $(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME); \
SHLIB_SUFFIX=.dylib; \
ALLSYMSFLAGS='-all_load'; \
$(LINK_SO_DSO)
link_shlib.darwin:
@ ALLSYMSFLAGS='-all_load'; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS)"; \
if [ -n "$(LIBVERSION)" ]; then \
SHAREDFLAGS="$$SHAREDFLAGS -current_version $(LIBVERSION)"; \
fi; \
if [ -n "$$SHLIB_SOVER_NODOT" ]; then \
SHAREDFLAGS="$$SHAREDFLAGS -compatibility_version $$SHLIB_SOVER_NODOT"; \
fi; \
SHAREDFLAGS="$$SHAREDFLAGS -install_name $(INSTALLTOP)/$(LIBDIR)/$$SHLIB$(SHLIB_EXT)"; \
$(LINK_SO_A)
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -current_version $(SHLIBVERSION) -compatibility_version $(SHLIBVERSION) -install_name $(INSTALLTOP)/$(LIBDIR)/$(SHLIBNAME_FULL)"; \
$(LINK_SO_SHLIB)
link_app.darwin: # is there run-path on darwin?
$(LINK_APP)
link_o.cygwin:
@ $(CALC_VERSIONS); \
INHIBIT_SYMLINKS=yes; \
SHLIB=cyg$(LIBNAME); \
link_dso.cygwin:
@ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
base=-Wl,--enable-auto-image-base; \
deffile=; \
if expr $(PLATFORM) : 'mingw' > /dev/null; then \
SHLIB=$(LIBNAME)eay32; base=; \
if test -f $(LIBNAME)eay32.def; then \
deffile=$(LIBNAME)eay32.def; \
fi; \
fi; \
SHLIB_SUFFIX=.dll; \
LIBVERSION="$(LIBVERSION)"; \
SHLIB_SOVER=${LIBVERSION:+"-$(LIBVERSION)"}; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic"; \
$(LINK_SO_DSO)
link_shlib.cygwin:
@ INHIBIT_SYMLINKS=yes; \
echo "$(PERL) $(SRCDIR)/util/mkrc.pl $(SHLIBNAME_FULL) |" \
"$(RC) $(SHARED_RCFLAGS) -o rc.o"; \
$(PERL) $(SRCDIR)/util/mkrc.pl $(SHLIBNAME_FULL) | \
$(RC) $(SHARED_RCFLAGS) -o rc.o; \
ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base $$deffile -Wl,-Bsymbolic"; \
$(LINK_SO_O)
#for mingw target if def-file is in use dll-name should match library-name
link_a.cygwin:
@ $(CALC_VERSIONS); \
INHIBIT_SYMLINKS=yes; \
SHLIB=cyg$(LIBNAME); SHLIB_SOVER=-$(LIBVERSION); SHLIB_SUFFIX=.dll; \
dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; extras=; \
base=-Wl,--enable-auto-image-base; \
if expr $(PLATFORM) : 'mingw' > /dev/null; then \
case $(LIBNAME) in \
crypto) SHLIB=libeay;; \
ssl) SHLIB=ssleay;; \
esac; \
SHLIB_SOVER=32; \
extras="$(LIBNAME).def"; \
$(PERL) util/mkdef.pl 32 $$SHLIB > $$extras; \
base=; [ $(LIBNAME) = "crypto" -a -n "$(FIPSCANLIB)" ] && base=-Wl,--image-base,0x63000000; \
fi; \
dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
$(PERL) util/mkrc.pl $$dll_name | \
$(RC) -o rc.o; \
extras="$$extras rc.o"; \
ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a $$extras"; \
[ -f apps/$$dll_name ] && rm apps/$$dll_name; \
[ -f test/$$dll_name ] && rm test/$$dll_name; \
$(LINK_SO_A) || exit 1; \
rm $$extras; \
cp -p $$dll_name apps/; \
cp -p $$dll_name test/
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,--enable-auto-image-base -Wl,-Bsymbolic -Wl,--out-implib,$(SHLIBNAME) rc.o"; \
$(LINK_SO_SHLIB) || exit 1; \
rm rc.o
link_app.cygwin:
@if expr "$(CFLAGS)" : '.*OPENSSL_USE_APPLINK' > /dev/null; then \
LIBDEPS="$(TOP)/crypto/applink.o $${LIBDEPS:-$(LIBDEPS)}"; \
export LIBDEPS; \
fi; \
$(LINK_APP)
link_o.alpha-osf1:
# link_dso.mingw-shared and link_app.mingw-shared are mapped to the
# corresponding cygwin targets, as they do the exact same thing.
link_shlib.mingw:
@ INHIBIT_SYMLINKS=yes; \
base=; [ $(LIBNAME) = "crypto" -a -n "$(FIPSCANLIB)" ] && base=-Wl,--image-base,0x63000000; \
$(PERL) $(SRCDIR)/util/mkdef.pl 32 $(LIBNAME) \
| sed -e 's|^\(LIBRARY *\)$(LIBNAME)32|\1$(SHLIBNAME_FULL)|' \
> $(LIBNAME).def; \
echo "$(PERL) $(SRCDIR)/util/mkrc.pl $(SHLIBNAME_FULL) |" \
"$(RC) $(SHARED_RCFLAGS) -o rc.o"; \
$(PERL) $(SRCDIR)/util/mkrc.pl $(SHLIBNAME_FULL) | \
$(RC) $(SHARED_RCFLAGS) -o rc.o; \
ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic -Wl,--out-implib,$(SHLIBNAME) $(LIBNAME).def rc.o"; \
$(LINK_SO_SHLIB) || exit 1; \
rm $(LIBNAME).def rc.o
link_dso.alpha-osf1:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_DSO); \
else \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic"; \
fi; \
$(LINK_SO_DSO)
link_shlib.alpha-osf1:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_SO); \
else \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
if [ -n "$$SHLIB_HIST" ]; then \
SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
else \
SHLIB_HIST="$(LIBVERSION)"; \
fi; \
SHLIB_SOVER=; \
ALLSYMSFLAGS='-all'; \
NOALLSYMSFLAGS='-none'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic"; \
if [ -n "$$SHLIB_HIST" ]; then \
SHAREDFLAGS="$$SHAREDFLAGS -set_version $$SHLIB_HIST"; \
fi; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic -set_version $(SHLIBVERSION)"; \
fi; \
$(LINK_SO_O)
link_a.alpha-osf1:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_SO); \
else \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
if [ -n "$$SHLIB_HIST" ]; then \
SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
else \
SHLIB_HIST="$(LIBVERSION)"; \
fi; \
SHLIB_SOVER=; \
ALLSYMSFLAGS='-all'; \
NOALLSYMSFLAGS='-none'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic"; \
if [ -n "$$SHLIB_HIST" ]; then \
SHAREDFLAGS="$$SHAREDFLAGS -set_version $$SHLIB_HIST"; \
fi; \
fi; \
$(LINK_SO_A)
$(LINK_SO_SHLIB)
link_app.alpha-osf1:
@if $(DETECT_GNU_LD); then \
$(DO_GNU_APP); \
else \
LDFLAGS="$(CFLAGS) -rpath $(LIBRPATH)"; \
LDFLAGS="$(CFLAGS) $(LDFLAGS)"; \
fi; \
$(LINK_APP)
link_o.solaris:
link_dso.solaris:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_DSO); \
else \
ALLSYMSFLAGS=""; \
NOALLSYMSFLAGS=""; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $(SHLIBNAME_FULL) -Wl,-Bsymbolic"; \
fi; \
$(LINK_SO_DSO)
link_shlib.solaris:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_SO); \
else \
$(CALC_VERSIONS); \
MINUSZ='-z '; \
($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS="$${MINUSZ}allextract"; \
NOALLSYMSFLAGS="$${MINUSZ}defaultextract"; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-Bsymbolic"; \
$(PERL) $(SRCDIR)/util/mkdef.pl $(LIBNAME) linux >$(LIBNAME).map; \
ALLSYMSFLAGS="-Wl,-z,allextract,-M,$(LIBNAME).map"; \
NOALLSYMSFLAGS="-Wl,-z,defaultextract"; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $(SHLIBNAME_FULL) -Wl,-Bsymbolic"; \
fi; \
$(LINK_SO_O)
link_a.solaris:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_SO); \
else \
$(CALC_VERSIONS); \
MINUSZ='-z '; \
($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=;\
ALLSYMSFLAGS="$${MINUSZ}allextract"; \
NOALLSYMSFLAGS="$${MINUSZ}defaultextract"; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-Bsymbolic"; \
fi; \
$(LINK_SO_A)
$(LINK_SO_SHLIB)
link_app.solaris:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_APP); \
else \
LDFLAGS="$(CFLAGS) -R $(LIBRPATH)"; \
LDFLAGS="$(CFLAGS) $(LDFLAGS)"; \
fi; \
$(LINK_APP)
# OpenServer 5 native compilers used
link_o.svr3:
link_dso.svr3:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_DSO); \
else \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) -G -h $(SHLIBNAME_FULL)"; \
fi; \
$(LINK_SO_DSO)
link_shlib.svr3:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_SO); \
else \
$(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) -G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
SHAREDFLAGS="$(CFLAGS) -G -h $(SHLIBNAME_FULL)"; \
fi; \
$(LINK_SO_O)
link_a.svr3:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_SO); \
else \
$(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) -G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
fi; \
$(LINK_SO_A_UNPACKED)
$(LINK_SO_SHLIB_UNPACKED)
link_app.svr3:
@$(DETECT_GNU_LD) && $(DO_GNU_APP); \
$(LINK_APP)
# UnixWare 7 and OpenUNIX 8 native compilers used
link_o.svr5:
link_dso.svr5:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_DSO); \
else \
SHARE_FLAG='-G'; \
($(CC) -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $(SHLIBNAME_FULL)"; \
fi; \
$(LINK_SO_DSO)
link_shlib.svr5:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_SO); \
else \
$(CALC_VERSIONS); \
SHARE_FLAG='-G'; \
($(CC) -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $(SHLIBNAME_FULL)"; \
fi; \
$(LINK_SO_O)
link_a.svr5:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_SO); \
else \
$(CALC_VERSIONS); \
SHARE_FLAG='-G'; \
($(CC) -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
fi; \
$(LINK_SO_A_UNPACKED)
$(LINK_SO_SHLIB_UNPACKED)
link_app.svr5:
@$(DETECT_GNU_LD) && $(DO_GNU_APP); \
$(LINK_APP)
link_o.irix:
link_dso.irix:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_DSO); \
else \
ALLSYMSFLAGS=""; \
NOALLSYMSFLAGS=""; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$(SHLIBNAME_FULL),-B,symbolic"; \
fi; \
$(LINK_SO_DSO)
link_shlib.irix:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_SO); \
else \
$(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
MINUSWL=""; \
($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSWL="-Wl,"; \
ALLSYMSFLAGS="$${MINUSWL}-all"; \
NOALLSYMSFLAGS="$${MINUSWL}-none"; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,-B,symbolic"; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$(SHLIBNAME_FULL),-B,symbolic"; \
fi; \
$(LINK_SO_O)
link_a.irix:
@ if $(DETECT_GNU_LD); then \
$(DO_GNU_SO); \
else \
$(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
MINUSWL=""; \
($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSWL="-Wl,"; \
ALLSYMSFLAGS="$${MINUSWL}-all"; \
NOALLSYMSFLAGS="$${MINUSWL}-none"; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,-B,symbolic"; \
fi; \
$(LINK_SO_A)
$(LINK_SO_SHLIB)
link_app.irix:
@LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"; \
@LDFLAGS="$(CFLAGS) $(LDFLAGS)"; \
$(LINK_APP)
# 32-bit PA-RISC HP-UX embeds the -L pathname of libs we link with, so
@ -499,157 +406,116 @@ link_app.irix:
# editor context only [it's simply ignored in other cases, which are all
# ELFs by the way].
#
link_o.hpux:
link_dso.hpux:
@if $(DETECT_GNU_LD); then $(DO_GNU_DSO); else \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$(SHLIBNAME_FULL),+cdp,../:,+cdp,./:"; \
fi; \
rm -f $(SHLIBNAME_FULL) || :; \
$(LINK_SO_DSO) && chmod a=rx $(SHLIBNAME_FULL)
link_shlib.hpux:
@if $(DETECT_GNU_LD); then $(DO_GNU_SO); else \
$(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).sl; \
expr "$(CFLAGS)" : '.*DSO_DLFCN' > /dev/null && SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS='-Wl,-Fl'; \
NOALLSYMSFLAGS=''; \
expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,+cdp,../:,+cdp,./:"; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$(SHLIBNAME_FULL),+cdp,../:,+cdp,./:"; \
fi; \
rm -f $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX || :; \
$(LINK_SO_O) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
link_a.hpux:
@if $(DETECT_GNU_LD); then $(DO_GNU_SO); else \
$(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).sl; \
expr $(PLATFORM) : '.*ia64' > /dev/null && SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS='-Wl,-Fl'; \
NOALLSYMSFLAGS=''; \
expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,+cdp,../:,+cdp,./:"; \
fi; \
rm -f $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX || :; \
$(LINK_SO_A) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
rm -f $(SHLIBNAME_FULL) || :; \
$(LINK_SO_SHLIB) && chmod a=rx $(SHLIBNAME_FULL)
link_app.hpux:
@if $(DETECT_GNU_LD); then $(DO_GNU_APP); else \
LDFLAGS="$(CFLAGS) -Wl,+s,+cdp,../:,+cdp,./:,+b,$(LIBRPATH)"; \
LDFLAGS="$(CFLAGS) $(LDFLAGS) -Wl,+s,+cdp,../:,+cdp,./:"; \
fi; \
$(LINK_APP)
link_o.aix:
@ $(CALC_VERSIONS); \
OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || :; \
link_dso.aix:
@OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || :; \
OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS=''; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \
$(LINK_SO_O);
link_a.aix:
@ $(CALC_VERSIONS); \
OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || : ; \
rm -f $(SHLIBNAME_FULL) 2>&1 > /dev/null ; \
$(LINK_SO_DSO);
link_shlib.aix:
@ OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || : ; \
OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS='-bnogc'; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \
$(LINK_SO_A_VIA_O)
rm -f $(SHLIBNAME_FULL) 2>&1 > /dev/null ; \
$(LINK_SO_SHLIB_VIA_O)
link_app.aix:
LDFLAGS="$(CFLAGS) -Wl,-brtl,-blibpath:$(LIBRPATH):$${LIBPATH:-/usr/lib:/lib}"; \
LDFLAGS="$(CFLAGS) -Wl,-bsvr4 $(LDFLAGS)"; \
$(LINK_APP)
link_o.reliantunix:
@ $(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS=; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS='$(CFLAGS) -G'; \
$(LINK_SO_O)
link_a.reliantunix:
@ $(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).so; \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS=; \
NOALLSYMSFLAGS=''; \
SHAREDFLAGS='$(CFLAGS) -G'; \
$(LINK_SO_A_UNPACKED)
link_app.reliantunix:
$(LINK_APP)
# Targets to build symbolic links when needed
symlink.gnu symlink.solaris symlink.svr3 symlink.svr5 symlink.irix \
symlink.aix symlink.reliantunix:
@ $(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).so; \
$(SYMLINK_SO)
symlink.aix:
@ $(SYMLINK_SO)
symlink.darwin:
@ $(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME); \
SHLIB_SUFFIX=.dylib; \
$(SYMLINK_SO)
@ $(SYMLINK_SO)
symlink.hpux:
@ $(CALC_VERSIONS); \
SHLIB=lib$(LIBNAME).sl; \
expr $(PLATFORM) : '.*ia64' > /dev/null && SHLIB=lib$(LIBNAME).so; \
$(SYMLINK_SO)
@ $(SYMLINK_SO)
# The following lines means those specific architectures do no symlinks
symlink.cygwin symlink.alpha-osf1 symlink.tru64 symlink.tru64-rpath symlink.beos:
symlink.cygwin symlink.alpha-osf1 symlink.tru64 symlink.tru64-rpath:
# Compatibility targets
link_o.bsd-gcc-shared link_o.linux-shared link_o.gnu-shared: link_o.gnu
link_a.bsd-gcc-shared link_a.linux-shared link_a.gnu-shared: link_a.gnu
link_dso.bsd-gcc-shared link_dso.linux-shared link_dso.gnu-shared: link_dso.gnu
link_shlib.bsd-gcc-shared: link_shlib.linux-shared
link_shlib.gnu-shared: link_shlib.gnu
link_app.bsd-gcc-shared link_app.linux-shared link_app.gnu-shared: link_app.gnu
symlink.bsd-gcc-shared symlink.bsd-shared symlink.linux-shared symlink.gnu-shared: symlink.gnu
link_o.bsd-shared: link_o.bsd
link_a.bsd-shared: link_a.bsd
link_dso.bsd-shared: link_dso.bsd
link_shlib.bsd-shared: link_shlib.bsd
link_app.bsd-shared: link_app.bsd
link_o.darwin-shared: link_o.darwin
link_a.darwin-shared: link_a.darwin
link_dso.darwin-shared: link_dso.darwin
link_shlib.darwin-shared: link_shlib.darwin
link_app.darwin-shared: link_app.darwin
symlink.darwin-shared: symlink.darwin
link_o.cygwin-shared: link_o.cygwin
link_a.cygwin-shared: link_a.cygwin
link_dso.cygwin-shared: link_dso.cygwin
link_shlib.cygwin-shared: link_shlib.cygwin
link_app.cygwin-shared: link_app.cygwin
symlink.cygwin-shared: symlink.cygwin
link_o.alpha-osf1-shared: link_o.alpha-osf1
link_a.alpha-osf1-shared: link_a.alpha-osf1
link_dso.mingw-shared: link_dso.cygwin
link_shlib.mingw-shared: link_shlib.mingw
link_app.mingw-shared: link_app.cygwin
symlink.mingw-shared: symlink.cygwin
link_dso.alpha-osf1-shared: link_dso.alpha-osf1
link_shlib.alpha-osf1-shared: link_shlib.alpha-osf1
link_app.alpha-osf1-shared: link_app.alpha-osf1
symlink.alpha-osf1-shared: symlink.alpha-osf1
link_o.tru64-shared: link_o.tru64
link_a.tru64-shared: link_a.tru64
link_dso.tru64-shared: link_dso.tru64
link_shlib.tru64-shared: link_shlib.tru64
link_app.tru64-shared: link_app.tru64
symlink.tru64-shared: symlink.tru64
link_o.tru64-shared-rpath: link_o.tru64-rpath
link_a.tru64-shared-rpath: link_a.tru64-rpath
link_dso.tru64-shared-rpath: link_dso.tru64-rpath
link_shlib.tru64-shared-rpath: link_shlib.tru64-rpath
link_app.tru64-shared-rpath: link_app.tru64-rpath
symlink.tru64-shared-rpath: symlink.tru64-rpath
link_o.solaris-shared: link_o.solaris
link_a.solaris-shared: link_a.solaris
link_dso.solaris-shared: link_dso.solaris
link_shlib.solaris-shared: link_shlib.solaris
link_app.solaris-shared: link_app.solaris
symlink.solaris-shared: symlink.solaris
link_o.svr3-shared: link_o.svr3
link_a.svr3-shared: link_a.svr3
link_dso.svr3-shared: link_dso.svr3
link_shlib.svr3-shared: link_shlib.svr3
link_app.svr3-shared: link_app.svr3
symlink.svr3-shared: symlink.svr3
link_o.svr5-shared: link_o.svr5
link_a.svr5-shared: link_a.svr5
link_dso.svr5-shared: link_dso.svr5
link_shlib.svr5-shared: link_shlib.svr5
link_app.svr5-shared: link_app.svr5
symlink.svr5-shared: symlink.svr5
link_o.irix-shared: link_o.irix
link_a.irix-shared: link_a.irix
link_dso.irix-shared: link_dso.irix
link_shlib.irix-shared: link_shlib.irix
link_app.irix-shared: link_app.irix
symlink.irix-shared: symlink.irix
link_o.hpux-shared: link_o.hpux
link_a.hpux-shared: link_a.hpux
link_dso.hpux-shared: link_dso.hpux
link_shlib.hpux-shared: link_shlib.hpux
link_app.hpux-shared: link_app.hpux
symlink.hpux-shared: symlink.hpux
link_o.aix-shared: link_o.aix
link_a.aix-shared: link_a.aix
link_dso.aix-shared: link_dso.aix
link_shlib.aix-shared: link_shlib.aix
link_app.aix-shared: link_app.aix
symlink.aix-shared: symlink.aix
link_o.reliantunix-shared: link_o.reliantunix
link_a.reliantunix-shared: link_a.reliantunix
link_app.reliantunix-shared: link_app.reliantunix
symlink.reliantunix-shared: symlink.reliantunix
link_o.beos-shared: link_o.beos
link_a.beos-shared: link_a.beos
link_app.beos-shared: link_app.gnu
symlink.beos-shared: symlink.beos

100
deps/openssl/openssl/NEWS vendored
View file

@ -5,48 +5,98 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
Major changes between OpenSSL 1.0.2n and OpenSSL 1.0.2o [27 Mar 2018]
Major changes between OpenSSL 1.1.0g and OpenSSL 1.1.0h [27 Mar 2018]
o Constructed ASN.1 types with a recursive definition could exceed the
stack (CVE-2018-0739)
Major changes between OpenSSL 1.0.2m and OpenSSL 1.0.2n [7 Dec 2017]
o Read/write after SSL object in error state (CVE-2017-3737)
o Incorrect CRYPTO_memcmp on HP-UX PA-RISC (CVE-2018-0733)
o rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)
Major changes between OpenSSL 1.0.2l and OpenSSL 1.0.2m [2 Nov 2017]
Major changes between OpenSSL 1.1.0f and OpenSSL 1.1.0g [2 Nov 2017]
o bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
o Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)
Major changes between OpenSSL 1.0.2k and OpenSSL 1.0.2l [25 May 2017]
Major changes between OpenSSL 1.1.0e and OpenSSL 1.1.0f [25 May 2017]
o config now recognises 64-bit mingw and chooses mingw64 instead of mingw
Major changes between OpenSSL 1.0.2j and OpenSSL 1.0.2k [26 Jan 2017]
Major changes between OpenSSL 1.1.0d and OpenSSL 1.1.0e [16 Feb 2017]
o Encrypt-Then-Mac renegotiation crash (CVE-2017-3733)
Major changes between OpenSSL 1.1.0c and OpenSSL 1.1.0d [26 Jan 2017]
o Truncated packet could crash via OOB read (CVE-2017-3731)
o Bad (EC)DHE parameters cause a client crash (CVE-2017-3730)
o BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)
Major changes between OpenSSL 1.1.0b and OpenSSL 1.1.0c [10 Nov 2016]
o ChaCha20/Poly1305 heap-buffer-overflow (CVE-2016-7054)
o CMS Null dereference (CVE-2016-7053)
o Montgomery multiplication may produce incorrect results (CVE-2016-7055)
Major changes between OpenSSL 1.0.2i and OpenSSL 1.0.2j [26 Sep 2016]
Major changes between OpenSSL 1.1.0a and OpenSSL 1.1.0b [26 Sep 2016]
o Missing CRL sanity check (CVE-2016-7052)
o Fix Use After Free for large message sizes (CVE-2016-6309)
Major changes between OpenSSL 1.0.2h and OpenSSL 1.0.2i [22 Sep 2016]
Major changes between OpenSSL 1.1.0 and OpenSSL 1.1.0a [22 Sep 2016]
o OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
o SWEET32 Mitigation (CVE-2016-2183)
o OOB write in MDC2_Update() (CVE-2016-6303)
o Malformed SHA512 ticket DoS (CVE-2016-6302)
o OOB write in BN_bn2dec() (CVE-2016-2182)
o OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
o Pointer arithmetic undefined behaviour (CVE-2016-2177)
o Constant time flag not preserved in DSA signing (CVE-2016-2178)
o DTLS buffered message DoS (CVE-2016-2179)
o DTLS replay protection DoS (CVE-2016-2181)
o Certificate message OOB reads (CVE-2016-6306)
o SSL_peek() hang on empty record (CVE-2016-6305)
o Excessive allocation of memory in tls_get_message_header()
(CVE-2016-6307)
o Excessive allocation of memory in dtls1_preprocess_fragment()
(CVE-2016-6308)
Major changes between OpenSSL 1.0.2h and OpenSSL 1.1.0 [25 Aug 2016]
o Copyright text was shrunk to a boilerplate that points to the license
o "shared" builds are now the default when possible
o Added support for "pipelining"
o Added the AFALG engine
o New threading API implemented
o Support for ChaCha20 and Poly1305 added to libcrypto and libssl
o Support for extended master secret
o CCM ciphersuites
o Reworked test suite, now based on perl, Test::Harness and Test::More
o *Most* libcrypto and libssl public structures were made opaque,
including:
BIGNUM and associated types, EC_KEY and EC_KEY_METHOD,
DH and DH_METHOD, DSA and DSA_METHOD, RSA and RSA_METHOD,
BIO and BIO_METHOD, EVP_MD_CTX, EVP_MD, EVP_CIPHER_CTX,
EVP_CIPHER, EVP_PKEY and associated types, HMAC_CTX,
X509, X509_CRL, X509_OBJECT, X509_STORE_CTX, X509_STORE,
X509_LOOKUP, X509_LOOKUP_METHOD
o libssl internal structures made opaque
o SSLv2 support removed
o Kerberos ciphersuite support removed
o RC4 removed from DEFAULT ciphersuites in libssl
o 40 and 56 bit cipher support removed from libssl
o All public header files moved to include/openssl, no more symlinking
o SSL/TLS state machine, version negotiation and record layer rewritten
o EC revision: now operations use new EC_KEY_METHOD.
o Support for OCB mode added to libcrypto
o Support for asynchronous crypto operations added to libcrypto and libssl
o Deprecated interfaces can now be disabled at build time either
relative to the latest release via the "no-deprecated" Configure
argument, or via the "--api=1.1.0|1.0.0|0.9.8" option.
o Application software can be compiled with -DOPENSSL_API_COMPAT=version
to ensure that features deprecated in that version are not exposed.
o Support for RFC6698/RFC7671 DANE TLSA peer authentication
o Change of Configure to use --prefix as the main installation
directory location rather than --openssldir. The latter becomes
the directory for certs, private key and openssl.cnf exclusively.
o Reworked BIO networking library, with full support for IPv6.
o New "unified" build system
o New security levels
o Support for scrypt algorithm
o Support for X25519
o Extended SSL_CONF support using configuration files
o KDF algorithm support. Implement TLS PRF as a KDF.
o Support for Certificate Transparency
o HKDF support.
Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [3 May 2016]
@ -348,7 +398,7 @@
Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f [11 Oct 2007]:
o Add gcc 4.2 support.
o Add support for AES and SSE2 assembly lanugauge optimization
o Add support for AES and SSE2 assembly language optimization
for VC++ build.
o Support for RFC4507bis and server name extensions if explicitly
selected at compile time.
@ -431,8 +481,8 @@
o New STORE structure and library to provide an interface to all
sorts of data repositories. Supports storage of public and
private keys, certificates, CRLs, numbers and arbitrary blobs.
This library is unfortunately unfinished and unused withing
OpenSSL.
This library is unfortunately unfinished and unused within
OpenSSL.
o New control functions for the error stack.
o Changed the PKCS#7 library to support one-pass S/MIME
processing.
@ -448,7 +498,7 @@
o Major overhaul of RC4 performance on Intel P4, IA-64 and
AMD64.
o Changed the Configure script to have some algorithms disabled
by default. Those can be explicitely enabled with the new
by default. Those can be explicitly enabled with the new
argument form 'enable-xxx'.
o Change the default digest in 'openssl' commands from MD5 to
SHA-1.

9
deps/openssl/openssl/INSTALL.DJGPP → deps/openssl/openssl/NOTES.DJGPP vendored
View file

@ -1,5 +1,5 @@
INSTALLATION ON THE DOS PLATFORM WITH DJGPP
-------------------------------------------
@ -11,14 +11,15 @@
You should have a full DJGPP environment installed, including the
latest versions of DJGPP, GCC, BINUTILS, BASH, etc. This package
requires that PERL and BC also be installed.
requires that PERL and the PERL module Text::Template also be
installed (see NOTES.PERL).
All of these can be obtained from the usual DJGPP mirror sites or
directly at "http://www.delorie.com/pub/djgpp". For help on which
files to download, see the DJGPP "ZIP PICKER" page at
"http://www.delorie.com/djgpp/zip-picker.html". You also need to have
the WATT-32 networking package installed before you try to compile
OpenSSL. This can be obtained from "http://www.bgnett.no/~giva/".
OpenSSL. This can be obtained from "http://www.watt-32.net/".
The Makefile assumes that the WATT-32 code is in the directory
specified by the environment variable WATT_ROOT. If you have watt-32
in directory "watt32" under your main DJGPP directory, specify
@ -28,7 +29,7 @@
running "./Configure" with appropriate arguments:
./Configure no-threads --prefix=/dev/env/DJDIR DJGPP
And finally fire up "make". You may run out of DPMI selectors when
running in a DOS box under Windows. If so, just close the BASH
shell, go back to Windows, and restart BASH. Then run "make" again.

119
deps/openssl/openssl/NOTES.PERL vendored Normal file
View file

@ -0,0 +1,119 @@
TOC
===
- Notes on Perl
- Notes on Perl on Windows
- Notes on Perl modules we use
- Notes on installing a perl module
Notes on Perl
-------------
For our scripts, we rely quite a bit on Perl, and increasingly on
some core Perl modules. These Perl modules are part of the Perl
source, so if you build Perl on your own, you should be set.
However, if you install Perl as binary packages, the outcome might
differ, and you may have to check that you do get the core modules
installed properly. We do not claim to know them all, but experience
has told us the following:
- on Linux distributions based on Debian, the package 'perl' will
install the core Perl modules as well, so you will be fine.
- on Linux distributions based on RPMs, you will need to install
'perl-core' rather than just 'perl'.
You MUST have at least Perl version 5.10.0 installed. This minimum
requirement is due to our use of regexp backslash sequence \R among
other features that didn't exist in core Perl before that version.
Notes on Perl on Windows
------------------------
There are a number of build targets that can be viewed as "Windows".
Indeed, there are VC-* configs targeting VisualStudio C, as well as
MinGW and Cygwin. The key recommendation is to use "matching" Perl,
one that matches build environment. For example, if you will build
on Cygwin be sure to use the Cygwin package manager to install Perl.
For MSYS builds use the MSYS provided Perl. For VC-* builds we
recommend ActiveState Perl, available from
http://www.activestate.com/ActivePerl.
Notes on Perl on VMS
--------------------
You will need to install Perl separately. One way to do so is to
download the source from http://perl.org/, unpacking it, reading
README.vms and follow the instructions. Another way is to download a
.PCSI file from http://www.vmsperl.com/ and install it using the
POLYCENTER install tool.
Notes on Perl modules we use
----------------------------
We make increasing use of Perl modules, and do our best to limit
ourselves to core Perl modules to keep the requirements down. There
are just a few exceptions:
Test::More We require the minimum version to be 0.96, which
appeared in Perl 5.13.4, because that version was
the first to have all the features we're using.
This module is required for testing only! If you
don't plan on running the tests, you don't need to
bother with this one.
Text::Template This module is not part of the core Perl modules.
As a matter of fact, the core Perl modules do not
include any templating module to date.
This module is absolutely needed, configuration
depends on it.
To avoid unnecessary initial hurdles, we have bundled a copy of the
following modules in our source. They will work as fallbacks if
these modules aren't already installed on the system.
Text::Template
Notes on installing a perl module
---------------------------------
There are a number of ways to install a perl module. In all
descriptions below, Text::Template will server as an example.
1. for Linux users, the easiest is to install with the use of your
favorite package manager. Usually, all you need to do is search
for the module name and to install the package that comes up.
On Debian based Linux distributions, it would go like this:
$ apt-cache search Text::Template
...
libtext-template-perl - perl module to process text templates
$ sudo apt-get install libtext-template-perl
Perl modules in Debian based distributions use package names like
the name of the module in question, with "lib" prepended and
"-perl" appended.
2. Install using CPAN. This is very easy, but usually requires root
access:
$ cpan -i Text::Template
Note that this runs all the tests that the module to be installed
comes with. This is usually a smooth operation, but there are
platforms where a failure is indicated even though the actual tests
were successful. Should that happen, you can force an
installation regardless (that should be safe since you've already
seen the tests succeed!):
$ cpan -f -i Text::Template
Note: on VMS, you must quote any argument that contains upper case
characters, so the lines above would be:
$ cpan -i "Text::Template"
and:
$ cpan -f -i "Text::Template"

30
deps/openssl/openssl/NOTES.UNIX vendored Normal file
View file

@ -0,0 +1,30 @@
NOTES FOR UNIX LIKE PLATFORMS
=============================
For Unix/POSIX runtime systems on Windows, please see NOTES.WIN.
Shared libraries and installation in non-standard locations
-----------------------------------------------------------
Binaries on Unix variants expect to find shared libraries in standard
locations, such as /usr/lib, /usr/local/lib and some other locations
configured in the system (for example /etc/ld.so.conf on some systems).
If the libraries are installed in non-standard locations, binaries
will not find them and therefore fail to run unless they get a bit of
help from a defined RPATH or RUNPATH. This can be applied by adding
the appropriate linker flags to the configuration command, such as
this (/usr/local/ssl was the default location for OpenSSL installation
in versions before 1.1.0):
$ ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl \
-Wl,-rpath,/usr/local/ssl/lib
Because the actual library location may vary further (for example on
multilib installations), there is a convenience variable in Makefile
that holds the exact installation directory and that can be used like
this:
$ ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl \
-Wl,-rpath,'$(LIBRPATH)'

81
deps/openssl/openssl/NOTES.VMS vendored Normal file
View file

@ -0,0 +1,81 @@
NOTES FOR THE OPENVMS PLATFORM
==============================
Requirement details
-------------------
In addition to the requirements and instructions listed in INSTALL,
this are required as well:
* At least ODS-5 disk organization for source and build.
Installation can be done on any existing disk organization.
About ANSI C compiler
---------------------
An ANSI C compiled is needed among other things. This means that
VAX C is not and will not be supported.
We have only tested with DEC C (a.k.a HP VMS C / VSI C) and require
version 7.1 or later. Compiling with a different ANSI C compiler may
require some work.
Please avoid using C RTL feature logical names DECC$* when building
and testing OpenSSL. Most of all, they can be disruptive when
running the tests, as they affect the Perl interpreter.
About ODS-5 directory names and Perl
------------------------------------
It seems that the perl function canonpath() in the File::Spec module
doesn't treat file specifications where the last directory name
contains periods very well. Unfortunately, some versions of VMS tar
will keep the periods in the OpenSSL source directory instead of
converting them to underscore, thereby leaving your source in
something like [.openssl-1^.1^.0]. This will lead to issues when
configuring and building OpenSSL.
We have no replacement for Perl's canonpath(), so the best workaround
for now is to rename the OpenSSL source directory, as follows (please
adjust for the actual source directory name you have):
$ rename openssl-1^.1^.0.DIR openssl-1_1_0.DIR
About MMS and DCL
-----------------
MMS has certain limitations when it comes to line length, and DCL has
certain limitations when it comes to total command length. We do
what we can to mitigate, but there is the possibility that it's not
enough. Should you run into issues, a very simple solution is to set
yourself up a few logical names for the directory trees you're going
to use.
Checking the distribution
-------------------------
There have been reports of places where the distribution didn't quite
get through, for example if you've copied the tree from a NFS-mounted
Unix mount point.
The easiest way to check if everything got through as it should is to
check for one of the following files:
[.crypto]opensslconf^.h.in
The best way to get a correct distribution is to download the gzipped
tar file from ftp://ftp.openssl.org/source/, use GZIP -d to uncompress
it and VMSTAR to unpack the resulting tar file.
Gzip and VMSTAR are available here:
http://antinode.info/dec/index.html#Software
Should you need it, you can find UnZip for VMS here:
http://www.info-zip.org/UnZip.html

139
deps/openssl/openssl/NOTES.WIN vendored Normal file
View file

@ -0,0 +1,139 @@
NOTES FOR THE WINDOWS PLATFORMS
===============================
Requirement details for native (Visual C++) builds
--------------------------------------------------
In addition to the requirements and instructions listed in INSTALL,
this are required as well:
- You need Perl. We recommend ActiveState Perl, available from
https://www.activestate.com/ActivePerl. Another viable alternative
appears to be Strawberry Perl, http://strawberryperl.com.
You also need the perl module Text::Template, available on CPAN.
Please read NOTES.PERL for more information.
- You need a C compiler. OpenSSL has been tested to build with these:
* Visual C++
- Netwide Assembler, a.k.a. NASM, available from http://www.nasm.us,
is required if you intend to utilize assembler modules. Note that NASM
is the only supported assembler. The Microsoft provided assembler is NOT
supported.
Visual C++ (native Windows)
---------------------------
Installation directories
The default installation directories are derived from environment
variables.
For VC-WIN32, the following defaults are use:
PREFIX: %ProgramFiles(86)%\OpenSSL
OPENSSLDIR: %CommonProgramFiles(86)%\SSL
For VC-WIN64, the following defaults are use:
PREFIX: %ProgramW6432%\OpenSSL
OPENSSLDIR: %CommonProgramW6432%\SSL
Should those environment variables not exist (on a pure Win32
installation for examples), these fallbacks are used:
PREFIX: %ProgramFiles%\OpenSSL
OPENSSLDIR: %CommonProgramFiles%\SSL
ALSO NOTE that those directories are usually write protected, even if
your account is in the Administrators group. To work around that,
start the command prompt by right-clicking on it and choosing "Run as
Administrator" before running 'nmake install'. The other solution
is, of course, to choose a different set of directories by using
--prefix and --openssldir when configuring.
GNU C (Cygwin)
--------------
Cygwin implements a Posix/Unix runtime system (cygwin1.dll) on top of the
Windows subsystem and provides a bash shell and GNU tools environment.
Consequently, a make of OpenSSL with Cygwin is virtually identical to the
Unix procedure.
To build OpenSSL using Cygwin, you need to:
* Install Cygwin (see https://cygwin.com/)
* Install Cygwin Perl and ensure it is in the path. Recall that
as least 5.10.0 is required.
* Run the Cygwin bash shell
Apart from that, follow the Unix instructions in INSTALL.
NOTE: "make test" and normal file operations may fail in directories
mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin
stripping of carriage returns. To avoid this ensure that a binary
mount is used, e.g. mount -b c:\somewhere /home.
It is also possible to create "conventional" Windows binaries that use
the Microsoft C runtime system (msvcrt.dll or crtdll.dll) using MinGW
development add-on for Cygwin. MinGW is supported even as a standalone
setup as described in the following section. In the context you should
recognize that binaries targeting Cygwin itself are not interchangeable
with "conventional" Windows binaries you generate with/for MinGW.
GNU C (MinGW/MSYS)
------------------
* Compiler and shell environment installation:
MinGW and MSYS are available from http://www.mingw.org/, both are
required. Run the installers and do whatever magic they say it takes
to start MSYS bash shell with GNU tools and matching Perl on its PATH.
"Matching Perl" refers to chosen "shell environment", i.e. if built
under MSYS, then Perl compiled for MSYS must be used.
Alternatively, one can use MSYS2 from https://msys2.github.io/,
which includes MingW (32-bit and 64-bit).
* It is also possible to cross-compile it on Linux by configuring
with './Configure --cross-compile-prefix=i386-mingw32- mingw ...'.
Other possible cross compile prefixes include x86_64-w64-mingw32-
and i686-w64-mingw32-.
Linking your application
------------------------
This section applies to non-Cygwin builds.
If you link with static OpenSSL libraries then you're expected to
additionally link your application with WS2_32.LIB, GDI32.LIB,
ADVAPI32.LIB, CRYPT32.LIB and USER32.LIB. Those developing
non-interactive service applications might feel concerned about
linking with GDI32.LIB and USER32.LIB, as they are justly associated
with interactive desktop, which is not available to service
processes. The toolkit is designed to detect in which context it's
currently executed, GUI, console app or service, and act accordingly,
namely whether or not to actually make GUI calls. Additionally those
who wish to /DELAYLOAD:GDI32.DLL and /DELAYLOAD:USER32.DLL and
actually keep them off service process should consider implementing
and exporting from .exe image in question own _OPENSSL_isservice not
relying on USER32.DLL. E.g., on Windows Vista and later you could:
__declspec(dllexport) __cdecl BOOL _OPENSSL_isservice(void)
{ DWORD sess;
if (ProcessIdToSessionId(GetCurrentProcessId(),&sess))
return sess==0;
return FALSE;
}
If you link with OpenSSL .DLLs, then you're expected to include into
your application code small "shim" snippet, which provides glue between
OpenSSL BIO layer and your compiler run-time. See the OPENSSL_Applink
manual page for further details.

235
deps/openssl/openssl/Netware/build.bat vendored
View file

@ -1,235 +0,0 @@
@echo off
rem ========================================================================
rem Batch file to automate building OpenSSL for NetWare.
rem
rem usage:
rem build [target] [debug opts] [assembly opts] [configure opts]
rem
rem target - "netware-clib" - CLib NetWare build (WinSock Sockets)
rem - "netware-clib-bsdsock" - CLib NetWare build (BSD Sockets)
rem - "netware-libc" - LibC NetWare build (WinSock Sockets)
rem - "netware-libc-bsdsock" - LibC NetWare build (BSD Sockets)
rem
rem debug opts - "debug" - build debug
rem
rem assembly opts - "nw-mwasm" - use Metrowerks assembler
rem - "nw-nasm" - use NASM assembler
rem - "no-asm" - don't use assembly
rem
rem configure opts- all unrecognized arguments are passed to the
rem perl configure script
rem
rem If no arguments are specified the default is to build non-debug with
rem no assembly. NOTE: there is no default BLD_TARGET.
rem
rem No assembly is the default - Uncomment section below to change
rem the assembler default
set ASM_MODE=
set ASSEMBLER=
set NO_ASM=no-asm
rem Uncomment to default to the Metrowerks assembler
rem set ASM_MODE=nw-mwasm
rem set ASSEMBLER=Metrowerks
rem set NO_ASM=
rem Uncomment to default to the NASM assembler
rem set ASM_MODE=nw-nasm
rem set ASSEMBLER=NASM
rem set NO_ASM=
rem No default Bld target
set BLD_TARGET=no_target
rem set BLD_TARGET=netware-clib
rem set BLD_TARGET=netware-libc
rem Default to build non-debug
set DEBUG=
rem Uncomment to default to debug build
rem set DEBUG=debug
set CONFIG_OPTS=
set ARG_PROCESSED=NO
rem Process command line args
:opts
if "a%1" == "a" goto endopt
if "%1" == "no-asm" set NO_ASM=no-asm
if "%1" == "no-asm" set ARG_PROCESSED=YES
if "%1" == "debug" set DEBUG=debug
if "%1" == "debug" set ARG_PROCESSED=YES
if "%1" == "nw-nasm" set ASM_MODE=nw-nasm
if "%1" == "nw-nasm" set ASSEMBLER=NASM
if "%1" == "nw-nasm" set NO_ASM=
if "%1" == "nw-nasm" set ARG_PROCESSED=YES
if "%1" == "nw-mwasm" set ASM_MODE=nw-mwasm
if "%1" == "nw-mwasm" set ASSEMBLER=Metrowerks
if "%1" == "nw-mwasm" set NO_ASM=
if "%1" == "nw-mwasm" set ARG_PROCESSED=YES
if "%1" == "netware-clib" set BLD_TARGET=netware-clib
if "%1" == "netware-clib" set ARG_PROCESSED=YES
if "%1" == "netware-clib-bsdsock" set BLD_TARGET=netware-clib-bsdsock
if "%1" == "netware-clib-bsdsock" set ARG_PROCESSED=YES
if "%1" == "netware-libc" set BLD_TARGET=netware-libc
if "%1" == "netware-libc" set ARG_PROCESSED=YES
if "%1" == "netware-libc-bsdsock" set BLD_TARGET=netware-libc-bsdsock
if "%1" == "netware-libc-bsdsock" set ARG_PROCESSED=YES
rem If we didn't recognize the argument, consider it an option for config
if "%ARG_PROCESSED%" == "NO" set CONFIG_OPTS=%CONFIG_OPTS% %1
if "%ARG_PROCESSED%" == "YES" set ARG_PROCESSED=NO
shift
goto opts
:endopt
rem make sure a valid BLD_TARGET was specified
if "%BLD_TARGET%" == "no_target" goto no_target
rem build the nlm make file name which includes target and debug info
set NLM_MAKE=
if "%BLD_TARGET%" == "netware-clib" set NLM_MAKE=netware\nlm_clib
if "%BLD_TARGET%" == "netware-clib-bsdsock" set NLM_MAKE=netware\nlm_clib_bsdsock
if "%BLD_TARGET%" == "netware-libc" set NLM_MAKE=netware\nlm_libc
if "%BLD_TARGET%" == "netware-libc-bsdsock" set NLM_MAKE=netware\nlm_libc_bsdsock
if "%DEBUG%" == "" set NLM_MAKE=%NLM_MAKE%.mak
if "%DEBUG%" == "debug" set NLM_MAKE=%NLM_MAKE%_dbg.mak
if "%NO_ASM%" == "no-asm" set ASM_MODE=
if "%NO_ASM%" == "no-asm" set ASSEMBLER=
if "%NO_ASM%" == "no-asm" set CONFIG_OPTS=%CONFIG_OPTS% no-asm
if "%NO_ASM%" == "no-asm" goto do_config
rem ==================================================
echo Generating x86 for %ASSEMBLER% assembler
echo Bignum
cd crypto\bn\asm
rem perl x86.pl %ASM_MODE% > bn-nw.asm
perl bn-586.pl %ASM_MODE% > bn-nw.asm
perl co-586.pl %ASM_MODE% > co-nw.asm
cd ..\..\..
echo AES
cd crypto\aes\asm
perl aes-586.pl %ASM_MODE% > a-nw.asm
cd ..\..\..
echo DES
cd crypto\des\asm
perl des-586.pl %ASM_MODE% > d-nw.asm
cd ..\..\..
echo "crypt(3)"
cd crypto\des\asm
perl crypt586.pl %ASM_MODE% > y-nw.asm
cd ..\..\..
echo Blowfish
cd crypto\bf\asm
perl bf-586.pl %ASM_MODE% > b-nw.asm
cd ..\..\..
echo CAST5
cd crypto\cast\asm
perl cast-586.pl %ASM_MODE% > c-nw.asm
cd ..\..\..
echo RC4
cd crypto\rc4\asm
perl rc4-586.pl %ASM_MODE% > r4-nw.asm
cd ..\..\..
echo MD5
cd crypto\md5\asm
perl md5-586.pl %ASM_MODE% > m5-nw.asm
cd ..\..\..
echo SHA1
cd crypto\sha\asm
perl sha1-586.pl %ASM_MODE% > s1-nw.asm
perl sha256-586.pl %ASM_MODE% > sha256-nw.asm
perl sha512-586.pl %ASM_MODE% > sha512-nw.asm
cd ..\..\..
echo RIPEMD160
cd crypto\ripemd\asm
perl rmd-586.pl %ASM_MODE% > rm-nw.asm
cd ..\..\..
echo RC5\32
cd crypto\rc5\asm
perl rc5-586.pl %ASM_MODE% > r5-nw.asm
cd ..\..\..
echo WHIRLPOOL
cd crypto\whrlpool\asm
perl wp-mmx.pl %ASM_MODE% > wp-nw.asm
cd ..\..\..
echo CPUID
cd crypto
perl x86cpuid.pl %ASM_MODE% > x86cpuid-nw.asm
cd ..\
rem ===============================================================
rem
:do_config
echo .
echo configure options: %CONFIG_OPTS% %BLD_TARGET%
echo .
perl configure %CONFIG_OPTS% %BLD_TARGET%
perl util\mkfiles.pl >MINFO
echo .
echo mk1mf.pl options: %DEBUG% %ASM_MODE% %CONFIG_OPTS% %BLD_TARGET%
echo .
perl util\mk1mf.pl %DEBUG% %ASM_MODE% %CONFIG_OPTS% %BLD_TARGET% >%NLM_MAKE%
make -f %NLM_MAKE% vclean
echo .
echo The makefile "%NLM_MAKE%" has been created use your maketool to
echo build (ex: make -f %NLM_MAKE%)
goto end
rem ===============================================================
rem
:no_target
echo .
echo . No build target specified!!!
echo .
echo . usage: build [target] [debug opts] [assembly opts] [configure opts]
echo .
echo . target - "netware-clib" - CLib NetWare build (WinSock Sockets)
echo . - "netware-clib-bsdsock" - CLib NetWare build (BSD Sockets)
echo . - "netware-libc" - LibC NetWare build (WinSock Sockets)
echo . - "netware-libc-bsdsock" - LibC NetWare build (BSD Sockets)
echo .
echo . debug opts - "debug" - build debug
echo .
echo . assembly opts - "nw-mwasm" - use Metrowerks assembler
echo . "nw-nasm" - use NASM assembler
echo . "no-asm" - don't use assembly
echo .
echo . configure opts- all unrecognized arguments are passed to the
echo . perl configure script
echo .
echo . If no debug or assembly opts are specified the default is to build
echo . non-debug without assembly
echo .
:end

113
deps/openssl/openssl/Netware/cpy_tests.bat vendored
View file

@ -1,113 +0,0 @@
@echo off
rem Batch file to copy OpenSSL stuff to a NetWare server for testing
rem This batch file will create an "opensssl" directory at the root of the
rem specified NetWare drive and copy the required files to run the tests.
rem It should be run from inside the "openssl\netware" subdirectory.
rem Usage:
rem cpy_tests.bat <test subdirectory> <NetWare drive>
rem <test subdirectory> - out_nw.dbg | out_nw
rem <NetWare drive> - any mapped drive letter
rem
rem example ( copy from debug build to m: dirve ):
rem cpy_tests.bat out_nw.dbg m:
rem
rem CAUTION: If a directory named OpenSSL exists on the target drive
rem it will be deleted first.
if "%1" == "" goto usage
if "%2" == "" goto usage
rem Assume running in \openssl directory unless cpy_tests.bat exists then
rem it must be the \openssl\netware directory
set loc=.
if exist cpy_tests.bat set loc=..
rem make sure the local build subdirectory specified is valid
if not exist %loc%\%1\NUL goto invalid_dir
rem make sure target drive is valid
if not exist %2\NUL goto invalid_drive
rem If an OpenSSL directory exists on the target drive, remove it
if exist %2\openssl\NUL goto remove_openssl
goto do_copy
:remove_openssl
echo .
echo OpenSSL directory exists on %2 - it will be removed!
pause
rmdir %2\openssl /s /q
:do_copy
rem make an "openssl" directory and others at the root of the NetWare drive
mkdir %2\openssl
mkdir %2\openssl\test_out
mkdir %2\openssl\apps
mkdir %2\openssl\certs
mkdir %2\openssl\test
rem copy the test nlms
copy %loc%\%1\*.nlm %2\openssl\
rem copy the test perl script
copy %loc%\netware\do_tests.pl %2\openssl\
rem copy the certs directory stuff
xcopy %loc%\certs\*.* %2\openssl\certs\ /s
rem copy the test directory stuff
copy %loc%\test\CAss.cnf %2\openssl\test\
copy %loc%\test\Uss.cnf %2\openssl\test\
copy %loc%\test\pkcs7.pem %2\openssl\test\
copy %loc%\test\pkcs7-1.pem %2\openssl\test\
copy %loc%\test\testcrl.pem %2\openssl\test\
copy %loc%\test\testp7.pem %2\openssl\test\
copy %loc%\test\testreq2.pem %2\openssl\test\
copy %loc%\test\testrsa.pem %2\openssl\test\
copy %loc%\test\testsid.pem %2\openssl\test\
copy %loc%\test\testx509.pem %2\openssl\test\
copy %loc%\test\v3-cert1.pem %2\openssl\test\
copy %loc%\test\v3-cert2.pem %2\openssl\test\
copy %loc%\crypto\evp\evptests.txt %2\openssl\test\
rem copy the apps directory stuff
copy %loc%\apps\client.pem %2\openssl\apps\
copy %loc%\apps\server.pem %2\openssl\apps\
copy %loc%\apps\openssl.cnf %2\openssl\apps\
echo .
echo Tests copied
echo Run the test script at the console by typing:
echo "Perl \openssl\do_tests.pl"
echo .
echo Make sure the Search path includes the OpenSSL subdirectory
goto end
:invalid_dir
echo.
echo Invalid build directory specified: %1
echo.
goto usage
:invalid_drive
echo.
echo Invalid drive: %2
echo.
goto usage
:usage
echo.
echo usage: cpy_tests.bat [test subdirectory] [NetWare drive]
echo [test subdirectory] - out_nw_clib.dbg, out_nw_libc.dbg, etc.
echo [NetWare drive] - any mapped drive letter
echo.
echo example: cpy_test out_nw_clib.dbg M:
echo (copy from clib debug build area to M: drive)
:end

624
deps/openssl/openssl/Netware/do_tests.pl vendored
View file

@ -1,624 +0,0 @@
# perl script to run OpenSSL tests
my $base_path = "\\openssl";
my $output_path = "$base_path\\test_out";
my $cert_path = "$base_path\\certs";
my $test_path = "$base_path\\test";
my $app_path = "$base_path\\apps";
my $tmp_cert = "$output_path\\cert.tmp";
my $OpenSSL_config = "$app_path\\openssl.cnf";
my $log_file = "$output_path\\tests.log";
my $pause = 0;
# process the command line args to see if they wanted us to pause
# between executing each command
foreach $i (@ARGV)
{
if ($i =~ /^-p$/)
{ $pause=1; }
}
main();
############################################################################
sub main()
{
# delete all the output files in the output directory
unlink <$output_path\\*.*>;
# open the main log file
open(OUT, ">$log_file") || die "unable to open $log_file\n";
print( OUT "========================================================\n");
my $outFile = "$output_path\\version.out";
system("openssl2 version (CLIB_OPT)/>$outFile");
log_output("CHECKING FOR OPENSSL VERSION:", $outFile);
algorithm_tests();
encryption_tests();
evp_tests();
pem_tests();
verify_tests();
ca_tests();
ssl_tests();
close(OUT);
print("\nCompleted running tests.\n\n");
print("Check log file for errors: $log_file\n");
}
############################################################################
sub algorithm_tests
{
my $i;
my $outFile;
my @tests = ( rsa_test, destest, ideatest, bftest, bntest, shatest, sha1test,
sha256t, sha512t, dsatest, md2test, md4test, md5test, mdc2test,
rc2test, rc4test, rc5test, randtest, rmdtest, dhtest, ecdhtest,
ecdsatest, ectest, exptest, casttest, hmactest );
print( "\nRUNNING CRYPTO ALGORITHM TESTS:\n\n");
print( OUT "\n========================================================\n");
print( OUT "CRYPTO ALGORITHM TESTS:\n\n");
foreach $i (@tests)
{
if (-e "$base_path\\$i.nlm")
{
$outFile = "$output_path\\$i.out";
system("$i (CLIB_OPT)/>$outFile");
log_desc("Test: $i\.nlm:");
log_output("", $outFile );
}
else
{
log_desc("Test: $i\.nlm: file not found");
}
}
}
############################################################################
sub encryption_tests
{
my $i;
my $outFile;
my @enc_tests = ( "enc", "rc4", "des-cfb", "des-ede-cfb", "des-ede3-cfb",
"des-ofb", "des-ede-ofb", "des-ede3-ofb",
"des-ecb", "des-ede", "des-ede3", "des-cbc",
"des-ede-cbc", "des-ede3-cbc", "idea-ecb", "idea-cfb",
"idea-ofb", "idea-cbc", "rc2-ecb", "rc2-cfb",
"rc2-ofb", "rc2-cbc", "bf-ecb", "bf-cfb",
"bf-ofb", "bf-cbc" );
my $input = "$base_path\\do_tests.pl";
my $cipher = "$output_path\\cipher.out";
my $clear = "$output_path\\clear.out";
print( "\nRUNNING ENCRYPTION & DECRYPTION TESTS:\n\n");
print( OUT "\n========================================================\n");
print( OUT "FILE ENCRYPTION & DECRYPTION TESTS:\n\n");
foreach $i (@enc_tests)
{
log_desc("Testing: $i");
# do encryption
$outFile = "$output_path\\enc.out";
system("openssl2 $i -e -bufsize 113 -k test -in $input -out $cipher (CLIB_OPT)/>$outFile" );
log_output("Encrypting: $input --> $cipher", $outFile);
# do decryption
$outFile = "$output_path\\dec.out";
system("openssl2 $i -d -bufsize 157 -k test -in $cipher -out $clear (CLIB_OPT)/>$outFile");
log_output("Decrypting: $cipher --> $clear", $outFile);
# compare files
$x = compare_files( $input, $clear, 1);
if ( $x == 0 )
{
print( "\rSUCCESS - files match: $input, $clear\n");
print( OUT "SUCCESS - files match: $input, $clear\n");
}
else
{
print( "\rERROR: files don't match\n");
print( OUT "ERROR: files don't match\n");
}
do_wait();
# Now do the same encryption but use Base64
# do encryption B64
$outFile = "$output_path\\B64enc.out";
system("openssl2 $i -a -e -bufsize 113 -k test -in $input -out $cipher (CLIB_OPT)/>$outFile");
log_output("Encrypting(B64): $cipher --> $clear", $outFile);
# do decryption B64
$outFile = "$output_path\\B64dec.out";
system("openssl2 $i -a -d -bufsize 157 -k test -in $cipher -out $clear (CLIB_OPT)/>$outFile");
log_output("Decrypting(B64): $cipher --> $clear", $outFile);
# compare files
$x = compare_files( $input, $clear, 1);
if ( $x == 0 )
{
print( "\rSUCCESS - files match: $input, $clear\n");
print( OUT "SUCCESS - files match: $input, $clear\n");
}
else
{
print( "\rERROR: files don't match\n");
print( OUT "ERROR: files don't match\n");
}
do_wait();
} # end foreach
# delete the temporary files
unlink($cipher);
unlink($clear);
}
############################################################################
sub pem_tests
{
my $i;
my $tmp_out;
my $outFile = "$output_path\\pem.out";
my %pem_tests = (
"crl" => "testcrl.pem",
"pkcs7" => "testp7.pem",
"req" => "testreq2.pem",
"rsa" => "testrsa.pem",
"x509" => "testx509.pem",
"x509" => "v3-cert1.pem",
"sess_id" => "testsid.pem" );
print( "\nRUNNING PEM TESTS:\n\n");
print( OUT "\n========================================================\n");
print( OUT "PEM TESTS:\n\n");
foreach $i (keys(%pem_tests))
{
log_desc( "Testing: $i");
my $input = "$test_path\\$pem_tests{$i}";
$tmp_out = "$output_path\\$pem_tests{$i}";
if ($i ne "req" )
{
system("openssl2 $i -in $input -out $tmp_out (CLIB_OPT)/>$outFile");
log_output( "openssl2 $i -in $input -out $tmp_out", $outFile);
}
else
{
system("openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config (CLIB_OPT)/>$outFile");
log_output( "openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config", $outFile );
}
$x = compare_files( $input, $tmp_out);
if ( $x == 0 )
{
print( "\rSUCCESS - files match: $input, $tmp_out\n");
print( OUT "SUCCESS - files match: $input, $tmp_out\n");
}
else
{
print( "\rERROR: files don't match\n");
print( OUT "ERROR: files don't match\n");
}
do_wait();
} # end foreach
}
############################################################################
sub verify_tests
{
my $i;
my $outFile = "$output_path\\verify.out";
$cert_path =~ s/\\/\//g;
my @cert_files = <$cert_path/*.pem>;
print( "\nRUNNING VERIFY TESTS:\n\n");
print( OUT "\n========================================================\n");
print( OUT "VERIFY TESTS:\n\n");
make_tmp_cert_file();
foreach $i (@cert_files)
{
system("openssl2 verify -CAfile $tmp_cert $i (CLIB_OPT)/>$outFile");
log_desc("Verifying cert: $i");
log_output("openssl2 verify -CAfile $tmp_cert $i", $outFile);
}
}
############################################################################
sub ssl_tests
{
my $outFile = "$output_path\\ssl_tst.out";
my($CAcert) = "$output_path\\certCA.ss";
my($Ukey) = "$output_path\\keyU.ss";
my($Ucert) = "$output_path\\certU.ss";
my($ssltest)= "ssltest -key $Ukey -cert $Ucert -c_key $Ukey -c_cert $Ucert -CAfile $CAcert";
print( "\nRUNNING SSL TESTS:\n\n");
print( OUT "\n========================================================\n");
print( OUT "SSL TESTS:\n\n");
system("ssltest -ssl2 (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2:");
log_output("ssltest -ssl2", $outFile);
system("$ssltest -ssl2 -server_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2 with server authentication:");
log_output("$ssltest -ssl2 -server_auth", $outFile);
system("$ssltest -ssl2 -client_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2 with client authentication:");
log_output("$ssltest -ssl2 -client_auth", $outFile);
system("$ssltest -ssl2 -server_auth -client_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2 with both client and server authentication:");
log_output("$ssltest -ssl2 -server_auth -client_auth", $outFile);
system("ssltest -ssl3 (CLIB_OPT)/>$outFile");
log_desc("Testing sslv3:");
log_output("ssltest -ssl3", $outFile);
system("$ssltest -ssl3 -server_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv3 with server authentication:");
log_output("$ssltest -ssl3 -server_auth", $outFile);
system("$ssltest -ssl3 -client_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv3 with client authentication:");
log_output("$ssltest -ssl3 -client_auth", $outFile);
system("$ssltest -ssl3 -server_auth -client_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv3 with both client and server authentication:");
log_output("$ssltest -ssl3 -server_auth -client_auth", $outFile);
system("ssltest (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2/sslv3:");
log_output("ssltest", $outFile);
system("$ssltest -server_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2/sslv3 with server authentication:");
log_output("$ssltest -server_auth", $outFile);
system("$ssltest -client_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2/sslv3 with client authentication:");
log_output("$ssltest -client_auth ", $outFile);
system("$ssltest -server_auth -client_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2/sslv3 with both client and server authentication:");
log_output("$ssltest -server_auth -client_auth", $outFile);
system("ssltest -bio_pair -ssl2 (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2 via BIO pair:");
log_output("ssltest -bio_pair -ssl2", $outFile);
system("ssltest -bio_pair -dhe1024dsa -v (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2/sslv3 with 1024 bit DHE via BIO pair:");
log_output("ssltest -bio_pair -dhe1024dsa -v", $outFile);
system("$ssltest -bio_pair -ssl2 -server_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2 with server authentication via BIO pair:");
log_output("$ssltest -bio_pair -ssl2 -server_auth", $outFile);
system("$ssltest -bio_pair -ssl2 -client_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2 with client authentication via BIO pair:");
log_output("$ssltest -bio_pair -ssl2 -client_auth", $outFile);
system("$ssltest -bio_pair -ssl2 -server_auth -client_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2 with both client and server authentication via BIO pair:");
log_output("$ssltest -bio_pair -ssl2 -server_auth -client_auth", $outFile);
system("ssltest -bio_pair -ssl3 (CLIB_OPT)/>$outFile");
log_desc("Testing sslv3 via BIO pair:");
log_output("ssltest -bio_pair -ssl3", $outFile);
system("$ssltest -bio_pair -ssl3 -server_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv3 with server authentication via BIO pair:");
log_output("$ssltest -bio_pair -ssl3 -server_auth", $outFile);
system("$ssltest -bio_pair -ssl3 -client_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv3 with client authentication via BIO pair:");
log_output("$ssltest -bio_pair -ssl3 -client_auth", $outFile);
system("$ssltest -bio_pair -ssl3 -server_auth -client_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv3 with both client and server authentication via BIO pair:");
log_output("$ssltest -bio_pair -ssl3 -server_auth -client_auth", $outFile);
system("ssltest -bio_pair (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2/sslv3 via BIO pair:");
log_output("ssltest -bio_pair", $outFile);
system("$ssltest -bio_pair -server_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2/sslv3 with server authentication via BIO pair:");
log_output("$ssltest -bio_pair -server_auth", $outFile);
system("$ssltest -bio_pair -client_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2/sslv3 with client authentication via BIO pair:");
log_output("$ssltest -bio_pair -client_auth", $outFile);
system("$ssltest -bio_pair -server_auth -client_auth (CLIB_OPT)/>$outFile");
log_desc("Testing sslv2/sslv3 with both client and server authentication via BIO pair:");
log_output("$ssltest -bio_pair -server_auth -client_auth", $outFile);
}
############################################################################
sub ca_tests
{
my $outFile = "$output_path\\ca_tst.out";
my($CAkey) = "$output_path\\keyCA.ss";
my($CAcert) = "$output_path\\certCA.ss";
my($CAserial) = "$output_path\\certCA.srl";
my($CAreq) = "$output_path\\reqCA.ss";
my($CAreq2) = "$output_path\\req2CA.ss";
my($CAconf) = "$test_path\\CAss.cnf";
my($Uconf) = "$test_path\\Uss.cnf";
my($Ukey) = "$output_path\\keyU.ss";
my($Ureq) = "$output_path\\reqU.ss";
my($Ucert) = "$output_path\\certU.ss";
print( "\nRUNNING CA TESTS:\n\n");
print( OUT "\n========================================================\n");
print( OUT "CA TESTS:\n");
system("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new (CLIB_OPT)/>$outFile");
log_desc("Make a certificate request using req:");
log_output("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new", $outFile);
system("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey (CLIB_OPT)/>$outFile");
log_desc("Convert the certificate request into a self signed certificate using x509:");
log_output("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey", $outFile);
system("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 (CLIB_OPT)/>$outFile");
log_desc("Convert a certificate into a certificate request using 'x509':");
log_output("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2", $outFile);
system("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout (CLIB_OPT)/>$outFile");
log_output("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout", $outFile);
system("openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout (CLIB_OPT)/>$outFile");
log_output( "openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout", $outFile);
system("openssl2 verify -CAfile $CAcert $CAcert (CLIB_OPT)/>$outFile");
log_output("openssl2 verify -CAfile $CAcert $CAcert", $outFile);
system("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new (CLIB_OPT)/>$outFile");
log_desc("Make another certificate request using req:");
log_output("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new", $outFile);
system("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial (CLIB_OPT)/>$outFile");
log_desc("Sign certificate request with the just created CA via x509:");
log_output("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial", $outFile);
system("openssl2 verify -CAfile $CAcert $Ucert (CLIB_OPT)/>$outFile");
log_output("openssl2 verify -CAfile $CAcert $Ucert", $outFile);
system("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert (CLIB_OPT)/>$outFile");
log_desc("Certificate details");
log_output("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert", $outFile);
print(OUT "--\n");
print(OUT "The generated CA certificate is $CAcert\n");
print(OUT "The generated CA private key is $CAkey\n");
print(OUT "The current CA signing serial number is in $CAserial\n");
print(OUT "The generated user certificate is $Ucert\n");
print(OUT "The generated user private key is $Ukey\n");
print(OUT "--\n");
}
############################################################################
sub evp_tests
{
my $i = 'evp_test';
print( "\nRUNNING EVP TESTS:\n\n");
print( OUT "\n========================================================\n");
print( OUT "EVP TESTS:\n\n");
if (-e "$base_path\\$i.nlm")
{
my $outFile = "$output_path\\$i.out";
system("$i $test_path\\evptests.txt (CLIB_OPT)/>$outFile");
log_desc("Test: $i\.nlm:");
log_output("", $outFile );
}
else
{
log_desc("Test: $i\.nlm: file not found");
}
}
############################################################################
sub log_output( $ $ )
{
my( $desc, $file ) = @_;
my($error) = 0;
my($key);
my($msg);
if ($desc)
{
print("\r$desc\n");
print(OUT "$desc\n");
}
# loop waiting for test program to complete
while ( stat($file) == 0)
{ print(". "); sleep(1); }
# copy test output to log file
open(IN, "<$file");
while (<IN>)
{
print(OUT $_);
if ( $_ =~ /ERROR/ )
{
$error = 1;
}
}
# close and delete the temporary test output file
close(IN);
unlink($file);
if ( $error == 0 )
{
$msg = "Test Succeeded";
}
else
{
$msg = "Test Failed";
}
print(OUT "$msg\n");
if ($pause)
{
print("$msg - press ENTER to continue...");
$key = getc;
print("\n");
}
# Several of the testing scripts run a loop loading the
# same NLM with different options.
# On slow NetWare machines there appears to be some delay in the
# OS actually unloading the test nlms and the OS complains about.
# the NLM already being loaded. This additional pause is to
# to help provide a little more time for unloading before trying to
# load again.
sleep(1);
}
############################################################################
sub log_desc( $ )
{
my( $desc ) = @_;
print("\n");
print("$desc\n");
print(OUT "\n");
print(OUT "$desc\n");
print(OUT "======================================\n");
}
############################################################################
sub compare_files( $ $ $ )
{
my( $file1, $file2, $binary ) = @_;
my( $n1, $n2, $b1, $b2 );
my($ret) = 1;
open(IN0, $file1) || die "\nunable to open $file1\n";
open(IN1, $file2) || die "\nunable to open $file2\n";
if ($binary)
{
binmode IN0;
binmode IN1;
}
for (;;)
{
$n1 = read(IN0, $b1, 512);
$n2 = read(IN1, $b2, 512);
if ($n1 != $n2) {last;}
if ($b1 != $b2) {last;}
if ($n1 == 0)
{
$ret = 0;
last;
}
}
close(IN0);
close(IN1);
return($ret);
}
############################################################################
sub do_wait()
{
my($key);
if ($pause)
{
print("Press ENTER to continue...");
$key = getc;
print("\n");
}
}
############################################################################
sub make_tmp_cert_file()
{
my @cert_files = <$cert_path/*.pem>;
# delete the file if it already exists
unlink($tmp_cert);
open( TMP_CERT, ">$tmp_cert") || die "\nunable to open $tmp_cert\n";
print("building temporary cert file\n");
# create a temporary cert file that contains all the certs
foreach $i (@cert_files)
{
open( IN_CERT, $i ) || die "\nunable to open $i\n";
for(;;)
{
$n = sysread(IN_CERT, $data, 1024);
if ($n == 0)
{
close(IN_CERT);
last;
};
syswrite(TMP_CERT, $data, $n);
}
}
close( TMP_CERT );
}

254
deps/openssl/openssl/Netware/globals.txt vendored
View file

@ -1,254 +0,0 @@
An initial review of the OpenSSL code was done to determine how many
global variables where present. The idea was to determine the amount of
work required to pull the globals into an instance data structure in
order to build a Library NLM for NetWare. This file contains the results
of the review. Each file is listed along with the globals in the file.
The initial review was done very quickly so this list is probably
not a comprehensive list.
cryptlib.c
===========================================
static STACK *app_locks=NULL;
static STACK_OF(CRYPTO_dynlock) *dyn_locks=NULL;
static void (MS_FAR *locking_callback)(int mode,int type,
const char *file,int line)=NULL;
static int (MS_FAR *add_lock_callback)(int *pointer,int amount,
int type,const char *file,int line)=NULL;
static unsigned long (MS_FAR *id_callback)(void)=NULL;
static struct CRYPTO_dynlock_value *(MS_FAR *dynlock_create_callback)
(const char *file,int line)=NULL;
static void (MS_FAR *dynlock_lock_callback)(int mode,
struct CRYPTO_dynlock_value *l, const char *file,int line)=NULL;
static void (MS_FAR *dynlock_destroy_callback)(struct CRYPTO_dynlock_value *l,
const char *file,int line)=NULL;
mem.c
===========================================
static int allow_customize = 1; /* we provide flexible functions for */
static int allow_customize_debug = 1;/* exchanging memory-related functions at
/* may be changed as long as `allow_customize' is set */
static void *(*malloc_locked_func)(size_t) = malloc;
static void (*free_locked_func)(void *) = free;
static void *(*malloc_func)(size_t) = malloc;
static void *(*realloc_func)(void *, size_t)= realloc;
static void (*free_func)(void *) = free;
/* use default functions from mem_dbg.c */
static void (*malloc_debug_func)(void *,int,const char *,int,int)
= CRYPTO_dbg_malloc;
static void (*realloc_debug_func)(void *,void *,int,const char *,int,int)
= CRYPTO_dbg_realloc;
static void (*free_debug_func)(void *,int) = CRYPTO_dbg_free;
static void (*set_debug_options_func)(long) = CRYPTO_dbg_set_options;
static long (*get_debug_options_func)(void) = CRYPTO_dbg_get_options;
mem_dbg.c
===========================================
static int mh_mode=CRYPTO_MEM_CHECK_OFF;
static unsigned long order = 0; /* number of memory requests */
static LHASH *mh=NULL; /* hash-table of memory requests (address as key) */
static LHASH *amih=NULL; /* hash-table with those app_mem_info_st's */
static long options = /* extra information to be recorded */
static unsigned long disabling_thread = 0;
err.c
===========================================
static LHASH *error_hash=NULL;
static LHASH *thread_hash=NULL;
several files have routines with static "init" to track if error strings
have been loaded ( may not want seperate error strings for each process )
The "init" variable can't be left "global" because the error has is a ptr
that is malloc'ed. The malloc'ed error has is dependant on the "init"
vars.
files:
pem_err.c
cpt_err.c
pk12err.c
asn1_err.c
bio_err.c
bn_err.c
buf_err.c
comp_err.c
conf_err.c
cpt_err.c
dh_err.c
dsa_err.c
dso_err.c
evp_err.c
obj_err.c
pkcs7err.c
rand_err.c
rsa_err.c
rsar_err.c
ssl_err.c
x509_err.c
v3err.c
err.c
These file have similar "init" globals but they are for other stuff not
error strings:
bn_lib.c
ecc_enc.c
s23_clnt.c
s23_meth.c
s23_srvr.c
s2_clnt.c
s2_lib.c
s2_meth.c
s2_srvr.c
s3_clnt.c
s3_lib.c
s3_srvr.c
t1_clnt.c
t1_meth.c
t1_srvr.c
rand_lib.c
===========================================
static RAND_METHOD *rand_meth= &rand_ssleay_meth;
md_rand.c
===========================================
static int state_num=0,state_index=0;
static unsigned char state[STATE_SIZE+MD_DIGEST_LENGTH];
static unsigned char md[MD_DIGEST_LENGTH];
static long md_count[2]={0,0};
static double entropy=0;
static int initialized=0;
/* This should be set to 1 only when ssleay_rand_add() is called inside
an already locked state, so it doesn't try to lock and thereby cause
a hang. And it should always be reset back to 0 before unlocking. */
static int add_do_not_lock=0;
obj_dat.c
============================================
static int new_nid=NUM_NID;
static LHASH *added=NULL;
b_sock.c
===========================================
static unsigned long BIO_ghbn_hits=0L;
static unsigned long BIO_ghbn_miss=0L;
static struct ghbn_cache_st
{
char name[129];
struct hostent *ent;
unsigned long order;
} ghbn_cache[GHBN_NUM];
static int wsa_init_done=0;
bio_lib.c
===========================================
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *bio_meth=NULL;
static int bio_meth_num=0;
bn_lib.c
========================================
static int bn_limit_bits=0;
static int bn_limit_num=8; /* (1<<bn_limit_bits) */
static int bn_limit_bits_low=0;
static int bn_limit_num_low=8; /* (1<<bn_limit_bits_low) */
static int bn_limit_bits_high=0;
static int bn_limit_num_high=8; /* (1<<bn_limit_bits_high) */
static int bn_limit_bits_mont=0;
static int bn_limit_num_mont=8; /* (1<<bn_limit_bits_mont) */
conf_lib.c
========================================
static CONF_METHOD *default_CONF_method=NULL;
dh_lib.c
========================================
static DH_METHOD *default_DH_method;
static int dh_meth_num = 0;
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dh_meth = NULL;
dsa_lib.c
========================================
static DSA_METHOD *default_DSA_method;
static int dsa_meth_num = 0;
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dsa_meth = NULL;
dso_lib.c
========================================
static DSO_METHOD *default_DSO_meth = NULL;
rsa_lib.c
========================================
static RSA_METHOD *default_RSA_meth=NULL;
static int rsa_meth_num=0;
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *rsa_meth=NULL;
x509_trs.c
=======================================
static int (*default_trust)(int id, X509 *x, int flags) = obj_trust;
static STACK_OF(X509_TRUST) *trtable = NULL;
x509_req.c
=======================================
static int *ext_nids = ext_nid_list;
o_names.c
======================================
static LHASH *names_lh=NULL;
static STACK_OF(NAME_FUNCS) *name_funcs_stack;
static int free_type;
static int names_type_num=OBJ_NAME_TYPE_NUM;
th-lock.c - NEED to add support for locking for NetWare
==============================================
static long *lock_count;
(other platform specific globals)
x_x509.c
==============================================
static int x509_meth_num = 0;
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_meth = NULL;
evp_pbe.c
============================================
static STACK *pbe_algs;
evp_key.c
============================================
static char prompt_string[80];
ssl_ciph.c
============================================
static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
ssl_lib.c
=============================================
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_meth=NULL;
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_ctx_meth=NULL;
static int ssl_meth_num=0;
static int ssl_ctx_meth_num=0;
ssl_sess.c
=============================================
static int ssl_session_num=0;
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_session_meth=NULL;
x509_vfy.c
============================================
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_store_ctx_method=NULL;
static int x509_store_ctx_num=0;

19
deps/openssl/openssl/Netware/readme.txt vendored
View file

@ -1,19 +0,0 @@
Contents of the openssl\netware directory
==========================================
Regular files:
readme.txt - this file
do_tests.pl - perl script used to run the OpenSSL tests on NetWare
cpy_tests.bat - batch to to copy test stuff to NetWare server
build.bat - batch file to help with builds
set_env.bat - batch file to help setup build environments
globals.txt - results of initial code review to identify OpenSSL global variables
The following files are generated by the various scripts. They are
recreated each time and it is okay to delete them.
*.def - command files used by Metrowerks linker
*.mak - make files generated by mk1mf.pl

112
deps/openssl/openssl/Netware/set_env.bat vendored
View file

@ -1,112 +0,0 @@
@echo off
rem ========================================================================
rem Batch file to assist in setting up the necessary enviroment for
rem building OpenSSL for NetWare.
rem
rem usage:
rem set_env [target]
rem
rem target - "netware-clib" - Clib build
rem - "netware-libc" - LibC build
rem
rem
if "a%1" == "a" goto usage
set LIBC_BUILD=
set CLIB_BUILD=
set GNUC=
if "%1" == "netware-clib" set CLIB_BUILD=Y
if "%1" == "netware-clib" set LIBC_BUILD=
if "%1" == "netware-libc" set LIBC_BUILD=Y
if "%1" == "netware-libc" set CLIB_BUILD=
if "%2" == "gnuc" set GNUC=Y
if "%2" == "codewarrior" set GNUC=
rem Location of tools (compiler, linker, etc)
if "%NDKBASE%" == "" set NDKBASE=c:\Novell
rem If Perl for Win32 is not already in your path, add it here
set PERL_PATH=
rem Define path to the Metrowerks command line tools
rem or GNU Crosscompiler gcc / nlmconv
rem ( compiler, assembler, linker)
if "%GNUC%" == "Y" set COMPILER_PATH=c:\usr\i586-netware\bin;c:\usr\bin
if "%GNUC%" == "" set COMPILER_PATH=c:\prg\cwcmdl40
rem If using gnu make define path to utility
rem set GNU_MAKE_PATH=%NDKBASE%\gnu
set GNU_MAKE_PATH=c:\prg\tools
rem If using ms nmake define path to nmake
rem set MS_NMAKE_PATH=%NDKBASE%\msvc\600\bin
rem If using NASM assembler define path
rem set NASM_PATH=%NDKBASE%\nasm
set NASM_PATH=c:\prg\tools
rem Update path to include tool paths
set path=%path%;%COMPILER_PATH%
if not "%GNU_MAKE_PATH%" == "" set path=%path%;%GNU_MAKE_PATH%
if not "%MS_NMAKE_PATH%" == "" set path=%path%;%MS_NMAKE_PATH%
if not "%NASM_PATH%" == "" set path=%path%;%NASM_PATH%
if not "%PERL_PATH%" == "" set path=%path%;%PERL_PATH%
rem Set INCLUDES to location of Novell NDK includes
if "%LIBC_BUILD%" == "Y" set INCLUDE=%NDKBASE%\ndk\libc\include;%NDKBASE%\ndk\libc\include\winsock
if "%CLIB_BUILD%" == "Y" set INCLUDE=%NDKBASE%\ndk\nwsdk\include\nlm;%NDKBASE%\ws295sdk\include
rem Set Imports to location of Novell NDK import files
if "%LIBC_BUILD%" == "Y" set IMPORTS=%NDKBASE%\ndk\libc\imports
if "%CLIB_BUILD%" == "Y" set IMPORTS=%NDKBASE%\ndk\nwsdk\imports
rem Set PRELUDE to the absolute path of the prelude object to link with in
rem the Metrowerks NetWare PDK - NOTE: for Clib builds "clibpre.o" is
rem recommended, for LibC NKS builds libcpre.o must be used
if "%GNUC%" == "Y" goto gnuc
if "%LIBC_BUILD%" == "Y" set PRELUDE=%IMPORTS%\libcpre.o
rem if "%CLIB_BUILD%" == "Y" set PRELUDE=%IMPORTS%\clibpre.o
if "%CLIB_BUILD%" == "Y" set PRELUDE=%IMPORTS%\prelude.o
echo using MetroWerks CodeWarrior
goto info
:gnuc
if "%LIBC_BUILD%" == "Y" set PRELUDE=%IMPORTS%\libcpre.gcc.o
rem if "%CLIB_BUILD%" == "Y" set PRELUDE=%IMPORTS%\clibpre.gcc.o
if "%CLIB_BUILD%" == "Y" set PRELUDE=%IMPORTS%\prelude.gcc.o
echo using GNU GCC Compiler
:info
echo.
if "%LIBC_BUILD%" == "Y" echo Enviroment configured for LibC build
if "%LIBC_BUILD%" == "Y" echo use "netware\build.bat netware-libc ..."
if "%CLIB_BUILD%" == "Y" echo Enviroment configured for CLib build
if "%CLIB_BUILD%" == "Y" echo use "netware\build.bat netware-clib ..."
goto end
:usage
rem ===============================================================
echo.
echo No target build specified!
echo.
echo usage: set_env [target] [compiler]
echo.
echo target - "netware-clib" - Clib build
echo - "netware-libc" - LibC build
echo.
echo compiler - "gnuc" - GNU GCC Compiler
echo - "codewarrior" - MetroWerks CodeWarrior (default)
echo.
:end
echo.

213
deps/openssl/openssl/PROBLEMS vendored
View file

@ -1,213 +0,0 @@
* System libcrypto.dylib and libssl.dylib are used by system ld on MacOS X.
NOTE: The problem described here only applies when OpenSSL isn't built
with shared library support (i.e. without the "shared" configuration
option). If you build with shared library support, you will have no
problems as long as you set up DYLD_LIBRARY_PATH properly at all times.
This is really a misfeature in ld, which seems to look for .dylib libraries
along the whole library path before it bothers looking for .a libraries. This
means that -L switches won't matter unless OpenSSL is built with shared
library support.
The workaround may be to change the following lines in apps/Makefile and
test/Makefile:
LIBCRYPTO=-L.. -lcrypto
LIBSSL=-L.. -lssl
to:
LIBCRYPTO=../libcrypto.a
LIBSSL=../libssl.a
It's possible that something similar is needed for shared library support
as well. That hasn't been well tested yet.
Another solution that many seem to recommend is to move the libraries
/usr/lib/libcrypto.0.9.dylib, /usr/lib/libssl.0.9.dylib to a different
directory, build and install OpenSSL and anything that depends on your
build, then move libcrypto.0.9.dylib and libssl.0.9.dylib back to their
original places. Note that the version numbers on those two libraries
may differ on your machine.
As long as Apple doesn't fix the problem with ld, this problem building
OpenSSL will remain as is. Well, the problem was addressed in 0.9.8f by
passing -Wl,-search_paths_first, but it's unknown if the flag was
supported from the initial MacOS X release.
* Parallell make leads to errors
While running tests, running a parallell make is a bad idea. Many test
scripts use the same name for output and input files, which means different
will interfere with each other and lead to test failure.
The solution is simple for now: don't run parallell make when testing.
* Bugs in gcc triggered
- According to a problem report, there are bugs in gcc 3.0 that are
triggered by some of the code in OpenSSL, more specifically in
PEM_get_EVP_CIPHER_INFO(). The triggering code is the following:
header+=11;
if (*header != '4') return(0); header++;
if (*header != ',') return(0); header++;
What happens is that gcc might optimize a little too agressively, and
you end up with an extra incrementation when *header != '4'.
We recommend that you upgrade gcc to as high a 3.x version as you can.
- According to multiple problem reports, some of our message digest
implementations trigger bug[s] in code optimizer in gcc 3.3 for sparc64
and gcc 2.96 for ppc. Former fails to complete RIPEMD160 test, while
latter - SHA one.
The recomendation is to upgrade your compiler. This naturally applies to
other similar cases.
- There is a subtle Solaris x86-specific gcc run-time environment bug, which
"falls between" OpenSSL [0.9.8 and later], Solaris ld and GCC. The bug
manifests itself as Segmentation Fault upon early application start-up.
The problem can be worked around by patching the environment according to
http://www.openssl.org/~appro/values.c.
* solaris64-sparcv9-cc SHA-1 performance with WorkShop 6 compiler.
As subject suggests SHA-1 might perform poorly (4 times slower)
if compiled with WorkShop 6 compiler and -xarch=v9. The cause for
this seems to be the fact that compiler emits multiplication to
perform shift operations:-( To work the problem around configure
with './Configure solaris64-sparcv9-cc -DMD32_REG_T=int'.
* Problems with hp-parisc2-cc target when used with "no-asm" flag
When using the hp-parisc2-cc target, wrong bignum code is generated.
This is due to the SIXTY_FOUR_BIT build being compiled with the +O3
aggressive optimization.
The problem manifests itself by the BN_kronecker test hanging in an
endless loop. Reason: the BN_kronecker test calls BN_generate_prime()
which itself hangs. The reason could be tracked down to the bn_mul_comba8()
function in bn_asm.c. At some occasions the higher 32bit value of r[7]
is off by 1 (meaning: calculated=shouldbe+1). Further analysis failed,
as no debugger support possible at +O3 and additional fprintf()'s
introduced fixed the bug, therefore it is most likely a bug in the
optimizer.
The bug was found in the BN_kronecker test but may also lead to
failures in other parts of the code.
(See Ticket #426.)
Workaround: modify the target to +O2 when building with no-asm.
* Problems building shared libraries on SCO OpenServer Release 5.0.6
with gcc 2.95.3
The symptoms appear when running the test suite, more specifically
test/ectest, with the following result:
OSSL_LIBPATH="`cd ..; pwd`"; LD_LIBRARY_PATH="$OSSL_LIBPATH:$LD_LIBRARY_PATH"; DYLD_LIBRARY_PATH="$OSSL_LIBPATH:$DYLD_LIBRARY_PATH"; SHLIB_PATH="$OSSL_LIBPATH:$SHLIB_PATH"; LIBPATH="$OSSL_LIBPATH:$LIBPATH"; if [ "debug-sco5-gcc" = "Cygwin" ]; then PATH="${LIBPATH}:$PATH"; fi; export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; ./ectest
ectest.c:186: ABORT
The cause of the problem seems to be that isxdigit(), called from
BN_hex2bn(), returns 0 on a perfectly legitimate hex digit. Further
investigation shows that any of the isxxx() macros return 0 on any
input. A direct look in the information array that the isxxx() use,
called __ctype, shows that it contains all zeroes...
Taking a look at the newly created libcrypto.so with nm, one can see
that the variable __ctype is defined in libcrypto's .bss (which
explains why it is filled with zeroes):
$ nm -Pg libcrypto.so | grep __ctype
__ctype B 0011659c
__ctype2 U
Curiously, __ctype2 is undefined, in spite of being declared in
/usr/include/ctype.h in exactly the same way as __ctype.
Any information helping to solve this issue would be deeply
appreciated.
NOTE: building non-shared doesn't come with this problem.
* ULTRIX build fails with shell errors, such as "bad substitution"
and "test: argument expected"
The problem is caused by ULTRIX /bin/sh supporting only original
Bourne shell syntax/semantics, and the trouble is that the vast
majority is so accustomed to more modern syntax, that very few
people [if any] would recognize the ancient syntax even as valid.
This inevitably results in non-trivial scripts breaking on ULTRIX,
and OpenSSL isn't an exclusion. Fortunately there is workaround,
hire /bin/ksh to do the job /bin/sh fails to do.
1. Trick make(1) to use /bin/ksh by setting up following environ-
ment variables *prior* you execute ./Configure and make:
PROG_ENV=POSIX
MAKESHELL=/bin/ksh
export PROG_ENV MAKESHELL
or if your shell is csh-compatible:
setenv PROG_ENV POSIX
setenv MAKESHELL /bin/ksh
2. Trick /bin/sh to use alternative expression evaluator. Create
following 'test' script for example in /tmp:
#!/bin/ksh
${0##*/} "$@"
Then 'chmod a+x /tmp/test; ln /tmp/test /tmp/[' and *prepend*
your $PATH with chosen location, e.g. PATH=/tmp:$PATH. Alter-
natively just replace system /bin/test and /bin/[ with the
above script.
* hpux64-ia64-cc fails blowfish test.
Compiler bug, presumably at particular patch level. It should be noted
that same compiler generates correct 32-bit code, a.k.a. hpux-ia64-cc
target. Drop optimization level to +O2 when compiling 64-bit bf_skey.o.
* no-engines generates errors.
Unfortunately, the 'no-engines' configuration option currently doesn't
work properly. Use 'no-hw' and you'll will at least get no hardware
support. We'll see how we fix that on OpenSSL versions past 0.9.8.
* 'make test' fails in BN_sqr [commonly with "error 139" denoting SIGSEGV]
if elder GNU binutils were deployed to link shared libcrypto.so.
As subject suggests the failure is caused by a bug in elder binutils,
either as or ld, and was observed on FreeBSD and Linux. There are two
options. First is naturally to upgrade binutils, the second one - to
reconfigure with additional no-sse2 [or 386] option passed to ./config.
* If configured with ./config no-dso, toolkit still gets linked with -ldl,
which most notably poses a problem when linking with dietlibc.
We don't have framework to associate -ldl with no-dso, therefore the only
way is to edit Makefile right after ./config no-dso and remove -ldl from
EX_LIBS line.
* hpux-parisc2-cc no-asm build fails with SEGV in ECDSA/DH.
Compiler bug, presumably at particular patch level. Remaining
hpux*-parisc*-cc configurations can be affected too. Drop optimization
level to +O2 when compiling bn_nist.o.
* solaris64-sparcv9-cc link failure
Solaris 8 ar can fail to maintain symbol table in .a, which results in
link failures. Apply 109147-09 or later or modify Makefile generated
by ./Configure solaris64-sparcv9-cc and replace RANLIB assignment with
RANLIB= /usr/ccs/bin/ar rs

43
deps/openssl/openssl/README vendored
View file

@ -1,7 +1,7 @@
OpenSSL 1.0.2o 27 Mar 2018
OpenSSL 1.1.0h 27 Mar 2018
Copyright (c) 1998-2015 The OpenSSL Project
Copyright (c) 1998-2016 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.
@ -10,11 +10,8 @@
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, fully featured, and Open Source toolkit implementing the
Secure Sockets Layer (SSLv3) and Transport Layer Security (TLS) protocols as
well as a full-strength general purpose cryptograpic library. The project is
managed by a worldwide community of volunteers that use the Internet to
communicate, plan, and develop the OpenSSL toolkit and its related
documentation.
Transport Layer Security (TLS) protocols (including SSLv3) as well as a
full-strength general purpose cryptographic library.
OpenSSL is descended from the SSLeay library developed by Eric A. Young
and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the
@ -27,10 +24,10 @@
The OpenSSL toolkit includes:
libssl.a:
libssl (with platform specific naming):
Provides the client and server-side implementations for SSLv3 and TLS.
libcrypto.a:
libcrypto (with platform specific naming):
Provides general cryptographic and X.509 support needed by SSL/TLS but
not logically part of it.
@ -48,20 +45,16 @@
------------
See the appropriate file:
INSTALL Linux, Unix, etc.
INSTALL.DJGPP DOS platform with DJGPP
INSTALL.NW Netware
INSTALL.OS2 OS/2
INSTALL.VMS VMS
INSTALL.W32 Windows (32bit)
INSTALL.W64 Windows (64bit)
INSTALL.WCE Windows CE
INSTALL Linux, Unix, Windows, OpenVMS, ...
NOTES.* INSTALL addendums for different platforms
SUPPORT
-------
See the OpenSSL website www.openssl.org for details on how to obtain
commercial technical support.
commercial technical support. Free community support is available through the
openssl-users email list (see
https://www.openssl.org/community/mailinglists.html for further details).
If you have any problems with OpenSSL then please take the following steps
first:
@ -74,18 +67,18 @@
If you wish to report a bug then please include the following information
and create an issue on GitHub:
- On Unix systems:
Self-test report generated by 'make report'
- On other systems:
OpenSSL version: output of 'openssl version -a'
OS Name, Version, Hardware platform
Compiler Details (name, version)
- OpenSSL version: output of 'openssl version -a'
- Any "Configure" options that you selected during compilation of the
library if applicable (see INSTALL)
- OS Name, Version, Hardware platform
- Compiler Details (name, version)
- Application Details (name, version)
- Problem Description (steps that will reproduce the problem, if known)
- Stack Traceback (if the application dumps core)
Just because something doesn't work the way you expect does not mean it
is necessarily a bug in OpenSSL.
is necessarily a bug in OpenSSL. Use the openssl-users email list for this type
of query.
HOW TO CONTRIBUTE TO OpenSSL
----------------------------

187
deps/openssl/openssl/README.ASN1 vendored
View file

@ -1,187 +0,0 @@
OpenSSL ASN1 Revision
=====================
This document describes some of the issues relating to the new ASN1 code.
Previous OpenSSL ASN1 problems
=============================
OK why did the OpenSSL ASN1 code need revising in the first place? Well
there are lots of reasons some of which are included below...
1. The code is difficult to read and write. For every single ASN1 structure
(e.g. SEQUENCE) four functions need to be written for new, free, encode and
decode operations. This is a very painful and error prone operation. Very few
people have ever written any OpenSSL ASN1 and those that have usually wish
they hadn't.
2. Partly because of 1. the code is bloated and takes up a disproportionate
amount of space. The SEQUENCE encoder is particularly bad: it essentially
contains two copies of the same operation, one to compute the SEQUENCE length
and the other to encode it.
3. The code is memory based: that is it expects to be able to read the whole
structure from memory. This is fine for small structures but if you have a
(say) 1Gb PKCS#7 signedData structure it isn't such a good idea...
4. The code for the ASN1 IMPLICIT tag is evil. It is handled by temporarily
changing the tag to the expected one, attempting to read it, then changing it
back again. This means that decode buffers have to be writable even though they
are ultimately unchanged. This gets in the way of constification.
5. The handling of EXPLICIT isn't much better. It adds a chunk of code into
the decoder and encoder for every EXPLICIT tag.
6. APPLICATION and PRIVATE tags aren't even supported at all.
7. Even IMPLICIT isn't complete: there is no support for implicitly tagged
types that are not OPTIONAL.
8. Much of the code assumes that a tag will fit in a single octet. This is
only true if the tag is 30 or less (mercifully tags over 30 are rare).
9. The ASN1 CHOICE type has to be largely handled manually, there aren't any
macros that properly support it.
10. Encoders have no concept of OPTIONAL and have no error checking. If the
passed structure contains a NULL in a mandatory field it will not be encoded,
resulting in an invalid structure.
11. It is tricky to add ASN1 encoders and decoders to external applications.
Template model
==============
One of the major problems with revision is the sheer volume of the ASN1 code.
Attempts to change (for example) the IMPLICIT behaviour would result in a
modification of *every* single decode function.
I decided to adopt a template based approach. I'm using the term 'template'
in a manner similar to SNACC templates: it has nothing to do with C++
templates.
A template is a description of an ASN1 module as several constant C structures.
It describes in a machine readable way exactly how the ASN1 structure should
behave. If this template contains enough detail then it is possible to write
versions of new, free, encode, decode (and possibly others operations) that
operate on templates.
Instead of having to write code to handle each operation only a single
template needs to be written. If new operations are needed (such as a 'print'
operation) only a single new template based function needs to be written
which will then automatically handle all existing templates.
Plans for revision
==================
The revision will consist of the following steps. Other than the first two
these can be handled in any order.
o Design and write template new, free, encode and decode operations, initially
memory based. *DONE*
o Convert existing ASN1 code to template form. *IN PROGRESS*
o Convert an existing ASN1 compiler (probably SNACC) to output templates
in OpenSSL form.
o Add support for BIO based ASN1 encoders and decoders to handle large
structures, initially blocking I/O.
o Add support for non blocking I/O: this is quite a bit harder than blocking
I/O.
o Add new ASN1 structures, such as OCSP, CRMF, S/MIME v3 (CMS), attribute
certificates etc etc.
Description of major changes
============================
The BOOLEAN type now takes three values. 0xff is TRUE, 0 is FALSE and -1 is
absent. The meaning of absent depends on the context. If for example the
boolean type is DEFAULT FALSE (as in the case of the critical flag for
certificate extensions) then -1 is FALSE, if DEFAULT TRUE then -1 is TRUE.
Usually the value will only ever be read via an API which will hide this from
an application.
There is an evil bug in the old ASN1 code that mishandles OPTIONAL with
SEQUENCE OF or SET OF. These are both implemented as a STACK structure. The
old code would omit the structure if the STACK was NULL (which is fine) or if
it had zero elements (which is NOT OK). This causes problems because an empty
SEQUENCE OF or SET OF will result in an empty STACK when it is decoded but when
it is encoded it will be omitted resulting in different encodings. The new code
only omits the encoding if the STACK is NULL, if it contains zero elements it
is encoded and empty. There is an additional problem though: because an empty
STACK was omitted, sometimes the corresponding *_new() function would
initialize the STACK to empty so an application could immediately use it, if
this is done with the new code (i.e. a NULL) it wont work. Therefore a new
STACK should be allocated first. One instance of this is the X509_CRL list of
revoked certificates: a helper function X509_CRL_add0_revoked() has been added
for this purpose.
The X509_ATTRIBUTE structure used to have an element called 'set' which took
the value 1 if the attribute value was a SET OF or 0 if it was a single. Due
to the behaviour of CHOICE in the new code this has been changed to a field
called 'single' which is 0 for a SET OF and 1 for single. The old field has
been deleted to deliberately break source compatibility. Since this structure
is normally accessed via higher level functions this shouldn't break too much.
The X509_REQ_INFO certificate request info structure no longer has a field
called 'req_kludge'. This used to be set to 1 if the attributes field was
(incorrectly) omitted. You can check to see if the field is omitted now by
checking if the attributes field is NULL. Similarly if you need to omit
the field then free attributes and set it to NULL.
The top level 'detached' field in the PKCS7 structure is no longer set when
a PKCS#7 structure is read in. PKCS7_is_detached() should be called instead.
The behaviour of PKCS7_get_detached() is unaffected.
The values of 'type' in the GENERAL_NAME structure have changed. This is
because the old code use the ASN1 initial octet as the selector. The new
code uses the index in the ASN1_CHOICE template.
The DIST_POINT_NAME structure has changed to be a true CHOICE type.
typedef struct DIST_POINT_NAME_st {
int type;
union {
STACK_OF(GENERAL_NAME) *fullname;
STACK_OF(X509_NAME_ENTRY) *relativename;
} name;
} DIST_POINT_NAME;
This means that name.fullname or name.relativename should be set
and type reflects the option. That is if name.fullname is set then
type is 0 and if name.relativename is set type is 1.
With the old code using the i2d functions would typically involve:
unsigned char *buf, *p;
int len;
/* Find length of encoding */
len = i2d_SOMETHING(x, NULL);
/* Allocate buffer */
buf = OPENSSL_malloc(len);
if(buf == NULL) {
/* Malloc error */
}
/* Use temp variable because &p gets updated to point to end of
* encoding.
*/
p = buf;
i2d_SOMETHING(x, &p);
Using the new i2d you can also do:
unsigned char *buf = NULL;
int len;
len = i2d_SOMETHING(x, &buf);
if(len < 0) {
/* Malloc error */
}
and it will automatically allocate and populate a buffer with the
encoding. After this call 'buf' will point to the start of the
encoding which is len bytes long.

60
deps/openssl/openssl/README.ECC vendored Normal file
View file

@ -0,0 +1,60 @@
NOTE: The OpenSSL Software Foundation has executed a sublicense agreement
entitled "Elliptic Curve Cryptography Patent License Agreement" with the
National Security Agency/ Central Security Service Commercial Solutions
Center (NCSC) dated 2010-11-04. That agreement permits implementation and
distribution of software containing features covered by any or all of the
following patents:
1.) U.S. Pat. No. 5,761,305 entitled "Key Agreement and Transport Protocol
with Implicit Signatures" issued on June 2, 1998;
2.) Can. Pat. Appl. Ser. No. 2176972 entitled "Key Agreement and Transport
Protocol with Implicit Signature and Reduced Bandwidth" filed on May
16, 1996;
3.) U.S. Pat. No. 5,889,865 entitled "Key Agreement and Transport Protocol
with Implicit Signatures" issued on March 30, 1999;
4.) U.S. Pat. No. 5,896,455 entitled "Key Agreement and Transport Protocol
with Implicit Signatures" issued on April 20, 1999;
5.) U.S. Pat. No. 5,933,504 entitled "Strengthened Public Key Protocol"
issued on August 3, 1999;
6.) Can. Pat. Appl. Ser. No. 2176866 entitled "Strengthened Public Key
Protocol" filed on May 17, 1996;
7.) E.P. Pat. Appl. Ser. No. 96201322.3 entitled "Strengthened Public Key
Protocol" filed on May 17, 1996;
8.) U.S. Pat. No. 5,999,626 entitled "Digital Signatures on a Smartcard"
issued on December 7, 1999;
9.) Can. Pat. Appl. Ser. No. 2202566 entitled "Digital Signatures on a
Smartcard" filed on April 14, 1997;
10.) E.P. Pat. Appl. No. 97106114.8 entitled "Digital Signatures on a
Smartcard" filed on April 15, 1997;
11.) U.S Pat. No. 6,122,736 entitled "Key Agreement and Transport Protocol
with Implicit Signatures" issued on September 19, 2000;
12.) Can. Pat. Appl. Ser. No. 2174261 entitled "Key Agreement and Transport
Protocol with Implicit Signatures" filed on April 16, 1996;
13.) E.P. Pat. Appl. Ser. No. 96105920.1 entitled "Key Agreement and
Transport Protocol with Implicit Signatures" filed on April 16, 1996;
14.) U.S. Pat. No. 6,141,420 entitled "Elliptic Curve Encryption Systems"
issued on October 31, 2000;
15.) Can. Pat. Appl. Ser. No. 2155038 entitled "Elliptic Curve Encryption
Systems" filed on July 31, 1995;
16.) E.P. Pat. Appl. Ser. No. 95926348.4 entitled "Elliptic Curve Encryption
Systems" filed on July 31, 1995;
17.) U.S. Pat. No. 6,336,188 entitled "Authenticated Key Agreement" issued
on January 1, 2002;
18.) U.S. Pat. No. 6,487,661 entitled "Key Agreement and Transport Protocol"
issued on November 26, 2002;
19.) Can. Pat. Appl. Ser. No. 2174260 entitled "Key Agreement and Transport
Protocol" filed on April 16, 1996;
20.) E.P. Pat. Appl. Ser. No. 96105921.9 entitled "Key Agreement and
Transport Protocol" filed on April 21, 1996;
21.) U.S. Pat. No. 6,563,928 entitled "Strengthened Public Key Protocol"
issued on May 13, 2003;
22.) U.S. Pat. No. 6,618,483 entitled "Elliptic Curve Encryption Systems"
issued September 9, 2003;
23.) U.S. Pat. Appl. Ser. No. 09/434,247 entitled "Digital Signatures on a
Smartcard" filed on November 5, 1999;
24.) U.S. Pat. Appl. Ser. No. 09/558,256 entitled "Key Agreement and
Transport Protocol with Implicit Signatures" filed on April 25, 2000;
25.) U.S. Pat. Appl. Ser. No. 09/942,492 entitled "Digital Signatures on a
Smartcard" filed on August 29, 2001 and published on July 18, 2002; and,
26.) U.S. Pat. Appl. Ser. No. 10/185,735 entitled "Strengthened Public Key
Protocol" filed on July 1, 2000.

7
deps/openssl/openssl/README.ENGINE vendored
View file

@ -13,11 +13,10 @@
There are currently built-in ENGINE implementations for the following
crypto devices:
o CryptoSwift
o Compaq Atalla
o Cryptodev
o Microsoft CryptoAPI
o VIA Padlock
o nCipher CHIL
o Nuron
o Broadcom uBSec
In addition, dynamic binding to external ENGINE implementations is now
provided by a special ENGINE called "dynamic". See the "DYNAMIC ENGINE"

1
deps/openssl/openssl/README.FIPS vendored Normal file
View file

@ -0,0 +1 @@
This release does not support a FIPS 140-2 validated module.

18
deps/openssl/openssl/VMS/TODO vendored
View file

@ -1,18 +0,0 @@
TODO:
=====
There are a few things that need to be worked out in the VMS version of
OpenSSL, still:
- Description files. ("Makefile's" :-))
- Script code to link an already compiled build tree.
- A VMSINSTALlable version (way in the future, unless someone else hacks).
- shareable images (DLL for you Windows folks).
There may be other things that I have missed and that may be desirable.
Please send mail to <openssl-users@openssl.org> or to me directly if you
have any ideas.
--
Richard Levitte <richard@levitte.org>
1999-05-24

11
deps/openssl/openssl/VMS/VMSify-conf.pl vendored
View file

@ -1,4 +1,11 @@
#! /usr/bin/perl
#! /usr/bin/env perl
# Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
use strict;
use warnings;
@ -7,7 +14,7 @@ my @directory_vars = ( "dir", "certs", "crl_dir", "new_certs_dir" );
my @file_vars = ( "database", "certificate", "serial", "crlnumber",
"crl", "private_key", "RANDFILE" );
while(<STDIN>) {
chomp;
s|\R$||;
foreach my $d (@directory_vars) {
if (/^(\s*\#?\s*${d}\s*=\s*)\.\/([^\s\#]*)([\s\#].*)$/) {
$_ = "$1sys\\\$disk:\[.$2$3";

4
deps/openssl/openssl/VMS/WISHLIST.TXT vendored
View file

@ -1,4 +0,0 @@
* Have the building procedure contain a LINK-only possibility.
Wished by Mark Daniel <mark.daniel@dsto.defence.gov.au>
One way to enable that is also to go over to DESCRIP.MMS files.

1
deps/openssl/openssl/engines/alpha.opt → deps/openssl/openssl/VMS/engine.opt vendored
View file

@ -1 +1,2 @@
CASE_SENSITIVE=YES
SYMBOL_VECTOR=(bind_engine=PROCEDURE,v_check=PROCEDURE)

67
deps/openssl/openssl/VMS/install-vms.com vendored
View file

@ -1,67 +0,0 @@
$! install-vms.com -- Installs the files in a given directory tree
$!
$! Author: Richard Levitte <richard@levitte.org>
$! Time of creation: 23-MAY-1998 19:22
$!
$! P1 root of the directory tree
$!
$!
$! Announce/identify.
$!
$ proc = f$environment( "procedure")
$ write sys$output "@@@ "+ -
f$parse( proc, , , "name")+ f$parse( proc, , , "type")
$!
$ on error then goto tidy
$ on control_c then goto tidy
$!
$ if p1 .eqs. ""
$ then
$ write sys$output "First argument missing."
$ write sys$output -
"Should be the directory where you want things installed."
$ exit
$ endif
$
$ if (f$getsyi( "cpu") .lt. 128)
$ then
$ arch = "VAX"
$ else
$ arch = f$edit( f$getsyi( "arch_name"), "upcase")
$ if (arch .eqs. "") then arch = "UNK"
$ endif
$
$ root = f$parse( P1, "[]A.;0", , , "SYNTAX_ONLY, NO_CONCEAL")- "A.;0"
$ root_dev = f$parse( root, , , "device", "syntax_only")
$ root_dir = f$parse( root, , , "directory", "syntax_only") - -
"[000000." - "][" - "[" - "]"
$ root = root_dev + "[" + root_dir
$
$ define /nolog wrk_sslroot 'root'.] /translation_attributes = concealed
$ define /nolog wrk_sslinclude wrk_sslroot:[include]
$
$ if f$parse( "wrk_sslroot:[000000]") .eqs. "" then -
create /directory /log wrk_sslroot:[000000]
$ if f$parse( "wrk_sslinclude:") .eqs. "" then -
create /directory /log wrk_sslinclude:
$ if f$parse( "wrk_sslroot:[vms]") .eqs. "" then -
create /directory /log wrk_sslroot:[vms]
$!
$ copy /log /protection = world:re openssl_startup.com wrk_sslroot:[vms]
$ copy /log /protection = world:re openssl_undo.com wrk_sslroot:[vms]
$ copy /log /protection = world:re openssl_utils.com wrk_sslroot:[vms]
$!
$ tidy:
$!
$ call deass wrk_sslroot
$ call deass wrk_sslinclude
$!
$ exit
$!
$ deass: subroutine
$ if (f$trnlnm( p1, "LNM$PROCESS") .nes. "")
$ then
$ deassign /process 'p1'
$ endif
$ endsubroutine
$!

476
deps/openssl/openssl/VMS/mkshared.com vendored
View file

@ -1,476 +0,0 @@
$! MKSHARED.COM -- Create shareable images.
$!
$! P1: "64" for 64-bit pointers.
$!
$! P2: Zlib object library path (optional).
$!
$! Input: [.UTIL]LIBEAY.NUM,[.xxx.EXE.CRYPTO]SSL_LIBCRYPTO[32].OLB
$! [.UTIL]SSLEAY.NUM,[.xxx.EXE.SSL]SSL_LIBSSL[32].OLB
$! [.CRYPTO.xxx]OPENSSLCONF.H
$! Output: [.xxx.EXE.CRYPTO]SSL_LIBCRYPTO_SHR[32].OPT,.MAP,.EXE
$! [.xxx.EXE.SSL]SSL_LIBSSL_SRH[32].OPT,.MAP,.EXE
$!
$! So far, tests have only been made on VMS for Alpha. VAX will come in time.
$! ===========================================================================
$!
$! Announce/identify.
$!
$ proc = f$environment( "procedure")
$ write sys$output "@@@ "+ -
f$parse( proc, , , "name")+ f$parse( proc, , , "type")
$!
$! Save the original default device:[directory].
$!
$ def_orig = f$environment( "default")
$ on error then goto tidy
$ on control_c then goto tidy
$!
$! SET DEFAULT to the main kit directory.
$!
$ proc = f$environment("procedure")
$ proc = f$parse( "A.;", proc)- "A.;"
$ set default 'proc'
$ set default [-]
$!
$! ----- Prepare info for processing: version number and file info
$ gosub read_version_info
$ if libver .eqs. ""
$ then
$ write sys$error "ERROR: Couldn't find any library version info..."
$ go to tidy:
$ endif
$
$ if (f$getsyi("cpu") .lt. 128)
$ then
$ arch_vax = 1
$ arch = "VAX"
$ else
$ arch_vax = 0
$ arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
$ if (arch .eqs. "") then arch = "UNK"
$ endif
$!
$ archd = arch
$ lib32 = "32"
$ shr = "SHR32"
$!
$ if (p1 .nes. "")
$ then
$ if (p1 .eqs. "64")
$ then
$ archd = arch+ "_64"
$ lib32 = ""
$ shr = "SHR"
$ else
$ if (p1 .nes. "32")
$ then
$ write sys$output "Second argument invalid."
$ write sys$output "It should be "32", "64", or nothing."
$ exit
$ endif
$ endif
$ endif
$!
$! ----- Prepare info for processing: disabled algorithms info
$ gosub read_disabled_algorithms_info
$!
$ ZLIB = p2
$ zlib_lib = ""
$ if (ZLIB .nes. "")
$ then
$ file2 = f$parse( ZLIB, "libz.olb", , , "syntax_only")
$ if (f$search( file2) .eqs. "")
$ then
$ write sys$output ""
$ write sys$output "The Option ", ZLIB, " Is Invalid."
$ write sys$output " Can't find library: ''file2'"
$ write sys$output ""
$ goto tidy
$ endif
$ zlib_lib = ", ''file2' /library"
$ endif
$!
$ if (arch_vax)
$ then
$ libtit = "CRYPTO_TRANSFER_VECTOR"
$ libid = "Crypto"
$ libnum = "[.UTIL]LIBEAY.NUM"
$ libdir = "[.''ARCHD'.EXE.CRYPTO]"
$ libmar = "''libdir'SSL_LIBCRYPTO_''shr'.MAR"
$ libolb = "''libdir'SSL_LIBCRYPTO''lib32'.OLB"
$ libopt = "''libdir'SSL_LIBCRYPTO_''shr'.OPT"
$ libobj = "''libdir'SSL_LIBCRYPTO_''shr'.OBJ"
$ libmap = "''libdir'SSL_LIBCRYPTO_''shr'.MAP"
$ libgoal= "''libdir'SSL_LIBCRYPTO_''shr'.EXE"
$ libref = ""
$ libvec = "LIBCRYPTO"
$ if f$search( libolb) .nes. "" then gosub create_vax_shr
$ libtit = "SSL_TRANSFER_VECTOR"
$ libid = "SSL"
$ libnum = "[.UTIL]SSLEAY.NUM"
$ libdir = "[.''ARCHD'.EXE.SSL]"
$ libmar = "''libdir'SSL_LIBSSL_''shr'.MAR"
$ libolb = "''libdir'SSL_LIBSSL''lib32'.OLB"
$ libopt = "''libdir'SSL_LIBSSL_''shr'.OPT"
$ libobj = "''libdir'SSL_LIBSSL_''shr'.OBJ"
$ libmap = "''libdir'SSL_LIBSSL_''shr'.MAP"
$ libgoal= "''libdir'SSL_LIBSSL_''shr'.EXE"
$ libref = "[.''ARCHD'.EXE.CRYPTO]SSL_LIBCRYPTO_''shr'.EXE"
$ libvec = "LIBSSL"
$ if f$search( libolb) .nes. "" then gosub create_vax_shr
$ else
$ libid = "Crypto"
$ libnum = "[.UTIL]LIBEAY.NUM"
$ libdir = "[.''ARCHD'.EXE.CRYPTO]"
$ libolb = "''libdir'SSL_LIBCRYPTO''lib32'.OLB"
$ libopt = "''libdir'SSL_LIBCRYPTO_''shr'.OPT"
$ libmap = "''libdir'SSL_LIBCRYPTO_''shr'.MAP"
$ libgoal= "''libdir'SSL_LIBCRYPTO_''shr'.EXE"
$ libref = ""
$ if f$search( libolb) .nes. "" then gosub create_nonvax_shr
$ libid = "SSL"
$ libnum = "[.UTIL]SSLEAY.NUM"
$ libdir = "[.''ARCHD'.EXE.SSL]"
$ libolb = "''libdir'SSL_LIBSSL''lib32'.OLB"
$ libopt = "''libdir'SSL_LIBSSL_''shr'.OPT"
$ libmap = "''libdir'SSL_LIBSSL_''shr'.MAP"
$ libgoal= "''libdir'SSL_LIBSSL_''shr'.EXE"
$ libref = "[.''ARCHD'.EXE.CRYPTO]SSL_LIBCRYPTO_''shr'.EXE"
$ if f$search( libolb) .nes. "" then gosub create_nonvax_shr
$ endif
$!
$ tidy:
$!
$! Close any open files.
$!
$ if (f$trnlnm( "libnum", "LNM$PROCESS", 0, "SUPERVISOR") .nes. "") then -
close libnum
$!
$ if (f$trnlnm( "mar", "LNM$PROCESS", 0, "SUPERVISOR") .nes. "") then -
close mar
$!
$ if (f$trnlnm( "opt", "LNM$PROCESS", 0, "SUPERVISOR") .nes. "") then -
close opt
$!
$ if (f$trnlnm( "vf", "LNM$PROCESS", 0, "SUPERVISOR") .nes. "") then -
close vf
$!
$! Restore the original default device:[directory].
$!
$ set default 'def_orig'
$ exit
$
$! ----- Subroutines to build the shareable libraries
$! For each supported architecture, there's a main shareable library
$! creator, which is called from the main code above.
$! The creator will define a number of variables to tell the next levels of
$! subroutines what routines to use to write to the option files, call the
$! main processor, read_func_num, and when that is done, it will write version
$! data at the end of the .opt file, close it, and link the library.
$!
$! read_func_num reads through a .num file and calls the writer routine for
$! each line. It's also responsible for checking that order is properly kept
$! in the .num file, check that each line applies to VMS and the architecture,
$! and to fill in "holes" with dummy entries.
$!
$! The creator routines depend on the following variables:
$! libnum The name of the .num file to use as input
$! libolb The name of the object library to build from
$! libid The identification string of the shareable library
$! libopt The name of the .opt file to write
$! libtit The title of the assembler transfer vector file (VAX only)
$! libmar The name of the assembler transfer vector file (VAX only)
$! libmap The name of the map file to write
$! libgoal The name of the shareable library to write
$! libref The name of a shareable library to link in
$!
$! read_func_num depends on the following variables from the creator:
$! libwriter The name of the writer routine to call for each .num file line
$! -----
$
$! ----- Subroutines for non-VAX
$! -----
$! The creator routine
$ create_nonvax_shr:
$ open /write opt 'libopt'
$ write opt "identification=""",libid," ",libverstr,""""
$ write opt libolb, " /library"
$ if libref .nes. "" then write opt libref,"/SHARE"
$ write opt "SYMBOL_VECTOR=(-"
$ libfirstentry := true
$ libwrch := opt
$ libwriter := write_nonvax_transfer_entry
$ textcount = 0
$ gosub read_func_num
$ write opt ")"
$ write opt "GSMATCH=",libvmatch,",",libver
$ close opt
$ link /map = 'libmap' /full /share = 'libgoal' 'libopt' /options -
'zlib_lib'
$ return
$
$! The record writer routine
$ write_nonvax_transfer_entry:
$ if libentry .eqs. ".dummy" then return
$ if info_kind .eqs. "VARIABLE"
$ then
$ pr:=DATA
$ else
$ pr:=PROCEDURE
$ endif
$ textcount_this = f$length(pr) + f$length(libentry) + 5
$ if textcount + textcount_this .gt. 1024
$ then
$ write opt ")"
$ write opt "SYMBOL_VECTOR=(-"
$ textcount = 16
$ libfirstentry := true
$ endif
$ if libfirstentry
$ then
$ write 'libwrch' " ",libentry,"=",pr," -"
$ else
$ write 'libwrch' " ,",libentry,"=",pr," -"
$ endif
$ libfirstentry := false
$ textcount = textcount + textcount_this
$ return
$
$! ----- Subroutines for VAX
$! -----
$! The creator routine
$ create_vax_shr:
$ open /write mar 'libmar'
$ type sys$input:/out=mar:
;
; Transfer vector for VAX shareable image
;
$ write mar " .TITLE ",libtit
$ write mar " .IDENT /",libid,"/"
$ type sys$input:/out=mar:
;
; Define macro to assist in building transfer vector entries. Each entry
; should take no more than 8 bytes.
;
.MACRO FTRANSFER_ENTRY routine
.ALIGN QUAD
.TRANSFER routine
.MASK routine
JMP routine+2
.ENDM FTRANSFER_ENTRY
;
; Place entries in own program section.
;
$ write mar " .PSECT $$",libvec,",QUAD,PIC,USR,CON,REL,LCL,SHR,EXE,RD,NOWRT"
$ write mar libvec,"_xfer:"
$ libwrch := mar
$ libwriter := write_vax_ftransfer_entry
$ gosub read_func_num
$ type sys$input:/out=mar:
;
; Allocate extra storage at end of vector to allow for expansion.
;
$ write mar " .BLKB 32768-<.-",libvec,"_xfer> ; 64 pages total."
$! libwriter := write_vax_vtransfer_entry
$! gosub read_func_num
$ write mar " .END"
$ close mar
$ open /write opt 'libopt'
$ write opt "identification=""",libid," ",libverstr,""""
$ write opt libobj
$ write opt libolb, " /library"
$ if libref .nes. "" then write opt libref,"/SHARE"
$ type sys$input:/out=opt:
!
! Ensure transfer vector is at beginning of image
!
CLUSTER=FIRST
$ write opt "COLLECT=FIRST,$$",libvec
$ write opt "GSMATCH=",libvmatch,",",libver
$ type sys$input:/out=opt:
!
! make psects nonshareable so image can be installed.
!
PSECT_ATTR=$CHAR_STRING_CONSTANTS,NOWRT
$ libwrch := opt
$ libwriter := write_vax_psect_attr
$ gosub read_func_num
$ close opt
$ macro/obj='libobj' 'libmar'
$ link /map = 'libmap' /full /share = 'libgoal' 'libopt' /options -
'zlib_lib'
$ return
$
$! The record writer routine for VAX functions
$ write_vax_ftransfer_entry:
$ if info_kind .nes. "FUNCTION" then return
$ if libentry .eqs ".dummy"
$ then
$ write 'libwrch' " .BLKB 8" ! Dummy is zeroes...
$ else
$ write 'libwrch' " FTRANSFER_ENTRY ",libentry
$ endif
$ return
$! The record writer routine for VAX variables (should never happen!)
$ write_vax_psect_attr:
$ if info_kind .nes. "VARIABLE" then return
$ if libentry .eqs ".dummy" then return
$ write 'libwrch' "PSECT_ATTR=",libentry,",NOSHR"
$ return
$
$! ----- Common subroutines
$! -----
$! The .num file reader. This one has great responsibility.
$ read_func_num:
$ open /read libnum 'libnum'
$ goto read_nums
$
$ read_nums:
$ libentrynum=0
$ liblastentry:=false
$ entrycount=0
$ loop:
$ read /end=loop_end /err=loop_end libnum line
$ lin = f$edit( line, "COMPRESS,TRIM")
$! Skip a "#" comment line.
$ if (f$extract( 0, 1, lin) .eqs. "#") then goto loop
$ entrynum = f$int(f$element( 1, " ", lin))
$ entryinfo = f$element( 2, " ", lin)
$ curentry = f$element( 0, " ", lin)
$ info_exist = f$element( 0, ":", entryinfo)
$ info_platforms = ","+ f$element(1, ":", entryinfo)+ ","
$ info_kind = f$element( 2, ":", entryinfo)
$ info_algorithms = ","+ f$element( 3, ":", entryinfo)+ ","
$ if info_exist .eqs. "NOEXIST" then goto loop
$ truesum = 0
$ falsesum = 0
$ negatives = 1
$ plat_i = 0
$ loop1:
$ plat_entry = f$element( plat_i, ",", info_platforms)
$ plat_i = plat_i + 1
$ if plat_entry .eqs. "" then goto loop1
$ if plat_entry .nes. ","
$ then
$ if f$extract(0,1,plat_entry) .nes. "!" then negatives = 0
$ if (arch_vax)
$ then
$ if plat_entry .eqs. "EXPORT_VAR_AS_FUNCTION" then -
$ truesum = truesum + 1
$ if plat_entry .eqs. "!EXPORT_VAR_AS_FUNCTION" then -
$ falsesum = falsesum + 1
$ endif
$!
$ if ((plat_entry .eqs. "VMS") .or. -
((plat_entry .eqs. "ZLIB") .and. (ZLIB .nes. "")) .or. -
(arch_vax .and. (plat_entry .eqs. "VMSVAX"))) then -
truesum = truesum + 1
$!
$ if ((plat_entry .eqs. "!VMS") .or. -
(arch_vax .and. (plat_entry .eqs. "!VMSVAX"))) then -
falsesum = falsesum + 1
$!
$ goto loop1
$ endif
$ endloop1:
$!DEBUG!$ if info_platforms - "EXPORT_VAR_AS_FUNCTION" .nes. info_platforms
$!DEBUG!$ then
$!DEBUG!$ write sys$output line
$!DEBUG!$ write sys$output " truesum = ",truesum,-
$!DEBUG! ", negatives = ",negatives,", falsesum = ",falsesum
$!DEBUG!$ endif
$ if falsesum .ne. 0 then goto loop
$ if truesum+negatives .eq. 0 then goto loop
$ alg_i = 0
$ loop2:
$ alg_entry = f$element(alg_i,",",info_algorithms)
$ alg_i = alg_i + 1
$ if alg_entry .eqs. "" then goto loop2
$ if alg_entry .nes. ","
$ then
$ if disabled_algorithms - ("," + alg_entry + ",") .nes disabled_algorithms then goto loop
$ if f$trnlnm("OPENSSL_NO_"+alg_entry) .nes. "" then goto loop
$ goto loop2
$ endif
$ endloop2:
$ if info_platforms - "EXPORT_VAR_AS_FUNCTION" .nes. info_platforms
$ then
$!DEBUG!$ write sys$output curentry," ; ",entrynum," ; ",entryinfo
$ endif
$ redo:
$ next:=loop
$ tolibentry=curentry
$ if libentrynum .ne. entrynum
$ then
$ entrycount=entrycount+1
$ if entrycount .lt. entrynum
$ then
$!DEBUG!$ write sys$output "Info: entrycount: ''entrycount', entrynum: ''entrynum' => 0"
$ tolibentry=".dummy"
$ next:=redo
$ endif
$ if entrycount .gt. entrynum
$ then
$ write sys$error "Decreasing library entry numbers! Can't continue"
$ write sys$error """",line,""""
$ close libnum
$ return
$ endif
$ libentry=tolibentry
$!DEBUG!$ write sys$output entrycount," ",libentry," ",entryinfo
$ if libentry .nes. "" .and. libwriter .nes. "" then gosub 'libwriter'
$ else
$ write sys$error "Info: ""''curentry'"" is an alias for ""''libentry'"". Overriding..."
$ endif
$ libentrynum=entrycount
$ goto 'next'
$ loop_end:
$ close libnum
$ return
$
$! The version number reader
$ read_version_info:
$ libver = ""
$ open /read vf [.CRYPTO]OPENSSLV.H
$ loop_rvi:
$ read/err=endloop_rvi/end=endloop_rvi vf rvi_line
$ if rvi_line - "SHLIB_VERSION_NUMBER """ .eqs. rvi_line then -
goto loop_rvi
$ libverstr = f$element(1,"""",rvi_line)
$ libvmajor = f$element(0,".",libverstr)
$ libvminor = f$element(1,".",libverstr)
$ libvedit = f$element(2,".",libverstr)
$ libvpatch = f$cvui(0,8,f$extract(1,1,libvedit)+"@")-f$cvui(0,8,"@")
$ libvedit = f$extract(0,1,libvedit)
$ libver = f$string(f$int(libvmajor)*100)+","+-
f$string(f$int(libvminor)*100+f$int(libvedit)*10+f$int(libvpatch))
$ if libvmajor .eqs. "0"
$ then
$ libvmatch = "EQUAL"
$ else
$ ! Starting with the 1.0 release, backward compatibility should be
$ ! kept, so switch over to the following
$ libvmatch = "LEQUAL"
$ endif
$ endloop_rvi:
$ close vf
$ return
$
$! The disabled algorithms reader
$ read_disabled_algorithms_info:
$ disabled_algorithms = ","
$ open /read cf [.CRYPTO.'ARCH']OPENSSLCONF.H
$ loop_rci:
$ read/err=endloop_rci/end=endloop_rci cf rci_line
$ rci_line = f$edit(rci_line,"TRIM,COMPRESS")
$ rci_ei = 0
$ if f$extract(0,9,rci_line) .eqs. "# define " then rci_ei = 2
$ if f$extract(0,8,rci_line) .eqs. "#define " then rci_ei = 1
$ if rci_ei .eq. 0 then goto loop_rci
$ rci_e = f$element(rci_ei," ",rci_line)
$ if f$extract(0,11,rci_e) .nes. "OPENSSL_NO_" then goto loop_rci
$ disabled_algorithms = disabled_algorithms + f$extract(11,999,rci_e) + ","
$ goto loop_rci
$ endloop_rci:
$ close cf
$ return

1
deps/openssl/openssl/VMS/multinet_shr.opt vendored
View file

@ -1 +0,0 @@
multinet:multinet_socket_library.exe/share

50
deps/openssl/openssl/VMS/openssl_ivp.com.in vendored Normal file
View file

@ -0,0 +1,50 @@
$ ! OpenSSL Internal Verification Procedure
$ !
$ ! This script checks the consistency of a OpenSSL installation
$ ! It had better be spawned, as it creates process logicals
$
$ ! Generated information
$ INSTALLTOP := {- $config{INSTALLTOP} -}
$ OPENSSLDIR := {- $config{OPENSSLDIR} -}
$
$ ! Make sure that INSTALLTOP and OPENSSLDIR become something one
$ ! can use to call the startup procedure
$ INSTALLTOP_ = F$PARSE("A.;",INSTALLTOP,,,"NO_CONCEAL") -
- ".][000000" - "[000000." - "][" - "]A.;" + "."
$ OPENSSLDIR_ = F$PARSE("A.;",OPENSSLDIR,,,"NO_CONCEAL") -
- ".][000000" - "[000000." - "][" - "]A.;" + "."
$
$ v := {- sprintf "%02d%02d", split(/\./, $config{version}) -}
$ pz := {- $config{pointer_size} -}
$
$ @'INSTALLTOP_'SYS$STARTUP]openssl_startup'v'
$ @'INSTALLTOP_'SYS$STARTUP]openssl_utils'v'
$
$ IF F$SEARCH("OSSL$LIBCRYPTO''pz'") .EQS. "" -
.OR. F$SEARCH("OSSL$LIBSSL''pz'") .EQS. "" {- output_off() if $config{no_shared}; "" -}-
.OR. F$SEARCH("OSSL$LIBCRYPTO_SHR''pz'") .EQS. "" -
.OR. F$SEARCH("OSSL$LIBSSL_SHR''pz'") .EQS. "" {- output_on() if $config{no_shared}; "" -}-
.OR. F$SEARCH("OSSL$INCLUDE:[OPENSSL]crypto.h") .EQS. "" -
.OR. F$SEARCH("OPENSSL:crypto.h") .EQS. "" -
.OR. F$SEARCH("OSSL$EXE:OPENSSL''v'.EXE") .EQS. ""
$ THEN
$ WRITE SYS$ERROR "Installation inconsistent"
$ EXIT %x00018292 ! RMS$_FNF, file not found
$ ENDIF
$
$ ON ERROR THEN GOTO error
$
$ ! If something else is wrong with the installation, we're likely
$ ! to get an image activation error here
$ openssl version -a
$
$ ! FUTURE ENHANCEMENT: Verify that engines are where they should be.
$ ! openssl engine -c -t checker
$
$ WRITE SYS$ERROR "OpenSSL IVP passed"
$ EXIT %x10000001
$
$ error:
$ save_status = $STATUS
$ WRITE SYS$ERROR "OpenSSL IVP failed"
$ EXIT 'save_status'

56
deps/openssl/openssl/VMS/openssl_shutdown.com.in vendored Normal file
View file

@ -0,0 +1,56 @@
$ ! OpenSSL shutdown script
$ !
$ ! This script deassigns the logical names used by the installation
$ ! of OpenSSL. It can do so at any level, defined by P1.
$ !
$ ! P1 Qualifier(s) for DEASSIGN.
$ ! Default: /PROCESS
$ !
$ ! P2 If the value is "NOALIASES", no alias logical names are
$ ! deassigned.
$
$ status = %x10000001 ! Generic success
$
$ ! In case there's a problem
$ ON CONTROL_Y THEN GOTO bailout
$ ON ERROR THEN GOTO bailout
$
$ ! Find the architecture
$ IF F$GETSYI("CPU") .LT. 128
$ THEN
$ arch := VAX
$ ELSE
$ arch := F$EDIT(F$GETSYI("ARCH_NAME"),"UPCASE")
$ IF arch .EQS. "" THEN GOTO unknown_arch
$ ENDIF
$
$ ! Abbrevs
$ DEAS := DEASSIGN /NOLOG 'P1'
$ sv := {- sprintf "%02d%02d", $config{shlib_major}, $config{shlib_minor} -}
$ pz := {- $config{pointer_size} -}
$
$ DEAS OSSL$DATAROOT
$ DEAS OSSL$INSTROOT
$ DEAS OSSL$INCLUDE
$ DEAS OSSL$LIB
$ DEAS OSSL$SHARE
$ DEAS OSSL$ENGINES'sv'
$ DEAS OSSL$EXE
$ DEAS OSSL$LIBCRYPTO'pz'
$ DEAS OSSL$LIBSSL'pz'
${- output_off() if $config{no_shared}; "" -}
$ DEAS OSSL$LIBCRYPTO'sv'_SHR'pz'
$ DEAS OSSL$LIBSSL'sv'_SHR'pz'
${- output_on() if $config{no_shared}; "" -}
$ DEAS OPENSSL
$
$ IF P2 .NES. "NOALIASES"
$ THEN
$ DEAS OSSL$ENGINES
${- output_off() if $config{no_shared}; "" -}
$ DEAS OSSL$LIBCRYPTO_SHR'pz'
$ DEAS OSSL$LIBSSL_SHR'pz'
${- output_on() if $config{no_shared}; "" -}
$ ENDIF
$
$ EXIT 'status'

108
deps/openssl/openssl/VMS/openssl_startup.com vendored
View file

@ -1,108 +0,0 @@
$!
$! Startup file for OpenSSL 1.x.
$!
$! 2011-03-05 SMS.
$!
$! This procedure must reside in the OpenSSL installation directory.
$! It will fail if it is copied to a different location.
$!
$! P1 qualifier(s) for DEFINE. For example, "/SYSTEM" to get the
$! logical names defined in the system logical name table.
$!
$! P2 "64", to use executables which were built with 64-bit pointers.
$!
$! Good (default) and bad status values.
$!
$ status = %x00010001 ! RMS$_NORMAL, normal successful completion.
$ rms_e_fnf = %x00018292 ! RMS$_FNF, file not found.
$!
$! Prepare for problems.
$!
$ orig_dev_dir = f$environment( "DEFAULT")
$ on control_y then goto clean_up
$ on error then goto clean_up
$!
$! Determine hardware architecture.
$!
$ if (f$getsyi( "cpu") .lt. 128)
$ then
$ arch_name = "VAX"
$ else
$ arch_name = f$edit( f$getsyi( "arch_name"), "upcase")
$ if (arch_name .eqs. "") then arch_name = "UNK"
$ endif
$!
$ if (p2 .eqs. "64")
$ then
$ arch_name_exe = arch_name+ "_64"
$ else
$ arch_name_exe = arch_name
$ endif
$!
$! Derive the OpenSSL installation device:[directory] from the location
$! of this command procedure.
$!
$ proc = f$environment( "procedure")
$ proc_dev_dir = f$parse( "A.;", proc, , , "no_conceal") - "A.;"
$ proc_dev = f$parse( proc_dev_dir, , , "device", "syntax_only")
$ proc_dir = f$parse( proc_dev_dir, , , "directory", "syntax_only") - -
".][000000"- "[000000."- "]["- "["- "]"
$ proc_dev_dir = proc_dev+ "["+ proc_dir+ "]"
$ set default 'proc_dev_dir'
$ set default [-]
$ ossl_dev_dir = f$environment( "default")
$!
$! Check existence of expected directories (to see if this procedure has
$! been moved away from its proper place).
$!
$ if ((f$search( "certs.dir;1") .eqs. "") .or. -
(f$search( "include.dir;1") .eqs. "") .or. -
(f$search( "private.dir;1") .eqs. "") .or. -
(f$search( "vms.dir;1") .eqs. ""))
$ then
$ write sys$output -
" Can't find expected common OpenSSL directories in:"
$ write sys$output " ''ossl_dev_dir'"
$ status = rms_e_fnf
$ goto clean_up
$ endif
$!
$ if ((f$search( "''arch_name_exe'_exe.dir;1") .eqs. "") .or. -
(f$search( "''arch_name'_lib.dir;1") .eqs. ""))
$ then
$ write sys$output -
" Can't find expected architecture-specific OpenSSL directories in:"
$ write sys$output " ''ossl_dev_dir'"
$ status = rms_e_fnf
$ goto clean_up
$ endif
$!
$! All seems well (enough). Define the OpenSSL logical names.
$!
$ ossl_root = ossl_dev_dir- "]"+ ".]"
$ define /translation_attributes = concealed /nolog'p1 SSLROOT 'ossl_root'
$ define /nolog 'p1' SSLCERTS sslroot:[certs]
$ define /nolog 'p1' SSLINCLUDE sslroot:[include]
$ define /nolog 'p1' SSLPRIVATE sslroot:[private]
$ define /nolog 'p1' SSLEXE sslroot:['arch_name_exe'_exe]
$ define /nolog 'p1' SSLLIB sslroot:['arch_name'_lib]
$!
$! Defining OPENSSL lets a C program use "#include <openssl/{foo}.h>":
$ define /nolog 'p1' OPENSSL SSLINCLUDE:
$!
$! Run a site-specific procedure, if it exists.
$!
$ if f$search( "sslroot:[vms]openssl_systartup.com") .nes."" then -
@ sslroot:[vms]openssl_systartup.com
$!
$! Restore the original default dev:[dir] (if known).
$!
$ clean_up:
$!
$ if (f$type( orig_dev_dir) .nes. "")
$ then
$ set default 'orig_dev_dir'
$ endif
$!
$ EXIT 'status'
$!

123
deps/openssl/openssl/VMS/openssl_startup.com.in vendored Normal file
View file

@ -0,0 +1,123 @@
$ ! OpenSSL startup script
$ !
$ ! This script defines the logical names used by the installation
$ ! of OpenSSL. It can provide those logical names at any level,
$ ! defined by P1.
$ !
$ ! The logical names created are:
$ !
$ ! OSSL$INSTROOT Installation root
$ ! OSSL$DATAROOT Data root (common directory
$ ! for certs etc)
$ ! OSSL$INCLUDE Include directory root
$ ! OSSL$LIB Where the static library files
$ ! are located
$ ! OSSL$SHARE Where the shareable image files
$ ! are located
$ ! OSSL$EXE Where the executables are located
$ ! OSSL$ENGINESnnn Where the shareable images are located
$ ! OSSL$LIBCRYPTO The static crypto library
$ ! OSSL$LIBSSL The static ssl library
$ ! OSSL$LIBCRYPTOnnn_SHR The shareable crypto image
$ ! OSSL$LIBSSLnnn_SHR The shareable ssl image
$ ! OPENSSL is OSSL$INCLUDE:[OPENSSL]
$ !
$ ! In all these, nnn is the OpenSSL version number. This allows
$ ! several OpenSSL versions to be installed simultaneously, which
$ ! matters for applications that are linked to the shareable images
$ ! or that depend on engines.
$ !
$ ! In addition, unless P2 is "NOALIASES", these logical names are
$ ! created:
$ !
$ ! OSSL$ENGINES Alias for OSSL$ENGINESnnn
$ ! OSSL$LIBCRYPTO_SHR Alias for OSSL$LIBCRYPTOnnn_SHR
$ ! OSSL$LIBSSL_SHR Alias for OSSL$LIBSSLnnn_SHR
$ !
$ ! P1 Qualifier(s) for DEFINE. "/SYSTEM" would be typical when
$ ! calling this script from SYS$STARTUP:SYSTARTUP_VMS.COM,
$ ! while "/PROCESS" would be typical for a personal install.
$ ! Default: /PROCESS
$ !
$ ! P2 If the value is "NOALIASES", no alias logical names are
$ ! created.
$
$ status = %x10000001 ! Generic success
$
$ ! In case there's a problem
$ ON CONTROL_Y THEN GOTO bailout
$ ON ERROR THEN GOTO bailout
$
$ ! Find the architecture
$ IF F$GETSYI("CPU") .LT. 128
$ THEN
$ arch := VAX
$ ELSE
$ arch = F$EDIT(F$GETSYI("ARCH_NAME"),"UPCASE")
$ IF arch .EQS. "" THEN GOTO unknown_arch
$ ENDIF
$
$ ! Generated information
$ INSTALLTOP := {- $config{INSTALLTOP} -}
$ OPENSSLDIR := {- $config{OPENSSLDIR} -}
$
$ ! Make sure that INSTALLTOP and OPENSSLDIR become something one
$ ! can build concealed logical names on
$ INSTALLTOP_ = F$PARSE("A.;",INSTALLTOP,,,"NO_CONCEAL") -
- ".][000000" - "[000000." - "][" - "]A.;" + "."
$ OPENSSLDIR_ = F$PARSE("A.;",OPENSSLDIR,,,"NO_CONCEAL") -
- ".][000000" - "[000000." - "][" - "]A.;" + "."
$
$ DEFINE /TRANSLATION=CONCEALED /NOLOG WRK_INSTALLTOP 'INSTALLTOP_']
$ DEFINE /TRANSLATION=CONCEALED /NOLOG WRK_OPENSSLDIR 'OPENSSLDIR_']
$
$ ! Check that things are in place, and specifically, the stuff
$ ! belonging to this architecture
$ IF F$SEARCH("WRK_INSTALLTOP:[000000]INCLUDE.DIR;1") .EQS. "" -
.OR. F$SEARCH("WRK_INSTALLTOP:[000000]LIB.DIR;1") .EQS. "" -
.OR. F$SEARCH("WRK_INSTALLTOP:[000000]EXE.DIR;1") .EQS. "" -
.OR. F$SEARCH("WRK_INSTALLTOP:[LIB]''arch'.DIR;1") .EQS. "" -
.OR. F$SEARCH("WRK_INSTALLTOP:[EXE]''arch'.DIR;1") .EQS. "" -
.OR. F$SEARCH("WRK_OPENSSLDIR:[000000]openssl.cnf") .EQS. ""
$ THEN
$ WRITE SYS$ERROR "''INSTALLTOP' doesn't look like an OpenSSL installation for ''arch'"
$ status = %x00018292 ! RMS$_FNF, file not found
$ GOTO bailout
$ ENDIF
$
$ ! Abbrevs
$ DEFT := DEFINE /TRANSLATION=CONCEALED /NOLOG 'P1'
$ DEF := DEFINE /NOLOG 'P1'
$ sv := {- sprintf "%02d%02d", $config{shlib_major}, $config{shlib_minor} -}
$ pz := {- $config{pointer_size} -}
$
$ DEFT OSSL$DATAROOT 'OPENSSLDIR_']
$ DEFT OSSL$INSTROOT 'INSTALLTOP_']
$ DEFT OSSL$INCLUDE 'INSTALLTOP_'INCLUDE.]
$ DEF OSSL$LIB OSSL$INSTROOT:[LIB.'arch']
$ DEF OSSL$SHARE OSSL$INSTROOT:[LIB.'arch']
$ DEF OSSL$ENGINES'sv''pz' OSSL$INSTROOT:[ENGINES'sv''pz'.'arch']
$ DEF OSSL$EXE OSSL$INSTROOT:[EXE.'arch'],-
OSSL$INSTROOT:[EXE]
$ DEF OSSL$LIBCRYPTO'pz' OSSL$LIB:OSSL$LIBCRYPTO'pz'.OLB
$ DEF OSSL$LIBSSL'pz' OSSL$LIB:OSSL$LIBSSL'pz'.OLB
${- output_off() if $config{no_shared}; "" -}
$ DEF OSSL$LIBCRYPTO'sv'_SHR'pz' OSSL$SHARE:OSSL$LIBCRYPTO'sv'_SHR'pz'.EXE
$ DEF OSSL$LIBSSL'sv'_SHR'pz' OSSL$SHARE:OSSL$LIBSSL'sv'_SHR'pz'.EXE
${- output_on() if $config{no_shared}; "" -}
$ DEF OPENSSL OSSL$INCLUDE:[OPENSSL]
$
$ IF P2 .NES. "NOALIASES"
$ THEN
$ DEF OSSL$ENGINES'pz' OSSL$ENGINES'sv''pz'
${- output_off() if $config{no_shared}; "" -}
$ DEF OSSL$LIBCRYPTO_SHR'pz' OSSL$LIBCRYPTO'sv'_SHR'pz'
$ DEF OSSL$LIBSSL_SHR'pz' OSSL$LIBSSL'sv'_SHR'pz'
${- output_on() if $config{no_shared}; "" -}
$ ENDIF
$
$ bailout:
$ DEASSIGN WRK_INSTALLTOP
$ DEASSIGN WRK_OPENSSLDIR
$
$ EXIT 'status'

20
deps/openssl/openssl/VMS/openssl_undo.com vendored
View file

@ -1,20 +0,0 @@
$!
$! Deassign OpenSSL logical names.
$!
$ call deass "OPENSSL" "''p1'"
$ call deass "SSLCERTS" "''p1'"
$ call deass "SSLEXE" "''p1'"
$ call deass "SSLINCLUDE" "''p1'"
$ call deass "SSLLIB" "''p1'"
$ call deass "SSLPRIVATE" "''p1'"
$ call deass "SSLROOT" "''p1'"
$!
$ exit
$!
$deass: subroutine
$ if (f$trnlnm( p1) .nes. "")
$ then
$ deassign 'p2' 'p1'
$ endif
$ endsubroutine
$!

46
deps/openssl/openssl/VMS/openssl_utils.com vendored
View file

@ -1,46 +0,0 @@
$!
$! APPS.COM
$! Written By: Robert Byer
$! Vice-President
$! A-Com Computing, Inc.
$! byer@mail.all-net.net
$!
$!
$! Slightly modified by Richard Levitte <richard@levitte.org>
$!
$!
$! Always define OPENSSL. Others are optional (non-null P1).
$!
$ OPENSSL :== $SSLEXE:OPENSSL
$
$ IF (P1 .NES. "")
$ THEN
$ VERIFY :== $SSLEXE:OPENSSL VERIFY
$ ASN1PARSE:== $SSLEXE:OPENSSL ASN1PARS
$! REQ could conflict with REQUEST.
$ OREQ :== $SSLEXE:OPENSSL REQ
$ DGST :== $SSLEXE:OPENSSL DGST
$ DH :== $SSLEXE:OPENSSL DH
$ ENC :== $SSLEXE:OPENSSL ENC
$ GENDH :== $SSLEXE:OPENSSL GENDH
$ ERRSTR :== $SSLEXE:OPENSSL ERRSTR
$ CA :== $SSLEXE:OPENSSL CA
$ CRL :== $SSLEXE:OPENSSL CRL
$ RSA :== $SSLEXE:OPENSSL RSA
$ DSA :== $SSLEXE:OPENSSL DSA
$ DSAPARAM :== $SSLEXE:OPENSSL DSAPARAM
$ X509 :== $SSLEXE:OPENSSL X509
$ GENRSA :== $SSLEXE:OPENSSL GENRSA
$ GENDSA :== $SSLEXE:OPENSSL GENDSA
$ S_SERVER :== $SSLEXE:OPENSSL S_SERVER
$ S_CLIENT :== $SSLEXE:OPENSSL S_CLIENT
$ SPEED :== $SSLEXE:OPENSSL SPEED
$ S_TIME :== $SSLEXE:OPENSSL S_TIME
$ VERSION :== $SSLEXE:OPENSSL VERSION
$ PKCS7 :== $SSLEXE:OPENSSL PKCS7
$ CRL2PKCS7:== $SSLEXE:OPENSSL CRL2P7
$ SESS_ID :== $SSLEXE:OPENSSL SESS_ID
$ CIPHERS :== $SSLEXE:OPENSSL CIPHERS
$ NSEQ :== $SSLEXE:OPENSSL NSEQ
$ PKCS12 :== $SSLEXE:OPENSSL PKCS12
$ ENDIF

14
deps/openssl/openssl/VMS/openssl_utils.com.in vendored Normal file
View file

@ -0,0 +1,14 @@
$ ! OpenSSL utilities
$ !
$
$ v := {- sprintf "%02d%02d", split(/\./, $config{version}) -}
$
$ OPENSSL'v' :== $OSSL$EXE:OPENSSL'v'
$ OPENSSL :== $OSSL$EXE:OPENSSL'v'
$
$ IF F$TYPE(PERL) .EQS. "STRING"
$ THEN
$ C_REHASH :== 'PERL' OSSL$EXE:c_rehash.pl
$ ELSE
$ WRITE SYS$ERROR "NOTE: no perl => no C_REHASH"
$ ENDIF

1
deps/openssl/openssl/VMS/socketshr_shr.opt vendored
View file

@ -1 +0,0 @@
socketshr/share

1
deps/openssl/openssl/VMS/tcpip_shr_decc.opt vendored
View file

@ -1 +0,0 @@
sys$share:tcpip$ipc_shr.exe/share

62
deps/openssl/openssl/VMS/translatesyms.pl vendored Normal file
View file

@ -0,0 +1,62 @@
#! /usr/bin/env perl
# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
# This script will translate any SYMBOL_VECTOR item that has a translation
# in CXX$DEMANGLER_DB. The latter is generated by and CC/DECC command that
# uses the qualifier /REPOSITORY with the build directory as value. When
# /NAMES=SHORTENED has been used, this file will hold the translations from
# the original symbols to the shortened variants.
#
# CXX$DEMAGLER_DB. is an ISAM file, but with the magic of RMS, it can be
# read as a text file, with each record as one line.
#
# The lines will have the following syntax for any symbol found that's longer
# than 31 characters:
#
# LONG_symbol_34567890123{cksum}$LONG_symbol_34567890123_more_than_31_chars
#
# $ is present at the end of the shortened symbol name, and is preceded by a
# 7 character checksum. The $ makes it easy to separate the shortened name
# from the original one.
use strict;
use warnings;
usage() if scalar @ARGV < 1;
my %translations = ();
open DEMANGLER_DATA, $ARGV[0]
or die "Couldn't open $ARGV[0]: $!\n";
while(<DEMANGLER_DATA>) {
s|\R$||;
(my $translated, my $original) = split /\$/;
$translations{$original} = $translated.'$';
}
close DEMANGLER_DATA;
$| = 1; # Autoflush
while(<STDIN>) {
s@
((?:[A-Za-z0-9_]+)\/)?([A-Za-z0-9_]+)=(PROCEDURE|DATA)
@
if (defined($translations{$2})) {
my $trans = $translations{$2};
my $trans_uc = uc $trans;
if (defined($1) && $trans ne $trans_uc) {
"$trans_uc/$trans=$3"
} else {
"$trans=$3"
}
} else {
$&
}
@gxe;
print $_;
}

1
deps/openssl/openssl/VMS/ucx_shr_decc.opt vendored
View file

@ -1 +0,0 @@
sys$share:ucx$ipc_shr.exe/share

1
deps/openssl/openssl/VMS/ucx_shr_decc_log.opt vendored
View file

@ -1 +0,0 @@
ucx$ipc_shr/share

1
deps/openssl/openssl/VMS/ucx_shr_vaxc.opt vendored
View file

@ -1 +0,0 @@
sys$library:ucx$ipc.olb/library

236
deps/openssl/openssl/apps/CA.com vendored
View file

@ -1,236 +0,0 @@
$! CA - wrapper around ca to make it easier to use ... basically ca requires
$! some setup stuff to be done before you can use it and this makes
$! things easier between now and when Eric is convinced to fix it :-)
$!
$! CA -newca ... will setup the right stuff
$! CA -newreq ... will generate a certificate request
$! CA -sign ... will sign the generated request and output
$!
$! At the end of that grab newreq.pem and newcert.pem (one has the key
$! and the other the certificate) and cat them together and that is what
$! you want/need ... I'll make even this a little cleaner later.
$!
$!
$! 12-Jan-96 tjh Added more things ... including CA -signcert which
$! converts a certificate to a request and then signs it.
$! 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG
$! environment variable so this can be driven from
$! a script.
$! 25-Jul-96 eay Cleaned up filenames some more.
$! 11-Jun-96 eay Fixed a few filename missmatches.
$! 03-May-96 eay Modified to use 'openssl cmd' instead of 'cmd'.
$! 18-Apr-96 tjh Original hacking
$!
$! Tim Hudson
$! tjh@cryptsoft.com
$!
$!
$! default ssleay.cnf file has setup as per the following
$! demoCA ... where everything is stored
$
$ IF F$TYPE(SSLEAY_CONFIG) .EQS. "" THEN SSLEAY_CONFIG := SSLLIB:SSLEAY.CNF
$
$ DAYS = "-days 365"
$ REQ = openssl + " req " + SSLEAY_CONFIG
$ CA = openssl + " ca " + SSLEAY_CONFIG
$ VERIFY = openssl + " verify"
$ X509 = openssl + " x509"
$ PKCS12 = openssl + " pkcs12"
$ echo = "write sys$Output"
$ RET = 1
$!
$! 2010-12-20 SMS.
$! Use a concealed logical name to reduce command line lengths, to
$! avoid DCL errors on VAX:
$! %DCL-W-TKNOVF, command element is too long - shorten
$! (Path segments like "openssl-1_0_1-stable-SNAP-20101217" accumulate
$! quickly.)
$!
$ CATOP = F$PARSE( F$ENVIRONMENT( "DEFAULT"), "[]")- "].;"+ ".demoCA.]"
$ define /translation_attributes = concealed CATOP 'CATOP'
$!
$ on error then goto clean_up
$ on control_y then goto clean_up
$!
$ CAKEY = "CATOP:[private]cakey.pem"
$ CACERT = "CATOP:[000000]cacert.pem"
$
$ __INPUT := SYS$COMMAND
$!
$ i = 1
$opt_loop:
$ if i .gt. 8 then goto opt_loop_end
$
$ prog_opt = F$EDIT(P'i',"lowercase")
$
$ IF (prog_opt .EQS. "?" .OR. prog_opt .EQS. "-h" .OR. prog_opt .EQS. "-help")
$ THEN
$ echo "usage: CA -newcert|-newreq|-newca|-sign|-verify"
$ goto clean_up
$ ENDIF
$!
$ IF (prog_opt .EQS. "-input")
$ THEN
$ ! Get input from somewhere other than SYS$COMMAND
$ i = i + 1
$ __INPUT = P'i'
$ GOTO opt_loop_continue
$ ENDIF
$!
$ IF (prog_opt .EQS. "-newcert")
$ THEN
$ ! Create a certificate.
$ DEFINE /USER_MODE SYS$INPUT '__INPUT'
$ REQ -new -x509 -keyout newreq.pem -out newreq.pem 'DAYS'
$ RET=$STATUS
$ echo "Certificate (and private key) is in newreq.pem"
$ GOTO opt_loop_continue
$ ENDIF
$!
$ IF (prog_opt .EQS. "-newreq")
$ THEN
$ ! Create a certificate request
$ DEFINE /USER_MODE SYS$INPUT '__INPUT'
$ REQ -new -keyout newreq.pem -out newreq.pem 'DAYS'
$ RET=$STATUS
$ echo "Request (and private key) is in newreq.pem"
$ GOTO opt_loop_continue
$ ENDIF
$!
$ IF (prog_opt .EQS. "-newca")
$ THEN
$ ! If explicitly asked for or it doesn't exist then setup the directory
$ ! structure that Eric likes to manage things.
$ IF F$SEARCH( "CATOP:[000000]serial.") .EQS. ""
$ THEN
$ CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[000000]
$ CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[certs]
$ CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[crl]
$ CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[newcerts]
$ CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[private]
$
$ OPEN /WRITE ser_file CATOP:[000000]serial.
$ WRITE ser_file "01"
$ CLOSE ser_file
$ APPEND /NEW_VERSION NL: CATOP:[000000]index.txt
$
$ ! The following is to make sure access() doesn't get confused. It
$ ! really needs one file in the directory to give correct answers...
$ COPY NLA0: CATOP:[certs].;
$ COPY NLA0: CATOP:[crl].;
$ COPY NLA0: CATOP:[newcerts].;
$ COPY NLA0: CATOP:[private].;
$ ENDIF
$!
$ IF F$SEARCH( CAKEY) .EQS. ""
$ THEN
$ READ '__INPUT' FILE -
/PROMPT="CA certificate filename (or enter to create): "
$ IF (FILE .NES. "") .AND. (F$SEARCH(FILE) .NES. "")
$ THEN
$ COPY 'FILE' 'CAKEY'
$ RET=$STATUS
$ ELSE
$ echo "Making CA certificate ..."
$ DEFINE /USER_MODE SYS$INPUT '__INPUT'
$ REQ -new -x509 -keyout 'CAKEY' -out 'CACERT' 'DAYS'
$ RET=$STATUS
$ ENDIF
$ ENDIF
$ GOTO opt_loop_continue
$ ENDIF
$!
$ IF (prog_opt .EQS. "-pkcs12")
$ THEN
$ i = i + 1
$ cname = P'i'
$ IF cname .EQS. "" THEN cname = "My certificate"
$ PKCS12 -in newcert.pem -inkey newreq.pem -certfile 'CACERT' -
-out newcert.p12 -export -name "''cname'"
$ RET=$STATUS
$ goto clean_up
$ ENDIF
$!
$ IF (prog_opt .EQS. "-xsign")
$ THEN
$!
$ DEFINE /USER_MODE SYS$INPUT '__INPUT'
$ CA -policy policy_anything -infiles newreq.pem
$ RET=$STATUS
$ GOTO opt_loop_continue
$ ENDIF
$!
$ IF ((prog_opt .EQS. "-sign") .OR. (prog_opt .EQS. "-signreq"))
$ THEN
$!
$ DEFINE /USER_MODE SYS$INPUT '__INPUT'
$ CA -policy policy_anything -out newcert.pem -infiles newreq.pem
$ RET=$STATUS
$ type newcert.pem
$ echo "Signed certificate is in newcert.pem"
$ GOTO opt_loop_continue
$ ENDIF
$!
$ IF (prog_opt .EQS. "-signcert")
$ THEN
$!
$ echo "Cert passphrase will be requested twice - bug?"
$ DEFINE /USER_MODE SYS$INPUT '__INPUT'
$ X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem
$ DEFINE /USER_MODE SYS$INPUT '__INPUT'
$ CA -policy policy_anything -out newcert.pem -infiles tmp.pem
y
y
$ type newcert.pem
$ echo "Signed certificate is in newcert.pem"
$ GOTO opt_loop_continue
$ ENDIF
$!
$ IF (prog_opt .EQS. "-verify")
$ THEN
$!
$ i = i + 1
$ IF (p'i' .EQS. "")
$ THEN
$ DEFINE /USER_MODE SYS$INPUT '__INPUT'
$ VERIFY "-CAfile" 'CACERT' newcert.pem
$ ELSE
$ j = i
$ verify_opt_loop:
$ IF j .GT. 8 THEN GOTO verify_opt_loop_end
$ IF p'j' .NES. ""
$ THEN
$ DEFINE /USER_MODE SYS$INPUT '__INPUT'
$ __tmp = p'j'
$ VERIFY "-CAfile" 'CACERT' '__tmp'
$ tmp=$STATUS
$ IF tmp .NE. 0 THEN RET=tmp
$ ENDIF
$ j = j + 1
$ GOTO verify_opt_loop
$ verify_opt_loop_end:
$ ENDIF
$
$ GOTO opt_loop_end
$ ENDIF
$!
$ IF (prog_opt .NES. "")
$ THEN
$!
$ echo "Unknown argument ''prog_opt'"
$ RET = 3
$ goto clean_up
$ ENDIF
$
$opt_loop_continue:
$ i = i + 1
$ GOTO opt_loop
$
$opt_loop_end:
$!
$clean_up:
$!
$ if f$trnlnm( "CATOP", "LNM$PROCESS") .nes. "" then -
deassign /process CATOP
$!
$ EXIT 'RET'

188
deps/openssl/openssl/apps/CA.pl vendored
View file

@ -1,188 +0,0 @@
#!/usr/bin/perl
#
# CA - wrapper around ca to make it easier to use ... basically ca requires
# some setup stuff to be done before you can use it and this makes
# things easier between now and when Eric is convinced to fix it :-)
#
# CA -newca ... will setup the right stuff
# CA -newreq[-nodes] ... will generate a certificate request
# CA -sign ... will sign the generated request and output
#
# At the end of that grab newreq.pem and newcert.pem (one has the key
# and the other the certificate) and cat them together and that is what
# you want/need ... I'll make even this a little cleaner later.
#
#
# 12-Jan-96 tjh Added more things ... including CA -signcert which
# converts a certificate to a request and then signs it.
# 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG
# environment variable so this can be driven from
# a script.
# 25-Jul-96 eay Cleaned up filenames some more.
# 11-Jun-96 eay Fixed a few filename missmatches.
# 03-May-96 eay Modified to use 'ssleay cmd' instead of 'cmd'.
# 18-Apr-96 tjh Original hacking
#
# Tim Hudson
# tjh@cryptsoft.com
#
# 27-Apr-98 snh Translation into perl, fix existing CA bug.
#
#
# Steve Henson
# shenson@bigfoot.com
# default openssl.cnf file has setup as per the following
# demoCA ... where everything is stored
my $openssl;
if(defined $ENV{OPENSSL}) {
$openssl = $ENV{OPENSSL};
} else {
$openssl = "openssl";
$ENV{OPENSSL} = $openssl;
}
$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
$DAYS="-days 365"; # 1 year
$CADAYS="-days 1095"; # 3 years
$REQ="$openssl req $SSLEAY_CONFIG";
$CA="$openssl ca $SSLEAY_CONFIG";
$VERIFY="$openssl verify";
$X509="$openssl x509";
$PKCS12="$openssl pkcs12";
$CATOP="./demoCA";
$CAKEY="cakey.pem";
$CAREQ="careq.pem";
$CACERT="cacert.pem";
$DIRMODE = 0777;
$RET = 0;
foreach (@ARGV) {
if ( /^(-\?|-h|-help)$/ ) {
print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-signcert|-verify\n";
exit 0;
} elsif (/^-newcert$/) {
# create a certificate
system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS");
$RET=$?;
print "Certificate is in newcert.pem, private key is in newkey.pem\n"
} elsif (/^-newreq$/) {
# create a certificate request
system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS");
$RET=$?;
print "Request is in newreq.pem, private key is in newkey.pem\n";
} elsif (/^-newreq-nodes$/) {
# create a certificate request
system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS");
$RET=$?;
print "Request is in newreq.pem, private key is in newkey.pem\n";
} elsif (/^-newca$/) {
# if explicitly asked for or it doesn't exist then setup the
# directory structure that Eric likes to manage things
$NEW="1";
if ( "$NEW" || ! -f "${CATOP}/serial" ) {
# create the directory hierarchy
mkdir $CATOP, $DIRMODE;
mkdir "${CATOP}/certs", $DIRMODE;
mkdir "${CATOP}/crl", $DIRMODE ;
mkdir "${CATOP}/newcerts", $DIRMODE;
mkdir "${CATOP}/private", $DIRMODE;
open OUT, ">${CATOP}/index.txt";
close OUT;
open OUT, ">${CATOP}/crlnumber";
print OUT "01\n";
close OUT;
}
if ( ! -f "${CATOP}/private/$CAKEY" ) {
print "CA certificate filename (or enter to create)\n";
$FILE = <STDIN>;
chop $FILE;
# ask user for existing CA certificate
if ($FILE) {
cp_pem($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
cp_pem($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
$RET=$?;
} else {
print "Making CA certificate ...\n";
system ("$REQ -new -keyout " .
"${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ");
system ("$CA -create_serial " .
"-out ${CATOP}/$CACERT $CADAYS -batch " .
"-keyfile ${CATOP}/private/$CAKEY -selfsign " .
"-extensions v3_ca " .
"-infiles ${CATOP}/$CAREQ ");
$RET=$?;
}
}
} elsif (/^-pkcs12$/) {
my $cname = $ARGV[1];
$cname = "My Certificate" unless defined $cname;
system ("$PKCS12 -in newcert.pem -inkey newkey.pem " .
"-certfile ${CATOP}/$CACERT -out newcert.p12 " .
"-export -name \"$cname\"");
$RET=$?;
print "PKCS #12 file is in newcert.p12\n";
exit $RET;
} elsif (/^-xsign$/) {
system ("$CA -policy policy_anything -infiles newreq.pem");
$RET=$?;
} elsif (/^(-sign|-signreq)$/) {
system ("$CA -policy policy_anything -out newcert.pem " .
"-infiles newreq.pem");
$RET=$?;
print "Signed certificate is in newcert.pem\n";
} elsif (/^(-signCA)$/) {
system ("$CA -policy policy_anything -out newcert.pem " .
"-extensions v3_ca -infiles newreq.pem");
$RET=$?;
print "Signed CA certificate is in newcert.pem\n";
} elsif (/^-signcert$/) {
system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " .
"-out tmp.pem");
system ("$CA -policy policy_anything -out newcert.pem " .
"-infiles tmp.pem");
$RET = $?;
print "Signed certificate is in newcert.pem\n";
} elsif (/^-verify$/) {
if (shift) {
foreach $j (@ARGV) {
system ("$VERIFY -CAfile $CATOP/$CACERT $j");
$RET=$? if ($? != 0);
}
exit $RET;
} else {
system ("$VERIFY -CAfile $CATOP/$CACERT newcert.pem");
$RET=$?;
exit 0;
}
} else {
print STDERR "Unknown arg $_\n";
print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
exit 1;
}
}
exit $RET;
sub cp_pem {
my ($infile, $outfile, $bound) = @_;
open IN, $infile;
open OUT, ">$outfile";
my $flag = 0;
while (<IN>) {
$flag = 1 if (/^-----BEGIN.*$bound/) ;
print OUT $_ if ($flag);
if (/^-----END.*$bound/) {
close IN;
close OUT;
return;
}
}
}

348
deps/openssl/openssl/apps/CA.pl.in vendored
View file

@ -1,188 +1,196 @@
#!/usr/local/bin/perl
#
# CA - wrapper around ca to make it easier to use ... basically ca requires
# some setup stuff to be done before you can use it and this makes
# things easier between now and when Eric is convinced to fix it :-)
#
# CA -newca ... will setup the right stuff
# CA -newreq[-nodes] ... will generate a certificate request
# CA -sign ... will sign the generated request and output
#
# At the end of that grab newreq.pem and newcert.pem (one has the key
# and the other the certificate) and cat them together and that is what
# you want/need ... I'll make even this a little cleaner later.
#
#
# 12-Jan-96 tjh Added more things ... including CA -signcert which
# converts a certificate to a request and then signs it.
# 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG
# environment variable so this can be driven from
# a script.
# 25-Jul-96 eay Cleaned up filenames some more.
# 11-Jun-96 eay Fixed a few filename missmatches.
# 03-May-96 eay Modified to use 'ssleay cmd' instead of 'cmd'.
# 18-Apr-96 tjh Original hacking
#
# Tim Hudson
# tjh@cryptsoft.com
#!{- $config{hashbangperl} -}
# Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
# 27-Apr-98 snh Translation into perl, fix existing CA bug.
#
# Wrapper around the ca to make it easier to use
#
# Steve Henson
# shenson@bigfoot.com
# {- join("\n# ", @autowarntext) -}
# default openssl.cnf file has setup as per the following
# demoCA ... where everything is stored
use strict;
use warnings;
my $openssl;
if(defined $ENV{OPENSSL}) {
$openssl = $ENV{OPENSSL};
my $openssl = "openssl";
if(defined $ENV{'OPENSSL'}) {
$openssl = $ENV{'OPENSSL'};
} else {
$openssl = "openssl";
$ENV{OPENSSL} = $openssl;
$ENV{'OPENSSL'} = $openssl;
}
$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
$DAYS="-days 365"; # 1 year
$CADAYS="-days 1095"; # 3 years
$REQ="$openssl req $SSLEAY_CONFIG";
$CA="$openssl ca $SSLEAY_CONFIG";
$VERIFY="$openssl verify";
$X509="$openssl x509";
$PKCS12="$openssl pkcs12";
my $verbose = 1;
$CATOP="./demoCA";
$CAKEY="cakey.pem";
$CAREQ="careq.pem";
$CACERT="cacert.pem";
my $OPENSSL_CONFIG = $ENV{"OPENSSL_CONFIG"} || "";
my $DAYS = "-days 365";
my $CADAYS = "-days 1095"; # 3 years
my $REQ = "$openssl req $OPENSSL_CONFIG";
my $CA = "$openssl ca $OPENSSL_CONFIG";
my $VERIFY = "$openssl verify";
my $X509 = "$openssl x509";
my $PKCS12 = "$openssl pkcs12";
$DIRMODE = 0777;
# default openssl.cnf file has setup as per the following
my $CATOP = "./demoCA";
my $CAKEY = "cakey.pem";
my $CAREQ = "careq.pem";
my $CACERT = "cacert.pem";
my $CACRL = "crl.pem";
my $DIRMODE = 0777;
$RET = 0;
my $NEWKEY = "newkey.pem";
my $NEWREQ = "newreq.pem";
my $NEWCERT = "newcert.pem";
my $NEWP12 = "newcert.p12";
my $RET = 0;
my $WHAT = shift @ARGV || "";
my $FILE;
foreach (@ARGV) {
if ( /^(-\?|-h|-help)$/ ) {
print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-signcert|-verify\n";
exit 0;
} elsif (/^-newcert$/) {
# create a certificate
system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS");
$RET=$?;
print "Certificate is in newcert.pem, private key is in newkey.pem\n"
} elsif (/^-newreq$/) {
# create a certificate request
system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS");
$RET=$?;
print "Request is in newreq.pem, private key is in newkey.pem\n";
} elsif (/^-newreq-nodes$/) {
# create a certificate request
system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS");
$RET=$?;
print "Request is in newreq.pem, private key is in newkey.pem\n";
} elsif (/^-newca$/) {
# if explicitly asked for or it doesn't exist then setup the
# directory structure that Eric likes to manage things
$NEW="1";
if ( "$NEW" || ! -f "${CATOP}/serial" ) {
# create the directory hierarchy
mkdir $CATOP, $DIRMODE;
mkdir "${CATOP}/certs", $DIRMODE;
mkdir "${CATOP}/crl", $DIRMODE ;
mkdir "${CATOP}/newcerts", $DIRMODE;
mkdir "${CATOP}/private", $DIRMODE;
open OUT, ">${CATOP}/index.txt";
close OUT;
open OUT, ">${CATOP}/crlnumber";
print OUT "01\n";
close OUT;
}
if ( ! -f "${CATOP}/private/$CAKEY" ) {
print "CA certificate filename (or enter to create)\n";
$FILE = <STDIN>;
# See if reason for a CRL entry is valid; exit if not.
sub crl_reason_ok
{
my $r = shift;
chop $FILE;
if ($r eq 'unspecified' || $r eq 'keyCompromise'
|| $r eq 'CACompromise' || $r eq 'affiliationChanged'
|| $r eq 'superseded' || $r eq 'cessationOfOperation'
|| $r eq 'certificateHold' || $r eq 'removeFromCRL') {
return 1;
}
print STDERR "Invalid CRL reason; must be one of:\n";
print STDERR " unspecified, keyCompromise, CACompromise,\n";
print STDERR " affiliationChanged, superseded, cessationOfOperation\n";
print STDERR " certificateHold, removeFromCRL";
exit 1;
}
# ask user for existing CA certificate
if ($FILE) {
cp_pem($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
cp_pem($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
$RET=$?;
} else {
print "Making CA certificate ...\n";
system ("$REQ -new -keyout " .
"${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ");
system ("$CA -create_serial " .
"-out ${CATOP}/$CACERT $CADAYS -batch " .
"-keyfile ${CATOP}/private/$CAKEY -selfsign " .
"-extensions v3_ca " .
"-infiles ${CATOP}/$CAREQ ");
$RET=$?;
}
}
} elsif (/^-pkcs12$/) {
my $cname = $ARGV[1];
$cname = "My Certificate" unless defined $cname;
system ("$PKCS12 -in newcert.pem -inkey newkey.pem " .
"-certfile ${CATOP}/$CACERT -out newcert.p12 " .
"-export -name \"$cname\"");
$RET=$?;
print "PKCS #12 file is in newcert.p12\n";
exit $RET;
} elsif (/^-xsign$/) {
system ("$CA -policy policy_anything -infiles newreq.pem");
$RET=$?;
} elsif (/^(-sign|-signreq)$/) {
system ("$CA -policy policy_anything -out newcert.pem " .
"-infiles newreq.pem");
$RET=$?;
print "Signed certificate is in newcert.pem\n";
} elsif (/^(-signCA)$/) {
system ("$CA -policy policy_anything -out newcert.pem " .
"-extensions v3_ca -infiles newreq.pem");
$RET=$?;
print "Signed CA certificate is in newcert.pem\n";
} elsif (/^-signcert$/) {
system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " .
"-out tmp.pem");
system ("$CA -policy policy_anything -out newcert.pem " .
"-infiles tmp.pem");
$RET = $?;
print "Signed certificate is in newcert.pem\n";
} elsif (/^-verify$/) {
if (shift) {
foreach $j (@ARGV) {
system ("$VERIFY -CAfile $CATOP/$CACERT $j");
$RET=$? if ($? != 0);
}
exit $RET;
} else {
system ("$VERIFY -CAfile $CATOP/$CACERT newcert.pem");
$RET=$?;
exit 0;
}
} else {
print STDERR "Unknown arg $_\n";
print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
exit 1;
}
# Copy a PEM-format file; return like exit status (zero means ok)
sub copy_pemfile
{
my ($infile, $outfile, $bound) = @_;
my $found = 0;
open IN, $infile || die "Cannot open $infile, $!";
open OUT, ">$outfile" || die "Cannot write to $outfile, $!";
while (<IN>) {
$found = 1 if /^-----BEGIN.*$bound/;
print OUT $_ if $found;
$found = 2, last if /^-----END.*$bound/;
}
close IN;
close OUT;
return $found == 2 ? 0 : 1;
}
# Wrapper around system; useful for debugging. Returns just the exit status
sub run
{
my $cmd = shift;
print "====\n$cmd\n" if $verbose;
my $status = system($cmd);
print "==> $status\n====\n" if $verbose;
return $status >> 8;
}
if ( $WHAT =~ /^(-\?|-h|-help)$/ ) {
print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-signcert|-verify\n";
print STDERR " CA -pkcs12 [certname]\n";
print STDERR " CA -crl|-revoke cert-filename [reason]\n";
exit 0;
}
if ($WHAT eq '-newcert' ) {
# create a certificate
$RET = run("$REQ -new -x509 -keyout $NEWKEY -out $NEWCERT $DAYS");
print "Cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0;
} elsif ($WHAT eq '-newreq' ) {
# create a certificate request
$RET = run("$REQ -new -keyout $NEWKEY -out $NEWREQ $DAYS");
print "Request is in $NEWREQ, private key is in $NEWKEY\n" if $RET == 0;
} elsif ($WHAT eq '-newreq-nodes' ) {
# create a certificate request
$RET = run("$REQ -new -nodes -keyout $NEWKEY -out $NEWREQ $DAYS");
print "Request is in $NEWREQ, private key is in $NEWKEY\n" if $RET == 0;
} elsif ($WHAT eq '-newca' ) {
# create the directory hierarchy
mkdir ${CATOP}, $DIRMODE;
mkdir "${CATOP}/certs", $DIRMODE;
mkdir "${CATOP}/crl", $DIRMODE ;
mkdir "${CATOP}/newcerts", $DIRMODE;
mkdir "${CATOP}/private", $DIRMODE;
open OUT, ">${CATOP}/index.txt";
close OUT;
open OUT, ">${CATOP}/crlnumber";
print OUT "01\n";
close OUT;
# ask user for existing CA certificate
print "CA certificate filename (or enter to create)\n";
$FILE = "" unless defined($FILE = <STDIN>);
$FILE =~ s{\R$}{};
if ($FILE ne "") {
copy_pemfile($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
copy_pemfile($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
} else {
print "Making CA certificate ...\n";
$RET = run("$REQ -new -keyout"
. " ${CATOP}/private/$CAKEY"
. " -out ${CATOP}/$CAREQ");
$RET = run("$CA -create_serial"
. " -out ${CATOP}/$CACERT $CADAYS -batch"
. " -keyfile ${CATOP}/private/$CAKEY -selfsign"
. " -extensions v3_ca"
. " -infiles ${CATOP}/$CAREQ") if $RET == 0;
print "CA certificate is in ${CATOP}/$CACERT\n" if $RET == 0;
}
} elsif ($WHAT eq '-pkcs12' ) {
my $cname = $ARGV[0];
$cname = "My Certificate" unless defined $cname;
$RET = run("$PKCS12 -in $NEWCERT -inkey $NEWKEY"
. " -certfile ${CATOP}/$CACERT"
. " -out $NEWP12"
. " -export -name \"$cname\"");
print "PKCS #12 file is in $NEWP12\n" if $RET == 0;
} elsif ($WHAT eq '-xsign' ) {
$RET = run("$CA -policy policy_anything -infiles $NEWREQ");
} elsif ($WHAT eq '-sign' ) {
$RET = run("$CA -policy policy_anything -out $NEWCERT -infiles $NEWREQ");
print "Signed certificate is in $NEWCERT\n" if $RET == 0;
} elsif ($WHAT eq '-signCA' ) {
$RET = run("$CA -policy policy_anything -out $NEWCERT"
. " -extensions v3_ca -infiles $NEWREQ");
print "Signed CA certificate is in $NEWCERT\n" if $RET == 0;
} elsif ($WHAT eq '-signcert' ) {
$RET = run("$X509 -x509toreq -in $NEWREQ -signkey $NEWREQ"
. " -out tmp.pem");
$RET = run("$CA -policy policy_anything -out $NEWCERT"
. " -infiles tmp.pem") if $RET == 0;
print "Signed certificate is in $NEWCERT\n" if $RET == 0;
} elsif ($WHAT eq '-verify' ) {
my @files = @ARGV ? @ARGV : ( $NEWCERT );
my $file;
foreach $file (@files) {
my $status = run("$VERIFY \"-CAfile\" ${CATOP}/$CACERT $file");
$RET = $status if $status != 0;
}
} elsif ($WHAT eq '-crl' ) {
$RET = run("$CA -gencrl -out ${CATOP}/crl/$CACRL");
print "Generated CRL is in ${CATOP}/crl/$CACRL\n" if $RET == 0;
} elsif ($WHAT eq '-revoke' ) {
my $cname = $ARGV[0];
if (!defined $cname) {
print "Certificate filename is required; reason optional.\n";
exit 1;
}
my $reason = $ARGV[1];
$reason = " -crl_reason $reason"
if defined $reason && crl_reason_ok($reason);
$RET = run("$CA -revoke \"$cname\"" . $reason);
} else {
print STDERR "Unknown arg \"$WHAT\"\n";
print STDERR "Use -help for help.\n";
exit 1;
}
exit $RET;
sub cp_pem {
my ($infile, $outfile, $bound) = @_;
open IN, $infile;
open OUT, ">$outfile";
my $flag = 0;
while (<IN>) {
$flag = 1 if (/^-----BEGIN.*$bound/) ;
print OUT $_ if ($flag);
if (/^-----END.*$bound/) {
close IN;
close OUT;
return;
}
}
}

198
deps/openssl/openssl/apps/CA.sh vendored
View file

@ -1,198 +0,0 @@
#!/bin/sh
#
# CA - wrapper around ca to make it easier to use ... basically ca requires
# some setup stuff to be done before you can use it and this makes
# things easier between now and when Eric is convinced to fix it :-)
#
# CA -newca ... will setup the right stuff
# CA -newreq ... will generate a certificate request
# CA -sign ... will sign the generated request and output
#
# At the end of that grab newreq.pem and newcert.pem (one has the key
# and the other the certificate) and cat them together and that is what
# you want/need ... I'll make even this a little cleaner later.
#
#
# 12-Jan-96 tjh Added more things ... including CA -signcert which
# converts a certificate to a request and then signs it.
# 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG
# environment variable so this can be driven from
# a script.
# 25-Jul-96 eay Cleaned up filenames some more.
# 11-Jun-96 eay Fixed a few filename missmatches.
# 03-May-96 eay Modified to use 'ssleay cmd' instead of 'cmd'.
# 18-Apr-96 tjh Original hacking
#
# Tim Hudson
# tjh@cryptsoft.com
#
# default openssl.cnf file has setup as per the following
# demoCA ... where everything is stored
cp_pem() {
infile=$1
outfile=$2
bound=$3
flag=0
exec <$infile;
while read line; do
if [ $flag -eq 1 ]; then
echo $line|grep "^-----END.*$bound" 2>/dev/null 1>/dev/null
if [ $? -eq 0 ] ; then
echo $line >>$outfile
break
else
echo $line >>$outfile
fi
fi
echo $line|grep "^-----BEGIN.*$bound" 2>/dev/null 1>/dev/null
if [ $? -eq 0 ]; then
echo $line >$outfile
flag=1
fi
done
}
usage() {
echo "usage: $0 -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify" >&2
}
if [ -z "$OPENSSL" ]; then OPENSSL=openssl; fi
if [ -z "$DAYS" ] ; then DAYS="-days 365" ; fi # 1 year
CADAYS="-days 1095" # 3 years
REQ="$OPENSSL req $SSLEAY_CONFIG"
CA="$OPENSSL ca $SSLEAY_CONFIG"
VERIFY="$OPENSSL verify"
X509="$OPENSSL x509"
PKCS12="openssl pkcs12"
if [ -z "$CATOP" ] ; then CATOP=./demoCA ; fi
CAKEY=./cakey.pem
CAREQ=./careq.pem
CACERT=./cacert.pem
RET=0
while [ "$1" != "" ] ; do
case $1 in
-\?|-h|-help)
usage
exit 0
;;
-newcert)
# create a certificate
$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS
RET=$?
echo "Certificate is in newcert.pem, private key is in newkey.pem"
;;
-newreq)
# create a certificate request
$REQ -new -keyout newkey.pem -out newreq.pem $DAYS
RET=$?
echo "Request is in newreq.pem, private key is in newkey.pem"
;;
-newreq-nodes)
# create a certificate request
$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS
RET=$?
echo "Request (and private key) is in newreq.pem"
;;
-newca)
# if explicitly asked for or it doesn't exist then setup the directory
# structure that Eric likes to manage things
NEW="1"
if [ "$NEW" -o ! -f ${CATOP}/serial ]; then
# create the directory hierarchy
mkdir -p ${CATOP}
mkdir -p ${CATOP}/certs
mkdir -p ${CATOP}/crl
mkdir -p ${CATOP}/newcerts
mkdir -p ${CATOP}/private
touch ${CATOP}/index.txt
fi
if [ ! -f ${CATOP}/private/$CAKEY ]; then
echo "CA certificate filename (or enter to create)"
read FILE
# ask user for existing CA certificate
if [ "$FILE" ]; then
cp_pem $FILE ${CATOP}/private/$CAKEY PRIVATE
cp_pem $FILE ${CATOP}/$CACERT CERTIFICATE
RET=$?
if [ ! -f "${CATOP}/serial" ]; then
$X509 -in ${CATOP}/$CACERT -noout -next_serial \
-out ${CATOP}/serial
fi
else
echo "Making CA certificate ..."
$REQ -new -keyout ${CATOP}/private/$CAKEY \
-out ${CATOP}/$CAREQ
$CA -create_serial -out ${CATOP}/$CACERT $CADAYS -batch \
-keyfile ${CATOP}/private/$CAKEY -selfsign \
-extensions v3_ca \
-infiles ${CATOP}/$CAREQ
RET=$?
fi
fi
;;
-xsign)
$CA -policy policy_anything -infiles newreq.pem
RET=$?
;;
-pkcs12)
if [ -z "$2" ] ; then
CNAME="My Certificate"
else
CNAME="$2"
fi
$PKCS12 -in newcert.pem -inkey newreq.pem -certfile ${CATOP}/$CACERT \
-out newcert.p12 -export -name "$CNAME"
RET=$?
exit $RET
;;
-sign|-signreq)
$CA -policy policy_anything -out newcert.pem -infiles newreq.pem
RET=$?
cat newcert.pem
echo "Signed certificate is in newcert.pem"
;;
-signCA)
$CA -policy policy_anything -out newcert.pem -extensions v3_ca -infiles newreq.pem
RET=$?
echo "Signed CA certificate is in newcert.pem"
;;
-signcert)
echo "Cert passphrase will be requested twice - bug?"
$X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem
$CA -policy policy_anything -out newcert.pem -infiles tmp.pem
RET=$?
cat newcert.pem
echo "Signed certificate is in newcert.pem"
;;
-verify)
shift
if [ -z "$1" ]; then
$VERIFY -CAfile $CATOP/$CACERT newcert.pem
RET=$?
else
for j
do
$VERIFY -CAfile $CATOP/$CACERT $j
if [ $? != 0 ]; then
RET=$?
fi
done
fi
exit $RET
;;
*)
echo "Unknown arg $i" >&2
usage
exit 1
;;
esac
shift
done
exit $RET

Some files were not shown because too many files have changed in this diff Show more