# It does this by parsing the header files and looking for the
# prototyped functions: it then prunes the output.
#
-# Intermediary files are created, call libeay.num and ssleay.num,
+# Intermediary files are created, call libcrypto.num and libssl.num,
# The format of these files is:
#
-# routine-name nnnn info
+# routine-name nnnn vers info
#
-# and the "info" part is actually a colon-separated string of fields with
-# the following meaning:
+# The "nnnn" and "vers" fields are the numeric id and version for the symbol
+# respectively. The "info" part is actually a colon-separated string of fields
+# with the following meaning:
#
# existence:platform:kind:algorithms
#
# exclude.
#
+use lib ".";
+use configdata;
+use File::Spec::Functions;
+
my $debug=0;
-my $crypto_num= "util/libeay.num";
-my $ssl_num= "util/ssleay.num";
+my $crypto_num= catfile($config{sourcedir},"util","libcrypto.num");
+my $ssl_num= catfile($config{sourcedir},"util","libssl.num");
my $libname;
my $do_update = 0;
my $VMS=0;
my $W32=0;
my $NT=0;
-my $OS2=0;
+my $linux=0;
# Set this to make typesafe STACK definitions appear in DEF
my $safe_stack_def = 0;
my @known_platforms = ( "__FreeBSD__", "PERL5",
- "EXPORT_VAR_AS_FUNCTION", "ZLIB",
- "OPENSSL_FIPS", "OPENSSL_FIPSCAPABLE" );
+ "EXPORT_VAR_AS_FUNCTION", "ZLIB"
+ );
my @known_ossl_platforms = ( "VMS", "WIN32", "WINNT", "OS2" );
my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
"CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1",
"SHA256", "SHA512", "RMD160",
- "MDC2", "WHIRLPOOL", "RSA", "DSA", "DH", "EC", "ECDH", "ECDSA", "EC2M",
+ "MDC2", "WHIRLPOOL", "RSA", "DSA", "DH", "EC", "EC2M",
"HMAC", "AES", "CAMELLIA", "SEED", "GOST",
- "SCRYPT",
+ "SCRYPT", "CHACHA", "POLY1305", "BLAKE2",
# EC_NISTP_64_GCC_128
"EC_NISTP_64_GCC_128",
# Envelope "algorithms"
"LOCKING",
# External "algorithms"
"FP_API", "STDIO", "SOCK", "DGRAM",
+ "CRYPTO_MDEBUG",
# Engines
"STATIC_ENGINE", "ENGINE", "HW", "GMP",
- # X.509v3 Signed Certificate Timestamps
- "SCT",
+ # Entropy Gathering
+ "EGD",
+ # Certificate Transparency
+ "CT",
# RFC3779
"RFC3779",
# TLS
"CMS",
# CryptoAPI Engine
"CAPIENG",
- # SSL v3 method
- "SSL3_METHOD",
- # JPAKE
- "JPAKE",
+ # SSL methods
+ "SSL3_METHOD", "TLS1_METHOD", "TLS1_1_METHOD", "TLS1_2_METHOD", "DTLS1_METHOD", "DTLS1_2_METHOD",
# NEXTPROTONEG
"NEXTPROTONEG",
# Deprecated functions
- "DEPRECATED",
+ "DEPRECATEDIN_0_9_8",
+ "DEPRECATEDIN_1_0_0",
+ "DEPRECATEDIN_1_1_0",
# SCTP
"SCTP",
# SRTP
"SSL_TRACE",
# Unit testing
"UNIT_TEST",
+ # User Interface
+ "UI",
+ #
+ "TS",
# OCB mode
"OCB",
# APPLINK (win build feature?)
"APPLINK"
);
-my $options="";
-open(IN,"<Makefile") || die "unable to open Makefile!\n";
-while(<IN>) {
- $options=$1 if (/^OPTIONS=(.*)$/);
+my %disabled_algorithms;
+
+foreach (@known_algorithms) {
+ $disabled_algorithms{$_} = 0;
}
-close(IN);
-
-# The following ciphers may be excluded (by Configure). This means functions
-# defined with ifndef(NO_XXX) are not included in the .def file, and everything
-# in directory xxx is ignored.
-my $no_rc2; my $no_rc4; my $no_rc5; my $no_idea; my $no_des; my $no_bf;
-my $no_cast; my $no_whirlpool; my $no_camellia; my $no_seed;
-my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
-my $no_rsa; my $no_dsa; my $no_dh; my $no_aes; my $no_scrypt;
-my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw;
-my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;
-my $no_sct; my $no_rfc3779; my $no_psk; my $no_cms; my $no_capieng;
-my $no_jpake; my $no_srp; my $no_ec2m; my $no_nistp_gcc;
-my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_ssl_trace;
-my $no_unit_test; my $no_ssl3_method; my $no_ocb;
-
-my $fips;
+# disabled by default
+$disabled_algorithms{"STATIC_ENGINE"} = 1;
my $zlib;
-
-foreach (@ARGV, split(/ /, $options))
+foreach (@ARGV, split(/ /, $config{options}))
{
$debug=1 if $_ eq "debug";
$W32=1 if $_ eq "32";
$VMS=1;
$VMSNonVAX=1;
}
- $VMS=1 if $_ eq "VMS";
- $OS2=1 if $_ eq "OS2";
- $fips=1 if /^fips/;
+ if ($_ eq "linux") {
+ $linux=1;
+ }
+ $VMS=$VMSNonVAX=1 if $_ eq "VMS";
if ($_ eq "zlib" || $_ eq "enable-zlib" || $_ eq "zlib-dynamic"
|| $_ eq "enable-zlib-dynamic") {
$zlib = 1;
}
- $do_ssl=1 if $_ eq "ssleay";
+ $do_ssl=1 if $_ eq "libssl";
if ($_ eq "ssl") {
$do_ssl=1;
$libname=$_
}
- $do_crypto=1 if $_ eq "libeay";
+ $do_crypto=1 if $_ eq "libcrypto";
if ($_ eq "crypto") {
$do_crypto=1;
$libname=$_;
}
- $no_static_engine=1 if $_ eq "no-static-engine";
- $no_static_engine=0 if $_ eq "enable-static-engine";
$do_update=1 if $_ eq "update";
$do_rewrite=1 if $_ eq "rewrite";
$do_ctest=1 if $_ eq "ctest";
$do_ctestall=1 if $_ eq "ctestall";
$do_checkexist=1 if $_ eq "exist";
- #$safe_stack_def=1 if $_ eq "-DDEBUG_SAFESTACK";
-
- if (/^no-rc2$/) { $no_rc2=1; }
- elsif (/^no-rc4$/) { $no_rc4=1; }
- elsif (/^no-rc5$/) { $no_rc5=1; }
- elsif (/^no-idea$/) { $no_idea=1; }
- elsif (/^no-des$/) { $no_des=1; $no_mdc2=1; }
- elsif (/^no-bf$/) { $no_bf=1; }
- elsif (/^no-cast$/) { $no_cast=1; }
- elsif (/^no-whirlpool$/) { $no_whirlpool=1; }
- elsif (/^no-md2$/) { $no_md2=1; }
- elsif (/^no-md4$/) { $no_md4=1; }
- elsif (/^no-md5$/) { $no_md5=1; }
- elsif (/^no-sha$/) { $no_sha=1; }
- elsif (/^no-ripemd$/) { $no_ripemd=1; }
- elsif (/^no-mdc2$/) { $no_mdc2=1; }
- elsif (/^no-rsa$/) { $no_rsa=1; }
- elsif (/^no-dsa$/) { $no_dsa=1; }
- elsif (/^no-dh$/) { $no_dh=1; }
- elsif (/^no-ec$/) { $no_ec=1; }
- elsif (/^no-ecdsa$/) { $no_ecdsa=1; }
- elsif (/^no-ecdh$/) { $no_ecdh=1; }
- elsif (/^no-aes$/) { $no_aes=1; }
- elsif (/^no-camellia$/) { $no_camellia=1; }
- elsif (/^no-seed$/) { $no_seed=1; }
- elsif (/^no-scrypt$/) { $no_scrypt=1; }
- elsif (/^no-evp$/) { $no_evp=1; }
- elsif (/^no-lhash$/) { $no_lhash=1; }
- elsif (/^no-stack$/) { $no_stack=1; }
- elsif (/^no-err$/) { $no_err=1; }
- elsif (/^no-buffer$/) { $no_buffer=1; }
- elsif (/^no-bio$/) { $no_bio=1; }
- #elsif (/^no-locking$/) { $no_locking=1; }
- elsif (/^no-comp$/) { $no_comp=1; }
- elsif (/^no-dso$/) { $no_dso=1; }
- elsif (/^no-engine$/) { $no_engine=1; }
- elsif (/^no-hw$/) { $no_hw=1; }
- elsif (/^no-gmp$/) { $no_gmp=1; }
- elsif (/^no-sct$/) { $no_sct=1; }
- elsif (/^no-rfc3779$/) { $no_rfc3779=1; }
- elsif (/^no-cms$/) { $no_cms=1; }
- elsif (/^no-ec2m$/) { $no_ec2m=1; }
- elsif (/^no-ec-nistp224-64-gcc-128$/) { $no_nistp_gcc=1; }
- elsif (/^no-nextprotoneg$/) { $no_nextprotoneg=1; }
- elsif (/^no-ssl3-method$/) { $no_ssl3_method=1; }
- elsif (/^no-ssl-trace$/) { $no_ssl_trace=1; }
- elsif (/^no-capieng$/) { $no_capieng=1; }
- elsif (/^no-jpake$/) { $no_jpake=1; }
- elsif (/^no-srp$/) { $no_srp=1; }
- elsif (/^no-sctp$/) { $no_sctp=1; }
- elsif (/^no-srtp$/) { $no_srtp=1; }
- elsif (/^no-unit-test$/){ $no_unit_test=1; }
- elsif (/^no-deprecated$/) { $no_deprecated=1; }
- elsif (/^no-ocb/){ $no_ocb=1; }
+ if (/^--api=(\d+)\.(\d+)\.(\d+)$/) {
+ my $apiv = sprintf "%x%02x%02x", $1, $2, $3;
+ foreach (keys %disabled_algorithms) {
+ if (/^DEPRECATEDIN_(\d+)_(\d+)_(\d+)$/) {
+ my $depv = sprintf "%x%02x%02x", $1, $2, $3;
+ $disabled_algorithms{$_} = 1 if $apiv ge $depv;
+ }
+ }
+ }
+ if (/^no-deprecated$/) {
+ foreach (keys %disabled_algorithms) {
+ if (/^DEPRECATEDIN_/) {
+ $disabled_algorithms{$_} = 1;
+ }
+ }
+ }
+ elsif (/^(enable|disable|no)-(.*)$/) {
+ my $alg = uc $2;
+ $alg =~ tr/-/_/;
+ if (exists $disabled_algorithms{$alg}) {
+ $disabled_algorithms{$alg} = $1 eq "enable" ? 0 : 1;
+ }
}
+ }
if (!$libname) {
if ($do_ssl) {
- $libname="SSLEAY";
+ $libname="LIBSSL";
}
if ($do_crypto) {
- $libname="LIBEAY";
+ $libname="LIBCRYPTO";
}
}
# If no platform is given, assume WIN32
-if ($W32 + $VMS + $OS2 == 0) {
+if ($W32 + $VMS + $linux == 0) {
$W32 = 1;
}
+die "Please, only one platform at a time"
+ if ($W32 + $VMS + $linux > 1);
if (!$do_ssl && !$do_crypto)
{
- print STDERR "usage: $0 ( ssl | crypto ) [ 16 | 32 | NT | OS2 ]\n";
+ print STDERR "usage: $0 ( ssl | crypto ) [ 16 | 32 | NT | OS2 | linux | VMS ]\n";
exit(1);
}
$ssl.=" include/openssl/tls1.h";
$ssl.=" include/openssl/srtp.h";
+# We use headers found in include/openssl and include/internal only.
+# The latter is needed so libssl.so/.dll/.exe can link properly.
my $crypto ="include/openssl/crypto.h";
-$crypto.=" crypto/include/internal/cryptlib.h";
$crypto.=" include/internal/o_dir.h";
$crypto.=" include/internal/o_str.h";
+$crypto.=" include/internal/threads.h";
$crypto.=" include/openssl/des.h" ; # unless $no_des;
$crypto.=" include/openssl/idea.h" ; # unless $no_idea;
$crypto.=" include/openssl/rc4.h" ; # unless $no_rc4;
$crypto.=" include/openssl/dsa.h" ; # unless $no_dsa;
$crypto.=" include/openssl/dh.h" ; # unless $no_dh;
$crypto.=" include/openssl/ec.h" ; # unless $no_ec;
-$crypto.=" include/openssl/ecdsa.h" ; # unless $no_ecdsa;
-$crypto.=" include/openssl/ecdh.h" ; # unless $no_ecdh;
$crypto.=" include/openssl/hmac.h" ; # unless $no_hmac;
$crypto.=" include/openssl/cmac.h" ;
$crypto.=" include/openssl/stack.h" ; # unless $no_stack;
$crypto.=" include/openssl/buffer.h" ; # unless $no_buffer;
$crypto.=" include/openssl/bio.h" ; # unless $no_bio;
-$crypto.=" include/openssl/dso.h" ; # unless $no_dso;
+$crypto.=" include/internal/dso.h" ; # unless $no_dso;
$crypto.=" include/openssl/lhash.h" ; # unless $no_lhash;
$crypto.=" include/openssl/conf.h";
$crypto.=" include/openssl/txt_db.h";
$crypto.=" include/openssl/ocsp.h";
$crypto.=" include/openssl/ui.h";
#$crypto.=" include/openssl/store.h";
-$crypto.=" include/openssl/pqueue.h";
$crypto.=" include/openssl/cms.h";
-$crypto.=" include/openssl/jpake.h";
$crypto.=" include/openssl/srp.h";
$crypto.=" include/openssl/modes.h";
$crypto.=" include/openssl/async.h";
+$crypto.=" include/openssl/ct.h";
+$crypto.=" include/openssl/kdf.h";
my $symhacks="include/openssl/symhacks.h";
-my @ssl_symbols = &do_defs("SSLEAY", $ssl, $symhacks);
-my @crypto_symbols = &do_defs("LIBEAY", $crypto, $symhacks);
+my @ssl_symbols = &do_defs("LIBSSL", $ssl, $symhacks);
+my @crypto_symbols = &do_defs("LIBCRYPTO", $crypto, $symhacks);
if ($do_update) {
if ($do_ssl == 1) {
- &maybe_add_info("SSLEAY",*ssl_list,@ssl_symbols);
+ &maybe_add_info("LIBSSL",*ssl_list,@ssl_symbols);
if ($do_rewrite == 1) {
open(OUT, ">$ssl_num");
- &rewrite_numbers(*OUT,"SSLEAY",*ssl_list,@ssl_symbols);
+ &rewrite_numbers(*OUT,"LIBSSL",*ssl_list,@ssl_symbols);
} else {
open(OUT, ">>$ssl_num");
}
- &update_numbers(*OUT,"SSLEAY",*ssl_list,$max_ssl,@ssl_symbols);
+ &update_numbers(*OUT,"LIBSSL",*ssl_list,$max_ssl,@ssl_symbols);
close OUT;
}
if($do_crypto == 1) {
- &maybe_add_info("LIBEAY",*crypto_list,@crypto_symbols);
+ &maybe_add_info("LIBCRYPTO",*crypto_list,@crypto_symbols);
if ($do_rewrite == 1) {
open(OUT, ">$crypto_num");
- &rewrite_numbers(*OUT,"LIBEAY",*crypto_list,@crypto_symbols);
+ &rewrite_numbers(*OUT,"LIBCRYPTO",*crypto_list,@crypto_symbols);
} else {
open(OUT, ">>$crypto_num");
}
- &update_numbers(*OUT,"LIBEAY",*crypto_list,$max_crypto,@crypto_symbols);
+ &update_numbers(*OUT,"LIBCRYPTO",*crypto_list,$max_crypto,@crypto_symbols);
close OUT;
}
int main()
{
EOF
- &print_test_file(*STDOUT,"SSLEAY",*ssl_list,$do_ctestall,@ssl_symbols)
+ &print_test_file(*STDOUT,"LIBSSL",*ssl_list,$do_ctestall,@ssl_symbols)
if $do_ssl == 1;
- &print_test_file(*STDOUT,"LIBEAY",*crypto_list,$do_ctestall,@crypto_symbols)
+ &print_test_file(*STDOUT,"LIBCRYPTO",*crypto_list,$do_ctestall,@crypto_symbols)
if $do_crypto == 1;
print "}\n";
foreach $file (split(/\s+/,$symhacksfile." ".$files))
{
- print STDERR "DEBUG: starting on $file:\n" if $debug;
- open(IN,"<$file") || die "unable to open $file:$!\n";
+ my $fn = catfile($config{sourcedir},$file);
+ print STDERR "DEBUG: starting on $fn:\n" if $debug;
+ open(IN,"<$fn") || die "unable to open $fn:$!\n";
my $line = "", my $def= "";
my %tag = (
(map { $_ => 0 } @known_platforms),
print STDERR "DEBUG: parsing ----------\n" if $debug;
while(<IN>) {
if($parens > 0) {
- #Inside a DECLARE_DEPRECATED
+ #Inside a DEPRECATEDIN
$stored_multiline .= $_;
- chomp $stored_multiline;
- print STDERR "DEBUG: Continuing multiline DEPRECATED: $stored_multiline\n" if $debug;
+ $stored_multiline =~ s|\R$||; # Better chomp
+ print STDERR "DEBUG: Continuing multiline DEPRECATEDIN: $stored_multiline\n" if $debug;
$parens = count_parens($stored_multiline);
if ($parens == 0) {
- $stored_multiline =~ /^\s*DECLARE_DEPRECATED\s*\(\s*(\w*(\s|\*|\w)*)/;
- $def .= "$1(void);";
+ $def .= do_deprecated($stored_multiline,
+ \@current_platforms,
+ \@current_algorithms);
}
next;
}
}
if (/\\$/) {
- chomp; # remove eol
- chop; # remove ending backslash
- $line = $_;
+ $line = $`; # keep what was before the backslash
next;
}
$cpp++ if /^#\s*if/;
$cpp-- if /^#\s*endif/;
next;
- }
- $cpp = 1 if /^#.*ifdef.*cplusplus/;
+ }
+ if (/^#.*ifdef.*cplusplus/) {
+ $cpp = 1;
+ next;
+ }
s/{[^{}]*}//gs; # ignore {} blocks
print STDERR "DEBUG: \$def=\"$def\"\n" if $debug && $def ne "";
pop(@tag);
} elsif (/^\#\s*else/) {
my $tag_i = $#tag;
+ die "$file unmatched else\n" if $tag_i < 0;
while($tag[$tag_i] ne "-") {
my $t=$tag[$tag_i];
$tag{$t}= -$tag{$t};
push(@tag,"TRUE");
$tag{"TRUE"}=-1;
print STDERR "DEBUG: $file: found 0\n" if $debug;
+ } elsif (/^\#\s*if\s+/) {
+ #Some other unrecognized "if" style
+ push(@tag,"-");
} elsif (/^\#\s*define\s+(\w+)\s+(\w+)/
&& $symhacking && $tag{'TRUE'} != -1) {
# This is for aliasing. When we find an alias,
next;
}
if ($tag{'TRUE'} != -1) {
- if (/^\s*DECLARE_STACK_OF\s*\(\s*(\w*)\s*\)/) {
+ if (/^\s*DEFINE_STACK_OF\s*\(\s*(\w*)\s*\)/
+ || /^\s*DEFINE_STACK_OF_CONST\s*\(\s*(\w*)\s*\)/) {
next;
} elsif (/^\s*DECLARE_ASN1_ENCODE_FUNCTIONS\s*\(\s*(\w*)\s*,\s*(\w*)\s*,\s*(\w*)\s*\)/) {
$def .= "int d2i_$3(void);";
&$make_variant("_shadow_$2","_shadow_$2",
"EXPORT_VAR_AS_FUNCTION",
"FUNCTION");
- } elsif (/^\s*DECLARE_DEPRECATED\s*\(\s*(\w*(\s|\*|\w)*)/) {
+ } elsif (/^\s*DEPRECATEDIN/) {
$parens = count_parens($_);
if ($parens == 0) {
- $def .= "$1(void);";
+ $def .= do_deprecated($_,
+ \@current_platforms,
+ \@current_algorithms);
} else {
$stored_multiline = $_;
- chomp $stored_multiline;
- print STDERR "DEBUG: Found multiline DEPRECATED starting with: $stored_multiline\n" if $debug;
+ $stored_multiline =~ s|\R$||;
+ print STDERR "DEBUG: Found multiline DEPRECATEDIN starting with: $stored_multiline\n" if $debug;
next;
}
} elsif ($tag{'CONST_STRICT'} != 1) {
}
}
close(IN);
+ die "$file: Unmatched tags\n" if $#tag >= 0;
my $algs;
my $plays;
$p = $plats;
$a = $algs;
- $a .= ",BF" if($s =~ /EVP_bf/);
- $a .= ",CAST" if($s =~ /EVP_cast/);
- $a .= ",DES" if($s =~ /EVP_des/);
- $a .= ",DSA" if($s =~ /EVP_dss/);
- $a .= ",IDEA" if($s =~ /EVP_idea/);
- $a .= ",MD2" if($s =~ /EVP_md2/);
- $a .= ",MD4" if($s =~ /EVP_md4/);
- $a .= ",MD5" if($s =~ /EVP_md5/);
- $a .= ",RC2" if($s =~ /EVP_rc2/);
- $a .= ",RC4" if($s =~ /EVP_rc4/);
- $a .= ",RC5" if($s =~ /EVP_rc5/);
- $a .= ",RMD160" if($s =~ /EVP_ripemd/);
- $a .= ",RSA" if($s =~ /EVP_(Open|Seal)(Final|Init)/);
- $a .= ",RSA" if($s =~ /PEM_Seal(Final|Init|Update)/);
- $a .= ",RSA" if($s =~ /RSAPrivateKey/);
- $a .= ",RSA" if($s =~ /SSLv23?_((client|server)_)?method/);
$platform{$s} =
&reduce_platforms((defined($platform{$s})?$platform{$s}.',':"").$p);
return $ret;
}
-sub info_string {
+sub info_string
+{
(my $symbol, my $exist, my $platforms, my $kind, my $algorithms) = @_;
my %a = defined($algorithms) ?
return $ret;
}
-sub maybe_add_info {
+sub maybe_add_info
+{
(my $name, *nums, my @symbols) = @_;
my $sym;
my $new_info = 0;
my %syms=();
- print STDERR "Updating $name info\n";
foreach $sym (@symbols) {
(my $s, my $i) = split /\\/, $sym;
if (defined($nums{$s})) {
$i =~ s/^(.*?:.*?:\w+)(\(\w+\))?/$1/;
- (my $n, my $dummy) = split /\\/, $nums{$s};
+ (my $n, my $vers, my $dummy) = split /\\/, $nums{$s};
if (!defined($dummy) || $i ne $dummy) {
- $nums{$s} = $n."\\".$i;
+ $nums{$s} = $n."\\".$vers."\\".$i;
$new_info++;
print STDERR "DEBUG: maybe_add_info for $s: \"$dummy\" => \"$i\"\n" if $debug;
}
my @s=sort { &parse_number($nums{$a},"n") <=> &parse_number($nums{$b},"n") } keys %nums;
foreach $sym (@s) {
- (my $n, my $i) = split /\\/, $nums{$sym};
+ (my $n, my $vers, my $i) = split /\\/, $nums{$sym};
if (!defined($syms{$sym}) && $i !~ /^NOEXIST:/) {
$new_info++;
print STDERR "DEBUG: maybe_add_info for $sym: -> undefined\n" if $debug;
}
}
if ($new_info) {
- print STDERR "$new_info old symbols got an info update\n";
+ print STDERR "$name: $new_info old symbols have updated info\n";
if (!$do_rewrite) {
print STDERR "You should do a rewrite to fix this.\n";
}
} else {
- print STDERR "No old symbols needed info update\n";
}
}
if ($keyword eq "VMS" && $VMS) { return 1; }
if ($keyword eq "WIN32" && $W32) { return 1; }
if ($keyword eq "WINNT" && $NT) { return 1; }
- if ($keyword eq "OS2" && $OS2) { return 1; }
# Special platforms:
# EXPORT_VAR_AS_FUNCTION means that global variables
# will be represented as functions. This currently
if ($keyword eq "EXPORT_VAR_AS_FUNCTION" && ($VMSVAX || $W32)) {
return 1;
}
- if ($keyword eq "OPENSSL_FIPSCAPABLE") {
- return 0;
- }
- if ($keyword eq "OPENSSL_FIPS" && $fips) {
- return 1;
- }
if ($keyword eq "ZLIB" && $zlib) { return 1; }
return 0;
} else {
# algorithms
- if ($keyword eq "RC2" && $no_rc2) { return 0; }
- if ($keyword eq "RC4" && $no_rc4) { return 0; }
- if ($keyword eq "RC5" && $no_rc5) { return 0; }
- if ($keyword eq "IDEA" && $no_idea) { return 0; }
- if ($keyword eq "DES" && $no_des) { return 0; }
- if ($keyword eq "BF" && $no_bf) { return 0; }
- if ($keyword eq "CAST" && $no_cast) { return 0; }
- if ($keyword eq "MD2" && $no_md2) { return 0; }
- if ($keyword eq "MD4" && $no_md4) { return 0; }
- if ($keyword eq "MD5" && $no_md5) { return 0; }
- if ($keyword eq "SHA" && $no_sha) { return 0; }
- if ($keyword eq "RMD160" && $no_ripemd) { return 0; }
- if ($keyword eq "MDC2" && $no_mdc2) { return 0; }
- if ($keyword eq "WHIRLPOOL" && $no_whirlpool) { return 0; }
- if ($keyword eq "RSA" && $no_rsa) { return 0; }
- if ($keyword eq "DSA" && $no_dsa) { return 0; }
- if ($keyword eq "DH" && $no_dh) { return 0; }
- if ($keyword eq "EC" && $no_ec) { return 0; }
- if ($keyword eq "ECDSA" && $no_ecdsa) { return 0; }
- if ($keyword eq "ECDH" && $no_ecdh) { return 0; }
- if ($keyword eq "AES" && $no_aes) { return 0; }
- if ($keyword eq "CAMELLIA" && $no_camellia) { return 0; }
- if ($keyword eq "SEED" && $no_seed) { return 0; }
- if ($keyword eq "SCRYPT" && $no_scrypt) { return 0; }
- if ($keyword eq "EVP" && $no_evp) { return 0; }
- if ($keyword eq "LHASH" && $no_lhash) { return 0; }
- if ($keyword eq "STACK" && $no_stack) { return 0; }
- if ($keyword eq "ERR" && $no_err) { return 0; }
- if ($keyword eq "BUFFER" && $no_buffer) { return 0; }
- if ($keyword eq "BIO" && $no_bio) { return 0; }
- if ($keyword eq "COMP" && $no_comp) { return 0; }
- if ($keyword eq "DSO" && $no_dso) { return 0; }
- if ($keyword eq "ENGINE" && $no_engine) { return 0; }
- if ($keyword eq "HW" && $no_hw) { return 0; }
- if ($keyword eq "FP_API" && $no_fp_api) { return 0; }
- if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; }
- if ($keyword eq "GMP" && $no_gmp) { return 0; }
- if ($keyword eq "SCT" && $no_sct) { return 0; }
- if ($keyword eq "RFC3779" && $no_rfc3779) { return 0; }
- if ($keyword eq "PSK" && $no_psk) { return 0; }
- if ($keyword eq "CMS" && $no_cms) { return 0; }
- if ($keyword eq "EC_NISTP_64_GCC_128" && $no_nistp_gcc)
- { return 0; }
- if ($keyword eq "EC2M" && $no_ec2m) { return 0; }
- if ($keyword eq "NEXTPROTONEG" && $no_nextprotoneg) { return 0; }
- if ($keyword eq "SSL3_METHOD" && $no_ssl3_method) { return 0; }
- if ($keyword eq "SSL_TRACE" && $no_ssl_trace) { return 0; }
- if ($keyword eq "CAPIENG" && $no_capieng) { return 0; }
- if ($keyword eq "JPAKE" && $no_jpake) { return 0; }
- if ($keyword eq "SRP" && $no_srp) { return 0; }
- if ($keyword eq "SCTP" && $no_sctp) { return 0; }
- if ($keyword eq "SRTP" && $no_srtp) { return 0; }
- if ($keyword eq "UNIT_TEST" && $no_unit_test) { return 0; }
- if ($keyword eq "DEPRECATED" && $no_deprecated) { return 0; }
- if ($keyword eq "OCB" && $no_ocb) { return 0; }
+ if ($disabled_algorithms{$keyword} == 1) { return 0;}
# Nothing recognise as true
return 1;
}
$prev = $s2; # To warn about duplicates...
- ($nn,$ni)=($nums{$s2} =~ /^(.*?)\\(.*)$/);
+ (my $nn, my $vers, my $ni) = split /\\/, $nums{$s2};
if ($v) {
print OUT "\textern int $s2; /* type unknown */ /* $nn $ni */\n";
} else {
}
}
-sub get_version {
- local *MF;
- my $v = '?';
- open MF, 'Makefile' or return $v;
- while (<MF>) {
- $v = $1, last if /^VERSION=(.*?)\s*$/;
- }
- close MF;
- return $v;
+sub get_version
+{
+ return $config{version};
}
sub print_def_file
my $version = get_version();
my $what = "OpenSSL: implementation of Secure Socket Layer";
my $description = "$what $version, $name - http://$http_vendor";
+ my $prevsymversion = "", $prevprevsymversion = "";
+ # For VMS
+ my $prevnum = 0;
+ my $symvtextcount = 0;
if ($W32)
{ $libname.="32"; }
- elsif ($OS2)
- { # DLL names should not clash on the whole system.
- # However, they should not have any particular relationship
- # to the name of the static library. Chose descriptive names
- # (must be at most 8 chars).
- my %translate = (ssl => 'open_ssl', crypto => 'cryptssl');
- $libname = $translate{$name} || $name;
- $liboptions = <<EOO;
-INITINSTANCE
-DATA MULTIPLE NONSHARED
-EOO
- # Vendor field can't contain colon, drat; so we omit http://
- $description = "\@#$http_vendor:$version#\@$what; DLL for library $name. Build for EMX -Zmtd";
- }
- print OUT <<"EOF";
+ if ($W32)
+ {
+ print OUT <<"EOF";
;
; Definition file for the DLL version of the $name library from OpenSSL
;
EOF
- print "EXPORTS\n";
+ print "EXPORTS\n";
+ }
+ elsif ($VMS)
+ {
+ print OUT <<"EOF";
+CASE_SENSITIVE=YES
+SYMBOL_VECTOR=(-
+EOF
+ $symvtextcount = 16; # length of "SYMBOL_VECTOR=(-"
+ }
- (@e)=grep(/^SSLeay(\{[0-9]+\})?\\.*?:.*?:FUNCTION/,@symbols);
- (@r)=grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:FUNCTION/ && !/^SSLeay(\{[0-9]+\})?\\.*?:.*?:FUNCTION/,@symbols);
+ (@r)=grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:FUNCTION/,@symbols);
(@v)=grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:VARIABLE/,@symbols);
- @symbols=((sort @e),(sort @r), (sort @v));
-
-
- foreach $sym (@symbols) {
- (my $s, my $i) = $sym =~ /^(.*?)\\(.*)$/;
- my $v = 0;
- $v = 1 if $i =~ /^.*?:.*?:VARIABLE/;
- if (!defined($nums{$s})) {
- printf STDERR "Warning: $s does not have a number assigned\n"
- if(!$do_update);
+ if ($VMS) {
+ # VMS needs to have the symbols on slot number order
+ @symbols=(map { $_->[1] }
+ sort { $a->[0] <=> $b->[0] }
+ map { (my $s, my $i) = $_ =~ /^(.*?)\\(.*)$/;
+ die "Error: $s doesn't have a number assigned\n"
+ if !defined($nums{$s});
+ (my $n, my @rest) = split /\\/, $nums{$s};
+ [ $n, $_ ] } (@e, @r, @v));
+ } else {
+ @symbols=((sort @e),(sort @r), (sort @v));
+ }
+
+ my ($baseversion, $currversion) = get_openssl_version();
+ my $thisversion;
+ do {
+ if (!defined($thisversion)) {
+ $thisversion = $baseversion;
} else {
- (my $n, my $dummy) = split /\\/, $nums{$s};
- my %pf = ();
- my $p = ($i =~ /^[^:]*:([^:]*):/,$1);
- my $a = ($i =~ /^[^:]*:[^:]*:[^:]*:([^:]*)/,$1);
- if (is_valid($p,1) && is_valid($a,0)) {
- my $s2 = ($s =~ /^(.*?)(\{[0-9]+\})?$/, $1);
- if ($prev eq $s2) {
- print STDERR "Warning: Symbol '",$s2,"' redefined. old=",($nums{$prev} =~ /^(.*?)\\/,$1),", new=",($nums{$s2} =~ /^(.*?)\\/,$1),"\n";
- }
- $prev = $s2; # To warn about duplicates...
- if($v && !$OS2) {
- printf OUT " %s%-39s @%-8d DATA\n",($W32)?"":"_",$s2,$n;
- } else {
- printf OUT " %s%-39s @%d\n",($W32||$OS2)?"":"_",$s2,$n;
+ $thisversion = get_next_version($thisversion);
+ }
+ foreach $sym (@symbols) {
+ (my $s, my $i) = $sym =~ /^(.*?)\\(.*)$/;
+ my $v = 0;
+ $v = 1 if $i =~ /^.*?:.*?:VARIABLE/;
+ if (!defined($nums{$s})) {
+ die "Error: $s does not have a number assigned\n"
+ if(!$do_update);
+ } else {
+ (my $n, my $symversion, my $dummy) = split /\\/, $nums{$s};
+ next if $symversion ne $thisversion;
+ my %pf = ();
+ my $p = ($i =~ /^[^:]*:([^:]*):/,$1);
+ my $a = ($i =~ /^[^:]*:[^:]*:[^:]*:([^:]*)/,$1);
+ if (is_valid($p,1) && is_valid($a,0)) {
+ my $s2 = ($s =~ /^(.*?)(\{[0-9]+\})?$/, $1);
+ if ($prev eq $s2) {
+ print STDERR "Warning: Symbol '",$s2,
+ "' redefined. old=",($nums{$prev} =~ /^(.*?)\\/,$1),
+ ", new=",($nums{$s2} =~ /^(.*?)\\/,$1),"\n";
+ }
+ $prev = $s2; # To warn about duplicates...
+ if($linux) {
+ if ($symversion ne $prevsymversion) {
+ if ($prevsymversion ne "") {
+ if ($prevprevsymversion ne "") {
+ print OUT "} OPENSSL_"
+ ."$prevprevsymversion;\n\n";
+ } else {
+ print OUT "};\n\n";
+ }
+ }
+ print OUT "OPENSSL_$symversion {\n global:\n";
+ $prevprevsymversion = $prevsymversion;
+ $prevsymversion = $symversion;
+ }
+ print OUT " $s2;\n";
+ } elsif ($VMS) {
+ while(++$prevnum < $n) {
+ my $symline=" ,SPARE -\n ,SPARE -\n";
+ if ($symvtextcount + length($symline) - 2 > 1024) {
+ print OUT ")\nSYMBOL_VECTOR=(-\n";
+ $symvtextcount = 16; # length of "SYMBOL_VECTOR=(-"
+ }
+ if ($symvtextcount == 16) {
+ # Take away first comma
+ $symline =~ s/,//;
+ }
+ print OUT $symline;
+ $symvtextcount += length($symline) - 2;
+ }
+ (my $s_uc = $s) =~ tr/a-z/A-Z/;
+ my $symtype=
+ $v ? "DATA" : "PROCEDURE";
+ my $symline=
+ ($s_uc ne $s
+ ? " ,$s_uc/$s=$symtype -\n ,$s=$symtype -\n"
+ : " ,$s=$symtype -\n ,SPARE -\n");
+ if ($symvtextcount + length($symline) - 2 > 1024) {
+ print OUT ")\nSYMBOL_VECTOR=(-\n";
+ $symvtextcount = 16; # length of "SYMBOL_VECTOR=(-"
+ }
+ if ($symvtextcount == 16) {
+ # Take away first comma
+ $symline =~ s/,//;
+ }
+ print OUT $symline;
+ $symvtextcount += length($symline) - 2;
+ } elsif($v) {
+ printf OUT " %s%-39s @%-8d DATA\n",
+ ($W32)?"":"_",$s2,$n;
+ } else {
+ printf OUT " %s%-39s @%d\n",
+ ($W32)?"":"_",$s2,$n;
+ }
}
}
}
- }
+ } while ($thisversion ne $currversion);
+ if ($linux) {
+ if ($prevprevsymversion ne "") {
+ print OUT " local: *;\n} OPENSSL_$prevprevsymversion;\n\n";
+ } else {
+ print OUT " local: *;\n};\n\n";
+ }
+ } elsif ($VMS) {
+ print OUT ")\n";
+ (my $libvmaj, my $libvmin, my $libvedit) =
+ $currversion =~ /^(\d+)_(\d+)_(\d+)$/;
+ # The reason to multiply the edit number with 100 is to make space
+ # for the possibility that we want to encode the patch letters
+ print OUT "GSMATCH=LEQUAL,",($libvmaj * 100 + $libvmin),",",($libvedit * 100),"\n";
+ }
printf OUT "\n";
}
{
my($name)=@_;
my(@a,%ret);
+ my $prevversion;
$max_num = 0;
$num_noinfo = 0;
$prev = "";
$prev_cnt = 0;
+ my ($baseversion, $currversion) = get_openssl_version();
+
open(IN,"<$name") || die "unable to open $name:$!\n";
while (<IN>) {
- chop;
+ s|\R$||; # Better chomp
s/#.*$//;
next if /^\s*$/;
@a=split;
$ret{$a[0]}=$a[1];
$num_noinfo++;
} else {
- $ret{$a[0]}=$a[1]."\\".$a[2]; # \\ is a special marker
+ #Sanity check the version number
+ if (defined $prevversion) {
+ check_version_lte($prevversion, $a[2]);
+ }
+ check_version_lte($a[2], $currversion);
+ $prevversion = $a[2];
+ $ret{$a[0]}=$a[1]."\\".$a[2]."\\".$a[3]; # \\ is a special marker
}
$max_num = $a[1] if $a[1] > $max_num;
$prev=$a[0];
sub parse_number
{
(my $str, my $what) = @_;
- (my $n, my $i) = split(/\\/,$str);
+ (my $n, my $v, my $i) = split(/\\/,$str);
if ($what eq "n") {
return $n;
} else {
(*OUT,$name,*nums,@symbols)=@_;
my $thing;
- print STDERR "Rewriting $name\n";
-
my @r = grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:\w+\(\w+\)/,@symbols);
my $r; my %r; my %rsyms;
foreach $r (@r) {
|| $a cmp $b
} keys %nums;
foreach $sym (@s) {
- (my $n, my $i) = split /\\/, $nums{$sym};
+ (my $n, my $vers, my $i) = split /\\/, $nums{$sym};
next if defined($i) && $i =~ /^.*?:.*?:\w+\(\w+\)/;
next if defined($rsyms{$sym});
print STDERR "DEBUG: rewrite_numbers for sym = ",$sym,": i = ",$i,", n = ",$n,", rsym{sym} = ",$rsyms{$sym},"syms{sym} = ",$syms{$sym},"\n" if $debug;
if !defined($i) || $i eq "" || !defined($syms{$sym});
my $s2 = $sym;
$s2 =~ s/\{[0-9]+\}$//;
- printf OUT "%s%-39s %d\t%s\n","",$s2,$n,$i;
+ printf OUT "%s%-39s %d\t%s\t%s\n","",$s2,$n,$vers,$i;
if (exists $r{$sym}) {
(my $s, $i) = split /\\/,$r{$sym};
my $s2 = $s;
$s2 =~ s/\{[0-9]+\}$//;
- printf OUT "%s%-39s %d\t%s\n","",$s2,$n,$i;
+ printf OUT "%s%-39s %d\t%s\t%s\n","",$s2,$n,$vers,$i;
}
}
}
{
(*OUT,$name,*nums,my $start_num, my @symbols)=@_;
my $new_syms = 0;
+ my $basevers;
+ my $vers;
- print STDERR "Updating $name numbers\n";
+ ($basevers, $vers) = get_openssl_version();
my @r = grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:\w+\(\w+\)/,@symbols);
my $r; my %r; my %rsyms;
next if defined($rsyms{$sym});
die "ERROR: Symbol $sym had no info attached to it."
if $i eq "";
- next if $i =~ /OPENSSL_FIPSCAPABLE/;
if (!exists $nums{$s}) {
$new_syms++;
my $s2 = $s;
$s2 =~ s/\{[0-9]+\}$//;
- printf OUT "%s%-39s %d\t%s\n","",$s2, ++$start_num,$i;
+ printf OUT "%s%-39s %d\t%s\t%s\n","",$s2, ++$start_num,$vers,$i;
if (exists $r{$s}) {
($s, $i) = split /\\/,$r{$s};
$s =~ s/\{[0-9]+\}$//;
- printf OUT "%s%-39s %d\t%s\n","",$s, $start_num,$i;
+ printf OUT "%s%-39s %d\t%s\t%s\n","",$s, $start_num,$vers,$i;
}
}
}
if($new_syms) {
- print STDERR "$new_syms New symbols added\n";
+ print STDERR "$name: Added $new_syms new symbols\n";
} else {
- print STDERR "No New symbols Added\n";
+ print STDERR "$name: No new symbols added\n";
}
}
return $open - $close;
}
+#Parse opensslv.h to get the current version number. Also work out the base
+#version, i.e. the lowest version number that is binary compatible with this
+#version
+sub get_openssl_version()
+{
+ my $fn = catfile($config{sourcedir},"include","openssl","opensslv.h");
+ open (IN, "$fn") || die "Can't open opensslv.h";
+
+ while(<IN>) {
+ if (/OPENSSL_VERSION_TEXT\s+"OpenSSL (\d\.\d\.)(\d[a-z]*)(-| )/) {
+ my $suffix = $2;
+ (my $baseversion = $1) =~ s/\./_/g;
+ close IN;
+ return ($baseversion."0", $baseversion.$suffix);
+ }
+ }
+ die "Can't find OpenSSL version number\n";
+}
+
+#Given an OpenSSL version number, calculate the next version number. If the
+#version number gets to a.b.czz then we go to a.b.(c+1)
+sub get_next_version()
+{
+ my $thisversion = shift;
+
+ my ($base, $letter) = $thisversion =~ /^(\d_\d_\d)([a-z]{0,2})$/;
+
+ if ($letter eq "zz") {
+ my $lastnum = substr($base, -1);
+ return substr($base, 0, length($base)-1).(++$lastnum);
+ }
+ return $base.get_next_letter($letter);
+}
+
+#Given the letters off the end of an OpenSSL version string, calculate what
+#the letters for the next release would be.
+sub get_next_letter()
+{
+ my $thisletter = shift;
+ my $baseletter = "";
+ my $endletter;
+
+ if ($thisletter eq "") {
+ return "a";
+ }
+ if ((length $thisletter) > 1) {
+ ($baseletter, $endletter) = $thisletter =~ /([a-z]+)([a-z])/;
+ } else {
+ $endletter = $thisletter;
+ }
+
+ if ($endletter eq "z") {
+ return $thisletter."a";
+ } else {
+ return $baseletter.(++$endletter);
+ }
+}
+
+#Check if a version is less than or equal to the current version. Its a fatal
+#error if not. They must also only differ in letters, or the last number (i.e.
+#the first two numbers must be the same)
+sub check_version_lte()
+{
+ my ($testversion, $currversion) = @_;
+ my $lentv;
+ my $lencv;
+ my $cvbase;
+
+ my ($cvnums) = $currversion =~ /^(\d_\d_\d)[a-z]*$/;
+ my ($tvnums) = $testversion =~ /^(\d_\d_\d)[a-z]*$/;
+
+ #Die if we can't parse the version numbers or they don't look sane
+ die "Invalid version number: $testversion and $currversion\n"
+ if (!defined($cvnums) || !defined($tvnums)
+ || length($cvnums) != 5
+ || length($tvnums) != 5);
+
+ #If the base versions (without letters) don't match check they only differ
+ #in the last number
+ if ($cvnums ne $tvnums) {
+ die "Invalid version number: $testversion "
+ ."for current version $currversion\n"
+ if (substr($cvnums, -1) < substr($tvnums, -1)
+ || substr($cvnums, 0, 4) ne substr($tvnums, 0, 4));
+ return;
+ }
+ #If we get here then the base version (i.e. the numbers) are the same - they
+ #only differ in the letters
+
+ $lentv = length $testversion;
+ $lencv = length $currversion;
+
+ #If the testversion has more letters than the current version then it must
+ #be later (or malformed)
+ if ($lentv > $lencv) {
+ die "Invalid version number: $testversion "
+ ."is greater than $currversion\n";
+ }
+
+ #Get the last letter from the current version
+ my ($cvletter) = $currversion =~ /([a-z])$/;
+ if (defined $cvletter) {
+ ($cvbase) = $currversion =~ /(\d_\d_\d[a-z]*)$cvletter$/;
+ } else {
+ $cvbase = $currversion;
+ }
+ die "Unable to parse version number $currversion" if (!defined $cvbase);
+ my $tvbase;
+ my ($tvletter) = $testversion =~ /([a-z])$/;
+ if (defined $tvletter) {
+ ($tvbase) = $testversion =~ /(\d_\d_\d[a-z]*)$tvletter$/;
+ } else {
+ $tvbase = $testversion;
+ }
+ die "Unable to parse version number $testversion" if (!defined $tvbase);
+
+ if ($lencv > $lentv) {
+ #If current version has more letters than testversion then testversion
+ #minus the final letter must be a substring of the current version
+ die "Invalid version number $testversion "
+ ."is greater than $currversion or is invalid\n"
+ if (index($cvbase, $tvbase) != 0);
+ } else {
+ #If both versions have the same number of letters then they must be
+ #equal up to the last letter, and the last letter in testversion must
+ #be less than or equal to the last letter in current version.
+ die "Invalid version number $testversion "
+ ."is greater than $currversion\n"
+ if (($cvbase ne $tvbase) && ($tvletter gt $cvletter));
+ }
+}
+
+sub do_deprecated()
+{
+ my ($decl, $plats, $algs) = @_;
+ $decl =~ /^\s*(DEPRECATEDIN_\d+_\d+_\d+)\s*\((.*)\)\s*$/
+ or die "Bad DEPRECTEDIN: $decl\n";
+ my $info1 .= "#INFO:";
+ $info1 .= join(',', @{$plats}) . ":";
+ my $info2 = $info1;
+ $info1 .= join(',',@{$algs}, $1) . ";";
+ $info2 .= join(',',@{$algs}) . ";";
+ return $info1 . $2 . ";" . $info2;
+}