mirror/openssl
1
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-12-30 00:50:11 +08:00
Code Issues Actions 20 Packages Projects Releases Wiki Activity

Compare commits

base: mirror:feature/ech
Branches Tags
mirror:master mirror:openssl-3.3 mirror:openssl-3.4 mirror:openssl-3.5 mirror:openssl-3.6 mirror:openssl-3.0 mirror:feature/removesslv3 mirror:feature/dtls-1.3 mirror:feature/ossl_fn mirror:feature/method-store-freeze mirror:feature/engineremoval mirror:openssl-3.2 mirror:feature/ech mirror:feature/quic-0-rtt mirror:feature/evp_skey mirror:feature/acert-cli mirror:openssl-3.1 mirror:feature/hss mirror:OpenSSL_1_1_1-stable mirror:OpenSSL_1_0_2-stable mirror:OpenSSL_1_1_0-stable mirror:OpenSSL-fips-2_0-stable mirror:OpenSSL-fips-2_0-dev mirror:tls1.3-draft-18 mirror:tls1.3-draft-19 mirror:OpenSSL_1_0_1-stable mirror:OpenSSL_1_0_0-stable mirror:OpenSSL_0_9_8-stable mirror:OpenSSL-fips-1_2-stable mirror:OpenSSL-fips-0_9_8-stable mirror:OpenSSL_0_9_7-stable mirror:OpenSSL_0_9_8fg-stable mirror:OpenSSL-fips2-0_9_7-stable mirror:OpenSSL_0_9_6-stable mirror:OpenSSL-engine-0_9_6-stable mirror:OpenSSL-fips-0_9_7-stable mirror:SSLeay
mirror:3.4-POST-CLANG-FORMAT-WEBKIT mirror:3.4-PRE-CLANG-FORMAT-WEBKIT mirror:3.0-POST-CLANG-FORMAT-WEBKIT mirror:3.0-PRE-CLANG-FORMAT-WEBKIT mirror:3.3-POST-CLANG-FORMAT-WEBKIT mirror:3.3-PRE-CLANG-FORMAT-WEBKIT mirror:3.5-POST-CLANG-FORMAT-WEBKIT mirror:3.5-PRE-CLANG-FORMAT-WEBKIT mirror:3.6-POST-CLANG-FORMAT-WEBKIT mirror:3.6-PRE-CLANG-FORMAT-WEBKIT mirror:4.0-POST-CLANG-FORMAT-WEBKIT mirror:4.0-PRE-CLANG-FORMAT-WEBKIT mirror:openssl-3.6.0 mirror:openssl-3.0.18 mirror:openssl-3.2.6 mirror:openssl-3.3.5 mirror:openssl-3.4.3 mirror:openssl-3.5.4 mirror:openssl-3.6.0-beta1 mirror:openssl-3.5.3 mirror:openssl-3.6.0-alpha1 mirror:openssl-3.5.2 mirror:openssl-3.0.17 mirror:openssl-3.2.5 mirror:openssl-3.3.4 mirror:openssl-3.4.2 mirror:openssl-3.5.1 mirror:openssl-3.5.0 mirror:openssl-3.5.0-beta1 mirror:openssl-3.5.0-alpha1 mirror:openssl-3.0.16 mirror:openssl-3.1.8 mirror:openssl-3.2.4 mirror:openssl-3.3.3 mirror:openssl-3.4.1 mirror:openssl-3.4.0 mirror:openssl-3.4.0-beta1 mirror:openssl-3.4.0-alpha1 mirror:openssl-3.0.15 mirror:openssl-3.1.7 mirror:openssl-3.2.3 mirror:openssl-3.3.2 mirror:openssl-3.0.14 mirror:openssl-3.1.6 mirror:openssl-3.2.2 mirror:openssl-3.3.1 mirror:openssl-3.3.0 mirror:openssl-3.3.0-beta1 mirror:openssl-3.3.0-alpha1 mirror:openssl-3.0.13 mirror:openssl-3.1.5 mirror:openssl-3.2.1 mirror:openssl-3.2.0 mirror:openssl-3.2.0-beta1 mirror:openssl-3.0.12 mirror:openssl-3.1.4 mirror:openssl-3.2.0-alpha2 mirror:openssl-3.0.11 mirror:openssl-3.1.3 mirror:OpenSSL_1_1_1w mirror:openssl-3.2.0-alpha1 mirror:OpenSSL_1_1_1v mirror:openssl-3.0.10 mirror:openssl-3.1.2 mirror:OpenSSL_1_1_1u mirror:openssl-3.0.9 mirror:openssl-3.1.1 mirror:openssl-3.1.0 mirror:openssl-3.0.8 mirror:OpenSSL_1_1_1t mirror:openssl-3.1.0-beta1 mirror:openssl-3.1.0-alpha1 mirror:openssl-3.0.7 mirror:OpenSSL_1_1_1s mirror:OpenSSL_1_1_1r mirror:openssl-3.0.6 mirror:OpenSSL_1_1_1q mirror:openssl-3.0.5 mirror:OpenSSL_1_1_1p mirror:openssl-3.0.4 mirror:OpenSSL_1_1_1o mirror:openssl-3.0.3 mirror:OpenSSL_1_1_1n mirror:openssl-3.0.2 mirror:openssl-3.0.1 mirror:OpenSSL_1_1_1m mirror:openssl-3.0.0 mirror:OpenSSL_1_1_1l mirror:openssl-3.0.0-beta2 mirror:openssl-3.0.0-beta1 mirror:openssl-3.0.0-alpha17 mirror:openssl-3.0.0-alpha16 mirror:openssl-3.0.0-alpha15 mirror:openssl-3.0.0-alpha14 mirror:OpenSSL_1_1_1k mirror:openssl-3.0.0-alpha13 mirror:openssl-3.0.0-alpha12 mirror:OpenSSL_1_1_1j mirror:openssl-3.0.0-alpha11 mirror:openssl-3.0.0-alpha10 mirror:OpenSSL_1_1_1i mirror:openssl-3.0.0-alpha9 mirror:openssl-3.0.0-alpha8 mirror:openssl-3.0.0-alpha7 mirror:OpenSSL_1_1_1h mirror:openssl-3.0.0-alpha6 mirror:openssl-3.0.0-alpha5 mirror:openssl-3.0.0-alpha4 mirror:openssl-3.0.0-alpha3 mirror:openssl-3.0.0-alpha2 mirror:openssl-3.0.0-alpha1 mirror:OpenSSL_1_1_1g mirror:OpenSSL_1_1_1f mirror:OpenSSL_1_1_1e mirror:OpenSSL_1_0_2u mirror:OpenSSL_1_0_2t mirror:OpenSSL_1_1_0l mirror:OpenSSL_1_1_1d mirror:OpenSSL_1_1_1c mirror:OpenSSL_1_1_0k mirror:OpenSSL_1_0_2s mirror:OpenSSL_1_0_2r mirror:OpenSSL_1_1_1b mirror:OpenSSL_1_0_2q mirror:OpenSSL_1_1_0j mirror:OpenSSL_1_1_1a mirror:OpenSSL_1_1_1 mirror:OpenSSL_1_1_1-pre9 mirror:OpenSSL_1_0_2p mirror:OpenSSL_1_1_0i mirror:OpenSSL_1_1_1-pre8 mirror:OpenSSL_1_1_1-pre7 mirror:OpenSSL_1_1_1-pre6 mirror:OpenSSL_1_1_1-pre5 mirror:OpenSSL_1_1_1-pre4 mirror:OpenSSL_1_0_2o mirror:OpenSSL_1_1_0h mirror:OpenSSL_1_1_1-pre3 mirror:OpenSSL_1_1_1-pre2 mirror:OpenSSL_1_1_1-pre1 mirror:OpenSSL_1_0_2n mirror:OpenSSL_1_0_2m mirror:OpenSSL_1_1_0g mirror:OpenSSL-fips-2_0_16 mirror:OpenSSL-fips-2_0_15 mirror:OpenSSL_1_0_2l mirror:OpenSSL_1_1_0f mirror:OpenSSL-fips-2_0_14 mirror:OpenSSL_1_1_0e mirror:OpenSSL_1_0_2k mirror:OpenSSL_1_1_0d mirror:OpenSSL-fips-2_0_13 mirror:OpenSSL_1_1_0c mirror:OpenSSL_1_0_2j mirror:OpenSSL_1_1_0b mirror:OpenSSL_1_0_1u mirror:OpenSSL_1_0_2i mirror:OpenSSL_1_1_0a mirror:OpenSSL_1_1_0 mirror:OpenSSL_1_1_0-pre6 mirror:OpenSSL_1_0_1t mirror:OpenSSL_1_0_2h mirror:OpenSSL_1_1_0-pre5 mirror:OpenSSL_1_1_0-pre4 mirror:OpenSSL_1_0_1s mirror:OpenSSL_1_0_2g mirror:OpenSSL_1_1_0-pre3 mirror:OpenSSL-fips-2_0_12 mirror:OpenSSL-fips-2_0_11 mirror:OpenSSL-fips-2_0_10 mirror:OpenSSL_1_0_1r mirror:OpenSSL_1_0_2f mirror:OpenSSL_1_1_0-pre2 mirror:OpenSSL_1_1_0-pre1 mirror:OpenSSL_0_9_8zh mirror:OpenSSL_1_0_0t mirror:OpenSSL_1_0_1q mirror:OpenSSL_1_0_2e mirror:OpenSSL_1_0_1p mirror:OpenSSL_1_0_2d mirror:OpenSSL_1_0_1o mirror:OpenSSL_1_0_2c mirror:OpenSSL_0_9_8zg mirror:OpenSSL_1_0_0s mirror:OpenSSL_1_0_1n mirror:OpenSSL_1_0_2b mirror:OpenSSL-fips-2_0_9 mirror:OpenSSL_0_9_8zf mirror:OpenSSL_1_0_0r mirror:OpenSSL_1_0_1m mirror:OpenSSL_1_0_2a mirror:OpenSSL_0_9_8-pre-reformat mirror:OpenSSL_0_9_8-pre-auto-reformat mirror:OpenSSL_0_9_8-post-auto-reformat mirror:OpenSSL_0_9_8-post-reformat mirror:OpenSSL_1_0_0-pre-reformat mirror:OpenSSL_1_0_0-pre-auto-reformat mirror:OpenSSL_1_0_0-post-auto-reformat mirror:OpenSSL_1_0_0-post-reformat mirror:OpenSSL_1_0_1-pre-reformat mirror:OpenSSL_1_0_1-pre-auto-reformat mirror:OpenSSL_1_0_1-post-auto-reformat mirror:OpenSSL_1_0_1-post-reformat mirror:OpenSSL_1_0_2-pre-reformat mirror:OpenSSL_1_0_2-pre-auto-reformat mirror:OpenSSL_1_0_2-post-auto-reformat mirror:OpenSSL_1_0_2-post-reformat mirror:master-pre-reformat mirror:master-pre-auto-reformat mirror:master-post-auto-reformat mirror:master-post-reformat mirror:OpenSSL_1_0_2 mirror:OpenSSL_0_9_8ze mirror:OpenSSL_1_0_0q mirror:OpenSSL_1_0_1l mirror:OpenSSL_0_9_8zd mirror:OpenSSL_1_0_0p mirror:OpenSSL_1_0_1k mirror:OpenSSL-fips-2_0_8 mirror:OpenSSL_1_0_1j mirror:OpenSSL_1_0_0o mirror:OpenSSL_0_9_8zc mirror:OpenSSL_1_0_2-beta3 mirror:OpenSSL_0_9_8zb mirror:OpenSSL_1_0_0n mirror:OpenSSL_1_0_1i mirror:OpenSSL_1_0_2-beta2 mirror:OpenSSL-fips-2_0_7 mirror:OpenSSL_1_0_1h mirror:OpenSSL_1_0_0m mirror:OpenSSL_0_9_8za mirror:OpenSSL-fips-2_0_6 mirror:OpenSSL_1_0_1g mirror:OpenSSL_1_0_2-beta1 mirror:OpenSSL_1_0_0l mirror:OpenSSL_1_0_1f mirror:OpenSSL-fips-2_0_4 mirror:OpenSSL-fips-2_0_5 mirror:OpenSSL-fips-2_0_3 mirror:OpenSSL-fips-2_0_2 mirror:OpenSSL_1_0_1e mirror:OpenSSL_1_0_0k mirror:OpenSSL_1_0_1d mirror:OpenSSL_0_9_8y mirror:OpenSSL-fips-2_0-pl1 mirror:OpenSSL-fips-2_0_1 mirror:OpenSSL_1_0_1c mirror:OpenSSL_1_0_0j mirror:OpenSSL_0_9_8x mirror:OpenSSL_1_0_1b mirror:OpenSSL_0_9_8w mirror:OpenSSL_1_0_1a mirror:OpenSSL_0_9_8v mirror:OpenSSL_1_0_0i mirror:OpenSSL_1_0_1 mirror:OpenSSL_1_0_0h mirror:OpenSSL_0_9_8u mirror:OpenSSL_1_0_1-beta3 mirror:OpenSSL_1_0_1-beta2 mirror:OpenSSL-fips-2_0-rc9 mirror:OpenSSL-fips-2_0 mirror:OpenSSL_1_0_0g mirror:OpenSSL_0_9_8t mirror:OpenSSL_0_9_8s mirror:OpenSSL_1_0_0f mirror:OpenSSL-fips-2_0-rc8 mirror:OpenSSL_1_0_1-beta1 mirror:OpenSSL-fips-2_0-rc7 mirror:OpenSSL-fips-2_0-rc6 mirror:OpenSSL-fips-2_0-rc5 mirror:OpenSSL-fips-2_0-rc4 mirror:OpenSSL-fips-2_0-rc3 mirror:OpenSSL-fips-2_0-rc2 mirror:OpenSSL-fips-2_0-rc1 mirror:OpenSSL-fips-1_2_3 mirror:OpenSSL-fips-1_2_2 mirror:OpenSSL-fips-1_2_1 mirror:OpenSSL_1_0_0e mirror:OpenSSL_1_0_0d mirror:OpenSSL_0_9_8r mirror:OpenSSL_0_9_8q mirror:OpenSSL_1_0_0c mirror:OpenSSL_0_9_8p mirror:OpenSSL_1_0_0b mirror:OpenSSL_0_9_8o mirror:OpenSSL_1_0_0a mirror:OpenSSL_1_0_0 mirror:OpenSSL_0_9_8n mirror:OpenSSL_0_9_8m mirror:OpenSSL_0_9_8m-beta1 mirror:OpenSSL_1_0_0-beta5 mirror:OpenSSL_1_0_0-beta4 mirror:OpenSSL_0_9_8l mirror:OpenSSL_1_0_0-beta3 mirror:OpenSSL_1_0_0-beta2 mirror:OpenSSL_1_0_0-beta1 mirror:OpenSSL_0_9_8k mirror:OpenSSL_0_9_8j mirror:OpenSSL_0_9_8i mirror:OpenSSL_0_9_8h mirror:OpenSSL_0_9_8g mirror:OpenSSL_0_9_8f mirror:OpenSSL-fips-1_2_0 mirror:FIPS_098_TEST_8 mirror:FIPS_098_TEST_7 mirror:FIPS_098_TEST_6 mirror:FIPS_098_TEST_5 mirror:FIPS_098_TEST_4 mirror:FIPS_098_TEST_3 mirror:FIPS_098_TEST_2 mirror:FIPS_098_TEST_1 mirror:OpenSSL_0_9_7m mirror:OpenSSL_0_9_8e mirror:OpenSSL_0_9_7l mirror:OpenSSL_0_9_8d mirror:OpenSSL_0_9_8c mirror:OpenSSL_0_9_7k mirror:OpenSSL_0_9_7j mirror:OpenSSL_0_9_8b mirror:OpenSSL_FIPS_1_0 mirror:OpenSSL_0_9_7i mirror:OpenSSL_0_9_8a mirror:OpenSSL_0_9_7h mirror:OpenSSL_0_9_8 mirror:FIPS_TEST_10 mirror:OpenSSL_0_9_8-beta6 mirror:OpenSSL_0_9_8-beta5 mirror:FIPS_TEST_9 mirror:OpenSSL_0_9_8-beta4 mirror:OpenSSL_0_9_8-beta3 mirror:BEN_FIPS_TEST_8 mirror:OpenSSL_0_9_8-beta2 mirror:OpenSSL_0_9_8-beta1 mirror:OpenSSL_0_9_7g mirror:OpenSSL_0_9_7f mirror:BEN_FIPS_TEST_7 mirror:BEN_FIPS_TEST_6 mirror:OpenSSL_0_9_7e mirror:OpenSSL_0_9_7d mirror:OpenSSL-engine-0_9_6m mirror:OpenSSL_0_9_6m mirror:LEVITTE_after_const mirror:LEVITTE_before_const mirror:BEN_FIPS_TEST_5 mirror:BEN_FIPS_TEST_4 mirror:OpenSSL-engine-0_9_6l mirror:OpenSSL_0_9_6l mirror:BEN_FIPS_TEST_3 mirror:BEN_FIPS_TEST_2 mirror:BEN_FIPS_TEST_1 mirror:OpenSSL-engine-0_9_6k mirror:OpenSSL_0_9_6k mirror:OpenSSL_0_9_7c mirror:OpenSSL-engine-0_9_6j mirror:OpenSSL_0_9_7b mirror:OpenSSL_0_9_6j mirror:OpenSSL-engine-0_9_6i mirror:OpenSSL_0_9_6i mirror:OpenSSL_0_9_7a mirror:OpenSSL_0_9_7 mirror:OpenSSL_0_9_7-beta6 mirror:STATE_after_zlib mirror:STATE_before_zlib mirror:OpenSSL_0_9_7-beta5 mirror:OpenSSL-engine-0_9_6h mirror:OpenSSL_0_9_6h mirror:OpenSSL_0_9_7-beta4 mirror:OpenSSL-engine-0_9_6g mirror:OpenSSL_0_9_6g mirror:OpenSSL-engine-0_9_6f mirror:OpenSSL_0_9_6f mirror:OpenSSL_0_9_7-beta3 mirror:OpenSSL-engine-0_9_6e mirror:OpenSSL_0_9_6e mirror:OpenSSL_0_9_7-beta2 mirror:OpenSSL_0_9_7-beta1 mirror:AFTER_COMPAQ_PATCH mirror:BEFORE_COMPAQ_PATCH mirror:OpenSSL-engine-0_9_6d mirror:OpenSSL_0_9_6d mirror:OpenSSL-engine-0_9_6d-beta1 mirror:OpenSSL_0_9_6d-beta1 mirror:OpenSSL-engine-0_9_6c mirror:OpenSSL_0_9_6c mirror:OpenSSL-engine-0_9_6b mirror:OpenSSL_0_9_6b mirror:OpenSSL_0_9_6a mirror:OpenSSL-engine-0_9_6a mirror:OpenSSL-engine-0_9_6a-beta3 mirror:OpenSSL_0_9_6a-beta3 mirror:OpenSSL-engine-0_9_6a-beta2 mirror:OpenSSL_0_9_6a-beta2 mirror:OpenSSL-engine-0_9_6a-beta1 mirror:OpenSSL_0_9_6a-beta1 mirror:rsaref mirror:BEFORE_engine mirror:OpenSSL_0_9_6-beta2 mirror:OpenSSL_0_9_6-beta1 mirror:OpenSSL_0_9_6 mirror:OpenSSL-engine-0_9_6 mirror:OpenSSL-engine-0_9_6-beta3 mirror:OpenSSL_0_9_6-beta3 mirror:OpenSSL-engine-0_9_6-beta2 mirror:OpenSSL-engine-0_9_6-beta1 mirror:OpenSSL_0_9_5 mirror:OpenSSL_0_9_5a mirror:OpenSSL_0_9_5a-beta2 mirror:OpenSSL_0_9_5a-beta1 mirror:OpenSSL_0_9_5beta2 mirror:OpenSSL_0_9_5beta1 mirror:OpenSSL_0_9_4 mirror:OpenSSL_0_9_3a mirror:OpenSSL_0_9_3 mirror:OpenSSL_0_9_3beta2 mirror:OpenSSL_0_9_3beta1 mirror:OpenSSL_0_9_2b mirror:OpenSSL_0_9_1c mirror:SSLeay_0_9_1b mirror:SSLeay_0_9_0b mirror:SSLeay_0_8_1b
..
compare: mirror:STATE_after_zlib
Branches Tags
mirror:master mirror:openssl-3.3 mirror:openssl-3.4 mirror:openssl-3.5 mirror:openssl-3.6 mirror:openssl-3.0 mirror:feature/removesslv3 mirror:feature/dtls-1.3 mirror:feature/ossl_fn mirror:feature/method-store-freeze mirror:feature/engineremoval mirror:openssl-3.2 mirror:feature/ech mirror:feature/quic-0-rtt mirror:feature/evp_skey mirror:feature/acert-cli mirror:openssl-3.1 mirror:feature/hss mirror:OpenSSL_1_1_1-stable mirror:OpenSSL_1_0_2-stable mirror:OpenSSL_1_1_0-stable mirror:OpenSSL-fips-2_0-stable mirror:OpenSSL-fips-2_0-dev mirror:tls1.3-draft-18 mirror:tls1.3-draft-19 mirror:OpenSSL_1_0_1-stable mirror:OpenSSL_1_0_0-stable mirror:OpenSSL_0_9_8-stable mirror:OpenSSL-fips-1_2-stable mirror:OpenSSL-fips-0_9_8-stable mirror:OpenSSL_0_9_7-stable mirror:OpenSSL_0_9_8fg-stable mirror:OpenSSL-fips2-0_9_7-stable mirror:OpenSSL_0_9_6-stable mirror:OpenSSL-engine-0_9_6-stable mirror:OpenSSL-fips-0_9_7-stable mirror:SSLeay
mirror:3.4-POST-CLANG-FORMAT-WEBKIT mirror:3.4-PRE-CLANG-FORMAT-WEBKIT mirror:3.0-POST-CLANG-FORMAT-WEBKIT mirror:3.0-PRE-CLANG-FORMAT-WEBKIT mirror:3.3-POST-CLANG-FORMAT-WEBKIT mirror:3.3-PRE-CLANG-FORMAT-WEBKIT mirror:3.5-POST-CLANG-FORMAT-WEBKIT mirror:3.5-PRE-CLANG-FORMAT-WEBKIT mirror:3.6-POST-CLANG-FORMAT-WEBKIT mirror:3.6-PRE-CLANG-FORMAT-WEBKIT mirror:4.0-POST-CLANG-FORMAT-WEBKIT mirror:4.0-PRE-CLANG-FORMAT-WEBKIT mirror:openssl-3.6.0 mirror:openssl-3.0.18 mirror:openssl-3.2.6 mirror:openssl-3.3.5 mirror:openssl-3.4.3 mirror:openssl-3.5.4 mirror:openssl-3.6.0-beta1 mirror:openssl-3.5.3 mirror:openssl-3.6.0-alpha1 mirror:openssl-3.5.2 mirror:openssl-3.0.17 mirror:openssl-3.2.5 mirror:openssl-3.3.4 mirror:openssl-3.4.2 mirror:openssl-3.5.1 mirror:openssl-3.5.0 mirror:openssl-3.5.0-beta1 mirror:openssl-3.5.0-alpha1 mirror:openssl-3.0.16 mirror:openssl-3.1.8 mirror:openssl-3.2.4 mirror:openssl-3.3.3 mirror:openssl-3.4.1 mirror:openssl-3.4.0 mirror:openssl-3.4.0-beta1 mirror:openssl-3.4.0-alpha1 mirror:openssl-3.0.15 mirror:openssl-3.1.7 mirror:openssl-3.2.3 mirror:openssl-3.3.2 mirror:openssl-3.0.14 mirror:openssl-3.1.6 mirror:openssl-3.2.2 mirror:openssl-3.3.1 mirror:openssl-3.3.0 mirror:openssl-3.3.0-beta1 mirror:openssl-3.3.0-alpha1 mirror:openssl-3.0.13 mirror:openssl-3.1.5 mirror:openssl-3.2.1 mirror:openssl-3.2.0 mirror:openssl-3.2.0-beta1 mirror:openssl-3.0.12 mirror:openssl-3.1.4 mirror:openssl-3.2.0-alpha2 mirror:openssl-3.0.11 mirror:openssl-3.1.3 mirror:OpenSSL_1_1_1w mirror:openssl-3.2.0-alpha1 mirror:OpenSSL_1_1_1v mirror:openssl-3.0.10 mirror:openssl-3.1.2 mirror:OpenSSL_1_1_1u mirror:openssl-3.0.9 mirror:openssl-3.1.1 mirror:openssl-3.1.0 mirror:openssl-3.0.8 mirror:OpenSSL_1_1_1t mirror:openssl-3.1.0-beta1 mirror:openssl-3.1.0-alpha1 mirror:openssl-3.0.7 mirror:OpenSSL_1_1_1s mirror:OpenSSL_1_1_1r mirror:openssl-3.0.6 mirror:OpenSSL_1_1_1q mirror:openssl-3.0.5 mirror:OpenSSL_1_1_1p mirror:openssl-3.0.4 mirror:OpenSSL_1_1_1o mirror:openssl-3.0.3 mirror:OpenSSL_1_1_1n mirror:openssl-3.0.2 mirror:openssl-3.0.1 mirror:OpenSSL_1_1_1m mirror:openssl-3.0.0 mirror:OpenSSL_1_1_1l mirror:openssl-3.0.0-beta2 mirror:openssl-3.0.0-beta1 mirror:openssl-3.0.0-alpha17 mirror:openssl-3.0.0-alpha16 mirror:openssl-3.0.0-alpha15 mirror:openssl-3.0.0-alpha14 mirror:OpenSSL_1_1_1k mirror:openssl-3.0.0-alpha13 mirror:openssl-3.0.0-alpha12 mirror:OpenSSL_1_1_1j mirror:openssl-3.0.0-alpha11 mirror:openssl-3.0.0-alpha10 mirror:OpenSSL_1_1_1i mirror:openssl-3.0.0-alpha9 mirror:openssl-3.0.0-alpha8 mirror:openssl-3.0.0-alpha7 mirror:OpenSSL_1_1_1h mirror:openssl-3.0.0-alpha6 mirror:openssl-3.0.0-alpha5 mirror:openssl-3.0.0-alpha4 mirror:openssl-3.0.0-alpha3 mirror:openssl-3.0.0-alpha2 mirror:openssl-3.0.0-alpha1 mirror:OpenSSL_1_1_1g mirror:OpenSSL_1_1_1f mirror:OpenSSL_1_1_1e mirror:OpenSSL_1_0_2u mirror:OpenSSL_1_0_2t mirror:OpenSSL_1_1_0l mirror:OpenSSL_1_1_1d mirror:OpenSSL_1_1_1c mirror:OpenSSL_1_1_0k mirror:OpenSSL_1_0_2s mirror:OpenSSL_1_0_2r mirror:OpenSSL_1_1_1b mirror:OpenSSL_1_0_2q mirror:OpenSSL_1_1_0j mirror:OpenSSL_1_1_1a mirror:OpenSSL_1_1_1 mirror:OpenSSL_1_1_1-pre9 mirror:OpenSSL_1_0_2p mirror:OpenSSL_1_1_0i mirror:OpenSSL_1_1_1-pre8 mirror:OpenSSL_1_1_1-pre7 mirror:OpenSSL_1_1_1-pre6 mirror:OpenSSL_1_1_1-pre5 mirror:OpenSSL_1_1_1-pre4 mirror:OpenSSL_1_0_2o mirror:OpenSSL_1_1_0h mirror:OpenSSL_1_1_1-pre3 mirror:OpenSSL_1_1_1-pre2 mirror:OpenSSL_1_1_1-pre1 mirror:OpenSSL_1_0_2n mirror:OpenSSL_1_0_2m mirror:OpenSSL_1_1_0g mirror:OpenSSL-fips-2_0_16 mirror:OpenSSL-fips-2_0_15 mirror:OpenSSL_1_0_2l mirror:OpenSSL_1_1_0f mirror:OpenSSL-fips-2_0_14 mirror:OpenSSL_1_1_0e mirror:OpenSSL_1_0_2k mirror:OpenSSL_1_1_0d mirror:OpenSSL-fips-2_0_13 mirror:OpenSSL_1_1_0c mirror:OpenSSL_1_0_2j mirror:OpenSSL_1_1_0b mirror:OpenSSL_1_0_1u mirror:OpenSSL_1_0_2i mirror:OpenSSL_1_1_0a mirror:OpenSSL_1_1_0 mirror:OpenSSL_1_1_0-pre6 mirror:OpenSSL_1_0_1t mirror:OpenSSL_1_0_2h mirror:OpenSSL_1_1_0-pre5 mirror:OpenSSL_1_1_0-pre4 mirror:OpenSSL_1_0_1s mirror:OpenSSL_1_0_2g mirror:OpenSSL_1_1_0-pre3 mirror:OpenSSL-fips-2_0_12 mirror:OpenSSL-fips-2_0_11 mirror:OpenSSL-fips-2_0_10 mirror:OpenSSL_1_0_1r mirror:OpenSSL_1_0_2f mirror:OpenSSL_1_1_0-pre2 mirror:OpenSSL_1_1_0-pre1 mirror:OpenSSL_0_9_8zh mirror:OpenSSL_1_0_0t mirror:OpenSSL_1_0_1q mirror:OpenSSL_1_0_2e mirror:OpenSSL_1_0_1p mirror:OpenSSL_1_0_2d mirror:OpenSSL_1_0_1o mirror:OpenSSL_1_0_2c mirror:OpenSSL_0_9_8zg mirror:OpenSSL_1_0_0s mirror:OpenSSL_1_0_1n mirror:OpenSSL_1_0_2b mirror:OpenSSL-fips-2_0_9 mirror:OpenSSL_0_9_8zf mirror:OpenSSL_1_0_0r mirror:OpenSSL_1_0_1m mirror:OpenSSL_1_0_2a mirror:OpenSSL_0_9_8-pre-reformat mirror:OpenSSL_0_9_8-pre-auto-reformat mirror:OpenSSL_0_9_8-post-auto-reformat mirror:OpenSSL_0_9_8-post-reformat mirror:OpenSSL_1_0_0-pre-reformat mirror:OpenSSL_1_0_0-pre-auto-reformat mirror:OpenSSL_1_0_0-post-auto-reformat mirror:OpenSSL_1_0_0-post-reformat mirror:OpenSSL_1_0_1-pre-reformat mirror:OpenSSL_1_0_1-pre-auto-reformat mirror:OpenSSL_1_0_1-post-auto-reformat mirror:OpenSSL_1_0_1-post-reformat mirror:OpenSSL_1_0_2-pre-reformat mirror:OpenSSL_1_0_2-pre-auto-reformat mirror:OpenSSL_1_0_2-post-auto-reformat mirror:OpenSSL_1_0_2-post-reformat mirror:master-pre-reformat mirror:master-pre-auto-reformat mirror:master-post-auto-reformat mirror:master-post-reformat mirror:OpenSSL_1_0_2 mirror:OpenSSL_0_9_8ze mirror:OpenSSL_1_0_0q mirror:OpenSSL_1_0_1l mirror:OpenSSL_0_9_8zd mirror:OpenSSL_1_0_0p mirror:OpenSSL_1_0_1k mirror:OpenSSL-fips-2_0_8 mirror:OpenSSL_1_0_1j mirror:OpenSSL_1_0_0o mirror:OpenSSL_0_9_8zc mirror:OpenSSL_1_0_2-beta3 mirror:OpenSSL_0_9_8zb mirror:OpenSSL_1_0_0n mirror:OpenSSL_1_0_1i mirror:OpenSSL_1_0_2-beta2 mirror:OpenSSL-fips-2_0_7 mirror:OpenSSL_1_0_1h mirror:OpenSSL_1_0_0m mirror:OpenSSL_0_9_8za mirror:OpenSSL-fips-2_0_6 mirror:OpenSSL_1_0_1g mirror:OpenSSL_1_0_2-beta1 mirror:OpenSSL_1_0_0l mirror:OpenSSL_1_0_1f mirror:OpenSSL-fips-2_0_4 mirror:OpenSSL-fips-2_0_5 mirror:OpenSSL-fips-2_0_3 mirror:OpenSSL-fips-2_0_2 mirror:OpenSSL_1_0_1e mirror:OpenSSL_1_0_0k mirror:OpenSSL_1_0_1d mirror:OpenSSL_0_9_8y mirror:OpenSSL-fips-2_0-pl1 mirror:OpenSSL-fips-2_0_1 mirror:OpenSSL_1_0_1c mirror:OpenSSL_1_0_0j mirror:OpenSSL_0_9_8x mirror:OpenSSL_1_0_1b mirror:OpenSSL_0_9_8w mirror:OpenSSL_1_0_1a mirror:OpenSSL_0_9_8v mirror:OpenSSL_1_0_0i mirror:OpenSSL_1_0_1 mirror:OpenSSL_1_0_0h mirror:OpenSSL_0_9_8u mirror:OpenSSL_1_0_1-beta3 mirror:OpenSSL_1_0_1-beta2 mirror:OpenSSL-fips-2_0-rc9 mirror:OpenSSL-fips-2_0 mirror:OpenSSL_1_0_0g mirror:OpenSSL_0_9_8t mirror:OpenSSL_0_9_8s mirror:OpenSSL_1_0_0f mirror:OpenSSL-fips-2_0-rc8 mirror:OpenSSL_1_0_1-beta1 mirror:OpenSSL-fips-2_0-rc7 mirror:OpenSSL-fips-2_0-rc6 mirror:OpenSSL-fips-2_0-rc5 mirror:OpenSSL-fips-2_0-rc4 mirror:OpenSSL-fips-2_0-rc3 mirror:OpenSSL-fips-2_0-rc2 mirror:OpenSSL-fips-2_0-rc1 mirror:OpenSSL-fips-1_2_3 mirror:OpenSSL-fips-1_2_2 mirror:OpenSSL-fips-1_2_1 mirror:OpenSSL_1_0_0e mirror:OpenSSL_1_0_0d mirror:OpenSSL_0_9_8r mirror:OpenSSL_0_9_8q mirror:OpenSSL_1_0_0c mirror:OpenSSL_0_9_8p mirror:OpenSSL_1_0_0b mirror:OpenSSL_0_9_8o mirror:OpenSSL_1_0_0a mirror:OpenSSL_1_0_0 mirror:OpenSSL_0_9_8n mirror:OpenSSL_0_9_8m mirror:OpenSSL_0_9_8m-beta1 mirror:OpenSSL_1_0_0-beta5 mirror:OpenSSL_1_0_0-beta4 mirror:OpenSSL_0_9_8l mirror:OpenSSL_1_0_0-beta3 mirror:OpenSSL_1_0_0-beta2 mirror:OpenSSL_1_0_0-beta1 mirror:OpenSSL_0_9_8k mirror:OpenSSL_0_9_8j mirror:OpenSSL_0_9_8i mirror:OpenSSL_0_9_8h mirror:OpenSSL_0_9_8g mirror:OpenSSL_0_9_8f mirror:OpenSSL-fips-1_2_0 mirror:FIPS_098_TEST_8 mirror:FIPS_098_TEST_7 mirror:FIPS_098_TEST_6 mirror:FIPS_098_TEST_5 mirror:FIPS_098_TEST_4 mirror:FIPS_098_TEST_3 mirror:FIPS_098_TEST_2 mirror:FIPS_098_TEST_1 mirror:OpenSSL_0_9_7m mirror:OpenSSL_0_9_8e mirror:OpenSSL_0_9_7l mirror:OpenSSL_0_9_8d mirror:OpenSSL_0_9_8c mirror:OpenSSL_0_9_7k mirror:OpenSSL_0_9_7j mirror:OpenSSL_0_9_8b mirror:OpenSSL_FIPS_1_0 mirror:OpenSSL_0_9_7i mirror:OpenSSL_0_9_8a mirror:OpenSSL_0_9_7h mirror:OpenSSL_0_9_8 mirror:FIPS_TEST_10 mirror:OpenSSL_0_9_8-beta6 mirror:OpenSSL_0_9_8-beta5 mirror:FIPS_TEST_9 mirror:OpenSSL_0_9_8-beta4 mirror:OpenSSL_0_9_8-beta3 mirror:BEN_FIPS_TEST_8 mirror:OpenSSL_0_9_8-beta2 mirror:OpenSSL_0_9_8-beta1 mirror:OpenSSL_0_9_7g mirror:OpenSSL_0_9_7f mirror:BEN_FIPS_TEST_7 mirror:BEN_FIPS_TEST_6 mirror:OpenSSL_0_9_7e mirror:OpenSSL_0_9_7d mirror:OpenSSL-engine-0_9_6m mirror:OpenSSL_0_9_6m mirror:LEVITTE_after_const mirror:LEVITTE_before_const mirror:BEN_FIPS_TEST_5 mirror:BEN_FIPS_TEST_4 mirror:OpenSSL-engine-0_9_6l mirror:OpenSSL_0_9_6l mirror:BEN_FIPS_TEST_3 mirror:BEN_FIPS_TEST_2 mirror:BEN_FIPS_TEST_1 mirror:OpenSSL-engine-0_9_6k mirror:OpenSSL_0_9_6k mirror:OpenSSL_0_9_7c mirror:OpenSSL-engine-0_9_6j mirror:OpenSSL_0_9_7b mirror:OpenSSL_0_9_6j mirror:OpenSSL-engine-0_9_6i mirror:OpenSSL_0_9_6i mirror:OpenSSL_0_9_7a mirror:OpenSSL_0_9_7 mirror:OpenSSL_0_9_7-beta6 mirror:STATE_after_zlib mirror:STATE_before_zlib mirror:OpenSSL_0_9_7-beta5 mirror:OpenSSL-engine-0_9_6h mirror:OpenSSL_0_9_6h mirror:OpenSSL_0_9_7-beta4 mirror:OpenSSL-engine-0_9_6g mirror:OpenSSL_0_9_6g mirror:OpenSSL-engine-0_9_6f mirror:OpenSSL_0_9_6f mirror:OpenSSL_0_9_7-beta3 mirror:OpenSSL-engine-0_9_6e mirror:OpenSSL_0_9_6e mirror:OpenSSL_0_9_7-beta2 mirror:OpenSSL_0_9_7-beta1 mirror:AFTER_COMPAQ_PATCH mirror:BEFORE_COMPAQ_PATCH mirror:OpenSSL-engine-0_9_6d mirror:OpenSSL_0_9_6d mirror:OpenSSL-engine-0_9_6d-beta1 mirror:OpenSSL_0_9_6d-beta1 mirror:OpenSSL-engine-0_9_6c mirror:OpenSSL_0_9_6c mirror:OpenSSL-engine-0_9_6b mirror:OpenSSL_0_9_6b mirror:OpenSSL_0_9_6a mirror:OpenSSL-engine-0_9_6a mirror:OpenSSL-engine-0_9_6a-beta3 mirror:OpenSSL_0_9_6a-beta3 mirror:OpenSSL-engine-0_9_6a-beta2 mirror:OpenSSL_0_9_6a-beta2 mirror:OpenSSL-engine-0_9_6a-beta1 mirror:OpenSSL_0_9_6a-beta1 mirror:rsaref mirror:BEFORE_engine mirror:OpenSSL_0_9_6-beta2 mirror:OpenSSL_0_9_6-beta1 mirror:OpenSSL_0_9_6 mirror:OpenSSL-engine-0_9_6 mirror:OpenSSL-engine-0_9_6-beta3 mirror:OpenSSL_0_9_6-beta3 mirror:OpenSSL-engine-0_9_6-beta2 mirror:OpenSSL-engine-0_9_6-beta1 mirror:OpenSSL_0_9_5 mirror:OpenSSL_0_9_5a mirror:OpenSSL_0_9_5a-beta2 mirror:OpenSSL_0_9_5a-beta1 mirror:OpenSSL_0_9_5beta2 mirror:OpenSSL_0_9_5beta1 mirror:OpenSSL_0_9_4 mirror:OpenSSL_0_9_3a mirror:OpenSSL_0_9_3 mirror:OpenSSL_0_9_3beta2 mirror:OpenSSL_0_9_3beta1 mirror:OpenSSL_0_9_2b mirror:OpenSSL_0_9_1c mirror:SSLeay_0_9_1b mirror:SSLeay_0_9_0b mirror:SSLeay_0_8_1b

1 Commits
feature/ec ... STATE_afte

Author SHA1 Message Date
cvs2svn
a372f9bf25 This commit was manufactured by cvs2svn to create tag 'STATE_after_zlib'. 2002-12-08 09:31:42 +00:00
7299 changed files with 394479 additions and 1797790 deletions
Expand all files Collapse all files

452
.codespellrc
View File

@@ -1,452 +0,0 @@
[codespell]
ignore-regex = \b[a-zA-Z][a-zA-Z]\b
uri-ignore-words-list =
standarts
ignore-words-list =
aas,
Aas,
AAS,
abd,
ABD,
accreting,
ADDAD,
addin,
adin,
AFAIR,
afile,
afterAll,
AfterAll,
Ake,
ALine,
allEdges,
alloced,
alloco,
allws,
alo,
Alo,
alow,
ALS,
alsptd,
ang,
ans,
anS,
ANS,
aNULL,
archType,
arithmetics,
assertIn,
ategory,
atLeast,
AtLeast,
atMost,
biom,
bion,
bootup,
BRE,
Buda,
buildd,
bve,
CAF,
cann,
CANN,
cant,
Chang,
checkin,
childs,
ciph,
circularly,
Circularly,
claus,
Claus,
clen,
CLOS,
co-ordinate,
co-ordinates,
Collet,
Collison,
compilability,
compileTime,
CompileTime,
complies,
COMPLIES,
configury,
consumation,
couldn,
crasher,
crashers,
crate,
Crate,
CRATE,
creat,
CREAT,
CrOS,
crypted,
CRYPTED,
currentY,
DAA,
datas,
debbugs,
Debbugs,
DELET,
dependancies,
dependancy,
dependant,
deque,
Deque,
dota,
doubleclick,
doubleClick,
DoubleClick,
dout,
Dout,
DOUT,
dum,
dur,
Dur,
Durin,
ect,
ECT,
ede,
EDE,
endianess,
endin,
engineerr,
ENGINEerr,
equest,
equests,
FileTest,
FILETEST,
filetests,
flate,
Flate,
FLATE,
fpr,
FPR,
FPT,
gord,
gost,
Gost,
GOST,
Hart,
hasTable,
hel,
hist,
HIST,
HSI,
htmp,
ifset,
igest,
iif,
IIF,
implementor,
Implementor,
implementors,
Implementors,
inactivate,
inbrace,
indention,
indx,
ine,
informat,
inh,
inout,
inOut,
InOut,
INOUT,
ISCONNECTION,
isnt,
ist,
IST,
keep-alives,
keypair,
keyPair,
Keypair,
KeyPair,
KEYPAIR,
keypairs,
keyPairs,
Keypairs,
KeyPairs,
keyserver,
LAMDA,
larg,
leapYear,
LOd,
LOD,
Maked,
Manger,
Manuel,
ment,
Merget,
minimise,
mis,
Mis,
MIS,
mitre,
Mitre,
MITRE,
mmaped,
msdos,
MSDOS,
nam,
Nam,
NAM,
nclusion,
Ned,
nin,
Nin,
nmake,
NMake,
NMAKE,
NOo,
notin,
Notin,
NotIn,
numer,
OCE,
offsetp,
ois,
onText,
OnText,
openin,
OptIn,
OPTIO,
origN,
outin,
paeth,
Paeth,
PAETH,
parm,
pARM,
Parm,
PARM,
parms,
pARMS,
Parms,
PARMs,
PARMS,
pass-thru,
passin,
poping,
pres,
Pres,
prevEnd,
pris,
PullRequest,
que,
re-usable,
Re-usable,
re-use,
Re-use,
re-used,
Re-used,
re-uses,
Re-uses,
re-using,
Re-using,
readd,
Readd,
readded,
Readded,
regArg,
regArgs,
requestor,
Requestor,
requestors,
rewinded,
roperties,
sav,
SEH,
ser,
Ser,
SER,
servent,
sHolder,
shouldBe,
shouldnot,
SHS,
siz,
SIZ,
SME,
SOM,
Sorce,
sover,
splitted,
statics,
Statics,
strRange,
succes,
technics,
testss,
therefor,
Therefor,
therefrom,
Thi,
thirdparty,
thirdParty,
Thirdparty,
ThirdParty,
THIRDPARTY,
thru,
Thur,
THUR,
tmplate,
tne,
tolen,
tthe,
ture,
uis,
UIs,
upto,
upTo,
uptodate,
upToDate,
UpToDate,
useable,
Useable,
userA,
UserA,
usign,
varN,
vertexes,
vew,
vor,
WAN,
wasn,
Widgits,
Wirth,
wont,
WRONLY,
WTH
skip =
[cC]hange.[lL]og*,
[cC]hange[lL]og*,
[cC]hanges,
[cC]hanges[._-]*,
*__*__*.html,
*_8h_source.html,
*_8h.html,
*.asc,
*.bin,
*.crt,
*.css.map,
*.eps,
*.fr.utf-8,
*.git,
*.html.de,
*.html.es,
*.html.fr,
*.html.ko.euc-kr,
*.html.pt-br,
*.info_[0-9],
*.ipynb,
*.ja.utf8,
*.js.map,
*.min.js,
*.pdf,
*.pem,
*.po,
*.ppm,
*.ps,
*.rtf,
*.sum,
*.svg,
*.svn,
*.tr.utf8,
*.xpm,
*.zh-cn.utf8,
*.zlib,
*[._-][cC]hanges,
*[._-]CHANGES,
*/.mailmap,
*/.versions/*,
*/[eE]ncode/*,
*/[eE]ncodings/*,
*/[lL]ang/*,
*/[lL]anguage/*,
*/[lL]anguages/*,
*/[lL]ocale,
*/[mM]ath[jJ]ax/*,
*/[tT]hird*[pP]arty/*,
*/[tT]ranslation/*,
*/[tT]ranslations/*,
*/*.desktop,
*/*.desktop.in,
*/*[^a/]test/*,
*/*[^a/]tests/*,
*/*[lL]ocal[ei]*/*,
*/3rd*[pP]arty/*,
*/aspell/*,
*/AUTHORS*,
*/charsets/*,
*/chrtrans/*,
*/codepage/*,
*/data/*,
*/deps/*,
*/dict/*,
*/dictionaries/*,
*/doc*/[a-df-z][a-z]/*,
*/doc*/[a-z][a-z][_-][a-zA-Z][a-zA-Z]/*,
*/doc*/e[a-mo-z]/*,
*/extern/*,
*/external/*,
*/externals/*,
*/help/[a-df-z][a-z]/*,
*/help/[a-z][a-z]_[A-Z][A-Z]/*,
*/help/es/*,
*/i18n/*,
*/icu/*,
*/info/[a-df-z][a-z]/*,
*/info/[a-z][a-z]_[A-Z][A-Z]/*,
*/info/es/*,
*/intl/*,
*/l10n/*,
*/langmap/*,
*/langs/*,
*/LICENSE,
*/man*/[a-df-z][a-z]/*,
*/man*/[a-z][a-z][_-][a-zA-Z][a-zA-Z]/*,
*/man*/e[a-mo-z]/*,
*/messages[_./][a-df-z][a-z][_./]*,
*/messages[_./][a-z][a-z]_[A-Z][A-Z][_./]*,
*/messages[_./]es[_./]*,
*/rfc[1-9]*.txt,
*/runtime/*,
*/searchindex.js,
*/test*/*,
*/test/danetest.in,
*/test/data2.bin,
*/test/recipes/30-test_evp_data/evppkey_kas.txt,
*/test/recipes/30-test_evp_data/evppkey.txt,
*/unicode/*,
*/Unicode/*,
*/unicore/*,
*/vendor/*,
*/vendors/*,
*/yarn.lock,
*codespell-check.sh,
*lorem-ipsum*,
*man[12345657]/*
/fonts/*,
ABOUT-NLS,
authors.xml,
CHANGE.log*,
CHANGELOG*,
CHANGES,
CHANGES[._-]*,
CONTRIBUTORS*,
CREDITS,
CREDITS.TXT,
DONATIONS,
jquery.js,
jquery.min.map,
localization*-[a-z][a-z]_[a-zA-Z][a-zA-Z].*,
localization*-[a-z][a-z].*,
MAINTAINERS,
NormalizationTest.txt,
package-lock.json,
THANKS*,
UnicodeData.txt

11
.ctags.d/add-dir.ctags
View File

@@ -1,11 +0,0 @@
#
# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
#
# Allow ctags to load configuration file under the sub directories.
--optlib-dir=+./.ctags.d

13
.ctags.d/exclude.ctags
View File

@@ -1,13 +0,0 @@
#
# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
#
# List file names or patterns you want ctags to ignore.
--exclude=.ctags.d
--exclude=test
--exclude=check-format-test-positives.c

11
.ctags.d/langmap.ctags
View File

@@ -1,11 +0,0 @@
#
# Copyright 2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
#
--langmap=C:+.h
--langmap=C:+.inc

18
.ctags.d/openssl-stage1/10extrac-macrodefs.ctags
View File

@@ -1,18 +0,0 @@
#
# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
#
# This file is only for extracting macro definitions.
--langmap=C:+.h
-o -
--sort=no
--languages=C
-R
--fields-C=+{macrodef}
--fields=+{signature}

1
.ctags.d/openssl-stage2/.gitignore vendored
View File

@@ -1 +0,0 @@
*macro-definitons.ctags

9
.ctags.d/openssl-stage2/10expand-macros.ctags
View File

@@ -1,9 +0,0 @@
#
# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
#
--param-CPreProcessor._expand=1

16
.cvsignore Normal file
View File

@@ -0,0 +1,16 @@
openssl.pc
Makefile.ssl
MINFO
makefile.one
tmp
out
outinc
rehash.time
testlog
make.log
maketest.log
cctest
cctest.c
cctest.a
libcrypto.so.*
libssl.so.*

2
.git-blame-ignore-revs
View File

@@ -1,2 +0,0 @@
# Run util/openssl-format-source -v -c .
0f113f3ee4d629ef9a4a30911b22b224772085e5

19
.gitattributes vendored
View File

@@ -1,19 +0,0 @@
*.bin binary
*.der binary
/fuzz/corpora/** binary
*.pfx binary
test/recipes/15-test_ml_dsa_codecs_data/*.dat binary
test/recipes/15-test_ml_kem_codecs_data/*.dat binary
# For git archive
fuzz/corpora/** export-ignore
Configurations/*.norelease.conf export-ignore
# We generally avoid anything with a name starting with a period.
# However, .ctags.d is precious, so we don't ignore that.
.* export-ignore
.ctags.d !export-ignore
util/mktar.sh export-ignore
krb5 export-ignore
pyca-cryptography export-ignore
dev export-ignore
gost-engine export-ignore

1
.github/CODEOWNERS vendored
View File

@@ -1 +0,0 @@
/.github/workflows/ @quarckster

1
.github/FUNDING.yml vendored
View File

@@ -1 +0,0 @@
github: openssl

27
.github/ISSUE_TEMPLATE.md vendored
View File

@@ -1,27 +0,0 @@
<!--
NOTE:
If you're asking about how to use OpenSSL, this isn't the right
forum. Please see our User Support resources:
https://github.com/openssl/openssl/blob/master/SUPPORT.md
If relevant, please remember to tell us in what OpenSSL version you
found the issue.
Please remember to put ``` lines before and after any commands plus
output and code, like this:
```
$ echo output output output
output output output
```
```
#include <stdio.h>
int main() {
int foo = 1;
printf("%d\n", foo);
}
```
-->

53
.github/ISSUE_TEMPLATE/bug_report.md vendored
View File

@@ -1,53 +0,0 @@
---
name: Bug report
labels: 'issue: bug report'
about: Report a defect in the software
---
<!--
Thank you for your bug report. If this is your first one,
please take the time to read the following lines before posting it.
NOTE:
If you're asking about how to use OpenSSL, this isn't the right
forum. Please see our User Support resources:
https://github.com/openssl/openssl/blob/master/SUPPORT.md
Please remember to tell us in what OpenSSL version you found the issue.
For build issues:
If this is a build issue, please include the configuration output
as well as a log of all errors. Don't forget to include the exact
commands you typed.
With OpenSSL before 1.1.1, the configuration output comes from the
configuration command. With OpenSSL 1.1.1 and on, it's the output
of `perl configdata.pm --dump`
For other issues:
If it isn't a build issue, example code or commands to reproduce
the issue is highly appreciated.
Also, please remember to tell us if you worked with your own
OpenSSL build or if it is system provided.
Please remember to put ``` lines before and after any commands plus
output and code, like this:
```
$ echo output output output
output output output
```
```
#include <stdio.h>
int main() {
int foo = 1;
printf("%d\n", foo);
}
```
-->

14
.github/ISSUE_TEMPLATE/documentation.md vendored
View File

@@ -1,14 +0,0 @@
---
name: Documentation
labels: 'issue: documentation'
about: Report an error in (or missing) documentation
---
<!--
Thank you for taking the time to report a documentation issue.
Please remember to tell us which OpenSSL version you are using and then
briefly describe the documentation error and where you encountered it
(e.g., in which manual page). If you are missing the documentation for a
certain command or API function, please tell us its name.
-->

34
.github/ISSUE_TEMPLATE/feature_request.md vendored
View File

@@ -1,34 +0,0 @@
---
name: Feature request
labels: 'issue: feature request'
about: Propose a feature you would like to see added in the software
---
<!--
Thank you for your feature request. If this is your first one,
please take the time to read the following lines before posting it.
NOTE:
If you're asking about how to use OpenSSL, this isn't the right
forum. Please see our User Support resources:
https://github.com/openssl/openssl/blob/master/SUPPORT.md
Please remember to put ``` lines before and after any commands plus
output and code, like this:
```
$ echo output output output
output output output
```
```
#include <stdio.h>
int main() {
int foo = 1;
printf("%d\n", foo);
}
```
-->

10
.github/ISSUE_TEMPLATE/question.md vendored
View File

@@ -1,10 +0,0 @@
---
name: Question
labels: 'issue: question'
about: Please use Q&A in Discussions instead
---
Please do NOT use issues to ask questions about OpenSSL.
Instead, please use the [Q&A category in Discussions](<https://github.com/openssl/openssl/discussions/new?category=q-a>)
to ask your question.

14
.github/PULL_REQUEST_TEMPLATE.md vendored
View File

@@ -1,14 +0,0 @@
<!--
Thank you for your pull request. Please review these requirements:
Contributors guide: https://github.com/openssl/openssl/blob/master/CONTRIBUTING.md
Other than that, provide a description above this comment if there isn't one already
If this fixes a GitHub issue, make sure to have a line saying 'Fixes #XXXX' (without quotes) in the commit message.
-->
##### Checklist
<!-- Remove items that do not apply. For completed items, change [ ] to [x]. -->
- [ ] documentation is added or updated
- [ ] tests are added or updated

17
.github/dependabot.yml vendored
View File

@@ -1,17 +0,0 @@
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
commit-message:
prefix: "Dependabot update\n\nCLA: trivial\n\n"
include: "scope"
labels:
- "dependencies"
- "cla: trivial"
- "approval: review pending"
reviewers:
- "openssl/committers"
cooldown:
default-days: 7

67
.github/workflows/backport.yml vendored
View File

@@ -1,67 +0,0 @@
# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
name: Backports CI
on: [pull_request]
permissions:
contents: read
jobs:
check_backports:
strategy:
fail-fast: false
matrix:
release: [
{
branch: '3.6',
cppflags: ''
}, {
branch: '3.5',
cppflags: 'CPPFLAGS=-ansi'
}, {
branch: '3.4',
cppflags: 'CPPFLAGS=-ansi'
}, {
branch: '3.3',
cppflags: 'CPPFLAGS=-ansi',
}, {
branch: '3.2',
cppflags: 'CPPFLAGS=-ansi'
}, {
branch: '3.0',
cppflags: 'CPPFLAGS=-ansi'
}
]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
if: ${{ contains(join(github.event.pull_request.labels.*.name,','),matrix.release.branch) }}
with:
ref: ${{ github.event.pull_request.head.sha }}
fetch-depth: 0
persist-credentials: false
- name: cherry-pick
if: ${{ contains(join(github.event.pull_request.labels.*.name,','),matrix.release.branch) }}
run: |
REFEND=$(git rev-parse HEAD)
REFSTART=$(git rev-parse $REFEND~${{ github.event.pull_request.commits }})
git checkout ${{ format('openssl-{0}', matrix.release.branch) }}
git config user.name "OpenSSL Machine"
git config user.email "openssl-machine@openssl.org"
echo Cherry-picking $REFSTART..$REFEND
git cherry-pick $REFSTART..$REFEND
- name: config
if: ${{ contains(join(github.event.pull_request.labels.*.name,','),matrix.release.branch) }}
run: ${{ matrix.release.cppflags }} ./config --strict-warnings --banner=Configured no-asm enable-fips --strict-warnings -D_DEFAULT_SOURCE && perl configdata.pm --dump
- name: make
if: ${{ contains(join(github.event.pull_request.labels.*.name,','),matrix.release.branch) }}
run: make -s -j4
- name: make test
if: ${{ contains(join(github.event.pull_request.labels.*.name,','),matrix.release.branch) }}
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}

779
.github/workflows/ci.yml vendored
View File

@@ -1,779 +0,0 @@
# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
name: GitHub CI
on: [pull_request, push]
# for some reason, this does not work:
# variables:
# BUILDOPTS: "-j4"
# HARNESS_JOBS: "${HARNESS_JOBS:-4}"
# for some reason, this does not work:
# before_script:
# - make="make -s"
permissions:
contents: read
env:
OSSL_RUN_CI_TESTS: 1
jobs:
check_update:
runs-on: ubuntu-latest
steps:
- name: install unifdef
run: |
sudo apt-get update
sudo apt-get -yq --no-install-suggests --no-install-recommends --allow-unauthenticated --allow-downgrades --allow-remove-essential --allow-change-held-packages install unifdef
- uses: actions/checkout@v5
with:
fetch-depth: 0
persist-credentials: false
- name: config
run: ./config --strict-warnings --banner=Configured enable-fips && perl configdata.pm --dump
- name: make build_generated
run: make -s build_generated
- name: make update
run: make update
- name: git diff
run: git diff --exit-code
check_docs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: config
run: ./config --strict-warnings --banner=Configured enable-fips && perl configdata.pm --dump
- name: make build_generated
run: make -s build_generated
- name: make doc-nits
run: make doc-nits
- name: make help
run: make help
- name: make md-nits
run: |
sudo gem install mdl
make md-nits
# This checks that we use ANSI C language syntax and semantics.
# We are not as strict with libraries, but rather adapt to what's
# expected to be available in a certain version of each platform.
check-c99:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: config
run: CPPFLAGS='-std=c99 -D_XOPEN_SOURCE=1 -D_POSIX_C_SOURCE=200809L' ./config --strict-warnings --banner=Configured enable-sslkeylog no-asm no-secure-memory no-makedepend enable-buildtest-c++ enable-fips enable-lms && perl configdata.pm --dump
- name: make
run: make -s -j4
basic_gcc:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: localegen
run: sudo locale-gen tr_TR.UTF-8
- name: fipsvendor
# Make one fips build use a customized FIPS vendor
run: echo "FIPS_VENDOR=CI" >> VERSION.dat
- name: config
# enable-quic is on by default, but we leave it here to check we're testing the explicit enable somewhere
run: CC=gcc ./config --strict-warnings --banner=Configured enable-demos enable-h3demo enable-sslkeylog enable-fips enable-quic enable-lms && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: .github/workflows/make-test
- name: check fipsvendor
run: |
util/wrap.pl -fips apps/openssl list -providers | grep 'name: CI FIPS Provider for OpenSSL$'
- name: save artifacts
if: success() || failure()
uses: actions/upload-artifact@v5
with:
name: "ci@basic-gcc"
path: artifacts.tar.gz
basic_clang:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: CC=clang ./config --strict-warnings --banner=Configured enable-demos enable-h3demo no-fips && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: .github/workflows/make-test
- name: save artifacts
if: success() || failure()
uses: actions/upload-artifact@v5
with:
name: "ci@basic-clang"
path: artifacts.tar.gz
linux-arm64:
runs-on: ubuntu-24.04-arm
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: config
run: ./config --strict-warnings enable-demos enable-fips enable-lms enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
- name: config dump
run: ./configdata.pm --dump
- name: make
run: make -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: .github/workflows/make-test
- name: save artifacts
if: success() || failure()
uses: actions/upload-artifact@v5
with:
name: "ci@linux-arm64"
path: artifacts.tar.gz
freebsd-x86_64:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: config
uses: cross-platform-actions/action@46e8d7fb25520a8d6c64fd2b7a1192611da98eda #v0.30.0
with:
operating_system: freebsd
version: "13.4"
shutdown_vm: false
run: |
sudo pkg install -y gcc perl5
./config --strict-warnings enable-fips enable-lms enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
- name: config dump
uses: cross-platform-actions/action@46e8d7fb25520a8d6c64fd2b7a1192611da98eda #v0.30.0
with:
operating_system: freebsd
version: "13.4"
shutdown_vm: false
run: ./configdata.pm --dump
- name: make
uses: cross-platform-actions/action@46e8d7fb25520a8d6c64fd2b7a1192611da98eda #v0.30.0
with:
operating_system: freebsd
version: "13.4"
shutdown_vm: false
run: make -j4
- name: make test
uses: cross-platform-actions/action@46e8d7fb25520a8d6c64fd2b7a1192611da98eda #v0.30.0
with:
operating_system: freebsd
version: "13.4"
run: |
./util/opensslwrap.sh version -c
.github/workflows/make-test
- name: save artifacts
if: success() || failure()
uses: actions/upload-artifact@v5
with:
name: "ci@BSD-x86_64"
path: artifacts.tar.gz
minimal:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: ./config --strict-warnings --banner=Configured enable-demos enable-h3demo no-bulk no-pic no-asm no-lms -DOPENSSL_NO_SECURE_MEMORY -DOPENSSL_SMALL_FOOTPRINT && perl configdata.pm --dump
- name: make
run: make -j4 # verbose, so no -s here
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: .github/workflows/make-test
- name: save artifacts
if: success() || failure()
uses: actions/upload-artifact@v5
with:
name: "ci@minimal"
path: artifacts.tar.gz
no-deprecated:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: ./config --strict-warnings --banner=Configured enable-demos enable-h3demo no-deprecated enable-fips && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: .github/workflows/make-test
- name: save artifacts
if: success() || failure()
uses: actions/upload-artifact@v5
with:
name: "ci@no-deprecated"
path: artifacts.tar.gz
no-shared-ubuntu:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: ./config --strict-warnings --banner=Configured enable-demos enable-h3demo no-shared no-fips && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: .github/workflows/make-test
- name: save artifacts
if: success() || failure()
uses: actions/upload-artifact@v5
with:
name: "ci@no-shared-ubuntu"
path: artifacts.tar.gz
no-shared-macos:
runs-on: macos-14
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: ./config --strict-warnings --banner=Configured enable-demos enable-h3demo no-shared no-fips && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
sysctl machdep.cpu
./util/opensslwrap.sh version -c
- name: make test
run: .github/workflows/make-test
- name: save artifacts
if: success() || failure()
uses: actions/upload-artifact@v5
with:
name: "ci@no-shared-macos-14"
path: artifacts.tar.gz
non-caching:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: Adjust ASLR for sanitizer
run: |
sudo cat /proc/sys/vm/mmap_rnd_bits
sudo sysctl -w vm.mmap_rnd_bits=28
- name: config
run: ./config --strict-warnings --banner=Configured --debug enable-demos enable-h3demo enable-asan enable-ubsan no-cached-fetch no-fips no-dtls no-tls1 no-tls1-method no-tls1_1 no-tls1_1-method no-async && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: .github/workflows/make-test OPENSSL_TEST_RAND_ORDER=0 TESTS="-test_fuzz* -test_ssl_* -test_sslapi -test_evp -test_cmp_http -test_verify -test_cms -test_store -test_enc -[01][0-9]"
- name: save artifacts
if: success() || failure()
uses: actions/upload-artifact@v5
with:
name: "ci@non-caching"
path: artifacts.tar.gz
address_ub_sanitizer:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: Adjust ASLR for sanitizer
run: |
sudo cat /proc/sys/vm/mmap_rnd_bits
sudo sysctl -w vm.mmap_rnd_bits=28
- name: config
run: ./config --strict-warnings --banner=Configured --debug enable-demos enable-h3demo enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips enable-lms && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: .github/workflows/make-test OPENSSL_TEST_RAND_ORDER=0
- name: save artifacts
if: success() || failure()
uses: actions/upload-artifact@v5
with:
name: "ci@address_ub_sanitizer"
path: artifacts.tar.gz
fuzz_tests:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: Adjust ASLR for sanitizer
run: |
sudo cat /proc/sys/vm/mmap_rnd_bits
sudo sysctl -w vm.mmap_rnd_bits=28
- name: config
run: ./config --strict-warnings --banner=Configured --debug -DPEDANTIC -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-weak-ssl-ciphers enable-ssl3 enable-ssl3-method enable-nextprotoneg && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: .github/workflows/make-test OPENSSL_TEST_RAND_ORDER=0 TESTS="test_fuzz*"
- name: save artifacts
if: success() || failure()
uses: actions/upload-artifact@v5
with:
name: "ci@fuzz_tests"
path: artifacts.tar.gz
if-no-files-found: ignore
memory_sanitizer:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: Adjust ASLR for sanitizer
run: |
sudo cat /proc/sys/vm/mmap_rnd_bits
sudo sysctl -w vm.mmap_rnd_bits=28
- name: config
# --debug -O1 is to produce a debug build that runs in a reasonable amount of time
run: CC=clang ./config --strict-warnings --banner=Configured --debug no-shared -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY -fno-optimize-sibling-calls enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips enable-lms no-slh-dsa && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: .github/workflows/make-test OPENSSL_TEST_RAND_ORDER=0
- name: save artifacts
if: success() || failure()
uses: actions/upload-artifact@v5
with:
name: "ci@memory_sanitizer"
path: artifacts.tar.gz
threads_sanitizer:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: Adjust ASLR for sanitizer
run: |
sudo cat /proc/sys/vm/mmap_rnd_bits
sudo sysctl -w vm.mmap_rnd_bits=28
- name: config
run: CC=clang ./config --strict-warnings --banner=Configured no-shared no-fips -g -fsanitize=thread && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: .github/workflows/make-test V=1 TESTS="test_lhash test_threads test_internal_provider test_provfetch test_provider test_pbe test_evp_kdf test_pkcs12 test_store test_evp test_quic*"
- name: save artifacts
if: success() || failure()
uses: actions/upload-artifact@v5
with:
name: "ci@threads_sanitizer"
path: artifacts.tar.gz
enable_non-default_options:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: modprobe tls
run: sudo modprobe tls
- name: config
run: ./config --strict-warnings --banner=Configured enable-demos enable-h3demo no-ec enable-ssl-trace enable-zlib enable-zlib-dynamic enable-crypto-mdebug enable-egd enable-ktls enable-fips enable-lms no-threads && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: .github/workflows/make-test
- name: save artifacts
if: success() || failure()
uses: actions/upload-artifact@v5
with:
name: "ci@enable_non-default_options"
path: artifacts.tar.gz
full_featured:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: modprobe tls
run: sudo modprobe tls
- name: Enable sctp
run: sudo modprobe sctp
- name: Enable auth in sctp
run: sudo sysctl -w net.sctp.auth_enable=1
- name: install extra config support
run: sudo apt-get -y install libsctp-dev abigail-tools libzstd-dev zstd
- name: config
run: ./config --strict-warnings --banner=Configured enable-demos enable-h3demo enable-ktls enable-fips enable-lms enable-egd enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-sctp enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-trace enable-zlib enable-zstd && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: .github/workflows/make-test
- name: save artifacts
if: success() || failure()
uses: actions/upload-artifact@v5
with:
name: "ci@full_featured"
path: artifacts.tar.gz
no-legacy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: ./config --strict-warnings --banner=Configured enable-demos enable-h3demo no-legacy enable-fips enable-lms && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: .github/workflows/make-test
- name: save artifacts
if: success() || failure()
uses: actions/upload-artifact@v5
with:
name: "ci@no-legacy"
path: artifacts.tar.gz
legacy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: ./config --strict-warnings --banner=Configured --debug no-afalgeng enable-demos enable-h3demo no-shared enable-crypto-mdebug enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-fips && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: .github/workflows/make-test
- name: save artifacts
if: success() || failure()
uses: actions/upload-artifact@v5
with:
name: "ci@legacy"
path: artifacts.tar.gz
# out-of-source-and-install checks multiple things at the same time:
# - That building, testing and installing works from an out-of-source
# build tree
# - That building, testing and installing works with a read-only source
# tree
out-of-readonly-source-and-install-ubuntu:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
path: ./source
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
working-directory: ./source
- name: make source read-only
run: chmod -R a-w ./source
- name: create build and install directories
run: |
mkdir ./build
mkdir ./install
- name: config
run: |
../source/config --banner=Configured enable-demos enable-h3demo enable-fips enable-lms enable-quic enable-acvp-tests --strict-warnings --prefix=$(cd ../install; pwd)
perl configdata.pm --dump
working-directory: ./build
- name: make
run: make -s -j4
working-directory: ./build
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
working-directory: ./build
- name: make test
run: ../source/.github/workflows/make-test
working-directory: ./build
- name: save artifacts
if: success() || failure()
uses: actions/upload-artifact@v5
with:
name: "ci@out-of-readonly-source-and-install-ubuntu"
path: build/artifacts.tar.gz
- name: make install
run: make install
working-directory: ./build
out-of-readonly-source-and-install-macos:
runs-on: macos-15
steps:
- uses: actions/checkout@v5
with:
path: ./source
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
working-directory: ./source
- name: make source read-only
run: chmod -R a-w ./source
- name: create build and install directories
run: |
mkdir ./build
mkdir ./install
- name: config
run: |
../source/config --banner=Configured enable-fips enable-lms enable-demos enable-h3demo enable-quic enable-acvp-tests --strict-warnings --prefix=$(cd ../install; pwd)
perl configdata.pm --dump
working-directory: ./build
- name: make
run: make -s -j4
working-directory: ./build
- name: get cpu info
run: |
sysctl machdep.cpu
./util/opensslwrap.sh version -c
working-directory: ./build
- name: make test
run: ../source/.github/workflows/make-test
working-directory: ./build
- name: save artifacts
if: success() || failure()
uses: actions/upload-artifact@v5
with:
name: "ci@out-of-readonly-source-and-install-macos-15"
path: build/artifacts.tar.gz
- name: make install
run: make install
working-directory: ./build
external-tests-misc:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
submodules: recursive
persist-credentials: false
- name: package installs
run: |
sudo apt-get update
sudo apt-get -yq install bison gettext keyutils ldap-utils libldap2-dev libkeyutils-dev python3 python3-paste python3-pyrad slapd tcsh python3-virtualenv virtualenv python3-kdcproxy gdb libtls-dev wget gpg
- name: install cpanm and Test2::V0 for gost_engine testing
uses: perl-actions/install-with-cpanm@10d60f00b4073f484fc29d45bfbe2f776397ab3d # v1.7
with:
install: Test2::V0
- name: setup hostname workaround
run: sudo hostname localhost
- name: config
run: ./config --strict-warnings --banner=Configured --debug no-afalgeng enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 enable-external-tests no-fips && perl configdata.pm --dump
- name: make
run: make -s -j4
- uses: dtolnay/rust-toolchain@0f44b27771c32bda9f458f75a1e241b09791b331
with:
toolchain: stable
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: test external gost-engine
run: make test TESTS="test_external_gost_engine"
- name: test external krb5
run: make test TESTS="test_external_krb5"
- name: test external tlsfuzzer
run: make test TESTS="test_external_tlsfuzzer"
- name: test external Cloudflare quiche
run: make test TESTS="test_external_cf_quiche" VERBOSE=1
- name: test external rpki client
run: make test TESTS="test_external_rpki-client-portable"
- name: test ability to produce debuginfo files
run: |
make debuginfo
gdb < <(echo -e "file ./libcrypto.so.4\nquit") > ./results
grep -q "Reading symbols from.*libcrypto\.so\.4\.debug" results
external-tests-oqs-provider:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
submodules: recursive
persist-credentials: false
- name: config
run: ./config --strict-warnings --banner=Configured --debug enable-external-tests && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: test external oqs-provider
run: make test TESTS="test_external_oqsprovider"
external-tests-pkcs11-provider:
runs-on: ubuntu-latest
container: fedora:latest
steps:
- name: package installs
run: |
dnf install -y perl-FindBin perl-IPC-Cmd perl-File-Compare perl-File-Copy perl-Test-Simple perl-Test-Harness python3 make g++ perl git meson opensc expect kryoptic
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora and pkcs11-provider submodule
run: |
git config --global --add safe.directory /__w/openssl/openssl
git submodule update --init --depth 1 fuzz/corpora
git submodule update --init --depth 1 pkcs11-provider
- name: config
run: ./config --strict-warnings --banner=Configured --debug enable-external-tests no-fips && perl configdata.pm --dump
- name: make
run: make -s -j4
# Run all tests except external tests to make sure they work fine on Fedora because
# this is the only job running on Fedora, only then execute pkcs11-provider external
# test.
- name: test (except external tests)
run: make test TESTS="-test_external_*"
- name: test external pkcs11-provider
run: make test TESTS="test_external_pkcs11_provider" VERBOSE=1
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
external-tests-pyca:
runs-on: ubuntu-latest
strategy:
matrix:
PYTHON:
- 3.9
steps:
- uses: actions/checkout@v5
with:
submodules: recursive
persist-credentials: false
- name: package installs
run: |
sudo apt-get update
sudo apt-get -yq install pkgconf libssl-dev
- name: Configure OpenSSL
run: ./config --strict-warnings --banner=Configured --debug enable-external-tests && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: Setup Python
uses: actions/setup-python@v6.0.0
with:
python-version: ${{ matrix.PYTHON }}
- uses: dtolnay/rust-toolchain@0f44b27771c32bda9f458f75a1e241b09791b331
with:
toolchain: stable
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: test external pyca
run: make test TESTS="test_external_pyca" VERBOSE=1

82
.github/workflows/compiler-zoo.yml vendored
View File

@@ -1,82 +0,0 @@
# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
name: Compiler Zoo CI
on: [push]
permissions:
contents: read
jobs:
gcc:
strategy:
fail-fast: false
matrix:
gcc: [gcc-9, gcc-10, gcc-11, gcc-12, gcc-13, gcc-14]
runs-on: ubuntu-24.04
steps:
- name: install packages
run: |
sudo apt-get update
sudo apt-get -y install ${{ matrix.gcc }}
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
env:
CC: ${{ matrix.gcc }}
run: |
./config --strict-warnings --banner=Configured no-shared enable-fips
- name: config dump
run: ./configdata.pm --dump
- name: make
run: make -s -j
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
clang:
strategy:
fail-fast: false
matrix:
clang: [clang-11, clang-12, clang-13, clang-14, clang-15, clang-16, clang-17, clang-18, clang-19, clang-20]
runs-on: ubuntu-22.04
steps:
- name: install packages
run: |
set -euo pipefail
VERSION=$(awk -F- '{print $NF}' <<< ${{ matrix.clang }})
wget -qO- https://apt.llvm.org/llvm-snapshot.gpg.key | sudo tee /etc/apt/trusted.gpg.d/apt.llvm.org.asc
echo "deb http://apt.llvm.org/jammy/ llvm-toolchain-jammy-$VERSION main" | sudo tee -a /etc/apt/sources.list
sudo apt-get update || true
sudo apt-get -y install ${{ matrix.clang }}
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
env:
CC: ${{ matrix.clang }}
run: |
./config --strict-warnings --banner=Configured no-shared enable-fips
- name: config dump
run: ./configdata.pm --dump
- name: make
run: make -s -j
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}

135
.github/workflows/coveralls.yml vendored
View File

@@ -1,135 +0,0 @@
# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
name: Coverage
on:
schedule:
- cron: '15 02 * * *'
workflow_dispatch:
inputs:
branch:
description: Branch to measure coverage
required: true
default: master
extra_config:
description: Extra options for configuration script
default: ""
permissions:
contents: read
jobs:
define-matrix:
runs-on: ubuntu-latest
outputs:
branches: ${{ steps.branches.outputs.branches }}
steps:
- name: Define branches
id: branches
env:
GITHUB_EVENT_INPUTS_BRANCH: ${{ github.event.inputs.branch }}
GITHUB_EVENT_INPUTS_EXTRA_CONFIG: ${{ github.event.inputs.extra_config }}
run: |
if [ "${{ github.event_name}}" = "workflow_dispatch" ]; then
MATRIX=$(cat << EOF
[{
"branch": "${GITHUB_EVENT_INPUTS_BRANCH}",
"extra_config": "${GITHUB_EVENT_INPUTS_EXTRA_CONFIG}"
}]
EOF
)
else
MATRIX=$(cat << EOF
[{
"branch": "openssl-3.6",
"extra_config": "no-afalgeng enable-fips enable-tfo"
},{
"branch": "openssl-3.5",
"extra_config": "no-afalgeng enable-fips enable-tfo"
},{
"branch": "openssl-3.4",
"extra_config": "no-afalgeng enable-fips enable-tfo"
}, {
"branch": "openssl-3.3",
"extra_config": "no-afalgeng enable-fips enable-tfo"
}, {
"branch": "openssl-3.2",
"extra_config": "no-afalgeng enable-fips enable-tfo"
}, {
"branch": "openssl-3.1",
"extra_config": "no-afalgeng enable-fips"
}, {
"branch": "openssl-3.0",
"extra_config": "no-afalgeng enable-fips"
}, {
"branch": "master",
"extra_config": "no-afalgeng enable-fips enable-tfo enable-lms enable-crypto-mdebug enable-allocfail-tests"
}]
EOF
)
fi
echo "branches<<EOF"$'\n'"$MATRIX"$'\n'EOF >> "$GITHUB_OUTPUT"
coverage:
if: github.repository == 'openssl/openssl'
needs: define-matrix
permissions:
checks: write # for coverallsapp/github-action to create new checks
contents: read # for actions/checkout to fetch code
strategy:
fail-fast: false
matrix:
branches: ${{ fromJSON(needs.define-matrix.outputs.branches) }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
submodules: recursive
ref: ${{ matrix.branches.branch }}
persist-credentials: false
- name: cache commit id
run: |
echo "githubid=`/usr/bin/git log -1 --format='%H'`" >>$GITHUB_ENV
- name: package installs
run: |
sudo apt-get update
sudo apt-get -yq install lcov
sudo apt-get -yq install bison gettext keyutils ldap-utils libldap2-dev libkeyutils-dev python3 python3-paste python3-pyrad slapd tcsh python3-virtualenv virtualenv python3-kdcproxy
- name: install Test2::V0 for gost_engine testing
uses: perl-actions/install-with-cpanm@10d60f00b4073f484fc29d45bfbe2f776397ab3d #v1.7
with:
install: Test2::V0
- name: setup hostname workaround
run: sudo hostname localhost
- name: config
run: CC=gcc ./config --debug --coverage ${{ matrix.branches.extra_config }} no-asm enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 enable-buildtest-c++ enable-ssl-trace enable-trace
- name: config dump
run: ./configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: make test TESTS='-test_external_krb5' EVP_TEST_EXTENDED=1
- name: generate coverage info
run: lcov -d . -c
--exclude "${PWD}/test/*"
--exclude "${PWD}/fuzz/*"
--exclude "/usr/include/*"
--ignore-errors mismatch
--branch-coverage
-o ./lcov.info
- name: Coveralls upload
uses: coverallsapp/github-action@648a8eb78e6d50909eff900e4ec85cab4524a45b #v2.3.6
with:
github-token: ${{ secrets.github_token }}
git-branch: ${{ matrix.branches.branch }}
git-commit: ${{ env.githubid }}
path-to-lcov: ./lcov.info

237
.github/workflows/cross-compiles.yml vendored
View File

@@ -1,237 +0,0 @@
# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
name: Cross Compile
on: [pull_request, push]
permissions:
contents: read
jobs:
cross-compilation:
strategy:
fail-fast: false
matrix:
# The platform matrix specifies:
# arch: the architecture to build for, this defines the tool-chain
# prefix {arch}- and the Debian compiler package gcc-{arch}
# name.
# libs: the Debian package for the necessary link/runtime libraries.
# target: the OpenSSL configuration target to use, this is passed
# directly to the config command line.
# fips: set to "no" to disable building FIPS, leave unset to
# build the FIPS provider.
# tests: omit this to run all the tests using QEMU, set it to "none"
# to never run the tests, otherwise its value is passed to
# the "make test" command to allow selective disabling of
# tests.
# qemucpu: optional; string that describes CPU properties.
# The string will be used to set the QEMU_CPU variable.
# opensslcapsname: optional; string that describes the postfix of the
# OpenSSL environment variable that defines CPU
# capabilities. E.g. "foo" will result in an
# environment variable with the name OPENSSL_foo.
# opensslcaps: optional; if opensslcapsname (see above) is set, then
# this string will be used as content for the OpenSSL
# capabilities variable.
# ppa: Launchpad PPA repository to download packages from.
platform: [
{
arch: i386-pc-msdosdjgpp,
libs: libc-djgpp-dev libwatt-djgpp-dev djgpp-utils,
target: no-threads 386 DJGPP,
tests: none,
ppa: jwt27/djgpp-toolchain
}, {
arch: aarch64-linux-gnu,
libs: libc6-dev-arm64-cross,
target: linux-aarch64,
fips: no
}, {
arch: alpha-linux-gnu,
libs: libc6.1-dev-alpha-cross,
target: linux-alpha-gcc,
fips: no
}, {
arch: arm-linux-gnueabi,
libs: libc6-dev-armel-cross,
target: linux-armv4,
fips: no,
tests: -test_includes -test_store -test_x509_store
}, {
arch: arm-linux-gnueabihf,
libs: libc6-dev-armhf-cross,
target: linux-armv4,
fips: no,
tests: -test_includes -test_store -test_x509_store
}, {
# gcc hppa seems to have some potential compiler issues
# with -O2 on this platform, reduce optimization to -01
arch: hppa-linux-gnu,
libs: libc6-dev-hppa-cross,
target: -static -O1 linux-generic32,
fips: no,
tests: -test_includes -test_store -test_x509_store
}, {
arch: m68k-linux-gnu,
libs: libc6-dev-m68k-cross,
target: -static -m68040 linux-latomic -Wno-stringop-overflow,
fips: no,
tests: -test_includes -test_store -test_x509_store
}, {
arch: mips-linux-gnu,
libs: libc6-dev-mips-cross,
target: -static linux-mips32,
fips: no,
tests: -test_includes -test_store -test_x509_store
}, {
arch: mips64-linux-gnuabi64,
libs: libc6-dev-mips64-cross,
target: -static linux64-mips64,
fips: no
}, {
arch: mipsel-linux-gnu,
libs: libc6-dev-mipsel-cross,
target: linux-mips32,
fips: no,
tests: -test_includes -test_store -test_x509_store
}, {
arch: powerpc64le-linux-gnu,
libs: libc6-dev-ppc64el-cross,
target: linux-ppc64le,
fips: no
}, {
arch: riscv64-linux-gnu,
libs: libc6-dev-riscv64-cross,
target: linux64-riscv64,
fips: no
}, {
arch: s390x-linux-gnu,
libs: libc6-dev-s390x-cross,
target: linux64-s390x,
fips: no
}, {
arch: sh4-linux-gnu,
libs: libc6-dev-sh4-cross,
target: no-async linux-latomic,
fips: no,
tests: -test_includes -test_store -test_x509_store
},
# These build with shared libraries but they crash when run
# They mirror static builds above in order to cover more of the
# code base.
{
arch: hppa-linux-gnu,
libs: libc6-dev-hppa-cross,
target: linux-generic32,
tests: none
}, {
arch: m68k-linux-gnu,
libs: libc6-dev-m68k-cross,
target: -mcfv4e -mxgot linux-latomic -Wno-stringop-overflow no-quic,
tests: none
}, {
arch: mips-linux-gnu,
libs: libc6-dev-mips-cross,
target: linux-mips32,
tests: none
}, {
arch: mips64-linux-gnuabi64,
libs: libc6-dev-mips64-cross,
target: linux64-mips64,
tests: none
},
# This build doesn't execute either with or without shared libraries.
{
arch: sparc64-linux-gnu,
libs: libc6-dev-sparc64-cross,
target: linux64-sparcv9,
tests: none
}
]
runs-on: ubuntu-latest
steps:
- name: install package repository
if: matrix.platform.ppa != ''
run: |
sudo add-apt-repository ppa:${{ matrix.platform.ppa }}
- name: install packages
run: |
sudo apt-get update
sudo apt-get -yq --allow-unauthenticated --allow-downgrades --allow-remove-essential --allow-change-held-packages install \
gcc-${{ matrix.platform.arch }} \
${{ matrix.platform.libs }}
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config with FIPS
if: matrix.platform.fips != 'no'
run: |
./config --banner=Configured --strict-warnings enable-fips enable-lms \
--cross-compile-prefix=${{ matrix.platform.arch }}- \
${{ matrix.platform.target }}
- name: config without FIPS
if: matrix.platform.fips == 'no'
run: |
./config --banner=Configured --strict-warnings enable-lms \
--cross-compile-prefix=${{ matrix.platform.arch }}- \
${{ matrix.platform.target }}
- name: config dump
run: ./configdata.pm --dump
- name: make
run: make -s -j4
- name: install qemu
if: matrix.platform.tests != 'none'
run: sudo apt-get -yq --allow-unauthenticated --allow-downgrades --allow-remove-essential --allow-change-held-packages install qemu-user
- name: Set QEMU environment
if: matrix.platform.qemucpu != ''
run: echo "QEMU_CPU=${{ matrix.platform.qemucpu }}" >> $GITHUB_ENV
- name: Set OpenSSL caps environment
if: matrix.platform.opensslcapsname != ''
run: echo "OPENSSL_${{ matrix.platform.opensslcapsname }}=\
${{ matrix.platform.opensslcaps }}" >> $GITHUB_ENV
- name: get cpu info
if: matrix.platform.tests != 'none'
run: |
cat /proc/cpuinfo
QEMU_LD_PREFIX=/usr/${{ matrix.platform.arch }} ./util/opensslwrap.sh version -c
- name: make all tests
if: github.event_name == 'push' && matrix.platform.tests == ''
run: |
.github/workflows/make-test \
TESTS="-test_afalg" \
QEMU_LD_PREFIX=/usr/${{ matrix.platform.arch }}
- name: make some tests
if: github.event_name == 'push' && matrix.platform.tests != 'none' && matrix.platform.tests != ''
run: |
.github/workflows/make-test \
TESTS="${{ matrix.platform.tests }} -test_afalg" \
QEMU_LD_PREFIX=/usr/${{ matrix.platform.arch }}
- name: make evp tests
if: github.event_name == 'pull_request' && matrix.platform.tests != 'none'
run: |
.github/workflows/make-test \
TESTS="test_evp*" \
QEMU_LD_PREFIX=/usr/${{ matrix.platform.arch }}
- name: save artifacts
if: success() || failure()
uses: actions/upload-artifact@v5
with:
name: "cross-compiles@${{ matrix.platform.arch }}"
path: artifacts.tar.gz
if-no-files-found: ignore

26
.github/workflows/deploy-docs-openssl-org.yml vendored
View File

@@ -1,26 +0,0 @@
name: "Trigger docs.openssl.org deployment"
on:
push:
branches:
- "openssl-3.[0-9]+"
- "master"
paths:
- "doc/man*/**"
permissions: {}
jobs:
trigger:
if: github.repository == 'openssl/openssl'
runs-on: ubuntu-latest
steps:
- name: "Trigger deployment workflow"
run: |
gh workflow run -f branch=${GITHUB_REF_NAME} deploy-site.yaml
sleep 3
RUN_ID=$(gh run list -w deploy-site.yaml -L 1 --json databaseId -q ".[0].databaseId")
gh run watch ${RUN_ID} --exit-status
env:
GH_REPO: "openssl/openssl-docs"
GH_TOKEN: ${{ secrets.OPENSSL_MACHINE_TOKEN }}

123
.github/workflows/fips-checksums.yml vendored
View File

@@ -1,123 +0,0 @@
# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
name: FIPS Check and ABIDIFF
on: [pull_request]
permissions:
contents: read
jobs:
compute-checksums:
runs-on: ubuntu-latest
steps:
- name: install unifdef
run: |
sudo apt-get update
sudo apt-get -yq --no-install-suggests --no-install-recommends --allow-unauthenticated --allow-downgrades --allow-remove-essential --allow-change-held-packages install unifdef
- name: create build dirs
run: |
mkdir ./build-pristine
mkdir ./source-pristine
mkdir ./build
mkdir ./source
mkdir ./artifact
- uses: actions/checkout@v5
with:
repository: ${{ github.event.pull_request.base.repo.full_name }}
ref: ${{ github.event.pull_request.base.ref }}
path: source-pristine
persist-credentials: false
- name: config pristine
run: ../source-pristine/config enable-fips
working-directory: ./build-pristine
- name: config pristine dump
run: ./configdata.pm --dump
working-directory: ./build-pristine
- name: make build_generated pristine
run: make -s build_generated
working-directory: ./build-pristine
- name: make fips-checksums pristine
run: make fips-checksums
working-directory: ./build-pristine
- uses: actions/checkout@v5
with:
path: source
persist-credentials: false
- name: config
run: ../source/config enable-fips
working-directory: ./build
- name: config dump
run: ./configdata.pm --dump
working-directory: ./build
- name: make build_generated
run: make -s build_generated
working-directory: ./build
- name: make fips-checksums
run: make fips-checksums
working-directory: ./build
- name: update checksums
run: |
cp -a build-pristine/providers/fips.module.sources.new source/providers/fips.module.sources
cp -a build-pristine/providers/fips-sources.checksums.new source/providers/fips-sources.checksums
cp -a build-pristine/providers/fips.checksum.new source/providers/fips.checksum
- name: make diff-fips-checksums
run: make diff-fips-checksums && touch ../artifact/fips_unchanged || ( touch ../artifact/fips_changed ; echo FIPS CHANGED )
working-directory: ./build
- name: save PR number
run: echo ${{ github.event.number }} > ./artifact/pr_num
- name: save artifact
uses: actions/upload-artifact@v4
with:
name: fips_checksum
path: artifact/
compute-abidiff:
runs-on: ubuntu-latest
env:
BUILD_OPTS: -g --strict-warnings enable-ktls enable-fips enable-egd enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-sctp enable-ssl3 enable-ssl3-method enable-trace enable-zlib enable-zstd
steps:
- name: create build dirs
run: |
mkdir ./build-pristine
mkdir ./source-pristine
mkdir ./build
mkdir ./source
mkdir ./artifact
- name: install extra config support
run: sudo apt-get -y install libsctp-dev abigail-tools libzstd-dev zstd
- uses: actions/checkout@v5
with:
repository: ${{ github.event.pull_request.base.repo.full_name }}
ref: ${{ github.event.pull_request.base.ref }}
path: source-pristine
persist-credentials: false
- name: config pristine
run: ../source-pristine/config --banner=Configured $BUILD_OPTS && perl configdata.pm --dump
working-directory: ./build-pristine
- name: make pristine
run: make -s -j4
working-directory: ./build-pristine
- uses: actions/checkout@v5
with:
path: source
persist-credentials: false
- name: config
run: ../source/config --banner=Configured $BUILD_OPTS && perl configdata.pm --dump
working-directory: ./build
- name: make
run: make -s -j4
working-directory: ./build
- name: abidiff
run: abidiff --headers-dir1 build-pristine/include/openssl --headers-dir2 build/include/openssl --drop-private-types ./build-pristine/libcrypto.so ./build/libcrypto.so && abidiff --headers-dir1 build-pristine/include/openssl --headers-dir2 build/include/openssl --drop-private-types ./build-pristine/libssl.so ./build/libssl.so && touch ./artifact/abi_unchanged || ( touch ./artifact/abi_changed ; echo ABI CHANGED )
- name: save PR number
run: echo ${{ github.event.number }} > ./artifact/pr_num
- name: save artifact
uses: actions/upload-artifact@v5
with:
name: abidiff
path: artifact/

141
.github/workflows/fips-label.yml vendored
View File

@@ -1,141 +0,0 @@
# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
name: FIPS and ABI Changed Label
on:
workflow_run:
workflows: ["FIPS Check and ABIDIFF"]
types:
- completed
permissions:
contents: read
jobs:
apply-label:
permissions:
actions: read
pull-requests: write
runs-on: ubuntu-latest
if: ${{ github.event.workflow_run.event == 'pull_request' }}
steps:
- name: 'Download fipscheck artifact'
if: ${{ github.event.workflow_run.conclusion == 'success' }}
uses: actions/github-script@v8
with:
script: |
var artifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: ${{github.event.workflow_run.id }},
});
var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
return artifact.name == "fips_checksum"
})[0];
var download = await github.rest.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: matchArtifact.id,
archive_format: 'zip',
});
var fs = require('fs');
fs.writeFileSync('${{github.workspace}}/artifact.zip', Buffer.from(download.data));
- run: unzip artifact.zip
if: ${{ github.event.workflow_run.conclusion == 'success' }}
- name: 'Check artifact and apply'
if: ${{ github.event.workflow_run.conclusion == 'success' }}
uses: actions/github-script@v8
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
var fs = require('fs');
var pr_num = Number(fs.readFileSync('./pr_num'));
if ( fs.existsSync('./fips_changed') ) {
github.rest.issues.addLabels({
issue_number: pr_num,
owner: context.repo.owner,
repo: context.repo.repo,
labels: ['severity: fips change']
});
} else if ( fs.existsSync('./fips_unchanged') ) {
var labels = await github.rest.issues.listLabelsOnIssue({
issue_number: pr_num,
owner: context.repo.owner,
repo: context.repo.repo
});
for ( var label in labels.data ) {
if (labels.data[label].name == 'severity: fips change') {
github.rest.issues.removeLabel({
issue_number: pr_num,
owner: context.repo.owner,
repo: context.repo.repo,
name: 'severity: fips change'
});
}
}
}
- name: 'Cleanup artifact'
if: ${{ github.event.workflow_run.conclusion == 'success' }}
run: rm artifact.zip pr_num
- name: 'Download abidiff artifact'
if: ${{ github.event.workflow_run.conclusion == 'success' }}
uses: actions/github-script@v8
with:
script: |
var artifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: ${{github.event.workflow_run.id }},
});
var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
return artifact.name == "abidiff"
})[0];
var download = await github.rest.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: matchArtifact.id,
archive_format: 'zip',
});
var fs = require('fs');
fs.writeFileSync('${{github.workspace}}/artifact.zip', Buffer.from(download.data));
- run: unzip artifact.zip
if: ${{ github.event.workflow_run.conclusion == 'success' }}
- name: 'Check artifact and apply'
if: ${{ github.event.workflow_run.conclusion == 'success' }}
uses: actions/github-script@v8
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
var fs = require('fs');
var pr_num = Number(fs.readFileSync('./pr_num'));
if ( fs.existsSync('./abi_changed') ) {
github.rest.issues.addLabels({
issue_number: pr_num,
owner: context.repo.owner,
repo: context.repo.repo,
labels: ['severity: ABI change']
});
} else if ( fs.existsSync('./abi_unchanged') ) {
var labels = await github.rest.issues.listLabelsOnIssue({
issue_number: pr_num,
owner: context.repo.owner,
repo: context.repo.repo
});
for ( var label in labels.data ) {
if (labels.data[label].name == 'severity: ABI change') {
github.rest.issues.removeLabel({
issue_number: pr_num,
owner: context.repo.owner,
repo: context.repo.repo,
name: 'severity: ABI change'
});
}
}
}

81
.github/workflows/fuzz-checker.yml vendored
View File

@@ -1,81 +0,0 @@
# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
name: Fuzz-checker CI
on: [push]
permissions:
contents: read
jobs:
fuzz-checker:
strategy:
fail-fast: false
matrix:
fuzzy: [
{
name: AFL,
config: enable-fuzz-afl no-module,
install: afl++,
cc: afl-clang-fast
}, {
name: libFuzzer,
config: enable-fuzz-libfuzzer enable-asan enable-ubsan -fno-sanitize=function,
libs: --with-fuzzer-lib=/usr/lib/llvm-18/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/18/include/fuzzer,
install: libfuzzer-18-dev,
cc: clang-18,
linker: clang++-18,
tests: -test_memleak
}, {
name: libFuzzer+,
config: enable-fuzz-libfuzzer enable-asan enable-ubsan -fno-sanitize=function -fsanitize-coverage=trace-cmp -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION,
libs: --with-fuzzer-lib=/usr/lib/llvm-18/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/18/include/fuzzer,
extra: enable-fips enable-lms enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment enable-tls1_3 enable-weak-ssl-ciphers enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg,
install: libfuzzer-18-dev,
cc: clang-18,
linker: clang++-18,
tests: -test_memleak
}
]
runs-on: ubuntu-24.04
steps:
- name: install packages
run: |
sudo apt-get update
sudo apt-get -yq --allow-unauthenticated --allow-downgrades --allow-remove-essential --allow-change-held-packages install ${{ matrix.fuzzy.install }}
- name: Adjust ASLR for sanitizer
run: |
sudo cat /proc/sys/vm/mmap_rnd_bits
sudo sysctl -w vm.mmap_rnd_bits=28
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: config
run: |
CC=${{ matrix.fuzzy.cc }} ./config --banner=Configured no-shared \
${{ matrix.fuzzy.config }} ${{ matrix.fuzzy.libs }} ${{ matrix.fuzzy.extra }}
- name: config dump
run: ./configdata.pm --dump
- name: make with explicit linker
if: matrix.fuzzy.linker != ''
run: LDCMD=${{ matrix.fuzzy.linker }} make -s -j4
- name: make sans explicit linker
if: matrix.fuzzy.linker == ''
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test restricted
if: matrix.fuzzy.tests != ''
run: AFL_MAP_SIZE=300000 make test HARNESS_JOBS=${HARNESS_JOBS:-4} TESTS="${{ matrix.fuzzy.tests }}"
- name: make test all
if: matrix.fuzzy.tests == ''
run: AFL_MAP_SIZE=300000 make test HARNESS_JOBS=${HARNESS_JOBS:-4}

106
.github/workflows/interop-tests.yml vendored
View File

@@ -1,106 +0,0 @@
# Notes:
# /__w/openssl is the path that github bind-mounts into the container so the ci
# filesystem for this job can be reached. Please note that any changes made to
# this job involving file system paths should be made prefixed with, or relative
# to that directory
name: Interoperability tests with GnuTLS, NSS and OpenSSH
on:
schedule:
- cron: '55 02 * * *'
workflow_dispatch:
permissions: {}
jobs:
test:
if: github.repository == 'openssl/openssl'
runs-on: ubuntu-22.04
container:
image: docker.io/fedora:40
options: --sysctl net.ipv6.conf.lo.disable_ipv6=0
timeout-minutes: 90
strategy:
fail-fast: false
matrix:
COMPONENT: [gnutls, nss]
env:
COMPONENT: ${{ matrix.COMPONENT }}
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: Display environment
run: export
- name : Install needed tools
run: |
dnf -y install perl gcc rpmdevtools dnf-utils make tmt-all beakerlib \
fips-mode-setup crypto-policies-scripts
- name: install interop tests
run: |
cd ${GITHUB_WORKSPACE}
git clone --branch=openssl-v0.1 --depth=1 https://gitlab.com/redhat-crypto/tests/interop.git
- name: build openssl as an rpm
run: |
mkdir -p /build/SPECS && cd /build && echo -e "%_topdir /build\n%_lto_cflags %{nil}" >~/.rpmmacros && rpmdev-setuptree
cd /build && cp ${GITHUB_WORKSPACE}/interop/openssl/openssl.spec SPECS/ && \
cd SPECS/ && source ${GITHUB_WORKSPACE}/VERSION.dat && \
sed -i "s/soversion 3/soversion $SHLIB_VERSION/;s/^Version: .*\$/Version: $MAJOR.$MINOR.$PATCH/" openssl.spec && \
sed -i 's/^Release: .*$/Release: dev/' openssl.spec
yum-builddep -y /build/SPECS/openssl.spec # just for sure nothing is missing
mkdir -p /build/SOURCES
tar --transform "s/^__w\/openssl\/openssl/openssl-$MAJOR.$MINOR.$PATCH/" -czf /build/SOURCES/openssl-$MAJOR.$MINOR.$PATCH.tar.gz /__w/openssl/openssl/
rpmbuild -bb /build/SPECS/openssl.spec
rpm -i --force /build/RPMS/x86_64/openssl-*
cp ${GITHUB_WORKSPACE}/interop/openssl/openssl.cnf /etc/pki/tls/openssl.cnf
- name: Run interop tests
run: |
cd interop
tmt run -av plans -n interop tests -f "tag: interop-openssl & tag: interop-$COMPONENT" provision -h local --feeling-safe execute -h tmt --interactive
openssl version
echo "Finished - important to prevent unwanted output truncating"
openssh_interop:
if: github.repository == 'openssl/openssl'
name: "openssh interop ${{ matrix.branch.openssl }}"
strategy:
fail-fast: false
matrix:
branch: [
{ openssl: 'master', openssh: 'openssl-master', openssl_config: 'no-docs'},
{ openssl: 'openssl-3.6', openssh: 'openssl-3.6', openssl_config: 'no-docs'},
{ openssl: 'openssl-3.5', openssh: 'openssl-3.5', openssl_config: 'no-docs'},
{ openssl: 'openssl-3.4', openssh: 'openssl-3.4', openssl_config: 'no-docs'},
{ openssl: 'openssl-3.3', openssh: 'openssl-3.3', openssl_config: 'no-docs'},
{ openssl: 'openssl-3.2', openssh: 'openssl-3.2', openssl_config: 'no-docs'},
{ openssl: 'openssl-3.0', openssh: 'openssl-3.0', openssl_config: ''}
]
runs-on: ubuntu-latest
env:
EPHEMERAL_VM: yes
TEST_SSH_UNSAFE_PERMISSIONS: 1
TEST_SSH_HOSTBASED_AUTH: yes
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
ref: ${{ matrix.branch.openssl }}
fetch-depth: 1
- name: config
run: ./config --banner=Configured -fPIC --prefix=/opt/openssl ${{ matrix.openssl_config }} shared -Wl,-rpath,/opt/openssl/lib64 && perl configdata.pm --dump
- name: make
run: |
make -s -j4
make -s -j4 install_sw
- name: install dependencies of openssh
run: |
sudo apt-get update
sudo apt-get -yq install autoconf zlib1g-dev
- name: run openssh
run: |
git clone --branch master --depth 1 https://github.com/openssh/openssh-portable.git
cd openssh-portable
sh ./.github/setup_ci.sh ${{ matrix.branch.openssh }} ubuntu-latest
autoreconf
sh ./.github/configure.sh ${{ matrix.branch.openssh }}
make clean
make -s -j4
sh ./.github/run_test.sh

47
.github/workflows/make-release.yml vendored
View File

@@ -1,47 +0,0 @@
# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
name: "Make release"
on:
push:
tags:
- "openssl-*"
permissions: {}
jobs:
release:
runs-on: "releaser"
steps:
- name: "Checkout"
uses: "actions/checkout@v5"
with:
fetch-depth: 1
ref: ${{ github.ref_name }}
github-server-url: "https://github.openssl.org/"
repository: "openssl/openssl"
token: ${{ secrets.GHE_TOKEN }}
path: ${{ github.ref_name }}
persist-credentials: false
- name: "Prepare assets"
env:
SIGNING_KEY_UID: ${{ vars.signing_key_uid }}
run: |
cd "$GITHUB_REF_NAME"
./util/mktar.sh
mkdir -p assets && mv "$GITHUB_REF_NAME.tar.gz" assets/ && cd assets
openssl sha1 -r "$GITHUB_REF_NAME.tar.gz" > "$GITHUB_REF_NAME.tar.gz.sha1"
openssl sha256 -r "$GITHUB_REF_NAME.tar.gz" > "$GITHUB_REF_NAME.tar.gz.sha256"
gpg -u "$SIGNING_KEY_UID" -o "$GITHUB_REF_NAME.tar.gz.asc" -sba "$GITHUB_REF_NAME.tar.gz"
- name: "Create release"
env:
GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
run: |
VERSION="$(echo "$GITHUB_REF_NAME" | cut -d '-' -f 2-)"
PRE_RELEASE=$([[ "$GITHUB_REF_NAME" =~ alpha|beta ]] && echo "-p" || echo "")
gh release create "$GITHUB_REF_NAME" $PRE_RELEASE -t "OpenSSL $VERSION" -d --notes " " -R "$GITHUB_REPOSITORY" "$GITHUB_REF_NAME/assets/"*

43
.github/workflows/make-test vendored
View File

@@ -1,43 +0,0 @@
#!/usr/bin/env bash
set -eo pipefail
cleanup() {
# Remove if nothing was generated.
[ -d artifacts ] && find artifacts -type d -empty -delete
}
trap cleanup EXIT
# Make a central directory to store all output artifacts of our test run to
# avoid having to configure multiple upload-artifacts steps in the workflow
# file.
OSSL_CI_ARTIFACTS_PATH="artifacts/"
if [ -n "${GITHUB_RUN_NUMBER}" ]; then
OSSL_CI_ARTIFACTS_PATH="artifacts/github-${GITHUB_JOB}-${GITHUB_RUN_NUMBER}-${GITHUB_RUN_ID}/"
fi
mkdir -p "$OSSL_CI_ARTIFACTS_PATH"
export OSSL_CI_ARTIFACTS_PATH="$(cd "$OSSL_CI_ARTIFACTS_PATH"; pwd)"
# Run the tests. This might fail, but we need to capture artifacts anyway.
set +e
make test HARNESS_JOBS=${HARNESS_JOBS:-4} "$@"
RESULT=$?
set -e
# Move an interesting subset of the test-runs data we want into the artifacts
# staging directory.
for test_name in quic_multistream; do
if [ -d "test-runs/test_${test_name}" ]; then
mv "test-runs/test_${test_name}" "$OSSL_CI_ARTIFACTS_PATH/"
fi
done
# Log the artifact tree.
echo "::group::List of artifact files generated"
echo "Test suite exited with $RESULT, artifacts path is $OSSL_CI_ARTIFACTS_PATH"
(cd "$OSSL_CI_ARTIFACTS_PATH"; find . -type f | sort)
echo "::endgroup::"
echo "Archive artifacts"
tar -czf artifacts.tar.gz $OSSL_CI_ARTIFACTS_PATH
exit $RESULT

302
.github/workflows/os-zoo.yml vendored
View File

@@ -1,302 +0,0 @@
# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
name: OS Zoo CI
on:
schedule:
- cron: '50 02 * * *'
workflow_dispatch:
permissions:
contents: read
jobs:
alpine:
if: github.repository == 'openssl/openssl'
strategy:
fail-fast: false
matrix:
tag: [edge, latest]
cc: [gcc, clang]
runs-on: ubuntu-latest
container:
image: docker.io/library/alpine:${{ matrix.tag }}
env:
# See https://www.openwall.com/lists/musl/2022/02/16/14
# for the reason why -Wno-sign-compare is needed with clang
# -Wno-stringop-overflow is needed to silence a bogus
# warning on new fortify-headers with gcc
EXTRA_CFLAGS: ${{ matrix.cc == 'clang' && '-Wno-sign-compare' || matrix.tag == 'edge' && '-Wno-stringop-overflow' || '' }}
CC: ${{ matrix.cc }}
steps:
- name: install packages
run: apk --no-cache add build-base perl linux-headers ${{ matrix.cc }}
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: config
run: |
./config --strict-warnings --banner=Configured no-shared enable-fips \
${EXTRA_CFLAGS}
- name: config dump
run: ./configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
linux:
if: github.repository == 'openssl/openssl'
strategy:
fail-fast: false
matrix:
zoo:
- image: docker.io/library/debian:11
install: apt-get update && apt-get install -y gcc make perl
- image: docker.io/library/debian:12
install: apt-get update && apt-get install -y gcc make perl
- image: docker.io/library/debian:trixie
install: apt-get update && apt-get install -y gcc make perl
- image: docker.io/library/ubuntu:20.04
install: apt-get update && apt-get install -y gcc make perl
- image: docker.io/library/ubuntu:22.04
install: apt-get update && apt-get install -y gcc make perl
- image: docker.io/library/ubuntu:24.04
install: apt-get update && apt-get install -y gcc make perl
- image: docker.io/library/fedora:41
install: dnf install -y gcc make perl-core
- image: docker.io/library/fedora:42
install: dnf install -y gcc make perl-core
- image: docker.io/library/centos:8
install: |
sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-* && \
sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-* && \
dnf install -y gcc make perl-core
- image: docker.io/library/rockylinux:8
install: dnf install -y gcc make perl-core
- image: docker.io/library/rockylinux:9
install: dnf install -y gcc make perl-core
runs-on: ubuntu-latest
container: ${{ matrix.zoo.image }}
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: install packages
run: ${{ matrix.zoo.install }}
- name: config
run: ./config
- name: config dump
run: ./configdata.pm --dump
- name: make
run: make -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
macos:
if: github.repository == 'openssl/openssl'
strategy:
fail-fast: false
matrix:
os: [macos-14, macos-15, macos-15-intel]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: ./config --strict-warnings --banner=Configured enable-fips enable-demos enable-h3demo
- name: config dump
run: ./configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
sysctl machdep.cpu
./util/opensslwrap.sh version -c
- name: make test
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
windows:
if: github.repository == 'openssl/openssl'
strategy:
fail-fast: false
matrix:
platform:
- os: windows-2022
vcvars: C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat
- os: windows-2025
vcvars: C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat
runs-on: ${{ matrix.platform.os }}
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: install nasm
run: |
choco install nasm
"C:\Program Files\NASM" | Out-File -FilePath "$env:GITHUB_PATH" -Append
- name: prepare the build directory
run: mkdir _build
- name: config
working-directory: _build
shell: cmd
run: |
call "${{ matrix.platform.vcvars }}"
perl ..\Configure --banner=Configured --strict-warnings no-makedepend enable-fips
perl configdata.pm --dump
- name: build
working-directory: _build
shell: cmd
run: |
call "${{ matrix.platform.vcvars }}"
nmake /S
- name: download coreinfo
run: |
mkdir _build\coreinfo
Invoke-WebRequest -Uri "https://download.sysinternals.com/files/Coreinfo.zip" -outfile "_build\coreinfo\Coreinfo.zip"
- name: get cpu info
working-directory: _build
run: |
7z.exe x coreinfo/Coreinfo.zip
./Coreinfo64.exe -accepteula -f
apps/openssl.exe version -c
- name: test
working-directory: _build
shell: cmd
run: |
call "${{ matrix.platform.vcvars }}"
nmake test VERBOSE_FAILURE=yes HARNESS_JOBS=4
linux-arm64:
runs-on: ubuntu-24.04-arm
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: config
run: ./config --strict-warnings enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
- name: config dump
run: ./configdata.pm --dump
- name: make
run: make -j4
- name: get cpu info
run: ./util/opensslwrap.sh version -c
- name: make test
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
linux-ppc64le:
runs-on: linux-ppc64le
if: github.repository == 'openssl/openssl'
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: config
run: ./config --strict-warnings enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
- name: config dump
run: ./configdata.pm --dump
- name: make
run: make -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
linux-s390x:
runs-on: linux-s390x
if: github.repository == 'openssl/openssl'
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: config
run: ./config --strict-warnings enable-fips enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
- name: config dump
run: ./configdata.pm --dump
- name: make
run: make -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
linux-riscv64:
runs-on: linux-riscv64
if: github.repository == 'openssl/openssl'
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: config
run: ./config enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
- name: config dump
run: ./configdata.pm --dump
- name: make
run: make -j8
- name: get cpu info
run: ./util/opensslwrap.sh version -c
- name: make test
env:
OPENSSL_riscvcap: RV64GC_ZBA_ZBB_ZBC_ZBS_ZKT_V
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
freebsd-x86_64:
runs-on: ubuntu-latest
if: github.repository == 'openssl/openssl'
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: config
uses: cross-platform-actions/action@46e8d7fb25520a8d6c64fd2b7a1192611da98eda #v0.30.0
with:
operating_system: freebsd
version: "13.4"
shutdown_vm: false
run: |
sudo pkg install -y gcc perl5
./config --strict-warnings enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
- name: config dump
uses: cross-platform-actions/action@46e8d7fb25520a8d6c64fd2b7a1192611da98eda #v0.30.0
with:
operating_system: freebsd
version: "13.4"
shutdown_vm: false
run: ./configdata.pm --dump
- name: make
uses: cross-platform-actions/action@46e8d7fb25520a8d6c64fd2b7a1192611da98eda #v0.30.0
with:
operating_system: freebsd
version: "13.4"
shutdown_vm: false
run: make -j4
- name: make test
uses: cross-platform-actions/action@46e8d7fb25520a8d6c64fd2b7a1192611da98eda #v0.30.0
with:
operating_system: freebsd
version: "13.4"
run: |
./util/opensslwrap.sh version -c
.github/workflows/make-test

36
.github/workflows/oss-fuzz.yml vendored
View File

@@ -1,36 +0,0 @@
# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
name: CIFuzz
on:
schedule:
- cron: '50 01 * * *'
workflow_dispatch:
permissions:
contents: read
jobs:
Fuzzing:
runs-on: ubuntu-latest
steps:
- name: Build Fuzzers
uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
with:
oss-fuzz-project-name: 'openssl'
dry-run: false
- name: Run Fuzzers
uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
with:
oss-fuzz-project-name: 'openssl'
fuzz-seconds: 600
dry-run: false
- name: Upload Crash
uses: actions/upload-artifact@v5
if: failure()
with:
name: artifacts
path: ./out/artifacts

53
.github/workflows/perl-minimal-checker.yml vendored
View File

@@ -1,53 +0,0 @@
# Copyright 2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
# Jobs run per pull request submission
name: Perl-minimal-checker CI
on: [pull_request, push]
permissions:
contents: read
jobs:
perl-minimal-checker:
runs-on: ubuntu-latest
steps:
- name: Install perl 5.10
run: |
pushd /tmp
mkdir perl
wget https://www.cpan.org/src/5.0/perl-5.10.1.tar.bz2
tar xf perl-5.10.1.tar.bz2
cd perl-5.10.1
./Configure -des -Dprefix=/tmp/perl -A ccflags='-Wno-incompatible-pointer-types' -A define:malloctype='void *' -A define:freetype='void' -Dlibs='-ldl -lm -lutil -lc'
make -j $(nproc) perl
make install
popd
- name: Install Test::More 0.96
run: |
pushd /tmp
wget https://cpan.metacpan.org/authors/id/M/MS/MSCHWERN/Test-Simple-0.96.tar.gz
tar xf Test-Simple-0.96.tar.gz
cd Test-Simple-0.96
PATH="/tmp/perl/bin:$PATH"
perl Makefile.PL
make -j$(nproc) && make install
perl -MTest::More -e 'print "$Test::More::VERSION\n"'
popd
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: Build openssl
run: ./config && make -j $(nproc)
- name: Install sed
run: sudo apt update && sudo apt install sed
- name: Check minimal version compliance
run: |
PM_FILES=($(find . -name "*.pm"))
perl -v
status=0
for p in "${PM_FILES[@]}"; do perl -I"$(pwd)/util/perl" -I"$(pwd)" -I"$(pwd)/external/perl/Text-Template-1.56/lib" -c "$p" | sed -n '/@INC/{p; q1}' || status=1; done;
exit $status

277
.github/workflows/prov-compat-label.yml vendored
View File

@@ -1,277 +0,0 @@
# Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
# This verifies that FIPS and legacy providers built against some earlier
# released versions continue to run against the current branch.
name: Provider compatibility for PRs
on: [pull_request]
permissions:
contents: read
env:
opts: enable-rc5 enable-md2 enable-ssl3 enable-weak-ssl-ciphers enable-zlib
jobs:
fips-releases:
if: ${{ contains(github.event.pull_request.labels.*.name,'extended tests') }}
strategy:
matrix:
release: [
# Formally released versions should be added here.
# `dir' it the directory inside the tarball.
# `tgz' is the name of the tarball.
# `url' is the download URL.
{
dir: openssl-3.0.0,
tgz: openssl-3.0.0.tar.gz,
url: "https://www.openssl.org/source/old/3.0/openssl-3.0.0.tar.gz",
},
{
dir: openssl-3.0.8,
tgz: openssl-3.0.8.tar.gz,
url: "https://www.openssl.org/source/openssl-3.0.8.tar.gz",
},
{
dir: openssl-3.0.9,
tgz: openssl-3.0.9.tar.gz,
url: "https://www.openssl.org/source/openssl-3.0.9.tar.gz",
},
{
dir: openssl-3.1.2,
tgz: openssl-3.1.2.tar.gz,
url: "https://www.openssl.org/source/openssl-3.1.2.tar.gz",
},
]
runs-on: ubuntu-latest
steps:
- name: create download directory
run: mkdir downloads
- name: download release source
run: wget --no-verbose ${{ matrix.release.url }}
working-directory: downloads
- name: unpack release source
run: tar xzf downloads/${{ matrix.release.tgz }}
- name: localegen
run: sudo locale-gen tr_TR.UTF-8
- name: config release
run: |
./config --banner=Configured enable-shared enable-fips ${{ env.opts }}
working-directory: ${{ matrix.release.dir }}
- name: config dump release
run: ./configdata.pm --dump
working-directory: ${{ matrix.release.dir }}
- name: make release
run: make -s -j4
working-directory: ${{ matrix.release.dir }}
- name: create release artifacts
run: |
tar cz -H posix -f ${{ matrix.release.tgz }} ${{ matrix.release.dir }}
- name: show module versions from release
run: |
./util/wrap.pl -fips apps/openssl list -provider-path providers \
-provider base \
-provider default \
-provider fips \
-provider legacy \
-providers
working-directory: ${{ matrix.release.dir }}
- uses: actions/upload-artifact@v5
with:
name: ${{ matrix.release.tgz }}
path: ${{ matrix.release.tgz }}
retention-days: 7
development-branches:
if: ${{ contains(github.event.pull_request.labels.*.name,'extended tests') }}
strategy:
matrix:
branch: [
# Currently supported FIPS capable branches should be added here.
# `name' is the branch name used to checkout out.
# `dir' directory that will be used to build and test in.
# `tgz' is the name of the tarball use to keep the artifacts of
# the build.
{
name: '',
dir: PR,
tgz: PR.tar.gz,
}, {
name: openssl-3.0,
dir: branch-3.0,
tgz: branch-3.0.tar.gz,
}, {
name: openssl-3.2,
dir: branch-3.2,
tgz: branch-3.2.tar.gz,
}, {
name: openssl-3.3,
dir: branch-3.3,
tgz: branch-3.3.tar.gz,
}, {
name: openssl-3.4,
dir: branch-3.4,
tgz: branch-3.4.tar.gz,
}, {
name: openssl-3.5,
dir: branch-3.5,
tgz: branch-3.5.tar.gz,
}, {
name: openssl-3.6,
dir: branch-3.6,
tgz: branch-3.6.tar.gz,
}, {
name: master,
dir: branch-master,
tgz: branch-master.tar.gz,
},
]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
path: ${{ matrix.branch.dir }}
repository: openssl/openssl
ref: ${{ matrix.branch.name }}
persist-credentials: false
- name: localegen
run: sudo locale-gen tr_TR.UTF-8
- name: config branch
run: |
./config --banner=Configured enable-shared enable-fips ${{ env.opts }}
working-directory: ${{ matrix.branch.dir }}
- name: config dump current
run: ./configdata.pm --dump
working-directory: ${{ matrix.branch.dir }}
- name: make branch
run: make -s -j4
working-directory: ${{ matrix.branch.dir }}
- name: create branch artifacts
run: |
tar cz -H posix -f ${{ matrix.branch.tgz }} ${{ matrix.branch.dir }}
- name: show module versions from branch
run: |
./util/wrap.pl -fips apps/openssl list -provider-path providers \
-provider base \
-provider default \
-provider fips \
-provider legacy \
-providers
working-directory: ${{ matrix.branch.dir }}
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
working-directory: ${{ matrix.branch.dir }}
- uses: actions/upload-artifact@v5
with:
name: ${{ matrix.branch.tgz }}
path: ${{ matrix.branch.tgz }}
retention-days: 7
cross-testing:
if: ${{ contains(github.event.pull_request.labels.*.name,'extended tests') }}
needs: [fips-releases, development-branches]
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
# These can't be figured out earlier and included here as a variable
# substitution.
#
# Note that releases are not used as a test environment for
# later providers. Problems in these situations ought to be
# caught by cross branch testing before the release.
tree_a: [ branch-3.5, branch-3.4, branch-3.3, branch-3.2, branch-3.0,
openssl-3.0.0, openssl-3.0.8, openssl-3.0.9, openssl-3.1.2 ]
tree_b: [ PR ]
include:
- tree_a: PR
tree_b: branch-master
- tree_a: PR
tree_b: branch-3.5
- tree_a: PR
tree_b: branch-3.4
- tree_a: PR
tree_b: branch-3.3
- tree_a: PR
tree_b: branch-3.2
- tree_a: PR
tree_b: branch-3.0
steps:
- name: early exit checks
id: early_exit
run: |
if [ "${{ matrix.tree_a }}" = "${{ matrix.tree_b }}" ]; \
then \
echo "Skipping because both are the same version"; \
exit 1; \
fi
continue-on-error: true
- uses: actions/download-artifact@v6.0.0
if: steps.early_exit.outcome == 'success'
with:
name: ${{ matrix.tree_a }}.tar.gz
- name: unpack first build
if: steps.early_exit.outcome == 'success'
run: tar xzf "${{ matrix.tree_a }}.tar.gz"
- uses: actions/download-artifact@v6.0.0
if: steps.early_exit.outcome == 'success'
with:
name: ${{ matrix.tree_b }}.tar.gz
- name: unpack second build
if: steps.early_exit.outcome == 'success'
run: tar xzf "${{ matrix.tree_b }}.tar.gz"
- name: set up cross validation of FIPS from A with tree from B
if: steps.early_exit.outcome == 'success'
run: |
cp providers/fips.so ../${{ matrix.tree_b }}/providers/
cp providers/fipsmodule.cnf ../${{ matrix.tree_b }}/providers/
working-directory: ${{ matrix.tree_a }}
- name: show module versions from cross validation
if: steps.early_exit.outcome == 'success'
run: |
./util/wrap.pl -fips apps/openssl list -provider-path providers \
-provider base \
-provider default \
-provider fips \
-provider legacy \
-providers
working-directory: ${{ matrix.tree_b }}
- name: get cpu info
if: steps.early_exit.outcome == 'success'
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
working-directory: ${{ matrix.tree_b }}
- name: run cross validation tests of FIPS from A with tree from B
if: steps.early_exit.outcome == 'success'
run: |
make test HARNESS_JOBS=${HARNESS_JOBS:-4}
working-directory: ${{ matrix.tree_b }}

282
.github/workflows/provider-compatibility.yml vendored
View File

@@ -1,282 +0,0 @@
# Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
# This verifies that FIPS and legacy providers built against some earlier
# released versions continue to run against the current branch.
name: Provider compatibility across versions
# Please note there is no point in running this job on PR as the tests
# will always run against the tips of the branches in the main repository
# and not the branch from the PR.
# Use the `extended tests` label to run provider compatibility checks
# on PRs.
on:
schedule:
- cron: '10 02 * * *'
workflow_dispatch:
permissions:
contents: read
env:
opts: enable-rc5 enable-md2 enable-ssl3 enable-weak-ssl-ciphers enable-zlib
jobs:
fips-releases:
if: github.repository == 'openssl/openssl'
strategy:
matrix:
release: [
# Formally released versions should be added here.
# `dir' it the directory inside the tarball.
# `tgz' is the name of the tarball.
# `url' is the download URL.
{
dir: openssl-3.0.0,
tgz: openssl-3.0.0.tar.gz,
url: "https://www.openssl.org/source/old/3.0/openssl-3.0.0.tar.gz",
},
{
dir: openssl-3.0.8,
tgz: openssl-3.0.8.tar.gz,
url: "https://www.openssl.org/source/openssl-3.0.8.tar.gz",
},
{
dir: openssl-3.0.9,
tgz: openssl-3.0.9.tar.gz,
url: "https://www.openssl.org/source/openssl-3.0.9.tar.gz",
},
{
dir: openssl-3.1.2,
tgz: openssl-3.1.2.tar.gz,
url: "https://www.openssl.org/source/openssl-3.1.2.tar.gz",
},
]
runs-on: ubuntu-latest
steps:
- name: create download directory
run: mkdir downloads
- name: download release source
run: wget --no-verbose ${{ matrix.release.url }}
working-directory: downloads
- name: unpack release source
run: tar xzf downloads/${{ matrix.release.tgz }}
- name: localegen
run: sudo locale-gen tr_TR.UTF-8
- name: config release
run: |
./config --banner=Configured enable-shared enable-fips ${{ env.opts }}
working-directory: ${{ matrix.release.dir }}
- name: config dump release
run: ./configdata.pm --dump
working-directory: ${{ matrix.release.dir }}
- name: make release
run: make -s -j4
working-directory: ${{ matrix.release.dir }}
- name: create release artifacts
run: |
tar cz -H posix -f ${{ matrix.release.tgz }} ${{ matrix.release.dir }}
- name: show module versions from release
run: |
./util/wrap.pl -fips apps/openssl list -provider-path providers \
-provider base \
-provider default \
-provider fips \
-provider legacy \
-providers
working-directory: ${{ matrix.release.dir }}
- uses: actions/upload-artifact@v5
with:
name: ${{ matrix.release.tgz }}
path: ${{ matrix.release.tgz }}
retention-days: 7
development-branches:
if: github.repository == 'openssl/openssl'
strategy:
matrix:
branch: [
# Currently supported FIPS capable branches should be added here.
# `name' is the branch name used to checkout out.
# `dir' directory that will be used to build and test in.
# `tgz' is the name of the tarball use to keep the artifacts of
# the build.
# `extra_config` adds extra config build option for the branch.
{
name: openssl-3.0,
dir: branch-3.0,
tgz: branch-3.0.tar.gz,
extra_config: "",
}, {
name: openssl-3.2,
dir: branch-3.2,
tgz: branch-3.2.tar.gz,
extra_config: "",
}, {
name: openssl-3.3,
dir: branch-3.3,
tgz: branch-3.3.tar.gz,
extra_config: "",
}, {
name: openssl-3.4,
dir: branch-3.4,
tgz: branch-3.4.tar.gz,
extra_config: "",
}, {
name: openssl-3.5,
dir: branch-3.5,
tgz: branch-3.5.tar.gz,
extra_config: "",
}, {
name: openssl-3.6,
dir: branch-3.6,
tgz: branch-3.6.tar.gz,
extra_config: "enable-lms",
}, {
name: master,
dir: branch-master,
tgz: branch-master.tar.gz,
extra_config: "enable-lms",
},
]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
path: ${{ matrix.branch.dir }}
repository: openssl/openssl
ref: ${{ matrix.branch.name }}
persist-credentials: false
- name: localegen
run: sudo locale-gen tr_TR.UTF-8
- name: config branch
run: |
./config --banner=Configured enable-shared enable-fips ${{ env.opts }} ${{ matrix.branch.extra_config }}
working-directory: ${{ matrix.branch.dir }}
- name: config dump current
run: ./configdata.pm --dump
working-directory: ${{ matrix.branch.dir }}
- name: make branch
run: make -s -j4
working-directory: ${{ matrix.branch.dir }}
- name: create branch artifacts
run: |
tar cz -H posix -f ${{ matrix.branch.tgz }} ${{ matrix.branch.dir }}
- name: show module versions from branch
run: |
./util/wrap.pl -fips apps/openssl list -provider-path providers \
-provider base \
-provider default \
-provider fips \
-provider legacy \
-providers
working-directory: ${{ matrix.branch.dir }}
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
working-directory: ${{ matrix.branch.dir }}
- name: make test
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
working-directory: ${{ matrix.branch.dir }}
- uses: actions/upload-artifact@v5
with:
name: ${{ matrix.branch.tgz }}
path: ${{ matrix.branch.tgz }}
retention-days: 7
cross-testing:
if: github.repository == 'openssl/openssl'
needs: [fips-releases, development-branches]
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
# These can't be figured out earlier and included here as a variable
# substitution.
#
# Note that releases are not used as a test environment for
# later providers. Problems in these situations ought to be
# caught by cross branch testing before the release.
tree_a: [ branch-master, branch-3.6, branch-3.5, branch-3.4, branch-3.3,
branch-3.2, branch-3.0,
openssl-3.0.0, openssl-3.0.8, openssl-3.0.9, openssl-3.1.2 ]
tree_b: [ branch-master, branch-3.6, branch-3.5, branch-3.4, branch-3.3,
branch-3.2, branch-3.0 ]
steps:
- name: early exit checks
id: early_exit
run: |
if [ "${{ matrix.tree_a }}" = "${{ matrix.tree_b }}" ]; \
then \
echo "Skipping because both are the same version"; \
exit 1; \
fi
continue-on-error: true
- uses: actions/download-artifact@v6.0.0
if: steps.early_exit.outcome == 'success'
with:
name: ${{ matrix.tree_a }}.tar.gz
- name: unpack first build
if: steps.early_exit.outcome == 'success'
run: tar xzf "${{ matrix.tree_a }}.tar.gz"
- uses: actions/download-artifact@v6.0.0
if: steps.early_exit.outcome == 'success'
with:
name: ${{ matrix.tree_b }}.tar.gz
- name: unpack second build
if: steps.early_exit.outcome == 'success'
run: tar xzf "${{ matrix.tree_b }}.tar.gz"
- name: set up cross validation of FIPS from A with tree from B
if: steps.early_exit.outcome == 'success'
run: |
cp providers/fips.so ../${{ matrix.tree_b }}/providers/
cp providers/fipsmodule.cnf ../${{ matrix.tree_b }}/providers/
working-directory: ${{ matrix.tree_a }}
- name: show module versions from cross validation
if: steps.early_exit.outcome == 'success'
run: |
./util/wrap.pl -fips apps/openssl list -provider-path providers \
-provider base \
-provider default \
-provider fips \
-provider legacy \
-providers
working-directory: ${{ matrix.tree_b }}
- name: get cpu info
if: steps.early_exit.outcome == 'success'
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
working-directory: ${{ matrix.tree_b }}
- name: run cross validation tests of FIPS from A with tree from B
if: steps.early_exit.outcome == 'success'
run: |
make test HARNESS_JOBS=${HARNESS_JOBS:-4}
working-directory: ${{ matrix.tree_b }}

265
.github/workflows/riscv-more-cross-compiles.yml vendored
View File

@@ -1,265 +0,0 @@
# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
name: Cross Compile for RISC-V Extensions
on:
pull_request:
types: [opened, reopened, edited, synchronize]
push:
schedule:
- cron: '35 02 * * *'
workflow_dispatch:
permissions:
contents: read
jobs:
cross-compilation-riscv:
# pull request title contains 'riscv'
# pull request title contains 'RISC-V'
# pull request body contains '[riscv ci]'
# push event commit message contains '[riscv ci]'
# cron job
# manual dispatch
if: contains(github.event.pull_request.title, 'riscv') || contains(github.event.pull_request.title, 'RISC-V') || contains(github.event.pull_request.body, '[riscv ci]') || contains(github.event.head_commit.message, '[riscv ci]') || (github.event_name == 'schedule' && github.repository == 'openssl/openssl') || github.event_name == 'workflow_dispatch'
strategy:
fail-fast: false
matrix:
# The platform matrix specifies:
# arch: the architecture to build for, this defines the tool-chain
# prefix {arch}- and the Debian compiler package gcc-{arch}
# name.
# libs: the Debian package for the necessary link/runtime libraries.
# target: the OpenSSL configuration target to use, this is passed
# directly to the config command line.
# fips: set to "no" to disable building FIPS, leave unset to
# build the FIPS provider.
# tests: omit this to run all the tests using QEMU, set it to "none"
# to never run the tests, otherwise its value is passed to
# the "make test" command to allow selective disabling of
# tests.
# qemucpu: optional; string that describes CPU properties.
# The string will be used to set the QEMU_CPU variable.
# opensslcapsname: optional; string that describes the postfix of the
# OpenSSL environment variable that defines CPU
# capabilities. E.g. "foo" will result in an
# environment variable with the name OPENSSL_foo.
# opensslcaps: optional; if opensslcapsname (see above) is set, then
# this string will be used as content for the OpenSSL
# capabilities variable.
# ppa: Launchpad PPA repository to download packages from.
platform: [
# Scalar Crypto
{
# RV64GC with bitmanip and scalar crypto extensions
# crypto/aes/asm/aes-riscv64-zkn.pl
# crypto/modes/gcm128.c
# The following paths only use ZBB
# crypto/sha/asm/sha256-riscv64-zbb.pl
# crypto/sha/asm/sha512-riscv64-zbb.pl
# crypto/sm3/asm/sm3-riscv64-zbb.pl
arch: riscv64-linux-gnu,
libs: libc6-dev-riscv64-cross,
target: linux64-riscv64,
fips: no,
qemucpu: "rv64,zbb=true,zbc=true,zbkb=true,zknd=true,zkne=true",
opensslcapsname: riscvcap, # OPENSSL_riscvcap
opensslcaps: "rv64gc_zbb_zbc_zbkb_zknd_zkne"
}, {
# RV64GC ZBC ZBB, but without ZBKB
# crypto/modes/gcm128.c
arch: riscv64-linux-gnu,
libs: libc6-dev-riscv64-cross,
target: linux64-riscv64,
fips: no,
qemucpu: "rv64,zbc=true,zbb=true,zbkb=false",
opensslcapsname: riscvcap, # OPENSSL_riscvcap
opensslcaps: "rv64gc_zbc_zbb"
}, {
# RV64GC ZBC, but without ZBB/ZBKB
# crypto/modes/gcm128.c
arch: riscv64-linux-gnu,
libs: libc6-dev-riscv64-cross,
target: linux64-riscv64,
fips: no,
qemucpu: "rv64,zbc=true,zbb=false,zbkb=false",
opensslcapsname: riscvcap, # OPENSSL_riscvcap
opensslcaps: "rv64gc_zbc"
}, {
# Vector Crypto
# RV64GC V ZBB, but without ZVKB
# For chacha20 vector-only path from #24069
# crypto/chacha/asm/chacha-riscv64-v-zbb.pl
arch: riscv64-linux-gnu,
libs: libc6-dev-riscv64-cross,
target: linux64-riscv64,
fips: no,
qemucpu: "rv64,v=true,vlen=128,zbb=true,zvbb=false,zvkb=false",
opensslcapsname: riscvcap, # OPENSSL_riscvcap
opensslcaps: "rv64gc_v_zbb"
}, {
# RV64GC V ZVKG, but without ZVKB
# crypto/modes/gcm128.c
arch: riscv64-linux-gnu,
libs: libc6-dev-riscv64-cross,
target: linux64-riscv64,
fips: no,
# do not use zvkb flag for qemucpu as ubuntu-latest (24.04) uses QEMU 8.2.2
# see https://lists.nongnu.org/archive/html/qemu-devel/2024-05/msg02231.html
# Should be zvkg=true,zvbb=false,zvkb=false
qemucpu: "rv64,v=true,vlen=128,zvkg=true,zvbb=false",
opensslcapsname: riscvcap, # OPENSSL_riscvcap
opensslcaps: "rv64gc_v_zvkg"
}, {
# RV64GC V ZVKB ZVBC, but without ZVKG
# crypto/modes/gcm128.c
arch: riscv64-linux-gnu,
libs: libc6-dev-riscv64-cross,
target: linux64-riscv64,
fips: no,
# do not use zvkb flag for qemucpu as ubuntu-latest (24.04) uses QEMU 8.2.2
# see https://lists.nongnu.org/archive/html/qemu-devel/2024-05/msg02231.html
# Should be zvkb=true,zvbc=true,zvkg=false
qemucpu: "rv64,v=true,vlen=128,zvbb=true,zvbc=true,zvkg=false",
opensslcapsname: riscvcap, # OPENSSL_riscvcap
opensslcaps: "rv64gc_v_zvkb_zvbc"
}, {
# RV64GC V ZVKNED, but without ZVBB/ZVKB/ZVKG
# crypto/aes/asm/aes-riscv64-zvkned.pl
# providers/implementations/ciphers/cipher_aes_xts_hw.c
# providers/implementations/ciphers/cipher_aes_hw_rv64i.inc
# providers/implementations/ciphers/cipher_aes_gcm_hw_rv64i.inc
arch: riscv64-linux-gnu,
libs: libc6-dev-riscv64-cross,
target: linux64-riscv64,
fips: no,
qemucpu: "rv64,v=true,vlen=128,zvkned=true,zvbb=false,zvkb=false,zvkg=false",
opensslcapsname: riscvcap, # OPENSSL_riscvcap
opensslcaps: "rv64gc_v_zvkned"
}, {
# RV64GC with all currently OpenSSL-supported extensions
# crypto/chacha/chacha_riscv.c (with ZVKB)
# crypto/modes/gcm128.c (with ZVKG/ZVKB)
# crypto/sm3/asm/sm3-riscv64-zvksh.pl
# crypto/sm4/asm/sm4-riscv64-zvksed.pl
# crypto/aes/asm/aes-riscv64-zvbb-zvkg-zvkned.pl
# crypto/aes/asm/aes-riscv64-zvkb-zvkned.pl
# crypto/modes/asm/ghash-riscv64-zvkg.pl
# crypto/modes/asm/aes-gcm-riscv64-zvkb-zvkg-zvkned.pl
# crypto/modes/asm/ghash-riscv64-zvkb-zvbc.pl
# crypto/sha/asm/sha256-riscv64-zvkb-zvknha_or_zvknhb.pl
# crypto/sha/asm/sha512-riscv64-zvkb-zvknhb.pl
arch: riscv64-linux-gnu,
libs: libc6-dev-riscv64-cross,
target: linux64-riscv64,
fips: no,
qemucpu: "rv64,zba=true,zbb=true,zbc=true,zbs=true,zbkb=true,zbkc=true,zbkx=true,zknd=true,zkne=true,zknh=true,zksed=true,zksh=true,zkr=true,zkt=true,v=true,vlen=128,zvbb=true,zvbc=true,zvkb=true,zvkg=true,zvkned=true,zvknha=true,zvknhb=true,zvksed=true,zvksh=true",
opensslcapsname: riscvcap, # OPENSSL_riscvcap
opensslcaps: "rv64gc_zba_zbb_zbc_zbs_zbkb_zbkc_zbkx_zknd_zkne_zknh_zksed_zksh_zkr_zkt_v_zvbb_zvbc_zvkb_zvkg_zvkned_zvknha_zvknhb_zvksed_zvksh"
}, {
# Inline asm
# zbb/zbkb:
# include/crypto/md32_common.h
# include/crypto/modes.h
# crypto/chacha/chacha_enc.c
# crypto/des/des_local.h
# zknh (zbt/zpn not available in QEMU):
# crypto/sha/sha512.c
# crypto/sha/sha256.c
# zksh:
# crypto/sm3/sm3_local.h
arch: riscv64-linux-gnu,
libs: libc6-dev-riscv64-cross,
target: -march=rv64gc_zbb_zbkb_zknh_zksh linux64-riscv64,
fips: no,
qemucpu: "rv64,zbb=true,zbkb=true,zknh=true,zksh=true",
opensslcapsname: riscvcap, # OPENSSL_riscvcap
opensslcaps: "rv64gc_inlineasm" # for uploading artifact
}
]
runs-on: ubuntu-latest
steps:
- name: install package repository
if: matrix.platform.ppa != ''
run: |
sudo add-apt-repository ppa:${{ matrix.platform.ppa }}
- name: install packages
run: |
sudo apt-get update
sudo apt-get -yq --allow-unauthenticated --allow-downgrades --allow-remove-essential --allow-change-held-packages install \
gcc-${{ matrix.platform.arch }} \
${{ matrix.platform.libs }}
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config with FIPS
if: matrix.platform.fips != 'no'
run: |
./config --banner=Configured --strict-warnings enable-fips enable-lms \
--cross-compile-prefix=${{ matrix.platform.arch }}- \
${{ matrix.platform.target }}
- name: config without FIPS
if: matrix.platform.fips == 'no'
run: |
./config --banner=Configured --strict-warnings enable-lms \
--cross-compile-prefix=${{ matrix.platform.arch }}- \
${{ matrix.platform.target }}
- name: config dump
run: ./configdata.pm --dump
- name: make
run: make -s -j4
- name: install qemu
if: matrix.platform.tests != 'none'
run: sudo apt-get -yq --allow-unauthenticated --allow-downgrades --allow-remove-essential --allow-change-held-packages install qemu-user
- name: Set QEMU environment
if: matrix.platform.qemucpu != ''
run: echo "QEMU_CPU=${{ matrix.platform.qemucpu }}" >> $GITHUB_ENV
- name: Set OpenSSL caps environment
if: matrix.platform.opensslcapsname != ''
run: echo "OPENSSL_${{ matrix.platform.opensslcapsname }}=\
${{ matrix.platform.opensslcaps }}" >> $GITHUB_ENV
- name: get cpu info
run: cat /proc/cpuinfo
- name: get openssl cpu info
if: matrix.platform.tests != 'none'
run: QEMU_LD_PREFIX=/usr/${{ matrix.platform.arch }} ./util/opensslwrap.sh info -cpusettings
- name: make all tests
if: github.event_name == 'push' && matrix.platform.tests == ''
run: |
.github/workflows/make-test \
TESTS="-test_afalg" \
QEMU_LD_PREFIX=/usr/${{ matrix.platform.arch }}
- name: make some tests
if: github.event_name == 'push' && matrix.platform.tests != 'none' && matrix.platform.tests != ''
run: |
.github/workflows/make-test \
TESTS="${{ matrix.platform.tests }} -test_afalg" \
QEMU_LD_PREFIX=/usr/${{ matrix.platform.arch }}
- name: make evp tests
if: github.event_name == 'pull_request' && matrix.platform.tests != 'none'
run: |
.github/workflows/make-test \
TESTS="test_evp*" \
QEMU_LD_PREFIX=/usr/${{ matrix.platform.arch }}
- name: save artifacts
if: success() || failure()
uses: actions/upload-artifact@v5
with:
name: "cross-compiles-riscv@${{ matrix.platform.opensslcaps }}"
path: artifacts.tar.gz
if-no-files-found: ignore

67
.github/workflows/run-checker-ci.yml vendored
View File

@@ -1,67 +0,0 @@
# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
# Jobs run per pull request submission
name: Run-checker CI
on: [pull_request, push]
permissions:
contents: read
env:
OSSL_RUN_CI_TESTS: 1
jobs:
run-checker:
strategy:
fail-fast: false
matrix:
opt: [
no-cmp,
no-cms,
no-dgram,
no-dh,
no-dtls,
no-ec,
no-ecx,
no-ml-dsa,
no-ml-kem,
no-http,
no-legacy,
no-sock,
no-sm2,
no-stdio,
no-threads,
no-thread-pool,
no-default-thread-pool,
no-tls,
no-tls1_2,
no-tls1_3,
enable-trace enable-fips,
no-ui,
no-quic
]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: CC=clang ./config --banner=Configured --strict-warnings ${{ matrix.opt }}
- name: config dump
run: ./configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
if [ -x apps/openssl ] ; then ./util/opensslwrap.sh version -c ; fi
- name: Check platform symbol usage
run: ./util/checkplatformsyms.pl ./util/platform_symbols/unix-symbols.txt ./libcrypto.so ./libssl.so
- name: make test
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}

447
.github/workflows/run-checker-daily.yml vendored
View File

@@ -1,447 +0,0 @@
# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
name: Run-checker daily
# Jobs run daily
on:
schedule:
- cron: '30 02 * * *'
workflow_dispatch:
permissions:
contents: read
jobs:
run-checker:
if: github.repository == 'openssl/openssl'
strategy:
fail-fast: false
matrix:
opt: [
386,
no-afalgeng,
no-apps,
no-argon2,
no-aria,
no-asan,
no-asm,
no-async,
no-atexit,
no-autoalginit,
no-autoerrinit,
no-autoload-config,
no-bf,
no-blake2,
no-buildtest-c++,
no-bulk,
no-cached-fetch,
no-camellia,
no-capieng,
no-cast,
no-chacha,
no-cmac,
no-comp,
enable-crypto-mdebug,
enable-crypto-mdebug-backtrace,
no-ct,
enable-demos,
no-deprecated,
no-des,
# enable-devcryptoeng, # Cannot work on Linux
no-docs,
no-dsa,
no-dtls1,
no-dtls1_2,
no-dtls1_2-method,
no-dtls1-method,
no-ecdh,
no-ecdsa,
enable-ec_nistp_64_gcc_128,
enable-egd,
no-engine,
# enable-external-tests, # Requires extra setup
enable-fips,
enable-fips enable-acvp-tests,
enable-fips no-tls1_3,
enable-fips no-des no-dsa no-ec2m,
# enable-fuzz-afl, # Requires extra setup
# enable-fuzz-libfuzzer, # Requires extra setup
no-gost,
enable-h3demo,
enable-heartbeats,
enable-hqinterop,
no-hw,
no-hw-padlock,
no-idea,
enable-lms,
no-makedepend,
enable-md2,
no-md4,
no-mdc2,
no-msan,
no-multiblock,
no-nextprotoneg,
no-ocb,
no-padlockeng,
no-pic,
no-poly1305,
no-posix-io,
no-psk,
no-rc2,
enable-rc5,
no-rdrand,
no-rfc3779,
no-ripemd,
no-rmd160,
no-scrypt,
no-secure-memory,
no-seed,
no-shared,
no-siphash,
no-siv,
no-sm2-precomp,
no-sm3,
no-sm4,
no-sock,
no-sse2,
no-ssl,
no-ssl-trace,
enable-ssl3,
enable-ssl3-method,
enable-sslkeylog,
no-static-engine no-shared,
no-tests,
enable-tfo,
no-tls1,
no-tls1_1,
no-tls1_1-method,
no-tls1_2-method,
no-tls1-method,
enable-trace,
no-ubsan,
no-ui-console,
enable-unit-test,
no-uplink,
no-weak-ssl-ciphers,
no-whirlpool,
enable-zlib-dynamic,
-DOPENSSL_PEDANTIC_ZEROIZATION,
-DOPENSSL_PEDANTIC_ZEROIZATION enable-fips,
-DOPENSSL_NO_BUILTIN_OVERFLOW_CHECKING,
-DSSL3_ALIGN_PAYLOAD=4,
-DOPENSSL_TLS_SECURITY_LEVEL=0
]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: CC=clang ./config --strict-warnings --banner=Configured --strict-warnings ${{ matrix.opt }}
- name: config dump
run: ./configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
if [ -x apps/openssl ] ; then ./util/opensslwrap.sh version -c ; fi
- name: make test
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
run-checker-sctp:
if: github.repository == 'openssl/openssl'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: Install Dependencies for sctp option
run: |
sudo apt-get update
sudo apt-get -yq install lksctp-tools libsctp-dev
- name: Check SCTP and enable auth
id: sctp_auth
continue-on-error: true
run: |
checksctp
sudo sysctl -w net.sctp.auth_enable=1
- name: config
if: steps.sctp_auth.outcome == 'success' && steps.sctp_auth.conclusion == 'success'
run: CC=clang ./config --strict-warnings --banner=Configured enable-sctp
- name: config dump
if: steps.sctp_auth.outcome == 'success' && steps.sctp_auth.conclusion == 'success'
run: ./configdata.pm --dump
- name: make
if: steps.sctp_auth.outcome == 'success' && steps.sctp_auth.conclusion == 'success'
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
if: steps.sctp_auth.outcome == 'success' && steps.sctp_auth.conclusion == 'success'
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
enable_brotli_dynamic:
if: github.repository == 'openssl/openssl'
runs-on: ubuntu-latest
steps:
- name: install brotli
run: |
sudo apt-get update
sudo apt-get -yq --no-install-suggests --no-install-recommends --allow-unauthenticated --allow-downgrades --allow-remove-essential --allow-change-held-packages install brotli libbrotli1 libbrotli-dev
- name: checkout openssl
uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: ./config --strict-warnings enable-comp enable-brotli enable-brotli-dynamic && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
enable_zstd_dynamic:
if: github.repository == 'openssl/openssl'
runs-on: ubuntu-latest
steps:
- name: install zstd
run: |
sudo apt-get update
sudo apt-get -yq --no-install-suggests --no-install-recommends --allow-unauthenticated --allow-downgrades --allow-remove-essential --allow-change-held-packages install zstd libzstd1 libzstd-dev
- name: checkout openssl
uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: ./config --strict-warnings enable-comp enable-zstd enable-zstd-dynamic && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
enable_brotli_and_zstd_dynamic:
if: github.repository == 'openssl/openssl'
runs-on: ubuntu-latest
steps:
- name: install brotli and zstd
run: |
sudo apt-get update
sudo apt-get -yq --no-install-suggests --no-install-recommends --allow-unauthenticated --allow-downgrades --allow-remove-essential --allow-change-held-packages install brotli libbrotli1 libbrotli-dev
sudo apt-get -yq --no-install-suggests --no-install-recommends --allow-unauthenticated --allow-downgrades --allow-remove-essential --allow-change-held-packages install zstd libzstd1 libzstd-dev
- name: checkout openssl
uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: ./config --strict-warnings enable-comp enable-brotli enable-brotli-dynamic enable-zstd enable-zstd-dynamic && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
malloc_failure_testing:
if: github.repository == 'openssl/openssl'
runs-on: ubuntu-latest
steps:
- name: checkout openssl
uses: actions/checkout@v5
with:
persist-credentials: false
- name: Adjust ASLR for sanitizer
run: |
sudo cat /proc/sys/vm/mmap_rnd_bits
sudo sysctl -w vm.mmap_rnd_bits=28
- name: config
run: ./config --strict-warnings --banner=Configured --debug enable-asan enable-crypto-mdebug enable-allocfail-tests && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
continue-on-error: true
run: |
make TESTS=test_handshake-memfail test
enable_brotli_and_asan_ubsan:
if: github.repository == 'openssl/openssl'
runs-on: ubuntu-latest
steps:
- name: install brotli
run: |
sudo apt-get update
sudo apt-get -yq --no-install-suggests --no-install-recommends --allow-unauthenticated --allow-downgrades --allow-remove-essential --allow-change-held-packages install brotli libbrotli1 libbrotli-dev
- name: checkout openssl
uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: Adjust ASLR for sanitizer
run: |
sudo cat /proc/sys/vm/mmap_rnd_bits
sudo sysctl -w vm.mmap_rnd_bits=28
- name: config
run: ./config --strict-warnings --banner=Configured --debug enable-asan enable-ubsan enable-comp enable-brotli -DPEDANTIC && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0
enable_zstd_and_asan_ubsan:
if: github.repository == 'openssl/openssl'
runs-on: ubuntu-latest
steps:
- name: install zstd
run: |
sudo apt-get update
sudo apt-get -yq --no-install-suggests --no-install-recommends --allow-unauthenticated --allow-downgrades --allow-remove-essential --allow-change-held-packages install zstd libzstd1 libzstd-dev
- name: checkout openssl
uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: Adjust ASLR for sanitizer
run: |
sudo cat /proc/sys/vm/mmap_rnd_bits
sudo sysctl -w vm.mmap_rnd_bits=28
- name: config
run: ./config --strict-warnings --banner=Configured --debug enable-asan enable-ubsan enable-comp enable-zstd -DPEDANTIC && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0
enable_tfo:
if: github.repository == 'openssl/openssl'
strategy:
matrix:
os: [ubuntu-latest, macos-15, macos-15-intel]
runs-on: ${{matrix.os}}
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: CC=gcc ./config --strict-warnings --banner=Configured enable-tfo && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: ./util/opensslwrap.sh version -c
- name: make test
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
enable_buildtest:
if: github.repository == 'openssl/openssl'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: ./config --strict-warnings --banner=Configured no-asm no-makedepend enable-buildtest-c++ enable-fips -D_DEFAULT_SOURCE && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
memory_sanitizer_slh_dsa:
if: github.repository == 'openssl/openssl'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: Adjust ASLR for sanitizer
run: |
sudo cat /proc/sys/vm/mmap_rnd_bits
sudo sysctl -w vm.mmap_rnd_bits=28
- name: config
# --debug -O1 is to produce a debug build that runs in a reasonable amount of time
run: CC=clang ./config --strict-warnings --banner=Configured --debug no-shared -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY -fno-optimize-sibling-calls enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0
bn_debug:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: config
run: ./config --debug --strict-warnings -DBN_DEBUG --banner=Configured -DOPENSSL_NO_SECURE_MEMORY && perl configdata.pm --dump
- name: make
run: make -j4 # verbose, so no -s here
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: .github/workflows/make-test
- name: save artifacts
if: success() || failure()
uses: actions/upload-artifact@v5
with:
name: "ci@bn_debug"
path: artifacts.tar.gz

114
.github/workflows/run-checker-merge.yml vendored
View File

@@ -1,114 +0,0 @@
# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
name: Run-checker merge
# Jobs run per merge to master
on: [push]
permissions:
contents: read
jobs:
run-checker:
strategy:
fail-fast: false
matrix:
opt: [
enable-asan enable-ubsan no-shared no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=function,
no-dso,
no-dynamic-engine,
no-ec2m enable-fips,
no-engine no-shared,
no-err,
no-filenames,
enable-ubsan no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=function,
no-module,
no-ocsp,
no-pinshared,
no-srp,
no-srtp,
no-ts,
no-integrity-only-ciphers,
enable-weak-ssl-ciphers,
enable-zlib,
enable-pie,
]
runs-on: ubuntu-latest
steps:
- name: Adjust ASLR for sanitizer
run: |
sudo cat /proc/sys/vm/mmap_rnd_bits
sudo sysctl -w vm.mmap_rnd_bits=28
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: CC=clang ./config --strict-warnings --banner=Configured ${{ matrix.opt }}
- name: config dump
run: ./configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
if [ -x apps/openssl ] ; then ./util/opensslwrap.sh version -c ; fi
- name: make test
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
jitter:
runs-on: ubuntu-latest
steps:
- name: checkout openssl
uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout jitter
uses: actions/checkout@v5
with:
repository: smuellerDD/jitterentropy-library
ref: v3.5.0
path: jitter
persist-credentials: false
- name: build jitter
run: make -C jitter/
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: ./config --with-rand-seed=none enable-jitter enable-fips-jitter --with-jitter-include=jitter/ --with-jitter-lib=jitter/ -DOPENSSL_DEFAULT_SEED_SRC=JITTER && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
threads_sanitizer_atomic_fallback:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: Adjust ASLR for sanitizer
run: |
sudo cat /proc/sys/vm/mmap_rnd_bits
sudo sysctl -w vm.mmap_rnd_bits=28
- name: config
run: CC=clang ./config --strict-warnings --banner=Configured no-shared no-fips -g -fsanitize=thread -DBROKEN_CLANG_ATOMICS && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: make test V=1 TESTS="test_lhash test_threads test_internal_provider test_provfetch test_provider test_pbe test_evp_kdf test_pkcs12 test_store test_evp test_quic*"

203
.github/workflows/run_quic_interop.yml vendored
View File

@@ -1,203 +0,0 @@
name: "Run openssl quic interop testing"
on:
schedule:
- cron: '40 02 * * *'
workflow_dispatch:
inputs:
only_interop:
type: boolean
required: false
default: false
description: "Run only interop jobs (skip building/pushing containers)"
permissions: {}
jobs:
update_quay_container:
if: ${{ github.repository == 'openssl/openssl' && !inputs.only_interop }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: "log in to quay.io"
run: |
docker login -u openssl-ci+machine -p ${{ secrets.QUAY_IO_PASSWORD }} quay.io
- name: "Build container"
run: |
cd test/quic-openssl-docker/
docker build -t quay.io/openssl-ci/openssl-quic-interop:latest .
- name: "Push to quay"
run: |
docker push quay.io/openssl-ci/openssl-quic-interop:latest
update_msquic_quay_container:
if: ${{ github.repository == 'openssl/openssl' && !inputs.only_interop }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
repository: microsoft/msquic
ref: main
submodules: recursive
persist-credentials: false
- name: "log in to quay.io"
run: |
docker login -u openssl-ci+machine -p ${{ secrets.QUAY_IO_PASSWORD }} quay.io
- name: Patch qns.Dockerfile
run: |
sed -i 's/RUN cmake -DQUIC_BUILD_TOOLS=on -DQUIC_ENABLE_LOGGING=on ../RUN cmake -DQUIC_BUILD_TOOLS=on -DQUIC_ENABLE_LOGGING=on -DQUIC_TLS_LIB=openssl ../' ./scripts/qns.Dockerfile
if grep -q "RUN cmake -DQUIC_BUILD_TOOLS=on -DQUIC_ENABLE_LOGGING=on -DQUIC_TLS_LIB=openssl .." ./scripts/qns.Dockerfile; then echo "Patched successfully"; else exit 1; fi
- name: "Build container"
run: |
docker build -f ./scripts/qns.Dockerfile -t quay.io/openssl-ci/msquic-openssl:latest .
- name: "Push to quay"
run: |
docker push quay.io/openssl-ci/msquic-openssl:latest
run_quic_interop_openssl_client:
if: ${{ !inputs.only_interop }}
needs: [update_quay_container, update_msquic_quay_container]
runs-on: ubuntu-latest
strategy:
matrix:
tests: [http3, transfer, handshake, retry, chacha20, resumption, multiplexing, ipv6]
servers: [quic-go, ngtcp2, mvfst, quiche, nginx, msquic, haproxy, msquic-openssl]
exclude:
- servers: msquic
tests: retry
- servers: msquic-openssl
tests: retry
fail-fast: false
steps: &client_steps
- uses: actions/checkout@v5
with:
repository: 'quic-interop/quic-interop-runner'
fetch-depth: 0
persist-credentials: false
- name: Install python requirements
run: |
for i in {1..3}; do pip install -r requirements.txt && break; sleep 10; done
- name: Add tshark repo
run: |
for i in {1..3}; do sudo add-apt-repository ppa:wireshark-dev/stable && break; sleep 10; done
- name: Update apt repos
run: |
for i in {1..3}; do sudo apt-get update && break; sleep 10; done
- name: Install tshark
run: |
for i in {1..3}; do sudo apt-get install -y tshark && break; sleep 10; done
- name: Patch implementations file
run: |
jq '. + {
"openssl": { image: "quay.io/openssl-ci/openssl-quic-interop"
, url: "https://github.com/openssl/openssl"
, role: "both"
},
"msquic-openssl": { image: "quay.io/openssl-ci/msquic-openssl"
, url: "https://github.com/microsoft/msquic"
, role: "both"
}}' ./implementations.json > ./implementations.tmp
mv ./implementations.tmp implementations.json
- name: Set up docker
uses: docker/setup-docker-action@efe9e3891a4f7307e689f2100b33a155b900a608 # v4.5.0
with:
version: "28.1.1"
- name: Set up docker compose
uses: docker/setup-compose-action@364cc21a5de5b1ee4a7f5f9d3fa374ce0ccde746 # v1.2.0
with:
version: "v2.36.2"
- name: Check docker version
run: |
docker version
docker compose version
- name: "Run interop with openssl client"
run: |
python3 ./run.py -c openssl -t ${{ matrix.tests }} -s ${{ matrix.servers }} --log-dir ./logs-client -d
run_quic_interop_openssl_server:
if: ${{ !inputs.only_interop }}
needs: [update_quay_container, update_msquic_quay_container]
runs-on: ubuntu-latest
strategy:
matrix:
tests: [http3, transfer, handshake, retry, chacha20, resumption, amplificationlimit, ipv6]
clients: [quic-go, ngtcp2, mvfst, quiche, msquic, openssl, chrome, msquic-openssl]
exclude:
- clients: mvfst
tests: amplificationlimit
fail-fast: false
steps: &server_steps
- uses: actions/checkout@v5
with:
repository: 'quic-interop/quic-interop-runner'
fetch-depth: 0
persist-credentials: false
- name: Install python requirements
run: |
for i in {1..3}; do pip install -r requirements.txt && break; done
- name: Add tshark repo
run: |
for i in {1..3}; do sudo add-apt-repository ppa:wireshark-dev/stable && break; done
- name: Update apt repos
run: |
for i in {1..3}; do sudo apt-get update && break; done
- name: Install tshark
run: |
for i in {1..3}; do sudo apt-get install -y tshark && break; done
- name: Patch implementations file
run: |
jq '. + {
"openssl": { image: "quay.io/openssl-ci/openssl-quic-interop"
, url: "https://github.com/openssl/openssl"
, role: "both"
},
"msquic-openssl": { image: "quay.io/openssl-ci/msquic-openssl"
, url: "https://github.com/microsoft/msquic"
, role: "both"
}}' ./implementations.json > ./implementations.tmp
mv ./implementations.tmp implementations.json
- name: Set up docker
uses: docker/setup-docker-action@efe9e3891a4f7307e689f2100b33a155b900a608 # v4.5.0
with:
version: "28.1.1"
- name: Set up docker compose
uses: docker/setup-compose-action@364cc21a5de5b1ee4a7f5f9d3fa374ce0ccde746 # v1.2.0
with:
version: "v2.36.2"
- name: Check docker version
run: |
docker version
docker compose version
- name: "Run interop with openssl server"
run: |
python3 ./run.py -s openssl -t "${{ matrix.tests }}" -c "${{ matrix.clients }}" --log-dir ./logs-server -d
run_quic_interop_openssl_client_only:
if: ${{ inputs.only_interop }}
runs-on: ubuntu-latest
strategy:
matrix:
tests: [http3, transfer, handshake, retry, chacha20, resumption, multiplexing, ipv6]
servers: [quic-go, ngtcp2, mvfst, quiche, nginx, msquic, haproxy, msquic-openssl]
exclude:
- servers: msquic
tests: retry
- servers: msquic-openssl
tests: retry
fail-fast: false
steps: *client_steps
run_quic_interop_openssl_server_only:
if: ${{ inputs.only_interop }}
runs-on: ubuntu-latest
strategy:
matrix:
tests: [http3, transfer, handshake, retry, chacha20, resumption, amplificationlimit, ipv6]
clients: [quic-go, ngtcp2, mvfst, quiche, msquic, openssl, chrome, msquic-openssl]
exclude:
- clients: mvfst
tests: amplificationlimit
fail-fast: false
steps: *server_steps

42
.github/workflows/static-analysis-on-prem.yml vendored
View File

@@ -1,42 +0,0 @@
# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
name: Static Analysis On Prem
on:
schedule:
- cron: '25 02 * * *'
workflow_dispatch:
permissions:
contents: read
jobs:
coverity-analysis:
if: github.repository == 'openssl/openssl'
runs-on: ubuntu-latest
container: quay.io/openssl-ci/coverity-analysis:2024.3.1
steps:
- name: Put license
run: echo ${{ secrets.COVERITY_LICENSE }} | base64 -d > /opt/coverity-analysis/bin/license.dat
- name: Put auth key file
run: |
echo ${{ secrets.COVERITY_AUTH_KEY }} | base64 -d > /auth_key_file.txt
chmod 0600 /auth_key_file.txt
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: Config
run: CC=gcc ./config --strict-warnings --banner=Configured --debug enable-lms enable-fips enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-shared enable-buildtest-c++ enable-external-tests -DPEDANTIC
- name: Config dump
run: ./configdata.pm --dump
- name: Make
run: cov-build --dir cov-int make -s -j4
- name: Analyze
run: cov-analyze --dir cov-int --strip-path $(pwd)
- name: Commit defects
run: cov-commit-defects --url https://coverity.openssl.org:443 --stream OpenSSL --dir cov-int --auth-key-file /auth_key_file.txt

49
.github/workflows/static-analysis.yml vendored
View File

@@ -1,49 +0,0 @@
# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
name: Static Analysis
#Run once a day
on:
schedule:
- cron: '20 02 * * *'
workflow_dispatch:
permissions:
contents: read
jobs:
coverity:
if: github.repository == 'openssl/openssl'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: tool download
run: |
wget https://scan.coverity.com/download/linux64 \
--post-data "token=${{ secrets.COVERITY_TOKEN }}&project=openssl%2Fopenssl" \
--progress=dot:giga -O coverity_tool.tgz
- name: config
run: CC=gcc ./config --strict-warnings --banner=Configured --debug enable-lms enable-fips enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-shared enable-buildtest-c++ enable-external-tests -DPEDANTIC
- name: config dump
run: ./configdata.pm --dump
- name: tool install
run: tar xzf coverity_tool.tgz
- name: make
run: ./cov-analysis*/bin/cov-build --dir cov-int make -s -j4
- name: archive
run: tar czvf openssl.tgz cov-int
- name: Coverity upload
run: |
curl --form token="${{ secrets.COVERITY_TOKEN }}" \
--form email=openssl-commits@openssl.org \
--form file=@openssl.tgz \
--form version="`date -u -I` `git rev-parse --short HEAD`" \
--form description="analysis of `git branch --show-current`" \
https://scan.coverity.com/builds?project=openssl%2Fopenssl

53
.github/workflows/style-checks.yml vendored
View File

@@ -1,53 +0,0 @@
# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
name: Coding style validation
on: [pull_request]
env:
PR_NUMBER: ${{ github.event.number }}
GH_TOKEN: ${{ github.token }}
permissions:
contents: read
jobs:
check-style:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
fetch-depth: 0
path: openssl
persist-credentials: false
- name: check style for each commit
working-directory: openssl
shell: bash
run: |
ERRORS_FOUND=0
git fetch origin $GITHUB_BASE_REF:$GITHUB_BASE_REF
REFSTART=$(git rev-parse $GITHUB_BASE_REF)
REFEND=$(git rev-parse HEAD)
echo "Checking from $REFSTART to $REFEND"
echo "::group::Style report for commits $REFSTART..$REFEND"
set +e
./util/check-format-commit.sh $REFSTART..$REFEND
if [ $? -ne 0 ]
then
ERRORS_FOUND=1
fi
set -e
echo "::endgroup::"
SKIP_TEST=$(gh pr view $PR_NUMBER --json labels --jq '.labels[] | select(.name == "style: waived") | .name')
if [ -z "$SKIP_TEST" ]
then
exit $ERRORS_FOUND
else
echo "PR $PR_NUMBER is marked with style: waived, waiving style check errors"
exit 0
fi

223
.github/workflows/windows.yml vendored
View File

@@ -1,223 +0,0 @@
# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
name: Windows GitHub CI
on: [pull_request, push]
permissions:
contents: read
jobs:
shared:
# Run a job for each of the specified target architectures:
strategy:
matrix:
platform:
- arch: amd64
os: windows-2022
config: enable-lms enable-fips
vcvars: C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat
- arch: amd64
os: windows-2025
config: enable-lms enable-fips no-thread-pool no-quic
vcvars: C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat
- arch: x86
os: windows-2022
config: --strict-warnings no-fips enable-lms
vcvars: C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars32.bat
runs-on: ${{ matrix.platform.os }}
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: install nasm
run: |
choco install nasm ${{ matrix.platform.arch == 'x86' && '--x86' || '' }}
"C:\Program Files${{ matrix.platform.arch == 'x86' && ' (x86)' || '' }}\NASM" | Out-File -FilePath "$env:GITHUB_PATH" -Append
- name: prepare the build directory
run: mkdir _build
- name: config
working-directory: _build
shell: cmd
run: |
call "${{ matrix.platform.vcvars }}"
perl ..\Configure --banner=Configured --strict-warnings no-makedepend -DOSSL_WINCTX=openssl ${{ matrix.platform.config }}
perl configdata.pm --dump
- name: build
working-directory: _build
shell: cmd
run: |
call "${{ matrix.platform.vcvars }}"
nmake /S
- name: download coreinfo
run: |
mkdir _build\coreinfo
Invoke-WebRequest -Uri "https://download.sysinternals.com/files/Coreinfo.zip" -outfile "_build\coreinfo\Coreinfo.zip"
- name: Gather openssl version info
working-directory: _build
run: |
apps/openssl.exe version -v
apps/openssl.exe version -v | %{($_ -split '\s+')[1]}
apps/openssl.exe version -v | %{($_ -split '\s+')[1] -replace '([0-9]+\.[0-9]+)(\..*)','$1'}
echo "OSSL_VERSION=$(apps/openssl.exe version -v | %{($_ -split '\s+')[1] -replace '([0-9]+\.[0-9]+)(\..*)','$1'})" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append
- name: Set registry keys
working-directory: _build
run: |
echo ${Env:OSSL_VERSION}
reg.exe add HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v OPENSSLDIR /t REG_EXPAND_SZ /d TESTOPENSSLDIR /reg:32
reg.exe add HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v ENGINESDIR /t REG_EXPAND_SZ /d TESTOPENSSLDIR /reg:32
reg.exe add HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v MODULESDIR /t REG_EXPAND_SZ /d TESTOPENSSLDIR /reg:32
reg.exe query HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v OPENSSLDIR /reg:32
- name: get cpu info
working-directory: _build
continue-on-error: true
run: |
7z.exe x coreinfo/Coreinfo.zip
./Coreinfo64.exe -accepteula -f
./apps/openssl.exe version -c
- name: Check platform symbol usage
working-directory: _build
run: perl ../util/checkplatformsyms.pl ../util/platform_symbols/windows-symbols.txt libcrypto-3-x64.dll ./libssl-3-x64.dll
- name: test
working-directory: _build
shell: cmd
run: |
call "${{ matrix.platform.vcvars }}"
nmake test VERBOSE_FAILURE=yes TESTS=-test_fuzz* HARNESS_JOBS=4
- name: install
# Run on 64 bit only as 32 bit is slow enough already
if: ${{ matrix.platform.arch == 'amd64' }}
working-directory: _build
shell: cmd
run: |
call "${{ matrix.platform.vcvars }}"
mkdir _dest
nmake install DESTDIR=_dest
plain:
runs-on: windows-2022
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: prepare the build directory
run: mkdir _build
- name: config
working-directory: _build
shell: cmd
run: |
call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
perl ..\Configure --banner=Configured --strict-warnings enable-demos no-makedepend no-shared no-fips enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-trace enable-crypto-mdebug -DOSSL_WINCTX=openssl VC-WIN64A-masm
perl configdata.pm --dump
- name: build
working-directory: _build
shell: cmd
run: |
call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
nmake /S
- name: download coreinfo
run: |
mkdir _build\coreinfo
Invoke-WebRequest -Uri "https://download.sysinternals.com/files/Coreinfo.zip" -outfile "_build\coreinfo\Coreinfo.zip"
- name: get cpu info
working-directory: _build
continue-on-error: true
run: |
7z.exe x coreinfo/Coreinfo.zip
./Coreinfo64.exe -accepteula -f
./apps/openssl.exe version -c
- name: test
working-directory: _build
shell: cmd
run: |
call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
nmake test VERBOSE_FAILURE=yes HARNESS_JOBS=4
minimal:
runs-on: windows-2022
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: prepare the build directory
run: mkdir _build
- name: config
working-directory: _build
shell: cmd
run: |
call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
perl ..\Configure --banner=Configured --strict-warnings enable-demos no-makedepend no-bulk no-deprecated no-fips no-asm no-threads -DOPENSSL_SMALL_FOOTPRINT -DOSSL_WINCTX=openssl
perl configdata.pm --dump
- name: build
working-directory: _build
shell: cmd
run: |
call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
nmake
- name: download coreinfo
run: |
mkdir _build\coreinfo
Invoke-WebRequest -Uri "https://download.sysinternals.com/files/Coreinfo.zip" -outfile "_build\coreinfo\Coreinfo.zip"
- name: get cpu info
working-directory: _build
continue-on-error: true
run: |
7z.exe x coreinfo/Coreinfo.zip
./Coreinfo64.exe -accepteula -f
./apps/openssl.exe version -c
- name: test
working-directory: _build
shell: cmd
run: |
call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
nmake test VERBOSE_FAILURE=yes TESTS=-test_fuzz* HARNESS_JOBS=4
cygwin:
# Run a job for each of the specified target architectures:
strategy:
matrix:
os:
- windows-2022
platform:
- arch: win64
config: -DCMAKE_C_COMPILER=gcc --strict-warnings enable-demos no-fips
# are we really learning sth new from win32? So let's save some CO2 for now disabling this
# - arch: win32
# config: -DCMAKE_C_COMPILER=gcc --strict-warnings no-fips
runs-on: ${{ matrix.os }}
env:
CYGWIN_NOWINPATH: 1
SHELLOPTS: igncr
# Don't overwhelm github CI VMs:
MAKE_PARAMS: -j 4
steps:
# Checkout before cygwin can mess with PATH...
- uses: actions/checkout@v5
with:
persist-credentials: false
- uses: cygwin/cygwin-install-action@f2009323764960f80959895c7bc3bb30210afe4d #v6
with:
packages: perl git make gcc-core
- name: Check repo
run: cygcheck -V
- name: Full cygcheck status
run: cygcheck -s -v -r -h
# Activate this if checkout action fails:
# - name: Clone repo
# run: bash -c "pwd && git clone --branch ${{ github.ref_name }} --depth 1 https://github.com/${{ github.repository }}.git"
- name: Full build
run: bash -c "gcc --version && ./config ${{ matrix.platform.config }} && make $MAKE_PARAMS"
# Disable testing for now. TBD: Need local cygwin installation to debug .
# - name: Run openssl tests
# run: bash -c "cd openssl && make V=1 test"

152
.github/workflows/windows_comp.yml vendored
View File

@@ -1,152 +0,0 @@
# Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
name: Windows Compression GitHub CI
on:
pull_request:
paths:
- 'crypto/comp/*.c'
- '.github/workflows/windows_comp.yml'
push:
paths:
- '**.c'
permissions:
contents: read
jobs:
zstd:
runs-on: windows-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: install nasm
run: |
choco install nasm
"C:\Program Files\NASM" | Out-File -FilePath "$env:GITHUB_PATH" -Append
- name: prepare the build directory
run: mkdir _build
- name: Get zstd
run: |
vcpkg install zstd:x64-windows
"C:\vcpkg\packages\zstd_x64-windows\bin" | Out-File -FilePath "$env:GITHUB_PATH" -Append
- name: config
working-directory: _build
shell: cmd
run: |
call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
perl ..\Configure --strict-warnings enable-comp enable-zstd --with-zstd-include=C:\vcpkg\packages\zstd_x64-windows\include --with-zstd-lib=C:\vcpkg\packages\zstd_x64-windows\lib\zstd.lib no-makedepend -DOSSL_WINCTX=openssl VC-WIN64A
perl configdata.pm --dump
- name: build
working-directory: _build
shell: cmd
run: |
call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
nmake
- name: Gather openssl version info
working-directory: _build
run: |
apps/openssl.exe version -v
apps/openssl.exe version -v | %{($_ -split '\s+')[1]}
apps/openssl.exe version -v | %{($_ -split '\s+')[1] -replace '([0-9]+\.[0-9]+)(\..*)','$1'}
echo "OSSL_VERSION=$(apps/openssl.exe version -v | %{($_ -split '\s+')[1] -replace '([0-9]+\.[0-9]+)(\..*)','$1'})" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append
- name: Set registry keys
working-directory: _build
run: |
echo ${Env:OSSL_VERSION}
reg.exe add HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v OPENSSLDIR /t REG_EXPAND_SZ /d TESTOPENSSLDIR /reg:32
reg.exe add HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v ENGINESDIR /t REG_EXPAND_SZ /d TESTOPENSSLDIR /reg:32
reg.exe add HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v MODULESDIR /t REG_EXPAND_SZ /d TESTOPENSSLDIR /reg:32
reg.exe query HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v OPENSSLDIR /reg:32
- name: download coreinfo
run: |
mkdir _build\coreinfo
Invoke-WebRequest -Uri "https://download.sysinternals.com/files/Coreinfo.zip" -outfile "_build\coreinfo\Coreinfo.zip"
- name: get cpu info
working-directory: _build
continue-on-error: true
run: |
7z.exe x coreinfo/Coreinfo.zip
./Coreinfo64.exe -accepteula -f
./apps/openssl.exe version -c
- name: Check platform symbol usage
run: |
perl ./util/checkplatformsyms.pl ./util/platform_symbols/windows-symbols.txt libcrypto-3-x64.dll ./libssl-3-x64.dll
- name: test
working-directory: _build
shell: cmd
run: |
call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
nmake test VERBOSE_FAILURE=yes TESTS="-test_fuzz* -test_fipsload" HARNESS_JOBS=4
brotli:
runs-on: windows-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: install nasm
run: |
choco install nasm
"C:\Program Files\NASM" | Out-File -FilePath "$env:GITHUB_PATH" -Append
- name: prepare the build directory
run: mkdir _build
- name: Get brotli
run: |
vcpkg install brotli:x64-windows
"C:\vcpkg\packages\brotli_x64-windows\bin" | Out-File -FilePath "$env:GITHUB_PATH" -Append
- name: config
working-directory: _build
shell: cmd
run: |
call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
perl ..\Configure --strict-warnings enable-comp enable-brotli --with-brotli-include=C:\vcpkg\packages\brotli_x64-windows\include --with-brotli-lib=C:\vcpkg\packages\brotli_x64-windows\lib no-makedepend -DOSSL_WINCTX=openssl VC-WIN64A
perl configdata.pm --dump
- name: build
working-directory: _build
shell: cmd
run: |
call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
nmake
- name: Gather openssl version info
working-directory: _build
run: |
apps/openssl.exe version -v
apps/openssl.exe version -v | %{($_ -split '\s+')[1]}
apps/openssl.exe version -v | %{($_ -split '\s+')[1] -replace '([0-9]+\.[0-9]+)(\..*)','$1'}
echo "OSSL_VERSION=$(apps/openssl.exe version -v | %{($_ -split '\s+')[1] -replace '([0-9]+\.[0-9]+)(\..*)','$1'})" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append
- name: Set registry keys
working-directory: _build
run: |
echo ${Env:OSSL_VERSION}
reg.exe add HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v OPENSSLDIR /t REG_EXPAND_SZ /d TESTOPENSSLDIR /reg:32
reg.exe add HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v ENGINESDIR /t REG_EXPAND_SZ /d TESTOPENSSLDIR /reg:32
reg.exe add HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v MODULESDIR /t REG_EXPAND_SZ /d TESTOPENSSLDIR /reg:32
reg.exe query HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v OPENSSLDIR /reg:32
- name: download coreinfo
run: |
mkdir _build\coreinfo
Invoke-WebRequest -Uri "https://download.sysinternals.com/files/Coreinfo.zip" -outfile "_build\coreinfo\Coreinfo.zip"
- name: get cpu info
working-directory: _build
continue-on-error: true
run: |
7z.exe x coreinfo/Coreinfo.zip
./Coreinfo64.exe -accepteula -f
./apps/openssl.exe version -c
- name: test
working-directory: _build
shell: cmd
run: |
call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
nmake test VERBOSE_FAILURE=yes TESTS="-test_fuzz* -test_fipsload" HARNESS_JOBS=4

423
.gitignore vendored
View File

@@ -1,423 +0,0 @@
# Ignore editor artefacts
/.dir-locals.el
# Top level excludes
/Makefile.in
/Makefile
/MINFO
/TABLE
/rehash.time
/inc.*
/makefile.*
/out.*
/tmp.*
/configdata.pm
/builddata.pm
/installdata.pm
# Exporters
/*.pc
/OpenSSLConfig*.cmake
/exporters/*.pc
/exporters/OpenSSLConfig*.cmake
# Links under apps
/apps/CA.pl
/apps/tsget
/apps/tsget.pl
/apps/md4.c
# Auto generated headers
/crypto/buildinf.h
/include/crypto/*_conf.h
/include/openssl/asn1.h
/include/openssl/asn1t.h
/include/openssl/bio.h
/include/openssl/cmp.h
/include/openssl/cms.h
/include/openssl/comp.h
/include/openssl/conf.h
/include/openssl/configuration.h
/include/openssl/crmf.h
/include/openssl/crypto.h
/include/openssl/ct.h
/include/openssl/err.h
/include/openssl/ess.h
/include/openssl/fipskey.h
/include/openssl/lhash.h
/include/openssl/ocsp.h
/include/openssl/opensslv.h
/include/openssl/pkcs12.h
/include/openssl/pkcs7.h
/include/openssl/safestack.h
/include/openssl/srp.h
/include/openssl/ssl.h
/include/openssl/ui.h
/include/openssl/x509.h
/include/openssl/x509v3.h
/include/openssl/x509_acert.h
/include/openssl/x509_vfy.h
/include/openssl/core_names.h
# Auto generated parameter name files
/crypto/params_idx.c
# Auto generated doc files
doc/man1/openssl-*.pod
# Auto generated der files
providers/common/der/der_slh_dsa_gen.c
providers/common/der/der_digests_gen.c
providers/common/der/der_dsa_gen.c
providers/common/der/der_ec_gen.c
providers/common/der/der_ecx_gen.c
providers/common/der/der_rsa_gen.c
providers/common/der/der_wrap_gen.c
providers/common/der/der_sm2_gen.c
providers/common/der/der_ml_dsa_gen.c
providers/common/der/der_hkdf_gen.c
providers/common/include/prov/der_slh_dsa.h
providers/common/include/prov/der_dsa.h
providers/common/include/prov/der_ec.h
providers/common/include/prov/der_ecx.h
providers/common/include/prov/der_rsa.h
providers/common/include/prov/der_digests.h
providers/common/include/prov/der_wrap.h
providers/common/include/prov/der_sm2.h
providers/common/include/prov/der_ml_dsa.h
providers/common/include/prov/der_hkdf.h
providers/implementations/asymciphers/rsa_enc.inc
providers/implementations/asymciphers/sm2_enc.inc
providers/implementations/exchange/dh_exch.inc
providers/implementations/exchange/ecdh_exch.inc
providers/implementations/exchange/ecx_exch.inc
providers/implementations/encode_decode/decode_der2key.inc
providers/implementations/encode_decode/decode_epki2pki.inc
providers/implementations/encode_decode/decode_pem2der.inc
providers/implementations/encode_decode/decode_pvk2key.inc
providers/implementations/encode_decode/decode_spki2typespki.inc
providers/implementations/encode_decode/encode_key2any.inc
providers/implementations/encode_decode/encode_key2ms.inc
providers/implementations/kdfs/argon2.inc
providers/implementations/kdfs/hkdf.inc
providers/implementations/kdfs/hmacdrbg_kdf.inc
providers/implementations/kdfs/kbkdf.inc
providers/implementations/kdfs/krb5kdf.inc
providers/implementations/kdfs/pbkdf1.inc
providers/implementations/kdfs/pbkdf2.inc
providers/implementations/kdfs/pkcs12kdf.inc
providers/implementations/kdfs/pvkkdf.inc
providers/implementations/kdfs/scrypt.inc
providers/implementations/kdfs/sshkdf.inc
providers/implementations/kdfs/sskdf.inc
providers/implementations/kdfs/tls1_prf.inc
providers/implementations/kdfs/x942kdf.inc
providers/implementations/kem/ec_kem.inc
providers/implementations/kem/ecx_kem.inc
providers/implementations/kem/ml_kem_kem.inc
providers/implementations/kem/rsa_kem.inc
providers/implementations/keymgmt/ml_dsa_kmgmt.inc
providers/implementations/keymgmt/ml_kem_kmgmt.inc
providers/implementations/keymgmt/mlx_kmgmt.inc
providers/implementations/signature/dsa_sig.inc
providers/implementations/signature/ecdsa_sig.inc
providers/implementations/keymgmt/dh_kmgmt.inc
providers/implementations/keymgmt/dsa_kmgmt.inc
providers/implementations/keymgmt/ecx_kmgmt.inc
providers/implementations/keymgmt/lms_kmgmt.inc
providers/implementations/keymgmt/mac_legacy_kmgmt.inc
providers/implementations/keymgmt/ml_dsa_kmgmt.inc
providers/implementations/keymgmt/ml_kem_kmgmt.inc
providers/implementations/keymgmt/mlx_kmgmt.inc
providers/implementations/keymgmt/slh_dsa_kmgmt.inc
providers/implementations/keymgmt/template_kmgmt.inc
providers/implementations/signature/eddsa_sig.inc
providers/implementations/signature/ml_dsa_sig.inc
providers/implementations/signature/rsa_sig.inc
providers/implementations/signature/slh_dsa_sig.inc
providers/implementations/signature/sm2_sig.inc
providers/implementations/skeymgmt/generic.inc
providers/implementations/storemgmt/file_store_any2obj.inc
providers/implementations/storemgmt/file_store.inc
providers/implementations/storemgmt/winstore_store.inc
providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.inc
providers/implementations/ciphers/cipher_aes_cbc_hmac_sha_etm.inc
providers/implementations/ciphers/cipher_aes_gcm_siv.inc
providers/implementations/ciphers/cipher_aes_ocb.inc
providers/implementations/ciphers/cipher_aes_siv.inc
providers/implementations/ciphers/cipher_aes_wrp.inc
providers/implementations/ciphers/cipher_aes_xts.inc
providers/implementations/ciphers/ciphercommon.inc
providers/implementations/ciphers/ciphercommon_ccm.inc
providers/implementations/ciphers/ciphercommon_gcm.inc
providers/implementations/ciphers/cipher_chacha20.inc
providers/implementations/ciphers/cipher_chacha20_poly1305.inc
providers/implementations/ciphers/cipher_null.inc
providers/implementations/ciphers/cipher_rc4_hmac_md5.inc
providers/implementations/ciphers/cipher_sm2_xts.c
providers/implementations/ciphers/cipher_sm4_xts.inc
providers/implementations/digests/blake2_prov.inc
providers/implementations/digests/digestcommon.inc
providers/implementations/digests/mdc2_prov.inc
providers/implementations/digests/sha3_prov.inc
providers/implementations/include/prov/blake2_params.inc
providers/implementations/macs/cmac_prov.inc
providers/implementations/macs/gmac_prov.inc
providers/implementations/macs/hmac_prov.inc
providers/implementations/macs/kmac_prov.inc
providers/implementations/macs/poly1305_prov.inc
providers/implementations/macs/siphash_prov.inc
providers/implementations/rands/drbg_ctr.inc
providers/implementations/rands/drbg_hash.inc
providers/implementations/rands/drbg_hmac.inc
providers/implementations/rands/fips_crng_test.inc
providers/implementations/rands/seed_src.inc
providers/implementations/rands/seed_src_jitter.inc
providers/implementations/rands/test_rng.inc
# error code files
/crypto/err/openssl.txt.old
/engines/e_afalg.txt.old
/engines/e_capi.txt.old
/engines/e_dasync.txt.old
/engines/e_ossltest.txt.old
# Executables
/apps/openssl
/test/sha256t
/test/sha512t
/test/gost2814789t
/test/ssltest_old
/test/*test
/test/fips_aesavs
/test/fips_desmovs
/test/fips_dhvs
/test/fips_drbgvs
/test/fips_dssvs
/test/fips_ecdhvs
/test/fips_ecdsavs
/test/fips_rngvs
/test/fips_test_suite
/test/ssltest_old
/test/x509aux
/test/v3ext
/test/versions
/test/ossl_shim/ossl_shim
/test/rsa_complex
/test/confdump
/test/bio_prefix_text
/test/evp_extra_test2
/test/evp_pkey_ctx_new_from_name
/test/threadstest_fips
/test/timing_load_creds
# Demo applications
/demos/bio/client-arg
/demos/bio/client-conf
/demos/bio/saccept
/demos/bio/sconnect
/demos/bio/server-arg
/demos/bio/server-cmod
/demos/bio/server-conf
/demos/cipher/aesccm
/demos/cipher/aesgcm
/demos/cipher/aeskeywrap
/demos/cipher/ariacbc
/demos/cms/cms_comp
/demos/cms/cms_ddec
/demos/cms/cms_dec
/demos/cms/cms_denc
/demos/cms/cms_enc
/demos/cms/cms_sign
/demos/cms/cms_sign2
/demos/cms/cms_uncomp
/demos/cms/cms_ver
/demos/digest/BIO_f_md
/demos/digest/EVP_MD_demo
/demos/digest/EVP_MD_stdin
/demos/digest/EVP_MD_xof
/demos/encode/ec_encode
/demos/encode/rsa_encode
/demos/encrypt/rsa_encrypt
/demos/guide/quic-client-block
/demos/guide/quic-client-non-block
/demos/guide/quic-hq-interop
/demos/guide/quic-multi-stream
/demos/guide/quic-server-block
/demos/guide/quic-server-non-block
/demos/guide/tls-client-block
/demos/guide/tls-client-non-block
/demos/http3/libnghttp3.pc
/demos/http3/nghttp3/
/demos/http3/ossl-nghttp3-demo
/demos/http3/ossl-nghttp3-demo-server
/demos/kdf/argon2
/demos/kdf/hkdf
/demos/kdf/pbkdf2
/demos/kdf/scrypt
/demos/keyexch/x25519
/demos/mac/cmac-aes256
/demos/mac/gmac
/demos/mac/hmac-sha512
/demos/mac/poly1305
/demos/pkey/EVP_PKEY_DSA_keygen
/demos/pkey/EVP_PKEY_DSA_paramfromdata
/demos/pkey/EVP_PKEY_DSA_paramgen
/demos/pkey/EVP_PKEY_DSA_paramvalidate
/demos/pkey/EVP_PKEY_EC_keygen
/demos/pkey/EVP_PKEY_RSA_keygen
/demos/quic/server/server
/demos/quic/poll-server/quic-server-ssl-poll-http
/demos/signature/EVP_DSA_Signature_demo
/demos/signature/EVP_EC_Signature_demo
/demos/signature/EVP_ED_Signature_demo
/demos/signature/rsa_pss_direct
/demos/signature/rsa_pss_hash
/demos/smime/smdec
/demos/smime/smenc
/demos/smime/smsign
/demos/smime/smsign2
/demos/smime/smver
/demos/sslecho/sslecho
# Certain files that get created by tests on the fly
/test-runs
/test/buildtest_*
/test/provider_internal_test.cnf
/test/fipsmodule.cnf
/providers/fipsmodule.cnf
# Fuzz stuff.
# Anything without an extension is an executable on Unix, so we keep files
# with extensions. And we keep the corpora subddir versioned as well.
# Anything more generic with extensions that should be ignored will be taken
# care of by general ignores for those extensions (*.o, *.obj, *.exe, ...)
/fuzz/*
!/fuzz/README*
!/fuzz/corpora
!/fuzz/*.*
# Misc auto generated files
/doc/man7/openssl_user_macros.pod
/tools/c_rehash
/tools/c_rehash.pl
/util/shlib_wrap.sh
/util/wrap.pl
/tags
/TAGS
*.map
*.ld
/apps/progs.c
/apps/progs.h
# macOS
.DS_Store
# Windows (legacy)
/tmp32
/tmp32.dbg
/tmp32dll
/tmp32dll.dbg
/out32
/out32.dbg
/out32dll
/out32dll.dbg
/inc32
/MINFO
/ms/bcb.mak
/ms/libeay32.def
/ms/nt.mak
/ms/ntdll.mak
/ms/ssleay32.def
/ms/version32.rc
# Files created on other branches that are not held in git, and are not
# needed on this branch
/include/openssl/des_old.h
/include/openssl/fips.h
/include/openssl/fips_rand.h
/include/openssl/krb5_asn.h
/include/openssl/kssl.h
/include/openssl/pq_compat.h
/include/openssl/ssl23.h
/include/openssl/tmdiff.h
/include/openssl/ui_compat.h
/test/fips_aesavs.c
/test/fips_desmovs.c
/test/fips_dsatest.c
/test/fips_dssvs.c
/test/fips_hmactest.c
/test/fips_randtest.c
/test/fips_rngvs.c
/test/fips_rsagtest.c
/test/fips_rsastest.c
/test/fips_rsavtest.c
/test/fips_shatest.c
/test/fips_test_suite.c
/test/shatest.c
# Generated docs directories
/doc/html
/doc/man
##### Generic patterns
# Auto generated assembly language source files
*.s
!/crypto/*/asm/*.s
/crypto/*.S
/crypto/*/*.S
*.asm
!/crypto/*/asm/*.asm
# Object files
*.o
*.obj
# editor artefacts
*.swp
.#*
\#*#
*~
# Certificate symbolic links
*.0
# All kinds of libraries and executables
*.a
*.so
*.so.*
*.dylib
*.dylib.*
*.dll
*.dll.*
*.exe
*.pyc
*.exp
*.lib
*.pdb
*.tds
*.ilk
*.def
*.rc
*.res
# Misc generated stuff
Makefile.save
/crypto/**/lib
/engines/**/lib
/ssl/**/lib
*.bak
cscope.*
*.d
!.ctags.d
*.d.tmp
pod2htmd.tmp
MAKE0[0-9][0-9][0-9].@@@
# Windows manifest files
*.manifest
doc-nits
# LSP (Language Server Protocol) support
.cache/
compile_commands.json

37
.gitmodules vendored
View File

@@ -1,37 +0,0 @@
[submodule "pyca.cryptography"]
path = pyca-cryptography
url = https://github.com/pyca/cryptography.git
[submodule "krb5"]
path = krb5
url = https://github.com/krb5/krb5
[submodule "gost-engine"]
path = gost-engine
url = https://github.com/gost-engine/engine
update = rebase
[submodule "wycheproof"]
path = wycheproof
url = https://github.com/google/wycheproof
[submodule "tlsfuzzer"]
path = tlsfuzzer
url = https://github.com/tlsfuzzer/tlsfuzzer
[submodule "python-ecdsa"]
path = python-ecdsa
url = https://github.com/tlsfuzzer/python-ecdsa
[submodule "tlslite-ng"]
path = tlslite-ng
url = https://github.com/tlsfuzzer/tlslite-ng
[submodule "oqs-provider"]
path = oqs-provider
url = https://github.com/open-quantum-safe/oqs-provider.git
[submodule "cloudflare-quiche"]
path = cloudflare-quiche
url = https://github.com/cloudflare/quiche
[submodule "fuzz/corpora"]
path = fuzz/corpora
url = https://github.com/openssl/fuzz-corpora
branch = main
[submodule "pkcs11-provider"]
path = pkcs11-provider
url = https://github.com/latchset/pkcs11-provider.git

9
.pre-commit-config.yaml
View File

@@ -1,9 +0,0 @@
ci:
autofix_prs: false
repos:
- repo: "https://github.com/codespell-project/codespell"
rev: "v2.4.1"
hooks:
- id: "codespell"
args: ["--config=.codespellrc", "."]
pass_filenames: false

6
ACKNOWLEDGEMENTS.md
View File

@@ -1,6 +0,0 @@
Acknowledgements
================
Please see our [Thanks!][] page for the current acknowledgements.
[Thanks!]: https://www.openssl.org/community/thanks.html

53
AUTHORS.md
View File

@@ -1,53 +0,0 @@
Authors
=======
This is the list of OpenSSL authors for copyright purposes.
It does not necessarily list everyone who has contributed code,
since in some cases, their employer may be the copyright holder.
To see the full list of contributors, see the revision history in
source control.
Groups
------
* OpenSSL Software Services, Inc.
* OpenSSL Software Foundation, Inc.
* Google LLC
Individuals
-----------
* Andy Polyakov
* Ben Laurie
* Ben Kaduk
* Bernd Edlinger
* Bodo Möller
* David Benjamin
* David von Oheimb
* Dmitry Belyavskiy (Дмитрий Белявский)
* Emilia Käsper
* Eric Young
* Geoff Thorpe
* Holger Reif
* Kurt Roeckx
* Lutz Jänicke
* Mark J. Cox
* Matt Caswell
* Matthias St. Pierre
* Nicola Tuveri
* Nils Larsch
* Patrick Steuer
* Paul Dale
* Paul C. Sutton
* Paul Yang
* Ralf S. Engelschall
* Rich Salz
* Richard Levitte
* Shane Lontis
* Stephen Henson
* Steve Marquess
* Tim Hudson
* Tomáš Mráz
* Ulf Möller
* Valerii Krygin
* Viktor Dukhovni

6564
CHANGES Normal file
View File

File diff suppressed because it is too large Load Diff

968
CHANGES.SSLeay Normal file
View File

@@ -0,0 +1,968 @@
This file contains the changes for the SSLeay library up to version
0.9.0b. For later changes, see the file "CHANGES".
SSLeay CHANGES
______________
Changes between 0.8.x and 0.9.0b
10-Apr-1998
I said the next version would go out at easter, and so it shall.
I expect a 0.9.1 will follow with portability fixes in the next few weeks.
This is a quick, meet the deadline. Look to ssl-users for comments on what
is new etc.
eric (about to go bushwalking for the 4 day easter break :-)
16-Mar-98
- Patch for Cray T90 from Wayne Schroeder <schroede@SDSC.EDU>
- Lots and lots of changes
29-Jan-98
- ASN1_BIT_STRING_set_bit()/ASN1_BIT_STRING_get_bit() from
Goetz Babin-Ebell <babinebell@trustcenter.de>.
- SSL_version() now returns SSL2_VERSION, SSL3_VERSION or
TLS1_VERSION.
7-Jan-98
- Finally reworked the cipher string to ciphers again, so it
works correctly
- All the app_data stuff is now ex_data with funcion calls to access.
The index is supplied by a function and 'methods' can be setup
for the types that are called on XXX_new/XXX_free. This lets
applications get notified on creation and destruction. Some of
the RSA methods could be implemented this way and I may do so.
- Oh yes, SSL under perl5 is working at the basic level.
15-Dec-97
- Warning - the gethostbyname cache is not fully thread safe,
but it should work well enough.
- Major internal reworking of the app_data stuff. More functions
but if you were accessing ->app_data directly, things will
stop working.
- The perlv5 stuff is working. Currently on message digests,
ciphers and the bignum library.
9-Dec-97
- Modified re-negotiation so that server initated re-neg
will cause a SSL_read() to return -1 should retry.
The danger otherwise was that the server and the
client could end up both trying to read when using non-blocking
sockets.
4-Dec-97
- Lots of small changes
- Fix for binaray mode in Windows for the FILE BIO, thanks to
Bob Denny <rdenny@dc3.com>
17-Nov-97
- Quite a few internal cleanups, (removal of errno, and using macros
defined in e_os.h).
- A bug in ca.c, pointed out by yasuyuki-ito@d-cruise.co.jp, where
the automactic naming out output files was being stuffed up.
29-Oct-97
- The Cast5 cipher has been added. MD5 and SHA-1 are now in assember
for x86.
21-Oct-97
- Fixed a bug in the BIO_gethostbyname() cache.
15-Oct-97
- cbc mode for blowfish/des/3des is now in assember. Blowfish asm
has also been improved. At this point in time, on the pentium,
md5 is %80 faster, the unoptimesed sha-1 is %79 faster,
des-cbc is %28 faster, des-ede3-cbc is %9 faster and blowfish-cbc
is %62 faster.
12-Oct-97
- MEM_BUF_grow() has been fixed so that it always sets the buf->length
to the value we are 'growing' to. Think of MEM_BUF_grow() as the
way to set the length value correctly.
10-Oct-97
- I now hash for certificate lookup on the raw DER encoded RDN (md5).
This breaks things again :-(. This is efficent since I cache
the DER encoding of the RDN.
- The text DN now puts in the numeric OID instead of UNKNOWN.
- req can now process arbitary OIDs in the config file.
- I've been implementing md5 in x86 asm, much faster :-).
- Started sha1 in x86 asm, needs more work.
- Quite a few speedups in the BN stuff. RSA public operation
has been made faster by caching the BN_MONT_CTX structure.
The calulating of the Ai where A*Ai === 1 mod m was rather
expensive. Basically a 40-50% speedup on public operations.
The RSA speedup is now 15% on pentiums and %20 on pentium
pro.
30-Sep-97
- After doing some profiling, I added x86 adm for bn_add_words(),
which just adds 2 arrays of longs together. A %10 speedup
for 512 and 1024 bit RSA on the pentium pro.
29-Sep-97
- Converted the x86 bignum assembler to us the perl scripts
for generation.
23-Sep-97
- If SSL_set_session() is passed a NULL session, it now clears the
current session-id.
22-Sep-97
- Added a '-ss_cert file' to apps/ca.c. This will sign selfsigned
certificates.
- Bug in crypto/evp/encode.c where by decoding of 65 base64
encoded lines, one line at a time (via a memory BIO) would report
EOF after the first line was decoded.
- Fix in X509_find_by_issuer_and_serial() from
Dr Stephen Henson <shenson@bigfoot.com>
19-Sep-97
- NO_FP_API and NO_STDIO added.
- Put in sh config command. It auto runs Configure with the correct
parameters.
18-Sep-97
- Fix x509.c so if a DSA cert has different parameters to its parent,
they are left in place. Not tested yet.
16-Sep-97
- ssl_create_cipher_list() had some bugs, fixes from
Patrick Eisenacher <eisenach@stud.uni-frankfurt.de>
- Fixed a bug in the Base64 BIO, where it would return 1 instead
of -1 when end of input was encountered but should retry.
Basically a Base64/Memory BIO interaction problem.
- Added a HMAC set of functions in preporarion for TLS work.
15-Sep-97
- Top level makefile tweak - Cameron Simpson <cs@zip.com.au>
- Prime generation spead up %25 (512 bit prime, pentium pro linux)
by using montgomery multiplication in the prime number test.
11-Sep-97
- Ugly bug in ssl3_write_bytes(). Basically if application land
does a SSL_write(ssl,buf,len) where len > 16k, the SSLv3 write code
did not check the size and tried to copy the entire buffer.
This would tend to cause memory overwrites since SSLv3 has
a maximum packet size of 16k. If your program uses
buffers <= 16k, you would probably never see this problem.
- Fixed a new errors that were cause by malloc() not returning
0 initialised memory..
- SSL_OP_NETSCAPE_CA_DN_BUG was being switched on when using
SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); which was a bad thing
since this flags stops SSLeay being able to handle client
cert requests correctly.
08-Sep-97
- SSL_SESS_CACHE_NO_INTERNAL_LOOKUP option added. When switched
on, the SSL server routines will not use a SSL_SESSION that is
held in it's cache. This in intended to be used with the session-id
callbacks so that while the session-ids are still stored in the
cache, the decision to use them and how to look them up can be
done by the callbacks. The are the 'new', 'get' and 'remove'
callbacks. This can be used to determine the session-id
to use depending on information like which port/host the connection
is coming from. Since the are also SSL_SESSION_set_app_data() and
SSL_SESSION_get_app_data() functions, the application can hold
information against the session-id as well.
03-Sep-97
- Added lookup of CRLs to the by_dir method,
X509_load_crl_file() also added. Basically it means you can
lookup CRLs via the same system used to lookup certificates.
- Changed things so that the X509_NAME structure can contain
ASN.1 BIT_STRINGS which is required for the unique
identifier OID.
- Fixed some problems with the auto flushing of the session-id
cache. It was not occuring on the server side.
02-Sep-97
- Added SSL_CTX_sess_cache_size(SSL_CTX *ctx,unsigned long size)
which is the maximum number of entries allowed in the
session-id cache. This is enforced with a simple FIFO list.
The default size is 20*1024 entries which is rather large :-).
The Timeout code is still always operating.
01-Sep-97
- Added an argument to all the 'generate private key/prime`
callbacks. It is the last parameter so this should not
break existing code but it is needed for C++.
- Added the BIO_FLAGS_BASE64_NO_NL flag for the BIO_f_base64()
BIO. This lets the BIO read and write base64 encoded data
without inserting or looking for '\n' characters. The '-A'
flag turns this on when using apps/enc.c.
- RSA_NO_PADDING added to help BSAFE functionality. This is a
very dangerous thing to use, since RSA private key
operations without random padding bytes (as PKCS#1 adds) can
be attacked such that the private key can be revealed.
- ASN.1 bug and rc2-40-cbc and rc4-40 added by
Dr Stephen Henson <shenson@bigfoot.com>
31-Aug-97 (stuff added while I was away)
- Linux pthreads by Tim Hudson (tjh@cryptsoft.com).
- RSA_flags() added allowing bypass of pub/priv match check
in ssl/ssl_rsa.c - Tim Hudson.
- A few minor bugs.
SSLeay 0.8.1 released.
19-Jul-97
- Server side initated dynamic renegotiation is broken. I will fix
it when I get back from holidays.
15-Jul-97
- Quite a few small changes.
- INVALID_SOCKET usage cleanups from Alex Kiernan <alex@hisoft.co.uk>
09-Jul-97
- Added 2 new values to the SSL info callback.
SSL_CB_START which is passed when the SSL protocol is started
and SSL_CB_DONE when it has finished sucsessfully.
08-Jul-97
- Fixed a few bugs problems in apps/req.c and crypto/asn1/x_pkey.c
that related to DSA public/private keys.
- Added all the relevent PEM and normal IO functions to support
reading and writing RSAPublic keys.
- Changed makefiles to use ${AR} instead of 'ar r'
07-Jul-97
- Error in ERR_remove_state() that would leave a dangling reference
to a free()ed location - thanks to Alex Kiernan <alex@hisoft.co.uk>
- s_client now prints the X509_NAMEs passed from the server
when requesting a client cert.
- Added a ssl->type, which is one of SSL_ST_CONNECT or
SSL_ST_ACCEPT. I had to add it so I could tell if I was
a connect or an accept after the handshake had finished.
- SSL_get_client_CA_list(SSL *s) now returns the CA names
passed by the server if called by a client side SSL.
05-Jul-97
- Bug in X509_NAME_get_text_by_OBJ(), looking starting at index
0, not -1 :-( Fix from Tim Hudson (tjh@cryptsoft.com).
04-Jul-97
- Fixed some things in X509_NAME_add_entry(), thanks to
Matthew Donald <matthew@world.net>.
- I had a look at the cipher section and though that it was a
bit confused, so I've changed it.
- I was not setting up the RC4-64-MD5 cipher correctly. It is
a MS special that appears in exported MS Money.
- Error in all my DH ciphers. Section 7.6.7.3 of the SSLv3
spec. I was missing the two byte length header for the
ClientDiffieHellmanPublic value. This is a packet sent from
the client to the server. The SSL_OP_SSLEAY_080_CLIENT_DH_BUG
option will enable SSLeay server side SSLv3 accept either
the correct or my 080 packet format.
- Fixed a few typos in crypto/pem.org.
02-Jul-97
- Alias mapping for EVP_get_(digest|cipher)byname is now
performed before a lookup for actual cipher. This means
that an alias can be used to 're-direct' a cipher or a
digest.
- ASN1_read_bio() had a bug that only showed up when using a
memory BIO. When EOF is reached in the memory BIO, it is
reported as a -1 with BIO_should_retry() set to true.
01-Jul-97
- Fixed an error in X509_verify_cert() caused by my
miss-understanding how 'do { contine } while(0);' works.
Thanks to Emil Sit <sit@mit.edu> for educating me :-)
30-Jun-97
- Base64 decoding error. If the last data line did not end with
a '=', sometimes extra data would be returned.
- Another 'cut and paste' bug in x509.c related to setting up the
STDout BIO.
27-Jun-97
- apps/ciphers.c was not printing due to an editing error.
- Alex Kiernan <alex@hisoft.co.uk> send in a nice fix for
a library build error in util/mk1mf.pl
26-Jun-97
- Still did not have the auto 'experimental' code removal
script correct.
- A few header tweaks for Watcom 11.0 under Win32 from
Rolf Lindemann <Lindemann@maz-hh.de>
- 0 length OCTET_STRING bug in asn1_parse
- A minor fix with an non-existent function in the MS .def files.
- A few changes to the PKCS7 stuff.
25-Jun-97
SSLeay 0.8.0 finally it gets released.
24-Jun-97
Added a SSL_OP_EPHEMERAL_RSA option which causes all SSLv3 RSA keys to
use a temporary RSA key. This is experimental and needs some more work.
Fixed a few Win16 build problems.
23-Jun-97
SSLv3 bug. I was not doing the 'lookup' of the CERT structure
correctly. I was taking the SSL->ctx->default_cert when I should
have been using SSL->cert. The bug was in ssl/s3_srvr.c
20-Jun-97
X509_ATTRIBUTES were being encoded wrongly by apps/reg.c and the
rest of the library. Even though I had the code required to do
it correctly, apps/req.c was doing the wrong thing. I have fixed
and tested everything.
Missing a few #ifdef FIONBIO sections in crypto/bio/bss_acpt.c.
19-Jun-97
Fixed a bug in the SSLv2 server side first packet handling. When
using the non-blocking test BIO, the ssl->s2->first_packet flag
was being reset when a would-block failure occurred when reading
the first 5 bytes of the first packet. This caused the checking
logic to run at the wrong time and cause an error.
Fixed a problem with specifying cipher. If RC4-MD5 were used,
only the SSLv3 version would be picked up. Now this will pick
up both SSLv2 and SSLv3 versions. This required changing the
SSL_CIPHER->mask values so that they only mask the ciphers,
digests, authentication, export type and key-exchange algorithms.
I found that when a SSLv23 session is established, a reused
session, of type SSLv3 was attempting to write the SSLv2
ciphers, which were invalid. The SSL_METHOD->put_cipher_by_char
method has been modified so it will only write out cipher which
that method knows about.
Changes between 0.8.0 and 0.8.1
*) Mostly bug fixes.
There is an Ephemeral DH cipher problem which is fixed.
SSLeay 0.8.0
This version of SSLeay has quite a lot of things different from the
previous version.
Basically check all callback parameters, I will be producing documentation
about how to use things in th future. Currently I'm just getting 080 out
the door. Please not that there are several ways to do everything, and
most of the applications in the apps directory are hybrids, some using old
methods and some using new methods.
Have a look in demos/bio for some very simple programs and
apps/s_client.c and apps/s_server.c for some more advanced versions.
Notes are definitly needed but they are a week or so away.
Anyway, some quick nots from Tim Hudson (tjh@cryptsoft.com)
---
Quick porting notes for moving from SSLeay-0.6.x to SSLeay-0.8.x to
get those people that want to move to using the new code base off to
a quick start.
Note that Eric has tidied up a lot of the areas of the API that were
less than desirable and renamed quite a few things (as he had to break
the API in lots of places anyrate). There are a whole pile of additional
functions for making dealing with (and creating) certificates a lot
cleaner.
01-Jul-97
Tim Hudson
tjh@cryptsoft.com
---8<---
To maintain code that uses both SSLeay-0.6.x and SSLeay-0.8.x you could
use something like the following (assuming you #include "crypto.h" which
is something that you really should be doing).
#if SSLEAY_VERSION_NUMBER >= 0x0800
#define SSLEAY8
#endif
buffer.h -> splits into buffer.h and bio.h so you need to include bio.h
too if you are working with BIO internal stuff (as distinct
from simply using the interface in an opaque manner)
#include "bio.h" - required along with "buffer.h" if you write
your own BIO routines as the buffer and bio
stuff that was intermixed has been separated
out
envelope.h -> evp.h (which should have been done ages ago)
Initialisation ... don't forget these or you end up with code that
is missing the bits required to do useful things (like ciphers):
SSLeay_add_ssl_algorithms()
(probably also want SSL_load_error_strings() too but you should have
already had that call in place)
SSL_CTX_new() - requires an extra method parameter
SSL_CTX_new(SSLv23_method())
SSL_CTX_new(SSLv2_method())
SSL_CTX_new(SSLv3_method())
OR to only have the server or the client code
SSL_CTX_new(SSLv23_server_method())
SSL_CTX_new(SSLv2_server_method())
SSL_CTX_new(SSLv3_server_method())
or
SSL_CTX_new(SSLv23_client_method())
SSL_CTX_new(SSLv2_client_method())
SSL_CTX_new(SSLv3_client_method())
SSL_set_default_verify_paths() ... renamed to the more appropriate
SSL_CTX_set_default_verify_paths()
If you want to use client certificates then you have to add in a bit
of extra stuff in that a SSLv3 server sends a list of those CAs that
it will accept certificates from ... so you have to provide a list to
SSLeay otherwise certain browsers will not send client certs.
SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file));
X509_NAME_oneline(X) -> X509_NAME_oneline(X,NULL,0)
or provide a buffer and size to copy the
result into
X509_add_cert -> X509_STORE_add_cert (and you might want to read the
notes on X509_NAME structure changes too)
VERIFICATION CODE
=================
The codes have all be renamed from VERIFY_ERR_* to X509_V_ERR_* to
more accurately reflect things.
The verification callback args are now packaged differently so that
extra fields for verification can be added easily in future without
having to break things by adding extra parameters each release :-)
X509_cert_verify_error_string -> X509_verify_cert_error_string
BIO INTERNALS
=============
Eric has fixed things so that extra flags can be introduced in
the BIO layer in future without having to play with all the BIO
modules by adding in some macros.
The ugly stuff using
b->flags ~= (BIO_FLAGS_RW|BIO_FLAGS_SHOULD_RETRY)
becomes
BIO_clear_retry_flags(b)
b->flags |= (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)
becomes
BIO_set_retry_read(b)
Also ... BIO_get_retry_flags(b), BIO_set_flags(b)
OTHER THINGS
============
X509_NAME has been altered so that it isn't just a STACK ... the STACK
is now in the "entries" field ... and there are a pile of nice functions
for getting at the details in a much cleaner manner.
SSL_CTX has been altered ... "cert" is no longer a direct member of this
structure ... things are now down under "cert_store" (see x509_vfy.h) and
things are no longer in a CERTIFICATE_CTX but instead in a X509_STORE.
If your code "knows" about this level of detail then it will need some
surgery.
If you depending on the incorrect spelling of a number of the error codes
then you will have to change your code as these have been fixed.
ENV_CIPHER "type" got renamed to "nid" and as that is what it actually
has been all along so this makes things clearer.
ify_cert_error_string(ctx->error));
SSL_R_NO_CIPHER_WE_TRUST -> SSL_R_NO_CIPHER_LIST
and SSL_R_REUSE_CIPHER_LIST_NOT_ZERO
Changes between 0.7.x and 0.8.0
*) There have been lots of changes, mostly the addition of SSLv3.
There have been many additions from people and amongst
others, C2Net has assisted greatly.
Changes between 0.7.x and 0.7.x
*) Internal development version only
SSLeay 0.6.6 13-Jan-1997
The main additions are
- assember for x86 DES improvments.
From 191,000 per second on a pentium 100, I now get 281,000. The inner
loop and the IP/FP modifications are from
Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>. Many thanks for his
contribution.
- The 'DES macros' introduced in 0.6.5 now have 3 types.
DES_PTR1, DES_PTR2 and 'normal'. As per before, des_opts reports which
is best and there is a summery of mine in crypto/des/options.txt
- A few bug fixes.
- Added blowfish. It is not used by SSL but all the other stuff that
deals with ciphers can use it in either ecb, cbc, cfb64 or ofb64 modes.
There are 3 options for optimising Blowfish. BF_PTR, BF_PTR2 and 'normal'.
BF_PTR2 is pentium/x86 specific. The correct option is setup in
the 'Configure' script.
- There is now a 'get client certificate' callback which can be
'non-blocking'. If more details are required, let me know. It will
documented more in SSLv3 when I finish it.
- Bug fixes from 0.6.5 including the infamous 'ca' bug. The 'make test'
now tests the ca program.
- Lots of little things modified and tweaked.
SSLeay 0.6.5
After quite some time (3 months), the new release. I have been very busy
for the last few months and so this is mostly bug fixes and improvments.
The main additions are
- assember for x86 DES. For all those gcc based systems, this is a big
improvement. From 117,000 DES operation a second on a pentium 100,
I now get 191,000. I have also reworked the C version so it
now gives 148,000 DESs per second.
- As mentioned above, the inner DES macros now have some more variant that
sometimes help, sometimes hinder performance. There are now 3 options
DES_PTR (ptr vs array lookup), DES_UNROLL (full vs partial loop unrolling)
and DES_RISC (a more register intensive version of the inner macro).
The crypto/des/des_opts.c program, when compiled and run, will give
an indication of the correct options to use.
- The BIO stuff has been improved. Read doc/bio.doc. There are now
modules for encryption and base64 encoding and a BIO_printf() function.
- The CA program will accept simple one line X509v3 extensions in the
ssleay.cnf file. Have a look at the example. Currently this just
puts the text into the certificate as an OCTET_STRING so currently
the more advanced X509v3 data types are not handled but this is enough
for the netscape extensions.
- There is the start of a nicer higher level interface to the X509
strucutre.
- Quite a lot of bug fixes.
- CRYPTO_malloc_init() (or CRYPTO_set_mem_functions()) can be used
to define the malloc(), free() and realloc() routines to use
(look in crypto/crypto.h). This is mostly needed for Windows NT/95 when
using DLLs and mixing CRT libraries.
In general, read the 'VERSION' file for changes and be aware that some of
the new stuff may not have been tested quite enough yet, so don't just plonk
in SSLeay 0.6.5 when 0.6.4 used to work and expect nothing to break.
SSLeay 0.6.4 30/08/96 eay
I've just finished some test builds on Windows NT, Windows 3.1, Solaris 2.3,
Solaris 2.5, Linux, IRIX, HPUX 10 and everthing seems to work :-).
The main changes in this release
- Thread safe. have a read of doc/threads.doc and play in the mt directory.
For anyone using 0.6.3 with threads, I found 2 major errors so consider
moving to 0.6.4. I have a test program that builds under NT and
solaris.
- The get session-id callback has changed. Have a read of doc/callback.doc.
- The X509_cert_verify callback (the SSL_verify callback) now
has another argument. Have a read of doc/callback.doc
- 'ca -preserve', sign without re-ordering the DN. Not tested much.
- VMS support.
- Compile time memory leak detection can now be built into SSLeay.
Read doc/memory.doc
- CONF routines now understand '\', '\n', '\r' etc. What this means is that
the SPKAC object mentioned in doc/ns-ca.doc can be on multiple lines.
- 'ssleay ciphers' added, lists the default cipher list for SSLeay.
- RC2 key setup is now compatable with Netscape.
- Modifed server side of SSL implementation, big performance difference when
using session-id reuse.
0.6.3
Bug fixes and the addition of some nice stuff to the 'ca' program.
Have a read of doc/ns-ca.doc for how hit has been modified so
it can be driven from a CGI script. The CGI script is not provided,
but that is just being left as an excersize for the reader :-).
0.6.2
This is most bug fixes and functionality improvements.
Additions are
- More thread debugging patches, the thread stuff is still being
tested, but for those keep to play with stuff, have a look in
crypto/cryptlib.c. The application needs to define 1 (or optionaly
a second) callback that is used to implement locking. Compiling
with LOCK_DEBUG spits out lots of locking crud :-).
This is what I'm currently working on.
- SSL_CTX_set_default_passwd_cb() can be used to define the callback
function used in the SSL*_file() functions used to load keys. I was
always of the opinion that people should call
PEM_read_RSAPrivateKey() and pass the callback they want to use, but
it appears they just want to use the SSL_*_file() function() :-(.
- 'enc' now has a -kfile so a key can be read from a file. This is
mostly used so that the passwd does not appear when using 'ps',
which appears imposible to stop under solaris.
- X509v3 certificates now work correctly. I even have more examples
in my tests :-). There is now a X509_EXTENSION type that is used in
X509v3 certificates and CRLv2.
- Fixed that signature type error :-(
- Fixed quite a few potential memory leaks and problems when reusing
X509, CRL and REQ structures.
- EVP_set_pw_prompt() now sets the library wide default password
prompt.
- The 'pkcs7' command will now, given the -print_certs flag, output in
pem format, all certificates and CRL contained within. This is more
of a pre-emtive thing for the new verisign distribution method. I
should also note, that this also gives and example in code, of how
to do this :-), or for that matter, what is involved in going the
other way (list of certs and crl -> pkcs7).
- Added RSA's DESX to the DES library. It is also available via the
EVP_desx_cbc() method and via 'enc desx'.
SSLeay 0.6.1
The main functional changes since 0.6.0 are as follows
- Bad news, the Microsoft 060 DLL's are not compatable, but the good news is
that from now on, I'll keep the .def numbers the same so they will be.
- RSA private key operations are about 2 times faster that 0.6.0
- The SSL_CTX now has more fields so default values can be put against
it. When an SSL structure is created, these default values are used
but can be overwritten. There are defaults for cipher, certificate,
private key, verify mode and callback. This means SSL session
creation can now be
ssl=SSL_new()
SSL_set_fd(ssl,sock);
SSL_accept(ssl)
....
All the other uglyness with having to keep a global copy of the
private key and certificate/verify mode in the server is now gone.
- ssl/ssltest.c - one process talking SSL to its self for testing.
- Storage of Session-id's can be controled via a session_cache_mode
flag. There is also now an automatic default flushing of
old session-id's.
- The X509_cert_verify() function now has another parameter, this
should not effect most people but it now means that the reason for
the failure to verify is now available via SSL_get_verify_result(ssl).
You don't have to use a global variable.
- SSL_get_app_data() and SSL_set_app_data() can be used to keep some
application data against the SSL structure. It is upto the application
to free the data. I don't use it, but it is available.
- SSL_CTX_set_cert_verify_callback() can be used to specify a
verify callback function that completly replaces my certificate
verification code. Xcert should be able to use this :-).
The callback is of the form int app_verify_callback(arg,ssl,cert).
This needs to be documented more.
- I have started playing with shared library builds, have a look in
the shlib directory. It is very simple. If you need a numbered
list of functions, have a look at misc/crypto.num and misc/ssl.num.
- There is some stuff to do locking to make the library thread safe.
I have only started this stuff and have not finished. If anyone is
keen to do so, please send me the patches when finished.
So I have finally made most of the additions to the SSL interface that
I thought were needed.
There will probably be a pause before I make any non-bug/documentation
related changes to SSLeay since I'm feeling like a bit of a break.
eric - 12 Jul 1996
I saw recently a comment by some-one that we now seem to be entering
the age of perpetual Beta software.
Pioneered by packages like linux but refined to an art form by
netscape.
I too wish to join this trend with the anouncement of SSLeay 0.6.0 :-).
There are quite a large number of sections that are 'works in
progress' in this package. I will also list the major changes and
what files you should read.
BIO - this is the new IO structure being used everywhere in SSLeay. I
started out developing this because of microsoft, I wanted a mechanism
to callback to the application for all IO, so Windows 3.1 DLL
perversion could be hidden from me and the 15 different ways to write
to a file under NT would also not be dictated by me at library build
time. What the 'package' is is an API for a data structure containing
functions. IO interfaces can be written to conform to the
specification. This in not intended to hide the underlying data type
from the application, but to hide it from SSLeay :-).
I have only really finished testing the FILE * and socket/fd modules.
There are also 'filter' BIO's. Currently I have only implemented
message digests, and it is in use in the dgst application. This
functionality will allow base64/encrypto/buffering modules to be
'push' into a BIO without it affecting the semantics. I'm also
working on an SSL BIO which will hide the SSL_accept()/SLL_connet()
from an event loop which uses the interface.
It is also possible to 'attach' callbacks to a BIO so they get called
before and after each operation, alowing extensive debug output
to be generated (try running dgst with -d).
Unfortunaly in the conversion from 0.5.x to 0.6.0, quite a few
functions that used to take FILE *, now take BIO *.
The wrappers are easy to write
function_fp(fp,x)
FILE *fp;
{
BIO *b;
int ret;
if ((b=BIO_new(BIO_s_file())) == NULL) error.....
BIO_set_fp(b,fp,BIO_NOCLOSE);
ret=function_bio(b,x);
BIO_free(b);
return(ret);
}
Remember, there are no functions that take FILE * in SSLeay when
compiled for Windows 3.1 DLL's.
--
I have added a general EVP_PKEY type that can hold a public/private
key. This is now what is used by the EVP_ functions and is passed
around internally. I still have not done the PKCS#8 stuff, but
X509_PKEY is defined and waiting :-)
--
For a full function name listings, have a look at ms/crypt32.def and
ms/ssl32.def. These are auto-generated but are complete.
Things like ASN1_INTEGER_get() have been added and are in here if you
look. I have renamed a few things, again, have a look through the
function list and you will probably find what you are after. I intend
to at least put a one line descrition for each one.....
--
Microsoft - thats what this release is about, read the MICROSOFT file.
--
Multi-threading support. I have started hunting through the code and
flaging where things need to be done. In a state of work but high on
the list.
--
For random numbers, edit e_os.h and set DEVRANDOM (it's near the top)
be be you random data device, otherwise 'RFILE' in e_os.h
will be used, in your home directory. It will be updated
periodically. The environment variable RANDFILE will override this
choice and read/write to that file instead. DEVRANDOM is used in
conjunction to the RFILE/RANDFILE. If you wish to 'seed' the random
number generator, pick on one of these files.
--
The list of things to read and do
dgst -d
s_client -state (this uses a callback placed in the SSL state loop and
will be used else-where to help debug/monitor what
is happening.)
doc/why.doc
doc/bio.doc <- hmmm, needs lots of work.
doc/bss_file.doc <- one that is working :-)
doc/session.doc <- it has changed
doc/speed.doc
also play with ssleay version -a. I have now added a SSLeay()
function that returns a version number, eg 0600 for this release
which is primarily to be used to check DLL version against the
application.
util/* Quite a few will not interest people, but some may, like
mk1mf.pl, mkdef.pl,
util/do_ms.sh
try
cc -Iinclude -Icrypto -c crypto/crypto.c
cc -Iinclude -Issl -c ssl/ssl.c
You have just built the SSLeay libraries as 2 object files :-)
Have a general rummage around in the bin stall directory and look at
what is in there, like CA.sh and c_rehash
There are lots more things but it is 12:30am on a Friday night and I'm
heading home :-).
eric 22-Jun-1996
This version has quite a few major bug fixes and improvements. It DOES NOT
do SSLv3 yet.
The main things changed
- A Few days ago I added the s_mult application to ssleay which is
a demo of an SSL server running in an event loop type thing.
It supports non-blocking IO, I have finally gotten it right, SSL_accept()
can operate in non-blocking IO mode, look at the code to see how :-).
Have a read of doc/s_mult as well. This program leaks memory and
file descriptors everywhere but I have not cleaned it up yet.
This is a demo of how to do non-blocking IO.
- The SSL session management has been 'worked over' and there is now
quite an expansive set of functions to manipulate them. Have a read of
doc/session.doc for some-things I quickly whipped up about how it now works.
This assume you know the SSLv2 protocol :-)
- I can now read/write the netscape certificate format, use the
-inform/-outform 'net' options to the x509 command. I have not put support
for this type in the other demo programs, but it would be easy to add.
- asn1parse and 'enc' have been modified so that when reading base64
encoded files (pem format), they do not require '-----BEGIN' header lines.
The 'enc' program had a buffering bug fixed, it can be used as a general
base64 -> binary -> base64 filter by doing 'enc -a -e' and 'enc -a -d'
respecivly. Leaving out the '-a' flag in this case makes the 'enc' command
into a form of 'cat'.
- The 'x509' and 'req' programs have been fixed and modified a little so
that they generate self-signed certificates correctly. The test
script actually generates a 'CA' certificate and then 'signs' a
'user' certificate. Have a look at this shell script (test/sstest)
to see how things work, it tests most possible combinations of what can
be done.
- The 'SSL_set_pref_cipher()' function has been 'fixed' and the prefered name
of SSL_set_cipher_list() is now the correct API (stops confusion :-).
If this function is used in the client, only the specified ciphers can
be used, with preference given to the order the ciphers were listed.
For the server, if this is used, only the specified ciphers will be used
to accept connections. If this 'option' is not used, a default set of
ciphers will be used. The SSL_CTX_set_cipher_list(SSL_CTX *ctx) sets this
list for all ciphers started against the SSL_CTX. So the order is
SSL cipher_list, if not present, SSL_CTX cipher list, if not
present, then the library default.
What this means is that normally ciphers like
NULL-MD5 will never be used. The only way this cipher can be used
for both ends to specify to use it.
To enable or disable ciphers in the library at build time, modify the
first field for the cipher in the ssl_ciphers array in ssl/ssl_lib.c.
This file also contains the 'pref_cipher' list which is the default
cipher preference order.
- I'm not currently sure if the 'rsa -inform net' and the 'rsa -outform net'
options work. They should, and they enable loading and writing the
netscape rsa private key format. I will be re-working this section of
SSLeay for the next version. What is currently in place is a quick and
dirty hack.
- I've re-written parts of the bignum library. This gives speedups
for all platforms. I now provide assembler for use under Windows NT.
I have not tested the Windows 3.1 assembler but it is quite simple code.
This gives RSAprivate_key operation encryption times of 0.047s (512bit key)
and 0.230s (1024bit key) on a pentium 100 which I consider reasonable.
Basically the times available under linux/solaris x86 can be achieve under
Windows NT. I still don't know how these times compare to RSA's BSAFE
library but I have been emailing with people and with their help, I should
be able to get my library's quite a bit faster still (more algorithm changes).
The object file crypto/bn/asm/x86-32.obj should be used when linking
under NT.
- 'make makefile.one' in the top directory will generate a single makefile
called 'makefile.one' This makefile contains no perl references and
will build the SSLeay library into the 'tmp' and 'out' directories.
util/mk1mf.pl >makefile.one is how this makefile is
generated. The mk1mf.pl command take several option to generate the
makefile for use with cc, gcc, Visual C++ and Borland C++. This is
still under development. I have only build .lib's for NT and MSDOS
I will be working on this more. I still need to play with the
correct compiler setups for these compilers and add some more stuff but
basically if you just want to compile the library
on a 'non-unix' platform, this is a very very good file to start with :-).
Have a look in the 'microsoft' directory for my current makefiles.
I have not yet modified things to link with sockets under Windows NT.
You guys should be able to do this since this is actually outside of the
SSLeay scope :-). I will be doing it for myself soon.
util/mk1mf.pl takes quite a few options including no-rc, rsaref and no-sock
to build without RC2/RC4, to require RSAref for linking, and to
build with no socket code.
- Oh yes, the cipher that was reported to be compatible with RSA's RC2 cipher
that was posted to sci.crypt has been added to the library and SSL.
I take the view that if RC2 is going to be included in a standard,
I'll include the cipher to make my package complete.
There are NO_RC2, NO_RC4 and NO_IDEA macros to remove these ciphers
at compile time. I have not tested this recently but it should all work
and if you are in the USA and don't want RSA threatening to sue you,
you could probably remove the RC4/RC2 code inside these sections.
I may in the future include a perl script that does this code
removal automatically for those in the USA :-).
- I have removed all references to sed in the makefiles. So basically,
the development environment requires perl and sh. The build environment
does not (use the makefile.one makefile).
The Configure script still requires perl, this will probably stay that way
since I have perl for Windows NT :-).
eric (03-May-1996)
PS Have a look in the VERSION file for more details on the changes and
bug fixes.
I have fixed a few bugs, added alpha and x86 assembler and generally cleaned
things up. This version will be quite stable, mostly because I'm on
holidays until 10-March-1996. For any problems in the interum, send email
to Tim Hudson <tjh@mincom.oz.au>.
SSLeay 0.5.0
12-12-95
This is going out before it should really be released.
I leave for 11 weeks holidays on the 22-12-95 and so I either sit on
this for 11 weeks or get things out. It is still going to change a
lot in the next week so if you do grab this version, please test and
give me feed back ASAP, inculuding questions on how to do things with
the library. This will prompt me to write documentation so I don't
have to answer the same question again :-).
This 'pre' release version is for people who are interested in the
library. The applications will have to be changed to use
the new version of the SSL interface. I intend to finish more
documentation before I leave but until then, look at the programs in
the apps directory. As far as code goes, it is much much nicer than
the old version.
The current library works, has no memory leaks (as far as I can tell)
and is far more bug free that 0.4.5d. There are no global variable of
consequence (I believe) and I will produce some documentation that
tell where to look for those people that do want to do multi-threaded
stuff.
There should be more documentation. Have a look in the
doc directory. I'll be adding more before I leave, it is a start
by mostly documents the crypto library. Tim Hudson will update
the web page ASAP. The spelling and grammar are crap but
it is better than nothing :-)
Reasons to start playing with version 0.5.0
- All the programs in the apps directory build into one ssleay binary.
- There is a new version of the 'req' program that generates certificate
requests, there is even documentation for this one :-)
- There is a demo certification authorithy program. Currently it will
look at the simple database and update it. It will generate CRL from
the data base. You need to edit the database by hand to revoke a
certificate, it is my aim to use perl5/Tk but I don't have time to do
this right now. It will generate the certificates but the management
scripts still need to be written. This is not a hard task.
- Things have been cleaned up alot.
- Have a look at the enc and dgst programs in the apps directory.
- It supports v3 of x509 certiticates.
Major things missing.
- I have been working on (and thinging about) the distributed x509
hierachy problem. I have not had time to put my solution in place.
It will have to wait until I come back.
- I have not put in CRL checking in the certificate verification but
it would not be hard to do. I was waiting until I could generate my
own CRL (which has only been in the last week) and I don't have time
to put it in correctly.
- Montgomery multiplication need to be implemented. I know the
algorithm, just ran out of time.
- PKCS#7. I can load and write the DER version. I need to re-work
things to support BER (if that means nothing, read the ASN1 spec :-).
- Testing of the higher level digital envelope routines. I have not
played with the *_seal() and *_open() type functions. They are
written but need testing. The *_sign() and *_verify() functions are
rock solid.
- PEM. Doing this and PKCS#7 have been dependant on the distributed
x509 heirachy problem. I started implementing my ideas, got
distracted writing a CA program and then ran out of time. I provide
the functionality of RSAref at least.
- Re work the asm. code for the x86. I've changed by low level bignum
interface again, so I really need to tweak the x86 stuff. gcc is
good enough for the other boxes.

21791
CHANGES.md
View File

File diff suppressed because it is too large Load Diff

6
CODE-OF-CONDUCT.md
View File

@@ -1,6 +0,0 @@
Code of Conduct
===============
The OpenSSL [Code of Conduct] is published on the project's website.
[Code of Conduct]: https://www.openssl.org/community/conduct.html

112
CONTRIBUTING.md
View File

@@ -1,112 +0,0 @@
HOW TO CONTRIBUTE TO OpenSSL
============================
Please visit our [Getting Started] page for other ideas about how to contribute.
[Getting Started]: <https://openssl-library.org/community/getting-started>
Development is done on GitHub in the [openssl/openssl] repository.
[openssl/openssl]: <https://github.com/openssl/openssl>
To request a new feature, ask a question, or report a bug,
please open an [issue on GitHub](https://github.com/openssl/openssl/issues).
To submit a patch or implement a new feature, please open a
[pull request on GitHub](https://github.com/openssl/openssl/pulls).
If you are thinking of making a large contribution,
open an issue for it before starting work, to get comments from the community.
Someone may be already working on the same thing,
or there may be special reasons why a feature is not implemented.
Similarly, if you plan to submit many pull requests, please start with
a representative sample (no more than 3 or 4) and open an issue
explaining your process. The OpenSSL project has limited resources,
especially when it comes to reviewers, so we appreciate advanced
communication before submitting many pull requests. In addition,
contributors should personally evaluate potential patches generated by
automated tools.
To make it easier to review and accept your pull request, please follow these
guidelines:
1. Anything other than a trivial contribution requires a [Contributor
License Agreement] (CLA), giving us permission to use your code.
If your contribution is too small to require a CLA (e.g., fixing a spelling
mistake), then place the text "`CLA: trivial`" on a line by itself below
the rest of your commit message separated by an empty line, like this:
```
One-line summary of trivial change
Optional main body of commit message. It might contain a sentence
or two explaining the trivial change.
CLA: trivial
```
It is not sufficient to only place the text "`CLA: trivial`" in the GitHub
pull request description.
[Contributor License Agreement]: <https://www.openssl.org/policies/cla.html>
To amend a missing "`CLA: trivial`" line after submission, do the following:
```
git commit --amend
# add the line, save and quit the editor
git push -f [<repository> [<branch>]]
```
2. All source files should start with the following text (with
appropriate comment characters at the start of each line and the
year(s) updated):
```
Copyright 20xx-20yy The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
https://www.openssl.org/source/license.html
```
3. Patches should be as current as possible; expect to have to rebase
often. We do not accept merge commits, you will have to remove them
(usually by rebasing) before it will be acceptable.
4. Code provided should follow our [coding style] and [documentation policy]
and compile without warnings.
There is a [Perl tool](util/check-format.pl) that helps
finding code formatting mistakes and other coding style nits.
Where `gcc` or `clang` is available, you should use the
`--strict-warnings` `Configure` option. OpenSSL compiles on many varied
platforms: try to ensure you only use portable features.
Clean builds via GitHub Actions are required. They are started automatically
whenever a PR is created or updated by committers.
[coding style]: https://openssl-library.org/policies/technical/coding-style/
[documentation policy]: https://openssl-library.org/policies/technical/documentation-policy/
5. When at all possible, code contributions should include tests. These can
either be added to an existing test, or completely new. Please see
[test/README.md](test/README.md) for information on the test framework.
6. New features or changed functionality must include
documentation. Please look at the `.pod` files in `doc/man[1357]` for
examples of our style. Run `make doc-nits` to make sure that your
documentation changes are clean.
7. For user visible changes (API changes, behaviour changes, ...),
consider adding a note in [CHANGES.md](CHANGES.md).
This could be a summarising description of the change, and could
explain the grander details.
Have a look through existing entries for inspiration.
Please note that this is NOT simply a copy of git-log one-liners.
Also note that security fixes get an entry in [CHANGES.md](CHANGES.md).
This file helps users get more in-depth information of what comes
with a specific release without having to sift through the higher
noise ratio in git-log.
8. Guidelines on how to integrate error output of new crypto library modules
can be found in [crypto/err/README.md](crypto/err/README.md).

202
Configurations/00-base-templates.conf
View File

@@ -1,202 +0,0 @@
# -*- Mode: perl -*-
my %targets=(
DEFAULTS => {
template => 1,
cflags => "",
cppflags => "",
lflags => "",
defines => [],
includes => [],
lib_cflags => "",
lib_cppflags => "",
lib_defines => [],
thread_scheme => "(unknown)", # Assume we don't know
thread_defines => [],
unistd => "<unistd.h>",
shared_target => "",
shared_cflag => "",
shared_defines => [],
shared_ldflag => "",
shared_rcflag => "",
#### Defaults for the benefit of the config targets who don't inherit
#### a BASE and assume Unix defaults
#### THESE WILL DISAPPEAR IN OpenSSL 1.2
build_scheme => [ "unified", "unix" ],
build_file => "Makefile",
AR => "(unused)",
ARFLAGS => "(unused)",
CC => "cc",
HASHBANGPERL => "/usr/bin/env perl",
RANLIB => sub { which("$config{cross_compile_prefix}ranlib")
? "ranlib" : "" },
RC => "windres",
#### THESE WILL BE ENABLED IN OpenSSL 1.2
#HASHBANGPERL => "PERL", # Only Unix actually cares
},
BASE_common => {
template => 1,
enable => [],
disable => [],
defines =>
sub {
my @defs = ( 'OPENSSL_BUILDING_OPENSSL' );
push @defs, "BROTLI" unless $disabled{brotli};
push @defs, "BROTLI_SHARED" unless $disabled{"brotli-dynamic"};
push @defs, "ZLIB" unless $disabled{zlib};
push @defs, "ZLIB_SHARED" unless $disabled{"zlib-dynamic"};
push @defs, "ZSTD" unless $disabled{zstd};
push @defs, "ZSTD_SHARED" unless $disabled{"zstd-dynamic"};
return [ @defs ];
},
includes =>
sub {
my @incs = ();
push @incs, $withargs{jitter_include}
if !$disabled{jitter} && $withargs{jitter_include};
push @incs, $withargs{brotli_include}
if !$disabled{brotli} && $withargs{brotli_include};
push @incs, $withargs{zlib_include}
if !$disabled{zlib} && $withargs{zlib_include};
push @incs, $withargs{zstd_include}
if !$disabled{zstd} && $withargs{zstd_include};
return [ @incs ];
},
},
BASE_unix => {
inherit_from => [ "BASE_common" ],
template => 1,
AR => "ar",
ARFLAGS => "qc",
CC => "cc",
OBJCOPY => "objcopy",
bin_cflags =>
sub {
my @flags = ();
if (!defined($disabled{pie})) {
push(@flags, "-fPIE");
}
return join(" ", @flags);
},
bin_lflags =>
sub {
my @flags = ();
if (!defined($disabled{pie})) {
push(@flags, "-pie");
}
return join(" ", @flags);
},
lflags =>
sub {
my @libs = ();
push(@libs, "-L".$withargs{jitter_lib}) if $withargs{jitter_lib};
push(@libs, "-L".$withargs{zlib_lib}) if $withargs{zlib_lib};
push(@libs, "-L".$withargs{brotli_lib}) if $withargs{brotli_lib};
push(@libs, "-L".$withargs{zstd_lib}) if $withargs{zstd_lib};
return join(" ", @libs);
},
ex_libs =>
sub {
my @libs = ();
push(@libs, "-l:libjitterentropy.a") if !defined($disabled{jitter});
push(@libs, "-lz") if !defined($disabled{zlib}) && defined($disabled{"zlib-dynamic"});
if (!defined($disabled{brotli}) && defined($disabled{"brotli-dynamic"})) {
push(@libs, "-lbrotlienc");
push(@libs, "-lbrotlidec");
push(@libs, "-lbrotlicommon");
push(@libs, "-lm");
}
push(@libs, "-lzstd") if !defined($disabled{zstd}) && defined($disabled{"zstd-dynamic"});
return join(" ", @libs);
},
HASHBANGPERL => "/usr/bin/env perl", # Only Unix actually cares
RANLIB => sub { which("$config{cross_compile_prefix}ranlib")
? "ranlib" : "" },
RC => "windres",
build_scheme => [ "unified", "unix" ],
build_file => "Makefile",
perl_platform => 'Unix',
},
BASE_Windows => {
inherit_from => [ "BASE_common" ],
template => 1,
lib_defines =>
sub {
my @defs = ();
unless ($disabled{"zlib-dynamic"}) {
my $zlib = $withargs{zlib_lib} // "ZLIB1";
push @defs, 'LIBZ=' . (quotify("perl", $zlib))[0];
}
return [ @defs ];
},
ex_libs =>
sub {
my @libs = ();
unless ($disabled{zlib}) {
if (defined($disabled{"zlib-dynamic"})) {
push(@libs, $withargs{zlib_lib} // "ZLIB1");
}
}
unless ($disabled{zstd}) {
if (defined($disabled{"zstd-dynamic"})) {
push(@libs, $withargs{zstd_lib} // "libzstd");
}
}
unless ($disabled{brotli}) {
if (defined($disabled{"brotli-dynamic"})) {
my $path = "";
if (defined($withargs{brotli_lib})) {
$path = $withargs{brotli_lib} . "\\";
}
push(@libs, $path . "brotlicommon.lib");
push(@libs, $path . "brotlidec.lib");
push(@libs, $path . "brotlienc.lib");
}
}
return join(" ", @libs);
},
MT => "mt",
MTFLAGS => "-nologo",
mtinflag => "-manifest ",
mtoutflag => "-outputresource:",
build_file => "makefile",
build_scheme => [ "unified", "windows" ],
perl_platform => 'Windows',
},
BASE_VMS => {
inherit_from => [ "BASE_common" ],
template => 1,
includes =>
add(sub {
my @incs = ();
# GNV$ZLIB_INCLUDE is the standard logical name for later
# zlib incarnations.
push @incs, 'GNV$ZLIB_INCLUDE:'
if !$disabled{zlib} && !$withargs{zlib_include};
return [ @incs ];
}),
build_file => "descrip.mms",
build_scheme => [ "unified", "VMS" ],
perl_platform => 'VMS',
},
);

2118
Configurations/10-main.conf
View File

File diff suppressed because it is too large Load Diff

300
Configurations/15-android.conf
View File

@@ -1,300 +0,0 @@
#### Android...
#
# See NOTES-Android.md for details, and don't miss platform-specific
# comments below...
{
use File::Spec::Functions;
my $android_ndk = {};
my %triplet = (
arm => "arm-linux-androideabi",
arm64 => "aarch64-linux-android",
mips => "mipsel-linux-android",
mips64 => "mips64el-linux-android",
riscv64 => "riscv64-linux-android",
x86 => "i686-linux-android",
x86_64 => "x86_64-linux-android",
);
sub android_ndk {
unless (%$android_ndk) {
if ($now_printing =~ m|^android|) {
return $android_ndk = { bn_ops => "BN_AUTO" };
}
my $ndk_var;
my $ndk;
foreach (qw(ANDROID_NDK_ROOT ANDROID_NDK)) {
$ndk_var = $_;
$ndk = $ENV{$ndk_var};
last if defined $ndk;
}
die "\$ANDROID_NDK_ROOT is not defined" if (!$ndk);
my $is_standalone_toolchain = -f "$ndk/AndroidVersion.txt";
my $ndk_src_props = "$ndk/source.properties";
my $is_ndk = -f $ndk_src_props;
if ($is_ndk == $is_standalone_toolchain) {
die "\$ANDROID_NDK_ROOT=$ndk is invalid";
}
$ndk = canonpath($ndk);
my $ndkver = undef;
if (open my $fh, "<$ndk_src_props") {
local $_;
while(<$fh>) {
if (m|Pkg\.Revision\s*=\s*([0-9]+)|) {
$ndkver = $1;
last;
}
}
close $fh;
}
my ($sysroot, $api, $arch);
$config{target} =~ m|[^-]+-([^-]+)$|; # split on dash
$arch = $1;
if ($sysroot = $ENV{CROSS_SYSROOT}) {
$sysroot =~ m|/android-([0-9]+)/arch-(\w+)/?$|;
($api, $arch) = ($1, $2);
} elsif ($is_standalone_toolchain) {
$sysroot = "$ndk/sysroot";
} else {
$api = "*";
# see if user passed -D__ANDROID_API__=N
foreach (@{$useradd{CPPDEFINES}}, @{$user{CPPFLAGS}}) {
if (m|__ANDROID_API__=([0-9]+)|) {
$api = $1;
last;
}
}
if (-d "$ndk/platforms") {
# list available platforms (numerically)
my @platforms = sort { $a =~ m/-([0-9]+)$/; my $aa = $1;
$b =~ m/-([0-9]+)$/; $aa <=> $1;
} glob("$ndk/platforms/android-$api");
die "no $ndk/platforms/android-$api" if ($#platforms < 0);
$sysroot = "@platforms[$#platforms]/arch-$arch";
$sysroot =~ m|/android-([0-9]+)/arch-$arch|;
$api = $1;
} elsif ($api eq "*") {
# r22 Removed platforms dir, use this JSON file
my $path = "$ndk/meta/platforms.json";
open my $fh, $path or die "Could not open '$path' $!";
while (<$fh>) {
if (/"max": (\d+),/) {
$api = $1;
last;
}
}
close $fh;
}
die "Could not get default API Level" if ($api eq "*");
}
die "no sysroot=$sysroot" if (length $sysroot && !-d $sysroot);
my $triarch = $triplet{$arch};
my $cflags;
my $cppflags;
# see if there is NDK clang on $PATH, "universal" or "standalone"
if (which("clang") =~ m|^$ndk/.*/prebuilt/([^/]+)/|) {
my $host=$1;
# harmonize with gcc default
my $arm = $ndkver > 16 ? "armv7a" : "armv5te";
(my $tridefault = $triarch) =~ s/^arm-/$arm-/;
(my $tritools = $triarch) =~ s/(?:x|i6)86(_64)?-.*/x86$1/;
if (length $sysroot) {
$cflags .= " -target $tridefault "
. "-gcc-toolchain \$($ndk_var)/toolchains"
. "/$tritools-4.9/prebuilt/$host";
$user{CC} = "clang" if ($user{CC} !~ m|clang|);
} else {
$user{CC} = "$tridefault$api-clang";
}
$user{CROSS_COMPILE} = undef;
if (which("llvm-ar") =~ m|^$ndk/.*/prebuilt/([^/]+)/|) {
$user{AR} = "llvm-ar";
$user{ARFLAGS} = [ "rs" ];
$user{RANLIB} = ":";
}
} elsif ($is_standalone_toolchain) {
my $cc = $user{CC} // "clang";
# One can probably argue that both clang and gcc should be
# probed, but support for "standalone toolchain" was added
# *after* announcement that gcc is being phased out, so
# favouring clang is considered adequate. Those who insist
# have option to enforce test for gcc with CC=gcc.
if (which("$triarch-$cc") !~ m|^$ndk|) {
die "no NDK $triarch-$cc on \$PATH";
}
$user{CC} = $cc;
$user{CROSS_COMPILE} = "$triarch-";
} elsif ($user{CC} eq "clang") {
die "no NDK clang on \$PATH";
} else {
if (which("$triarch-gcc") !~ m|^$ndk/.*/prebuilt/([^/]+)/|) {
die "no NDK $triarch-gcc on \$PATH";
}
$cflags .= " -mandroid";
$user{CROSS_COMPILE} = "$triarch-";
}
if (length $sysroot) {
if (!-d "$sysroot/usr/include") {
my $incroot = "$ndk/sysroot/usr/include";
die "no $incroot" if (!-d $incroot);
die "no $incroot/$triarch" if (!-d "$incroot/$triarch");
$incroot =~ s|^$ndk/||;
$cppflags = "-D__ANDROID_API__=$api";
$cppflags .= " -isystem \$($ndk_var)/$incroot/$triarch";
$cppflags .= " -isystem \$($ndk_var)/$incroot";
}
$sysroot =~ s|^$ndk/||;
$sysroot = " --sysroot=\$($ndk_var)/$sysroot";
}
$android_ndk = {
cflags => $cflags . $sysroot,
cppflags => $cppflags,
bn_ops => $arch =~ m/64$/ ? "SIXTY_FOUR_BIT_LONG"
: "BN_LLONG",
};
}
return $android_ndk;
}
}
my %targets = (
"android" => {
inherit_from => [ "linux-generic32" ],
template => 1,
################################################################
# Special note about -pie. The underlying reason is that
# Lollipop refuses to run non-PIE. But what about older systems
# and NDKs? -fPIC was never problem, so the only concern is -pie.
# Older toolchains, e.g. r4, appear to handle it and binaries
# turn out mostly functional. "Mostly" means that oldest
# Androids, such as Froyo, fail to handle executable, but newer
# systems are perfectly capable of executing binaries targeting
# Froyo. Keep in mind that in the nutshell Android builds are
# about JNI, i.e. shared libraries, not applications.
cflags => add(sub { android_ndk()->{cflags} }),
cppflags => add(sub { android_ndk()->{cppflags} }),
cxxflags => add(sub { android_ndk()->{cflags} }),
bn_ops => sub { android_ndk()->{bn_ops} },
bin_cflags => "-fPIE",
bin_lflags => "-pie",
enable => [ ],
shared_extension => ".so",
},
"android-arm" => {
################################################################
# Contemporary Android applications can provide multiple JNI
# providers in .apk, targeting multiple architectures. Among
# them there is "place" for two ARM flavours: generic eabi and
# armv7-a/hard-float. However, it should be noted that OpenSSL's
# ability to engage NEON is not constrained by ABI choice, nor
# is your ability to call OpenSSL from your application code
# compiled with floating-point ABI other than default 'soft'.
# (Latter thanks to __attribute__((pcs("aapcs"))) declaration.)
# This means that choice of ARM libraries you provide in .apk
# is driven by application needs. For example if application
# itself benefits from NEON or is floating-point intensive, then
# it might be appropriate to provide both libraries. Otherwise
# just generic eabi would do. But in latter case it would be
# appropriate to
#
# ./Configure android-arm -D__ARM_MAX_ARCH__=8
#
# in order to build "universal" binary and allow OpenSSL take
# advantage of NEON when it's available.
#
# Keep in mind that (just like with linux-armv4) we rely on
# compiler defaults, which is not necessarily what you had
# in mind, in which case you would have to pass additional
# -march and/or -mfloat-abi flags. NDK defaults to armv5te.
# Newer NDK versions reportedly require additional -latomic.
#
inherit_from => [ "android" ],
bn_ops => add("RC4_CHAR"),
asm_arch => 'armv4',
perlasm_scheme => "void",
},
"android-arm64" => {
inherit_from => [ "android" ],
bn_ops => add("RC4_CHAR"),
asm_arch => 'aarch64',
perlasm_scheme => "linux64",
shared_ldflag => add("-Wl,-z,max-page-size=16384"),
},
"android-mips" => {
inherit_from => [ "android" ],
bn_ops => add("RC4_CHAR"),
asm_arch => 'mips32',
perlasm_scheme => "o32",
},
"android-mips64" => {
################################################################
# You are more than likely have to specify target processor
# on ./Configure command line. Trouble is that toolchain's
# default is MIPS64r6 (at least in r10d), but there are no
# such processors around (or they are too rare to spot one).
# Actual problem is that MIPS64r6 is binary incompatible
# with previous MIPS ISA versions, in sense that unlike
# prior versions original MIPS binary code will fail.
#
inherit_from => [ "android" ],
bn_ops => add("RC4_CHAR"),
asm_arch => 'mips64',
perlasm_scheme => "64",
},
"android-x86" => {
inherit_from => [ "android" ],
CFLAGS => add(picker(release => "-fomit-frame-pointer")),
bn_ops => add("RC4_INT"),
asm_arch => 'x86',
perlasm_scheme => "android",
ex_libs => add(threads("-latomic")),
},
"android-x86_64" => {
inherit_from => [ "android" ],
bn_ops => add("RC4_INT"),
asm_arch => 'x86_64',
perlasm_scheme => "elf",
shared_ldflag => add("-Wl,-z,max-page-size=16384"),
},
"android-riscv64" => {
inherit_from => [ "android" ],
asm_arch => 'riscv64',
perlasm_scheme => "linux64",
},
####################################################################
# Backward compatible targets, (might) require $CROSS_SYSROOT
#
"android-armeabi" => {
inherit_from => [ "android-arm" ],
},
"android64" => {
inherit_from => [ "android" ],
},
"android64-aarch64" => {
inherit_from => [ "android-arm64" ],
},
"android64-x86_64" => {
inherit_from => [ "android-x86_64" ],
},
"android64-mips64" => {
inherit_from => [ "android-mips64" ],
},
);

89
Configurations/15-ios.conf
View File

@@ -1,89 +0,0 @@
#### iPhoneOS/iOS
#
# `xcrun` targets require an Xcode that can determine the correct C compiler via
# `xcrun -sdk iphoneos`. This has been standard in Xcode for a while now - any recent
# Xcode should do. If the Xcode on the build machine doesn't support this then use
# the legacy targets at the end of this file. These require manual definition of
# environment variables.
#
my %targets = (
"ios-common" => {
template => 1,
inherit_from => [ "darwin-common" ],
sys_id => "iOS",
disable => [ "async" ],
},
"ios-xcrun" => {
inherit_from => [ "ios-common" ],
# It should be possible to go below iOS 6 and even add -arch armv6,
# thus targeting iPhone pre-3GS, but it's assumed to be irrelevant
# at this point.
CC => "xcrun -sdk iphoneos cc",
cflags => add("-arch armv7 -fno-common"),
asm_arch => 'armv4',
perlasm_scheme => "ios32",
},
"ios64-xcrun" => {
inherit_from => [ "ios-common" ],
CC => "xcrun -sdk iphoneos cc",
cflags => add("-arch arm64 -fno-common"),
bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
asm_arch => 'aarch64',
perlasm_scheme => "ios64",
},
"iossimulator-xcrun" => {
inherit_from => [ "ios-common" ],
CC => "xcrun -sdk iphonesimulator cc",
},
"iossimulator-arm64-xcrun" => {
inherit_from => [ "ios-common" ],
CC => "xcrun -sdk iphonesimulator cc",
cflags => add("-arch arm64 -fno-common"),
bn_ops => "SIXTY_FOUR_BIT_LONG",
asm_arch => 'aarch64',
perlasm_scheme => "ios64",
},
"iossimulator-i386-xcrun" => {
inherit_from => [ "ios-common" ],
CC => "xcrun -sdk iphonesimulator cc",
cflags => add("-arch i386 -fno-common"),
bn_ops => "BN_LLONG",
asm_arch => 'x86',
perlasm_scheme => "macosx",
},
"iossimulator-x86_64-xcrun" => {
inherit_from => [ "ios-common" ],
CC => "xcrun -sdk iphonesimulator cc",
cflags => add("-arch x86_64 -fno-common"),
bn_ops => "SIXTY_FOUR_BIT_LONG",
asm_arch => 'x86_64',
perlasm_scheme => "macosx",
},
# It takes three prior-set environment variables to make it work:
#
# CROSS_COMPILE=/where/toolchain/is/usr/bin/ [note ending slash]
# CROSS_TOP=/where/SDKs/are
# CROSS_SDK=iPhoneOSx.y.sdk
#
# Exact paths vary with Xcode releases, but for couple of last ones
# they would look like this:
#
# CROSS_COMPILE=`xcode-select --print-path`/Toolchains/XcodeDefault.xctoolchain/usr/bin/
# CROSS_TOP=`xcode-select --print-path`/Platforms/iPhoneOS.platform/Developer
# CROSS_SDK=iPhoneOS.sdk
#
"iphoneos-cross" => {
inherit_from => [ "ios-common" ],
cflags => add("-isysroot \"\$(CROSS_TOP)/SDKs/\$(CROSS_SDK)\" -fno-common"),
},
"ios-cross" => {
inherit_from => [ "ios-xcrun" ],
CC => "cc",
cflags => add("-isysroot \"\$(CROSS_TOP)/SDKs/\$(CROSS_SDK)\""),
},
"ios64-cross" => {
inherit_from => [ "ios64-xcrun" ],
CC => "cc",
cflags => add("-isysroot \"\$(CROSS_TOP)/SDKs/\$(CROSS_SDK)\""),
},
);

121
Configurations/50-cppbuilder.conf
View File

@@ -1,121 +0,0 @@
my %targets = (
"BC-32" => {
inherit_from => [ "BASE_Windows" ],
sys_id => "WIN32",
bn_ops => "BN_LLONG",
thread_scheme => "winthreads",
cc => "bcc32c",
CPP => "cpp32 -oCON -Sc -Sr",
defines => add("WIN32_LEAN_AND_MEAN", "OPENSSL_SYS_WIN32",
"L_ENDIAN", "DSO_WIN32", "_stricmp=stricmp",
"_strnicmp=strnicmp", "_malloca=malloc",
"_freea=free", "_setmode=setmode"),
cflags => picker(default => add("-q -c",
threads("-tM"),
shared("-tR")),
debug => "-Od -v -vi- -D_DEBUG",
release => "-O2"),
bin_cflags => "-tWC",
lib_cflags => shared("-tWD -D_WINDLL -D_DLL"),
coutflag => "-o",
# -Sx isn't documented, but 'cpp32 -H -S' explains it:
#
# -Sx Omit preprocessed text in output
makedepcmd => "cpp32 -oCON -Sx -Hp",
makedep_scheme => "embarcadero",
LD => "ilink32",
LDFLAGS => picker(default => "-x -Gn -q -w-dup",
debug => '-j"$(BDS)\lib\win32c\debug" ' .
'-L"$(BDS)\lib\win32c\debug" -v',
release => '-j"$(BDS)\lib\win32c\release" ' .
'-L"$(BDS)\lib\win32c\release"'),
bin_lflags => "-ap -Tpe c0x32.obj wildargs.obj",
ldoutflag => ",",
ldpostoutflag => ",,",
ld_resp_delim => " +\n",
ex_libs => add(sub {
my @ex_libs = ("import32.lib",
($disabled{shared}
? ($disabled{threads} ? "cw32.lib" : "cw32mt.lib")
: ($disabled{threads} ? "cw32i.lib" : "cw32mti.lib")));
push @ex_libs, "ws2_32.lib" unless $disabled{sock};
return join(" ", @ex_libs);
}),
AR => "tlib",
ARFLAGS => "/P256 /N /u",
ar_resp_delim => " &\n",
RC => "brcc32",
RCFLAGS => '-i"$(BDS)\include\windows\sdk"',
rcoutflag => "-fo",
shared_target => "win-shared",
shared_ldflag => "-aa -Tpd c0d32.obj",
lddefflag => ",",
ldresflag => ",",
ld_implib_rule => 'implib -a $< $**',
dso_scheme => "win32",
shared_defflag => '',
perl_platform => 'Windows::cppbuilder',
uplink_arch => 'common',
},
"BC-64" => {
inherit_from => [ "BASE_Windows" ],
sys_id => "WIN64",
bn_ops => "BN_LLONG",
thread_scheme => "winthreads",
cc => "bcc64",
CPP => "cpp64 -oCON -Sc -Sr",
defines => add("WIN32_LEAN_AND_MEAN", "OPENSSL_SYS_WIN64",
"L_ENDIAN", "DSO_WIN32", "_stricmp=stricmp",
"_strnicmp=strnicmp", "_setmode=setmode"),
cflags => picker(default => add("-q -c",
threads("-tM"),
shared("-tR")),
debug => "-Od -v -vi- -D_DEBUG",
release => "-O2"),
bin_cflags => "-tWC",
lib_cflags => shared("-tWD -D_WINDLL -D_DLL"),
coutflag => "-o",
# -Sx isn't documented, but 'cpp64 -H -S' explains it:
#
# -Sx Omit preprocessed text in output
makedepcmd => "cpp64 -oCON -Sx -Hp",
makedep_scheme => "embarcadero",
LD => "ilink64",
LDFLAGS => picker(default => "-x -Gn -q -w-dup",
debug => '-j"$(BDS)\lib\win64\debug" ' .
'-L"$(BDS)\lib\win64\debug" -v',
release => '-j"$(BDS)\lib\win64\release" ' .
'-L"$(BDS)\lib\win64\release"'),
bin_lflags => "-ap -Tpe c0x64.o wildargs.o",
ldoutflag => ",",
ldpostoutflag => ",,",
ld_resp_delim => " +\n",
ex_libs => add(sub {
my @ex_libs = ("import64.a",
($disabled{shared}
? ($disabled{threads} ? "cw64.a" : "cw64mt.a")
: ($disabled{threads} ? "cw64i.a" : "cw64mti.a")));
push @ex_libs, "ws2_32.a" unless $disabled{sock};
return join(" ", @ex_libs);
}),
AR => "tlib",
ARFLAGS => "/P256 /N /u",
ar_resp_delim => " &\n",
RC => "brcc32",
RCFLAGS => '-i"$(BDS)\include\windows\sdk"',
rcoutflag => "-fo",
shared_target => "win-shared",
shared_ldflag => "-aa -Tpd c0d64.o",
lddefflag => ",",
ldresflag => ",",
ld_implib_rule => 'implib -a $< $**',
dso_scheme => "win64",
shared_defflag => '',
perl_platform => 'Windows::cppbuilder',
uplink_arch => 'common',
}
);

18
Configurations/50-djgpp.conf
View File

@@ -1,18 +0,0 @@
# We can't make any commitment to support the DJGPP platform,
# and rely entirely on the OpenSSL community to help is fine
# tune and test.
my %targets = (
"DJGPP" => {
inherit_from => [ "BASE_unix" ],
CC => "gcc",
CFLAGS => "-fomit-frame-pointer -O2 -Wall",
cflags => "-I\$(WATT_ROOT)/inc -DTERMIOS -DL_ENDIAN",
sys_id => "MSDOS",
lflags => add("-L\$(WATT_ROOT)/lib"),
ex_libs => add("-lwatt"),
bn_ops => "BN_LLONG",
asm_arch => 'x86',
perlasm_scheme => "a.out",
},
);

35
Configurations/50-haiku.conf
View File

@@ -1,35 +0,0 @@
my %targets = (
"haiku-common" => {
template => 1,
CC => "cc",
CFLAGS => add_before(picker(default => "-Wall",
debug => "-g -O0",
release => "-O2")),
cflags => add_before("-DL_ENDIAN -include \$(SRCDIR)/os-dep/haiku.h",
threads("-D_REENTRANT")),
AR => "ar",
ARFLAGS => "qc",
HASHBANGPERL => "/bin/env perl",
sys_id => "HAIKU",
ex_libs => "-lnetwork",
perlasm_scheme => "elf",
thread_scheme => "pthreads",
dso_scheme => "dlfcn",
shared_target => "gnu-shared",
shared_cflag => "-fPIC",
shared_ldflag => "-shared",
perl_platform => 'Unix',
},
"haiku-x86" => {
inherit_from => [ "haiku-common" ],
CFLAGS => add(picker(release => "-fomit-frame-pointer")),
bn_ops => "BN_LLONG",
asm_arch => 'x86',
perlasm_scheme => 'elf',
},
"haiku-x86_64" => {
inherit_from => [ "haiku-common" ],
cflags => add("-m64"),
bn_ops => "SIXTY_FOUR_BIT_LONG",
},
);

22
Configurations/50-masm.conf
View File

@@ -1,22 +0,0 @@
# We can't make commitment to supporting Microsoft assembler,
# because it would mean supporting all masm versions. This in
# in turn is because masm is not really an interchangeable option,
# while users tend to have reasons to stick with specific Visual
# Studio versions. It's usually lesser hassle to make it work
# with latest assembler, but tweaking for older versions had
# proven to be daunting task. This is experimental target, for
# production builds stick with [up-to-date version of] nasm.
my %targets = (
"VC-WIN64A-masm" => {
inherit_from => [ "VC-WIN64-common" ],
AS => "ml64",
ASFLAGS => "/nologo /Zi",
asoutflag => "/Fo",
asflags => "/c /Cp /Cx",
sys_id => "WIN64A",
uplink_arch => 'x86_64',
asm_arch => 'x86_64',
perlasm_scheme => "masm",
},
);

285
Configurations/50-nonstop.conf
View File

@@ -1,285 +0,0 @@
#### Nonstop configurations
# Common for all
'nonstop-common' => {
inherit_from => [ 'BASE_unix' ],
template => 1,
cc => 'c99',
cflags => add_before(picker(debug => '-g -O0',
release => '-g -O2'),
'-Wextensions',
'-Wnowarn=203,220,272,734,770,1506',
'-Wbuild_neutral_library',
'-Wverbose'),
defines => add('OPENSSL_VPROC=$(OPENSSL_VPROC)',
'_XOPEN_SOURCE',
'_XOPEN_SOURCE_EXTENDED=1',
'_TANDEM_SOURCE',
'__NSK_OPTIONAL_TYPES__',
'B_ENDIAN'),
perl => '/usr/bin/perl',
shared_target => 'nonstop-shared',
shared_extension => ".so",
ex_libs => add('-lrld'),
enable => ['egd'],
# Not currently inherited
disable => ['atexit'],
dso_scheme => 'DLFCN',
sys_id => 'TANDEM',
},
######################################################################
# Additional variant settings, to be combined with nonstop-common
# Note that these do not inherit anything. However, the diverse values
# are merged with other entries in an 'inherit_from'.
#
# These combine:
# - System architecture (MIPS, Itanium, or x86)
# - Execution environment (oss [default] or guardian)
#
# Unfortunately, they can't be separated into independent templates, because
# a number of the above are encoded as different linkers, and by consequence,
# different c99 linker flags (-Wld, -Weld, and -Wxld)
#
# In addition, the are modifiers for:
# - Size of long + pointer (ilp32 [default] and lp64)
# - Float type (neutral and tandem)
#
# Unfortunately, because the float types affect the linker settings, those
# are divided per system architecture
#
# MIPS + guardian (unused but present for convenience):
'nonstop-archenv-mips-guardian' => {
template => 1,
defines => ['NO_GETPID'],
cflags => '-Wtarget=tns/r -Wsystype=guardian',
lflags => '-Wld="-set systype guardian"',
shared_ldflag => '-Wshared -Wld="-soname $(@:lib%.so=%)"',
shared_defflag => '-Wld_obey=',
shared_argfileflag => '-Wld_obey=',
},
# Itanium + guardian:
'nonstop-archenv-itanium-guardian' => {
template => 1,
defines => ['NO_GETPID'],
cflags => '-Wtarget=tns/e -Wsystype=guardian',
lflags => '-Weld="-set systype guardian"',
shared_ldflag => '-Wshared -Weld="-soname $(@:lib%.so=%)"',
shared_defflag => '-Weld_obey=',
shared_argfileflag => '-Weld_obey=',
},
# x86 + guardian:
'nonstop-archenv-x86_64-guardian' => {
template => 1,
defines => ['NO_GETPID'],
cflags => '-Wtarget=tns/x -Wsystype=guardian',
lflags => '-Wxld="-set systype guardian"',
shared_ldflag => '-Wshared -Wxld="-soname $(@:lib%.so=%)"',
shared_defflag => '-Wxld_obey=',
shared_argfileflag => '-Wxld_obey=',
},
# MIPS + oss (unused but present for convenience):
'nonstop-archenv-mips-oss' => {
template => 1,
cflags => '-Wtarget=tns/r -Wsystype=oss',
lflags => '-Wld="-set systype oss"',
shared_ldflag => '-Wshared',
shared_defflag => '-Wld_obey=',
shared_argfileflag => '-Wld_obey=',
},
# Itanium + oss:
'nonstop-archenv-itanium-oss' => {
template => 1,
cflags => '-Wtarget=tns/e -Wsystype=oss',
lflags => '-Weld="-set systype oss"',
shared_ldflag => '-Wshared',
shared_defflag => '-Weld_obey=',
shared_argfileflag => '-Weld_obey=',
},
# x86_64 + oss:
'nonstop-archenv-x86_64-oss' => {
template => 1,
cflags => '-Wtarget=tns/x -Wsystype=oss',
lflags => '-Wxld="-set systype oss"',
shared_ldflag => '-Wshared',
shared_defflag => '-Wxld_obey=',
shared_argfileflag => '-Wxld_obey=',
},
# Size variants
'nonstop-ilp32' => {
template => 1,
cflags => '-Wilp32',
bn_ops => 'THIRTY_TWO_BIT',
},
'nonstop-lp64-itanium' => {
template => 1,
cflags => '-Wlp64',
bn_ops => 'SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR',
},
'nonstop-lp64-x86_64' => {
template => 1,
cflags => '-Wlp64',
lflags => '-Wxld="-set data_model lp64"',
bn_ops => 'SIXTY_FOUR_BIT',
},
# Float variants
'nonstop-nfloat-mips' => {
template => 1,
lflags => '-Wld="-set floattype neutral_float"',
},
'nonstop-tfloat-mips' => {
template => 1,
lflags => '-Wld="-set floattype tandem_float"',
},
'nonstop-efloat-itanium' => {
template => 1,
cflags => '-WIEEE_float',
lflags => '-Weld="-set floattype ieee_float"',
},
'nonstop-nfloat-itanium' => {
template => 1,
lflags => '-Weld="-set floattype neutral_float"',
},
'nonstop-tfloat-itanium' => {
template => 1,
cflags => '-WTandem_float',
lflags => '-Weld="-set floattype tandem_float"',
},
'nonstop-efloat-x86_64' => {
template => 1,
cflags => '-WIEEE_float',
lflags => '-Wxld="-set floattype ieee_float"',
},
'nonstop-nfloat-x86_64' => {
template => 1,
lflags => '-Wxld="-set floattype neutral_float"',
},
'nonstop-tfloat-x86_64' => {
template => 1,
cflags => '-WTandem_float',
lflags => '-Wxld="-set floattype tandem_float"',
},
######################################################################
# Build models
'nonstop-model-put' => {
template => 1,
disable => ['secure-memory'],
defines => ['_PUT_MODEL_',
'_REENTRANT', '_THREAD_SUPPORT_FUNCTIONS'],
ex_libs => '-lput',
},
######################################################################
# Build models
'nonstop-model-klt' => {
template => 1,
disable => ['secure-memory'],
defines => ['_KLT_MODEL_',
'_REENTRANT', '_THREAD_SUPPORT_FUNCTIONS'],
ex_libs => '-lklt',
},
######################################################################
# Now for the entries themselves, let's combine things!
'nonstop-nsx' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-x86_64-oss',
'nonstop-ilp32',
'nonstop-efloat-x86_64' ],
disable => ['threads','atexit'],
},
'nonstop-nsx_put' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-x86_64-oss',
'nonstop-ilp32',
'nonstop-efloat-x86_64',
'nonstop-model-put' ],
multilib => '-put',
multibin => '-put',
disable => ['atexit'],
},
'nonstop-nsx_64' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-x86_64-oss',
'nonstop-lp64-x86_64',
'nonstop-efloat-x86_64' ],
multilib => '64',
multibin => '64',
disable => ['threads','atexit'],
},
'nonstop-nsx_64_put' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-x86_64-oss',
'nonstop-lp64-x86_64',
'nonstop-efloat-x86_64',
'nonstop-model-put' ],
multilib => '64-put',
multibin => '64-put',
disable => ['atexit'],
},
'nonstop-nsx_64_klt' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-x86_64-oss',
'nonstop-lp64-x86_64',
'nonstop-efloat-x86_64',
'nonstop-model-klt' ],
multilib => '64-klt',
multibin => '64-klt',
disable => ['atexit'],
},
'nonstop-nsx_g' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-x86_64-guardian',
'nonstop-ilp32', 'nonstop-nfloat-x86_64' ],
disable => ['threads','atexit'],
},
'nonstop-nsx_g_tandem' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-x86_64-guardian',
'nonstop-ilp32', 'nonstop-tfloat-x86_64' ],
disable => ['threads','atexit'],
},
'nonstop-nsv' => {
inherit_from => [ 'nonstop-nsx' ],
},
'nonstop-nse' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-itanium-oss',
'nonstop-ilp32',
'nonstop-efloat-itanium' ],
disable => ['threads','atexit'],
},
'nonstop-nse_put' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-itanium-oss',
'nonstop-ilp32',
'nonstop-efloat-itanium',
'nonstop-model-put' ],
multilib => '-put',
multibin => '-put',
disable => ['atexit'],
},
'nonstop-nse_64' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-itanium-oss',
'nonstop-lp64-itanium',
'nonstop-efloat-itanium' ],
multilib => '64',
multibin => '64',
disable => ['threads','atexit'],
},
'nonstop-nse_64_put' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-itanium-oss',
'nonstop-lp64-itanium',
'nonstop-efloat-itanium',
'nonstop-model-put' ],
multilib => '64-put',
multibin => '64-put',
disable => ['atexit'],
},

11
Configurations/50-os390.conf
View File

@@ -1,11 +0,0 @@
## -*- mode: perl; -*-
(
# OS/390 Unix an EBCDIC-based Unix system on IBM mainframe
"OS390-Unix" => {
inherit_from => [ "BASE_unix" ],
cc => "cc",
cflags => "-O -DB_ENDIAN -DCHARSET_EBCDIC",
bn_ops => "THIRTY_TWO_BIT RC4_CHAR",
thread_scheme => "(unknown)",
}
);

14
Configurations/50-vms-x86_64.conf
View File

@@ -1,14 +0,0 @@
## -*- mode: perl; -*-
# OpenVMS cross compilation of x86_64 binaries on Itanium. This doesn't
# fit the usual cross compilation parameters that are used on Unixly machines
(
'vms-x86_64-cross-ia64' => {
inherit_from => [ 'vms-generic' ],
CC => 'XCC',
bn_ops => 'SIXTY_FOUR_BIT',
pointer_size => '',
setup_commands => [ '@SYS$MANAGER:X86_XTOOLS$SYLOGIN.COM' ],
}
);

36
Configurations/50-win-clang-cl.conf
View File

@@ -1,36 +0,0 @@
## -*- mode: perl; -*-
# Windows on Arm clang-cl targets.
#
my %targets = (
"VC-WIN64-CLANGASM-ARM" => {
inherit_from => [ "VC-noCE-common" ],
defines => add("_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE",
"OPENSSL_SYS_WIN_CORE"),
bn_ops => "SIXTY_FOUR_BIT RC4_CHAR",
multilib => "-arm64",
asm_arch => "aarch64",
AS => "clang-cl.exe",
ASFLAGS => "/nologo /Zi --target=arm64-pc-windows-msvc",
asflags => "/c",
asoutflag => "/Fo",
perlasm_scheme => "win64",
uplink_arch => 'armv8',
},
"VC-CLANG-WIN64-CLANGASM-ARM" => {
CC => "clang-cl",
inherit_from => [ "VC-noCE-common" ],
defines => add("_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE",
"OPENSSL_SYS_WIN_CORE"),
bn_ops => "SIXTY_FOUR_BIT RC4_CHAR",
multilib => "-arm64",
asm_arch => "aarch64",
CFLAGS => add("--target=arm64-pc-windows-msvc"),
AS => "clang-cl.exe",
ASFLAGS => "/nologo /Zi --target=arm64-pc-windows-msvc",
asflags => "/c",
asoutflag => "/Fo",
perlasm_scheme => "win64",
uplink_arch => 'armv8',
},
);

37
Configurations/50-win-hybridcrt.conf
View File

@@ -1,37 +0,0 @@
## -*- mode: perl; -*-
# Windows HybridCRT targets.
#
# https://github.com/microsoft/WindowsAppSDK/blob/77761e244289fda6b3d5f14c7bded189fed4fb89/docs/Coding-Guidelines/HybridCRT.md
# Link statically against the runtime and STL, but link dynamically against the CRT by ignoring the static CRT
# lib and instead linking against the Universal CRT DLL import library. This "Hybrid" linking mechanism is
# supported according to the CRT maintainer. Dynamic linking against the CRT makes the binaries a bit smaller
# than they would otherwise be if the CRT, runtime, and STL were all statically linked in.
sub remove_from_flags {
my ($toRemove, $flags) = @_;
$flags =~ s/$toRemove//;
return $flags;
}
my %targets = (
"VC-WIN32-HYBRIDCRT" => {
inherit_from => [ "VC-WIN32" ],
cflags => sub {
remove_from_flags(qr/\/MDd?\s/, add(picker(debug => "/MTd",
release => "/MT"))->(@_))
},
lflags => add(picker(debug => "/NODEFAULTLIB:libucrtd.lib /DEFAULTLIB:ucrtd.lib",
release => "/NODEFAULTLIB:libucrt.lib /DEFAULTLIB:ucrt.lib")),
},
"VC-WIN64A-HYBRIDCRT" => {
inherit_from => [ "VC-WIN64A" ],
cflags => sub {
remove_from_flags(qr/\/MDd?\s/, add(picker(debug => "/MTd",
release => "/MT"))->(@_))
},
lflags => add(picker(debug => "/NODEFAULTLIB:libucrtd.lib /DEFAULTLIB:ucrtd.lib",
release => "/NODEFAULTLIB:libucrt.lib /DEFAULTLIB:ucrt.lib")),
},
);

137
Configurations/50-win-onecore.conf
View File

@@ -1,137 +0,0 @@
## -*- mode: perl; -*-
# Windows OneCore targets.
#
# OneCore is new API stability "contract" that transcends Desktop, IoT and
# Mobile[?] Windows editions. It's a set up "umbrella" libraries that
# export subset of Win32 API that are common to all Windows 10 devices.
#
# OneCore Configuration temporarily dedicated for console applications
# due to disabled event logging, which is incompatible with one core.
# Error messages are provided via standard error only.
# TODO: extend error handling to use ETW based eventing
# (Or rework whole error messaging)
my $UWP_info = {};
sub UWP_info {
unless (%$UWP_info) {
my $SDKver = `powershell -Command \"& {\$(Get-Item \\\"hklm:\\SOFTWARE\\WOW6432Node\\Microsoft\\Microsoft SDKs\\Windows\\\").GetValue(\\\"CurrentVersion\\\")}\"`;
$SDKver =~ s|\R$||;
my @SDKver_split = split(/\./, $SDKver);
# SDK version older than 10.0.17763 don't support our ASM builds
if ($SDKver_split[0] < 10
|| ($SDKver_split[0] == 10
&& $SDKver_split[1] == 0
&& $SDKver_split[2] < 17763)) {
$UWP_info->{disable} = [ 'asm' ];
} else {
$UWP_info->{disable} = [ ];
}
}
return $UWP_info;
}
my %targets = (
"VC-WIN32-ONECORE" => {
inherit_from => [ "VC-WIN32" ],
# /NODEFAULTLIB:kernel32.lib is needed, because MSVCRT.LIB has
# hidden reference to kernel32.lib, but we don't actually want
# it in "onecore" build.
lflags => add("/NODEFAULTLIB:kernel32.lib"),
defines => add("OPENSSL_SYS_WIN_CORE"),
ex_libs => "onecore.lib",
},
"VC-WIN64A-ONECORE" => {
inherit_from => [ "VC-WIN64A" ],
lflags => add("/NODEFAULTLIB:kernel32.lib"),
defines => add("OPENSSL_SYS_WIN_CORE"),
ex_libs => "onecore.lib",
},
# Windows on ARM targets. ARM compilers are additional components in
# VS2017, i.e. they are not installed by default. And when installed,
# there are no "ARM Tool Command Prompt"s on Start menu, you have
# to locate vcvarsall.bat and act accordingly. VC-WIN32-ARM has
# received limited testing with evp_test.exe on Windows 10 IoT Core,
# but not VC-WIN64-ARM, no hardware... In other words they are not
# actually supported...
#
# Another thing to keep in mind [in cross-compilation scenario such
# as this one] is that target's file system has nothing to do with
# compilation system's one. This means that you're are likely to use
# --prefix and --openssldir with target-specific values. 'nmake install'
# step is effectively meaningless in cross-compilation case, though
# it might be useful to 'nmake install DESTDIR=S:\ome\where' where you
# can point Visual Studio to when compiling custom application code.
"VC-WIN32-ARM" => {
inherit_from => [ "VC-noCE-common" ],
defines => add("_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE",
"OPENSSL_SYS_WIN_CORE"),
bn_ops => "BN_LLONG RC4_CHAR",
lflags => add("/NODEFAULTLIB:kernel32.lib"),
ex_libs => "onecore.lib",
multilib => "-arm",
},
"VC-WIN64-ARM" => {
inherit_from => [ "VC-noCE-common" ],
defines => add("_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE",
"OPENSSL_SYS_WIN_CORE"),
bn_ops => "SIXTY_FOUR_BIT RC4_CHAR",
lflags => add("/NODEFAULTLIB:kernel32.lib"),
ex_libs => "onecore.lib",
multilib => "-arm64",
},
# Universal Windows Platform (UWP) App Support
# TODO
#
# The 'disable' attribute should have 'uplink'.
# however, these are checked in some 'inherit_from', which is processed
# very early, before the 'disable' attributes are seen.
# This is a problem that needs to be resolved in Configure first.
#
# But if you want to build library with Windows 10 Version 1809 SDK or
# earlier, the 'disable' attribute should also have 'asm'.
"VC-WIN32-UWP" => {
inherit_from => [ "VC-WIN32-ONECORE" ],
lflags => add("/APPCONTAINER"),
defines => add("WINAPI_FAMILY=WINAPI_FAMILY_APP",
"_WIN32_WINNT=0x0A00"),
dso_scheme => "",
disable => sub { [ 'ui-console', 'stdio', 'async', 'uplink',
@{ UWP_info()->{disable} } ] },
ex_libs => "WindowsApp.lib",
},
"VC-WIN64A-UWP" => {
inherit_from => [ "VC-WIN64A-ONECORE" ],
lflags => add("/APPCONTAINER"),
defines => add("WINAPI_FAMILY=WINAPI_FAMILY_APP",
"_WIN32_WINNT=0x0A00"),
dso_scheme => "",
disable => sub { [ 'ui-console', 'stdio', 'async', 'uplink',
@{ UWP_info()->{disable} } ] },
ex_libs => "WindowsApp.lib",
},
"VC-WIN32-ARM-UWP" => {
inherit_from => [ "VC-WIN32-ARM" ],
lflags => add("/APPCONTAINER"),
defines => add("WINAPI_FAMILY=WINAPI_FAMILY_APP",
"_WIN32_WINNT=0x0A00"),
dso_scheme => "",
disable => sub { [ 'ui-console', 'stdio', 'async', 'uplink',
@{ UWP_info()->{disable} } ] },
ex_libs => "WindowsApp.lib",
},
"VC-WIN64-ARM-UWP" => {
inherit_from => [ "VC-WIN64-ARM" ],
lflags => add("/APPCONTAINER"),
defines => add("WINAPI_FAMILY=WINAPI_FAMILY_APP",
"_WIN32_WINNT=0x0A00"),
dso_scheme => "",
disable => sub { [ 'ui-console', 'stdio', 'async', 'uplink',
@{ UWP_info()->{disable} } ] },
ex_libs => "WindowsApp.lib",
},
);

136
Configurations/INTERNALS.Configure
View File

@@ -1,136 +0,0 @@
Configure Internals
===================
[ note: this file uses markdown for formatting ]
Intro
-----
This is a collection of notes that are hopefully of interest to those
who decide to dive into Configure and what it does. This is a living
document and anyone is encouraged to add to it and submit changes.
There's no claim for this document to be complete at any time, but it
will hopefully reach such a point in time.
----------------------------------------------------------------------
Parsing build.info files, processing conditions
-----------------------------------------------
Processing conditions in build.info files is done with the help of a
condition stack that tell if a build.info should be processed or if it
should just be skipped over. The possible states of the stack top are
expressed in the following comment from Configure:
# The top item of this stack has the following values
# -2 positive already run and we found ELSE (following ELSIF should fail)
# -1 positive already run (skip until ENDIF)
# 0 negatives so far (if we're at a condition, check it)
# 1 last was positive (don't skip lines until next ELSE, ELSIF or ENDIF)
# 2 positive ELSE (following ELSIF should fail)
Ground rule is that non-condition lines are skipped over if the
stack top is > 0. Condition lines (IF, ELSIF, ELSE and ENDIF
statements) need to be processed either way to keep track of the skip
stack states, so they are a little more intricate.
Instead of trying to describe in words, here are some example of what
the skip stack should look like after each line is processed:
Example 1:
| IF[1] | 1 | |
| ... whatever ... | | this line is processed |
| IF[1] | 1 1 | |
| ... whatever ... | | this line is processed |
| ELSIF[1] | 1 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSE | 1 -2 | |
| ... whatever ... | | this line is skipped over |
| ENDIF | 1 | |
| ... whatever ... | | this line is processed |
| ELSIF[1] | -1 | |
| ... whatever ... | | this line is skipped over |
| IF[1] | -1 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[1] | -1 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSE | -1 -2 | |
| ... whatever ... | | this line is skipped over |
| ENDIF | -1 | |
| ... whatever ... | | this line is skipped over |
| ENDIF | | |
Example 2:
| IF[0] | 0 | |
| ... whatever ... | | this line is skipped over |
| IF[1] | 0 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[1] | 0 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSE | 0 -2 | |
| ... whatever ... | | this line is skipped over |
| ENDIF | 0 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[1] | 1 | |
| ... whatever ... | | this line is processed |
| IF[1] | 1 1 | |
| ... whatever ... | | this line is processed |
| ELSIF[1] | 1 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSE | 1 -2 | |
| ... whatever ... | | this line is skipped over |
| ENDIF | 1 | |
| ... whatever ... | | this line is processed |
| ENDIF | | |
Example 3:
| IF[0] | 0 | |
| ... whatever ... | | this line is skipped over |
| IF[0] | 0 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[1] | 0 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSE | 0 -2 | |
| ... whatever ... | | this line is skipped over |
| ENDIF | 0 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[1] | 1 | |
| ... whatever ... | | this line is processed |
| IF[0] | 1 0 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[1] | 1 1 | |
| ... whatever ... | | this line is processed |
| ELSE | 1 -2 | |
| ... whatever ... | | this line is skipped over |
| ENDIF | 1 | |
| ... whatever ... | | this line is processed |
| ENDIF | | |
Example 4:
| IF[0] | 0 | |
| ... whatever ... | | this line is skipped over |
| IF[0] | 0 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[0] | 0 -1 | |
| ... whatever ... | | this line is skipped over |
| ELSE | 0 -2 | |
| ... whatever ... | | this line is skipped over |
| ENDIF | 0 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[1] | 1 | |
| ... whatever ... | | this line is processed |
| IF[0] | 1 0 | |
| ... whatever ... | | this line is skipped over |
| ELSIF[0] | 1 0 | |
| ... whatever ... | | this line is skipped over |
| ELSE | 1 2 | |
| ... whatever ... | | this line is processed |
| ENDIF | 1 | |
| ... whatever ... | | this line is processed |
| ENDIF | | |

604
Configurations/README-design.md
View File

@@ -1,604 +0,0 @@
Design document for the unified scheme data
===========================================
How are things connected?
-------------------------
The unified scheme takes all its data from the `build.info` files seen
throughout the source tree. These files hold the minimum information
needed to build end product files from diverse sources. See the
section on `build.info` files below.
From the information in `build.info` files, `Configure` builds up an
information database as a hash table called `%unified_info`, which is
stored in configdata.pm, found at the top of the build tree (which may
or may not be the same as the source tree).
[`Configurations/common.tmpl`](common.tmpl) uses the data from `%unified_info` to
generate the rules for building end product files as well as
intermediary files with the help of a few functions found in the
build-file templates. See the section on build-file templates further
down for more information.
build.info files
----------------
As mentioned earlier, `build.info` files are meant to hold the minimum
information needed to build output files, and therefore only (with a
few possible exceptions [1]) have information about end products (such
as scripts, library files and programs) and source files (such as C
files, C header files, assembler files, etc). Intermediate files such
as object files are rarely directly referred to in `build.info` files (and
when they are, it's always with the file name extension `.o`), they are
inferred by `Configure`. By the same rule of minimalism, end product
file name extensions (such as `.so`, `.a`, `.exe`, etc) are never mentioned
in `build.info`. Their file name extensions will be inferred by the
build-file templates, adapted for the platform they are meant for (see
sections on `%unified_info` and build-file templates further down).
The variables `PROGRAMS`, `LIBS`, `MODULES` and `SCRIPTS` are used to declare
end products. There are variants for them with `_NO_INST` as suffix
(`PROGRAM_NO_INST` etc) to specify end products that shouldn't get installed.
The variables `SOURCE`, `DEPEND`, `INCLUDE` and `DEFINE` are indexed by a
produced file, and their values are the source used to produce that
particular produced file, extra dependencies, include directories
needed, or C macros to be defined.
All their values in all the `build.info` throughout the source tree are
collected together and form a set of programs, libraries, modules and
scripts to be produced, source files, dependencies, etc etc etc.
Let's have a pretend example, a very limited contraption of OpenSSL,
composed of the program `apps/openssl`, the libraries `libssl` and
`libcrypto`, an module `engines/ossltest` and their sources and
dependencies.
# build.info
LIBS=libcrypto libssl
INCLUDE[libcrypto]=include
INCLUDE[libssl]=include
DEPEND[libssl]=libcrypto
This is the top directory `build.info` file, and it tells us that two
libraries are to be built, the include directory `include/` shall be
used throughout when building anything that will end up in each
library, and that the library `libssl` depend on the library
`libcrypto` to function properly.
# apps/build.info
PROGRAMS=openssl
SOURCE[openssl]=openssl.c
INCLUDE[openssl]=.. ../include
DEPEND[openssl]=../libssl
This is the `build.info` file in `apps/`, one may notice that all file
paths mentioned are relative to the directory the `build.info` file is
located in. This one tells us that there's a program to be built
called `apps/openss` (the file name extension will depend on the
platform and is therefore not mentioned in the `build.info` file). It's
built from one source file, `apps/openssl.c`, and building it requires
the use of `.` and `include/` include directories (both are declared
from the point of view of the `apps/` directory), and that the program
depends on the library `libssl` to function properly.
# crypto/build.info
LIBS=../libcrypto
SOURCE[../libcrypto]=aes.c evp.c cversion.c
DEPEND[cversion.o]=buildinf.h
GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)"
DEPEND[buildinf.h]=../Makefile
DEPEND[../util/mkbuildinf.pl]=../util/Foo.pm
This is the `build.info` file in `crypto/`, and it tells us a little more
about what's needed to produce `libcrypto`. LIBS is used again to
declare that `libcrypto` is to be produced. This declaration is
really unnecessary as it's already mentioned in the top `build.info`
file, but can make the info file easier to understand. This is to
show that duplicate information isn't an issue.
This `build.info` file informs us that `libcrypto` is built from a few
source files, `crypto/aes.c`, `crypto/evp.c` and `crypto/cversion.c`.
It also shows us that building the object file inferred from
`crypto/cversion.c` depends on `crypto/buildinf.h`. Finally, it
also shows the possibility to declare how some files are generated
using some script, in this case a perl script, and how such scripts
can be declared to depend on other files, in this case a perl module.
Two things are worth an extra note:
`DEPEND[cversion.o]` mentions an object file. DEPEND indexes is the
only location where it's valid to mention them
# ssl/build.info
LIBS=../libssl
SOURCE[../libssl]=tls.c
This is the build.info file in `ssl/`, and it tells us that the
library `libssl` is built from the source file `ssl/tls.c`.
# engines/build.info
MODULES=dasync
SOURCE[dasync]=e_dasync.c
DEPEND[dasync]=../libcrypto
INCLUDE[dasync]=../include
MODULES_NO_INST=ossltest
SOURCE[ossltest]=e_ossltest.c
DEPEND[ossltest]=../libcrypto.a
INCLUDE[ossltest]=../include
This is the `build.info` file in `engines/`, telling us that two modules
called `engines/dasync` and `engines/ossltest` shall be built, that
`dasync`'s source is `engines/e_dasync.c` and `ossltest`'s source is
`engines/e_ossltest.c` and that the include directory `include/` may
be used when building anything that will be part of these modules.
Also, both modules depend on the library `libcrypto` to function
properly. `ossltest` is explicitly linked with the static variant of
the library `libcrypto`. Finally, only `dasync` is being installed, as
`ossltest` is only for internal testing.
When `Configure` digests these `build.info` files, the accumulated
information comes down to this:
LIBS=libcrypto libssl
SOURCE[libcrypto]=crypto/aes.c crypto/evp.c crypto/cversion.c
DEPEND[crypto/cversion.o]=crypto/buildinf.h
INCLUDE[libcrypto]=include
SOURCE[libssl]=ssl/tls.c
INCLUDE[libssl]=include
DEPEND[libssl]=libcrypto
PROGRAMS=apps/openssl
SOURCE[apps/openssl]=apps/openssl.c
INCLUDE[apps/openssl]=. include
DEPEND[apps/openssl]=libssl
MODULES=engines/dasync
SOURCE[engines/dasync]=engines/e_dasync.c
DEPEND[engines/dasync]=libcrypto
INCLUDE[engines/dasync]=include
MODULES_NO_INST=engines/ossltest
SOURCE[engines/ossltest]=engines/e_ossltest.c
DEPEND[engines/ossltest]=libcrypto.a
INCLUDE[engines/ossltest]=include
GENERATE[crypto/buildinf.h]=util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)"
DEPEND[crypto/buildinf.h]=Makefile
DEPEND[util/mkbuildinf.pl]=util/Foo.pm
A few notes worth mentioning:
`LIBS` may be used to declare routine libraries only.
`PROGRAMS` may be used to declare programs only.
`MODULES` may be used to declare modules only.
The indexes for `SOURCE` must only be end product files, such as
libraries, programs or modules. The values of `SOURCE` variables must
only be source files (possibly generated).
`INCLUDE` and `DEPEND` shows a relationship between different files
(usually produced files) or between files and directories, such as a
program depending on a library, or between an object file and some
extra source file.
When `Configure` processes the `build.info` files, it will take it as
truth without question, and will therefore perform very few checks.
If the build tree is separate from the source tree, it will assume
that all built files and up in the build directory and that all source
files are to be found in the source tree, if they can be found there.
`Configure` will assume that source files that can't be found in the
source tree (such as `crypto/bildinf.h` in the example above) are
generated and will be found in the build tree.
The `%unified_info` database
----------------------------
The information in all the `build.info` get digested by `Configure` and
collected into the `%unified_info` database, divided into the following
indexes:
depends => a hash table containing 'file' => [ 'dependency' ... ]
pairs. These are directly inferred from the DEPEND
variables in build.info files.
modules => a list of modules. These are directly inferred from
the MODULES variable in build.info files.
generate => a hash table containing 'file' => [ 'generator' ... ]
pairs. These are directly inferred from the GENERATE
variables in build.info files.
includes => a hash table containing 'file' => [ 'include' ... ]
pairs. These are directly inferred from the INCLUDE
variables in build.info files.
install => a hash table containing 'type' => [ 'file' ... ] pairs.
The types are 'programs', 'libraries', 'modules' and
'scripts', and the array of files list the files of
that type that should be installed.
libraries => a list of libraries. These are directly inferred from
the LIBS variable in build.info files.
programs => a list of programs. These are directly inferred from
the PROGRAMS variable in build.info files.
scripts => a list of scripts. There are directly inferred from
the SCRIPTS variable in build.info files.
sources => a hash table containing 'file' => [ 'sourcefile' ... ]
pairs. These are indirectly inferred from the SOURCE
variables in build.info files. Object files are
mentioned in this hash table, with source files from
SOURCE variables, and AS source files for programs and
libraries.
shared_sources =>
a hash table just like 'sources', but only as source
files (object files) for building shared libraries.
As an example, here is how the `build.info` files example from the
section above would be digested into a `%unified_info` table:
our %unified_info = (
"depends" =>
{
"apps/openssl" =>
[
"libssl",
],
"crypto/buildinf.h" =>
[
"Makefile",
],
"crypto/cversion.o" =>
[
"crypto/buildinf.h",
],
"engines/dasync" =>
[
"libcrypto",
],
"engines/ossltest" =>
[
"libcrypto.a",
],
"libssl" =>
[
"libcrypto",
],
"util/mkbuildinf.pl" =>
[
"util/Foo.pm",
],
},
"modules" =>
[
"engines/dasync",
"engines/ossltest",
],
"generate" =>
{
"crypto/buildinf.h" =>
[
"util/mkbuildinf.pl",
"\"\$(CC)",
"\$(CFLAGS)\"",
"\"$(PLATFORM)\"",
],
},
"includes" =>
{
"apps/openssl" =>
[
".",
"include",
],
"engines/ossltest" =>
[
"include"
],
"libcrypto" =>
[
"include",
],
"libssl" =>
[
"include",
],
"util/mkbuildinf.pl" =>
[
"util",
],
}
"install" =>
{
"modules" =>
[
"engines/dasync",
],
"libraries" =>
[
"libcrypto",
"libssl",
],
"programs" =>
[
"apps/openssl",
],
},
"libraries" =>
[
"libcrypto",
"libssl",
],
"programs" =>
[
"apps/openssl",
],
"sources" =>
{
"apps/openssl" =>
[
"apps/openssl.o",
],
"apps/openssl.o" =>
[
"apps/openssl.c",
],
"crypto/aes.o" =>
[
"crypto/aes.c",
],
"crypto/cversion.o" =>
[
"crypto/cversion.c",
],
"crypto/evp.o" =>
[
"crypto/evp.c",
],
"engines/e_dasync.o" =>
[
"engines/e_dasync.c",
],
"engines/dasync" =>
[
"engines/e_dasync.o",
],
"engines/e_ossltest.o" =>
[
"engines/e_ossltest.c",
],
"engines/ossltest" =>
[
"engines/e_ossltest.o",
],
"libcrypto" =>
[
"crypto/aes.c",
"crypto/cversion.c",
"crypto/evp.c",
],
"libssl" =>
[
"ssl/tls.c",
],
"ssl/tls.o" =>
[
"ssl/tls.c",
],
},
);
As can be seen, everything in `%unified_info` is fairly simple suggest
of information. Still, it tells us that to build all programs, we
must build `apps/openssl`, and to build the latter, we will need to
build all its sources (`apps/openssl.o` in this case) and all the
other things it depends on (such as `libssl`). All those dependencies
need to be built as well, using the same logic, so to build `libssl`,
we need to build `ssl/tls.o` as well as `libcrypto`, and to build the
latter...
Build-file templates
--------------------
Build-file templates are essentially build-files (such as `Makefile` on
Unix) with perl code fragments mixed in. Those perl code fragment
will generate all the configuration dependent data, including all the
rules needed to build end product files and intermediary files alike.
At a minimum, there must be a perl code fragment that defines a set of
functions that are used to generates specific build-file rules, to
build static libraries from object files, to build shared libraries
from static libraries, to programs from object files and libraries,
etc.
generatesrc - function that produces build file lines to generate
a source file from some input.
It's called like this:
generatesrc(src => "PATH/TO/tobegenerated",
generator => [ "generatingfile", ... ]
generator_incs => [ "INCL/PATH", ... ]
generator_deps => [ "dep1", ... ]
incs => [ "INCL/PATH", ... ],
deps => [ "dep1", ... ],
intent => one of "libs", "dso", "bin" );
'src' has the name of the file to be generated.
'generator' is the command or part of command to
generate the file, of which the first item is
expected to be the file to generate from.
generatesrc() is expected to analyse and figure out
exactly how to apply that file and how to capture
the result. 'generator_incs' and 'generator_deps'
are include directories and files that the generator
file itself depends on. 'incs' and 'deps' are
include directories and files that are used if $(CC)
is used as an intermediary step when generating the
end product (the file indicated by 'src'). 'intent'
indicates what the generated file is going to be
used for.
src2obj - function that produces build file lines to build an
object file from source files and associated data.
It's called like this:
src2obj(obj => "PATH/TO/objectfile",
srcs => [ "PATH/TO/sourcefile", ... ],
deps => [ "dep1", ... ],
incs => [ "INCL/PATH", ... ]
intent => one of "lib", "dso", "bin" );
'obj' has the intended object file with `.o`
extension, src2obj() is expected to change it to
something more suitable for the platform.
'srcs' has the list of source files to build the
object file, with the first item being the source
file that directly corresponds to the object file.
'deps' is a list of explicit dependencies. 'incs'
is a list of include file directories. Finally,
'intent' indicates what this object file is going
to be used for.
obj2lib - function that produces build file lines to build a
static library file ("libfoo.a" in Unix terms) from
object files.
called like this:
obj2lib(lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ]);
'lib' has the intended library file name *without*
extension, obj2lib is expected to add that. 'objs'
has the list of object files to build this library.
libobj2shlib - backward compatibility function that's used the
same way as obj2shlib (described next), and was
expected to build the shared library from the
corresponding static library when that was suitable.
NOTE: building a shared library from a static
library is now DEPRECATED, as they no longer share
object files. Attempting to do this will fail.
obj2shlib - function that produces build file lines to build a
shareable object library file ("libfoo.so" in Unix
terms) from the corresponding object files.
called like this:
obj2shlib(shlib => "PATH/TO/shlibfile",
lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/otherlibfile", ... ]);
'lib' has the base (static) library file name
*without* extension. This is useful in case
supporting files are needed (such as import
libraries on Windows).
'shlib' has the corresponding shared library name
*without* extension. 'deps' has the list of other
libraries (also *without* extension) this library
needs to be linked with. 'objs' has the list of
object files to build this library.
obj2dso - function that produces build file lines to build a
dynamic shared object file from object files.
called like this:
obj2dso(lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/otherlibfile",
... ]);
This is almost the same as obj2shlib, but the
intent is to build a shareable library that can be
loaded in runtime (a "plugin"...).
obj2bin - function that produces build file lines to build an
executable file from object files.
called like this:
obj2bin(bin => "PATH/TO/binfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/libfile", ... ]);
'bin' has the intended executable file name
*without* extension, obj2bin is expected to add
that. 'objs' has the list of object files to build
this library. 'deps' has the list of library files
(also *without* extension) that the programs needs
to be linked with.
in2script - function that produces build file lines to build a
script file from some input.
called like this:
in2script(script => "PATH/TO/scriptfile",
sources => [ "PATH/TO/infile", ... ]);
'script' has the intended script file name.
'sources' has the list of source files to build the
resulting script from.
Along with the build-file templates is the driving template
[`Configurations/common.tmpl`](common.tmpl), which looks through all the
information in `%unified_info` and generates all the rulesets to build libraries,
programs and all intermediate files, using the rule generating
functions defined in the build-file template.
As an example with the smaller `build.info` set we've seen as an
example, producing the rules to build `libcrypto` would result in the
following calls:
# Note: obj2shlib will only be called if shared libraries are
# to be produced.
# Note 2: obj2shlib must convert the '.o' extension to whatever
# is suitable on the local platform.
obj2shlib(shlib => "libcrypto",
objs => [ "crypto/aes.o", "crypto/evp.o", "crypto/cversion.o" ],
deps => [ ]);
obj2lib(lib => "libcrypto"
objs => [ "crypto/aes.o", "crypto/evp.o", "crypto/cversion.o" ]);
src2obj(obj => "crypto/aes.o"
srcs => [ "crypto/aes.c" ],
deps => [ ],
incs => [ "include" ],
intent => "lib");
src2obj(obj => "crypto/evp.o"
srcs => [ "crypto/evp.c" ],
deps => [ ],
incs => [ "include" ],
intent => "lib");
src2obj(obj => "crypto/cversion.o"
srcs => [ "crypto/cversion.c" ],
deps => [ "crypto/buildinf.h" ],
incs => [ "include" ],
intent => "lib");
generatesrc(src => "crypto/buildinf.h",
generator => [ "util/mkbuildinf.pl", "\"$(CC)",
"$(CFLAGS)\"", "\"$(PLATFORM)\"" ],
generator_incs => [ "util" ],
generator_deps => [ "util/Foo.pm" ],
incs => [ ],
deps => [ ],
intent => "lib");
The returned strings from all those calls are then concatenated
together and written to the resulting build-file.

674
Configurations/README.md
View File

@@ -1,674 +0,0 @@
Intro
=====
This directory contains a few sets of files that are used for
configuration in diverse ways:
*.conf Target platform configurations, please read
'Configurations of OpenSSL target platforms' for more
information.
*.tmpl Build file templates, please read 'Build-file
programming with the "unified" build system' as well
as 'Build info files' for more information.
*.pm Helper scripts / modules for the main `Configure`
script. See 'Configure helper scripts for more
information.
Configurations of OpenSSL target platforms
==========================================
Configuration targets are a collection of facts that we know about
different platforms and their capabilities. We organise them in a
hash table, where each entry represent a specific target.
Note that configuration target names must be unique across all config
files. The Configure script does check that a config file doesn't
have config targets that shadow config targets from other files.
In each table entry, the following keys are significant:
inherit_from => Other targets to inherit values from.
Explained further below. [1]
template => Set to 1 if this isn't really a platform
target. Instead, this target is a template
upon which other targets can be built.
Explained further below. [1]
sys_id => System identity for systems where that
is difficult to determine automatically.
enable => Enable specific configuration features.
This MUST be an array of words.
disable => Disable specific configuration features.
This MUST be an array of words.
Note: if the same feature is both enabled
and disabled, disable wins.
as => The assembler command. This is not always
used (for example on Unix, where the C
compiler is used instead).
asflags => Default assembler command flags [4].
cpp => The C preprocessor command, normally not
given, as the build file defaults are
usually good enough.
cppflags => Default C preprocessor flags [4].
defines => As an alternative, macro definitions may be
given here instead of in 'cppflags' [4].
If given here, they MUST be as an array of
the string such as "MACRO=value", or just
"MACRO" for definitions without value.
includes => As an alternative, inclusion directories
may be given here instead of in 'cppflags'
[4]. If given here, the MUST be an array
of strings, one directory specification
each.
cc => The C compiler command, usually one of "cc",
"gcc" or "clang". This command is normally
also used to link object files and
libraries into the final program.
cxx => The C++ compiler command, usually one of
"c++", "g++" or "clang++". This command is
also used when linking a program where at
least one of the object file is made from
C++ source.
cflags => Defaults C compiler flags [4].
cxxflags => Default C++ compiler flags [4]. If unset,
it gets the same value as cflags.
(linking is a complex thing, see [3] below)
ld => Linker command, usually not defined
(meaning the compiler command is used
instead).
(NOTE: this is here for future use, it's
not implemented yet)
lflags => Default flags used when linking apps,
shared libraries or DSOs [4].
ex_libs => Extra libraries that are needed when
linking shared libraries, DSOs or programs.
The value is also assigned to Libs.private
in $(libdir)/pkgconfig/libcrypto.pc.
shared_cppflags => Extra C preprocessor flags used when
processing C files for shared libraries.
shared_cflag => Extra C compiler flags used when compiling
for shared libraries, typically something
like "-fPIC".
shared_ldflag => Extra linking flags used when linking
shared libraries.
module_cppflags
module_cflags
module_ldflags => Has the same function as the corresponding
'shared_' attributes, but for building DSOs.
When unset, they get the same values as the
corresponding 'shared_' attributes.
ar => The library archive command, the default is
"ar".
(NOTE: this is here for future use, it's
not implemented yet)
arflags => Flags to be used with the library archive
command. On Unix, this includes the
command letter, 'r' by default.
ranlib => The library archive indexing command, the
default is 'ranlib' it it exists.
unistd => An alternative header to the typical
'<unistd.h>'. This is very rarely needed.
shared_extension => File name extension used for shared
libraries.
obj_extension => File name extension used for object files.
On unix, this defaults to ".o" (NOTE: this
is here for future use, it's not
implemented yet)
exe_extension => File name extension used for executable
files. On unix, this defaults to "" (NOTE:
this is here for future use, it's not
implemented yet)
shlib_variant => A "variant" identifier inserted between the base
shared library name and the extension. On "unixy"
platforms (BSD, Linux, Solaris, MacOS/X, ...) this
supports installation of custom OpenSSL libraries
that don't conflict with other builds of OpenSSL
installed on the system. The variant identifier
becomes part of the SONAME of the library and also
any symbol versions (symbol versions are not used or
needed with MacOS/X). For example, on a system
where a default build would normally create the SSL
shared library as 'libssl.so -> libssl.so.1.1' with
the value of the symlink as the SONAME, a target
definition that sets 'shlib_variant => "-abc"' will
create 'libssl.so -> libssl-abc.so.1.1', again with
an SONAME equal to the value of the symlink. The
symbol versions associated with the variant library
would then be 'OPENSSL_ABC_<version>' rather than
the default 'OPENSSL_<version>'. The string inserted
into symbol versions is obtained by mapping all
letters in the "variant" identifier to uppercase
and all non-alphanumeric characters to '_'.
thread_scheme => The type of threads is used on the
configured platform. Currently known
values are "(unknown)", "pthreads",
"uithreads" (a.k.a solaris threads) and
"winthreads". Except for "(unknown)", the
actual value is currently ignored but may
be used in the future. See further notes
below [2].
dso_scheme => The type of dynamic shared objects to build
for. This mostly comes into play with
modules, but can be used for other purposes
as well. Valid values are "DLFCN"
(dlopen() et al), "DLFCN_NO_H" (for systems
that use dlopen() et al but do not have
fcntl.h), "DL" (shl_load() et al), "WIN32"
and "VMS".
asm_arch => The architecture to be used for compiling assembly
source. This acts as a selector in build.info files.
uplink_arch => The architecture to be used for compiling uplink
source. This acts as a selector in build.info files.
This is separate from asm_arch because it's compiled
even when 'no-asm' is given, even though it contains
assembler source.
perlasm_scheme => The perlasm method used to create the
assembler files used when compiling with
assembler implementations.
shared_target => The shared library building method used.
This serves multiple purposes:
- as index for targets found in shared_info.pl.
- as linker script generation selector.
To serve both purposes, the index for shared_info.pl
should end with '-shared', and this suffix will be
removed for use as a linker script generation
selector. Note that the latter is only used if
'shared_defflag' is defined.
build_scheme => The scheme used to build up a Makefile.
In its simplest form, the value is a string
with the name of the build scheme.
The value may also take the form of a list
of strings, if the build_scheme is to have
some options. In this case, the first
string in the list is the name of the build
scheme.
Currently recognised build scheme is "unified".
For the "unified" build scheme, this item
*must* be an array with the first being the
word "unified" and the second being a word
to identify the platform family.
multilib => On systems that support having multiple
implementations of a library (typically a
32-bit and a 64-bit variant), this is used
to have the different variants in different
directories.
multibin => On systems that support having multiple
implementations of a library and binaries
(typically a 32-bit and a 64-bit variant),
this is used to have the different variants
in different binary directories. This setting
works in conjunction with multilib.
bn_ops => Building options (was just bignum options in
the earlier history of this option, hence the
name). This is a string of words that describe
algorithms' implementation parameters that
are optimal for the designated target platform,
such as the type of integers used to build up
the bignum, different ways to implement certain
ciphers and so on. To fully comprehend the
meaning, the best is to read the affected
source.
The valid words are:
THIRTY_TWO_BIT bignum limbs are 32 bits,
this is default if no
option is specified, it
works on any supported
system [unless "wider"
limb size is implied in
assembly code];
BN_LLONG bignum limbs are 32 bits,
but 64-bit 'unsigned long
long' is used internally
in calculations;
SIXTY_FOUR_BIT_LONG bignum limbs are 64 bits
and sizeof(long) is 8;
SIXTY_FOUR_BIT bignums limbs are 64 bits,
but execution environment
is ILP32;
RC4_CHAR RC4 key schedule is made
up of 'unsigned char's;
Note: should not be used
for new configuration
targets
RC4_INT RC4 key schedule is made
up of 'unsigned int's;
Note: should not be used
for new configuration
targets
[1] as part of the target configuration, one can have a key called
`inherit_from` that indicates what other configurations to inherit
data from. These are resolved recursively.
Inheritance works as a set of default values that can be overridden
by corresponding key values in the inheriting configuration.
Note 1: any configuration table can be used as a template.
Note 2: pure templates have the attribute `template => 1` and
cannot be used as build targets.
If several configurations are given in the `inherit_from` array,
the values of same attribute are concatenated with space
separation. With this, it's possible to have several smaller
templates for different configuration aspects that can be combined
into a complete configuration.
Instead of a scalar value or an array, a value can be a code block
of the form `sub { /* your code here */ }`. This code block will
be called with the list of inherited values for that key as
arguments. In fact, the concatenation of strings is really done
by using `sub { join(" ",@_) }` on the list of inherited values.
An example:
"foo" => {
template => 1,
haha => "ha ha",
hoho => "ho",
ignored => "This should not appear in the end result",
},
"bar" => {
template => 1,
haha => "ah",
hoho => "haho",
hehe => "hehe"
},
"laughter" => {
inherit_from => [ "foo", "bar" ],
hehe => sub { join(" ",(@_,"!!!")) },
ignored => "",
}
The entry for "laughter" will become as follows after processing:
"laughter" => {
haha => "ha ha ah",
hoho => "ho haho",
hehe => "hehe !!!",
ignored => ""
}
[2] OpenSSL is built with threading capabilities unless the user
specifies `no-threads`. The value of the key `thread_scheme` may
be `(unknown)`, in which case the user MUST give some compilation
flags to `Configure`.
[3] OpenSSL has three types of things to link from object files or
static libraries:
- shared libraries; that would be libcrypto and libssl.
- shared objects (sometimes called dynamic libraries); that would
be the modules.
- applications; those are apps/openssl and all the test apps.
Very roughly speaking, linking is done like this (words in braces
represent the configuration settings documented at the beginning
of this file):
shared libraries:
{ld} $(CFLAGS) {lflags} {shared_ldflag} -o libfoo.so \
foo/something.o foo/somethingelse.o {ex_libs}
shared objects:
{ld} $(CFLAGS) {lflags} {module_ldflags} -o libeng.so \
blah1.o blah2.o -lcrypto {ex_libs}
applications:
{ld} $(CFLAGS) {lflags} -o app \
app1.o utils.o -lssl -lcrypto {ex_libs}
[4] There are variants of these attribute, prefixed with `lib_`,
`dso_` or `bin_`. Those variants replace the unprefixed attribute
when building library, DSO or program modules specifically.
Historically, the target configurations came in form of a string with
values separated by colons. This use is deprecated. The string form
looked like this:
"target" => "{cc}:{cflags}:{unistd}:{thread_cflag}:{sys_id}:{lflags}:
{bn_ops}:{cpuid_obj}:{bn_obj}:{ec_obj}:{des_obj}:{aes_obj}:
{bf_obj}:{md5_obj}:{sha1_obj}:{cast_obj}:{rc4_obj}:
{rmd160_obj}:{rc5_obj}:{wp_obj}:{cmll_obj}:{modes_obj}:
{padlock_obj}:{perlasm_scheme}:{dso_scheme}:{shared_target}:
{shared_cflag}:{shared_ldflag}:{shared_extension}:{ranlib}:
{arflags}:{multilib}"
Build info files
================
The `build.info` files that are spread over the source tree contain the
minimum information needed to build and distribute OpenSSL. It uses a
simple and yet fairly powerful language to determine what needs to be
built, from what sources, and other relationships between files.
For every `build.info` file, all file references are relative to the
directory of the `build.info` file for source files, and the
corresponding build directory for built files if the build tree
differs from the source tree.
When processed, every line is processed with the perl module
Text::Template, using the delimiters `{-` and `-}`. The hashes
`%config` and `%target` are passed to the perl fragments, along with
$sourcedir and $builddir, which are the locations of the source
directory for the current `build.info` file and the corresponding build
directory, all relative to the top of the build tree.
`Configure` only knows inherently about the top `build.info` file. For
any other directory that has one, further directories to look into
must be indicated like this:
SUBDIRS=something someelse
On to things to be built; they are declared by setting specific
variables:
PROGRAMS=foo bar
LIBS=libsomething
MODULES=libeng
SCRIPTS=myhack
Note that the files mentioned for PROGRAMS, LIBS and MODULES *must* be
without extensions. The build file templates will figure them out.
For each thing to be built, it is then possible to say what sources
they are built from:
PROGRAMS=foo bar
SOURCE[foo]=foo.c common.c
SOURCE[bar]=bar.c extra.c common.c
It's also possible to tell some other dependencies:
DEPEND[foo]=libsomething
DEPEND[libbar]=libsomethingelse
(it could be argued that 'libsomething' and 'libsomethingelse' are
source as well. However, the files given through SOURCE are expected
to be located in the source tree while files given through DEPEND are
expected to be located in the build tree)
It's also possible to depend on static libraries explicitly:
DEPEND[foo]=libsomething.a
DEPEND[libbar]=libsomethingelse.a
This should be rarely used, and care should be taken to make sure it's
only used when supported. For example, native Windows build doesn't
support building static libraries and DLLs at the same time, so using
static libraries on Windows can only be done when configured
`no-shared`.
In some cases, it's desirable to include some source files in the
shared form of a library only:
SHARED_SOURCE[libfoo]=dllmain.c
For any file to be built, it's also possible to tell what extra
include paths the build of their source files should use:
INCLUDE[foo]=include
It's also possible to specify C macros that should be defined:
DEFINE[foo]=FOO BAR=1
In some cases, one might want to generate some source files from
others, that's done as follows:
GENERATE[foo.s]=asm/something.pl $(CFLAGS)
GENERATE[bar.s]=asm/bar.S
The value of each GENERATE line is a command line or part of it.
Configure places no rules on the command line, except that the first
item must be the generator file. It is, however, entirely up to the
build file template to define exactly how those command lines should
be handled, how the output is captured and so on.
Sometimes, the generator file itself depends on other files, for
example if it is a perl script that depends on other perl modules.
This can be expressed using DEPEND like this:
DEPEND[asm/something.pl]=../perlasm/Foo.pm
There may also be cases where the exact file isn't easily specified,
but an inclusion directory still needs to be specified. INCLUDE can
be used in that case:
INCLUDE[asm/something.pl]=../perlasm
NOTE: GENERATE lines are limited to one command only per GENERATE.
Finally, you can have some simple conditional use of the `build.info`
information, looking like this:
IF[1]
something
ELSIF[2]
something other
ELSE
something else
ENDIF
The expression in square brackets is interpreted as a string in perl,
and will be seen as true if perl thinks it is, otherwise false. For
example, the above would have "something" used, since 1 is true.
Together with the use of Text::Template, this can be used as
conditions based on something in the passed variables, for example:
IF[{- $disabled{shared} -}]
LIBS=libcrypto
SOURCE[libcrypto]=...
ELSE
LIBS=libfoo
SOURCE[libfoo]=...
ENDIF
Build-file programming with the "unified" build system
======================================================
"Build files" are called `Makefile` on Unix-like operating systems,
`descrip.mms` for MMS on VMS, `makefile` for `nmake` on Windows, etc.
To use the "unified" build system, the target configuration needs to
set the three items `build_scheme`, `build_file` and `build_command`.
In the rest of this section, we will assume that `build_scheme` is set
to "unified" (see the configurations documentation above for the
details).
For any name given by `build_file`, the "unified" system expects a
template file in `Configurations/` named like the build file, with
`.tmpl` appended, or in case of possible ambiguity, a combination of
the second `build_scheme` list item and the `build_file` name. For
example, if `build_file` is set to `Makefile`, the template could be
`Configurations/Makefile.tmpl` or `Configurations/unix-Makefile.tmpl`.
In case both `Configurations/unix-Makefile.tmpl` and
`Configurations/Makefile.tmpl` are present, the former takes precedence.
The build-file template is processed with the perl module
Text::Template, using `{-` and `-}` as delimiters that enclose the
perl code fragments that generate configuration-dependent content.
Those perl fragments have access to all the hash variables from
configdata.pem.
The build-file template is expected to define at least the following
perl functions in a perl code fragment enclosed with `{-` and `-}`.
They are all expected to return a string with the lines they produce.
generatesrc - function that produces build file lines to generate
a source file from some input.
It's called like this:
generatesrc(src => "PATH/TO/tobegenerated",
generator => [ "generatingfile", ... ]
generator_incs => [ "INCL/PATH", ... ]
generator_deps => [ "dep1", ... ]
generator => [ "generatingfile", ... ]
incs => [ "INCL/PATH", ... ],
deps => [ "dep1", ... ],
intent => one of "libs", "dso", "bin" );
'src' has the name of the file to be generated.
'generator' is the command or part of command to
generate the file, of which the first item is
expected to be the file to generate from.
generatesrc() is expected to analyse and figure out
exactly how to apply that file and how to capture
the result. 'generator_incs' and 'generator_deps'
are include directories and files that the generator
file itself depends on. 'incs' and 'deps' are
include directories and files that are used if $(CC)
is used as an intermediary step when generating the
end product (the file indicated by 'src'). 'intent'
indicates what the generated file is going to be
used for.
src2obj - function that produces build file lines to build an
object file from source files and associated data.
It's called like this:
src2obj(obj => "PATH/TO/objectfile",
srcs => [ "PATH/TO/sourcefile", ... ],
deps => [ "dep1", ... ],
incs => [ "INCL/PATH", ... ]
intent => one of "lib", "dso", "bin" );
'obj' has the intended object file with '.o'
extension, src2obj() is expected to change it to
something more suitable for the platform.
'srcs' has the list of source files to build the
object file, with the first item being the source
file that directly corresponds to the object file.
'deps' is a list of explicit dependencies. 'incs'
is a list of include file directories. Finally,
'intent' indicates what this object file is going
to be used for.
obj2lib - function that produces build file lines to build a
static library file ("libfoo.a" in Unix terms) from
object files.
called like this:
obj2lib(lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ]);
'lib' has the intended library filename *without*
extension, obj2lib is expected to add that. 'objs'
has the list of object files to build this library.
libobj2shlib - backward compatibility function that's used the
same way as obj2shlib (described next), and was
expected to build the shared library from the
corresponding static library when that was suitable.
NOTE: building a shared library from a static
library is now DEPRECATED, as they no longer share
object files. Attempting to do this will fail.
obj2shlib - function that produces build file lines to build a
shareable object library file ("libfoo.so" in Unix
terms) from the corresponding object files.
called like this:
obj2shlib(shlib => "PATH/TO/shlibfile",
lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/otherlibfile", ... ]);
'lib' has the base (static) library filename
*without* extension. This is useful in case
supporting files are needed (such as import
libraries on Windows).
'shlib' has the corresponding shared library name
*without* extension. 'deps' has the list of other
libraries (also *without* extension) this library
needs to be linked with. 'objs' has the list of
object files to build this library.
obj2dso - function that produces build file lines to build a
dynamic shared object file from object files.
called like this:
obj2dso(lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/otherlibfile",
... ]);
This is almost the same as obj2shlib, but the
intent is to build a shareable library that can be
loaded in runtime (a "plugin"...).
obj2bin - function that produces build file lines to build an
executable file from object files.
called like this:
obj2bin(bin => "PATH/TO/binfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/libfile", ... ]);
'bin' has the intended executable filename
*without* extension, obj2bin is expected to add
that. 'objs' has the list of object files to build
this library. 'deps' has the list of library files
(also *without* extension) that the programs needs
to be linked with.
in2script - function that produces build file lines to build a
script file from some input.
called like this:
in2script(script => "PATH/TO/scriptfile",
sources => [ "PATH/TO/infile", ... ]);
'script' has the intended script filename.
'sources' has the list of source files to build the
resulting script from.
In all cases, file file paths are relative to the build tree top, and
the build file actions run with the build tree top as current working
directory.
Make sure to end the section with these functions with a string that
you thing is appropriate for the resulting build file. If nothing
else, end it like this:
""; # Make sure no lingering values end up in the Makefile
-}
Configure helper scripts
========================
Configure uses helper scripts in this directory:
Checker scripts
---------------
These scripts are per platform family, to check the integrity of the
tools used for configuration and building. The checker script used is
either `{build_platform}-{build_file}-checker.pm` or
`{build_platform}-checker.pm`, where `{build_platform}` is the second
`build_scheme` list element from the configuration target data, and
`{build_file}` is `build_file` from the same target data.
If the check succeeds, the script is expected to end with a non-zero
expression. If the check fails, the script can end with a zero, or
with a `die`.

31
Configurations/common0.tmpl
View File

@@ -1,31 +0,0 @@
{- # -*- Mode: perl -*-
# Commonly used list of generated files
# The reason for the complexity is that the build.info files provide
# GENERATE rules for *all* platforms without discrimination, while the
# build files only want those for a particular build. Therefore, we
# need to extrapolate exactly what we need to generate. The way to do
# that is to extract all possible source files from diverse tables and
# filter out all that are not generated
my %generatables =
map { $_ => 1 }
( # The sources of stuff may be generated
( map { @{$unified_info{sources}->{$_}} }
keys %{$unified_info{sources}} ),
$disabled{shared}
? ()
: ( map { @{$unified_info{shared_sources}->{$_}} }
keys %{$unified_info{shared_sources}} ),
# Things we explicitly depend on are usually generated
( map { $_ eq "" ? () : @{$unified_info{depends}->{$_}} }
keys %{$unified_info{depends}} ));
our @generated =
sort ( ( grep { defined $unified_info{generate}->{$_} }
sort keys %generatables ),
# Scripts are assumed to be generated, so add them too
( grep { defined $unified_info{sources}->{$_} }
@{$unified_info{scripts}} ) );
# Avoid strange output
"";
-}

1496
Configurations/descrip.mms.tmpl
View File

File diff suppressed because it is too large Load Diff

556
Configurations/gentemplate.pm
View File

@@ -1,556 +0,0 @@
package gentemplate;
use strict;
use warnings;
use Carp;
use Exporter;
use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
@ISA = qw(Exporter);
@EXPORT = qw(gentemplate);
use File::Basename;
sub gentemplate {
my %opts = @_;
my $generator = OpenSSL::GenTemplate->new(%opts);
# Build mandatory header file generators
foreach (@{$generator->{info}->{depends}->{""}}) { $generator->dogenerate($_); }
# Build all known targets, libraries, modules, programs and scripts.
# Everything else will be handled as a consequence.
foreach (@{$generator->{info}->{targets}}) { $generator->dotarget($_); }
foreach (@{$generator->{info}->{libraries}}) { $generator->dolib($_); }
foreach (@{$generator->{info}->{modules}}) { $generator->domodule($_); }
foreach (@{$generator->{info}->{programs}}) { $generator->dobin($_); }
foreach (@{$generator->{info}->{scripts}}) { $generator->doscript($_); }
foreach (sort keys %{$generator->{info}->{htmldocs}}) { $generator->dodocs('html', $_); }
foreach (sort keys %{$generator->{info}->{mandocs}}) { $generator->dodocs('man', $_); }
foreach (sort keys %{$generator->{info}->{dirinfo}}) { $generator->dodir($_); }
}
package OpenSSL::GenTemplate;
use OpenSSL::Util;
sub new {
my $class = shift;
my %opts = @_;
my $data = {
output => $opts{output},
config => $opts{config} // {},
disabled => $opts{disabled} // {},
info => $opts{unified_info} // {},
};
return bless $data, $class;
};
sub emit {
my $self = shift;
my $name = shift;
my %opts = @_;
my $fh = $self->{output};
die "No name?" unless $name;
print $fh "{-\n ", $name, '(', dump_data(\%opts), ');', " \n-}"
unless defined $opts{attrs}->{skip};
}
my $debug_resolvedepends = $ENV{BUILDFILE_DEBUG_DEPENDS};
my $debug_rules = $ENV{BUILDFILE_DEBUG_RULES};
# A cache of objects for which a recipe has already been generated
our %cache;
# collectdepends, expanddepends and reducedepends work together to make
# sure there are no duplicate or weak dependencies and that they are in
# the right order. This is used to sort the list of libraries that a
# build depends on.
sub extensionlesslib {
my @result = map { $_ =~ /(\.a)?$/; $` } @_;
return @result if wantarray;
return $result[0];
}
# collectdepends dives into the tree of dependencies and returns
# a list of all the non-weak ones.
sub collectdepends {
my $self = shift;
return () unless @_;
my $thing = shift;
my $extensionlessthing = extensionlesslib($thing);
my @listsofar = @_; # to check if we're looping
my @list = @{ $self->{info}->{depends}->{$thing} //
$self->{info}->{depends}->{$extensionlessthing}
// [] };
my @newlist = ();
print STDERR "DEBUG[collectdepends] $thing > ", join(' ', @listsofar), "\n"
if $debug_resolvedepends;
foreach my $item (@list) {
my $extensionlessitem = extensionlesslib($item);
# It's time to break off when the dependency list starts looping
next if grep { extensionlesslib($_) eq $extensionlessitem } @listsofar;
# Don't add anything here if the dependency is weak
next if defined $self->{info}->{attributes}->{depends}->{$thing}->{$item}->{'weak'};
my @resolved = $self->collectdepends($item, @listsofar, $item);
push @newlist, $item, @resolved;
}
print STDERR "DEBUG[collectdepends] $thing < ", join(' ', @newlist), "\n"
if $debug_resolvedepends;
@newlist;
}
# expanddepends goes through a list of stuff, checks if they have any
# dependencies, and adds them at the end of the current position if
# they aren't already present later on.
sub expanddepends {
my $self = shift;
my @after = ( @_ );
print STDERR "DEBUG[expanddepends]> ", join(' ', @after), "\n"
if $debug_resolvedepends;
my @before = ();
while (@after) {
my $item = shift @after;
print STDERR "DEBUG[expanddepends]\\ ", join(' ', @before), "\n"
if $debug_resolvedepends;
print STDERR "DEBUG[expanddepends] - ", $item, "\n"
if $debug_resolvedepends;
my @middle = (
$item,
map {
my $x = $_;
my $extlessx = extensionlesslib($x);
if (grep { $extlessx eq extensionlesslib($_) } @before
and
!grep { $extlessx eq extensionlesslib($_) } @after) {
print STDERR "DEBUG[expanddepends] + ", $x, "\n"
if $debug_resolvedepends;
( $x )
} else {
print STDERR "DEBUG[expanddepends] ! ", $x, "\n"
if $debug_resolvedepends;
()
}
} @{$self->{info}->{depends}->{$item} // []}
);
print STDERR "DEBUG[expanddepends] = ", join(' ', @middle), "\n"
if $debug_resolvedepends;
print STDERR "DEBUG[expanddepends]/ ", join(' ', @after), "\n"
if $debug_resolvedepends;
push @before, @middle;
}
print STDERR "DEBUG[expanddepends]< ", join(' ', @before), "\n"
if $debug_resolvedepends;
@before;
}
# reducedepends looks through a list, and checks if each item is
# repeated later on. If it is, the earlier copy is dropped.
sub reducedepends {
my @list = @_;
print STDERR "DEBUG[reducedepends]> ", join(' ', @list), "\n"
if $debug_resolvedepends;
my @newlist = ();
my %replace = ();
while (@list) {
my $item = shift @list;
my $extensionlessitem = extensionlesslib($item);
if (grep { $extensionlessitem eq extensionlesslib($_) } @list) {
if ($item ne $extensionlessitem) {
# If this instance of the library is explicitly static, we
# prefer that to any shared library name, since it must have
# been done on purpose.
$replace{$extensionlessitem} = $item;
}
} else {
push @newlist, $item;
}
}
@newlist = map { $replace{$_} // $_; } @newlist;
print STDERR "DEBUG[reducedepends]< ", join(' ', @newlist), "\n"
if $debug_resolvedepends;
@newlist;
}
# Do it all
# This takes multiple inputs and combine them into a single list of
# interdependent things. The returned value will include all the input.
# Callers are responsible for taking away the things they are building.
sub resolvedepends {
my $self = shift;
print STDERR "DEBUG[resolvedepends] START (", join(', ', @_), ")\n"
if $debug_resolvedepends;
my @all =
reducedepends($self->expanddepends(map { ( $_, $self->collectdepends($_) ) } @_));
print STDERR "DEBUG[resolvedepends] END (", join(', ', @_), ") : ",
join(',', map { "\n $_" } @all), "\n"
if $debug_resolvedepends;
@all;
}
# dogenerate is responsible for producing all the recipes that build
# generated source files. It recurses in case a dependency is also a
# generated source file.
sub dogenerate {
my $self = shift;
my $src = shift;
# Safety measure
return "" unless defined $self->{info}->{generate}->{$src};
return "" if $cache{$src};
my $obj = shift;
my $bin = shift;
my %opts = @_;
if ($self->{info}->{generate}->{$src}) {
die "$src is generated by Configure, should not appear in build file\n"
if ref $self->{info}->{generate}->{$src} eq "";
my $script = $self->{info}->{generate}->{$src}->[0];
my %attrs = %{$self->{info}->{attributes}->{generate}->{$src} // {}};
$self->emit('generatesrc',
src => $src,
product => $bin,
generator => $self->{info}->{generate}->{$src},
generator_incs => $self->{info}->{includes}->{$script} // [],
generator_deps => $self->{info}->{depends}->{$script} // [],
deps => $self->{info}->{depends}->{$src} // [],
incs => [ defined $obj ? @{$self->{info}->{includes}->{$obj} // []} : (),
defined $bin ? @{$self->{info}->{includes}->{$bin} // []} : () ],
defs => [ defined $obj ? @{$self->{info}->{defines}->{$obj} // []} : (),
defined $bin ? @{$self->{info}->{defines}->{$bin} // []} : () ],
attrs => { %attrs },
%opts);
foreach (@{$self->{info}->{depends}->{$src} // []}) {
$self->dogenerate($_, $obj, $bin, %opts);
}
# The generator itself may be is generated
if ($self->{info}->{generate}->{$script}) {
$self->dogenerate($script, $obj, $bin, %opts);
}
}
$cache{$src} = 1;
}
sub dotarget {
my $self = shift;
my $target = shift;
return "" if $cache{$target};
$self->emit('generatetarget',
target => $target,
deps => $self->{info}->{depends}->{$target} // []);
foreach (@{$self->{info}->{depends}->{$target} // []}) {
$self->dogenerate($_);
}
$cache{$target} = 1;
}
# doobj is responsible for producing all the recipes that build
# object files as well as dependency files.
sub doobj {
my $self = shift;
my $obj = shift;
return "" if $cache{$obj};
my $bin = shift;
my %opts = @_;
if (@{$self->{info}->{sources}->{$obj} // []}) {
my @srcs = @{$self->{info}->{sources}->{$obj}};
my @deps = @{$self->{info}->{depends}->{$obj} // []};
my @incs = ( @{$self->{info}->{includes}->{$obj} // []},
@{$self->{info}->{includes}->{$bin} // []} );
my @defs = ( @{$self->{info}->{defines}->{$obj} // []},
@{$self->{info}->{defines}->{$bin} // []} );
print STDERR "DEBUG[doobj] \@srcs for $obj ($bin) : ",
join(",", map { "\n $_" } @srcs), "\n"
if $debug_rules;
print STDERR "DEBUG[doobj] \@deps for $obj ($bin) : ",
join(",", map { "\n $_" } @deps), "\n"
if $debug_rules;
print STDERR "DEBUG[doobj] \@incs for $obj ($bin) : ",
join(",", map { "\n $_" } @incs), "\n"
if $debug_rules;
print STDERR "DEBUG[doobj] \@defs for $obj ($bin) : ",
join(",", map { "\n $_" } @defs), "\n"
if $debug_rules;
print STDERR "DEBUG[doobj] \%opts for $obj ($bin) : ", ,
join(",", map { "\n $_ = $opts{$_}" } sort keys %opts), "\n"
if $debug_rules;
$self->emit('src2obj',
obj => $obj, product => $bin,
srcs => [ @srcs ], deps => [ @deps ],
incs => [ @incs ], defs => [ @defs ],
%opts);
foreach ((@{$self->{info}->{sources}->{$obj}},
@{$self->{info}->{depends}->{$obj} // []})) {
$self->dogenerate($_, $obj, $bin, %opts);
}
}
$cache{$obj} = 1;
}
# Helper functions to grab all applicable intermediary files.
# This is particularly useful when a library is given as source
# rather than a dependency. In that case, we consider it to be a
# container with object file references, or possibly references
# to further libraries to pilfer in the same way.
sub getsrclibs {
my $self = shift;
my $section = shift;
# For all input, see if it sources static libraries. If it does,
# return them together with the result of a recursive call.
map { ( $_, getsrclibs($section, $_) ) }
grep { $_ =~ m|\.a$| }
map { @{$self->{info}->{$section}->{$_} // []} }
@_;
}
sub getlibobjs {
my $self = shift;
my $section = shift;
# For all input, see if it's an intermediary file (library or object).
# If it is, collect the result of a recursive call, or if that returns
# an empty list, the element itself. Return the result.
map {
my @x = $self->getlibobjs($section, @{$self->{info}->{$section}->{$_}});
@x ? @x : ( $_ );
}
grep { defined $self->{info}->{$section}->{$_} }
@_;
}
# dolib is responsible for building libraries. It will call
# obj2shlib if shared libraries are produced, and obj2lib in all
# cases. It also makes sure all object files for the library are
# built.
sub dolib {
my $self = shift;
my $lib = shift;
return "" if $cache{$lib};
my %attrs = %{$self->{info}->{attributes}->{libraries}->{$lib} // {}};
my @deps = ( $self->resolvedepends(getsrclibs('sources', $lib)) );
# We support two types of objs, those who are specific to this library
# (they end up in @objs) and those that we get indirectly, via other
# libraries (they end up in @foreign_objs). We get the latter any time
# someone has done something like this in build.info:
# SOURCE[libfoo.a]=libbar.a
# The indirect object files must be kept in a separate array so they
# don't get rebuilt unnecessarily (and with incorrect auxiliary
# information).
#
# Object files can't be collected commonly for shared and static
# libraries, because we contain their respective object files in
# {shared_sources} and {sources}, and because the implications are
# slightly different for each library form.
#
# We grab all these "foreign" object files recursively with getlibobjs().
unless ($self->{disabled}->{shared} || $lib =~ /\.a$/) {
# If this library sources other static libraries and those
# libraries are marked {noinst}, there's no need to include
# all of their object files. Instead, we treat those static
# libraries as dependents alongside any other library this
# one depends on, and let symbol resolution do its job.
my @sourced_libs = ();
my @objs = ();
my @foreign_objs = ();
my @deps = ();
foreach (@{$self->{info}->{shared_sources}->{$lib} // []}) {
if ($_ !~ m|\.a$|) {
push @objs, $_;
} elsif ($self->{info}->{attributes}->{libraries}->{$_}->{noinst}) {
push @deps, $_;
} else {
push @deps, $self->getsrclibs('sources', $_);
push @foreign_objs, $self->getlibobjs('sources', $_);
}
}
@deps = ( grep { $_ ne $lib } $self->resolvedepends($lib, @deps) );
print STDERR "DEBUG[dolib:shlib] \%attrs for $lib : ", ,
join(",", map { "\n $_ = $attrs{$_}" } sort keys %attrs), "\n"
if %attrs && $debug_rules;
print STDERR "DEBUG[dolib:shlib] \@deps for $lib : ",
join(",", map { "\n $_" } @deps), "\n"
if @deps && $debug_rules;
print STDERR "DEBUG[dolib:shlib] \@objs for $lib : ",
join(",", map { "\n $_" } @objs), "\n"
if @objs && $debug_rules;
print STDERR "DEBUG[dolib:shlib] \@foreign_objs for $lib : ",
join(",", map { "\n $_" } @foreign_objs), "\n"
if @foreign_objs && $debug_rules;
$self->emit('obj2shlib',
lib => $lib,
attrs => { %attrs },
objs => [ @objs, @foreign_objs ],
deps => [ @deps ]);
foreach (@objs) {
# If this is somehow a compiled object, take care of it that way
# Otherwise, it might simply be generated
if (defined $self->{info}->{sources}->{$_}) {
if($_ =~ /\.a$/) {
$self->dolib($_);
} else {
$self->doobj($_, $lib, intent => "shlib", attrs => { %attrs });
}
} else {
$self->dogenerate($_, undef, undef, intent => "lib");
}
}
}
{
# When putting static libraries together, we cannot rely on any
# symbol resolution, so for all static libraries used as source for
# this one, as well as other libraries they depend on, we simply
# grab all their object files unconditionally,
# Symbol resolution will happen when any program, module or shared
# library is linked with this one.
my @objs = ();
my @sourcedeps = ();
my @foreign_objs = ();
foreach (@{$self->{info}->{sources}->{$lib}}) {
if ($_ !~ m|\.a$|) {
push @objs, $_;
} else {
push @sourcedeps, $_;
}
}
@sourcedeps = ( grep { $_ ne $lib } $self->resolvedepends(@sourcedeps) );
print STDERR "DEBUG[dolib:lib] : \@sourcedeps for $_ : ",
join(",", map { "\n $_" } @sourcedeps), "\n"
if @sourcedeps && $debug_rules;
@foreign_objs = $self->getlibobjs('sources', @sourcedeps);
print STDERR "DEBUG[dolib:lib] \%attrs for $lib : ", ,
join(",", map { "\n $_ = $attrs{$_}" } sort keys %attrs), "\n"
if %attrs && $debug_rules;
print STDERR "DEBUG[dolib:lib] \@objs for $lib : ",
join(",", map { "\n $_" } @objs), "\n"
if @objs && $debug_rules;
print STDERR "DEBUG[dolib:lib] \@foreign_objs for $lib : ",
join(",", map { "\n $_" } @foreign_objs), "\n"
if @foreign_objs && $debug_rules;
$self->emit('obj2lib',
lib => $lib, attrs => { %attrs },
objs => [ @objs, @foreign_objs ]);
foreach (@objs) {
$self->doobj($_, $lib, intent => "lib", attrs => { %attrs });
}
}
$cache{$lib} = 1;
}
# domodule is responsible for building modules. It will call
# obj2dso, and also makes sure all object files for the library
# are built.
sub domodule {
my $self = shift;
my $module = shift;
return "" if $cache{$module};
my %attrs = %{$self->{info}->{attributes}->{modules}->{$module} // {}};
my @objs = @{$self->{info}->{sources}->{$module}};
my @deps = ( grep { $_ ne $module }
$self->resolvedepends($module) );
print STDERR "DEBUG[domodule] \%attrs for $module :",
join(",", map { "\n $_ = $attrs{$_}" } sort keys %attrs), "\n"
if $debug_rules;
print STDERR "DEBUG[domodule] \@objs for $module : ",
join(",", map { "\n $_" } @objs), "\n"
if $debug_rules;
print STDERR "DEBUG[domodule] \@deps for $module : ",
join(",", map { "\n $_" } @deps), "\n"
if $debug_rules;
$self->emit('obj2dso',
module => $module,
attrs => { %attrs },
objs => [ @objs ],
deps => [ @deps ]);
foreach (@{$self->{info}->{sources}->{$module}}) {
# If this is somehow a compiled object, take care of it that way
# Otherwise, it might simply be generated
if (defined $self->{info}->{sources}->{$_}) {
$self->doobj($_, $module, intent => "dso", attrs => { %attrs });
} else {
$self->dogenerate($_, undef, $module, intent => "dso");
}
}
$cache{$module} = 1;
}
# dobin is responsible for building programs. It will call obj2bin,
# and also makes sure all object files for the library are built.
sub dobin {
my $self = shift;
my $bin = shift;
return "" if $cache{$bin};
my %attrs = %{$self->{info}->{attributes}->{programs}->{$bin} // {}};
my @objs = @{$self->{info}->{sources}->{$bin}};
my @deps = ( grep { $_ ne $bin } $self->resolvedepends($bin) );
print STDERR "DEBUG[dobin] \%attrs for $bin : ",
join(",", map { "\n $_ = $attrs{$_}" } sort keys %attrs), "\n"
if %attrs && $debug_rules;
print STDERR "DEBUG[dobin] \@objs for $bin : ",
join(",", map { "\n $_" } @objs), "\n"
if @objs && $debug_rules;
print STDERR "DEBUG[dobin] \@deps for $bin : ",
join(",", map { "\n $_" } @deps), "\n"
if @deps && $debug_rules;
$self->emit('obj2bin',
bin => $bin,
attrs => { %attrs },
objs => [ @objs ],
deps => [ @deps ]);
foreach (@objs) {
$self->doobj($_, $bin, intent => "bin", attrs => { %attrs });
}
$cache{$bin} = 1;
}
# doscript is responsible for building scripts from templates. It will
# call in2script.
sub doscript {
my $self = shift;
my $script = shift;
return "" if $cache{$script};
$self->emit('in2script',
script => $script,
attrs => $self->{info}->{attributes}->{scripts}->{$script} // {},
sources => $self->{info}->{sources}->{$script});
$cache{$script} = 1;
}
sub dodir {
my $self = shift;
my $dir = shift;
return "" if !exists(&generatedir) or $cache{$dir};
$self->emit('generatedir',
dir => $dir,
deps => $self->{info}->{dirinfo}->{$dir}->{deps} // [],
%{$self->{info}->{dirinfo}->{$_}->{products}});
$cache{$dir} = 1;
}
# dodocs is responsible for building documentation from .pods.
# It will call generatesrc.
sub dodocs {
my $self = shift;
my $type = shift;
my $section = shift;
foreach my $doc (@{$self->{info}->{"${type}docs"}->{$section}}) {
next if $cache{$doc};
$self->emit('generatesrc',
src => $doc,
generator => $self->{info}->{generate}->{$doc});
foreach ((@{$self->{info}->{depends}->{$doc} // []})) {
$self->dogenerate($_, undef, undef);
}
$cache{$doc} = 1;
}
}
1;

18
Configurations/platform.pm
View File

@@ -1,18 +0,0 @@
package platform;
use strict;
use warnings;
use vars qw(@ISA);
# Callers must make sure @INC has the build directory
use configdata;
my $module = $target{perl_platform} || 'Unix';
(my $module_path = $module) =~ s|::|/|g;
require "platform/$module_path.pm";
@ISA = ("platform::$module");
1;
__END__

47
Configurations/platform/AIX.pm
View File

@@ -1,47 +0,0 @@
package platform::AIX;
use strict;
use warnings;
use Carp;
use vars qw(@ISA);
require platform::Unix;
@ISA = qw(platform::Unix);
# Assume someone set @INC right before loading this module
use configdata;
sub dsoext { '.so' }
sub shlibextsimple { return '.so' if $target{shared_target} eq "aix-solib";
'.a'}
# In shared mode, the default static library names clashes with the final
# "simple" full shared library name, so we add '_a' to the basename of the
# static libraries in that case, unless in solib mode (using only .so
# files for shared libraries, and not packaging them inside archives)
sub staticname {
return platform::Unix->staticname($_[1]) if $target{shared_target} eq "aix-solib";
# Non-installed libraries are *always* static, and their names remain
# the same, except for the mandatory extension
my $in_libname = platform::BASE->staticname($_[1]);
return $in_libname
if $unified_info{attributes}->{libraries}->{$_[1]}->{noinst};
return platform::BASE->staticname($_[1]) . ($disabled{shared} ? '' : '_a');
}
# In solib mode, we do not install the simple symlink (we install the import
# library). In regular mode, we install the symlink.
sub sharedlib_simple {
return undef if $target{shared_target} eq "aix-solib";
return platform::Unix->sharedlib_simple($_[1], $_[0]->shlibextsimple());
}
# In solib mode, we install the import library. In regular mode, we have
# no import library.
sub sharedlib_import {
return platform::Unix->sharedlib_simple($_[1]) if $target{shared_target} eq "aix-solib";
return undef;
}

99
Configurations/platform/BASE.pm
View File

@@ -1,99 +0,0 @@
package platform::BASE;
use strict;
use warnings;
use Carp;
# Assume someone set @INC right before loading this module
use configdata;
# Globally defined "platform specific" extensions, available for uniformity
sub depext { '.d' }
# Functions to convert internal file representations to platform specific
# ones. Note that these all depend on extension functions that MUST be
# defined per platform.
#
# Currently known internal or semi-internal extensions are:
#
# .a For libraries that are made static only.
# Internal libraries only.
# .o For object files.
# .s, .S Assembler files. This is an actual extension on Unix
# .res Resource file. This is an actual extension on Windows
sub binname { return $_[1] } # Name of executable binary
sub dsoname { return $_[1] } # Name of dynamic shared object (DSO)
sub sharedname { return __isshared($_[1]) ? $_[1] : undef } # Name of shared lib
sub staticname { return __base($_[1], '.a') } # Name of static lib
# Convenience function to convert the shlib version to an acceptable part
# of a file or directory name. By default, we consider it acceptable as is.
sub shlib_version_as_filename { return $config{shlib_version} }
# Convenience functions to convert the possible extension of an input file name
sub bin { return $_[0]->binname($_[1]) . $_[0]->binext() }
sub dso { return $_[0]->dsoname($_[1]) . $_[0]->dsoext() }
sub sharedlib { return __concat($_[0]->sharedname($_[1]), $_[0]->shlibext()) }
sub staticlib { return $_[0]->staticname($_[1]) . $_[0]->libext() }
# More convenience functions for intermediary files
sub def { return __base($_[1], '.ld') . $_[0]->defext() }
sub obj { return __base($_[1], '.o') . $_[0]->objext() }
sub res { return __base($_[1], '.res') . $_[0]->resext() }
sub dep { return __base($_[1], '.o') . $_[0]->depext() } # <- objname
sub asm { return __base($_[1], '.s') . $_[0]->asmext() }
# Another set of convenience functions for standard checks of certain
# internal extensions and conversion from internal to platform specific
# extension. Note that the latter doesn't deal with libraries because
# of ambivalence
sub isdef { return $_[1] =~ m|\.ld$|; }
sub isobj { return $_[1] =~ m|\.o$|; }
sub isres { return $_[1] =~ m|\.res$|; }
sub isasm { return $_[1] =~ m|\.s$|; }
sub iscppasm { return $_[1] =~ m|\.S$|; }
sub isstaticlib { return $_[1] =~ m|\.a$|; }
sub convertext {
if ($_[0]->isdef($_[1])) { return $_[0]->def($_[1]); }
if ($_[0]->isobj($_[1])) { return $_[0]->obj($_[1]); }
if ($_[0]->isres($_[1])) { return $_[0]->res($_[1]); }
if ($_[0]->isasm($_[1])) { return $_[0]->asm($_[1]); }
if ($_[0]->isstaticlib($_[1])) { return $_[0]->staticlib($_[1]); }
return $_[1];
}
# Helpers ############################################################
# __base EXPR, LIST
# This returns the given path (EXPR) with the matching suffix from LIST stripped
sub __base {
my $path = shift;
foreach (@_) {
if ($path =~ m|\Q${_}\E$|) {
return $`;
}
}
return $path;
}
# __isshared EXPR
# EXPR is supposed to be a library name. This will return true if that library
# can be assumed to be a shared library, otherwise false
sub __isshared {
return !($disabled{shared} || $_[0] =~ /\.a$/);
}
# __concat LIST
# Returns the concatenation of all elements of LIST if none of them is
# undefined. If one of them is undefined, returns undef instead.
sub __concat {
my $result = '';
foreach (@_) {
return undef unless defined $_;
$result .= $_;
}
return $result;
}
1;

22
Configurations/platform/Cygwin.pm
View File

@@ -1,22 +0,0 @@
package platform::Cygwin;
use strict;
use warnings;
use Carp;
use vars qw(@ISA);
require platform::mingw;
@ISA = qw(platform::mingw);
# Assume someone set @INC right before loading this module
use configdata;
sub sharedname {
my $class = shift;
my $lib = platform::mingw->sharedname(@_);
$lib =~ s|^lib|cyg| if defined $lib;
return $lib;
}
1;

89
Configurations/platform/Unix.pm
View File

@@ -1,89 +0,0 @@
package platform::Unix;
use strict;
use warnings;
use Carp;
use vars qw(@ISA);
require platform::BASE;
@ISA = qw(platform::BASE);
# Assume someone set @INC right before loading this module
use configdata;
sub binext { $target{exe_extension} || '' }
sub dsoext { $target{dso_extension} || platform->shlibextsimple()
|| '.so' }
# Because these are also used in scripts and not just Makefile, we must
# convert $(SHLIB_VERSION_NUMBER) to the actual number.
sub shlibext { (my $x = $target{shared_extension}
|| '.so.$(SHLIB_VERSION_NUMBER)')
=~ s|\.\$\(SHLIB_VERSION_NUMBER\)
|.$config{shlib_version}|x;
$x; }
sub libext { $target{lib_extension} || '.a' }
sub defext { $target{def_extension} || '.ld' }
sub objext { $target{obj_extension} || '.o' }
sub depext { $target{obj_extension} || '.d' }
# Other extra that aren't defined in platform::BASE
sub shlibextsimple { (my $x = $target{shared_extension} || '.so')
=~ s|\.\$\(SHLIB_VERSION_NUMBER\)||;
$x; }
sub shlibvariant { $target{shlib_variant} || "" }
sub makedepcmd { $disabled{makedepend} ? undef : $config{makedepcmd} }
# No conversion of assembler extension on Unix
sub asm {
return $_[1];
}
# At some point, we might decide that static libraries are called something
# other than the default...
sub staticname {
# Non-installed libraries are *always* static, and their names remain
# the same, except for the mandatory extension
my $in_libname = platform::BASE->staticname($_[1]);
return $in_libname
if $unified_info{attributes}->{libraries}->{$_[1]}->{noinst};
# We currently return the same name anyway... but we might choose to
# append '_static' or '_a' some time in the future.
return platform::BASE->staticname($_[1]);
}
sub sharedname {
return platform::BASE::__concat(platform::BASE->sharedname($_[1]),
($_[0]->shlibvariant() // ''));
}
sub sharedname_simple {
return platform::BASE::__isshared($_[1]) ? $_[1] : undef;
}
sub sharedlib_simple {
# This function returns the simplified shared library name (no version
# or variant in the shared library file name) if the simple variants of
# the base name or the suffix differ from the full variants of the same.
# Note: if $_[1] isn't a shared library name, then $_[0]->sharedname()
# and $_[0]->sharedname_simple() will return undef. This needs being
# accounted for.
my $name = $_[0]->sharedname($_[1]);
my $simplename = $_[0]->sharedname_simple($_[1]);
my $ext = $_[0]->shlibext();
# Allow override of the extension passed in as parameter
my $simpleext = $_[2];
$simpleext = $_[0]->shlibextsimple() unless defined $simpleext;
return undef unless defined $simplename && defined $name;
return undef if ($name eq $simplename && $ext eq $simpleext);
return platform::BASE::__concat($simplename, $simpleext);
}
sub sharedlib_import {
return undef;
}
1;

65
Configurations/platform/VMS.pm
View File

@@ -1,65 +0,0 @@
package platform::VMS;
use strict;
use warnings;
use Carp;
use vars qw(@ISA);
require platform::BASE;
@ISA = qw(platform::BASE);
# Assume someone set @INC right before loading this module
use configdata;
# VMS has a cultural standard where all installed libraries are prefixed.
# For OpenSSL, the choice is 'ossl$' (this prefix was claimed in a
# conversation with VSI, Tuesday January 26 2016)
sub osslprefix { 'OSSL$' }
sub binext { '.EXE' }
sub dsoext { '.EXE' }
sub shlibext { '.EXE' }
sub libext { '.OLB' }
sub defext { '.OPT' }
sub objext { '.OBJ' }
sub depext { '.D' }
sub asmext { '.ASM' }
# Other extra that aren't defined in platform::BASE
sub shlibvariant { $target{shlib_variant} || '' }
sub optext { '.OPT' }
sub optname { return $_[1] }
sub opt { return $_[0]->optname($_[1]) . $_[0]->optext() }
# Other projects include the pointer size in the name of installed libraries,
# so we do too.
sub staticname {
# Non-installed libraries are *always* static, and their names remain
# the same, except for the mandatory extension
my $in_libname = platform::BASE->staticname($_[1]);
return $in_libname
if $unified_info{attributes}->{libraries}->{$_[1]}->{noinst};
return platform::BASE::__concat($_[0]->osslprefix(),
platform::BASE->staticname($_[1]),
$target{pointer_size});
}
# To enable installation of multiple major OpenSSL releases, we include the
# version number in installed shared library names.
my $sover_filename =
join('', map { sprintf "%02d", $_ } split(m|\.|, $config{shlib_version}));
sub shlib_version_as_filename {
return $sover_filename;
}
sub sharedname {
return platform::BASE::__concat($_[0]->osslprefix(),
platform::BASE->sharedname($_[1]),
$_[0]->shlib_version_as_filename(),
($_[0]->shlibvariant() // ''),
"_shr$target{pointer_size}");
}
1;

64
Configurations/platform/Windows.pm
View File

@@ -1,64 +0,0 @@
package platform::Windows;
use strict;
use warnings;
use Carp;
use vars qw(@ISA);
require platform::BASE;
@ISA = qw(platform::BASE);
# Assume someone set @INC right before loading this module
use configdata;
sub binext { '.exe' }
sub dsoext { '.dll' }
sub shlibext { '.dll' }
sub libext { '.lib' }
sub defext { '.def' }
sub objext { '.obj' }
sub depext { '.d' }
sub asmext { '.asm' }
# Other extra that aren't defined in platform::BASE
sub resext { '.res' }
sub shlibextimport { '.lib' }
sub shlibvariant { $target{shlib_variant} || '' }
sub staticname {
# Non-installed libraries are *always* static, and their names remain
# the same, except for the mandatory extension
my $in_libname = platform::BASE->staticname($_[1]);
return $in_libname
if $unified_info{attributes}->{libraries}->{$_[1]}->{noinst};
# To make sure not to clash with an import library, we make the static
# variant of our installed libraries get '_static' added to their names.
return platform::BASE->staticname($_[1])
. ($disabled{shared} ? '' : '_static');
}
# To mark forward compatibility, we include the OpenSSL major release version
# number in the installed shared library names.
(my $sover_filename = $config{shlib_version}) =~ s|\.|_|g;
sub shlib_version_as_filename {
return $sover_filename
}
sub sharedname {
return platform::BASE::__concat(platform::BASE->sharedname($_[1]),
"-",
$_[0]->shlib_version_as_filename(),
($_[0]->shlibvariant() // ''));
}
sub sharedname_import {
return platform::BASE::__isshared($_[1]) ? $_[1] : undef;
}
sub sharedlib_import {
return platform::BASE::__concat($_[0]->sharedname_import($_[1]),
$_[0]->shlibextimport());
}
1;

44
Configurations/platform/Windows/MSVC.pm
View File

@@ -1,44 +0,0 @@
package platform::Windows::MSVC;
use strict;
use warnings;
use Carp;
use vars qw(@ISA);
require platform::Windows;
@ISA = qw(platform::Windows);
# Assume someone set @INC right before loading this module
use configdata;
sub pdbext { '.pdb' }
# It's possible that this variant of |sharedname| should be in Windows.pm.
# However, this variant was VC only in 1.1.1, so we maintain that here until
# further notice.
sub sharedname {
return platform::BASE::__concat(platform::BASE->sharedname($_[1]),
"-",
$_[0]->shlib_version_as_filename(),
($target{multilib} // '' ),
($_[0]->shlibvariant() // ''));
}
sub staticlibpdb {
return platform::BASE::__concat($_[0]->staticname($_[1]), $_[0]->pdbext());
}
sub sharedlibpdb {
return platform::BASE::__concat($_[0]->sharedname($_[1]), $_[0]->pdbext());
}
sub dsopdb {
return platform::BASE::__concat($_[0]->dsoname($_[1]), $_[0]->pdbext());
}
sub binpdb {
return platform::BASE::__concat($_[0]->binname($_[1]), $_[0]->pdbext());
}
1;

16
Configurations/platform/Windows/cppbuilder.pm
View File

@@ -1,16 +0,0 @@
package platform::Windows::cppbuilder;
use vars qw(@ISA);
require platform::Windows::MSVC;
@ISA = qw(platform::Windows::MSVC);
sub pdbext { '.tds' }
# C++Builder's Clang-based compilers prepend an underscore to __cdecl-convention
# C functions, and the linker needs those as the InternalName in the .def file.
sub export2internal {
return "_$_[1]";
}
1;

51
Configurations/platform/mingw.pm
View File

@@ -1,51 +0,0 @@
package platform::mingw;
use strict;
use warnings;
use Carp;
use vars qw(@ISA);
require platform::Unix;
@ISA = qw(platform::Unix);
# Assume someone set @INC right before loading this module
use configdata;
sub binext { '.exe' }
sub objext { '.obj' }
sub libext { '.a' }
sub dsoext { '.dll' }
sub defext { '.def' }
# Other extra that aren't defined in platform::BASE
sub resext { '.res.obj' }
sub shlibext { '.dll' }
sub shlibextimport { $target{shared_import_extension} || '.dll.a' }
sub shlibextsimple { undef }
sub makedepcmd { $disabled{makedepend} ? undef : $config{makedepcmd} }
(my $sover_filename = $config{shlib_version}) =~ s|\.|_|g;
sub shlib_version_as_filename {
return $sover_filename;
}
sub sharedname {
return platform::BASE::__concat(platform::BASE->sharedname($_[1]),
"-",
$_[0]->shlib_version_as_filename(),
($config{target} eq "mingw64"
? "-x64" : ""));
}
# With Mingw and other DLL producers, there isn't any "simpler" shared
# library name. However, there is a static import library.
sub sharedlib_simple {
return undef;
}
sub sharedlib_import {
return platform::BASE::__concat(platform::BASE->sharedname($_[1]),
$_[0]->shlibextimport());
}
1;

100
Configurations/shared-info.pl
View File

@@ -1,100 +0,0 @@
#! /usr/bin/env perl
# -*- mode: perl; -*-
# Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
# This is a collection of extra attributes to be used as input for creating
# shared libraries, currently on any Unix variant, including Unix like
# environments on Windows.
sub detect_gnu_ld {
my @lines =
`$config{CROSS_COMPILE}$config{CC} -Wl,-V /dev/null 2>&1`;
return grep /^GNU ld/, @lines;
}
sub detect_gnu_cc {
my @lines =
`$config{CROSS_COMPILE}$config{CC} -v 2>&1`;
return grep /gcc/, @lines;
}
my %shared_info;
%shared_info = (
'gnu-shared' => {
shared_ldflag => '-shared -Wl,-Bsymbolic',
shared_sonameflag => '-Wl,-soname=',
},
'linux-shared' => sub {
return {
%{$shared_info{'gnu-shared'}},
shared_defflag => '-Wl,--version-script=',
dso_ldflags =>
(grep /(?:^|\s)-fsanitize/,
@{$config{CFLAGS}}, @{$config{cflags}})
? ''
: '-Wl,-z,defs',
};
},
'bsd-gcc-shared' => sub { return $shared_info{'linux-shared'}; },
'bsd-gcc-nodef-shared' => sub {
return {
%{$shared_info{'gnu-shared'}},
shared_defflags => '-Wl,--version-script=',
};
},
'darwin-shared' => {
module_ldflags => '-bundle',
shared_ldflag => '-dynamiclib -current_version $(SHLIB_VERSION_NUMBER) -compatibility_version $(SHLIB_VERSION_NUMBER)',
shared_sonameflag => '-install_name $(libdir)/',
},
'cygwin-shared' => {
shared_ldflag => '-shared -Wl,--enable-auto-image-base',
shared_impflag => '-Wl,--out-implib=',
},
'mingw-shared' => sub {
return {
%{$shared_info{'cygwin-shared'}},
# def_flag made to empty string so it still generates
# something
shared_defflag => '',
shared_argfileflag => '@',
};
},
'alpha-osf1-shared' => sub {
return $shared_info{'gnu-shared'} if detect_gnu_ld();
return {
module_ldflags => '-shared -Wl,-Bsymbolic',
shared_ldflag => '-shared -Wl,-Bsymbolic -set_version $(SHLIB_VERSION_NUMBER)',
};
},
'svr3-shared' => sub {
return $shared_info{'gnu-shared'} if detect_gnu_ld();
return {
shared_ldflag => '-G',
shared_sonameflag => '-h ',
};
},
'svr5-shared' => sub {
return $shared_info{'gnu-shared'} if detect_gnu_ld();
return {
shared_ldflag => detect_gnu_cc() ? '-shared' : '-G',
shared_sonameflag => '-h ',
};
},
'solaris-gcc-shared' => sub {
return $shared_info{'linux-shared'} if detect_gnu_ld();
return {
# Note: we should also have -shared here, but because some
# config targets define it with an added -static-libgcc
# following it, we don't want to change the order. This
# forces all solaris gcc config targets to define shared_ldflag
shared_ldflag => '-Wl,-Bsymbolic',
shared_defflag => "-Wl,-M,",
shared_sonameflag => "-Wl,-h,",
};
},
);

2090
Configurations/unix-Makefile.tmpl
View File

File diff suppressed because it is too large Load Diff

22
Configurations/unix-checker.pm
View File

@@ -1,22 +0,0 @@
#! /usr/bin/env perl
use Config;
# Check that the perl implementation file modules generate paths that
# we expect for the platform
use File::Spec::Functions qw(:DEFAULT rel2abs);
if (rel2abs('.') !~ m|/|) {
die <<EOF;
******************************************************************************
This perl implementation doesn't produce Unix like paths (with forward slash
directory separators). Please use an implementation that matches your
building platform.
This Perl version: $Config{version} for $Config{archname}
******************************************************************************
EOF
}
1;

22
Configurations/windows-checker.pm
View File

@@ -1,22 +0,0 @@
#! /usr/bin/env perl
use Config;
# Check that the perl implementation file modules generate paths that
# we expect for the platform
use File::Spec::Functions qw(:DEFAULT rel2abs);
if (!$ENV{CONFIGURE_INSIST} && rel2abs('.') !~ m|\\|) {
die <<EOF;
******************************************************************************
This perl implementation doesn't produce Windows like paths (with backward
slash directory separators). Please use an implementation that matches your
building platform.
This Perl version: $Config{version} for $Config{archname}
******************************************************************************
EOF
}
1;

1099
Configurations/windows-makefile.tmpl
View File

File diff suppressed because it is too large Load Diff

5321
Configure
View File

File diff suppressed because it is too large Load Diff

729
FAQ Normal file
View File

@@ -0,0 +1,729 @@
OpenSSL - Frequently Asked Questions
--------------------------------------
[MISC] Miscellaneous questions
* Which is the current version of OpenSSL?
* Where is the documentation?
* How can I contact the OpenSSL developers?
* Where can I get a compiled version of OpenSSL?
* Why aren't tools like 'autoconf' and 'libtool' used?
* What is an 'engine' version?
* How do I check the authenticity of the OpenSSL distribution?
[LEGAL] Legal questions
* Do I need patent licenses to use OpenSSL?
* Can I use OpenSSL with GPL software?
[USER] Questions on using the OpenSSL applications
* Why do I get a "PRNG not seeded" error message?
* Why do I get an "unable to write 'random state'" error message?
* How do I create certificates or certificate requests?
* Why can't I create certificate requests?
* Why does <SSL program> fail with a certificate verify error?
* Why can I only use weak ciphers when I connect to a server using OpenSSL?
* How can I create DSA certificates?
* Why can't I make an SSL connection using a DSA certificate?
* How can I remove the passphrase on a private key?
* Why can't I use OpenSSL certificates with SSL client authentication?
* Why does my browser give a warning about a mismatched hostname?
* How do I install a CA certificate into a browser?
* Why is OpenSSL x509 DN output not conformant to RFC2253?
[BUILD] Questions about building and testing OpenSSL
* Why does the linker complain about undefined symbols?
* Why does the OpenSSL test fail with "bc: command not found"?
* Why does the OpenSSL test fail with "bc: 1 no implemented"?
* Why does the OpenSSL test fail with "bc: stack empty"?
* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
* Why does the OpenSSL compilation fail with "ar: command not found"?
* Why does the OpenSSL compilation fail on Win32 with VC++?
* What is special about OpenSSL on Redhat?
* Why does the OpenSSL compilation fail on MacOS X?
* Why does the OpenSSL test suite fail on MacOS X?
[PROG] Questions about programming with OpenSSL
* Is OpenSSL thread-safe?
* I've compiled a program under Windows and it crashes: why?
* How do I read or write a DER encoded buffer using the ASN1 functions?
* I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
* I've called <some function> and it fails, why?
* I just get a load of numbers for the error output, what do they mean?
* Why do I get errors about unknown algorithms?
* Why can't the OpenSSH configure script detect OpenSSL?
* Can I use OpenSSL's SSL library with non-blocking I/O?
* Why doesn't my server application receive a client certificate?
* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier?
===============================================================================
[MISC] ========================================================================
* Which is the current version of OpenSSL?
The current version is available from <URL: http://www.openssl.org>.
OpenSSL 0.9.6h was released on December 5, 2002.
In addition to the current stable release, you can also access daily
snapshots of the OpenSSL development version at <URL:
ftp://ftp.openssl.org/snapshot/>, or get it by anonymous CVS access.
* Where is the documentation?
OpenSSL is a library that provides cryptographic functionality to
applications such as secure web servers. Be sure to read the
documentation of the application you want to use. The INSTALL file
explains how to install this library.
OpenSSL includes a command line utility that can be used to perform a
variety of cryptographic functions. It is described in the openssl(1)
manpage. Documentation for developers is currently being written. A
few manual pages already are available; overviews over libcrypto and
libssl are given in the crypto(3) and ssl(3) manpages.
The OpenSSL manpages are installed in /usr/local/ssl/man/ (or a
different directory if you specified one as described in INSTALL).
In addition, you can read the most current versions at
<URL: http://www.openssl.org/docs/>.
For information on parts of libcrypto that are not yet documented, you
might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's
predecessor, at <URL: http://www.columbia.edu/~ariel/ssleay/>. Much
of this still applies to OpenSSL.
There is some documentation about certificate extensions and PKCS#12
in doc/openssl.txt
The original SSLeay documentation is included in OpenSSL as
doc/ssleay.txt. It may be useful when none of the other resources
help, but please note that it reflects the obsolete version SSLeay
0.6.6.
* How can I contact the OpenSSL developers?
The README file describes how to submit bug reports and patches to
OpenSSL. Information on the OpenSSL mailing lists is available from
<URL: http://www.openssl.org>.
* Where can I get a compiled version of OpenSSL?
Some applications that use OpenSSL are distributed in binary form.
When using such an application, you don't need to install OpenSSL
yourself; the application will include the required parts (e.g. DLLs).
If you want to install OpenSSL on a Windows system and you don't have
a C compiler, read the "Mingw32" section of INSTALL.W32 for information
on how to obtain and install the free GNU C compiler.
A number of Linux and *BSD distributions include OpenSSL.
* Why aren't tools like 'autoconf' and 'libtool' used?
autoconf will probably be used in future OpenSSL versions. If it was
less Unix-centric, it might have been used much earlier.
* What is an 'engine' version?
With version 0.9.6 OpenSSL was extended to interface to external crypto
hardware. This was realized in a special release '0.9.6-engine'. With
version 0.9.7 (not yet released) the changes were merged into the main
development line, so that the special release is no longer necessary.
* How do I check the authenticity of the OpenSSL distribution?
We provide MD5 digests and ASC signatures of each tarball.
Use MD5 to check that a tarball from a mirror site is identical:
md5sum TARBALL | awk '{print $1;}' | cmp - TARBALL.md5
You can check authenticity using pgp or gpg. You need the OpenSSL team
member public key used to sign it (download it from a key server). Then
just do:
pgp TARBALL.asc
[LEGAL] =======================================================================
* Do I need patent licenses to use OpenSSL?
The patents section of the README file lists patents that may apply to
you if you want to use OpenSSL. For information on intellectual
property rights, please consult a lawyer. The OpenSSL team does not
offer legal advice.
You can configure OpenSSL so as not to use RC5 and IDEA by using
./config no-rc5 no-idea
* Can I use OpenSSL with GPL software?
On many systems including the major Linux and BSD distributions, yes (the
GPL does not place restrictions on using libraries that are part of the
normal operating system distribution).
On other systems, the situation is less clear. Some GPL software copyright
holders claim that you infringe on their rights if you use OpenSSL with
their software on operating systems that don't normally include OpenSSL.
If you develop open source software that uses OpenSSL, you may find it
useful to choose an other license than the GPL, or state explicitly that
"This program is released under the GPL with the additional exemption that
compiling, linking, and/or using OpenSSL is allowed." If you are using
GPL software developed by others, you may want to ask the copyright holder
for permission to use their software with OpenSSL.
[USER] ========================================================================
* Why do I get a "PRNG not seeded" error message?
Cryptographic software needs a source of unpredictable data to work
correctly. Many open source operating systems provide a "randomness
device" that serves this purpose. On other systems, applications have
to call the RAND_add() or RAND_seed() function with appropriate data
before generating keys or performing public key encryption.
(These functions initialize the pseudo-random number generator, PRNG.)
Some broken applications do not do this. As of version 0.9.5, the
OpenSSL functions that need randomness report an error if the random
number generator has not been seeded with at least 128 bits of
randomness. If this error occurs, please contact the author of the
application you are using. It is likely that it never worked
correctly. OpenSSL 0.9.5 and later make the error visible by refusing
to perform potentially insecure encryption.
On systems without /dev/urandom and /dev/random, it is a good idea to
use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for
details. Starting with version 0.9.7, OpenSSL will automatically look
for an EGD socket at /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool and
/etc/entropy.
Most components of the openssl command line utility automatically try
to seed the random number generator from a file. The name of the
default seeding file is determined as follows: If environment variable
RANDFILE is set, then it names the seeding file. Otherwise if
environment variable HOME is set, then the seeding file is $HOME/.rnd.
If neither RANDFILE nor HOME is set, versions up to OpenSSL 0.9.6 will
use file .rnd in the current directory while OpenSSL 0.9.6a uses no
default seeding file at all. OpenSSL 0.9.6b and later will behave
similarly to 0.9.6a, but will use a default of "C:\" for HOME on
Windows systems if the environment variable has not been set.
If the default seeding file does not exist or is too short, the "PRNG
not seeded" error message may occur.
The openssl command line utility will write back a new state to the
default seeding file (and create this file if necessary) unless
there was no sufficient seeding.
Pointing $RANDFILE to an Entropy Gathering Daemon socket does not work.
Use the "-rand" option of the OpenSSL command line tools instead.
The $RANDFILE environment variable and $HOME/.rnd are only used by the
OpenSSL command line tools. Applications using the OpenSSL library
provide their own configuration options to specify the entropy source,
please check out the documentation coming the with application.
For Solaris 2.6, Tim Nibbe <tnibbe@sprint.net> and others have suggested
installing the SUNski package from Sun patch 105710-01 (Sparc) which
adds a /dev/random device and make sure it gets used, usually through
$RANDFILE. There are probably similar patches for the other Solaris
versions. An official statement from Sun with respect to /dev/random
support can be found at
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski
However, be warned that /dev/random is usually a blocking device, which
may have some effects on OpenSSL.
A third party /dev/random solution for Solaris is available at
http://www.cosy.sbg.ac.at/~andi/
* Why do I get an "unable to write 'random state'" error message?
Sometimes the openssl command line utility does not abort with
a "PRNG not seeded" error message, but complains that it is
"unable to write 'random state'". This message refers to the
default seeding file (see previous answer). A possible reason
is that no default filename is known because neither RANDFILE
nor HOME is set. (Versions up to 0.9.6 used file ".rnd" in the
current directory in this case, but this has changed with 0.9.6a.)
* How do I create certificates or certificate requests?
Check out the CA.pl(1) manual page. This provides a simple wrapper round
the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check
out the manual pages for the individual utilities and the certificate
extensions documentation (currently in doc/openssl.txt).
* Why can't I create certificate requests?
You typically get the error:
unable to find 'distinguished_name' in config
problems making Certificate Request
This is because it can't find the configuration file. Check out the
DIAGNOSTICS section of req(1) for more information.
* Why does <SSL program> fail with a certificate verify error?
This problem is usually indicated by log messages saying something like
"unable to get local issuer certificate" or "self signed certificate".
When a certificate is verified its root CA must be "trusted" by OpenSSL
this typically means that the CA certificate must be placed in a directory
or file and the relevant program configured to read it. The OpenSSL program
'verify' behaves in a similar way and issues similar error messages: check
the verify(1) program manual page for more information.
* Why can I only use weak ciphers when I connect to a server using OpenSSL?
This is almost certainly because you are using an old "export grade" browser
which only supports weak encryption. Upgrade your browser to support 128 bit
ciphers.
* How can I create DSA certificates?
Check the CA.pl(1) manual page for a DSA certificate example.
* Why can't I make an SSL connection to a server using a DSA certificate?
Typically you'll see a message saying there are no shared ciphers when
the same setup works fine with an RSA certificate. There are two possible
causes. The client may not support connections to DSA servers most web
browsers (including Netscape and MSIE) only support connections to servers
supporting RSA cipher suites. The other cause is that a set of DH parameters
has not been supplied to the server. DH parameters can be created with the
dhparam(1) command and loaded using the SSL_CTX_set_tmp_dh() for example:
check the source to s_server in apps/s_server.c for an example.
* How can I remove the passphrase on a private key?
Firstly you should be really *really* sure you want to do this. Leaving
a private key unencrypted is a major security risk. If you decide that
you do have to do this check the EXAMPLES sections of the rsa(1) and
dsa(1) manual pages.
* Why can't I use OpenSSL certificates with SSL client authentication?
What will typically happen is that when a server requests authentication
it will either not include your certificate or tell you that you have
no client certificates (Netscape) or present you with an empty list box
(MSIE). The reason for this is that when a server requests a client
certificate it includes a list of CAs names which it will accept. Browsers
will only let you select certificates from the list on the grounds that
there is little point presenting a certificate which the server will
reject.
The solution is to add the relevant CA certificate to your servers "trusted
CA list". How you do this depends on the server software in uses. You can
print out the servers list of acceptable CAs using the OpenSSL s_client tool:
openssl s_client -connect www.some.host:443 -prexit
If your server only requests certificates on certain URLs then you may need
to manually issue an HTTP GET command to get the list when s_client connects:
GET /some/page/needing/a/certificate.html
If your CA does not appear in the list then this confirms the problem.
* Why does my browser give a warning about a mismatched hostname?
Browsers expect the server's hostname to match the value in the commonName
(CN) field of the certificate. If it does not then you get a warning.
* How do I install a CA certificate into a browser?
The usual way is to send the DER encoded certificate to the browser as
MIME type application/x-x509-ca-cert, for example by clicking on an appropriate
link. On MSIE certain extensions such as .der or .cacert may also work, or you
can import the certificate using the certificate import wizard.
You can convert a certificate to DER form using the command:
openssl x509 -in ca.pem -outform DER -out ca.der
Occasionally someone suggests using a command such as:
openssl pkcs12 -export -out cacert.p12 -in cacert.pem -inkey cakey.pem
DO NOT DO THIS! This command will give away your CAs private key and
reduces its security to zero: allowing anyone to forge certificates in
whatever name they choose.
* Why is OpenSSL x509 DN output not conformant to RFC2253?
The ways to print out the oneline format of the DN (Distinguished Name) have
been extended in version 0.9.7 of OpenSSL. Using the new X509_NAME_print_ex()
interface, the "-nameopt" option could be introduded. See the manual
page of the "openssl x509" commandline tool for details. The old behaviour
has however been left as default for the sake of compatibility.
[BUILD] =======================================================================
* Why does the linker complain about undefined symbols?
Maybe the compilation was interrupted, and make doesn't notice that
something is missing. Run "make clean; make".
If you used ./Configure instead of ./config, make sure that you
selected the right target. File formats may differ slightly between
OS versions (for example sparcv8/sparcv9, or a.out/elf).
In case you get errors about the following symbols, use the config
option "no-asm", as described in INSTALL:
BF_cbc_encrypt, BF_decrypt, BF_encrypt, CAST_cbc_encrypt,
CAST_decrypt, CAST_encrypt, RC4, RC5_32_cbc_encrypt, RC5_32_decrypt,
RC5_32_encrypt, bn_add_words, bn_div_words, bn_mul_add_words,
bn_mul_comba4, bn_mul_comba8, bn_mul_words, bn_sqr_comba4,
bn_sqr_comba8, bn_sqr_words, bn_sub_words, des_decrypt3,
des_ede3_cbc_encrypt, des_encrypt, des_encrypt2, des_encrypt3,
des_ncbc_encrypt, md5_block_asm_host_order, sha1_block_asm_data_order
If none of these helps, you may want to try using the current snapshot.
If the problem persists, please submit a bug report.
* Why does the OpenSSL test fail with "bc: command not found"?
You didn't install "bc", the Unix calculator. If you want to run the
tests, get GNU bc from ftp://ftp.gnu.org or from your OS distributor.
* Why does the OpenSSL test fail with "bc: 1 no implemented"?
On some SCO installations or versions, bc has a bug that gets triggered
when you run the test suite (using "make test"). The message returned is
"bc: 1 not implemented".
The best way to deal with this is to find another implementation of bc
and compile/install it. GNU bc (see http://www.gnu.org/software/software.html
for download instructions) can be safely used, for example.
* Why does the OpenSSL test fail with "bc: stack empty"?
On some DG/ux versions, bc seems to have a too small stack for calculations
that the OpenSSL bntest throws at it. This gets triggered when you run the
test suite (using "make test"). The message returned is "bc: stack empty".
The best way to deal with this is to find another implementation of bc
and compile/install it. GNU bc (see http://www.gnu.org/software/software.html
for download instructions) can be safely used, for example.
* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
On some Alpha installations running Tru64 Unix and Compaq C, the compilation
of crypto/sha/sha_dgst.c fails with the message 'Fatal: Insufficient virtual
memory to continue compilation.' As far as the tests have shown, this may be
a compiler bug. What happens is that it eats up a lot of resident memory
to build something, probably a table. The problem is clearly in the
optimization code, because if one eliminates optimization completely (-O0),
the compilation goes through (and the compiler consumes about 2MB of resident
memory instead of 240MB or whatever one's limit is currently).
There are three options to solve this problem:
1. set your current data segment size soft limit higher. Experience shows
that about 241000 kbytes seems to be enough on an AlphaServer DS10. You do
this with the command 'ulimit -Sd nnnnnn', where 'nnnnnn' is the number of
kbytes to set the limit to.
2. If you have a hard limit that is lower than what you need and you can't
get it changed, you can compile all of OpenSSL with -O0 as optimization
level. This is however not a very nice thing to do for those who expect to
get the best result from OpenSSL. A bit more complicated solution is the
following:
----- snip:start -----
make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile.ssl | \
sed -e 's/ -O[0-9] / -O0 /'`"
rm `ls crypto/*.o crypto/sha/*.o | grep -v 'sha_dgst\.o'`
make
----- snip:end -----
This will only compile sha_dgst.c with -O0, the rest with the optimization
level chosen by the configuration process. When the above is done, do the
test and installation and you're set.
* Why does the OpenSSL compilation fail with "ar: command not found"?
Getting this message is quite usual on Solaris 2, because Sun has hidden
away 'ar' and other development commands in directories that aren't in
$PATH by default. One of those directories is '/usr/ccs/bin'. The
quickest way to fix this is to do the following (it assumes you use sh
or any sh-compatible shell):
----- snip:start -----
PATH=${PATH}:/usr/ccs/bin; export PATH
----- snip:end -----
and then redo the compilation. What you should really do is make sure
'/usr/ccs/bin' is permanently in your $PATH, for example through your
'.profile' (again, assuming you use a sh-compatible shell).
* Why does the OpenSSL compilation fail on Win32 with VC++?
Sometimes, you may get reports from VC++ command line (cl) that it
can't find standard include files like stdio.h and other weirdnesses.
One possible cause is that the environment isn't correctly set up.
To solve that problem, one should run VCVARS32.BAT which is found in
the 'bin' subdirectory of the VC++ installation directory (somewhere
under 'Program Files'). This needs to be done prior to running NMAKE,
and the changes are only valid for the current DOS session.
* What is special about OpenSSL on Redhat?
Red Hat Linux (release 7.0 and later) include a preinstalled limited
version of OpenSSL. For patent reasons, support for IDEA, RC5 and MDC2
is disabled in this version. The same may apply to other Linux distributions.
Users may therefore wish to install more or all of the features left out.
To do this you MUST ensure that you do not overwrite the openssl that is in
/usr/bin on your Red Hat machine. Several packages depend on this file,
including sendmail and ssh. /usr/local/bin is a good alternative choice. The
libraries that come with Red Hat 7.0 onwards have different names and so are
not affected. (eg For Red Hat 7.2 they are /lib/libssl.so.0.9.6b and
/lib/libcrypto.so.0.9.6b with symlinks /lib/libssl.so.2 and
/lib/libcrypto.so.2 respectively).
Please note that we have been advised by Red Hat attempting to recompile the
openssl rpm with all the cryptography enabled will not work. All other
packages depend on the original Red Hat supplied openssl package. It is also
worth noting that due to the way Red Hat supplies its packages, updates to
openssl on each distribution never change the package version, only the
build number. For example, on Red Hat 7.1, the latest openssl package has
version number 0.9.6 and build number 9 even though it contains all the
relevant updates in packages up to and including 0.9.6b.
A possible way around this is to persuade Red Hat to produce a non-US
version of Red Hat Linux.
FYI: Patent numbers and expiry dates of US patents:
MDC-2: 4,908,861 13/03/2007
IDEA: 5,214,703 25/05/2010
RC5: 5,724,428 03/03/2015
* Why does the OpenSSL compilation fail on MacOS X?
If the failure happens when trying to build the "openssl" binary, with
a large number of undefined symbols, it's very probable that you have
OpenSSL 0.9.6b delivered with the operating system (you can find out by
running '/usr/bin/openssl version') and that you were trying to build
OpenSSL 0.9.7 or newer. The problem is that the loader ('ld') in
MacOS X has a misfeature that's quite difficult to go around.
Look in the file PROBLEMS for a more detailed explanation and for possible
solutions.
* Why does the OpenSSL test suite fail on MacOS X?
If the failure happens when running 'make test' and the RC4 test fails,
it's very probable that you have OpenSSL 0.9.6b delivered with the
operating system (you can find out by running '/usr/bin/openssl version')
and that you were trying to build OpenSSL 0.9.6d. The problem is that
the loader ('ld') in MacOS X has a misfeature that's quite difficult to
go around and has linked the programs "openssl" and the test programs
with /usr/lib/libcrypto.dylib and /usr/lib/libssl.dylib instead of the
libraries you just built.
Look in the file PROBLEMS for a more detailed explanation and for possible
solutions.
[PROG] ========================================================================
* Is OpenSSL thread-safe?
Yes (with limitations: an SSL connection may not concurrently be used
by multiple threads). On Windows and many Unix systems, OpenSSL
automatically uses the multi-threaded versions of the standard
libraries. If your platform is not one of these, consult the INSTALL
file.
Multi-threaded applications must provide two callback functions to
OpenSSL. This is described in the threads(3) manpage.
* I've compiled a program under Windows and it crashes: why?
This is usually because you've missed the comment in INSTALL.W32.
Your application must link against the same version of the Win32
C-Runtime against which your openssl libraries were linked. The
default version for OpenSSL is /MD - "Multithreaded DLL".
If you are using Microsoft Visual C++'s IDE (Visual Studio), in
many cases, your new project most likely defaulted to "Debug
Singlethreaded" - /ML. This is NOT interchangeable with /MD and your
program will crash, typically on the first BIO related read or write
operation.
For each of the six possible link stage configurations within Win32,
your application must link against the same by which OpenSSL was
built. If you are using MS Visual C++ (Studio) this can be changed
by:
1. Select Settings... from the Project Menu.
2. Select the C/C++ Tab.
3. Select "Code Generation from the "Category" drop down list box
4. Select the Appropriate library (see table below) from the "Use
run-time library" drop down list box. Perform this step for both
your debug and release versions of your application (look at the
top left of the settings panel to change between the two)
Single Threaded /ML - MS VC++ often defaults to
this for the release
version of a new project.
Debug Single Threaded /MLd - MS VC++ often defaults to
this for the debug version
of a new project.
Multithreaded /MT
Debug Multithreaded /MTd
Multithreaded DLL /MD - OpenSSL defaults to this.
Debug Multithreaded DLL /MDd
Note that debug and release libraries are NOT interchangeable. If you
built OpenSSL with /MD your application must use /MD and cannot use /MDd.
* How do I read or write a DER encoded buffer using the ASN1 functions?
You have two options. You can either use a memory BIO in conjunction
with the i2d_XXX_bio() or d2i_XXX_bio() functions or you can use the
i2d_XXX(), d2i_XXX() functions directly. Since these are often the
cause of grief here are some code fragments using PKCS7 as an example:
unsigned char *buf, *p;
int len;
len = i2d_PKCS7(p7, NULL);
buf = OPENSSL_malloc(len); /* or Malloc, error checking omitted */
p = buf;
i2d_PKCS7(p7, &p);
At this point buf contains the len bytes of the DER encoding of
p7.
The opposite assumes we already have len bytes in buf:
unsigned char *p;
p = buf;
p7 = d2i_PKCS7(NULL, &p, len);
At this point p7 contains a valid PKCS7 structure of NULL if an error
occurred. If an error occurred ERR_print_errors(bio) should give more
information.
The reason for the temporary variable 'p' is that the ASN1 functions
increment the passed pointer so it is ready to read or write the next
structure. This is often a cause of problems: without the temporary
variable the buffer pointer is changed to point just after the data
that has been read or written. This may well be uninitialized data
and attempts to free the buffer will have unpredictable results
because it no longer points to the same address.
* I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
This usually happens when you try compiling something using the PKCS#12
macros with a C++ compiler. There is hardly ever any need to use the
PKCS#12 macros in a program, it is much easier to parse and create
PKCS#12 files using the PKCS12_parse() and PKCS12_create() functions
documented in doc/openssl.txt and with examples in demos/pkcs12. The
'pkcs12' application has to use the macros because it prints out
debugging information.
* I've called <some function> and it fails, why?
Before submitting a report or asking in one of the mailing lists, you
should try to determine the cause. In particular, you should call
ERR_print_errors() or ERR_print_errors_fp() after the failed call
and see if the message helps. Note that the problem may occur earlier
than you think -- you should check for errors after every call where
it is possible, otherwise the actual problem may be hidden because
some OpenSSL functions clear the error state.
* I just get a load of numbers for the error output, what do they mean?
The actual format is described in the ERR_print_errors() manual page.
You should call the function ERR_load_crypto_strings() before hand and
the message will be output in text form. If you can't do this (for example
it is a pre-compiled binary) you can use the errstr utility on the error
code itself (the hex digits after the second colon).
* Why do I get errors about unknown algorithms?
This can happen under several circumstances such as reading in an
encrypted private key or attempting to decrypt a PKCS#12 file. The cause
is forgetting to load OpenSSL's table of algorithms with
OpenSSL_add_all_algorithms(). See the manual page for more information.
* Why can't the OpenSSH configure script detect OpenSSL?
Several reasons for problems with the automatic detection exist.
OpenSSH requires at least version 0.9.5a of the OpenSSL libraries.
Sometimes the distribution has installed an older version in the system
locations that is detected instead of a new one installed. The OpenSSL
library might have been compiled for another CPU or another mode (32/64 bits).
Permissions might be wrong.
The general answer is to check the config.log file generated when running
the OpenSSH configure script. It should contain the detailed information
on why the OpenSSL library was not detected or considered incompatible.
* Can I use OpenSSL's SSL library with non-blocking I/O?
Yes; make sure to read the SSL_get_error(3) manual page!
A pitfall to avoid: Don't assume that SSL_read() will just read from
the underlying transport or that SSL_write() will just write to it --
it is also possible that SSL_write() cannot do any useful work until
there is data to read, or that SSL_read() cannot do anything until it
is possible to send data. One reason for this is that the peer may
request a new TLS/SSL handshake at any time during the protocol,
requiring a bi-directional message exchange; both SSL_read() and
SSL_write() will try to continue any pending handshake.
* Why doesn't my server application receive a client certificate?
Due to the TLS protocol definition, a client will only send a certificate,
if explicitly asked by the server. Use the SSL_VERIFY_PEER flag of the
SSL_CTX_set_verify() function to enable the use of client certificates.
* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier?
For OpenSSL 0.9.7 the OID table was extended and corrected. In earlier
versions, uniqueIdentifier was incorrectly used for X.509 certificates.
The correct name according to RFC2256 (LDAP) is x500UniqueIdentifier.
Change your code to use the new name when compiling against OpenSSL 0.9.7.
===============================================================================

80
HACKING.md
View File

@@ -1,80 +0,0 @@
MODIFYING OPENSSL SOURCE
========================
This document describes the way to add custom modifications to OpenSSL
sources.
If you are adding new C source files
------------------------------------
Please update the `build.info` files in the directories where you placed the
C source files, to include a line like this for each new C source file:
- In `crypto/` or any of its subdirectories (intended for `libcrypto`):
SOURCE[../libcrypto]={name-of-C-source-file}
- In `ssl/` or any of its subdirectories (intended for `libssl`):
SOURCE[../libssl]={name-of-C-source-file}
Do note that the path given as the `SOURCE` attribute must be adapted
appropriately for the location of the `build.info` file, as it's a relative
path to where the library itself is built, for example:
- For `crypto/build.info`, the library path should be `../libcrypto`
- For `crypto/evp/build.info`, the library path should be
`../../libcrypto`
- For `ssl/build.info`, the library path should be `../libssl`
- For `ssl/quic/build.info`, the library path should be `../../libssl`
To know more about `build.info` files, please read [doc/internal/man7/build.info.pod].
For better viewing, consider converting it to HTML or PDF using `pod2html`
or `pod2pdf`.
Adding new public functions
---------------------------
If you are adding new public functions to the custom library build, you need to
either add a prototype in one of the existing OpenSSL header files, or
provide a new header file and edit.
Only headers in the `include/openssl` subdirectory are considered for public
functions. If you're creating a new header file, it must be located in that
directory.
Functions declared in `include/openssl` header files are assumed to be part
of the `libcrypto` library unless specified otherwise. *If your new
functions are meant for the `libssl` library*, you will need to edit
[Configurations/unix-Makefile.tmpl] and add the header file name in the
array `my @sslheaders_tmpl`.
Updating OpenSSL's bookkeeping files
------------------------------------
OpenSSL has a few bookkeeping files to keep track of exposed functions, most
importantly `util/libcrypto.num` and `util/libssl.num`. Any time a new
public function - as defined above - is added, these files must be updated.
To make such an update, please do the following:
./Configure -Werror --strict-warnings [your-options]
make update
If you plan to submit the changes you made to OpenSSL (see
[CONTRIBUTING.md]), it's also worth running the following after running
`make update`, to ensure that documentation has correct format.
make doc-nits
Do note that `make update` also generates files related to OIDs (in the
`crypto/objects/` folder) and errors messages.
If a git merge error occurs in one of these generated files, then the
generated files need to be removed and regenerated using `make update`.
To aid in this process, the generated files can be committed separately
so they can be removed easily by reverting that commit.
[doc/internal/man7/build.info.pod]: ./doc/internal/man7/build.info.pod
[Configurations/unix-Makefile.tmpl]: ./Configurations/unix-Makefile.tmpl
[CONTRIBUTING.md]: ./CONTRIBUTING.md

310
INSTALL Normal file
View File

@@ -0,0 +1,310 @@
INSTALLATION ON THE UNIX PLATFORM
---------------------------------
[Installation on DOS (with djgpp), Windows, OpenVMS and MacOS (before MacOS X)
is described in INSTALL.DJGPP, INSTALL.W32, INSTALL.VMS and INSTALL.MacOS.
This document describes installation on operating systems in the Unix
family.]
To install OpenSSL, you will need:
* make
* Perl 5
* an ANSI C compiler
* a development environment in form of development libraries and C
header files
* a supported Unix operating system
Quick Start
-----------
If you want to just get on with it, do:
$ ./config
$ make
$ make test
$ make install
[If any of these steps fails, see section Installation in Detail below.]
This will build and install OpenSSL in the default location, which is (for
historical reasons) /usr/local/ssl. If you want to install it anywhere else,
run config like this:
$ ./config --prefix=/usr/local --openssldir=/usr/local/openssl
Configuration Options
---------------------
There are several options to ./config (or ./Configure) to customize
the build:
--prefix=DIR Install in DIR/bin, DIR/lib, DIR/include/openssl.
Configuration files used by OpenSSL will be in DIR/ssl
or the directory specified by --openssldir.
--openssldir=DIR Directory for OpenSSL files. If no prefix is specified,
the library files and binaries are also installed there.
no-threads Don't try to build with support for multi-threaded
applications.
threads Build with support for multi-threaded applications.
This will usually require additional system-dependent options!
See "Note on multi-threading" below.
no-zlib Don't try to build with support for zlib compression and
decompression.
zlib Build with support for zlib compression/decompression.
zlib-dynamic Like "zlib", but has OpenSSL load the zlib library dynamically
when needed. This is only supported on systems where loading
of shared libraries is supported. This is the default choice.
no-shared Don't try to create shared libraries.
shared In addition to the usual static libraries, create shared
libraries on platforms where it's supported. See "Note on
shared libraries" below.
no-asm Do not use assembler code.
386 Use the 80386 instruction set only (the default x86 code is
more efficient, but requires at least a 486).
no-<cipher> Build without the specified cipher (bf, cast, des, dh, dsa,
hmac, md2, md5, mdc2, rc2, rc4, rc5, rsa, sha).
The crypto/<cipher> directory can be removed after running
"make depend".
-Dxxx, -lxxx, -Lxxx, -fxxx, -Kxxx These system specific options will
be passed through to the compiler to allow you to
define preprocessor symbols, specify additional libraries,
library directories or other compiler options.
Installation in Detail
----------------------
1a. Configure OpenSSL for your operation system automatically:
$ ./config [options]
This guesses at your operating system (and compiler, if necessary) and
configures OpenSSL based on this guess. Run ./config -t to see
if it guessed correctly. If you want to use a different compiler, you
are cross-compiling for another platform, or the ./config guess was
wrong for other reasons, go to step 1b. Otherwise go to step 2.
On some systems, you can include debugging information as follows:
$ ./config -d [options]
1b. Configure OpenSSL for your operating system manually
OpenSSL knows about a range of different operating system, hardware and
compiler combinations. To see the ones it knows about, run
$ ./Configure
Pick a suitable name from the list that matches your system. For most
operating systems there is a choice between using "cc" or "gcc". When
you have identified your system (and if necessary compiler) use this name
as the argument to ./Configure. For example, a "linux-elf" user would
run:
$ ./Configure linux-elf [options]
If your system is not available, you will have to edit the Configure
program and add the correct configuration for your system. The
generic configurations "cc" or "gcc" should usually work on 32 bit
systems.
Configure creates the file Makefile.ssl from Makefile.org and
defines various macros in crypto/opensslconf.h (generated from
crypto/opensslconf.h.in).
2. Build OpenSSL by running:
$ make
This will build the OpenSSL libraries (libcrypto.a and libssl.a) and the
OpenSSL binary ("openssl"). The libraries will be built in the top-level
directory, and the binary will be in the "apps" directory.
If "make" fails, look at the output. There may be reasons for
the failure that aren't problems in OpenSSL itself (like missing
standard headers). If it is a problem with OpenSSL itself, please
report the problem to <openssl-bugs@openssl.org> (note that your
message will be recorded in the request tracker publicly readable
via http://www.openssl.org/rt2.html and will be forwarded to a public
mailing list). Include the output of "make report" in your message.
Please check out the request tracker. Maybe the bug was already
reported or has already been fixed.
[If you encounter assembler error messages, try the "no-asm"
configuration option as an immediate fix.]
Compiling parts of OpenSSL with gcc and others with the system
compiler will result in unresolved symbols on some systems.
3. After a successful build, the libraries should be tested. Run:
$ make test
If a test fails, look at the output. There may be reasons for
the failure that isn't a problem in OpenSSL itself (like a missing
or malfunctioning bc). If it is a problem with OpenSSL itself,
try removing any compiler optimization flags from the CFLAGS line
in Makefile.ssl and run "make clean; make". Please send a bug
report to <openssl-bugs@openssl.org>, including the output of
"make report" in order to be added to the request tracker at
http://www.openssl.org/rt2.html.
4. If everything tests ok, install OpenSSL with
$ make install
This will create the installation directory (if it does not exist) and
then the following subdirectories:
certs Initially empty, this is the default location
for certificate files.
man/man1 Manual pages for the 'openssl' command line tool
man/man3 Manual pages for the libraries (very incomplete)
misc Various scripts.
private Initially empty, this is the default location
for private key files.
If you didn't choose a different installation prefix, the
following additional subdirectories will be created:
bin Contains the openssl binary and a few other
utility programs.
include/openssl Contains the header files needed if you want to
compile programs with libcrypto or libssl.
lib Contains the OpenSSL library files themselves.
Package builders who want to configure the library for standard
locations, but have the package installed somewhere else so that
it can easily be packaged, can use
$ make INSTALL_PREFIX=/tmp/package-root install
(or specify "--install_prefix=/tmp/package-root" as a configure
option). The specified prefix will be prepended to all
installation target filenames.
NOTE: The header files used to reside directly in the include
directory, but have now been moved to include/openssl so that
OpenSSL can co-exist with other libraries which use some of the
same filenames. This means that applications that use OpenSSL
should now use C preprocessor directives of the form
#include <openssl/ssl.h>
instead of "#include <ssl.h>", which was used with library versions
up to OpenSSL 0.9.2b.
If you install a new version of OpenSSL over an old library version,
you should delete the old header files in the include directory.
Compatibility issues:
* COMPILING existing applications
To compile an application that uses old filenames -- e.g.
"#include <ssl.h>" --, it will usually be enough to find
the CFLAGS definition in the application's Makefile and
add a C option such as
-I/usr/local/ssl/include/openssl
to it.
But don't delete the existing -I option that points to
the ..../include directory! Otherwise, OpenSSL header files
could not #include each other.
* WRITING applications
To write an application that is able to handle both the new
and the old directory layout, so that it can still be compiled
with library versions up to OpenSSL 0.9.2b without bothering
the user, you can proceed as follows:
- Always use the new filename of OpenSSL header files,
e.g. #include <openssl/ssl.h>.
- Create a directory "incl" that contains only a symbolic
link named "openssl", which points to the "include" directory
of OpenSSL.
For example, your application's Makefile might contain the
following rule, if OPENSSLDIR is a pathname (absolute or
relative) of the directory where OpenSSL resides:
incl/openssl:
-mkdir incl
cd $(OPENSSLDIR) # Check whether the directory really exists
-ln -s `cd $(OPENSSLDIR); pwd`/include incl/openssl
You will have to add "incl/openssl" to the dependencies
of those C files that include some OpenSSL header file.
- Add "-Iincl" to your CFLAGS.
With these additions, the OpenSSL header files will be available
under both name variants if an old library version is used:
Your application can reach them under names like <openssl/foo.h>,
while the header files still are able to #include each other
with names of the form <foo.h>.
Note on multi-threading
-----------------------
For some systems, the OpenSSL Configure script knows what compiler options
are needed to generate a library that is suitable for multi-threaded
applications. On these systems, support for multi-threading is enabled
by default; use the "no-threads" option to disable (this should never be
necessary).
On other systems, to enable support for multi-threading, you will have
to specify at least two options: "threads", and a system-dependent option.
(The latter is "-D_REENTRANT" on various systems.) The default in this
case, obviously, is not to include support for multi-threading (but
you can still use "no-threads" to suppress an annoying warning message
from the Configure script.)
Note on shared libraries
------------------------
Shared library is currently an experimental feature. The only reason to
have them would be to conserve memory on systems where several program
are using OpenSSL. Binary backward compatibility can't be guaranteed
before OpenSSL version 1.0.
For some systems, the OpenSSL Configure script knows what is needed to
build shared libraries for libcrypto and libssl. On these systems,
the shared libraries are currently not created by default, but giving
the option "shared" will get them created. This method supports Makefile
targets for shared library creation, like linux-shared. Those targets
can currently be used on their own just as well, but this is expected
to change in future versions of OpenSSL.
Note on random number generation
--------------------------------
Availability of cryptographically secure random numbers is required for
secret key generation. OpenSSL provides several options to seed the
internal PRNG. If not properly seeded, the internal PRNG will refuse
to deliver random bytes and a "PRNG not seeded error" will occur.
On systems without /dev/urandom (or similar) device, it may be necessary
to install additional support software to obtain random seed.
Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(),
and the FAQ for more information.

34
INSTALL.DJGPP Normal file
View File

@@ -0,0 +1,34 @@
INSTALLATION ON THE DOS PLATFORM WITH DJGPP
-------------------------------------------
Openssl has been ported to DOS, but only with long filename support. If
you wish to compile on native DOS with 8+3 filenames, you will have to
tweak the installation yourself, including renaming files with illegal
or duplicate names.
You should have a full DJGPP environment installed, including the
latest versions of DJGPP, GCC, BINUTILS, BASH, etc. This package
requires that PERL and BC also be installed.
All of these can be obtained from the usual DJGPP mirror sites, such
as "ftp://ftp.simtel.net/pub/simtelnet/gnu/djgpp". You also need to
have the WATT-32 networking package installed before you try to compile
openssl. This can be obtained from "http://www.bgnett.no/~giva/".
The Makefile assumes that the WATT-32 code is in the directory
specified by the environment variable WATT_ROOT. If you have watt-32
in directory "watt32" under your main DJGPP directory, specify
WATT_ROOT="/dev/env/DJDIR/watt32".
To compile openssl, start your BASH shell. Then configure for DOS by
running "./Configure" with appropriate arguments. The basic syntax for
DOS is:
./Configure no-threads --prefix=/dev/env/DJDIR DJGPP
You may run out of DPMI selectors when running in a DOS box under
Windows. If so, just close the BASH shell, go back to Windows, and
restart BASH. Then run "make" again.
Building openssl under DJGPP has been tested with DJGPP 2.03,
GCC 2.952, GCC 2.953, perl 5.005_02 and perl 5.006_01.

72
INSTALL.MacOS Normal file
View File

@@ -0,0 +1,72 @@
OpenSSL - Port To The Macintosh OS 9 or Earlier
===============================================
Thanks to Roy Wood <roy@centricsystems.ca> initial support for Mac OS (pre
X) is now provided. "Initial" means that unlike other platforms where you
get an SDK and a "swiss army" openssl application, on Macintosh you only
get one sample application which fetches a page over HTTPS(*) and dumps it
in a window. We don't even build the test applications so that we can't
guarantee that all algorithms are operational.
Required software:
- StuffIt Expander 5.5 or later, alternatively MacGzip and SUNtar;
- Scriptable Finder;
- CodeWarrior Pro 5;
Installation procedure:
- fetch the source at ftp://ftp.openssl.org/ (well, you probably already
did, huh?)
- unpack the .tar.gz file:
- if you have StuffIt Expander then just drag it over it;
- otherwise uncompress it with MacGzip and then unpack with SUNtar;
- locate MacOS folder in OpenSSL source tree and open it;
- unbinhex mklinks.as.hqx and OpenSSL.mcp.hqx if present (**), do it
"in-place", i.e. unpacked files should end-up in the very same folder;
- execute mklinks.as;
- open OpenSSL.mcp(***) and build 'GetHTTPS PPC' target(****);
- that's it for now;
(*) URL is hardcoded into ./MacOS/GetHTTPS.src/GetHTTPS.cpp, lines 40
to 42, change appropriately.
(**) If you use SUNtar, then it might have already unbinhexed the files
in question.
(***) The project file was saved with CW Pro 5.3. If you have an earlier
version and it refuses to open it, then download
http://www.openssl.org/~appro/OpenSSL.mcp.xml and import it
overwriting the original OpenSSL.mcp.
(****) Other targets are works in progress. If you feel like giving 'em a
shot, then you should know that OpenSSL* and Lib* targets are
supposed to be built with the GUSI, MacOS library which mimics
BSD sockets and some other POSIX APIs. The GUSI distribution is
expected to be found in the same directory as the openssl source tree,
i.e., in the parent directory to the one where this very file,
namely INSTALL.MacOS, resides. For more information about GUSI, see
http://www.iis.ee.ethz.ch/~neeri/macintosh/gusi-qa.html
Finally some essential comments from our generous contributor:-)
"I've gotten OpenSSL working on the Macintosh. It's probably a bit of a
hack, but it works for what I'm doing. If you don't like the way I've done
it, then feel free to change what I've done. I freely admit that I've done
some less-than-ideal things in my port, and if you don't like the way I've
done something, then feel free to change it-- I won't be offended!
... I've tweaked "bss_sock.c" a little to call routines in a "MacSocket"
library I wrote. My MacSocket library is a wrapper around OpenTransport,
handling stuff like endpoint creation, reading, writing, etc. It is not
designed as a high-performance package such as you'd use in a webserver,
but is fine for lots of other applications. MacSocket also uses some other
code libraries I've written to deal with string manipulations and error
handling. Feel free to use these things in your own code, but give me
credit and/or send me free stuff in appreciation! :-)
...
If you have any questions, feel free to email me as the following:
roy@centricsystems.ca
-Roy Wood"

31
INSTALL.OS2 Normal file
View File

@@ -0,0 +1,31 @@
Installation on OS/2
--------------------
You need to have the following tools installed:
* EMX GCC
* PERL
* GNU make
To build the makefile, run
> os2\os2-emx
This will configure OpenSSL and create OS2-EMX.mak which you then use to
build the OpenSSL libraries & programs by running
> make -f os2-emx.mak
If that finishes successfully you will find the libraries and programs in the
"out" directory.
Alternatively, you can make a dynamic build that puts the library code into
crypto.dll and ssl.dll by running
> make -f os2-emx-dll.mak
This will build the above mentioned dlls and a matching pair of import
libraries in the "out_dll" directory along with the set of test programs
and the openssl application.

299
INSTALL.VMS Normal file
View File

@@ -0,0 +1,299 @@
VMS Installation instructions
written by Richard Levitte
<richard@levitte.org>
Intro:
======
This file is divided in the following parts:
Requirements - Mandatory reading.
Checking the distribution - Mandatory reading.
Compilation - Mandatory reading.
Logical names - Mandatory reading.
Test - Mandatory reading.
Installation - Mandatory reading.
Backward portability - Read if it's an issue.
Possible bugs or quirks - A few warnings on things that
may go wrong or may surprise you.
TODO - Things that are to come.
Requirements:
=============
To build and install OpenSSL, you will need:
* DEC C or some other ANSI C compiler. VAX C is *not* supported.
[Note: OpenSSL has only been tested with DEC C. Compiling with
a different ANSI C compiler may require some work]
Checking the distribution:
==========================
There have been reports of places where the distribution didn't quite get
through, for example if you've copied the tree from a NFS-mounted Unix
mount point.
The easiest way to check if everything got through as it should is to check
for one of the following files:
[.CRYPTO]OPENSSLCONF.H_IN
[.CRYPTO]OPENSSLCONF_H.IN
They should never exist both at once, but one of them should (preferably
the first variant). If you can't find any of those two, something went
wrong.
The best way to get a correct distribution is to download the gzipped tar
file from ftp://ftp.openssl.org/source/, use GUNZIP to uncompress it and
use VMSTAR to unpack the resulting tar file.
GUNZIP is available in many places on the net. One of the distribution
points is the WKU software archive, ftp://ftp.wku.edu/vms/fileserv/ .
VMSTAR is also available in many places on the net. The recommended place
to find information about it is http://www.free.lp.se/vmstar/ .
Compilation:
============
I've used the very good command procedures written by Robert Byer
<byer@mail.all-net.net>, and just slightly modified them, making
them slightly more general and easier to maintain.
You can actually compile in almost any directory separately. Look
for a command procedure name xxx-LIB.COM (in the library directories)
or MAKExxx.COM (in the program directories) and read the comments at
the top to understand how to use them. However, if you want to
compile all you can get, the simplest is to use MAKEVMS.COM in the top
directory. The syntax is the following:
@MAKEVMS <option> <rsaref-p> <debug-p> [<compiler>]
<option> must be one of the following:
ALL Just build "everything".
CONFIG Just build the "[.CRYPTO]OPENSSLCONF.H" file.
BUILDINF Just build the "[.INCLUDE]BUILDINF.H" file.
SOFTLINKS Just copies some files, to simulate Unix soft links.
BUILDALL Same as ALL, except CONFIG, BUILDINF and SOFTLINKS aren't done.
RSAREF Just build the "[.xxx.EXE.RSAREF]LIBRSAGLUE.OLB" library.
CRYPTO Just build the "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" library.
SSL Just build the "[.xxx.EXE.SSL]LIBSSL.OLB" library.
SSL_TASK Just build the "[.xxx.EXE.SSL]SSL_TASK.EXE" program.
TEST Just build the "[.xxx.EXE.TEST]" test programs for OpenSSL.
APPS Just build the "[.xxx.EXE.APPS]" application programs for OpenSSL.
<rsaref-p> must be one of the following:
RSAREF compile using the RSAREF Library
NORSAREF compile without using RSAREF
Note 0: The RSAREF library IS NO LONGER NEEDED. The RSA patent
expires September 20, 2000, and RSA Security chose to make
the algorithm public domain two weeks before that.
Note 1: If you still want to use RSAREF, the library is NOT INCLUDED
and you have to download it. RSA Security doesn't carry it
any more, but there are a number of places where you can find
it. You have to get the ".tar-Z" file as the ".zip" file
doesn't have the directory structure stored. You have to
extract the file into the [.RSAREF] directory as that is where
the scripts will look for the files.
Note 2: I have never done this, so I've no idea if it works or not.
<debug-p> must be one of the following:
DEBUG compile with debugging info (will not optimize)
NODEBUG compile without debugging info (will optimize)
<compiler> must be one of the following:
DECC For DEC C.
GNUC For GNU C.
You will find the crypto library in [.xxx.EXE.CRYPTO], called LIBCRYPTO.OLB,
where xxx is VAX or AXP. You will find the SSL library in [.xxx.EXE.SSL],
named LIBSSL.OLB, and you will find a bunch of useful programs in
[.xxx.EXE.APPS]. However, these shouldn't be used right off unless it's
just to test them. For production use, make sure you install first, see
Installation below.
Note 1: Some programs in this package require a TCP/IP library.
Note 2: if you want to compile the crypto library only, please make sure
you have at least done a @MAKEVMS CONFIG, a @MAKEVMS BUILDINF and
a @MAKEVMS SOFTLINKS. A lot of things will break if you don't.
Logical names:
==============
There are a few things that can't currently be given through the command
line. Instead, logical names are used.
Currently, the logical names supported are:
OPENSSL_NO_ASM with value YES, the assembler parts of OpenSSL will
not be used. Instead, plain C implementations are
used. This is good to try if something doesn't work.
OPENSSL_NO_'alg' with value YES, the corresponding crypto algorithm
will not be implemented. Supported algorithms to
do this with are: RSA, DSA, DH, MD2, MD4, MD5, RIPEMD,
SHA, DES, MDC2, CR2, RC4, RC5, IDEA, BF, CAST, HMAC,
SSL2. So, for example, having the logical name
OPENSSL_NO_RSA with the value YES means that the
LIBCRYPTO.OLB library will not contain an RSA
implementation.
Test:
=====
Testing is very simple, just do the following:
@[.TEST]TESTS
If a test fails, try with defining the logical name OPENSSL_NO_ASM (yes,
it's an ugly hack!) and rebuild. Please send a bug report to
<openssl-bugs@openssl.org>, including the output of "openssl version -a"
and of the failed test.
Installation:
=============
Installation is easy, just do the following:
@INSTALL <root>
<root> is the directory in which everything will be installed,
subdirectories, libraries, header files, programs and startup command
procedures.
N.B.: INSTALL.COM builds a new directory structure, different from
the directory tree where you have now build OpenSSL.
In the [.VMS] subdirectory of the installation, you will find the
following command procedures:
OPENSSL_STARTUP.COM
defines all needed logical names. Takes one argument that
tells it in what logical name table to insert the logical
names. If you insert if it SYS$MANAGER:SYSTARTUP_VMS.COM, the
call should look like this:
@openssldev:[openssldir.VMS]OPENSSL_STARTUP "/SYSTEM"
OPENSSL_UTILS.COM
sets up the symbols to the applications. Should be called
from for example SYS$MANAGER:SYLOGIN.COM
The logical names that are set up are the following:
SSLROOT a dotted concealed logical name pointing at the
root directory.
SSLCERTS Initially an empty directory, this is the default
location for certificate files.
SSLMISC Various scripts.
SSLPRIVATE Initially an empty directory, this is the default
location for private key files.
SSLEXE Contains the openssl binary and a few other utility
programs.
SSLINCLUDE Contains the header files needed if you want to
compile programs with libcrypto or libssl.
SSLLIB Contains the OpenSSL library files (LIBCRYPTO.OLB
and LIBSSL.OLB) themselves.
OPENSSL Same as SSLINCLUDE. This is because the standard
way to include OpenSSL header files from version
0.9.3 and on is:
#include <openssl/header.h>
For more info on this issue, see the INSTALL. file
(the NOTE in section 4 of "Installation in Detail").
You don't need to "deleting old header files"!!!
Backward portability:
=====================
One great problem when you build a library is making sure it will work
on as many versions of VMS as possible. Especially, code compiled on
OpenVMS version 7.x and above tend to be unusable in version 6.x or
lower, because some C library routines have changed names internally
(the C programmer won't usually see it, because the old name is
maintained through C macros). One obvious solution is to make sure
you have a development machine with an old enough version of OpenVMS.
However, if you are stuck with a bunch of Alphas running OpenVMS version
7.1, you seem to be out of luck. Fortunately, the DEC C header files
are cluttered with conditionals that make some declarations and definitions
dependent on the OpenVMS version or the C library version, *and* you
can use those macros to simulate older OpenVMS or C library versions,
by defining the macros _VMS_V6_SOURCE, __VMS_VER and __CTRL_VER with
correct values. In the compilation scripts, I've provided the possibility
for the user to influence the creation of such macros, through a bunch of
symbols, all having names starting with USER_. Here's the list of them:
USER_CCFLAGS - Used to give additional qualifiers to the
compiler. It can't be used to define macros
since the scripts will do such things as well.
To do such things, use USER_CCDEFS.
USER_CCDEFS - Used to define macros on the command line. The
value of this symbol will be inserted inside a
/DEFINE=(...).
USER_CCDISABLEWARNINGS - Used to disable some warnings. The value is
inserted inside a /DISABLE=WARNING=(...).
So, to maintain backward compatibility with older VMS versions, do the
following before you start compiling:
$ USER_CCDEFS := _VMS_V6_SOURCE=1,__VMS_VER=60000000,__CRTL_VER=60000000
$ USER_CCDISABLEWARNINGS := PREOPTW
The USER_CCDISABLEWARNINGS is there because otherwise, DEC C will complain
that those macros have been changed.
Note: Currently, this is only useful for library compilation. The
programs will still be linked with the current version of the
C library shareable image, and will thus complain if they are
faced with an older version of the same C library shareable image.
This will probably be fixed in a future revision of OpenSSL.
Possible bugs or quirks:
========================
I'm not perfectly sure all the programs will use the SSLCERTS:
directory by default, it may very well be that you have to give them
extra arguments. Please experiment.
TODO:
=====
There are a few things that need to be worked out in the VMS version of
OpenSSL, still:
- Description files. ("Makefile's" :-))
- Script code to link an already compiled build tree.
- A VMSINSTALlable version (way in the future, unless someone else hacks).
- shareable images (DLL for you Windows folks).
There may be other things that I have missed and that may be desirable.
Please send mail to <openssl-users@openssl.org> or to me directly if you
have any ideas.
--
Richard Levitte <richard@levitte.org>
2000-02-27

277
INSTALL.W32 Normal file
View File

@@ -0,0 +1,277 @@
INSTALLATION ON THE WIN32 PLATFORM
----------------------------------
[Instructions for building for Windows CE can be found in INSTALL.WCE]
Heres a few comments about building OpenSSL in Windows environments. Most
of this is tested on Win32 but it may also work in Win 3.1 with some
modification.
You need Perl for Win32. Unless you will build on Cygwin, you will need
ActiveState Perl, available from http://www.activestate.com/ActivePerl.
For Cygwin users, there's more info in the Cygwin section.
and one of the following C compilers:
* Visual C++
* Borland C
* GNU C (Mingw32 or Cygwin)
If you want to compile in the assembly language routines with Visual C++ then
you will need an assembler. This is worth doing because it will result in
faster code: for example it will typically result in a 2 times speedup in the
RSA routines. Currently the following assemblers are supported:
* Microsoft MASM (aka "ml")
* Free Netwide Assembler NASM.
MASM was at one point distributed with VC++. It is now distributed with some
Microsoft DDKs, for example the Windows NT 4.0 DDK and the Windows 98 DDK. If
you do not have either of these DDKs then you can just download the binaries
for the Windows 98 DDK and extract and rename the two files XXXXXml.exe and
XXXXXml.err, to ml.exe and ml.err and install somewhere on your PATH. Both
DDKs can be downloaded from the Microsoft developers site www.msdn.com.
NASM is freely available. Version 0.98 was used during testing: other versions
may also work. It is available from many places, see for example:
http://www.kernel.org/pub/software/devel/nasm/binaries/win32/
The NASM binary nasmw.exe needs to be installed anywhere on your PATH.
If you are compiling from a tarball or a CVS snapshot then the Win32 files
may well be not up to date. This may mean that some "tweaking" is required to
get it all to work. See the trouble shooting section later on for if (when?)
it goes wrong.
Visual C++
----------
Firstly you should run Configure:
> perl Configure VC-WIN32
Next you need to build the Makefiles and optionally the assembly language
files:
- If you are using MASM then run:
> ms\do_masm
- If you are using NASM then run:
> ms\do_nasm
- If you don't want to use the assembly language files at all then run:
> ms\do_ms
If you get errors about things not having numbers assigned then check the
troubleshooting section: you probably won't be able to compile it as it
stands.
Then from the VC++ environment at a prompt do:
> nmake -f ms\ntdll.mak
If all is well it should compile and you will have some DLLs and executables
in out32dll. If you want to try the tests then do:
> cd out32dll
> ..\ms\test
Tweaks:
There are various changes you can make to the Win32 compile environment. By
default the library is not compiled with debugging symbols. If you add 'debug'
to the mk1mf.pl lines in the do_* batch file then debugging symbols will be
compiled in. Note that mk1mf.pl expects the platform to be the last argument
on the command line, so 'debug' must appear before that, as all other options.
The default Win32 environment is to leave out any Windows NT specific
features.
If you want to enable the NT specific features of OpenSSL (currently only the
logging BIO) follow the instructions above but call the batch file do_nt.bat
instead of do_ms.bat.
You can also build a static version of the library using the Makefile
ms\nt.mak
Borland C++ builder 5
---------------------
* Configure for building with Borland Builder:
> perl Configure BC-32
* Create the appropriate makefile
> ms\do_nasm
* Build
> make -f ms\bcb.mak
Borland C++ builder 3 and 4
---------------------------
* Setup PATH. First must be GNU make then bcb4/bin
* Run ms\bcb4.bat
* Run make:
> make -f bcb.mak
GNU C (Mingw32)
---------------
To build OpenSSL, you need the Mingw32 package and GNU make.
* Compiler installation:
Mingw32 is available from <ftp://ftp.xraylith.wisc.edu/pub/khan/
gnu-win32/mingw32/gcc-2.95.2/gcc-2.95.2-msvcrt.exe>. Extract it
to a directory such as C:\gcc-2.95.2 and add c:\gcc-2.95.2\bin to
the PATH environment variable in "System Properties"; or edit and
run C:\gcc-2.95.2\mingw32.bat to set the PATH.
* Compile OpenSSL:
> ms\mingw32
This will create the library and binaries in out. In case any problems
occur, try
> ms\mingw32 no-asm
instead.
libcrypto.a and libssl.a are the static libraries. To use the DLLs,
link with libeay32.a and libssl32.a instead.
See troubleshooting if you get error messages about functions not having
a number assigned.
* You can now try the tests:
> cd out
> ..\ms\test
GNU C (Cygwin)
--------------
Cygwin provides a bash shell and GNU tools environment running
on NT 4.0, Windows 9x, Windows ME, Windows 2000, and Windows XP.
Consequently, a make of OpenSSL with Cygwin is closer to a GNU
bash environment such as Linux than to other W32 makes which are
based on a single makefile approach. Cygwin implements Posix/Unix
calls through cygwin1.dll, and is contrasted to Mingw32 which links
dynamically to msvcrt.dll or crtdll.dll.
To build OpenSSL using Cygwin:
* Install Cygwin (see http://cygwin.com/)
* Install Perl and ensure it is in the path (recent Cygwin perl
(version 5.6.1-2 of the latter has been reported to work) or
ActivePerl)
* Run the Cygwin bash shell
* $ tar zxvf openssl-x.x.x.tar.gz
$ cd openssl-x.x.x
$ ./config
[...]
$ make
[...]
$ make test
$ make install
This will create a default install in /usr/local/ssl.
Cygwin Notes:
"make test" and normal file operations may fail in directories
mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin
stripping of carriage returns. To avoid this ensure that a binary
mount is used, e.g. mount -b c:\somewhere /home.
"bc" is not provided in older Cygwin distribution. This causes a
non-fatal error in "make test" but is otherwise harmless. If
desired and needed, GNU bc can be built with Cygwin without change.
Installation
------------
If you used the Cygwin procedure above, you have already installed and
can skip this section. For all other procedures, there's currently no real
installation procedure for Win32. There are, however, some suggestions:
- do nothing. The include files are found in the inc32/ subdirectory,
all binaries are found in out32dll/ or out32/ depending if you built
dynamic or static libraries.
- do as is written in INSTALL.Win32 that comes with modssl:
$ md c:\openssl
$ md c:\openssl\bin
$ md c:\openssl\lib
$ md c:\openssl\include
$ md c:\openssl\include\openssl
$ copy /b inc32\* c:\openssl\include\openssl
$ copy /b out32dll\ssleay32.lib c:\openssl\lib
$ copy /b out32dll\libeay32.lib c:\openssl\lib
$ copy /b out32dll\ssleay32.dll c:\openssl\bin
$ copy /b out32dll\libeay32.dll c:\openssl\bin
$ copy /b out32dll\openssl.exe c:\openssl\bin
Of course, you can choose another device than c:. C: is used here
because that's usually the first (and often only) harddisk device.
Note: in the modssl INSTALL.Win32, p: is used rather than c:.
Troubleshooting
---------------
Since the Win32 build is only occasionally tested it may not always compile
cleanly. If you get an error about functions not having numbers assigned
when you run ms\do_ms then this means the Win32 ordinal files are not up to
date. You can do:
> perl util\mkdef.pl crypto ssl update
then ms\do_XXX should not give a warning any more. However the numbers that
get assigned by this technique may not match those that eventually get
assigned in the CVS tree: so anything linked against this version of the
library may need to be recompiled.
If you get errors about unresolved symbols there are several possible
causes.
If this happens when the DLL is being linked and you have disabled some
ciphers then it is possible the DEF file generator hasn't removed all
the disabled symbols: the easiest solution is to edit the DEF files manually
to delete them. The DEF files are ms\libeay32.def ms\ssleay32.def.
Another cause is if you missed or ignored the errors about missing numbers
mentioned above.
If you get warnings in the code then the compilation will halt.
The default Makefile for Win32 halts whenever any warnings occur. Since VC++
has its own ideas about warnings which don't always match up to other
environments this can happen. The best fix is to edit the file with the
warning in and fix it. Alternatively you can turn off the halt on warnings by
editing the CFLAG line in the Makefile and deleting the /WX option.
You might get compilation errors. Again you will have to fix these or report
them.
One final comment about compiling applications linked to the OpenSSL library.
If you don't use the multithreaded DLL runtime library (/MD option) your
program will almost certainly crash because malloc gets confused -- the
OpenSSL DLLs are statically linked to one version, the application must
not use a different one. You might be able to work around such problems
by adding CRYPTO_malloc_init() to your program before any calls to the
OpenSSL libraries: This tells the OpenSSL libraries to use the same
malloc(), free() and realloc() as the application. However there are many
standard library functions used by OpenSSL that call malloc() internally
(e.g. fopen()), and OpenSSL cannot change these; so in general you cannot
rely on CRYPTO_malloc_init() solving your problem, and you should
consistently use the multithreaded library.

Some files were not shown because too many files have changed in this diff Show More