2505N/A# binary. This is Solaris-specific: not suitable for upstream.
797N/A+# For wanboot, we only need crypto and ssl.
797N/A+# 'apps' are not patched to work in stand-alone environment anyway.
797N/A+ifeq ($(PLATFORM), solaris64-sparcv9-cc-sunw-wanboot)
797N/A DIRS= crypto ssl engines apps test tools
797N/A+# For wanboot, we only need crypto and ssl.
797N/A+# 'apps' are not patched to work in stand-alone environment anyway.
797N/A+ifeq ($(PLATFORM), solaris64-sparcv9-cc-sunw-wanboot)
797N/A DIRS= crypto ssl engines apps test tools
2505N/A static void solaris_locking_callback(int mode, int type, const char *file,
6858N/A (void) pthread_mutex_lock(&solaris_openssl_locks[type]);
6858N/A (void) pthread_mutex_unlock(&solaris_openssl_locks[type]);
4364N/A static struct CRYPTO_dynlock_value *
4364N/A solaris_dynlock_create(const char *file, int line)
4364N/A return ((struct CRYPTO_dynlock_value *)dynlock);
4614N/A solaris_dynlock_lock(int mode, struct CRYPTO_dynlock_value *dynlock,
4364N/A const char *file, int line)
4364N/A solaris_dynlock_destroy(struct CRYPTO_dynlock_value *dynlock,
4364N/A const char *file, int line)
4364N/A ret = pthread_mutex_destroy((pthread_mutex_t *)dynlock);
6858N/A static void solaris_fork_prep(void)
6858N/A for (i = 0; i < CRYPTO_NUM_LOCKS; i++) {
6858N/A (void) pthread_mutex_lock(&solaris_openssl_locks[i]);
6858N/A static void solaris_fork_post(void)
6858N/A for (i = CRYPTO_NUM_LOCKS - 1; i >= 0; i--) {
6858N/A OPENSSL_assert(dynlock_lock_callback == solaris_dynlock_lock);
6858N/A OPENSSL_assert(dynlock_destroy_callback == solaris_dynlock_destroy);
6858N/A OPENSSL_assert(locking_callback == solaris_locking_callback);
6858N/A locking_callback = solaris_locking_callback;
4364N/A+ * pthread_* can't be used in wanboot.
4364N/A+ * wanboot needs not be thread-safe and mutexes and locking callback
4364N/A+ * function will not be setup for wanboot.
6858N/A /* allocate and initialize locks needed by OpenSSL */
6858N/A OPENSSL_malloc(sizeof (pthread_mutex_t) * CRYPTO_NUM_LOCKS);
6858N/A (void) pthread_atfork(solaris_fork_prep, solaris_fork_post, solaris_fork_post);
5169N/A MessageBox(NULL, buf, _T("OpenSSL: FATAL"), MB_OK | MB_ICONERROR);
4002N/A+ * Solaris
libsa.a used for WAN boot doesn't provide for vfprintf(). Since
4002N/A+ * OPENSSL_showfatal() is not used anywhere else then here we can safely use
4002N/A+ * the code from 0.9.7d version.
4002N/A void OPENSSL_showfatal(const char *fmta, ...)
4002N/A vfprintf(stderr, fmta, ap);
4002N/A int OPENSSL_isservice(void)
4002N/A void OpenSSLDie(const char *file, int line, const char *assertion)
4002N/A ("%s(%d): OpenSSL internal error, assertion failed: %s\n", file, line,
4364N/A+ "%s(%d): OpenSSL internal error, assertion failed: %s\n",
797N/A #if !defined(_WIN32) || defined(__CYGWIN__)
4002N/A * For historical reasons, the standard function for reading passwords is in
4002N/A * the DES library -- if someone ever wants to disable DES, this function
4002N/A OPENSSL_cleanse(buff, BUFSIZ);
4002N/A int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
4002N/A const unsigned char *salt, const unsigned char *data,
4002N/A # if defined(OPENSSL_SYS_LINUX) /* should actually be available virtually
4002N/A const char **egdsocket = NULL;
797N/A+/* open() is provided by standalone libsa not visible from here */
797N/A+extern int open(const char *, int);
4002N/A memset(randomstats, 0, sizeof(randomstats));
4002N/A-# if defined(OPENSSL_SYS_BEOS_R5)
4002N/A+# if defined(OPENSSL_SYS_BEOS_R5) || defined(_BOOT)
4002N/A * select() is broken in BeOS R5, so we simply try to read
4002N/A * something and snooze if we couldn't
4002N/A+ * select() is not available when linking stand-alone
4002N/A # elif defined(OPENSSL_SYS_LINUX)
4002N/A * Some Unixen will update t in select(), some won't. For
4002N/A * those who won't, or if we didn't use select() in the first
4002N/A (errno == EINTR || errno == EAGAIN)) && usec != 0
4002N/A+ while (r > 0 && n < ENTROPY_NEEDED);
4002N/A # endif /* defined(DEVRANDOM) */
4002N/A+# if defined(DEVRANDOM_EGD) && !defined(_BOOT)
4002N/A * Use an EGD socket to read entropy from an EGD or PRNGD entropy
4002N/A /* put in some default random data, we need more than just this */
4002N/A RAND_add(&l, sizeof(l), 0.0);
4002N/A RAND_add(&l, sizeof(l), 0.0);
4002N/A # if defined(OPENSSL_SYS_BEOS)
797N/A /* We need to define this to get macros like S_IFBLK and S_IFCHR */
1426N/A #if !defined(OPENSSL_SYS_VXWORKS)
3070N/A int RAND_write_file(const char *file)
4002N/A unsigned char buf[BUFSIZE];
797N/A+static int get_ip(const char *str, unsigned char ip[4])
4002N/A+ tmp[0]=tmp[1]=tmp[2]=tmp[3]=0;
4002N/A+ if ((c >= '0') && (c <= '9')) {
4002N/A+ tmp[num] = tmp[num]*10+c-'0';
4002N/A+ } else if (c == '\0' && (num == 3) && ok)
797N/A static int ipv4_from_asc(unsigned char *v4, const char *in)
4002N/A if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4)
4002N/A if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255)
4002N/A # define get_last_socket_error() errno
4002N/A # define clear_socket_error() errno=0
4002N/A # define ioctlsocket(a,b,c) ioctl(a,b,c)
797N/A+extern int socket_read(int, void *, size_t, int);
797N/A+extern int socket_close(int);
4002N/A+# define closesocket(s) socket_close(s)
4002N/A+# define readsocket(s,b,n) socket_read((s),(b),(n), 200)
4002N/A+# define writesocket(s,b,n) send((s),(b),(n), 0)
4002N/A # define closesocket(s) close(s)
4002N/A # define readsocket(s,b,n) read((s),(b),(n))
4002N/A # define writesocket(s,b,n) write((s),(b),(n))
4002N/A # ifdef WIN16 /* never the case */
4002N/A # define MS_CALLBACK _far _loadds
4820N/A #if defined(__GNUC__) && defined(__linux)
4820N/A __attribute__ ((visibility("hidden")))
4820N/A unsigned int OPENSSL_sparcv9cap_P[2] = { SPARCV9_TICK_PRIVILEGED, 0 };
4820N/A+unsigned int OPENSSL_sparcv9cap_P[2] = { SPARCV9_VIS1, 0 };
4002N/A int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
4002N/A const BN_ULONG *np, const BN_ULONG *n0, int num)
4820N/A size_t _sparcv9_vis1_instrument_bus(unsigned int *, size_t);
4820N/A size_t _sparcv9_vis1_instrument_bus2(unsigned int *, size_t, size_t);
797N/A unsigned long OPENSSL_rdtsc(void)
4820N/A if (OPENSSL_sparcv9cap_P[0] & SPARCV9_TICK_PRIVILEGED)
4820N/A-#if 0 && defined(__sun) && defined(__SVR4)
797N/A+ * Hardcoding sparc capabilities for wanboot.
797N/A+ * Older CPUs are EOLed anyway.
797N/A+void OPENSSL_cpuid_setup(void)
4820N/A+ OPENSSL_sparcv9cap_P[0] = SPARCV9_VIS1;
797N/A+#elif 0 && defined(__sun) && defined(__SVR4)
797N/A .type OPENSSL_cleanse,#function
797N/A .size OPENSSL_cleanse,.-OPENSSL_cleanse
4820N/A .global _sparcv9_vis1_instrument_bus
4820N/A _sparcv9_vis1_instrument_bus:
797N/A SHARED_LIB= libcrypto$(SHLIB_EXT)
4820N/A if (!ssl_get_new_session(s, 0))
4820N/A if (s->method->version == DTLS_ANY_VERSION) {
4820N/A /* Determine which DTLS version to use */
4820N/A s->client_version = s->version;
4820N/A /* else use the pre-loaded session */
4820N/A if (i && ssl_fill_hello_random(s, 0, p,
4820N/A sizeof(s->s3->client_random)) <= 0)
4820N/A+ if (i && RAND_pseudo_bytes(p, sizeof(s->s3->client_random)) <= 0)
4002N/A /* Do the message type and length last */
4820N/A d = p = (unsigned char *)s->init_msg;
4820N/A if (s->method->version == DTLS_ANY_VERSION) {
4820N/A /* Work out correct protocol version to use */
4820N/A int hversion = (p[0] << 8) | p[1];
4820N/A s->session->ssl_version = s->version = s->method->version;
4820N/A if ((p[0] != (s->version >> 8)) || (p[1] != (s->version & 0xff))) {
4820N/A SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_SSL_VERSION);
4002N/A * Apparently we're using a version-flexible SSL_METHOD (not at its
4002N/A * highest protocol version).
4002N/A if (s->ctx->method->version == SSLv23_method()->version) {
4002N/A+ if (s->ctx->method->version == TLS1_2_VERSION) {
3325N/A #if TLS_MAX_VERSION != TLS1_2_VERSION
4002N/A # error Code needs update for SSLv23_method() support beyond TLS1_2_VERSION.
4820N/A EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
4820N/A # if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256)
4820N/A EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256());
4820N/A EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256());
4820N/A if (!custom_exts_copy(&ret->cli_ext, &cert->cli_ext))
4820N/A if (!custom_exts_copy(&ret->srv_ext, &cert->srv_ext))
4820N/A custom_exts_free(&ret->cli_ext);
4820N/A custom_exts_free(&ret->srv_ext);
4820N/A OPENSSL_free(c->ciphers_raw);
4820N/A custom_exts_free(&c->cli_ext);
4820N/A custom_exts_free(&c->srv_ext);
5912N/A OPENSSL_free(c->alpn_proposed);
4820N/A static int cmd_ServerInfoFile(SSL_CONF_CTX *cctx, const char *value)
4820N/A static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value)
4820N/A SSL_CONF_CMD_STRING(Options, NULL),
4820N/A SSL_CONF_CMD(Certificate, "cert", SSL_CONF_TYPE_FILE),
4820N/A SSL_CONF_CMD(PrivateKey, "key", SSL_CONF_TYPE_FILE),
4820N/A SSL_CONF_CMD(ServerInfoFile, NULL, SSL_CONF_TYPE_FILE),
4820N/A SSL_CONF_CMD(DHParameters, "dhparam", SSL_CONF_TYPE_FILE)
4820N/A static int serverinfo_srv_parse_cb(SSL *s, unsigned int ext_type,
4820N/A size_t inlen, int *al, void *arg)
4820N/A # endif /* OPENSSL_NO_STDIO */
4820N/A #endif /* OPENSSL_NO_TLSEXT */
4820N/A custom_ext_init(&s->cert->cli_ext);
4820N/A /* Add custom TLS Extensions to ClientHello */
4820N/A if (!custom_ext_add(s, 0, &ret, limit, al))
4820N/A * Add padding to workaround bugs in F5 terminators. See
4820N/A if (!custom_ext_add(s, 1, &ret, limit, al))
4820N/A if (s->s3->alpn_selected) {
4820N/A const unsigned char *selected = s->s3->alpn_selected;
4820N/A * Parse any custom extensions found. "data" is the start of the extension data
4820N/A * and "limit" is the end of the record. TODO: add strict syntax checking.
5169N/A int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p,
4820N/A custom_ext_init(&s->cert->srv_ext);
5169N/A if (ssl_scan_clienthello_custom_tlsext(s, ptmp, limit, &al) <= 0) {
4820N/A ssl3_send_alert(s, SSL3_AL_FATAL, al);
4820N/A * If this extension type was not otherwise handled, but matches a
4820N/A * custom_cli_ext_record, then send it to the c callback
4820N/A else if (custom_ext_parse(s, 0, type, data, size, al) <= 0)
4820N/A x->sig_alg, x->signature, x->cert_info, ctx);
4820N/A int X509_http_nbio(OCSP_REQ_CTX *rctx, X509 **pcert)
4820N/A return OCSP_REQ_CTX_nbio_d2i(rctx,
4820N/A (ASN1_VALUE **)pcert, ASN1_ITEM_rptr(X509));
4820N/A int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md)
4820N/A int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl)
4820N/A return OCSP_REQ_CTX_nbio_d2i(rctx,
4820N/A int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md)
4820N/A return do_dh_print(bp, x, 4, NULL, 0);
4820N/A static int dh_cms_decrypt(CMS_RecipientInfo *ri);
4820N/A static int dh_cms_encrypt(CMS_RecipientInfo *ri);
4820N/A const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
4820N/A static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx,
4820N/A case EVP_PKEY_CTRL_DH_RFC5114:
4820N/A case EVP_PKEY_CTRL_PEER_KEY:
4820N/A /* Default behaviour is OK */
4820N/A case EVP_PKEY_CTRL_DH_KDF_TYPE:
4820N/A if (p1 != EVP_PKEY_DH_KDF_NONE && p1 != EVP_PKEY_DH_KDF_X9_42)
4820N/A+ if (p1 != EVP_PKEY_DH_KDF_NONE)
4820N/A return EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len);
4820N/A if (!strcmp(type, "dh_rfc5114")) {
4820N/A DH_PKEY_CTX *dctx = ctx->data;
4820N/A if (!strcmp(type, "dh_paramgen_generator")) {
4820N/A DH_PKEY_CTX *dctx = ctx->data;
4820N/A switch (dctx->rfc5114_param) {
4820N/A EVP_PKEY_assign(pkey, EVP_PKEY_DHX, dh);
4820N/A } else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {
4820N/A EVP_add_cipher(EVP_des_ecb());
4820N/A EVP_add_cipher(EVP_des_ede());
4820N/A EVP_add_cipher(EVP_des_ede3());
4820N/A EVP_add_cipher(EVP_des_ede3_wrap());
4820N/A EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
4820N/A # if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256)
4820N/A EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256());
4820N/A EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256());
4820N/A if (ri->type == CMS_RECIPINFO_TRANS)
4820N/A else if (ri->type == CMS_RECIPINFO_AGREE) {
4820N/A if (!pkey->ameth || !pkey->ameth->pkey_ctrl)
4820N/A if (ri->type == CMS_RECIPINFO_TRANS)
4820N/A else if (ri->type == CMS_RECIPINFO_AGREE)
4820N/A if (!cms_RecipientInfo_kari_init(ri, recip, pk, flags))
4820N/A CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
4820N/A return cms_RecipientInfo_ktri_encrypt(cms, ri);
4820N/A return cms_RecipientInfo_kari_encrypt(cms, ri);
4820N/A return cms_RecipientInfo_kekri_encrypt(cms, ri);